Skip to main content

AREN'T THEY LUCKY ITS NOT 2018!!


There is no such thing as a GDPR expert, they simply don’t exist, the changes are too wide ranging and grey to be understood and then explained to a proficient standard.

There are however people who are qualified to offer educated interpretation of what GDPR will mean for businesses in the UK and in fact the rest of the world.

I am not one of those people, I understand tranches of GDPR effects, limitation and fines, however I would not be able to advise outside of an insurance capacity.

What little I do know however is that when GDPR kicks in next year, there will be fines and penalties galore (Up to €20,000,000 or global turnover to be precise), starting with the bigger entities and trickling down.



Gloucester City council was recently fined £100,000 for the loss of 30,000 emails.

"Gloucester City Council fined £100k over mailbox hack

A council has been fined £100,000 after 30,000 emails containing sensitive information were downloaded.

The Information Commissioner's Office (ICO) issued the fine to Gloucester City Council after a cyber attack by the group Anonymous.

Sally Anne Poole, from the ICO, said the lapse was a "serious oversight".

The council said it took "swift and reasonable steps" in 2014 as soon as it was alerted to the vulnerability, adding it is considering an appeal.

Managing director of the council, Jon McGinty said he believed the penalty issued by the ICO will have a "serious and detrimental" impact on the authority's finances.
"The council did account for the risk of this potential fine in its accounts for 2016-17 but, nevertheless, its payment will only result in money being taken away from the people of Gloucester and given to Treasury," he added.

The ICO found the council did not have sufficient processes in place to make sure its systems had been updated while changes to suppliers were made.

Ms Poole said: "The council should have known that, in the wrong hands, this type of sensitive information could cause substantial distress to staff.

"Businesses and organisations must understand they need to do everything they can to keep people's personal information safe and that includes being extra vigilant during periods of change or uncertainty."


Had this had occurred in after May 2018 a few things would have happened differently. For one the incident would have had to be declared within 72 hours of the discovery of the breach. Secondly, the fines would have been substantially larger and open to far more investigation.

Interestingly, the saving grace for the council was simply that this was discovered and bought to a close before the time frame of the GDPR changes taking place.

From an insurance perspective, the important point to note is "The ICO found the council did not have sufficient processes in place to make sure its systems had been updated while changes to suppliers were made."

If the council had kept security protocols up to date, patched in a timely manner, educated staff proficiently and had an underlying Cyber Liability policy in place, not only would this risk of this event occurring been reduced significantly, but the fine would have also been reduced due to the level of precaution taken by the council.

Don't just prepare yourself for GDPR, future proof yourself for an inevitable breach, the risk is knocking on your door right now. Promote IT issues to a board level issue and invest in all your systems as well as the right insurance package.



Tristan Antrobus-Holder
Client Relationship Manager - James Hallam



Comments

Post a Comment

Popular posts from this blog

TESCO BANK ATTACK: THE FIRST PUBLIC BANK HACK?

High profile hacks have happened before, we've all read about Talk Talk, Ashley Madison and Sony. We all know the words on every business leaders lips are currently Cyber, Data protection and Ranson-ware. So why is the Tesco hack any different? Why should we take notice of this attack more than any of the above incidents? Quite simply becuase this is the  first time that a UK bank has reacted so publicly by stopping some types of transactions on a web banking system because of "online criminal activity". Banks are targeted all the time but typically those attacks just hit a few individuals, so do not bring about a site closure. In this case, as far as we can tell, a lot of people lost cash very quickly. You've probably read about the Natwest bank errors that lead to the public being unable to withdraw cash or pay direct debits, this is well known to insiders as an organised international hack attempt on the Natwest servers, easier to simply turn off the ...
Post a Comment
Read more
Introductions Hello everyone,  Welcome to Tristan Insures, hopefully you're here because you were directed from Linkedin or Twitter, if however you were looking for something or someone else, please stay, we have a fountain of " insider " Insurance information to discuss! My name is Tristan, I work for an Independent Insurance Broker in central Birmingham. This blog is an opportunity for me to discuss all things Business and Birmingham. I'll be bringing breaking insurance news, insider information on the best and worst of the market, sprinkled with some useless Birmingham gossip. So keep your eyes peeled and ears open, if you get any scoops, send them my way and hopefully enjoy the read! - Tristan  Tristan is the Client Relationship Manager for James Hallam Brokers ltd Birmingham
Post a Comment
Read more

UK Tech Clusters - Top 10

Did you know that 58,000 of 320,000 UK businesses are classed as Tech Businesses*? There are more than 1,500,000 "digital tech" jobs in the UK. The sector is said to be growing faster in terms of turnover and productivity than the wider economy. It's fascinating to see Birmingham sitting in 5th place behind the likes of Reading, Bristol and Bath, however I believe this is a bit of a misnomer as the scoring doesnt take into account Malven, Worcester and Leicester being satelites of Birmingham itself. If we include them in Birmingham's statistics it brings the number of tech jobs up to 43,000 just behind Manchester in 3rd. It's also interesting to see how Birmingham has achieved its position without the help of a large multinational in its midst, unlike Bristol, Bath, Reading etc who feature the likes of Amazon, Google and HP. Anyway, the full list, provided by the BBC is listed below: London Digital tech jobs: 328,000 Tech jobs per 10...
Post a Comment
Read more