2018 – The year of the GDPR, and still, data breaches are occurring at an alarming rate.
We started the year with the continuing drama surrounding web services provider, Yahoo. As most will be aware, Yahoo have recently been in hot water after it was discovered that they have been responsible for data breaches compromising three billion users’ email accounts – which is suggested to be by far the biggest data breach of all time.
Crucially in this case, Yahoo have been accused of taking too long to notify its users (data loss figures were known by the organisation for over a year before being disclosed), with a judge ruling that “users may have acted differently had the company been more forthcoming about the breaches”. Unfortunately for Yahoo, this lack of timely disclosure has led to compromised users being able to sue the web giant.
Under the GDPR, which will be implemented in just over a months’ time, companies will be obligated to report breaches within 72 hours of becoming aware, therefore limiting cases such as this, where compromised data has been swept under the carpet for a lengthy amount of time.
As an added layer of protection, new legislation will also require privacy by design, meaning data protection must now be considered from the outset when designing and developing a process around new products, or services that involve processing personal data.
More recently, a name familiar to most worldwide, have found themselves at the centre of a data breach scandal: Facebook. The breach has affected not just the reported 87 million users, but also the company’s reputation. Some users have decided they can no longer trust the social media service, and as a result have decided to delete their account (Apple co-founder Steve Wozniak included). This kind of lack of trust from consumers is just one of the many consequences experienced by companies who suffer data breaches, but can often be one of the most damaging.
Not only are they damaging to the company reputation, breaches can also be extremely costly. When the Facebook breach was announced, the company share value plummeted by more than $50 billion. When the GDPR is implemented, companies that experience a breach won’t just have to worry about their share values dropping, but the dramatically increased fines that are to be introduced. The current maximum fine is £500,000, this will rise to €20 million or 4% of the company’s global turnover – whichever is the higher, come May 25th.
Making sure your organisation has an effective security ecosystem, using best-of-breed technologies to ensure your sensitive data is protected throughout the organisation is no longer a “nice to have”, but a “must have”. With the cost of a data breach about to become so high, there’s still time to put the appropriate protective measures in place, so surely it’s time to make the investment?