by Katrina Greenwood | Apr 26, 2016 | Views
The EU’s General Data Protection Regulations (GDPR) are some of the most important regulations in terms of data security. Christopher Graham, The UK Information Commissioner, stated the following at the ICO’s annual Data Protection Practitioners’ Conference in March 2016. “The EU data protection reforms promise to be the biggest shake up for consumers’ data protection rights for three decades.” The regulations are expected to harmonise data protection legislation across Europe, as well as increasing the shock of failing to comply. The GDPR will raise the level of fines for companies who have data breaches to heights of €20m or up to 4% of annual global turnover. These regulations are a way off however, they have been released now and are given a 2year transition period, which means they are not becoming legally binding until latest summer 2018. This is to allow companies to adjust and prepare before these fines could blow up businesses that fail to comply. “Now, now,” you might be saying, “What if we leave Europe?“. What will they have over British companies then? Unfortunately we won’t be escaping that easily. Any company that engages with European customers will be forced to comply with European legislation. So the choice is to exclude one of the most accessible markets to us today, or to abide by these regulations. Luckily for businesses that handle card data there are some simple solutions to compliantly handling payment card and personal data. If you are worried how these regulations will affect your company then feel free to get in touch with us at Compliance3. We are here to guide you through every step of the...
by Bob | Oct 19, 2015 | Views
By John Greenwood – Director, Compliance3 Why do breaches happen? Data breaches happen simply because organisations have failed to maintain adequate security in three areas: people, processes and technology. People are the weakest link. According to Ponemon in the 2014 “Cost of Data Breach Report,” negligence or human error was the primary root cause of data breaches. Forty percent of incidents involved a negligent employee or contractor (human factor), the root cause of 38 percent of incidents involved a malicious or criminal attack and 22 percent experienced system glitches, including a combination of both IT and business process failures. Most breaches occur because people have not followed policies set by their employer and their employer has not focused enough, at the most senior level, to implement and maintain robust security and compliance policies. Such negligence not only costs business in terms of lost revenue, but is also career limiting for those involved. The massive breach of the Target US retail chain in November and December 2014 led to the dismissals of both Target’s CIO and CEO. According to a US Senate report on the breach, “Target managers missed information provided by its anti-intrusion software about the attackers’ escape plan, allowing attackers to steal as many as 110 million customer records.” We can see this in contact centres where the culture is not entirely positive and where employees are exposed to the risk of transgressing to the dark side. The temptation, especially for an individual on a zero hours contract and earning close to the minimum wage, in a harshly managed or oppressive environment, to sell data to a stranger...
