Despite the toughening of rules and the harsh treatment of companies by regulators and the media, some organisations with big budgets and extensive capability are continuing to exercise scant disregard for safeguarding the personal data of their customers.
News of the Equifax data leak emerged from the US, which saw the data of 143 million US citizens and, potentially, some 400,000 UK citizens compromised.
The US company said an investigation had revealed that a file containing UK consumer information “may potentially have been accessed”. The data includes names, dates of birth, email addresses and telephone numbers, but does not contain postal addresses, passwords or financial information.
The resignations of the chief information officer and chief security officer may have been pretty quick, but it didn’t stop dozens of US authorities at state level launching legal action against the firm.
This latest large-scale, big news information data security breach may have happened in the US, and may only affect a relatively small proportion of UK citizens. With GDPR now in place, here we consider how the breach would be treated under GDPR.
Although the timeline and the company’s reporting around it is questionable, here’s what is currently known:
It may well be the longest word in the English language but IF the Equifax cyber security breach had happened under GDPR, then the following rules would apply, shaping the response from the perspective of compliance and regulation.
No reporting delay
Continual breach monitoring
Need to prove consent
Right to be forgotten
It should also be noted that it is entirely possible, that IF the organisation implemented robust information security procedures and practice in line with GDPR, the breach may have been prevented in the first place…
GDPR entered force on 25th May 2018. All organisations and businesses are in scope and there are no quick fixes to compliance.
The best approach is a thorough assessment of where your business stands currently on its IT security arrangements, and then a plan to get to where it needs to be to meet the GDPR standard.
Take the first step to developing a clear plan of how to get to where you need to be to achieve compliance with the GDPR standard, simply get in touch with us today.
For more than 20 years, Paralogic has been working with small and medium sized businesses, providing outstanding IT support that they can rely on. We’re thrilled, therefore, to be named among the best MSPs in…Read More
The European Union’s General Data Protection Regulation (GDPR) is the most significant shake up of information security for many years. Despite the toughening of rules and the harsh treatment of companies by regulators and the…Read More