Will GDPR combat data breaches?

The recent Equifax breach in the United States, where up to 143 million people may have had their most sensitive data leaked, is a case in point. It was a big deal. It remains to be seen if anyone in Equifax will face jail time, but it’s already resulted in the CEO, CIO and CISO being forced to leave the company.
criminal records

This will come as no surprise but people are fed up with their personal information being leaked. The recent Equifax breach in the United States, where up to 143 million people may have had their most sensitive data leaked, is a case in point. It was a big deal. It remains to be seen if anyone in Equifax will face jail time, but it’s already resulted in the CEO, CIO and CISO being forced to leave the company. Contributor Kim Lessley, Director of Solution Management – Cloud Security, SAP SuccessFactors.

Although the Equifax example happened in the US, similar breaches such as the 2017 Uber hack, which affected 57 million customers all over the world, or the breach of confidential data that may have disclosed the identities of undercover agents working for the Swedish security service and police, show that data breaches are very much a global concern. For Europeans, the right to data protection and privacy is a fundamental right.

This right has been further strengthened with the latest general overhaul of the data protection and privacy legislation, the EU General Data Protection Regulation (GDPR), which will apply in May 2018. Potential fines for not following the GDPR are no longer a slap on the wrist, but instead could seriously endanger a company’s livelihood. Along with increased fines, there is also talk of possible jail sentences for senior managers in cases of intentional violations. Realistically, the average employee is not likely to face jail time for not following proper data protection and privacy policies, but data protection and privacy is everyone’s responsibility in a company.

Under GDPR, it will become mandatory for certain companies to designate a Data Protection Officer. This will be the case for all public authorities and bodies that process personal data, and for other organisations that – as a core activity – monitor individuals systematically and on a large scale, or that process special categories of personal data on a large scale.

The DPO is responsible to advise and monitor data protection compliance within the organisation. Typical tasks of a DPO include: Informing, advising and issuing recommendations to the company regarding compliance with data protection laws and GDPR. Assisting with the implementation, management and monitoring of data protection strategy and the creation and roll-out of policies, guidelines and data protection awareness training.

Monitoring compliance against the relevant data protection and privacy regulations Identifying and managing risks related to data protection, and escalate data protection risks and issues to executives, as needed. Cooperating with the designated supervisory and other data protection authorities, and consult, where appropriate, on issues relating to data processing; Provide advice where requested as regards the Data Protection Impact Assessments (DPIAs) and monitor their performance accordingly.

To use the Equifax example again, if they were subject to the upcoming GDPR regulation, they could have faced a fine of around $62.9 million (based on its 2016 operating revenue of $3.145 billion) for not reporting the data breach earlier – and senior management may have faced criminal charges. A good DPO would have advised the company to come clean immediately. Unfortunately for them, they did not do that and Equifax is now a household name in the US – for all of the wrong reasons.

Read more

Latest News

Read More

Business ethics v the bottom line

22 December 2024

Newsletter

Receive the latest HR news and strategic content

Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

Latest HR Jobs

Location : Malvern Contractual hours : 35 hours per week Basis : Full Time, Permanent The job requirements are detailed below. Where applicable the skills,

University of Nottingham – HR Business Partnering & Emp Relations Salary: £34,866 to £46,485

HRUCSalary: £36,964 to £39,023 per annum including London Weighting

Swansea University – Human ResourcesSalary: £26,038 to £28,879 per annum

Read the latest digital issue of theHRDIRECTOR for FREE

Read the latest digital issue of theHRDIRECTOR for FREE