Yet again British Airways finds itself in the news for all the wrong reasons, as Simon Calder’s article in the Independent explains.
But before anyone revels in BA’s discomfort, how many other businesses have had a similar if less public experience, or how many businesses will experience something similar soon?
The new data protection regime, which came into effect earlier this year, places clear obligations upon all organisations, which control personal data, to take “appropriate technical or organisational measures” to secure that data.
What is “appropriate?”
Well adopting the “Risk Based Approach,” advocated by both the ICO and NCSC will help determine that, ensure your efforts have focus and avoid wasting money.
Whilst a good number of businesses are endeavouring to do the right thing. There are plenty who are yet to address their data protection responsibilities, which is a high risk strategy. The Regulator has been clear; they want to work with organisations who act responsibly, not penalise them punitively. But for those who simply ignore the new regime and fail to meet their data protection responsibilities, the penalties could be severe?
Simon Calder’s article makes reference to the fine imposed on Talk Talk. But that was under the old regime where the limit was £500,000. BA’s breach is under a very different regime, with the potential for fines of €20 million or 4% of BA’s global turnover, whichever is the higher. That’s before you look at the costs associated with compensating passengers and the financial impact from reputational damage.
For further guidance or assistance with adopting a “Risk Based Approach” in your own business and “implementing appropriate technical or organisational measures,” why not contact us
2 votes, average: 3.50
Loading...