The legislation launched to tighten up on the way organisations collect, store and use personal data appears to be having a substantial impact, according to recent reports. The Information Commissioners Office (ICO) has announced that since the EU GDPR went live in May, there has been a sizeable upturn in identifying and reporting data breaches.
The ICO says it has logged 205 privacy complaints connected to the General Data Protection Regulation. Overall complaints it has received are up 75% when compared to last year (source: https://www.thetimes.co.uk/article/surge-in-breach-of-data-reports-since-launch-of-gdpr-vlms85cnk).
However, more whistleblowing doesn’t mean that UK consumers can rest easy. Among the major brands whose data problems have been exposed since the GDPR became official are Dixons Carphone and Ticketmaster.
First failure post-GDPR
Perhaps the most shocking was Dixons Carphone, which trades under names which include Carphone Warehouse, Currys, PC World and Dixons Travel. Not only were their two cyber crime incidents on a grand scale, the company also had to admit to them within days of the GDPR going live.
The electronics retailer had to report the theft of around 1.2 million user data files. This meant that a catastrophic 5.9 million card details were exposed. Fortunately, this was balanced by the fact that the most sensitive card details were protected, making it impossible for large scale fraud to occur.
Ticketmaster data breach
Ticketmaster has also been forced to admit a data breach. The ticket seller discovered that malware had been used against a third-party vendor. This meant that records on 40,000 customers – including card details – had fallen into the hands of hackers.
There is a belief that Ticketmaster is set to be the first company to experience the full force of GDPR penalties. The legislation carries fines of up to 4% of global turnover or £17m, whichever is larger.
Get the right help
If nothing else, these two high profile cases prove that GDPR – and the work companies must do to become compliant – is not in itself a solution. Cyber security and managing data privacy and security have been described as a journey, not a destination.
This is why Y2X is training veterans to transition from the military to become data management experts. They can use their specialist skills and experience to be part of the continuing battle against ever more sophisticated cyber criminals.