If it isn’t bad enough that a business has been completely disrupted: clients lost; systems down; thousands spent in recovering etc. etc., then the ICO arrive.
Such incidents can be seen in the press, on a regular basis. Dixons are in the news at the minute. Apparently they somehow allowed thousands of their tills to be corrupted, for a period of some 9 months, putting client data at great risk.
In one sense, Dixons were very lucky. The initial crime was committed when previous legislation was in force and GDPR had not quite made its debut. Dixons were fined the maximum permitted under the existing legislation, some £500, 000. Under GDPR this would have been considerably more. The new maximum penalty is increased to up to 4% of annual global turnover.
Dixons are clearly having their problems. One of the other stores in the Dixons group, Carphone Warehouse, had previously been fined £400,000 for similar offences.
I have a lot of sympathy for businesses, particularly SMEs. We have clients that we have been advising for 20 years and their businesses haven’t really changed that much. Take one area, for example, solicitors. Here, the work is much the same, involving documents, courts and the provision of advice. Whilst the work remains the same, the whole world has changed around them and it is difficult.
Equally, it is somewhat ironic that people seek advice from solicitors regarding GDPR. Obviously, they know Act and Section but data?