Is size important? The consequences of data breaches for all sizes of organisations
Data breaches can happen to any business. Incidents at large organisations – such as Dixons Carphone, Superdrug, BUPA and most recently BA, twice, all hit the headlines.
This would give anyone the impression that they are the most frequent targets, when in fact, they’re not. Breaches occur most often at small and medium sized businesses for the simple reason that there are a lot more of them and they are easier to hurt. Such breaches don’t make headlines so you don’t hear about them. But they happen every day!
Of course, there’s little comfort to be had in reassuring customers public that “it was only a small breach”. You might avoid the public humiliation that the likes of Facebook and Equifax suffered after revealing mammoth breaches, but the damage will be proportionate to the size of your organisation. If you breached one in four of your customers’ records, that’s 25% of your customer base that you might not get back again and 100% of customers whose trust you need to win back.
How will GDPR effect a business that has suffered a breach?
Many people believe that they are exempt from the EU GDPR and, the large fines that come with it. They believe this because they are a small business and whilst the regulation does make some allowances for SME’s, none of them is exempt. This is a MYTH!
The two exceptions to this are certain derogations for businesses with fewer than 250 people and the acknowledgement that defences should be adopted “as appropriate”. This means that larger organisations will be expected to have more thorough defences, whereas SMEs can use simpler methods but the defences have to be in place.
The ICO will take an organisation’s measures into account when determining any fines. It is good practice to make your defences as strong as possible – whether they’re technologies, policies or processes – but you also need to make sure you have the resources to cover and maintain them.
GDPR and the 25th May will always be linked as some sort of deadline day. If you didn’t achieve compliance by then, the world would come to an end. But […]
Data breaches can happen to any business. Incidents at large organisations – such as Dixons Carphone, Superdrug, BUPA and most recently BA, twice, all hit the headlines. This would give anyone the […]
Yet another example of an email using the CC (carbon copy) field instead of the BCC (blind carbon copy) field. This time, it was Premiership side West Ham United Football Club. The email was sent […]