The British government has proposed a data protection bill meant to give the British people more power and control over how their personal data is used. The bill proposes a number of changes to the current data protection laws the most notable being; easier access to all data held by companies, increased ability to withdraw access as well as the ability to request data deletion.
The regulation which will bring GDPR (General Data Protection Regulation) into UK law is set to be in effect in less than a year according to Matt Hancock, the UK Digital Minister behind the proposed bill. Hancock states that the new data protection laws will offer the UK a more dynamic and robust set of data laws. In a statement issued by Hancock, ”UK citizens will have more control over how their data is used. The proposed data laws will also prepare UK citizens for Brexit.”
The new regulation has caused concern in organizations across the UK given the fines applicable are easier to issue and more damaging to companies which fail to comply. For instance, fines could amount to 4% of a company’s total global turnover which could easily lead to the downfall of many companies in the event of serve fines. Currently, data protection fines can’t exceed £500,000.
Data protection incidents
Data breaches in the UK have increased in the recent past. Hundreds of thousands of UK citizens have been left exposed by data breaches in the past. A notable example is the data breach that hit UK’s leading payday loan lender Wonga. The incident affected approximately 245,000 Wonga customers in the UK and 25,000 in Poland.
The Wonga data breach happened in March 2017. Wonga, however, waited until April 2017 to notify its clients after establishing the extent of the breach. The incident saw Wonga customer’s names, addresses, phone numbers, bank a/c and sort code numbers stolen. Wonga has suffered another data breach back in 2012/13. The identity theft incident saw Wonga customers lose £3 million after scammers made over 19,000 fraudulent payday loan applications.
UK telecom company TalkTalk has also been a victim of a data breach. In October 2015, TalkTalk systems were hacked compromising customer information belonging to 157,000 customers. The company was fined £400,000 which was far from substantial according to many people. The importance of better data protection laws can’t, therefore, be ignored. With the new laws, firms must be more vigilant in protecting customer’s data or face serious repercussions. Research from Veritas indicates that only 9% of companies in the UK have appropriate data protection practices in place today even with the ongoing regulatory changes.
With the proposed data protection laws set to take effect in less than a year, it is important for organizations to take all the necessary steps in the right direction.
Organizations using cloud and automation technology already will find it easier to cope with the new data protection laws. When GDPR comes into effect, all organizations handling personal data belonging to UK citizens will have to comply. The first step towards compliance is getting the right IT systems in place. Safeguards must also be built into all processes from the beginning to the end.
Organizations may also be forced to move data. According to Peter Godden, Vice President of EMEA at Zerto, businesses may be required to move critical data in/out of Britain to comply with the new regulations. Many companies stand to struggle to move critical data across various systems without experiencing problems like downtime. Good businesses continuity plans are crucial going forward for companies keen on avoiding data migration problems.
The new data protection laws will also introduce data storage challenges. According to Matthew Bryars, CEO of Aeriandi, ”many companies have not considered the impact of GDPR on data storage processes such as storage of customer calls done to improve customer service. The new laws give customers an express right to demand for their personal call information/data to be erased. The laws are also more stringent on backup and storage of voice call data. Businesses must develop the capacity and ability to store and retrieve customer call data faster on request.”
Nexsan COO, Geoff Barrall also shares the same sentiments. According to him, ”CIO’s must evaluate their current IT infrastructure and create purpose-built secure data storage environments to be able to meet the new data protection laws. Barrall stresses the need for either cloud-based or on-site storage customer data storage solutions as long as they are flexible, agile and secure.”