What I find most disturbing is how companies across Europe and across the world, are being depicted as footloose and fancy free with their customer’s personal data!
Article after article seems hell bent on exposing companies who have suffered a data leak where this publicity will in many cases irreversibly damage those companies reputations by implying they shouldn’t be trusted with personal data as it will be stolen!
The important point here is the word “stolen” because the “selling” of personal data without a customer’s permission is of course absolutely wrong and it was the introduction of GDPR that made it a very serious offence!
However when data is “stolen”, whilst still a very serious issue it is quite different for blatantly obvious reasons and yet we find company after company being treated in the media in such a way that can place in jeopardy their very existence when in reality it is they, along with their customers, who should be treated as victims.
I’m sure many reading this will be of a mind that it is only because of weak security protocols, outdated IT systems and lack of staff training that leads companies into a serious data breach and I would agree, however if you asked the worlds leading cyber experts “is there any cyber security system that is impenetrable by even the most sophisticated cyber criminals” you will all know what the answer would be… no system is 100% safe… probably not even 90% I would hazard a guess!
So hypothetically if a company had the most advanced cyber security with the most highly trained staff and the most sophisticated IT system in the world and they had a data leak and every single piece of their customers personal data was stolen… what does that say about the regulations!!
In my view it has been a classic case of LAZY LEGISLATION and with the exception of fines for selling personal data without permission, most of the rest is just taxation where little thought is given to the consequences to small businesses who suffer a data breach. Many businesses are unable to afford the cyber security systems they should have and are less likely to survive the financial repercussions of any adverse publicity!
In many ways it is similar to Speed Camera legislation. They will always be defended as instrumental in bringing down the number of accidents and possibly they have but to many it is generally accepted as being yet another form of taxation. I can clearly recall being caught doing 46mph in a 40mh zone at just past midnight on a very quiet country road with nobody around!
After two years of GDPR and the likelihood of continuing growth in cybercrime it is time for a re-think in the legislation. In my view there should be mandatory security specifications set out in the legislation and enforced by the ICO. This would provide every business with a minimum standard of cyber security... a benchmark... they should have in place. At least a business would then know where they stand where failure to have reached that standard when a data breach occurs then they would have to suffer the consequences of failing to take the issue seriously.
At the moment even a minor data breach could bring a catastrophic end to your company!
31 Aug 2020 23:53 Read comment
Sharmil PatwaMD at Opus Una
Darren ThomasMD at IHS Markit
John BertrandMD at Tec 8 Limited
Angela YoreMD at SkyParlour
Alastair RutherfordMD at ASCENDANT STRATEGY LTD
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.