You could almost imagine that GDPR has disappeared off the face of the Earth now the clamour has died down.
Not so!
Which is why we invited data protection expert Karen Heaton to share with us some of the practical issues that we all still need to think about.
In her second article on GDPR in the real world, Karen looks at data breach penalties.
We all know about the potential for huge fines from the new EU General Data Protection Regulation (GDPR) and now the UK Data Protection Act 2018. These have been grabbing headlines for over a year in the lead up to Implementation-Day of 26th May 2018.
Most headline penalties are based on the highest maximum level of fines 4% of global annual turnover or Euro 20m, whichever is higher. But there is also a standard maximum level, which is 2% of global annual turnover or Euro 10m. Yes, both are hefty penalties – as they apply to turnover, not profits.
Higher level penalties can apply to any failure relating to: the data protection Principles; rights of the individual and data transfers to third countries.
Standard maximum level penalties can apply to infringement of administrative requirements of the regulations. So, breaches of controller or processor obligations, for example.
The size of the penalty will depend on a number of factors: the behaviour of the organisation; what steps have been taken to be compliant; how this can be demonstrated to the ICO and whether the organisational culture takes data protection seriously.
Heathrow Airport data breach loss of a USB stick in Oct 2017 – penalty of £120k was levied under the previous Data Protection Act 1998. The investigation by the ICO found:
Bayswater Medical Centre – left sensitive data in an empty building in July 2015 – penalty of £35k levied under the previous Data Protection Act 1998. The investigation by the ICO found:
Bupa Insurance Service Limited has been fined £175k for failing to have sufficient measures in place to protect customers’ personal data.
Well, a number of risk reduction steps should be taken: staff training in data protection; data handling guidelines; security procedures – physical and electronic; encryption of removable devices; restriction of data downloads; understanding your role – Controller/Processor; Data breach procedures; being able to demonstrate compliance with data protection regulations; building a culture of taking data protection seriously. There’s more. See our checklist!
Today’s fact. The ICO quarterly statistics on reported data security incidents found that in Q4 2017, four of the five leading causes (cases where the ICO took action) involved human errors and process (control) failures.
=> Employee training and data handling guidelines are ‘must haves’ for organisations processing personal and Special categories of data eg – Medical data/ child data.
See you next week!
Karen
We don’t believe in forms, we believe in talking to people, finding out your needs and tailor-making a solution just for you.
Give us a ring on 020 7125 0270 or email us at info@bluedotconsulting.co.uk
“Michael and the Blue Dot team have been an essential part of our journey from startup through to being an established company, and we look forward to continuing working together long into the future. They have always been on hand to offer support and sound advice whenever it is needed.”
“Blue Dot have been our accountants and bookkeepers since the very beginning of our business, and have been nothing short of outstanding throughout.”
“Blue Dot Consulting went above and beyond in helping us navigate not only the transition to cloud-based accounting but also in leading our accounts team through a broader period of transformation.
Their deep understanding of our unique needs and challenges was evident from the outset. They provided unwavering support to our team, ensuring they felt confident and well-prepared for the changes ahead.”
“Thank you again for your help and training so far – it’s honestly been invaluable.”
“I’m no expert but it has been transformative the help and advice I get from Michael and his team.
Michael was fantastic. He quizzed me on how my business worked financially and was super patient with me. Explaining everything in a non-accountancy manner. He then showed me how to utilise all the less obvious tools in the program, which he continues to do, so that I can see immediately what monies held belonged to my company and what is held for clients. I now do my own VAT returns and payroll because of his help and continued support.”
“I really enjoy working with Blue Dot Consulting — they’ve helped me take control of our financial situation in a practical, no-nonsense way.
They take a common-sense approach and, most importantly, they get things done. For example, we now have weekly planning and forecasting calls, along with monthly cash flow reviews using simple, easy-to-understand spreadsheets.
Their support has made a huge difference in how we manage and plan for the future.”
“As the business owner, it can get lonely making all the decisions. I feel I have a ‘silent FD’ that I can call, challenge and that any idea is OK to discuss, and to arrive at a sensible way forward.”
“Having someone in the room that is happy to (in a structured way) challenge the norm and not simply accept that, because things look good, we should stop looking to improve.”
“Blue Dot are uncompromisingly systematic and thorough so that you can get on with running your business.”
“Outstanding service and support. They get things done, just what you need. Recommended.”
“It was the genuine level of care and interest in what we do as a business.
The regular check-ins and the effort to ensure the systems they’ve implemented are working for everyone stood out.
It felt like more than just a service, it was a partnership.”
“I’ve been delighted with both the service and expert advice I’ve received from Michael and his team. They take the weight off my shoulders when it comes to my business’s financial requirements, allowing me to focus on building and managing the company.”
“We are a small organisation with no in-house financial expertise, so it’s a huge weight off my mind knowing that I can rely on Michael and his team to take care of everything.”
“I can wholeheartedly and highly recommend Michael and his team at Blue Dot as an exceptional accounting firm. They put my mind at rest knowing I am in excellent hands.”
“Michael and the team are my saviours. Always helpful, approachable and reliable. They show an interest in my business and give excellent advice and recommendations. Above all, they are highly likeable and fun to work with.”
“They went above and beyond in helping us navigate not only the transition to cloud-based accounting but also in leading our accounts team through a broader period of transformation.”
“You guys are brilliant. It’s been a challenging few weeks facing up to the issues but I do feel positive towards them now and I feel a weight has lifted from my shoulders. I am honestly so thankful!”
“I was a little apprehensive about working with a new accountant but I didn’t need to worry – I have found their approach to be friendly, genuine and they go above & beyond to help.”
“Michael’s straightforward, practical and tailor-made approach was perfect for me and our business.”
“Blue Dot have been our accountants and bookkeepers since the very beginning of our business, and have been nothing short of outstanding throughout.”
