The rise in data breaches under the spotlight - Part 1. Implications on organisations

In a new 3 part series, Clive Mackintosh, CEO of GDPR Representative services firm GDPR Rep, explores recent UK data breaches and the implications for the associated organisations.

The UK GDPR is the primary data protection law in the UK, imposing extensive requirements on organisations regarding information security, record keeping, and general information management legal issues.

Failure to comply with the UK GDPR can result in severe penalties, including fines up to £17.5 million or 4% of the organisation’s total worldwide annual turnover, whichever is higher.

Additionally, organisations may face compensation claims from affected individuals and potential liabilities for breaching contracts required under the UK GDPR.

The rise of data breaches in the UK poses significant risks and challenges for organisations of all sizes. This is highlighted by the record fines imposed on British Airways and Marriott International by the Information Commissioner’s Office (ICO).

In 2020 British Airways (BA) was fined £20m ($26m) by the ICO for a data breach which affected more than 400,000 customers. The data breach happened in 2018, when BA systems were attached and compromised, this resulted in customer data being stolen, including payment details, name, address and more. It took two months for BA to be made aware of the breach by a researcher, and then notify the ICO.

Marriot International was fined £18.4m ($23.98m) for a long-running data breach that could have impacted up to 339 million guests. The breach originated from an attack on the Starwood Hotels Group in 2014. Marriot acquired Starwood Hotels Group in 2016, but it was not until 2018 that the breach was identified. The attackers accessed personal data including names, contact details, passport numbers and more.

The implications of data breaches for organisations are multifaceted. First and foremost, the loss of confidential data, whether an organisation’s or customer data, can have a direct impact on the ability to conduct business operations and maintain customer trust and loyalty.

Compliance with the UK GDPR is crucial for organisations to mitigate the risks associated with data breaches.

In part 2 of this series on the rise in UK data breaches, we will be examining specific organisations that have been the unwitting victim of a cyber attack, resulting in the loss, disclosure and theft of individuals' personal data on a catastrophic scale.

In part 3, we will look at the aftermath of the data breach from the perspective of both the organisation and its customers.

If you are looking into how your organisation can fulfil its regulatory requirements, including the UK GDPR why not schedule a no-commitment call with a GDPR representative expert today, or get a quote to understand how our value pricing makes compliance simple.