Data breaches are a major threat to businesses large and small.
It was revealed that the ride-sharing firm, Uber, concealed a data breach for an entire year that affected 57 million customers and drivers.
The 2016 data breach was concealed by Uber who eventually paid hackers £75,000 to delete the data.
This is just the latest in a line of data breaches for major companies, which is concerning, as it would appear that even large multinationals are not implementing measures to ensure data breaches do not happen, let alone reporting them within a sensible timeframe.
The last 5 years have seen some of the largest data breaches in history.
2017 – Uber – 57 million accounts. 2017 – Equifax – 143 million accounts. 2016 – Adult Friend Finder – 412 million accounts. 2014 – Ebay – 145 million accounts. 2013 – Yahoo – 1.5 billion accounts.
Some of these huge data breaches have resulted in financial penalties, but maybe not as large as could have been possible had these breaches occurred after 25th May 2018, which is when the new GDPR legislation comes into force. It is thought that Uber’s 2016 revenue was $6.5bn, meaning that under the GDPR, their fine could have been $260m!
The penalties under the GDPR will be a minimum of €20m or 4% of annual global turnover.
Now, you may not be part of an organisation with a large turnover such as Uber’s, but minimum fines of €20m can be catastrophic for businesses and it’s vitally important you are best prepared for the GDPR coming into force next May. Remember, the potential fine is €20m or 4% of annual global turnover (not profit).
Not only will you need to have measures in place to minimise the risk of a data breach occurring, you’ll need to implement measures to quickly recognise when a data breach has occurred, and report a breach to the ICO within 72 hours. (not a year, in Uber’s case!)