The tightening of data protection law
- AuthorTracey Dickens
Following the news that 143 million people have been hit by a data breach at Equifax, Tracey Dickens comments.
The tightening of data protection law with the new GDPR is aimed very much at security breaches like this. The new General Data Protection Regulation (GDPR) makes it a requirement for such breaches to be reported to the data protection authorities within 72 hours, and for affected individuals to be notified where the breach is likely to result in a high risk to their rights and freedoms.
Both data controllers and processors will be caught and if swift damage limitation is not instigated then big fines are likely to follow. Organisations operating outside of the EU will still be subject to the rules in relation to any data subjects within the EU; how enforceable such arrangements will be remains to be seen. Based on the current guidance, Equifax will be relieved the GDPR is not yet in force, as the reported circumstances of the breach suggest to quite significant failings and would likely attract a large fine.
I am based at our Colchester office and can be reached on 01206 217 326 or email firstname.lastname@example.org.