Network & Security Blog

We are a company you can trust to deliver

The ICO, GDPR & Data Protection in Numbers

Some interesting facts and statistics on the ICO for the last couple of years. Leading up to the GDPR implementation in the next few months time, the fines are going to increase and every business should be aware of whats upcoming.

The Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

During 2016/2017 the ICO issued fines topping £3.5 million under the Data Protection Act and Privacy of Electronic Communication Regulations. (1)

 

The ICO dealt with a record 20,919 data-protection complaints and self-reported incidents across all sectors in that time span to 31st March, a rise of 14% on the previous 12 months. (2)

Data published by the ICO in May 2017 for 2016/17 revealed:

  • The ICO dealt with a record 20,919 data-protection complaints and self-reported incidents across all sectors in the year to 31st March, a rise of 14% on the previous 12 months
  • In 2016/17 the ICO was alerted to 2,565 breaches of data-protection law by the organisations involved, an increase of 31.5% on the year before
  • Of those breaches, 4% – approximately 103 cases – involved charities, making charities the sector with the joint fifth-highest proportion of self-reported incidents, alongside solicitors and policing
  • Charities were responsible for 4% of the self-reported data-protection incidents that were handled by the ICO in 2016/17
  • The health sector accounted for 41% of self-reported incidents, local government accounted for 11%, general business for 9% and education for 6%
  • The ICO finished dealing with 2,445 self-reported incidents in 2016/17 and handed out monetary penalties in 17% of cases
  • In 1,680 cases no action was required, in 638 cases the data controller was required to act and in 68 cases an improvement plan was agreed between the ICO and the data controller
  • In a statement, the ICO said it had become easier for organisations and the public to alert the regulator to concerns because of its new live chat services and online reporting tool for the public and new self-assessment tools for organisations

 

The ICO also published statistics about the number of issues it had dealt with in relation to marketing and nuisance calls across all sectors. It received 167,018 complaints about marketing that broke the Privacy and Electronic Communications Regulations 2003 and handed out a record 23 fines, totalling more than £1.92m, for what it called “a range of unlawful marketing activities”. (3)

Since January 2017 the ICO have kept us informed of the developments leading up to the new General Data Protection Regulation (GDPR) enforcement which is due on 25th May 2018.

Find out the full details on the ICO’s ‘What’s new?

 

ICO fee and registration changes for 2018

As the countdown continues to the implementation of the GDPR taking effect in May this year, the ICO are notifying businesses about the change in fees. Under the current Data Protection Act (DPA), organisations that process personal information are required to notify with the ICO as data controllers (unless an exemption applies). This involves explaining what personal data they collect and what they do with it. They are also required to pay a notification fee, based on their size, of either £35 or £500.

Find out more about the new ICO fee changes here.

Cyber Security & Data Protection

If we were to ask you to define cyber security, what would you say? You understand the concept but need to know more?

The definition of Cyberspace is an electronic medium of digital networks used to store, modify and communicate information. Cyberspace influences and makes a big impact on our lives, our businesses and services. You would assume that your personal information in cyberspace would be secure and protected. We are all aware that isn’t the case in reality.

The UK government are making on-going transformations to protect UK citizens and businesses. They have a mission to protect people from threat actors that use data for inappropriate, malicious and illegal purposes.

Cyber Security plays a massive part in the private and public sector. From national security, the fight against terrorism, crime or industrial devastation for example. Cybercrime is an everyday occurrence. The risks of storing data in Cyberspace are huge but necessary and protective security measures should be taken.

Being Secure Online in Business

Security threats build and the government need to step up their game.  They are attacking the problem but is it enough? It’s not solely just up to the government to sort the problem. It is the responsibility of companies and us as a country.

Cyber Security is a topic that we should educate ourselves about. Who and what are we dealing with when it comes to cyber security and data protection?

  • The cyber space pirates – this includes hacktivists groups and terrorists. Their resources, accessibility and capabilities are huge. They have the ability to cause carnage on computer networks. Targeting the government, the military, businesses and individuals
  • Cyber space crime is an extension of normal crime. The difference is, the pirates don’t need to be in the location of the crime to do the deed. It’s a crime that can be free, cheap and on a massive catastrophic scale
  • The heartless pirates can use software (malware) to demolish cyber infrastructure. This could be as simple as taking a website offline or just damaging infrastructure. A process known as CAN (Computer Network Attack)

Businesses have a responsibility to their customers to keep their data safe, as well as to shareholders and investors to remain competitive in a global marketplace.

The new GDPR due to come into force in May 2018 will help tackle the data protection issues. **Insert a link to your GDPR articles. You could make reference to some key points. The government are trying to build a country where people know that there data is protected and they can move forward with confidence to use the internet.

How are the government going to deal with cyber security and data protection?

  • Attacking the problem and the source
  • Making businesses realise their responsibilities when it comes to data protection
  • The government will educate organisations so they know how to protect the data
  • A realisation that so far, the government’s effort to deal with the issue has been insufficient
  • Efficient cyber security risk management is vital
  • There needs to be compliance or there will be a fine!
  • There will be a regular review of the challenges
  • The government will get a better understanding of cybercrime and deliver programmes
  • They should be aware of the constant threat changes
  • Cyber insurance policies should be available to an organisation to cover them against a range of cyber risks

https://www.cyberaware.gov.uk/