A GROWING number of businesses are receiving fines from the Information Commissioner’s Office (ICO) for business data breaches, a Hampshire expert has warned.
The ICO has more than 60 different monetary penalties for organisations which fail to protect their data.
The biggest fine is up to £17million, or four per cent of annual turnover, whichever is the largest.
Paul Wallis, privacy information management expert at Hampshire-based Hantec Systems, said the biggest risks of a breach came from within an organisation and were often the result of insufficient training and awareness.
He said: “Many organisations do not know how to spot a potential ransom attack or do not realise the potential consequences of their non-deliberate actions, putting itself at a higher risk of being fined by the ICO.
“But to reduce the risks of fines, it is vital for business owners to implement robust industry standard management systems (ISOs).
“ISO systems are good business practice and ensure organisations have policies and procedures in place which reduce business errors that could lead to extremely large fines from the ICO.
“If a business is caught out by the ICO it could have very serious consequences for the organisation and its staff. The biggest mistake we all make in life is thinking that it will never happen to us. Be sure to protect yourself and business wherever possible.”
Mr Wallis has recently enhanced his knowledge of GDPR and data protection through a privacy management development course.
Hantec Systems, based at Upper Market Street in Eastleigh, is an outsourced compliance department, specialising in areas such as sustainable growth, health and safety, environmental management and information security.
Every organisation or sole trader processing personal information needs to pay a data protection fee to the ICO unless exempt.
Those who have fallen foul of its financial penalties have included the Cabeint Office, which was fined £500,000 for publishing the postal addresses of the 2020 New Year Honours rercipients online for two hours and 21 minutes.
Last month, the Royal Mail and Reed Online were fined £20,000 and £40,000 for breaching direct marketing rules by emailing customers who had not consented to being contacted.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here