Government “get ready” warnings as new data protection regulations raise fears of fines

The government has warned of the increased fines organisations face for breaching Data Protection rules from May 2018, which could see fines as high as £17m.

Utility firms, transport firms, the healthcare sector and infrastructure companies are being warned to develop more robust safeguards to defend themselves from data breaches and cyberattacks, or face the costly consequences.

With mandatory reporting and massive fines being implemented in the next few months, the warnings cannot fall on deaf ears.

Events like the WannaCry hack last year that practically crippled a large proportion of the NHS could lead to such hefty fines. We’ve known for some time that the new legislation was coming into force, so organisations have had plenty of time to prepare for when voluntary adherence becomes mandatory compliance.

Minister of State for the Department for Digital, Culture, Media and Sport, Margot James, said:

“…we are setting out new and robust cybersecurity measures to help ensure the UK is the safest place in the world to live and be online. We want our essential services and infrastructure to be primed and ready to tackle cyberattacks and be resilient against major disruption to services.”

Guidance has been published by the Information Commissioner’s Office and the National Cyber Security Centre. Organisations – public and private – have no excuses for when the new regulations come into force, and it really will be a case of shape up or pay up; and the paying up part is set to be pricey.

If you’ve ever seen the film Die Hard 4, you can imagine the nightmare scenario of a cyber hack crippling a country’s infrastructure. The risk is real, and as well as situations that could bring the country to a halt or send our healthcare service into meltdown – costing lives – there are the financial risks for banks being hacked or telecom providers having sensitive informant stolen for criminals and fraudsters to then abuse.

TalkTalk is a prime example of that.

Data security is sacred. The new laws will put perpetrators to the sword, and if an organisation wants to avoid the very real possibility of monumental fines and legal damages claims, they need to act now.