Earlier this month, experts from Google discovered two separate security flaws (known as Meltdown and Spectre) in computer chips made by Intel. The chips are used in the majority of laptops, smartphones and other electronics and could leave them vulnerable to hacking. With approximately 1.5 billion laptops used worldwide and roughly 9 in every 10 powered by Intel chips, the implications for this security breach could be vast.
Intel is already facing a class action lawsuit in the US and similar actions are likely to launch worldwide and with GDPR around the corner, it’s a reminder that all businesses need to be prepared for any potenetial data or security breach.
Under GDPR you must:
Have in place a disaster plan to follow in the event of a breach which employees are trained on. This can be used as a ‘reasonable steps’ defence in the event of breach.
Notify your customers/clients of any data breach within 72 hours. There may be further notifications that you may have to make (specifically if you work in a regulated industry) – for example to your governing body, professional indemnity insurer, bank or the police.
Data breaches can be costly. As well as the fines – up to 4% of an organisation’s global annual turnover or €20 million (whichever is higher) – companies should keep in mind any contractual penalties payable and the cost of potential legal action. In 2017, the ICO issued 44 fines totalling £3,107,500.
For more tips on how to get ready for GDPR, download our toolkit.