GDPR, we all now know the phrase, the day came, and everyone scrambled to be compliant… but what now? What are the dangers of badly stored data, besides the fine that will be handed to you if the ICO sees fit?
This is not something that is new, this is something that has been transpiring for years, but what is new with it? Extorsion. Things are constantly changing, it used to be threatening enough to hack into a company’s servers, steal the data then use the said data to steal information or identities. The new thing that hacker groups seem to do (one being Rex Mundi) is to steal the information and then threaten the company to release the information (maybe now they will look at a more “GDPR” approach? Such as threatening to send the ICO information?) Although it’s still unclear exactly what fines the ICO would be prepared to levy for specific types of attack, the hacker could estimate the likely penalty and then demand a ransom less than that amount.
This one is more related to GDPR than cyber-attacks, this would come into play if you are requested to find information and you are not able to find where it is stored. There is also data that you might not even know that you are storing or capturing! This should not be the case, however, if a proper data process flow check was completed prior to the 25th of May.
GDPR is here to stay, yes but “what about Brexit?”. Yes, the UK is going to be leaving the EU, but here is the thing because Article 50 was triggered in March 2017, GDPR has taken effect before we have left therefore it is here to stay.