In an earlier post related to the GDPR, (Have you figured out how the GDPR will impact your mobility program?) we reviewed many details related to the soon-to-take-effect law designed to drastically enhance data protection for EU residents and provide a consolidated framework to guide business usage of personal data across the EU.
In the previously mentioned post, we described the scale and the degree of severity for those that do not comply. While fines for data breaches and infringements will be reviewed on a case by case basis, there are really two levels of fines. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher. The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher. These fines are attention-grabbing and are a motivation for companies to ensure compliance with this regulation.
This article, from HR Grapevine, (Sound the alarm: Reporting data breaches under GDPR) discusses the requirements for companies when it comes to data breaches for any reason, and explains the role of the Information Commissioners Office (ICO).
As May swiftly approaches, will you be up-to-speed on securing your employee's data within your mobility program?
Under GDPR, data controllers must report data breaches. These breaches entail “the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data,” according to the Information Commissioners Office, (ICO) and can occur from several intrusions. These breaches can vary from hacks, to human error, to loss of equipment, and so on. Whilst the rules about exactly what constitutes a data breach are complex, the ICO should only be notified when the breach involves personal data. “Any data which if leaked or hacked could compromise the privacy of individuals need to be considered high-risk,” Mike Shaw, Managing Director of Validium, warns.