"Not another email about GDPR!!!!" I hear you cry!
Afraid so, but just to let you know that the Data Protection Act 2018 finally received Royal Assent on 23rd May 2018 (all 300+ pages of it); and also to explain why it is important to take GDPR seriously!
The Information Commissioner’s Office (ICO) last week fined the Crown Prosecution Service (CPS) for a data breach.
The CPS lost unencrypted DVDs containing interviews with 15 victims of child sex abuse, which was to be used in evidence in a trial. It is understood that the DVDs were sent by tracked delivery in November 2016 from the CPS office in Guildford to its office in Brighton (which is a shared building). The DVDs which were not in tamper-proof packaging were delivered before 7am and left in reception. It was not realised that the DVDs were missing until the following month, when the employee who requested them, returned from annual leave. The CPS area business manager was not formally notified until February 2017 and the ICO notified two months later. The DVDs have not been found.
The CPS has been fined £325,000. The fine can be reduced by 20% (‘early payment’ discount) if it is paid by 13th June.
What’s the significance?
Whilst the above case was decided under the current Data Protection Act 1998, where the maximum fine is £500,000; under GDPR the maximum fine that can be imposed is the greater of €20,000,000 or 4% of the total worldwide annual turnover of the preceding financial year, so who knows what the fine might have been, if it was considered under the new GDPR regime coming into force on 25th May 2018 i.e. today!
With this in mind…
SENTIENT’S PRIVACY STATEMENT
You can unsubscribe from receiving these Information Updates at any time by clicking on the unsubscribe link below.