The ICO has told UK businesses to sort out data protection right now, even though the new European Data Protection is only scheduled to come into force by 2017 at the earliest.
“There is a lot going on in data protection that UK firms should be aware of besides the new EU data protection rules,” deputy information commissioner David Smith told a Westminster eForum in London.
The ICO now has the power to fine organisations for unsolicited phone calls and e-mails, and the practice of enforced subject access requests by employees have now been made a criminal offence.
It is also worth noting that the last five monetary penalties issued by the ICO involved private sector organisations, which shows that the ICO is now being more proactive in going after private businesses who break the data protection rules.
Our analysis of the enforcement notices served by the ICO over the last few years still show that weaknesses in information security is still to blame for the large majority of data protection breaches. These include weaknesses in technical security controls such as not using encryption when storing personal data, as well as lapses in staff security awareness leading to negligent handling of personal information.
This shot across the bow of UK private businesses by the ICO should be heeded. Talk to us now to see how we can help you with your data protection challenges.