The Dixons data breach
In June this year, it was announced that Dixons Carphone (owners of Currys, PC World, Carphone Warehouse and Dixons) had suffered a data breach affecting 1.2 million individuals when their processing systems were infiltrated by hackers. The breach occurred in July of last year, (so pre GDPR) and involved the leak of personal information including names, addresses and email addresses. Information on 5.9 million payment cards was breached (105,000 of those cards didn’t have chip and pin protection), although there appears to have been no bank fraud committed.
The bigger concern is around the leak of personal data, which can help hackers gain insights into individuals’ personal details, habits and patterns. This has been in the headlines ever since the massive wake-up call prompted by the recent Facebook and Cambridge Analytica story.
It has now been announced that rather than 1.2 million individuals being affected, that number is far higher and closer to 10 million people
Luckily for Dixons Carphone, the breach occurred before GDPR came into force, and so it is unlikely to be dealt with under the new legislation but it highlights that even very large companies have some way to go to ensure full GDPR compliance.
The company is likely to be fined anything up to £500,000 if they are found to be at fault. If this had happened within the past couple of months, the company could have been fined up to 4% of its annual turnover, potentially a far larger amount.
The Information Commissioner’s Office in the UK (the ICO) is working with the National Cyber Security Centre, the Financial Conduct Authority and other authorities to investigate the breach and work out the impact it has had on customers. This is not a matter that is being taken lightly.
How might this impact my business?
We warned about the increased scrutiny with which the ICO would be approaching all UK businesses – big or small in our previous GDPR blog post, This is just another example of potential GDPR cases coming into the limelight, although we’re seeing cases at the moment involving the ‘big fish’ of the UK business world, it’s only a matter of time before the ICO goes fishing in smaller ponds.
Businesses are starting to prepare for the worst with professional business legal advice proving essential. The number of firms self-reporting data breaches to the ICO has dramatically increased from 367 in April to 1,792 in June. And, in a recent survey, 45% of firms have set aside money in anticipation of receiving a GDPR fine.
GDPR is not something that any business can afford to ignore.
How LawBite can help
The ICO is still at the stage, following the GDPR deadline, where they are likely to show some leniency in circumstances where businesses can show that they’re taking clear steps towards getting in line with the new regulations. My colleague, LawBrief lawyer Alla Fairbrother, wrote recently about some key actions you can take now to start becoming compliant.
At LawBite we believe that, all in all, becoming GDPR compliant can be of an overall benefit to your business and is best achieved through professional business legal advice. Clear and secure practice in data protection is something that’s in the interest of all businesses as well as that of their clients and customers.
We have a range of GDPR product packages which will help you address your data protection risks. Along with our other helpful content we have also designed a quick and easy to use GDPR Checklist which will assess your current data protection position and following that you will receive a FREE consultation with an expert business lawyer.
LawBite is here to help, and to make sure you are fully compliant with your responsibilities under GDPR. Don’t delay, take action now!
To consult with the LawBrief lawyer Barbara, please submit an enquiry for a free 15-minute consultation or call the dedicated GDPR Hotline 0845 241 1843