GDPR Fines Rise, Increasing Pressure On Businesses

As we get closer to the third anniversary of the introduction of GDPR legislation we have witnessed the number and severity of fines for breach of GDPR steadily increase. 

Initially, the Information Commissioners Office (ICO) were lenient in their enforcement of the new regulations, giving businesses the extra time they needed to become fully compliant with GDPR. However, it appears that this period of leniency has come to an end. 

Between July 2018 and June 2019, an average of 5 fines per month were handed out to businesses. However, between July 2019 and June 2020 this rose by 260% to 18 per month and more than 280 fines being handed out in 2020. 

The size of fines is showing a similar trend with fines in 2018 reaching €436,000, €87 million in 2019 and €175 million in 2020 to companies found to be in breach of the regulations. 

This substantial increase in the number and size of fines for organisations found to be in breach of GDPR demonstrates that the ICO have adopted a zero-tolerance policy towards organisations which are not yet compliant. 

This has put increasing pressure on businesses, many of which are now working remotely during the ongoing pandemic. With this in mind, we thought it would be useful to share some suggestions on how you can help your employees work more securely, ensuring your organisation remains compliant.

1. Protecting Sensitive Information

Ensure your employees are aware of whether they can print outside of the office. If printing is permitted, make sure they are made aware of how to securely dispose of sensitive documentation they print. For example, using a cross-cut shredder may be acceptable while putting confidential documents in a recycle bin at home may not.

2. Multi-factor Authentication

Make sure that you have implemented two-factor authentication (2FA) for all users, and that they all know how to use it. This helps mitigate the risk of having unauthorised users accessing systems remotely.

3. Ensuring Personal Devices Are Secure 

Cyber security is even more important if your organisation permits employees to use their own devices. Staff using their own devices bring about several other cyber security risks, such as sensitive data leakage and lack of central control.

To mitigate the risks around employees using personal devices:

• Make sure employees’ machines are updated to the latest operating system and security update.
• If you allow personal devices to be connected to corporate network, consider enforcing Network Access Control or limit the machines to a segregated guest WiFi network.
• Make a risk-based decision on whether non-corporate devices can be used.

4. Set Privileges & Limit Access 

Ensuring all employees have their own personal login credentials ensures that each employee only has access to the technology and area of your network they require to perform their role.

Segregating your network means that in the event a malicious individual was able to breach your defences, their lateral movement would be restricted, as would the damage and disruption they would be able to cause. 

Setting privileges also ensures that employees can only access the company data they need, preventing unauthorised access to company computers, account and data, reducing the likelihood of breaches from within.

Whether your organisation has begun to take steps to become compliant with the regulations or you are yet to begin your compliance journey. SES has the expertise to guide you through the entire process, please get in touch to speak to one of our specialists.

© SES Secure Limited and ses-escrow.co.uk, 2021. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content.