Over a year since GDPR financial organisations still aren’t keeping our data secure
It's been over a year since GDPR came into effect. But despite this, too many companies still aren't doing enough to protect our personal and financial information.
In fact, according to RiskIQ, when it comes to financial services organisations, of public PII-capturing websites with a login page, 11.5% of these sites are still capturing this data without adequate security measures.
What is a PII capturing website?
A PII capturing website is one which collects information from its users that can identify them. Examples of PII include names, addresses, dates of birth, email addresses and login credentials.
Is GDPR making an impact?
These findings are very worrying, particularly due to the damage that can be caused if our banking and credit card information falls into the wrong hands. We should be able to have confidence in all organisations that look after our sensitive data, but especially the financial sector.
But the good news is that there are signs that organisations are starting to take their data protection obligations more seriously. And so they should as they risk huge fines and compensation claims should a data breach happen.
It's just that, so far, most of the data breaches investigated by the Information Commissioner's Office (ICO) happened before GDPR came into force. And, under the old law the maximum fine for a data protection failure was just £500,000 (and even that wasn't handed out often).
However, the tide is turning. The ICO has recently announced that it plans to fine the Marriott hotel nearly £100m. And British Airways is being fined £183 million for its high-profile data breach.
At Hayes Connor Solicitors we are paying close attention to how the ICO s responding to new data breaches and are monitoring the impact of the GDPR now it is starting to make a difference.
What should organisations do now?
With most organisations continuing to expand their web presence, it's essential that more is done. This includes taking steps such as:
- Maintaining a complete inventory of all PII capturing websites and making improvements to these to make sure they are secure
- Ensuring that any new sites are built with robust security measure
- Making sure that companies aren't collecting personal data they don't need via their websites.
Making a data breach compensation claims can help
In our experience, the response of organisations following data breaches has been woefully lacking. Too many big companies seem to think they can get away with just saying sorry.
However, such an absence of care over the very real impact of a data breach should not be tolerated or accepted. And, one way that organisations can be forced to put adequate security measure in place is by people taking legal action where they have been let down. Or in other words - hitting them where it hurts. Because unless this happens, the security of the individual won't be made a priority.
Data protection solicitors
Alternatively, if you have been the victim of a data breach or cyber fraud, contact us to find out how we can help you to recover any losses.