Should you fess up about data loss? Your 5-minute guide!

This is a guest post by Patrick O’Kane, Data Protection Officer and author of the book, “GDPR: Fix it Fast!”

Saying sorry is fashionable these days. From philandering politicians to incompetent CEOs, it is often the norm to confess all when you throw yourself at the mercy of the public. Back in the Nixon era, politicians and titans of industry often kept their heads down and hoped it would all blow over. Often it did. No longer. We now live in the Age of Accountability. And there are new rules in place around ‘fessing up when you lose customer data.

As a barrister and Data Protection Officer for a Fortune 500 company, I have been advising businesses on these new rules.

Facebook have just come clean about the fact that up to 50 million Facebook accounts may have been accessed illegally by hackers. They have ‘fessed up to the 50 million users involved.

We can lose customer information in all sorts of ways; from leaving a laptop on a train, to emailing customer spreadsheets to the wrong address, from having your customer website hacked to your having your IT systems fail. These losses of information are known as “data breaches.”

Remember the GDPR that you kept hearing so much about earlier this year? Well, under GDPR there are new rules about when and how you must come clean when you lose customer information. If you break these rules, by not reporting such a breach or not reporting it quickly enough then you could be in line for a major fine. The maximum fine for not reporting a data breach is an ulcer-inducing 2% of global annual turnover or £8.87 million.

My 3 tips for your business are:

1.       You do not have to report all data breaches – There is a myth that…