Data security breaches are much in the news, with brands such as Mossack Fonseca, TalkTalk, Ashley Madison and Sony Playstation gaining unwelcome notoriety.
Data security breaches can put individuals at risk and cause them loss; they also expose the company to claims, fines and other potentially very serious consequences.
Aside from the potential substantial damage to the brand and goodwill, the importance of cyber security is heightened since the General Data Protection Regulation (GDPR) came into force in 2018. Companies face a substantial fine for non-compliance with data security requirements of up to 2% of annual worldwide turnover or €10 million, whichever is greater.
This is, therefore, no longer an issue for IT departments, but must be on the agenda for every Board of Directors.
How can we help?
We work with clients on data protection compliance and to manage cyber security risk. We can help with the following:
- data protection compliance audit to identify areas where greater compliance may be needed and where cyber risk can be mitigated;
- drafting information security policy, data breach response procedures;
- reviewing data processing and data transfer agreements, including apportionment of liability by limitation and indemnity clauses;
- due diligence on service providers or acquisition targets;
- provision of data protection training to staff.
In the event of a data security breach incident, we can provide rapid legal support to mitigate risk, including advising on:
- compliance with reporting requirements, (FCA, PCIDSS, ICO);
- communications to data subjects, service providers and other stakeholders;
- defensive regulatory actions, where necessary drawing on the expertise of our business crime team;
- handling claims involving data subjects or service providers;
- complementary expertise – technology, financial services, corporate governance, business crime, employment, litigation.