A data breach can have a massive impact on your business. Since the enactment of the GDPR (the European privacy legislation), your business must comply with a number of conditions for protecting customers’ personal data. Fines for non-compliance can run up to the equivalent of 4% of your annual turnover.
What is a data breach?
A data breach occurs when a business unintentionally grants access to its customers’ personal data. Here are some examples:
- Your USB stick containing customer data is stolen
- A hacker breaks into your computer network and steals personal data
- You download a virus onto your computer which installs harmful software that blocks access to your customer data (also known as 'ransomware')
What are the consequences of a data breach?
Since May 2019, all businesses located in the European Union must comply with the rules of the GDPR legislation . This means, for example, that you are required to protect your customers’ data as securely as possible. If you become the target of a data breach, you are required to report this within 72 hours to the Data Protection Authority and your customers.
If you neglect to do so, you risk incurring a fine or penalty equivalent to up to 4% of your annual turnover. In addition to financial loss, a data breach can also have severe repercussions for your reputation, including serious damage to your business’ image. In the long run, it can even lead to loss of income.
How can you protect your business against data breaches?
Besides data breaches, there are many other ways in which computer criminals can wreak havoc on your business. Are you familiar with these phenomena?
This involves a criminal persuading an employee of your business to pay invoices to them rather than to the legitimate supplier.
Hackers use ransomware to lock your business out of your computer systems until you have paid them ransom.
Phishing is a form of fraud where a criminal attempts to obtain personal information from you, including passwords, PINs or other sensitive data. The criminal in this case pretends to be a bank, energy provider or friend, or assumes some other false identity.