The General Data Protection Regulation (GDPR) – Should it change your approach to Cyber Risks?

Only a few weeks ago, it emerged that popular high-street retailer Sports Direct had suffered a cyberattack, resulting in the names, emails, postal addresses and phone numbers of some 30,000 staff members being stolen. Yet, whilst internal systems detected the intrusion in September, the incident wasn’t officially reported to the Information Commissioner’s Office (ICO) until December, and even then, the staff whose details had been stolen weren’t notified until the attack became mainstream news very recently.

Failure to notify in this case didn’t technically break any rules, but this is all set to change once the General Data Protection Regulation (GDPR) comes into force in May next year.

Read more