If your organisation suffers a data breach or leak (eg. if its website is hacked and personal data is stolen), the Information Commissioner can issue a fine up to £500,000 if you are found to be at fault. This can happen, for instance if you put your organisation’s data in the cloud or make it accessible via a website.
In order to make sure that the DPA is not breached, a data controller must be able to provide evidence that its business or organisation has recognised the risks of handling personal data and has taken action to address the issue. This can be shown by hiring suitably qualified IT staff or contractors (in the case of online data security) to ensure the equipment and software used in secure, carrying out a risk assessment and by having appropriate data protection policies and procedures in place. It is also sensible to review and implement any codes of practice issued by the Information Commissioner or other regulatory bodies which has particular relevance to the type of business carried out.
Our experienced panel of advisers on the Information Management Team can help with the production of appropriate policy and procedures in order to ensure that, in the unfortunate event that a data breach occurs, be it on or offline, you will be able to defend yourself on any inquiry by the Information Commissioner.