Marketers face criminal action over data breaches

Marketers may have two years to knock their businesses into shape for the EU data protection reforms, but a group of MPs is threatening to make life much harder still by calling for criminal sanctions for serious data protection breaches.
With the EU General Data Protection Regulation all but finalised, marketers might have thought they had escaped relatively unscathed.
Many of the most Draconian measures, including a move to opt-in only for marketing data, have been watered down.
Companies still face fines of up to 4% of their annual global turnover for serious data breaches – which could amount to billions for some Internet companies – and there are still concerns over which firms will have to hire data protection officers.
But the Science & Technology Select Committee’s fourth report into the data economy – following its Big Data Dilemma inquiry – maintains that the forthcoming GDPR does not go far enough.
A key element of the Committee’s recommendation is the introduction of criminal sanctions, for what it calls “the most egregious data protection policy breaches”.
The move also has the full support of the DMA, and according to the Committee “will focus the minds of business leaders and ensure data protection policy is treated with upmost importance”.
What would constitute an “egregious” breach is a moot point. Some might think the recent TalkTalk breach would fall into this category, others might say it did all it could to prevent its systems being hacked. But whatever the definition, Dene Walsh, operations and compliance director at Verso Group, reckons we are now witnessing a major shift in the importance of data governance.
He said: “In the past, the use of consumer data was considered a specialist subject within companies, but with more stringent policing, bigger penalties and greater public awareness and concern about brands that abuse personal information, it has got to become central corporate policy.”

TOPICS:big data data protection EU data reforms