The Information Commissioner’s Office (ICO) is warning SMEs to take care or face a fine. The warning comes after a company which suffered a cyber attack was fined £60,000.
The investigation by the ICO found Boomerang Video Ltd based in Berkshire failed to take basic steps to stop its website being attacked.
Sally Anne Poole, ICO enforcement manager, said:
‘Regardless of your size, if you are a business that handles personal information then data protection laws apply to you.’
‘If a company is subject to a cyber attack and we find they haven’t taken steps to protect people’s personal information in line with the law, they could face a fine from the ICO. And under the new General Data Protection Legislation (GDPR) coming into force next year, those fines could be a lot higher.’
‘Boomerang Video failed to take basic steps to protect its customers’ information from cyber attackers. Had it done so, it could have prevented this attack and protected the personal details of more than 26,000 of its customers.’
Further details of the case can be found using the links below together with guidance on data protection issues including guidance on the new General Data Protection Regulations which come into effect on 25 May 2018.