A City of London solicitor specialising in data protection law has suggested that the biggest concern for the management of Dixons Carphone following its recent well-publicised data breach will be the impact on consumer trust, rather than potential regulatory penalties.
Kate Boguslawsaka, a Partner at Carter Lemon Camerons LLP, made the comments after Dixons Carphone announced a data breach affecting nearly six million customers.
It waits to be seen whether the data breach continued after the GDPR came into effect on 25 May 2018, which will determine the potential penalties that can be levied. However, the immediate concern will be the impact of the breach on consumer trust – said Kate.
If consumers do not feel able to make card payments or place orders with the company, that is likely to hit far harder than the prospect of a fine of four per cent of worldwide turnover.
She added that while fines under the GDPR are much tougher than those levied under the previous Data Protection Act 1998, it remains the case that reputational damage can be far more costly.
Consumers providing card or address details have to act on trust. It is obviously unfeasible for them to check the robustness of any given firm’s data security provision.
That is why negative coverage of a firm’s data security is so damaging – it may well be the only information available to potential customers in order to make a judgement about whether to provide their personal details.
The principles of the GDPR are a good starting point for firms wishing to minimise the reputational and regulatory risks of data security.
Ultimately, spending the money on the best data security provision possible is important insurance for firms handling personal and sensitive data. Doing so can save millions in the long run.