Regulator – European Union
European law forms the basis of all regulation in this area in the UK. The FCA & the Information Commissioner are bound to implement EU Law.
What it means to you – Fines
EU Cyber Security Directive
Member States shall lay down rules on sanctions applicable to infringements of the national provisions adopted pursuant to this Directive and shall take all measures necessary to ensure that they are implemented. The sanctions provided for must be effective, proportionate and dissuasive.
EU Data Protection Regulation
All personal data breaches, no matter how small, must be notified to the relevant data protection authority without undue delay and where feasible within 24 hours of the data controller becoming aware of it. If the data controller does not comply with this obligation it could receive a hefty fine of up to 2% of global annual turnover.