Regulator – European Union
European law forms the basis of all regulation in this area in the UK. The FCA & the Information Commissioner are bound to implement EU Law.
What it means to you – Fines
EU Cyber Security DirectiveClick here for the EU Cyber Security Strategy
Member States shall lay down rules on sanctions applicable to infringements of the national provisions adopted pursuant to this Directive and shall take all measures necessary to ensure that they are implemented. The sanctions provided for must be effective, proportionate and dissuasive.
EU Data Protection RegulationClick here for Commission proposes a comprehensive reform of the data protection rules Click here for the new legal framework for the protection of personal data in the EU
All personal data breaches, no matter how small, must be notified to the relevant data protection authority without undue delay and where feasible within 24 hours of the data controller becoming aware of it. If the data controller does not comply with this obligation it could receive a hefty fine of up to 2% of global annual turnover.