January 14, 2024 in Cybercrime, Data Protection

Do you know the link between GDPR and Cybercrime ?

Hacker attacking your data
Who is gaining access to your information

Things only change if you take action. We will tell you how to reduce your risks- probably starting by telling you about risks you did not know you had in the first place.

Many businesses only discover the dangers by encountering them and having to deal with them.

Let us start with the dangers of GDPR and Cybercrime,

However, if you are aware what could happen you can take steps to avoid the problem occurring at all.

Problems are stressful, expensive, and very bad for your reputation. In some cases they can ruin your business.


We keep mentioning this because it is increasing and a major problem for all businesses. Small businesses are attacked because they tend not to take it seriously and do not take actions needed for protections. Large businesses are far better prepared.

According to the figures some 33% of small businesses had a cyber-attack last year. This figure is believed to be underreported as small business owners do not collect the information. Only around the same number had cyber insurance.

Do you have a Recovery Plan should your business be brought to a halt by a ransomware attack?

Do you know what steps you take and who you should report this to – apart from sorting it out?

The Connection –  GDPR and Cybercrime

A data breach – ransomware, hacking whatever should be reported to the Information Commissioners Office (ICO) within 72 hours of it occurring. If it is serious, it should be reported to the client whose data you have mislaid. That may well be the end of that client. Many businesses who suffer a bad attack go out of business in the next 2-3 years. That could be you.

The ICO will look at your data protection procedures and documentation – do you have them in place?

Clients may report you to the ICO even if you do not report yourself and fines could follow.

Clients may sue you for losing their data. People are increasingly aware of their rights.

So Actions

  1. Make sure you know what personal data you hold – clients, suppliers, staff etc.
  2. Have the right documents in place.
  3. Have procedures that ensure you are compliant.
  4. Train your staff to ensure they understand what GDPR is all about and what they should do and not do.

Keep safe in 2024.

Potential Results form GDPR and Cybercrime

In 2023 the ICO reprimanded organisations including Norfolk County Council, Plymouth City Council, Thames Valley Police- all of whom should have known better. In addition, many businesses were fined.

The ICO may be the least of your problems if you are the subject of an attack. Your business may grind to a halt and clients disappear when they find out that their data could be floating around the Dark Web due to your perceived omissions.

It is impossible to be 100% secure from cyberattacks – some very sophisticated organisations have been hacked- but as a minimum you need to be able to show that you have done what you could to protect yourselves and not been negligent with someone’s personal data.

Going forward we are launching a new course delivered for businesses large and small-

Bullet Proof your Business- A comprehensive GDPR Training for you and your staff’.

This will be available whether you have staff or not. Please contact us for details.