regulation – Page 3 – Cyber Law Watch

SAP criticises impending EU data protection laws

Jan 18 2017

SAP has expressed concerns over the implications of the landmark EU data privacy regulations, saying the penalties that will be imposed are too high, and could impede the development of Europe’s start-up culture.

The data privacy regulation will be implemented in May 2018, and includes fines for EU companies up to 4 per cent of their global revenues if they commit a significant breach of data privacy.

In an interview with the Financial Times, SAP’s head of products and innovation, Bernd Leukert said he believes the penalties are too high, and put companies at risk of losing their entire revenue if they commit multiple breaches.

Mr Leukert said he also fears that the EU regulations were not properly aligned with laws in other jurisdictions, such as the US.

Data breach penalties could cost U.K. companies £122B in 2018

Oct 18 2016

By Cameron Abbott and Rebecca Murray

U.K. businesses could face up to £122 billion in penalties for data breaches when EU legislation comes into effect in 2018, according the Payment Card Industry Security Standards Council (PCI SSC). The EU’s General Data Protection Regulation (GDPR) will introduce fines for groups of companies of to €20 million or 4% of annual worldwide turnover, significantly higher than the current maximum of £500,000. This means that if data breaches remain at 2015 levels, the fines paid to the European regulator could see a near 90-fold increase, from £1.4 billion in 2015 to £122 billion, the PCI SSC calculated. For large U.K. organisations, this could see regulatory fines for data breaches soar to £70 billion, more than a 130-fold increase, rising to an average of £11 million per organisation. Regulatory fines for SMEs could see a 57-fold increase, rising to £52 billion, averaging £13,000 per SME. Read more at ComputerWeekly.com by clicking here.

Government committed to introducing Mandatory Data Breach Notification laws

Aug 22 2016

By Cameron Abbott and Rebecca Murray

After much delay, a spokesperson for Attorney-General, George Brandis has said the government is committed to introducing the Mandatory Data Breach Notification laws this year. We will be sure to look out for it during the next term of Parliament. You can find more information on the proposed scheme and its regulatory impact on the Attorney General’s Department consultation for Serious Data Breach Notification webpage.

The White House issues response guide to a cyber attack

Aug 04 2016

By Cameron Abbott and Simon Ly

Last week, the White House issued the US government’s response guide to cyber attacks titled “Presidential Policy Directive – United States Cyber Incident Coordination”.

Billed to combat “malicious activity, malfunction, human error and acts of nature”, the Directive aims to provide a guide to handle significant cyber incidents while fostering the advancement of technology and innovation. The Directive has a five-level grading system. It has been reported that no hack attack has reached level 5 yet, with this being reserved for a “threat to infrastructure, government stability or American lives”.

If it wasn’t apparent already, this guide emphasises the growing risks of cyber attacks both to governments and companies. It will be interesting to see the Directive in action as the response to the Directive has been mixed, with some saying it doesn’t go far enough and that it simply codifies existing practices. This criticism seems a little unfair because you would hope that existing practices were relatively well thought through and thus not a bad standard to entrench.

For more information, you can access the White House’s press release here.

Tag:regulation