Ransomware keeps your data hostage, but intact. So does the GDPR apply? In other words, does ransomware lead to the 'accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed’?
The answer is clear: Yes.
And that changes things. In the UK, for instance, the Information Commissioner’s Office (ICO) can currently fine a maximum of £500,000 per data breach. Once the GDPR is enforced, the ICO will have the right to impose fines of up to 4% of the annual worldwide turnover of the company. Ouch.
Emily Carter and Jonathan Blunden claim in their article that, according to a Cyber Security Breaches Survey, 46% of British businesses have suffered a data security breach in 2016. That proportion rose to two-thirds among medium and large companies. Suffice it to say that your company’s data & network security better be spotless once the GDPR is in effect.