We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
RSS FeedTechnology

Corporate data protection: Technology meets liability

Data protection sanctions look set to go way off the scale

Article comments

Data protection is jostling for pole position as an area that CFOs should firmly fix both eyes on. Rarely do you see a juxtaposition of regulatory, technology, enterprise and consumer attitudes changing with one focal point.

The blurred distinction between when work ends and when personal life starts does not look to get any clearer as technology allows us to work from personal devices, and play from work devices. The challenge this has on enterprise security is often not considered with sufficient seriousness until it is too late.

A couple of years ago the UK Information Commissioner’s Office (ICO) was granted increased powers, with the ability to impose a maximum fine of £500,000 for those who are not careful with the personal data that they were entrusted with. Since that increased power was granted to the ICO, the data protection watchdog has certainly not been shy in using it!

The current data protection law however is not seen as fit for purpose given the globalised, outsourced, social media and cloud driven world of commerce in this day and age. The biggest change to European data protection since 1995 finally arrived with the publication of the draft Data Protection Regulation last year, which is expected to come into force within the next 18 months.

What these new proposals show is that data protection sanctions look set to go way off the scale in terms of what we are used to right now. The sting in the tail, which did not exist before, is that there is a provision to calculate a fine that is based on a percentage of annual global turnover.

Businesses that fail to get it right, especially in the areas of cloud storage, data centres and data transfers, and new requirements that make ‘compliance’ a fundamental frontline obligation, could potentially lead to massive fines.

For major organisations, this could be to the tune of tens if not hundreds of millions of pounds, with ‘tier three’ penalties based on 2 percent of global annual turnover. So businesses will no longer be able to pay lip service to data protection, compliance will have to be an integrated, transparent and demonstrable part of the business if a massive whack of a fine is to be avoided.

Other areas to look out for include:


Payment by mobile phones and contactless card payments is likely to grow exponentially in the coming year. The European Commission recently gave approval to the joint venture between Vodafone, EE and Telefonica to set up a company to develop mobile commerce in the UK. In addition to a mobile wallet service, the operators are proposing to launch a data-based mobile advertising network which will give businesses access to over 37 million of their customers. Concepts such as these are likely to create enormous data protection challenges.

‘Bring Your Own Device’ or BOYD

Such schemes are likely to continue to see an increase in 2013. In Germany, for example, 80 percent of businesses are expected to have BYOD schemes in place by the end of next year, creating data protection and privacy challenges. 

Facial recognition technology

Social media players using facial recognition technology were under fire from privacy campaigners over the course of 2012 but this is unlikely to act as a deterrent to further development of this technology for commercial and marketing purposes. As the application of facial recognition technology broadens, the data protection issues are likely to become more complicated.

Even if some of these developments do not appear on the horizon as soon as commentators believe they will do, there is still enough to give CFOs food for thought. On the one hand are technology and legal change and on the other hand is the issue of liability. Given what we may see happening to the latter, looks like it is set to outstrip the decision making power of all but the board on such matters in a corporate setting.

Vinod Bange is the UK partner leading the data protection team at international law firm Taylor Wessing. He has specialised in data protection and information law for over a decade.


Recommended Articles


Corporate data protection: Technology meets liability

Security technology checklist for CFOs

Security technology checklist for CFOs

Cyber threats are increasing in scale, scope and frequencymore ..

Google misses forecasts as cost per click revenue dips

Challenges in the mobile market continue to be a factormore ..

Well over a third of CFOs can't see the point of digital technology

Some 40 percent of finance chiefs adopt the ostrich positionmore ..

Diageo turns to tech start-ups to give it the edge

Wants to get ahead of disruptive innovation by putting it in the centre of its businessmore ..

Who needs big data anyhow?

OPINION: where next for the CFO’s big data budget?more ..

Why your online identity can never really be erased

Privacy advocates agree individuals need to take responsibility for their own privacymore ..

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

In Depth
Can finance rise to the challenge of major transformation?

Can finance rise to the challenge of major transformation?

Outdated finance processes, systems and competencies leave too many questions unanswered more ..

In Depth
Interim CFO or consultant? The pros and cons

Interim CFO or consultant? The pros and cons

Ed Harding offers an insight into the life of an interim CFO and the advantages in driving transformation more ..


* *