With recent news that PageUp has suffered a major data breach, Dr Guy Bunker, SVP of Products at data security company, Clearswift, commented below.
Dr Guy Bunker, SVP of Products at Clearswift:
“With GDPR enforcement now in operation, PageUp will be facing a fine of up to €20 million, or 4% of their global turnover, alongside all the other challenges that come with a data breach.
“Reputational damage is always an issue with a data breach and it’s no different here. A number of customers have already suspended their job websites with PageUp, showcasing just how damaging a data breach can be for business. It also brings into question the new shared responsibility requirements under GDPR and whether additional fines could be levied on PageUp customers despite a third party being responsible for the breach.
“In addition to consequences from customers, there is also the possibility of a class action suite type of event with individuals who have had their details compromised claiming compensation. This will add additional strain onto the organisation and the cost of the breach will only increase.
“It will be interesting to see whether it’s revealed that PageUp has a GDPR-appropriate breach plan in place and how this will actually effect the level of fine regulatory authorities give them. Under the new laws, every company needs to be seen to have the correct processes in place to handle a breach, including notifying clients within 72-hours of it happening, so if PageUp does not have an adequate plan, this could cause major consequences. One thing is for sure, this won’t be the last data breach event, but it is the first major breach to happen within GDPR and will be a benchmark for the way in which regulators react to breaches of its kind.”