BA and the Bear
Nick Price
Recruiter - Cyber - Technology - Mental Health Matters - Non Exec - Leader - CEO - Give First to Receive.
When blue sky thinking is not enough…
Following the recent British Airways news regards the data breach which has resulted in reports that the Information Commissioner’s Office (ICO) is fining British Airways over £183 million, after a major data breach in which hackers stole half a million customers’ personal data. After an extensive investigation, the ICO discovered that the affected customer information included login credentials, payment cards, and customer names, addresses, and travel booking information.
Others may well now be re-considering the financial and brand impact of a less than stringent approach to GDPR.
In some respects one must feel a small amount of sympathy for a brand like BA that fastidiously checks the individual componentry and processes related to its air travel, but fails to meet the required standard for GDPR. Many other organisations if honest with themselves could not say with any certainty, that the policies that they have determined to meet the requirement of GDPR are being followed in a way that wouldn’t with a touch of ill fortune, land them in the glare of a similar set of headlights.
I am reminded of a compliance professional I met a year or so ago who offered what seemed at the time some sage advice about a regulatory matter.
He said "with compliance matters like GDPR you don’t need to be the fastest one to run away from the bear, you just need to make sure you’re not the slowest."
What he meant, and seems to have been the approach many have taken to GDPR is that if you travel in the pack with your chosen approach to compliance, you are unlikely to find yourself in trouble when audited. However, that advice seems to be less than sage with hindsight.
It seems you never know exactly which direction that bear is coming from and if it pops up unannounced, there would be nowhere safe to run - whether you travel with the pack or not. Unless of course you apply the same diligent and detailed approach that BA takes - out of absolute necessity - with its aircraft, and look at what the regulation is really asking.
Properly align policy to controls, your controls to inventory, set your oversight criteria and observe through dashboards. PRIMED a simple governance platform for complex governance challenges and a safe onward journey.