Weekly podcast: UK adopts GDPR, £2.5 million stolen from Tesco Bank, Cyber Security Challenge

This week, we discuss the government’s confirmation that the GDPR will apply in the UK, the online theft of £2.5 million from 9,000 Tesco Bank Current accounts, and the youngest ever winner of the Cyber Security Challenge.

Hello and welcome to the IT Governance podcast for Friday, 11 November. Here are this week’s stories.

The Secretary of State for Culture, Media and Sport, Karen Bradley MP, confirmed to the Culture, Media and Sport Select Committee late last month that the EU General Data Protection Regulation (GDPR) will apply in the UK, a move the Information Commissioner, Elizabeth Denham, called “good news for the UK”.

“We will be members of the EU in 2018,” the secretary of state said, “and therefore it would be expected and quite normal for us to opt into the GDPR”.

The Information Commissioner commented: “One of the key drivers for data protection change is the importance and continuing evolution of the digital economy in the UK and around the world. That is why both the ICO and UK government have pushed for reform of the EU law for several years.”

The ICO is now revising its GDPR implementation timeline.

If you’ve been waiting for the government to confirm that the GDPR will apply in the UK, then this announcement should spur you into action. You now have less than 18 months to overhaul your data protection regimes to comply with the GDPR or face fines of up to €20 million or 4% of global annual turnover – whichever is greater – as well as the threat of litigation from aggrieved data subjects.

You’ll find a lot of free information about the GDPR on our website at itgovernance.co.uk/gdpr.

Tesco Bank froze all online transactions earlier this week after “online criminal activity” was detected on 9,000 current accounts. The bank has refunded affected customers a total of £2.5 million following the attack.

The Financial Conduct Authority, the National Crime Agency and National Cyber Security Centre, and the Information Commissioner’s Office are all investigating. The chief executive of the Financial Conduct Authority, Andrew Bailey, told the Treasury Select Committee that there were elements of the attack “that look unprecedented and it is serious, clearly”.

Details are scarce, and it’s not yet known if Tesco will be fined for the incident. Were the GDPR in play, however, Tesco – the supermarket giant that owns Tesco Bank – could expect an “effective, proportionate and dissuasive” administrative fine of up to £1.94 billion, based on its reported revenue of £48.4 billion in 2015/16.

18-year-old Ben Jackson from Kent has become the youngest ever winner of Cyber Security Challenge UK, triumphing at the three-day Cyber Security Challenge UK Masterclass competition in Shoreditch.

Cyber Security Challenge – created by PwC and supported by GCHQ, the National Crime Agency and the Bank of England – bills itself as the country’s “premier cyber skills contest”. This year, the competition’s 42 finalists investigated a simulated data breach at a fictional power company. Using “the same tools that professionals use in real life”, contestants “were pitted in a high pressure environment” in which government agencies and the power company’s board made demands while hacktivists “launched real-time cyber-attacks to thwart the investigation”.

Ben said: “I’m frankly amazed that I’ve won. […] I hope to now go on pursue a career in cyber security, something which I really enjoy.”

Well, that’s it for this week. If you enjoy these podcasts, please share them, using the hashtag #itgpodcast (I can’t believe no one has yet), and, until next time, remember that you can keep up to date with the latest information security news on our blog. And don’t forget to check out our book of the month, Managing Information Security Breaches – Studies from real life by Michael Krausz. Full of useful information about real-life incidents and breaches, this thought-provoking guide explains how to get your risk profile right, and how data breaches can be avoided and mitigated. Head over to our webshop to find out more – and save 10% if you buy by the end of the month.

Whatever your cyber security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.