EU-wide laws on data protection will come into effect in May 2018 and businesses should consider compliance or face the wrath of new General Data Protection Regulation (GDPR). A breach means liability for a fine of four per cent of your global turnover up to a maximum of £20million.

Unfortunately, breaches can be caused by a variety of reasons ranging from a malicious insider, poor security or vulnerable software.

A recent data breach at Yahoo affected an estimated eight million users in the UK alone. Three, one of Britain's largest mobile operators, revealed this year that a major data breach put millions of customers at risk. Tesco Bank, the consumer finance wing of the British supermarket giant, froze its online operation when it was discovered that 40,000 customer accounts had been compromised and half of these had money stolen. Online child products retailer Kiddicare was forced to admit it had exposed real customer data when testing a new website. The list goes on.

 There are a number of measures UK businesses can consider to protect themselves such as creating a continuity plan, ensuring accountability for breaches is understood by staff, designing privacy into products and services, and getting privacy policies legally checked. If you use your website to store and use data or have an extranet for example, an SSL certificate on a website will ensure traffic to/from the site is encrypted. For example, if you access the site via http, rather than https (the "s" means "secure").

 If the UK Government leaves the EU in 2019, it may amend laws to cap fines. However, if you trade or interact with a European business covered by GDPR, you will need to be compliant and prepared for 2018 changes.

 The Information Commissioner's Office explains the purpose and effect of each principle and gives practical examples and answers frequently asked questions:

Information Commissioner:

General Data Protection: