Gdpr
Gdpr

Don’t switch off!

Yes, you’re sick of hearing about GDPR but for private investigators there is another, positive, aspect to it.  The General Data Protection Regulations came into force on 25th May this year. We’ve all got the message by now!  Every business, including private detective agencies, has been bombarded with all the scary stuff about what compliance involves and the consequences of failure to comply. To most businesses it’s just one more set of hoops to jump through but for private investigators it brings great opportunities.

GDPR places a legal duty every business, even sole traders, to report to the Information Commissioner’s Office any breach of data protection. Companies failing to report such breaches face enormous financial penalties. That’s before you consider the magnitude of claims likely to arise in cases involving leakage or theft of personal data. Once a breach of data security has been discovered and the company does the right thing and reports it, the ICO can and usually will require the reporting company to investigate the breach and report the outcome. In most cases the breaches will be part of a cyber attack or system failure.

The ICO has the power to pursue its own investigations into such incidents. However, experience of the last two years or so, even before May 2018, indicates that its resources are unlikely to be sufficient to cope with the vastly increased rate of reported cases to be expected now that GDPR is in force. Therefore, in most cases, it will exercise its powers to require a reporting company to investigate the breach itself and report back.

How many companies, especially at the smaller end of the scale, will have the resources and know-how to deal with such an investigation?  Not many! The solution for them will be to outsource the task to private investigators. Those private detective agencies who have taken the trouble to gain expert knowledge of cybersecurity and cybercrime alongside their other investigative skills will be poised to take on lucrative work as a direct result of GDPR.

For a company faced with the possibility of substantial fines imposed by the ICO, plus claims from clients affected, plus serious damage to their own reputation; calling in private detectives skilled in the field of data protection will more than pay for itself. Don’t forget also that most companies hate washing their dirty linen in public! Being required by the ICO to carry out its own investigation can help to avoid that. Both the ICO and the Police are public bodies and are open to public scrutiny. Private investigators are able to operate much more discreetly.

So, maybe GDPR is not so boring after all. Not for private detectives anyway.