This factsheet sets out how your business can become GDPR compliant.<\/p>\n <\/div>\n \n\nDownload Now<\/a> <\/section>\n <\/div>\n\n\n\n\n Cybercriminals can use stolen payment card data for serious acts such as fraud and identity theft, increasing the risk of financial losses for affected individuals. They might sell compromised card details on the dark web, which may lead to fraudulent transactions impacting individuals.<\/p>\n\n\n\n Some legal uncertainty remains over whether payment card details alone qualify as personal data. A UK tribunal ruled that credit card numbers and expiry dates alone do not constitute personal data under the Data Protection Act 1998 unless the controller holds additional information linking them to an identifiable individual. This ruling did not assess the position under the UK GDPR, but the ICO has sought permission to appeal for further clarification.<\/p>\n\n\n\n Given this uncertainty, businesses should still treat payment card data cautiously and implement robust security measures. The ICO has issued notable fines<\/a> against businesses resulting from data breaches that compromised information, including payment and financial data.<\/p>\n\n\n\n Regardless of the legal debate about whether card information alone is personal data, businesses should take a cautious approach and not take risks when using payment card data (particularly where it could be combined with other details to identify individuals). <\/p>\n\n\n\n The law requires companies to have appropriate security measures in place, and payment card data should always be treated with the highest level of security to prevent fraud, maintain compliance, and protect individuals from harm.<\/p>\n<\/div>\n\n\n\n In addition to facing data protection law consequences, your business could also breach financial regulations and other applicable laws where an individual’s payment card data is compromised.<\/p>\n\n\n\n\n\n Continue reading this article below the form\n <\/i>\n<\/a>\nICO <\/h3>\n\n\n\n
The Information Commissioner’s Office (ICO<\/strong>), the regulator who enforces UK GDPR in the UK, can issue fines of up to \u00a317.5 million or 4% of annual global turnover, whichever is higher, for the most serious breaches. The ICO may impose penalties of up to \u00a38.7 million or 2% of annual global turnover for less severe breaches.<\/p>\n<\/div>\n\n\n\n A breach of data protection law can also lead to contractual penalties, regulatory investigations and enforcement action, compensation claims, and loss of customer trust, which may impact your business long after the breach has been resolved.<\/p>\n\n\n\n The ICO has issued substantial fines arising from large personal data breaches, including breaches involving financial and payment card data.<\/p>\n\n\n\n Payment card data creates significant risks if unauthorised parties gain access to it\u2014for instance, in a data breach. <\/p>\n\n\n\n Suppose a breach exposes personally identifying information (such as card details combined with names, contact details, or other linked information). In that case, you must treat it as a personal data breach under UK GDPR. Your business must assess the risks and, if necessary, report the incident to the ICO<\/a> and inform affected customers.<\/p>\n\n\n Why Does Payment Card Data Raise Concerns?<\/h2>\n\n\n\n
![\"Front](\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2023\/07\/04001038\/uk-gdpr-factsheet.jpg\")
\n