A data breach at a web site that is used for sporting events in Wales shows why the new cyber-security rules are necessary, a legal expert has claimed.
Active network is used by a number of events, including Velothon Wales, Cardiff Half Marathon and Ironman Wales to process registrations and payments.
The american firm has accepted the details of the payment have been consulted in the course of a period of nine months.
The new EU rules, with heavy fines – will enter into force in May.
The General Data Protection Regulation (GDPR) increased responsibilities on companies and protecting the citizens of the EU, regardless of where the data is used.
Declan Goodwin, of Cardiff, Capital company Law, stated that the Active Network breach outlined the reasons for the GDPR was essential.
He said: “Companies like Active Network will improve data protection compliance offences of this kind have much more important implications under GDPR.”
Earlier this week, it emerged that Dallas-based Active Network said customers of its details have been accessed between December 2016 and September 2017.
Under the current Data Protection Law, there is no legal obligation for companies to report breaches to the authorities. This will change in GDPR.
Mr Goodwin added: “The GDPR has a wide territorial scope of application than the current system, the meaning of the companies outside Europe, which deal with the data of the people in Europe can’t ignore it.”
Dark web spurs ‘spying’ arms race’
Young brits ‘ lack of cyber-security awareness
Money digital aids “money laundering”
The office of the information commissioner has confirmed that he was aware of an incident relating to the Active Network and make investigations.
A spokesman added: “Organisations have a legal obligation to ensure the security of all the personal data they process.”
Dr Pete Burnap, Cardiff University School of Computer Science and information technology, said cyber security should be a priority.
He added: “This latest breach also underscores the need for constant vigilance and preparation around networks and systems – especially those who hold sensitive information.
“With the new Regulation General Data Protection (GDPR), the companies are subject to increasing sanctions for violations of data – 4% of its global turnover, or€ 20, whichever is greater.”