Active Network breach: 'EU law boosts security'
A data breach at a website used for athletic events in Wales shows why new cyber-security rules are needed, a legal expert has argued.
Active Network is used by a number of events including Velothon Wales, the Cardiff Half Marathon and Ironman Wales to process registrations and payments.
The US firm has admitted payment details had been accessed over a nine month period.
New EU rules - along with hefty fines - come into force in May.
The General Data Protection Regulation (GDPR) increases responsibilities on companies and protects EU citizens regardless of where the data is being used.
Declan Goodwin, of-Cardiff based firm Capital Law, said the Active Network breach highlighted why the GDPR was essential.
He said: "Companies like Active Network will need to improve data protection compliance as breaches like this will have much more significant implications under GDPR."
Earlier this week, it emerged that Dallas-based firm Active Network told customers its details were accessed between December 2016 and September 2017.
Under the current Data Protection Act, there is no legal requirement for companies to report breaches to authorities. This will change under GDPR.
Mr Goodwin added: "The GDPR has a wider territorial scope than the current system, meaning companies outside of Europe that process the data of people in Europe can't ignore it."
- Dark web spurs spying 'arms race'
- Young Brits 'lack cyber-security awareness'
- Digital cash 'aids money laundering'
The information commissioner's office confirmed it was aware of an incident relating to Active Network and was making enquiries.
A spokesman added: "Organisations have a legal duty to ensure the security of any personal data they process."
Dr Pete Burnap, from Cardiff University's School of Computer Science and Informatics, said cyber security has to be a priority.
He added: "This latest breach further highlights the need for constant vigilance and preparedness around IT networks and systems - particularly those holding sensitive information.
"With the new General Data Protection Regulation (GDPR), companies face increased penalties for data breaches - 4% of annual global turnover or €20, whichever is greater."