skip to main content
Connect
Contact me
Visit us
0191 211 7777

Out with the old, in with the new: why safeguarding personal data should be everyone’s new year resolution

19th Jan 2026 | Commercial Law | Data Protection
herald 950

The new year is synonymous with New Year’s resolutions. While many of us set ourselves lofty ambitions – such as running a marathon or learning a new skill – something more achievable that all employers should ‘resolve’ to do is ensure their customers’ data is protected appropriately.

2025 seems to have been the year of cyber attacks, with a record of 204 “nationally significant” attacks being handled by the Government’s National Cyber Security Centre (up from 89 last year).

Cyber attacks can be hugely detrimental to an organisation, both in terms of monetary value and brand reputation. For example, following last year’s cyber attack that left customers unable to purchase its goods for months, M&S saw an estimated £300m loss in profits, while Next, a major competitor, enjoyed a huge surge in sales. 

But what does data protection have to do with this? Cyber attacks and an organisation’s data protection failures often go hand in hand, with human error, lack of stringent procedures and outdated tech often contributing to cyber attacks. 

What’s more, any cyber attack increases the possibility of a data breach – in other words, when people’s private or sensitive information is accessed by someone who is not authorised to view it. This is where robust data protection really comes into play. In the case of M&S, data such as names, addresses and dates of birth were stolen in the cyber attack. However, the more damaging factor in this case was M&S’ financial loss and reputational damage. Implementing appropriate technical and organisational measures not only reduces the likelihood of incurring a cyber attack but can also reduce the impact it has on an organisation should it be affected by one. Examples include regular staff data protection training, sufficient policies and procedures, and robust systems. 

With cyber attacks predicted to be even more prevalent in 2026 and beyond, there is really no time like the present to ensure your organisation's data protection processes and procedures are up to scratch, giving you more time to think about training for that marathon… 

For support in helping your organisation comply with data protection laws, please contact Alex Craig using 0191 211 7911 or [email protected]

Share this story...