Paulius Petretis, leading cyber security expert uses Carphone Warehouse’s recent fine to motivate straggler businesses to take action to put cybersecurity measures in place before the upcoming GDPR deadline in May.

 Vilnius, Lithuania – February 10, 2018 – Paulius Petretis, CEO of VORAS Consulting posted a new article on the company website entitled “The High Cost Of Compromising Customer And Employee Data.” Mr. Petretis makes his appeal to all the businesses that are dragging their feet or trying to avoid GDPR compliance.

Petretis writes, “If you need any more inspiration to bring your business into GDPR compliance let this be it. Carphone Warehouse was recently fined £400,000 for putting its customers data at risk and allowing ‘unauthorized access to the personal data of over three million customers and 1,000 employees’.”

As Petretis points out, “It was without a doubt Carphone Warehouse’s casual approach to data security that ultimately brought them under the scrutiny of the Information Commissioner’s Office (ICO).” He continues adding, “Apparently the company had not taken sufficient action to protect their massive storehouse of personal information. In other words, Carphone’s cyber security was clearly outdated as the intruders accessed the Carphone system via obsolete WordPress software.”

Petretis quotes which reported, “The incident also exposed inadequacies in the organisation’s technical security measures. Important elements of the software in use on the systems affected were out of date and the company failed to carry out routine security testing. There were also inadequate measures in place to identify and purge historic data.”

 According to Petretis, “If you have a business in Europe or are doing business with Europeans and house personal information of customers and employees, you have a general obligation as stated by the GDPR to implement technical and organizational measures to show that you have considered and integrated data protection into your processing activities.” He elaborates further, “You must ensure that privacy and data protection is a key consideration in the early stages of any project, and throughout its lifecycle. This includes the following:

When building new IT systems for storing or accessing personal data;

When developing legislation, policy or strategies that have privacy implications;

When embarking on a data sharing initiative; or

When using data for new purposes.”

The entire article can be read at

Paulius Petretis

Paulius Petretis is an Information security expert, Certified Information Systems Security Professional (CISSP®), Certified Information Security Manager (CISM®), Certified Information System Auditor (CISA®), Certified in the Governance of Enterprise IT(CGEIT®) and Certified in Risk and Information Systems Control (CRISC®), Guest speaker at various conferences and seminars, Trainer at information security related training courses.

According to the annual survey initiated by the Info Security Europe, a whopping 93% of large organizations and 76% of small businesses had at least a single information security breach in 2011. Only 18% of the organizations affected by the infringements related to data protection laws had a consistent and effective contingency plan in place. According to Paulius, information is not something static – it evolves and mutates every day. It is the ecosystem of every business and if a single cell fails, it can bring down the entire business.

Therefore ensuring a consistent and up-to-date information protection policy must be the priority for all businesses – no matter how big or small they are. As it might be unrealistic to believe that any young or experienced entrepreneur can be the jack of all trades, the really smart decision is to rely on specialists who dedicate their professional lives to getting to know everything there is to know about protecting important business information.

With more than 16 years of experience in helping people, small businesses, and government organizations to protect their business secrets, Paulius believes that information security must help businesses achieve goals but not vice versa.










Leave a Reply