Blog

The 2018 Data Protection Act (DPA) has not given the ICO the power to imprison people who breach it.  The strongest penalties they can issue according to the DPA are fines, albeit very heavy ones. However, last month the ICO used their powers in conjunction with the Computer Misuse Act (CMA), which resulted in a 6 month jail term for the offender. The prosecuted person accessed and used (for personal gain) thousands of personal records without permission. Usually this would have been prosecuted under the Data Protection Act, but in the first case of its kind, it seems that the …

If you are in a regulated industry, even if you don’t ever breach the GDPR/DPA2018, there are additional regulations that could result in a breach and a fine. Tesco has just received a fine from the Financial Conduct Authority (FCA) for a data breach that happened in 2016. What happened to Tesco? In November 2016, Tesco Bank was the subject of a Cyber Attack where attackers used an algorithm to generate authentic Tesco Bank debit card numbers. Using these “virtual cards”, the attackers engaged in thousands of unauthorised debit card transactions, collecting over £2.26 million from real account holders. It …

NIS stands for Network and Information Systems, and the 2018 regulations are dedicated to establishing a common level of security for them. These systems play a vital role in the economy and the NIS Regulations aim to tackle and address the threats posed to them through cyber-attacks, and physical and environmental factors too. In short, the aim of these regulations is to protect the infrastructure surrounding the country’s vital services and infrastructure including the digital economy. Why is there a need for NIS? The magnitude, frequency and impact of security incidents are increasing, with network and information systems becoming the …

As much as the UK government remains resolute that a “no deal” Brexit scenario is unlikely, we won’t find out for sure until the 29th of March 2019. As with all major events, it is better to prepare your company for all scenarios, particularly if they are likely to have a big impact on your data protection and your customers. GDPR currently states that organisations are free to transfer personal data within the EU, but are only allowed to transfer personal data outside of the EU if there is a legal basis to do so. At the start of this …

With the recent introduction of GDPR, it’s a natural progression that cybercriminals have become increasingly sophisticated. Most organisations realise that a data breach isn’t a matter of ‘if’, it’s now ‘when’. Instinctively, companies tend to focus their resources and efforts on containing a breach, instead of on their most important asset – their customers. Its customers that are in need of protection during a breach, and lack of doing so may result in not only the loss of those customers, but in hefty fines, as well as a damaging hit to your reputation. So, how do you protect your customers …

If you’re still worried about GDPR compliance then you’re not alone. With so many areas to cover and keep updated, it’s no wonder that so many companies are feeling overwhelmed. If you’re a small to medium sized organisation, it’s particularly important to ensure you’re protecting your company and your clients from a data breach. You are most at risk of an expensive error harming your company and reputation. So, to help assist you in assessing your compliance, we’ve put together some tips to not only increase your confidence in GDPR compliance, but to ensure that any personal client information is …

The end of PPI calls Personal protection insurance (PPI) has become something of a nuisance term over the past few years. Almost every adult you speak to will have experienced a nuisance call regarding PPI, often from companies who are not legitimate. In fact, The Financial Conduct Authority found that in the last 12 months, approximately 2.7 billion unsolicited calls, texts and emails were made in the UK. This adds up to approximately 50 calls, texts or emails being made to every member of the adult population in the country, regarding PPI. Well, these cold calls are now banned in …

There has been so much attention regarding the GDPR recently, but one element that hasn’t been in the limelight very much is that of the data protection fee, and the potential (likely) need to register with the ICO. This is not new, although it is slightly different to the requirements of the Data Protection Act 1998.  It was always the case that if you processed data, you should have registered, although evidence showed that not all organisations who should have registered, did. Have you registered? The rules now state that every organisation that processes personal information is required to pay …

The potential financial penalties that can arise from a serious data breach have been well publicised with the introduction of the GDPR in May this year. Non-compliance brings a risk of fines up to €20 million or 4% of annual turnover, whichever is greater. This is a significant amount of money and the impact on most businesses would likely be catastrophic.  But there is no need for panic.  These are maximum amounts and the ICO has the capacity to impose smaller fines, in keeping with the nature of the breach, or even non-financial actions such as warnings and reprimands. However, …

This does seem at first glance to be an unlikely notion.  Usually, when we think of a data breach, we think of reputations being damaged, with nothing enhanced. However, when you think about it for a moment, there are benefits to be found and these should be seized upon. An ‘incident’, which is any potential breach, needs to be recorded internally and investigated.   Once a ‘failure’ or ‘weakness’ is made apparent, whilst it can be a shock, this should be welcomed as an opportunity for improvement.  If you don’t know something is wrong, you can’t fix it.  Once you know, …