Blog

The potential financial penalties that can arise from a serious data breach have been well publicised with the introduction of the GDPR in May this year. Non-compliance brings a risk of fines up to €20 million or 4% of annual turnover, whichever is greater. This is a significant amount of money and the impact on most businesses would likely be catastrophic.  But there is no need for panic.  These are maximum amounts and the ICO has the capacity to impose smaller fines, in keeping with the nature of the breach, or even non-financial actions such as warnings and reprimands. However, …

This does seem at first glance to be an unlikely notion.  Usually, when we think of a data breach, we think of reputations being damaged, with nothing enhanced. However, when you think about it for a moment, there are benefits to be found and these should be seized upon. An ‘incident’, which is any potential breach, needs to be recorded internally and investigated.   Once a ‘failure’ or ‘weakness’ is made apparent, whilst it can be a shock, this should be welcomed as an opportunity for improvement.  If you don’t know something is wrong, you can’t fix it.  Once you know, …

The EU-US Privacy Shield was designed by the US Department of Commerce and the European Commission. Its aim is to provide companies on both sides of the Atlantic with “a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce”. It has been in place since July 2016, however, it has now hit a stumbling block.  MEP’s have stated that due to a number of issues, they believe that the Privacy Shield is now not compliant with the latest EU data protection legislation. On the 4th July …

Another week, another data breach. This time it is Dixons Carphone who are in the spotlight after an incident occurred which involved the data of nearly 6 million customers being compromised. This episode has been branded as one of the UK’s biggest data breaches at a single firm and Dixons Carphone have since seen a 6% drop in share price following the attempted hack which involved unauthorised access to 5.9 million customers’ bank cards. Dixons Carphone have since said they identified the huge breach during a review of their data and systems. Data that was left compromised during the hack …

Last month, we saw the arrival of not only the highly anticipated GDPR, but also the new and improved Data Protection Act of 2018. With the combination of both of these new legislations, the UK is being recognised as one of the most advanced data protecting countries in the world. The Data Protection Bill was first spoken about this time last year, and following its journey through parliament, it has now found its place in the UK law as the new Data Protection Act 2018. The previous Data Protection Act of 1998 did not account for the modern internet, technology …

There has been a huge amount of talk regarding data protection and the new GDPR legislation over the last few months as all organisations are under pressure to be totally compliant by the impending deadline: May 25th (that is today!) If you need any information regarding GDPR and how it will change the way in which you can communicate with clients and customers, please visit our blog page where we have several posts discussing this new regulation.   Today, however, we would like to talk to you about accountability. Accountability is a new ‘notion’ in the GDPR, although the ICO …

With every passing day taking us closer to the 25th May, many different organisations are panicking as they desperately try and ready themselves for the new legislation: GDPR. The ICO have put together a very valuable tool – a self-assessment that helps you identify exactly what you have already got nailed down and what you need to work on before the end of the month. The assessment is split into these seven sections: Data Protection Assurance Checklist In this section, the ICO help you identify whether you are a controller or a processor of data, and then information regarding consent …

Royal Mail Group Ltd have recently been hit with a £12,000 fine by the Information Commissioner’s Office (ICO) for sending over 300,000 emails to consumers who had previously requested to opt out of receiving direct marketing. Back in July 2017, they sent emails to 317,014 people who had already explicitly expressed a desire to be taken off the mailing list. ICO Head of Enforcement, Steve Eckersley said: “Royal Mail did not follow the law on direct marketing when it sent such a huge volume of emails, because the recipients had already clearly expressed they did not want to receive them. …

As you are probably aware by now – after all, it’s all we’ve been talking about for months – the new GDPR legislation (General Data Protection Regulation) is now just over a month away from being implemented. You’ve probably heard an abundance of information regarding GDPR, but something that appears to be under-reported is its sister regulation e-Privacy, which is also set to change soon. It is important to understand both the different regulations, as although they are different, they complement one another, and must both be employed. So, what are the differences? The enforcement of GDPR means that the …

Amendment 26/04/2018 Please note, the following guidance was intended to focus on commercial marketing activities in regards to consumers. There is a difference between sending emails for marketing and administrative purposes. The latter is permitted under legitimate interests, marketing communications is not We are now just over one month away from the introduction of the EU General Data Protection Regulation (GDPR), which is set to drastically alter the way in which data is stored and processed. The aim of this new legislation is to put the modern consumer and citizen first, by protecting and limiting access to their data. On …