Blog

Leave.EU and the Arron Banks insurance firm have been fined £120,000 for data breaches that happened during the EU referendum.   The information commissioner has officially launched an audit into Leave.EU which is owned by the campaign’s key financial backer, Arron Banks. His two organisations, Leave.EU and his insurance company, were fined for data protection violations during the EU referendum campaign.   What happened in the breach?   Leave.EU was fined £15,000 for using Eldon Insurance customers’ details unlawfully to send almost 300,000 political marketing messages, and then a further £45,000 for its part in sending an Eldon marketing campaign to political subscribers.  1 …

Earlier this month, France’s Supervisory Authority (CNIL) fined Google €50 million (around £44 million) for a breach of the EU’s data protection rules.  The case arose from complaints filed by the CNIL very soon after the 25th of May 2018 by two consumer associations against Google for “not having a valid legal basis to process the personal data of the users of its services, particularly for ads personalization purposes“.  The CNIL claimed that Google breached the GDPR when new Android users set up a new phone and during Android’s onboarding process as they made it difficult for consumers to access the data collection policies and failed …

There is currently no easy tick-box solution for measuring GDPR compliance, but there are ways that you can demonstrate your compliance, should the ICO come knocking.  You need to put the work in now, this is an on-going commitment. We were told originally that a certification scheme (which would have given people a vehicle for demonstrating compliance) would be in place before the GDPR came into effect in May 2018.  This did not transpire, however, and it seems that the ICO currently have no plans to accredit certification bodies or carry out certification at this time. So the onus is …

As the year end approaches and we reflect back on a very hectic time prior to the introduction of the GDPR in May, we are still waiting for the final draft of the new ePrivacy Regulation which like the existing ePrivacy Directive covers: Marketing telephone calls, emails, texts and faxes Cookies Keeping communications secure Customer privacy (for example location data, itemised billing etc). The ePrivacy Regulation sits alongside the GDPR and in the UK, the Data Protection Act, but it is not yet fully clear how this will be amended in line with the GDPR (we expect to know how …

The 2018 Data Protection Act (DPA) has not given the ICO the power to imprison people who breach it.  The strongest penalties they can issue according to the DPA are fines, albeit very heavy ones. However, last month the ICO used their powers in conjunction with the Computer Misuse Act (CMA), which resulted in a 6 month jail term for the offender. The prosecuted person accessed and used (for personal gain) thousands of personal records without permission. Usually this would have been prosecuted under the Data Protection Act, but in the first case of its kind, it seems that the …

If you are in a regulated industry, even if you don’t ever breach the GDPR/DPA2018, there are additional regulations that could result in a breach and a fine. Tesco has just received a fine from the Financial Conduct Authority (FCA) for a data breach that happened in 2016. What happened to Tesco? In November 2016, Tesco Bank was the subject of a Cyber Attack where attackers used an algorithm to generate authentic Tesco Bank debit card numbers. Using these “virtual cards”, the attackers engaged in thousands of unauthorised debit card transactions, collecting over £2.26 million from real account holders. It …

NIS stands for Network and Information Systems, and the 2018 regulations are dedicated to establishing a common level of security for them. These systems play a vital role in the economy and the NIS Regulations aim to tackle and address the threats posed to them through cyber-attacks, and physical and environmental factors too. In short, the aim of these regulations is to protect the infrastructure surrounding the country’s vital services and infrastructure including the digital economy. Why is there a need for NIS? The magnitude, frequency and impact of security incidents are increasing, with network and information systems becoming the …

As much as the UK government remains resolute that a “no deal” Brexit scenario is unlikely, we won’t find out for sure until the 29th of March 2019. As with all major events, it is better to prepare your company for all scenarios, particularly if they are likely to have a big impact on your data protection and your customers. GDPR currently states that organisations are free to transfer personal data within the EU, but are only allowed to transfer personal data outside of the EU if there is a legal basis to do so. At the start of this …

With the recent introduction of GDPR, it’s a natural progression that cybercriminals have become increasingly sophisticated. Most organisations realise that a data breach isn’t a matter of ‘if’, it’s now ‘when’. Instinctively, companies tend to focus their resources and efforts on containing a breach, instead of on their most important asset – their customers. Its customers that are in need of protection during a breach, and lack of doing so may result in not only the loss of those customers, but in hefty fines, as well as a damaging hit to your reputation. So, how do you protect your customers …

If you’re still worried about GDPR compliance then you’re not alone. With so many areas to cover and keep updated, it’s no wonder that so many companies are feeling overwhelmed. If you’re a small to medium sized organisation, it’s particularly important to ensure you’re protecting your company and your clients from a data breach. You are most at risk of an expensive error harming your company and reputation. So, to help assist you in assessing your compliance, we’ve put together some tips to not only increase your confidence in GDPR compliance, but to ensure that any personal client information is …