Monzo Contacts 500,000 Customers Following PIN Security Breach

Monzo has contacted 500,000 customers following a data breach which saw customer PINs accessible to employees of the digital bank for more than a year.  The incident, which may constitute a breach of the EU’s General Data Protection Regulation (GDPR) breach, has prompted Monzo to advise them to change their PINs. On August 2, Monzo discovered that nearly a quarter of all of its UK customers PINs weren’t being securely stored. The PINs...

Read More

Marriott Fined £99 Million for Breach Affecting 7 Million UK Residents

The UK Information Commissioner’s Office has fined Marriott International Inc £99 million under GDPR for a data breach that affected seven million UK residents. The ICO released the statement for intention to fine Marriott on July 9, only a few days after the announcement that BA was given a record-breaking £183 million for a data breach affected 500,000 people. BA’s data breach was also related to violations of the EU’s General Data...

Read More

ICO Hits BA with £183.39 million GDPR Fine for 2018 Data Breach

British Airways (BA) has been hit by a GDPR fine of £183.39 million by the UK Information Commissioners Office (ICO) for a 2018 data breach. The ICO investigation revealed that hackers stole the data of more than half a million BA customers, including sensitive information such as login credentials, payment card numbers, names, and addresses. The ICO stated that BA had ‘poor security arrangements’ in place and did not adequately...

Read More

What is a GDPR DPO?

The appointment of a data protection officer (DPO) is an essential part of complying with the EU’s General Data Protection Regulations. However, what exactly is the role of a DPO? Moreover, who needs to hire one? In this article, we explore the role of a DPO in helping an organisation achieve their compliance goals. DPO: An introduction GDPR requires data controllers and processors who run processing operations which require regular...

Read More

ICO Declares HMRC Voice Recordings to be ‘Unlawfully Obtained’

Her Majesty’s Revenue and Customs (HMRC) has agreed to delete more than five million voice recordings after the UK Information Commissioner’s Office (ICO) declared the data had been unlawfully obtained. HMRC collected for use in a voice authentication service, introduced in 2017. The callers were asked to repeat the phrase ‘my voice is my password’, which HMRC would then use to authenticate the identity of...

Read More

Businesses Still Using Unencrypted USB Devices to Store Data One Year After GDPR

It has been revealed that businesses are still storing data on unencrypted USB devices despite the risk of incurring significant GDPR fines for doing so. ESET, an IT security company, and Kingston Technology, a leading provider of technological solutions, surveyed over 500 businesses based in the United Kingdom for the report. The data revealed that 55% of business surveyed don’t encrypt devices such as USBs. Jake Moore, a...

Read More

Denmark’s DPA Recommends Fine for Taxi Company GDPR Violation

Denmark’s Data Protection Authority Datatilsynet has recommended that taxi company Taxa 4×35 be fined for violating the General Data Protection Regulations (GDPR). The DPA approved a fine of 2.8% of the company’s revenue, amounting to €160,754, for the violation. The maximum fine that can be levied against an organisation for a GDPR violation is 4.5%. While the fine issued was less than this maximum (which would have equated to...

Read More

Microsoft Customer Email Information Compromised Following Support Agent Breach

Microsoft has announced that customer email information has potentially been accessed by an unauthorised third-party following a security incident at a support agent. The hacker used compromised support agent credentials to access customer data and is thought to have been able to access the data for three months. During this period, hackers could access affected users’ email addresses, email subject lines, folder names, and email...

Read More

Microsoft CEO calls for Global GDPR-like Data Privacy Rights

The CEO of Microsoft has called for the implementation of GDPR-legislation worldwide to enhance global attitudes to data privacy rights. Microsoft CEO Satya Nadella made the statement during a live interview at the World Economic Forum in Davos Switzerland. He called for world leaders to treat data privacy as a human right, and legislation should be enacted to protect this right. Commenting on the EU’s recent GDPR legislation, a...

Read More

Bundeskartellamt Rules on Facebook’s Practices in Germany

Bundeskartellamt has released a ruling outlining its decision on how Facebook operates in Germany. Bundeskartellamt, Germany’s national competition regulator, had been investigating Facebook’s business practices for three years. The organisation has revealed that it has ruled how Facebook obtains, links, authors, and handles user data gives it an ‘unfair advantage’. Bundeskartellamt stated that Facebook could leverage this advantage...

Read More

HITRUST Incorporates GDPR into the CSF

The Health Information Trust Alliance (HITRUST) has incorporated the European Union’s General Data Protection Regulation (GDPR) into the HITRUST Cybersecurity Framework (HITRUST CSF). HITRUST is a US-based organisation which, in collaboration with the healthcare, technology and information security sectors, has established a Common Security Framework (CSF). The CSF offers guidance to organisations across all industries that create,...

Read More

Mozilla Official Predicts Stricter GDPR Enforcement in 2019

A senior official at Mozilla has predicted that 2019 will see much stricter enforcement of GDPR across Europe. The Senior Policy Manager and European Union Principal for Mozilla, Raegan MacDonald, has said that she believes that 2019 will see enhanced resources dedicated to the enforcement of the European Union’s General Data Protection Regulation (GDPR). Mozilla is a computer software organisation well known for its stance on the...

Read More

GDPR Violation Penalty Levied Against Hospital for First Time

The Centro Hospitalar Barreiro Montijo, near Lisbon, Portugal, has become the first hospital to be issued a penalty for violating the EU’s new General Data Protection Regulation (GDPR). The Comissão Nacional de Protecção de Dados (CNPD), the body which oversees issues relating to data protection, prosecuted the Barreiro Montijo hospital for failing to ensure that adequate access restrictions were in place to protect the integrity of...

Read More

Radisson Hotel Data Breach Response Potentially in Violation of GDPR

The Radisson Hotel Group may be fined for non-compliance with the General Data Protection Regulation (GDPR) following a data breach earlier this year. The Radisson Hotel Group is a chain with over 1,400 hotels in over 70 countries and incorporates hotel brand such as the Park Plaza, Country Inn & Suites, Park Inn, and Radisson Collection. As their headquarters is based in Brussels, Belgium, the group is required to comply...

Read More

Report Reveals Spike in Data Breaches Reported Under GDPR

The General Data Protection Regulations (GDPR) came into effect in the European Union in May 2018. The regulations served to replace the existing regulations covering data protection, which were woefully out-of-date with modern technology and inadequate to deal with major cybersecurity risks. The creators of GDPR hoped that the regulations would reduce the risk of data theft to a minimum by requiring that a number of safeguards are in...

Read More

Kroll Survey Shows Increase in Number of Data Breaches Reported Post-GDPR

Kroll, a data security company, has released the results of a survey which shows that the number of data breaches reported to the UK’s Information Commissioner has increased by 75% since the introduction of the General Data Protection Regulation (GDPR). GDPR became EU law in May 2018. Its introduction revolutionised the data security landscape in the EU. One of the most crucial aspects of GDPR is how it has changed how organisations...

Read More

Whose data does GDPR protect?

General Data Protection Regulations became a part of EU law in May 2018. Before GDPR, European data protection laws were deemed unable to mitigate the risk of data theft. Furthermore, individuals had few rights over their data. EU lawmakers sought to revolutionise the data security landscape and introduce new regulations that were more fit to deal with the increasing prevalence of technology in everyday life. Whose data does GDPR...

Read More
Survey finds US and UK Companies Slow to Prepare for GDPR Compliance
Nov05

Survey finds US and UK Companies Slow to Prepare for GDPR Compliance

A recent survey, conducted by Dimensional Research, has revealed that the levels of unpreparedness for both US and UK firms for compliance with the EU’s General Data Protection Regulation (GDPR) are high. Results seen in both the UK and US studies confirm the clients’ fears about the difficulty of privacy management. It also backs up the claims that technology investment will play a massive role in complying with GDPR and...

Read More
Public Whois Registry Likely to be Affected by GDPR
Oct12

Public Whois Registry Likely to be Affected by GDPR

The EU GDPR Law will have a significant impact on the businesses that process and manage EU citizens’ data. WHOIS is a member of Domain Name sector that is likely to be affected by the new data protection legislation. The introduction of these new laws will be a delicate process for companies as they work to comply with the guidelines from the European Union and the ICANN. WHOIS supplies a database where internet users to find domain...

Read More
GDPR to be incorporated in new UK Data Protection Bill
Oct10

GDPR to be incorporated in new UK Data Protection Bill

The British Government has completeded the Data Protection Bill that aims to align the country’s data protection regime with the soon to be introduced European Union General Data Protection Regulation (GDPR). This will allow UK citizens to have more control over their private personal information and impose harsher penalties on the companies that breach the laws. The Bill is part of the multi-billion National Cyber Security Strategy....

Read More
GDPR Leads Lloyds to Alter Marketing Campaigns
Oct03

GDPR Leads Lloyds to Alter Marketing Campaigns

Lloyds Banking Group has taken steps to introduce new marketing campaigns due to the coming introduction of the European Union’s GDPR legislation, a new set of guidelines on data privacy and security. Lloyds is moving from product-focused campaigns to the content-focused strategies in line with the GDPR legislation. Lloyds is one of the groups that has spent a considerable amount of money preparing for the new regulations....

Read More

Snapchat Video Post Causes Nursing Assistant Sacked

A nursing helper from the Parkside Manor assisted-living service in Kenosha, WI. has been sacked for showing a video of a nearly nude 93-year-old Alzheimer’s patient as well as distributing the file on Snapchat. In recent months an unpleasant tendency has developed concerning nurses taking pictures as well as videos of old patients and distributing the files on social media nets. The videos and images display patients in performing...

Read More