ICO Hits BA with £183.39 million GDPR Fine for 2018 Data Breach
British Airways (BA) has been hit by a GDPR fine of £183.39 million by the UK Information Commissioners Office (ICO) for a 2018 data breach. The ICO investigation revealed that hackers stole the data of more than half a million BA customers, including sensitive information such as login credentials, payment card numbers, names, and addresses. The ICO stated that BA had ‘poor security arrangements’ in place and did not adequately...
What is a GDPR DPO?
The appointment of a data protection officer (DPO) is an essential part of complying with the EU’s General Data Protection Regulations. However, what exactly is the role of a DPO? Moreover, who needs to hire one? In this article, we explore the role of a DPO in helping an organisation achieve their compliance goals. DPO: An introduction GDPR requires data controllers and processors who run processing operations which require regular...
ICO Declares HMRC Voice Recordings to be ‘Unlawfully Obtained’
Her Majesty’s Revenue and Customs (HMRC) has agreed to delete more than five million voice recordings after the UK Information Commissioner’s Office (ICO) declared the data had been unlawfully obtained. HMRC collected for use in a voice authentication service, introduced in 2017. The callers were asked to repeat the phrase ‘my voice is my password’, which HMRC would then use to authenticate the identity of...
Businesses Still Using Unencrypted USB Devices to Store Data One Year After GDPR
It has been revealed that businesses are still storing data on unencrypted USB devices despite the risk of incurring significant GDPR fines for doing so. ESET, an IT security company, and Kingston Technology, a leading provider of technological solutions, surveyed over 500 businesses based in the United Kingdom for the report. The data revealed that 55% of business surveyed don’t encrypt devices such as USBs. Jake Moore, a...
Denmark’s DPA Recommends Fine for Taxi Company GDPR Violation
Denmark’s Data Protection Authority Datatilsynet has recommended that taxi company Taxa 4×35 be fined for violating the General Data Protection Regulations (GDPR). The DPA approved a fine of 2.8% of the company’s revenue, amounting to €160,754, for the violation. The maximum fine that can be levied against an organisation for a GDPR violation is 4.5%. While the fine issued was less than this maximum (which would have equated to...
Microsoft Customer Email Information Compromised Following Support Agent Breach
Microsoft has announced that customer email information has potentially been accessed by an unauthorised third-party following a security incident at a support agent. The hacker used compromised support agent credentials to access customer data and is thought to have been able to access the data for three months. During this period, hackers could access affected users’ email addresses, email subject lines, folder names, and email...
Microsoft CEO calls for Global GDPR-like Data Privacy Rights
The CEO of Microsoft has called for the implementation of GDPR-legislation worldwide to enhance global attitudes to data privacy rights. Microsoft CEO Satya Nadella made the statement during a live interview at the World Economic Forum in Davos Switzerland. He called for world leaders to treat data privacy as a human right, and legislation should be enacted to protect this right. Commenting on the EU’s recent GDPR legislation, a...
Bundeskartellamt Rules on Facebook’s Practices in Germany
Bundeskartellamt has released a ruling outlining its decision on how Facebook operates in Germany. Bundeskartellamt, Germany’s national competition regulator, had been investigating Facebook’s business practices for three years. The organisation has revealed that it has ruled how Facebook obtains, links, authors, and handles user data gives it an ‘unfair advantage’. Bundeskartellamt stated that Facebook could leverage this advantage...
HITRUST Incorporates GDPR into the CSF
The Health Information Trust Alliance (HITRUST) has incorporated the European Union’s General Data Protection Regulation (GDPR) into the HITRUST Cybersecurity Framework (HITRUST CSF). HITRUST is a US-based organisation which, in collaboration with the healthcare, technology and information security sectors, has established a Common Security Framework (CSF). The CSF offers guidance to organisations across all industries that create,...
Mozilla Official Predicts Stricter GDPR Enforcement in 2019
A senior official at Mozilla has predicted that 2019 will see much stricter enforcement of GDPR across Europe. The Senior Policy Manager and European Union Principal for Mozilla, Raegan MacDonald, has said that she believes that 2019 will see enhanced resources dedicated to the enforcement of the European Union’s General Data Protection Regulation (GDPR). Mozilla is a computer software organisation well known for its stance on the...
GDPR Violation Penalty Levied Against Hospital for First Time
The Centro Hospitalar Barreiro Montijo, near Lisbon, Portugal, has become the first hospital to be issued a penalty for violating the EU’s new General Data Protection Regulation (GDPR). The Comissão Nacional de Protecção de Dados (CNPD), the body which oversees issues relating to data protection, prosecuted the Barreiro Montijo hospital for failing to ensure that adequate access restrictions were in place to protect the integrity of...
Radisson Hotel Data Breach Response Potentially in Violation of GDPR
The Radisson Hotel Group may be fined for non-compliance with the General Data Protection Regulation (GDPR) following a data breach earlier this year. The Radisson Hotel Group is a chain with over 1,400 hotels in over 70 countries and incorporates hotel brand such as the Park Plaza, Country Inn & Suites, Park Inn, and Radisson Collection. As their headquarters is based in Brussels, Belgium, the group is required to comply...
Report Reveals Spike in Data Breaches Reported Under GDPR
The General Data Protection Regulations (GDPR) came into effect in the European Union in May 2018. The regulations served to replace the existing regulations covering data protection, which were woefully out-of-date with modern technology and inadequate to deal with major cybersecurity risks. The creators of GDPR hoped that the regulations would reduce the risk of data theft to a minimum by requiring that a number of safeguards are in...
Kroll Survey Shows Increase in Number of Data Breaches Reported Post-GDPR
Kroll, a data security company, has released the results of a survey which shows that the number of data breaches reported to the UK’s Information Commissioner has increased by 75% since the introduction of the General Data Protection Regulation (GDPR). GDPR became EU law in May 2018. Its introduction revolutionised the data security landscape in the EU. One of the most crucial aspects of GDPR is how it has changed how organisations...
Whose data does GDPR protect?
General Data Protection Regulations became a part of EU law in May 2018. Before GDPR, European data protection laws were deemed unable to mitigate the risk of data theft. Furthermore, individuals had few rights over their data. EU lawmakers sought to revolutionise the data security landscape and introduce new regulations that were more fit to deal with the increasing prevalence of technology in everyday life. Whose data does GDPR...
Survey finds US and UK Companies Slow to Prepare for GDPR Compliance
A recent survey, conducted by Dimensional Research, has revealed that the levels of unpreparedness for both US and UK firms for compliance with the EU’s General Data Protection Regulation (GDPR) are high. Results seen in both the UK and US studies confirm the clients’ fears about the difficulty of privacy management. It also backs up the claims that technology investment will play a massive role in complying with GDPR and...
Public Whois Registry Likely to be Affected by GDPR
The EU GDPR Law will have a significant impact on the businesses that process and manage EU citizens’ data. WHOIS is a member of Domain Name sector that is likely to be affected by the new data protection legislation. The introduction of these new laws will be a delicate process for companies as they work to comply with the guidelines from the European Union and the ICANN. WHOIS supplies a database where internet users to find domain...
GDPR to be incorporated in new UK Data Protection Bill
The British Government has completeded the Data Protection Bill that aims to align the country’s data protection regime with the soon to be introduced European Union General Data Protection Regulation (GDPR). This will allow UK citizens to have more control over their private personal information and impose harsher penalties on the companies that breach the laws. The Bill is part of the multi-billion National Cyber Security Strategy....
GDPR Leads Lloyds to Alter Marketing Campaigns
Lloyds Banking Group has taken steps to introduce new marketing campaigns due to the coming introduction of the European Union’s GDPR legislation, a new set of guidelines on data privacy and security. Lloyds is moving from product-focused campaigns to the content-focused strategies in line with the GDPR legislation. Lloyds is one of the groups that has spent a considerable amount of money preparing for the new regulations....
Snapchat Video Post Causes Nursing Assistant Sacked
A nursing helper from the Parkside Manor assisted-living service in Kenosha, WI. has been sacked for showing a video of a nearly nude 93-year-old Alzheimer’s patient as well as distributing the file on Snapchat. In recent months an unpleasant tendency has developed concerning nurses taking pictures as well as videos of old patients and distributing the files on social media nets. The videos and images display patients in performing...