Data Protection News Roundup – 7th May 2019

The Data Guardians Managing Director and lead consultant Matthew Lamb is a Certified Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance.



In September, a new data-related EU law will come into effect, the second “payment services directive”, or PSD2. It will mainly be relevant to financial firms and aims to make banking and payments safer and more open through stronger security and data portability provisions. While some aspects of the new law are being welcomed by companies, other aspects may present ‘infrastructural challenges’. Read more here.


Who’s getting it wrong?

Since the start of last year, more than 50 data breaches have been reported by the Irish Passport Service to the Data Commission. Staff error has been blamed as the reason for many of these breaches with passports being posted to the wrong address in the majority of cases. During this time period the Passport Service received 1,008,089 passport applications. Read more here.

The ICO has fined a PPI claims management company £120,000 for sending unlawful spam texts about its services. The company, Hall and Hanley Ltd, were responsible for sending 3.5m direct marketing text messages last year. The ICO received a large number of complaints about the company which had used a third party for this work but did not have valid consent as required by law. Read more here.

Citycomp, an IT infrastructure provider based in Germany, and with customers such as Airbus, Porsche, Toshiba, and Volkswagen, published a statement saying it successfully fended off a hacker attack. However the statement goes on to say that while Citycomp did not yield to blackmail, this may mean that its customer data could be published. The hacker stole more than 300,000 files. Read more here.


Other News

An ICO investigation into HMRC’s Voice ID service was prompted by a complaint from Big Brother Watch about the department’s conduct, particularly in relation to the use of voice authentication for customer verification on some of HMRC’s helplines. The ICO found that HMRC failed to give customers sufficient information about how their biometric data would be processed and failed to give them the chance to give or withhold consent. Read more here.


Leave a reply

You must be logged in to post a comment.