GDPR Friday Roundup – 1st September 2017

Who’s getting it wrong?

Nottinghamshire County Council has been fined £70,000 by the ICO following a serious data protection breach that left vulnerable people’s personal information online for five years. The local authority had posted the gender, addresses, postcodes and care requirements of elderly and disabled people in an online directory which didn’t have basic security access restrictions. Steve Eckersley, ICO head of enforcement, said the council overlooked the need to put robust measures in place…despite having the financial and staffing resources available. Read more here.

Gaming and gadgets company CeX have warned 2 million of its customers to change their account details after sensitive information was stolen in an online security breach. Read more here.


Need to know

Two thirds of firms say they intend to employ permanent new staff to cope with the GDPR and similar numbers – 64% – will take on more temporary or interim staff. Read more here.

Information Commissioner Elizabeth Denham gave the keynote speech at the ARA conference yesterday. In the speech she said the ICO is speaking to government about derogations (without specifying) within the GDPR, Data Protection Bill and that DCMS will be taking this forward. Read more here.

A Financial Times survey has found that tech companies around the world are scrambling to hire new staff and redesign products as the sector faces millions of dollars lost to higher costs and lost revenues. Responding to the survey, Facebook was one of three companies to say that initial compliance would cost several million dollars. Though costs are small relative to the global annual turnover of multinational companies, technology groups suggested the GDPR could be one of the most expensive pieces of regulation in the sector’s history. Facebook said its data protection team in Ireland will be growing by 250% to support the GDPR. Read more here.

Steve Wood, ICO Deputy Commissioner (Policy) has written his week’s blog debunking myths surrounding the GDPR. He used the blog post to reassure companies that the GDPR is not a total revolution in data protection; it is an evolution building on foundations already in place for the last 20 years. He said that while the GDPR mainly seeks to build on existing principles, there is no room for complacency. He also said that those businesses that get data protection right will obtain a competitive advantage by building trusted relationships with the public enabling them to sustainably build their use of data and gain more value. Read more here.



On 20 September, the Scottish and UK Information Commissioners will co-host the International Conference of Information Commissioners (ICIC) in Manchester. The conference will explore the future of transparency and access to information in the UK and worldwide, progressive information rights and trust. Find the event website here.

Leave a reply

You must be logged in to post a comment.