The Data Guardians Managing Director and lead consultant Matthew Lamb is a Certified Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance.
Who’s getting it wrong?
The ICO has fined Dixons Carphone £500,000, the maximum allowed under the previous Data Protection Act, for a 2018 malware attack and data breach. Over 14 million people were affected due to a malware attack at 5,390 of the retailer’s POS terminals which when undetected for over nine months. Read more here.
Travelex has been the subject of a hack where the hackers held Travelex to ransom, demanding the firm pay £4.6m before they unlock its systems. It has affected banks that use Travelex to run their foreign exchange services such as Barclays, Lloyds and RBS. Its website was taken down immediately after the attack was launched two weeks ago and is still offline. Read more here.
The ICO has extended the time before it will fine British Airways and Marriott £183m and £99m respectively. In a statement the UK’s data protection regulator said: “Under Schedule 16 of the Data Protection Act 2018, BA [and Marriott] and the ICO have agreed to an extension of the regulatory process until 31 March 2020. As the regulatory process is ongoing we will not be commenting any further at this time.” When the ICO announces a “notice of intent” to fine companies, this is not the same thing as actually handing out the penalty. Companies (and individuals) targeted for fines like this can then, in the jargon, “make representations” about the size of the punishment. Read more here.
According to research gathered by LearnBonds, almost a third of British firms hit by cyber-security attacks last year chose to ignore them. 32% of UK companies said they took “no action” after an online security breach in 2019 despite this type of crime collectively costing British firms over £14bn. Read more here.
According to a new study most of the online forms that websites use to gain consent, essentially cookie banners, fail to meet GDPR requirements. Researchers have found only 11.8% of the most popular CMPs used on UK websites meet the minimal requirements under GDPR and Europe’s eDirective regulations regarding cookies and consent. Read more here.
Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.