Data Protection News Roundup – 5th January 2021

The Data Guardians’ Managing Director and lead consultant Matthew Lamb is a Certified Data Protection Officer and Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance as well as addressing your Cyber Security issues.



The Brexit transition period ended on 31st December but the deal struck between the UK and EU means that when it comes to the transfer of personal data, the UK will not be considered a third country just yet. The personal information of EU citizens will continue to be sent freely to the UK, until an agreement on the question is reached. Such an agreement would see EU regulators recognising that UK laws provide a level of data protection that matches the GDPR, and granting the country special adequacy status.

However, if a deal on data flows isn’t achieved in the next six months, the bridging period will come to an end, and the UK will have to resort to alternative mechanisms to make sure that organisations in the country can still legally process personal information from the EU.

Read more on this matter here.


Data Breaches

UK energy supplier People’s Energy has suffered a data breach affecting its entire database, including information on previous customers. Hackers stole details including names, addresses, dates of birth, phone numbers and tariff and energy meter IDs. While most of those affected are unlikely to face any direct financial risk, they are more likely to be targeted by phishing attacks. Read more here.

A security incident at T-Mobile has resulted in customer call data being accessed. The hack, which was first reported on December 29, affected around 200,000 customers and may have included customer phone numbers. No financial data or sensitive personal information such as Social Security numbers was accessed. Read more here.

Amey has been targeted by hackers using ransomware. The attack, taking place in mid-December, has been reported to the ICO. Read more here.

The ICO has warned organisations that fell victim to the SolarWinds hack that they are required to report data breaches within three days after their discovery. Read more here.


Other News

Ticketmaster must pay a $10 million fine after several employees utilised unlawfully obtained passwords to hack a rival company’s computer systems – in attempts to “choke off” its business. Read more here.

A 12-year-old girl in London has started legal proceedings against TikTok, claiming the app violated the GDPR. TikTok has often come under scrutiny by Europe’s watchdogs especially on the aspect of the app’s collection of children’s private data. Read more here.

Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.

Leave a reply

You must be logged in to post a comment.