Category Archives: ICO

First ICO GDPR Fine Reduced on Appeal

The first GDPR fine issued by the Information Commissioner’s Office (ICO) has been reduced by two thirds on appeal. In December 2019, Doorstep Dispensaree Ltd, a company which supplies medicines to customers and care homes, was the subject of a Monetary Penalty … Continue reading

Posted in Data Breach, Data Destruction, ICO, ICO Fine, Security | Tagged , , , | Leave a comment

Ticketmaster Fined £1.25m Over Cyber Attack

GDPR fines are like a number 65 bus. You wait for a long time and then three arrive at once. In the space of a month the Information Commissioner’s Office (ICO) has issued three Monetary Penalty Notices. The latest requires Ticketmaster to pay £1.25m following a cyber-attack on its website which compromised millions of customers’ personal information.   The ICO investigation into this breach found a vulnerability … Continue reading

Posted in cyber security, Data Breach, Fines, ICO, Ticketmaster, Uncategorized | Tagged , , , , | 2 Comments

The ICO’s New Subject Access Guidance

GDPR has introduced some new Data Subject rights including the right to erasure and data portability. The familiar right of Subject Access though still remains albeit with some additional obligations. Last week the Information Commissioner’s Office (ICO) published its long awaited right of access detailed guidance following a consultation exercise in December. The guidance provides some much needed clarification … Continue reading

Posted in ICO, Subject Access, Uncategorized | Tagged , | Leave a comment

Act Now Associate Appointed to Judicial Position

Act Now Training would like to congratulate Susan Wolf our senior associate, who has been appointed as a Fee Paid Member of the Upper Tribunal assigned to the Administrative Appeals Chamber (Information Rights Jurisdiction) and First Tier Tribunal General Regulatory Chamber (Information Rights Jurisdiction).  We are delighted … Continue reading

Posted in Information Rights, Tribunal | Tagged , , | Leave a comment

Act Now Supporting Innovative Digital DPIA Project

Act Now Training is pleased to announce that it is supporting a new public sector collaboration to co-design and develop a digital approach to Data Protection Impact Assessments (DPIAs). This innovative six month project will help Data Controllers conducting DPIAs to ensure that a ’Data Protection by Design and Default’ approach is embedded into the process. The project is also supported by the Information … Continue reading

Posted in dpia, GDPR, GMCA, ICO, Uncategorized | Tagged , , , | 1 Comment

Viva Las Vegas

Act Now is pleased to announce that Ibrahim Hasan has accepted an invitation to address the 21st Annual NAPCP Commercial Card and Payment Conference in Las Vegas, April 6-9 2020. The NAPCP is a membership-based professional association committed to advancing … Continue reading

Posted in biometric data, Brunei, cyber security, Data Protection, Data Sharing, GDPR, ICO, International, USA | 3 Comments

A New (GDPR) Data Sharing Code

The law on data sharing is a minefield clouded with myths and misunderstandings. The Information Commissioner’s Office (ICO) recently launched a consultation on an updated draft code of practice on this subject. Before drafting the new code, the ICO launched … Continue reading

Posted in Data Sharing, GDPR, ICO | Tagged , , , | 1 Comment

The BA and Marriot Data Breaches: The ICO takes its gloves off!

This week we saw the Information Commissioner’s Office (ICO) finally signal its intention to use its powers to issue to issue Monetary Penalty Notices (fines) under the General Data Protection Regulation (GDPR).  Two Notices of Intent have been issued.  Both … Continue reading

Posted in Data Protection, DP ACT 2018, enforcement notice, EU DP Regulation, GDPR, ICO | Tagged , , , , , | 9 Comments

GDPR: One Year on

The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 came into force on 25th May 2018 with much fanfare. The biggest change to data protection law in 20 years, with GDPR carrying a maximum fine of 20 million … Continue reading

Posted in biometric data, enforcement notice, GDPR, ICO | Tagged , , , | 2 Comments

First Two GDPR Enforcement Notices – Lessons Learnt

The Information Commissioner’s Office (ICO) recently served only its second Enforcement Notice for breaches of the GDPR. The first Enforcement Notice was issued in July 2018 against a Canadian company, AggregateIQ Data Services Ltd (AIQ). Strangely it was not published on … Continue reading

Posted in GDPR, ICO, personal data, Privacy | Tagged , , , | 3 Comments