Tag Archives: ICO

Ticketmaster Fined £1.25m Over Cyber Attack

GDPR fines are like a number 65 bus. You wait for a long time and then three arrive at once. In the space of a month the Information Commissioner’s Office (ICO) has issued three Monetary Penalty Notices. The latest requires Ticketmaster to pay £1.25m following a cyber-attack on its website which compromised millions of customers’ personal information.   The ICO investigation into this breach found a vulnerability … Continue reading

Posted in cyber security, Data Breach, Fines, ICO, Ticketmaster, Uncategorized | Tagged , , , , | 1 Comment

The ICO’s New Subject Access Guidance

GDPR has introduced some new Data Subject rights including the right to erasure and data portability. The familiar right of Subject Access though still remains albeit with some additional obligations. Last week the Information Commissioner’s Office (ICO) published its long awaited right of access detailed guidance following a consultation exercise in December. The guidance provides some much needed clarification … Continue reading

Posted in ICO, Subject Access, Uncategorized | Tagged , | Leave a comment

British Airways: Proposed GDPR Fine Likely to be Reduced

In July 2019, the Information Commissioner’s Office (ICO) signalled its intention to use its powers to issue to issue Monetary Penalty Notices (fines) under the General Data Protection Regulation (GDPR).  Two Notices of Intent were issued with much fanfare. One … Continue reading

Posted in GDPR, Uncategorized | Tagged , , , | Leave a comment

Act Now Supporting Innovative Digital DPIA Project

Act Now Training is pleased to announce that it is supporting a new public sector collaboration to co-design and develop a digital approach to Data Protection Impact Assessments (DPIAs). This innovative six month project will help Data Controllers conducting DPIAs to ensure that a ’Data Protection by Design and Default’ approach is embedded into the process. The project is also supported by the Information … Continue reading

Posted in dpia, GDPR, GMCA, ICO, Uncategorized | Tagged , , , | 1 Comment

First Fine under GDPR

The Information Commissioner’s Office (ICO) has issued the first fine under GDPR to a London-based pharmacy. Doorstep Dispensaree Ltd, has been issued with a Monetary Penalty Notice of £275,000 for failing to ensure the security of Special Category Data. The … Continue reading

Posted in Fines, GDPR, Uncategorized | Tagged , , | 2 Comments

A New (GDPR) Data Sharing Code

The law on data sharing is a minefield clouded with myths and misunderstandings. The Information Commissioner’s Office (ICO) recently launched a consultation on an updated draft code of practice on this subject. Before drafting the new code, the ICO launched … Continue reading

Posted in Data Sharing, GDPR, ICO | Tagged , , , | 1 Comment

The BA and Marriot Data Breaches: The ICO takes its gloves off!

This week we saw the Information Commissioner’s Office (ICO) finally signal its intention to use its powers to issue to issue Monetary Penalty Notices (fines) under the General Data Protection Regulation (GDPR).  Two Notices of Intent have been issued.  Both … Continue reading

Posted in Data Protection, DP ACT 2018, enforcement notice, EU DP Regulation, GDPR, ICO | Tagged , , , , , | 9 Comments

GDPR: One Year on

The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 came into force on 25th May 2018 with much fanfare. The biggest change to data protection law in 20 years, with GDPR carrying a maximum fine of 20 million … Continue reading

Posted in biometric data, enforcement notice, GDPR, ICO | Tagged , , , | 2 Comments

First Two GDPR Enforcement Notices – Lessons Learnt

The Information Commissioner’s Office (ICO) recently served only its second Enforcement Notice for breaches of the GDPR. The first Enforcement Notice was issued in July 2018 against a Canadian company, AggregateIQ Data Services Ltd (AIQ). Strangely it was not published on … Continue reading

Posted in GDPR, ICO, personal data, Privacy | Tagged , , , | 3 Comments

The Facebook Data Breach Fine Explained

  On 24th October the Information Commissioner imposed a fine (monetary penalty) of £500,000 on Facebook Ireland and Facebook Inc (which is based in California, USA) for breaches of the Data Protection Act 1998.  In doing so the Commissioner levied the maximum fine … Continue reading

Posted in Cloud, Data Protection, Data Sharing, Fines, GDPR, ICO, Information Security, Personal Data | Tagged , , , , , , , | Leave a comment