First GDPR Fine Issued to a Charity

On 8th July 2021, the Information Commissioner’s Office (ICO) fined the transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure.In particular this led to a breach of the Articles 5(l)(f) and 32(1) and (2) of the GDPR.  The ICO found that Mermaids failed to implement an appropriate level of organisational and technical security to its internal email … Continue reading “First GDPR Fine Issued to a Charity”

Ticketmaster Fined £1.25m Over Cyber Attack

GDPR fines are like a number 65 bus. You wait for a long time and then three arrive at once. In the space of a month the Information Commissioner’s Office (ICO) has issued three Monetary Penalty Notices. The latest requires Ticketmaster to pay £1.25m following a cyber-attack on its website which compromised millions of customers’ personal information.   The ICO investigation into this breach found a vulnerability in a third-party chatbot built by Inbenta Technologies, which Ticketmaster had installed on its online … Continue reading “Ticketmaster Fined £1.25m Over Cyber Attack”

The Marriott Data Breach Fine

The Information Commissioner’s Office (ICO) has issued a fine to Marriott International Inc for a cyber security breach which saw the personal details of millions of hotel guests being accessed by hackers. The fine does not come as a surprise as it follows a Notice of Intent, issued in July 2018. The amount of £18.4 million though is much lower than the £99 million set out in the notice.   The Data  Marriott estimates … Continue reading “The Marriott Data Breach Fine”

GDPR and Employee Data: H&M Fined 35 Million Euros

On 2nd October 2020, the Hamburg Commissioner for Data Protection and Freedom of Information (Hamburg DP Commissioner) imposed a 35.3 million Euros fine on H&M Hennes &Mauritz for serious breaches of the General Data Protection Regulation (GDPR) at its service centre in Nuremberg. Specifically the breaches related to the covert and extensive monitoring of the personal information of several hundred … Continue reading “GDPR and Employee Data: H&M Fined 35 Million Euros”

The British Airways Data Breach Fine

The ICO has finally issued a fine to British Airways (BA) for a cyber security breach which saw the personal and financial details of more than 400,000 customers being accessed by attackers.   £20 million is a lot of money, even for British Airways, and especially in a global pandemic which has seen all airlines struggle financially. However it is a far cry from the original Notice of Intent, issued in issued in July 2018, for the sum of £183 Million.But … Continue reading “The British Airways Data Breach Fine”

British Airways: Proposed GDPR Fine Likely to be Reduced

In July 2019, the Information Commissioner’s Office (ICO) signalled its intention to use its powers to issue to issue Monetary Penalty Notices (fines) under the General Data Protection Regulation (GDPR).  Two Notices of Intent were issued with much fanfare. One of the Notices was issued to British Airways for the eye watering some of £183 Million. This … Continue reading “British Airways: Proposed GDPR Fine Likely to be Reduced”

The EasyJet Data Breach: GDPR Fine Arriving?

On 19th May 2020 it was reported that in January 2020 EasyJet was subject to what they describe as a “highly sophisticated” cyber-attack, resulting in the personal data of over 9 million customers being “hacked”. Detailed information about the attack is sparse, with most media sources repeating the same bare facts. Some of the information … Continue reading “The EasyJet Data Breach: GDPR Fine Arriving?”

First Fine under GDPR

The Information Commissioner’s Office (ICO) has issued the first fine under GDPR to a London-based pharmacy. Doorstep Dispensaree Ltd, has been issued with a Monetary Penalty Notice of £275,000 for failing to ensure the security of Special Category Data. The company, which supplies medicines to customers and care homes, left approximately 500,000 documents in unlocked … Continue reading “First Fine under GDPR”

Lessons from the Google GDPR Fine

On 21st January 2019, theFrench National Data Protection Commission (CNIL) fined Google 50 million euros for breaches of the General Data Protection Regulation (GDPR). This is the biggest financial penalty issued so far by any European regulator under the new law. But the decision goes far beyond Google or even the tech sector. In May 2018 … Continue reading “Lessons from the Google GDPR Fine”

The Facebook Data Breach Fine Explained

  On 24th October the Information Commissioner imposed a fine (monetary penalty) of £500,000 on Facebook Ireland and Facebook Inc (which is based in California, USA) for breaches of the Data Protection Act 1998.  In doing so the Commissioner levied the maximum fine that she could under the now repealed DPA 1998. Her verdict was that the fine … Continue reading “The Facebook Data Breach Fine Explained”

%d bloggers like this: