EU GDPR Archives - Alan Calder on IT Governance, Cyber Resilience, ISO 27001 and Brexit

ICO and Computer Misuse Act

Alan Calder February 23, 2021 EU GDPR

The ICO, for the second time in its history, has used the Computer Misuse Act (CMA) to achieve a prison sentence for someone who abused a position of trust to exfiltrate personal data from her employer in order to sell …

[Continue Reading...]

The GDPR requirements following Brexit

Alan Calder January 29, 2021 EU GDPR, IT Security

Friday 29 January Many organisations are slightly confused about the immediate GDPR requirements in the UK and the EU following the UK’s exit from the EU. This is the situation: the so-called Free Trade Agreement makes provision for the EU …

[Continue Reading...]

Regulatory action is increasingly driving GDPR compliance

Alan Calder July 23, 2020 EU GDPR

We all thought that the most dramatic aspect of GDPR enforcement would be fines for data breaches, and that the primary driver for GDPR compliance would be the desire to avoid data breaches. While there have been some spectacular data …

[Continue Reading...]

PECR and GDPR

Alan Calder May 8, 2019 EU GDPR

Well, the ICO (Information Commissioner’s Office) is markedly faster out of the blocks in terms of dealing with PECR (Privacy and Electronic Communications Regulations) breaches than in dealing with GDPR (General Data Protection Regulation) ones. Some 16 company directors have …

[Continue Reading...]

Why hasn’t the ICO issued any GDPR fines yet?

Alan Calder May 7, 2019 EU GDPR

For those of you wonder what on earth the ICO (Information Commissioner’s Office) is doing in terms of regulatory action in relation to privacy, their latest update identifies some recent financial penalties: A television production company was fined £20,000 for …

[Continue Reading...]

The ICO – driving ‘meaningful change’

Alan Calder October 29, 2018 Cyber Security, EU GDPR

Facebook has, in respect of its data breach earlier this year, been fined the maximum £500,000 allowed under the DPA (Data Protection Act) 1998. It’s lucky the breach was discovered before 25 May 2018; if the fine had been levied …

[Continue Reading...]

GDPR: Could an Uber reporting failure trigger a 6% fine plus $148 million?

Alan Calder September 27, 2018 Cyber Security, Data Breaches, Data Protection, EU GDPR

The EU GDPR (General Data Protection Regulation) issues administrative fines for non-compliance. The higher-tier fine is up to 4% of an organization’s global turnover or €20 million (about $24 million), whichever is greater. Although they differ in content, all 50 …

[Continue Reading...]

Data breaches: it’s not just the private sector

Alan Calder September 13, 2018 Cyber Security, Data Breaches, Data Protection, EU GDPR

TV Licensing has assured 40,000 TV licence-paying customers whose contact and bank details were intercepted on the TV Licensing website that “the risk is low”. Really? If the risk is low, why also warn the victims that they should …

[Continue Reading...]

BA: a £1 billion wake-up call

Alan Calder September 12, 2018 Cyber Security, Data Breaches, EU GDPR

There are now two law firms putting together class action lawsuits against BA under the provisions of Article 82 of the GDPR (General Data Protection Regulation), which entitles data subjects to financial compensation for non-financial damages. If the 380,000 customers …

[Continue Reading...]

Summer breaches

Alan Calder July 27, 2018 Cyber Security, Data Protection, EU GDPR

As organisations across the world look forward to the holiday season, it’s worth reviewing the perspective of data thieves and cyber attackers. If key staff are on holiday, cyber security defences will be weaker and less agile. If remaining staff …

[Continue Reading...]