Cathay Pacific airway fined £0.5m by ICO for cyber-attack Part of the cost of cyber-attacks 4th March 2020 Cathay Pacific airways has been fined £0.5m (the pre-GDPR maximum) by the UK ICO after a server connected to the internet was hacked and malware installed in early 2018 (i.e. before “GDPR-day” on 25th May 2018). 9.4m …
Cathay Pacific airway fined £0.5m by ICO for cyber-attack Read More »
Morrisons found not vicariously liable for data breach Lucky for Morrisons and everyone else 4th April 2020 The UK’s top court has ruled that Morrisons can’t be held liable for a 2014 data leak affecting the personal payroll data of around 100,000 workers. In the first class action of it’s kind, involving 2,000 of the …
Morrisons found not vicariously liable for data breach Read More »
€50k fine part due to DPO assignment Keeping DPOs independent 28th April 2020 The Belgian Data Protection Authority (28/4/20) fined a company €50k, for: Having a DPO that lacked independence (he was also the director of risk, compliance and audit) Failing to adequately engage the DPO in business matters Failing to appropriate risk assess events …
Beligian DPA GDPR EUR 50k fine for DPO lacking independence Read More »
£18bn lawsuit filed against EasyJet after cyber-attack Part of the cost of cyber-attacks 26th May 2020 Law firm PGMBM has issued a £18bn “no-win-no-fee” class action claim in the High Court of London against EasyJet, on behalf of affected customers. It was reported that EasyJet became aware of the cyber-attack in January 2020, with crooks …
200526 GBP18bn lawsuit filed against EasyJet after cyber-attack Read More »
US Privacy Shield invalid – Schrems – GDPR – Data Protection European Court of Justice finds EU – US Privacy Shield invalid 16th July 2020 Max Schrems, an Austrian activist known for campaigns against Facebook for privacy violation, has done it again. The EU-US Privacy Shield, which allowed US companies to register with PrivacyShield.gov, such …
What is ISO 27002:2013? ISO 27001 suppliments ISO 27001 (The Information Security Management System or ISMS) by providing a list of common operational and technical information security controls. ISO 27001 provides the overarching governance or management solution. ISO 27002 focuses on the actual controls. What is in ISO 27003:2013? ISO 27003:2013 includes: Information security policies …
The UK Data Protection Act We believe the following to be accurate transcription of the legislation, but provide no guarantee about its accuracy or completeness. Links to particularly useful parts: DPA Schedule 1 Data Protection Act2018CHAPTER 12Explanatory Notes have been produced to assist in the understanding of this Act and are available separatelyData Protection Act …
Privacy and Electronic Communications Regulation (PECR) We believe the following to be accurate transcription of the legislation, but provide no guarantee about its accuracy or completeness. Statutory Instruments 2003 No. 2426 ELECTRONIC COMMUNICATIONS The Privacy and Electronic Communications (EC Directive) Regulations 2003. Made 18th September 2003. Laid before Parliament 18th September 2003. Coming into force …
The EU General Data Protection Regulation (GDPR) Contact us to find out more. We believe the following to be accurate copy of the legislation, but provide no guarantee about its accuracy or completeness! I (Legislative acts) Article 8(1) of the Charter of Fundamental Rights of the European UnionREGULATIONSREGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND …
