Companies are being urged to study the detail of the first GDPR penalty issued by the UK Information Commissioner’s Office to ensure they learn from the case after London pharmacy Doorstep Dispensaree has been fined £275,000 for failing to ensure the security of special category data.
Brexit may (or may not) become a reality on Saturday, but even if the UK Parliament does approve the deal, it will not settle the issue of how data protection laws will operate. “There is an assessment that needs to be done after Brexit on whether we need GDPR 2.0,” said Maarten Stassen, partner in the Brussels office of corporate law firm Crowell and Moring.
Data security professionals reckon that the first big GDPR fines - proposed by the UK Information Commissioners Office against British Airways and Marriott - will force organisations to sit up and take note, but they will not necessarily trigger a major change in current privacy policies and practices.
The Indian government has set its sights on becoming only the 14th country in the world to secure a data protection "adequacy" deal with the European Commission, which would allow the free flow of data between firms in India and businesses based in EU member states.
The Information Commissioner’s Office has announced its second "notice of intent" in as many days after revealing it plans to fine Marriott International more than £99 million for breaching GDPR, after it exposed the personal details of more 30 million EU customers - seven million who live in the UK - following a mass hack attack.
British Airways has hit back at the proposed record £183.39 million GDPR fine - announced this morning by the Information Commissioner’s Office - saying it is "surprised and disappointed" by the ruling, and insisting it "responded quickly to a criminal act to steal customers’ data".
Fresh evidence that the Information Commissioner’s Office is one of the busiest regulators in the EU has emerged with new figures showing it has received over 40 data breach notifications every day since May 25 2018, with a monthly average of 1,276 cases.
GDPR may have been in force for well over a year now, but UK staff have yet to change the way they handle sensitive data, with a third (34%) admitting they are still not taking the new regulation seriously even though the vast majority (84%) concede they know about compliance and their responsibilities.
With the anniversary of GDPR looming, many UK businesses are still failing to process requests from customers who are exercising their right to access the personal information stored about them, with a third of companies non-compliant.
The Government has hailed the new tougher data protection regime, ushered in with GDPR and the UK Data Protection Act 2018, for a reduction in the number of businesses suffering a cyber breach or attack in the past year.