Tag Archives for " ICO "

Cryptojacking attack hits ~4,000 websites, including UK’s data watchdog

At first glance a CoinHive crypto miner being served by a website whose URL contains the string ‘ICO’ might not seem so strange. But when you know that ICO in this case stands for the UK’s Information Commissioner’s Office — aka the national data protection and privacy watchdog, whose URL (https://ico.org.uk) predates both Bitcoin and the current craze for token sales — well, the extent of the cryptojacking security snafu quickly becomes apparent.

Source: Cryptojacking attack hits ~4,000 websites, including UK’s data watchdog | TechCrunch

ICO will take proportionate approach to GDPR fines

The ICO is not planning to issue fines in every circumstance when it detects a breach of the GDPR (or implementing legislation), ICO’s Steve Eckersley said at the CDPD conference in Brussels. Eckersley stated that the ICO will also have other options in its toolbox: the opportunity to issue warnings or demand an audit. He thought that in many cases the reputational damage will have a greater impact than any fine.

Source: ICO will take proportionate approach to GDPR fines – Privacy Laws & Business

Will companies need to identify new lead supervisory authorities for their UK BCRs?

On Jan. 9, the European Commission’s Directorate-General for Justice and Consumers published a€œ “Notice to Stakeholders” on the intersection of Brexit and EU data protection rules. The guidance clarified, “€œTransfers based on approved standard data protection clauses or on binding corporate rules will not be subject to a further, specific authorisation from a supervisory authority.” One interpretation of this statement is that BCRs currently approved by the U.K. Information Commissioner’€™s Office will continue to be a compliant way to transfer data out of the EU after Brexit officially takes hold.

Source: Will companies need to identify new lead supervisory authorities for their UK BCRs?

UK’s DPA updates guidance on lawful basis for processing

The requirement to have a lawful basis in order to process personal data is not new. It replaces and mirrors the previous requirement to satisfy one of the ‘conditions for processing’ under the Data Protection Act 1998 (the 1998 Act). However, the GDPR places more emphasis on being accountable for and transparent about your lawful basis for processing.

Source: Lawful basis for processing | ICO

1 2 3 7
>