ICO fines Carphone Warehouse £400k

Carphone Warehouse have been issued with one of the largest fines by the Information Commissioner’s Office after customer and employee data was compromised after a cyber-attack in 2015.

The ICO cite “multiple inadequacies in Carphone Warehouse’s approach to data security and determined that the company had failed to take adequate steps to protect the personal information” with the cause of  the breach being linked to out of date software (WordPress) and inadequate security protocols in place.

With the General Data Protection Regulation (GDPR) coming into affect in May this year, proper policy and process for the protection of personal data will be more important than ever. The ICO comment “Data protection by design is one of the [GDPR] requirements and must be in every part of information processing, from the hardware and software to the procedures, guidelines, standards, and polices that an organisation has or should have.”

Wonder what the fine may have been under GDPR…

You can read more about the ICO’s action against Carphone Warehouse, here along with details of the penalty notice issued.

If you’re worried about how your business can protect itself against data breaches and put in place adequate data protection policies and protocols, join the Digital Compliance Hub or get in touch to find out how our consultancy services can help your business.