Website “formjacking” increasing risk to insecure sites

rise in formjacking cybercrime

According to Symantec’s Internet Security Threat Report 2019 on average 4800 websites a month are compromised by formjacking code. Formjacking is a cyber security threat to any business website, with cyber-criminals targeting any commerce sites with a view to intercepting payment details. And if you’re thinking that this only hits sites like British Airways, Semantic points …

Read moreWebsite “formjacking” increasing risk to insecure sites

EDPB published work program for 2019/20

EDPB work program

The European Data Protection Board has published its work program for the next couple of years, which includes development of a number of (hopefully) useful guidance documents. You can download the full list here, but of particular interest will be: Guidelines on Data Protection by Design and Default Guidelines on targeting of social media users …

Read moreEDPB published work program for 2019/20

ICO fact-finding on data protection in adtech

ico to look at adtech data protection

There’s been a lot of noise recently around the use of personal data in adtech (advertising tech) including cases like the Google £44m fine from a few weeks ago, and not forgetting of course the Facebook/Cambridge Analytica scandal, so it’s probably no surprise that the ICO is launching a “fact-finding forum” where they’ll be inviting …

Read moreICO fact-finding on data protection in adtech

ICO enforcement highlights the cost of ignoring subject access requests

ICO fine for subject access request

Recent enforcement by the ICO against Magnacrest Ltd highlights the cost of ignoring not only your own data subjects, but also the ICO. Magancrest have been fined £300, with a victim surcharge of £30 and costs of £1133.75 for ignoring an enforcement notices from the ICO to deal with a subject access request, after an …

Read moreICO enforcement highlights the cost of ignoring subject access requests

How Brexit could impact your data protection compliance

what brexit means to UK EU data

No matter where you sit in the Brexit debate there’s probably a good chance it will have some kind of impact on your business – and in the world of data compliance that’s no different. Believe it or not, Brexit might have an impact on your data compliance too! If you didn’t already have enough …

Read moreHow Brexit could impact your data protection compliance

£120k fines highlight need for the right consents and clear privacy statements

ico fines for pecr breaches

In three separate but connected cases the ICO has fined Leave.EU £60k and Eldon Insurance £60k for Privacy and Electronic Communications Regulations (PECR) offences relating to unsolicited emails. The cases had come to light during the ICO’s investigation in the use of personal data and analytics by political campaigns, whereby it was observed a clear …

Read more£120k fines highlight need for the right consents and clear privacy statements

What’s new on the Hub: February 2019

Digital Compliance Updates

Here’s an overview of new content and features added to the Hub in the last month New third-party processor content New third-party due diligence compliance poster/infographic Updated “How to empower your employees to comply” guide including A third-party processor briefing paper for employees A due diligence audit request form for employees to use when they have …

Read moreWhat’s new on the Hub: February 2019

EU adopts data protection adequacy decision regarding Japan

EU Japan agree data protection adequacy

In September 2018 the EU launched its process for adopting an adequacy decision under the GDPR after negotiations concluded between the EU and Japan in July 2018. This process completed on 23rd January 2019 when the European Commission formally adopted the adequacy decision. The agreement, which comes into effect immediately means that it is now …

Read moreEU adopts data protection adequacy decision regarding Japan

First significant GDPR fine hits Google (£44m)

Google fined for consent issues

The French data regulator, CNIL, (the French equivalent of the UK’s ICO) has fined Google €50m, a record when it comes to data protection fines. The fine follows an investigation after a complaint from privacy rights groups noyb and La Quadrature du Net in May last year about the way consent is collected by Google, for …

Read moreFirst significant GDPR fine hits Google (£44m)