Small businesses at greater data and cyber-security risk

small businesses not doing enough to protect cyber security

According to the Would you be ready for Cyber Attack? report from Business in the Community small businesses are not investing as much time or money into their own cyber-security as medium size businesses. The report also makes the point that often small and medium businesses can be a threat to the security of larger businesses …

Read moreSmall businesses at greater data and cyber-security risk

ICO fines Vote Leave for marketing consent failings

ICO fines vote leave for marketing consent failings

Vote Leave has been fined £40,000 by the ICO for sending over 196,000 unsolicited text messages in the run up to the 2016 Brexit referendum. The enforcement has been actioned as a breach of the Privacy and Electronic Communications Regulations (PECR) which regulate (amongst other things) direct marketing activities. Specifically PECR requires organisations to have …

Read moreICO fines Vote Leave for marketing consent failings

ICO building an AI auditing framework

ICO AI Framework

The ICO have launched a new AI Auditing Framework blog which will provide updates and discussion around their work on developing a framework to give them “a solid methodology to audit AI applications and ensure they are transparent, fair; and to ensure that the necessary measures to assess and manage data protection risks arising from them are …

Read moreICO building an AI auditing framework

Review of data protection compliance indicates room for improvement

data protection research indicates room for improvement

The annual Global Privacy Enforcement Network (GPEN) “sweep” is a joint study carried out across the world by data protection regulators (including the UK’s ICO). This year the study looked at how organisations have taken responsibility for complying with data protection laws, particularly the core concepts of accountability (which of course was key GDPR change). …

Read moreReview of data protection compliance indicates room for improvement

EDPB confirms status of EU-UK data flows in a no-deal scenario

EDBP publishes no-deal Brexit opinion

At it’s Seventh Plenary Session, the European Data Protection Board (EDPB) adopted a note on data transfers under the GDPR in the event of a n0-deal Brexit. The EDPB, who work towards a consistent approach to data protection application across Europe (replacing the old Article 29 Working Party) and is made up of representatives from …

Read moreEDPB confirms status of EU-UK data flows in a no-deal scenario

Website “formjacking” increasing risk to insecure sites

rise in formjacking cybercrime

According to Symantec’s Internet Security Threat Report 2019 on average 4800 websites a month are compromised by formjacking code. Formjacking is a cyber security threat to any business website, with cyber-criminals targeting any commerce sites with a view to intercepting payment details. And if you’re thinking that this only hits sites like British Airways, Semantic points …

Read moreWebsite “formjacking” increasing risk to insecure sites

EDPB published work program for 2019/20

EDPB work program

The European Data Protection Board has published its work program for the next couple of years, which includes development of a number of (hopefully) useful guidance documents. You can download the full list here, but of particular interest will be: Guidelines on Data Protection by Design and Default Guidelines on targeting of social media users …

Read moreEDPB published work program for 2019/20

ICO fact-finding on data protection in adtech

ico to look at adtech data protection

There’s been a lot of noise recently around the use of personal data in adtech (advertising tech) including cases like the Google £44m fine from a few weeks ago, and not forgetting of course the Facebook/Cambridge Analytica scandal, so it’s probably no surprise that the ICO is launching a “fact-finding forum” where they’ll be inviting …

Read moreICO fact-finding on data protection in adtech

ICO enforcement highlights the cost of ignoring subject access requests

ICO fine for subject access request

Recent enforcement by the ICO against Magnacrest Ltd highlights the cost of ignoring not only your own data subjects, but also the ICO. Magancrest have been fined £300, with a victim surcharge of £30 and costs of £1133.75 for ignoring an enforcement notices from the ICO to deal with a subject access request, after an …

Read moreICO enforcement highlights the cost of ignoring subject access requests