£145k fine for data sharing process failings

ICO fine council for gang matrix breach

In April 2019 the ICO issued a fine for £145,000 to the London Borough of Newham for unlawfully disclosing personal data of more than 200 individuals who were featured on the Metropolitan Polices “Gang Matrix” intelligence database. The data in redacted and unredacted forms were shared with 44 recipients including external organisations and voluntary agencies. It’s …

Read more£145k fine for data sharing process failings

First GDPR fine in Poland for breach of Article 14 of the GDPR

GDPR fine for Article 14 breach

The Polish data protection authority (UODO) has fined a company PLN943k (about £188k) for failure to inform data subjects about how they came to have their data and how they were planning on processing it (Article 14 of the GDPR). Article 14 is part of the GDPR’s “right to be informed” provisions that require you …

Read moreFirst GDPR fine in Poland for breach of Article 14 of the GDPR

Pension company fine highlights perils of bad advice and non-compliance

ICO fines company for unsolicited emails

Grove Pension Solutions Ltd has been fined £40,000 for sending just over 2 million unsolicited emails. What’s interesting about this case is that a third-party was used to send the emails making use of hosted marketing campaigns. They even checked with a data protection expert and lawyer before instructing the marketing program to be carried …

Read morePension company fine highlights perils of bad advice and non-compliance

ICO enforcement highlights the cost of ignoring subject access requests

ICO fine for subject access request

Recent enforcement by the ICO against Magnacrest Ltd highlights the cost of ignoring not only your own data subjects, but also the ICO. Magancrest have been fined £300, with a victim surcharge of £30 and costs of £1133.75 for ignoring an enforcement notices from the ICO to deal with a subject access request, after an …

Read moreICO enforcement highlights the cost of ignoring subject access requests

First significant GDPR fine hits Google (£44m)

Google fined for consent issues

The French data regulator, CNIL, (the French equivalent of the UK’s ICO) has fined Google €50m, a record when it comes to data protection fines. The fine follows an investigation after a complaint from privacy rights groups noyb and La Quadrature du Net in May last year about the way consent is collected by Google, for …

Read moreFirst significant GDPR fine hits Google (£44m)

ICO fines Carphone Warehouse £400k

Regulation

Carphone Warehouse have been issued with one of the largest fines by the Information Commissioner’s Office after customer and employee data was compromised after a cyber-attack in 2015. The ICO cite “multiple inadequacies in Carphone Warehouse’s approach to data security and determined that the company had failed to take adequate steps to protect the personal …

Read moreICO fines Carphone Warehouse £400k

Website vulnerability leads to £60k ICO fine

latest compliance news posts

The Information Commissioner’s Office (ICO) (the UK’s “data regulator”) has fined a small video game rental company £60,000 after failing to take basic action to prevent an SQL injection vulnerability with their website, which led to a data breach and access to customer details. This latest fine just indicates that any size business is at …

Read moreWebsite vulnerability leads to £60k ICO fine