Latvian “ICO” issues €7k fine for right of erasure failing

right of erasure fine Latvia

The Latvian Data Protection Authority (the Data State Inspectorate of Latvia (DSI)) has issued a fine of €7000 to an online retailer for non-conformity with a data subjects “right to erasure” and not co-operating with the DSI. The individuals’ right to erasure (or right to be forgotten) allows a data subject to request that any …

Read moreLatvian “ICO” issues €7k fine for right of erasure failing

Learnings about data security from an £80k ICO fine for an estate agent

ICO fine estate agent 80k for security issues

The ICO have fined estate agent, Life at Parliament View Limited (LPV), £80,000 for security failings relating to tenant information. The breach occurred in 2015 (which is why this was dealt with under “old” data protection and not GDPR). It occurred when an insecure FTP (file transfer service) server was used to transfer just over …

Read moreLearnings about data security from an £80k ICO fine for an estate agent

Who’s looking after your data protection compliance?

Data protection never takes a holiday

In March 2019 a First-tier Tribunal was held between Farrow and Ball Ltd and the Information Commissioner’s Office (ICO). In its work to chase down organisations that are not paying the new data protection fee (as required by the Data Protection (Charges and Information) Regulations 2018 which came into force in UK law at the same …

Read moreWho’s looking after your data protection compliance?

£145k fine for data sharing process failings

ICO fine council for gang matrix breach

In April 2019 the ICO issued a fine for £145,000 to the London Borough of Newham for unlawfully disclosing personal data of more than 200 individuals who were featured on the Metropolitan Polices “Gang Matrix” intelligence database. The data in redacted and unredacted forms were shared with 44 recipients including external organisations and voluntary agencies. It’s …

Read more£145k fine for data sharing process failings

First GDPR fine in Poland for breach of Article 14 of the GDPR

GDPR fine for Article 14 breach

The Polish data protection authority (UODO) has fined a company PLN943k (about £188k) for failure to inform data subjects about how they came to have their data and how they were planning on processing it (Article 14 of the GDPR). Article 14 is part of the GDPR’s “right to be informed” provisions that require you …

Read moreFirst GDPR fine in Poland for breach of Article 14 of the GDPR

Pension company fine highlights perils of bad advice and non-compliance

ICO fines company for unsolicited emails

Grove Pension Solutions Ltd has been fined £40,000 for sending just over 2 million unsolicited emails. What’s interesting about this case is that a third-party was used to send the emails making use of hosted marketing campaigns. They even checked with a data protection expert and lawyer before instructing the marketing program to be carried …

Read morePension company fine highlights perils of bad advice and non-compliance

ICO enforcement highlights the cost of ignoring subject access requests

ICO fine for subject access request

Recent enforcement by the ICO against Magnacrest Ltd highlights the cost of ignoring not only your own data subjects, but also the ICO. Magancrest have been fined £300, with a victim surcharge of £30 and costs of £1133.75 for ignoring an enforcement notices from the ICO to deal with a subject access request, after an …

Read moreICO enforcement highlights the cost of ignoring subject access requests

First significant GDPR fine hits Google (£44m)

Google fined for consent issues

The French data regulator, CNIL, (the French equivalent of the UK’s ICO) has fined Google €50m, a record when it comes to data protection fines. The fine follows an investigation after a complaint from privacy rights groups noyb and La Quadrature du Net in May last year about the way consent is collected by Google, for …

Read moreFirst significant GDPR fine hits Google (£44m)

ICO fines Carphone Warehouse £400k

Regulation

Carphone Warehouse have been issued with one of the largest fines by the Information Commissioner’s Office after customer and employee data was compromised after a cyber-attack in 2015. The ICO cite “multiple inadequacies in Carphone Warehouse’s approach to data security and determined that the company had failed to take adequate steps to protect the personal …

Read moreICO fines Carphone Warehouse £400k

Website vulnerability leads to £60k ICO fine

latest compliance news posts

The Information Commissioner’s Office (ICO) (the UK’s “data regulator”) has fined a small video game rental company £60,000 after failing to take basic action to prevent an SQL injection vulnerability with their website, which led to a data breach and access to customer details. This latest fine just indicates that any size business is at …

Read moreWebsite vulnerability leads to £60k ICO fine