UpDATA - the data risk blog

Latest posts

1 to 10 of 39
  • ICO updates guidance on DSAR response time limits

    Submitted: 09 September 2019

    Data controllers will now have one month from the date of receipt of a DSAR to provide response.

  • Updata Bulletin - Summer 2019

    Submitted: 09 September 2019

    Selected data protection legal and regulatory developments in the UK, EU and internationally. Highlights include the first significant GDPR fines, the largest data protection fine ever and new guidance from the ICO on the use of artificial intelligence.

  • SARs: a tool for identity theft

    Submitted: 12 August 2019

    A researcher from Oxford University has sent a fake subject access request to over 150 companies in order to prove how the “right of access” under Article 15 of the GDPR can be easily exploited by malicious attackers to steal sensitive personal information.

  • US regulator imposes fine on Facebook more than double the GDPR maximum

    Submitted: 18 July 2019

    Following a settlement last week the US Federal Trade Commission has imposed a fine of $5bn on Facebook in relation to its privacy law violations in connection with the Cambridge Analytica scandal. The sheer scale of the fine, more than twice the maximum level possible under GDPR, and the market reaction to it raise a number of interesting questions.

  • FOI requests continue to expose cyber weaknesses in the financial services sector

    Submitted: 11 July 2019

    The FCA has confirmed that in November 2018 four UK banks were targeted by hackers, further highlighting cyber weaknesses in financial services.

  • Ramming home the point, the ICO intends to fine Marriott almost £100m

    Submitted: 09 July 2019

    Following on from its announcement of the largest ever GDPR fine yesterday – £183m against British Airways - the ICO has gone again, announcing the second largest ever GDPR fine – this time a fine of almost £100m against Marriott.

  • British Airways - the ICO shows its teeth

    Submitted: 09 July 2019

    This morning the Information Commissioner’s Office announced that it intended to impose a fine of £183.39m on British Airways in respect of the well-publicised data breach, in which, beginning in June 2018, the data of 500,000 customers was compromised.

  • FOI request sheds light on stark increase in reported cyber incidents

    Submitted: 03 July 2019

    A recent Freedom of Information Act request submitted to the Financial Conduct Authority highlights a near 12-fold increase in cyber incidents between 2017 and 2018.

  • Data Controller DSAR obligations clarified

    Submitted: 07 June 2019

    This blog highlights the key points from the recent decision in Dawson- Damer and others v Taylor Wessing LLP and others [2019] EWHC 1258 (Ch).

  • Prosecutions for snooping employees

    Submitted: 01 April 2019

    The ICO has announced three successful prosecutions for unlawful obtaining or disclosing of personal data under s55 of the Data Protection Act 1998, all of which involved employees accessing or transferring personal data in their own self-interest.

1 to 10 of 39