Ten steps to avoid losing £283m

Only yesterday we saw the first proper fine of the post-GDPR era. A mere £183m. Today we hear that the ICO also intends to fine Marriott hotels just under £100m. More than a quarter of a billion pounds in 48 hours. For context, in the whole of last year the total fines for data protection … Continue reading Ten steps to avoid losing £283m →

It’s time to get ethical

Anyone who cares about privacy has been waiting for the signal to start taking the new Data Protection Act seriously. Frankly, after the big rush to get "GDPR-ready" by May of last year, most organisations seem to have returned privacy to the too-hard pile. Very few have done anything to embed privacy as a living … Continue reading It’s time to get ethical →

Britain has a productivity problem

The UK lags behind other global economies in productivity growth. Experts are baffled. I’m not. I haven’t blogged in a while because we’ve been a little busy growing very fast. One consequence of that is that we need to move office. Not a complex task, really – we only need one floor of a building, … Continue reading Britain has a productivity problem →

Bought-in lists are dead

The ICO has fined a pensions advisor £40k for sending nearly 2m spam emails. So far, so nobody-cares-about-PECR[i]. In fact the fine is pretty low for an infringement of this size. Why? Because the Grove Pension Solutions checked their proposed marketing scheme with a “recognised specialist data protection consultancy” and an “independent data protection solicitor” … Continue reading Bought-in lists are dead →

Oh for Pete’s sake (passwords again)!

This is getting silly. We're all familiar with password complexity rules intended to help us create "strong" passwords that are harder to crack. Those of us who have been paying attention will know that the real outcome of this approach is to create passwords that are surprisingly easy for computers to crack but really hard … Continue reading Oh for Pete’s sake (passwords again)! →

Who’s in control? (wonkish)

Bit of a technical one for the privacy nerds here. There's an interesting update from the ECJ: The Advocate General proposes to rule that under the Data-Protection-Directive the operator of a website who has embedded on its website a third-party plugin (such as the Facebook Like button), which causes the collection and transmission of the user’s … Continue reading Who’s in control? (wonkish) →

Hard Brexit preparation

This is more of a reminder than anything else. I've already blogged about the risks of a hard Brexit from a data protection compliance perspective, and we've featured it in our October newsletter at Securys. But now the ICO has also said similar things, and the government is moving to "full hard-Brexit preparation". So it's … Continue reading Hard Brexit preparation →