Only yesterday we saw the first proper fine of the post-GDPR era. A mere £183m. Today we hear that the ICO also intends to fine Marriott hotels just under £100m. More than a quarter of a billion pounds in 48 hours. For context, in the whole of last year the total fines for data protection … Continue reading Ten steps to avoid losing £283m
Anyone who cares about privacy has been waiting for the signal to start taking the new Data Protection Act seriously. Frankly, after the big rush to get "GDPR-ready" by May of last year, most organisations seem to have returned privacy to the too-hard pile. Very few have done anything to embed privacy as a living … Continue reading It’s time to get ethical
That's how much companies in the UK have been fined over the past 12 months for data breaches and contraventions of data protection law. Sounds like a lot - or maybe it doesn't, given how frequently data breaches are in the news. There's a reason for that. Of the £21.5m, 76% is one fine. Not … Continue reading £21,474,000.00
Here's why: https://www.bloomberg.com/news/articles/2018-08-30/google-and-mastercard-cut-a-secret-ad-deal-to-track-retail-sales Short version - if you buy something in a US store with your Mastercard, they tell Google about it. Google then reconciles your purchase with your advertising exposure while logged in with a Google account, and sends a report to advertisers to show how on-line ads drive offline sales. This is, of course, … Continue reading Why do we need data protection laws?
[Link updated as the ICO has moved its blog] On the 25th of April, I wrote GDPR: you're all getting it wrong. On the 9th of May, Steve Wood (the Deputy Commissioner) wrote this: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/05/blog-raising-the-bar-consent-under-gdpr/ See? I may be a voice in the wilderness, but I'm not (always) wrong.
If I get one more email telling me that “GDPR means we have to ask you to opt-in” I think I’m going to go postal. Let’s do this slowly, and this time with feeling. Marketing (and fundraising) emails are covered by the Privacy and Electronic Communications Regulation 2003. That’s right, a 15-year-old piece of legislation. … Continue reading GDPR: you’re all getting it wrong
I wasn't going to blog about Carphone Warehouse being fined £400k by the ICO for a breach, because boring-boring-you've-done-this-before, but then I couldn't help myself. Carphone's offence? A data breach. Resulting from poor maintenance of cyber security on an internet-facing webserver. You remember TalkTalk? They were fined £400,000 just over a year ago. For a … Continue reading What does it take?