Article categories

Canal+ fined €600k for GDPR breaches including failure to report data breach

green potted plant on brown wooden table

French broadcasting company Groupe Canal+ was recently fined €600,000 by the French data protection authority (CNIL) for multiple violations of the EU’s General Data Protection Regulation (GDPR). The CNIL’s investigation uncovered several areas where Canal+ was non-compliant: The data breach in question exposed the contact details of around 10,000 Canal+ subscribers over a period of 5 hours. …

Read more

What is considered “disproportionate effort” under GDPR?

Hand over envelopes

Under Article 13 of GDPR you must give data subjects information about your data processing practices, this is commonly known as the “Right to be informed”. This information includes but is not limited to what types of data you process about them, under what legal basis you process the data and where the processing takes …

Read more

Does GDPR apply to b2b data?

Does GDPR apply to b2b data image of question mark and data over city landscape

If you processing personal data for “b2b” or business to business purposes, does GDPR apply? There is often some confusion over this issue but in most cases yes, the GDPR still applies. So in this article we’ll look at some examples of b2b processing and explore what you may need to consider in order to …

Read more

GDPR Training Requirements: Who needs to do GDPR training?

Man completing online training

GDPR might not be everyone’s favourite topic but it is important. With financial penalties for non-compliance soaring over the last few years, there’s never been a more appropriate time to review your current training programme or to put one in place. When deciding on what steps to take you may be wondering who exactly needs …

Read more

Can I get compensation for a GDPR Data Breach?

What is a data breach? A data breach occurs when an unauthorized person gains access to your personal information. This could be by hacking into a system that stores your personal information, for example hacking into a database or computer system. Or it could be by unlawful access – where a person uses their access …

Read more

The Biggest GDPR Fines so far (Updated for 2022)

GDPR Biggest Fines Money Image

UK GDPR and EU GDPR have introduced some stiff penalties for poor data protection practices. Prior to the introduction of these regulations, data protection fines didn’t really reflect the severity of poor compliance. For example, in the UK the Data Protection Act which provided far weaker rules on how data must be protected than the …

Read more

What does the biggest security exploit of the year mean for your GDPR compliance?

GDPR Servers Data Breach Question

The Log4j 2 exploit will have affected millions of organisations, potentially exposing  customer data to hackers. As IT teams scramble to fix the patch, we ask what implications this may have for GDPR compliance? What security issue? A critical vulnerability has been discovered in Log4j 2, an open-source Java package used on Apache servers to …

Read more

Europe data privacy decisions round-up August 2021

A round-up of some of the most recent data privacy decisions led by data protection authorities in Europe. United Kingdom The High Court of England and Wales held that controllers and processors outside of the EU that nominate a representative under Article 27 GDPR cannot outsource liability for breaches of the GDPR. The representative can …

Read more

Most ironic PECR fine yet as firm selling nuisance call blocker fined under TPS rules

Old phone sitting on desk

A new contender for the most ironic PECR fine yet has entered the ring: The Information Commissioner’s Office (ICO), in the United Kingdom, has fined Yes Consumer Solutions Limited (YCSL) £170,000 for making 188,493 unsolicited direct marketing calls to customers registered with the Telephone Preference Service (TPS). The fine follows an assessment under the Privacy …

Read more

How much are GDPR fines?

There are two tiers of fine under the EU-GDPR & UK-GDPR. The tiers are based on the type of violation and the type of data processing concerned.  Most organisations fall within the lower-level tier. How is the value of the fine decided? Supervisory authorities consider multiple factors when deciding on the value of the fine …

Read more