This category examines notable fines imposed on organisations for data protection violations. Our expert analysis helps you understand the reasons behind these penalties and provides valuable insights to help your organisation avoid a similar fate.
French broadcasting company Groupe Canal+ was recently fined €600,000 by the French data protection authority (CNIL) for multiple violations of the EU’s General Data Protection Regulation (GDPR). The CNIL’s investigation uncovered several areas where Canal+ was non-compliant: The data breach in question exposed the contact details of around 10,000 Canal+ subscribers over a period of 5 hours. …
The ICO have fined Royal Mail £20,000 for their recent email marketing gaffe, which led to over 213,000 customers who had not consented to marketing communications – receiving promotional emails for their commemorative ‘War of the Roses’ collectable stamp set. Unusually this case did not begin with a series of complaints to the ICO from …
UK GDPR and EU GDPR have introduced some stiff penalties for poor data protection practices. Prior to the introduction of these regulations, data protection fines didn’t really reflect the severity of poor compliance. For example, in the UK the Data Protection Act which provided far weaker rules on how data must be protected than the …
The ICO’s recent enforcement action against Virgin Media shows us that some marketers are still failing to understand the ICO’s guidance on PECR. In this article we’ll look at the case, examine what went wrong and provide some simple solutions that can help you reduce your risk of making the same mistakes. On the 6th …
A round-up of some of the most recent data privacy decisions led by data protection authorities in Europe. United Kingdom The High Court of England and Wales held that controllers and processors outside of the EU that nominate a representative under Article 27 GDPR cannot outsource liability for breaches of the GDPR. The representative can …
A new contender for the most ironic PECR fine yet has entered the ring: The Information Commissioner’s Office (ICO), in the United Kingdom, has fined Yes Consumer Solutions Limited (YCSL) £170,000 for making 188,493 unsolicited direct marketing calls to customers registered with the Telephone Preference Service (TPS). The fine follows an assessment under the Privacy …
Over seven months, the ICO estimates that protein retailing e-commerce company Muscle Food sent 135,651,627 marketing emails and 6,354,426 marketing SMS messages without valid consent. The ICO have issued Muscle Foods Limited, trading as Muscle Food, a monetary penalty notice and enforcement notice imposing a fine of £50,000 for sending approximately 135,651,627 marketing emails and …
The ICO have recently fined “Digital Growth Experts Ltd”, formerly “Motorhome Brokers Ltd” for sending thousands of marketing text messages without consent. This brazen breach of PECR occured between 29 February and 30 April 2020. Reportedly, 16,190 messages were received, promoting a hand sanitising gel. During their investigation the ICO found that Digital Growth Experts …
On the 10th July 2020, the AEPD – Spain’s data protection authority initiated a sanctioning procedure to fine the Barcelona Airport Security Guard Association (AVSAB) under the GDPR. The case found that a member of the AVSAB security group had used WhatsApp to send messages to private phone numbers containing personal information about employees. The …
If you have old contacts sitting around in your CRM or email marketing software, now is the time to delete them. Because recent cases tell us, regulators are paying increasing attention to GDPR’s requirement to only keep data for as long as you need it. On the 27th of August 2020, Danish data protection authority …
