Category: GDPR

Following an extensive investigation, the ICO has issued a notice of its intention to fine Marriott International £99,200,396 for data breach under the GDPR. The U.S. hotel group is the second firm to face a massive GDPR fine. Marriott notified the ICO of a cyber incident in November 2018. A variety of personal data contained

The new guidance aims to align the ICO’s position on cookies with GDPR. What should I do? There are steps a business must take to ensure compliance with the new guidance: Say what cookies will be set and explain what the cookies do The information provided to the data subject must cover: the cookies intended

British Airways is facing a record fine of £183m data breach of its security system. The GDPR imposes stiff fines on data controllers and processors for non-compliance. On the one hand a company can either be fined up to €10 million, or 2% of the worldwide annual revenue of the prior financial year. On the

The ICO fined Greenwich University  £120,000 for failing to prevent  a serious data breach.  The breach disclosed the data of 19,500 students. This occurred due to a microsite developed by an academic and a student in the then-devolved University’s Computing and Mathematics School, to facilitate a training conference in 2004. The data included names, addresses, dates

The European Commission has published guidance on the interaction between the Regulation on the free flow of non-personal data and the GDPR. One year after the GDPR started to apply, most controllers are (or at least they should) well aware of the security and privacy requirements that should govern the datasets which contain personal data.

A recent decision from the Cologne Regional Court addresses whether individuals are entitled to receive emails and personal notes as part of a DSAR. “I want access to all personal data you handle about me”. What should you do as the controller if you receive an email like this? According to GDPR, individuals have the right to obtain:

Does the collection of biometric data by employer violate privacy? For the first time in Australian history, an employee was fired for refusing to submit biometric finger scanning data required by his employer. The employee believes that he had been wrongfully terminated. After he was denied an unfair dismissal claim by an Australia’s Fair Work

Google blocks Huawei access to Android after blacklisting due to some security and privacy concerns The Trump administration adds Huawei to the U.S. Department of Commerce’s Entity List via executive order, thereby blacklisting the company as far as U.S. corporations are concerned.  The world’s second biggest smartphone maker, Huawei, has been barred by Google from