Privacy Updates This Week

Weekly_Privacy_Highlights |DPO Role

Fines and more fines everywhere! It has been a week of fine related news. This is why to help you go through a list of the recent fines, we have summarized all of the key fines that have been imposed under the GDPR law in the past few years together for you. You can find more information in the Seers fine tracker here.

To mitigate against all of these fines and penalties, it is imperative that you should reduce the possibility of a data breach for implementing the best practice in terms of policies, procedures and processes in your organisation. As well as to train your staff members on fulfilling their obligations under the GDPR by handling and processes personal data correctly through the use of this innovative GDPR Staff eTraining Solution.

Meanwhile, here are the top privacy headlines.

Top privacy headlines this week:

Most expensive data breach ever!

JM Bullion, a dealer for gold, silver, copper, platinum and palladium, recently became a victim of a cyber-attack. The cyber-attack took place somewhere in February this year. However, due to a lack of security checks in place, the attack was not discovered until July this year. This attack allowed the hackers to fetch information of the dealer and the clients and harbor it for a long period of time before revealing it to the public.

Read more here

Oracle and Salesforce could face multi-billion-dollar GDPR lawsuit

Two of the biggest tech companies are sued by privacy campaigner and data protection specialist Rebecca Rumbul. According to Rumbul they “unlawfully” gathered user data and used it to “follow” people around the internet with ads. This is unethical and unlawful in several countries of the world. The data violation is considered a strictly penalisable offence under the GDPR and the PECR. In the Netherlands, upon trial the two firms were found guilty, they could be looking at a fine of anywhere between $13 and $19.5 billion. The lawsuit can emerge in other countries in a similar context at any time.

Read more here

Zoom has settled with the FTC over “deceptive” security practices

The Federal Trade Commission announced a settlement with videoconferencing platform Zoom over “misleading claims” about its security. The agency said in a statement that when Zoom incorrectly claimed its video calls were protected by end-to-end encryption, the company engaged in “deceptive and unfair practices that undermined the security of its users.”

Read more here

Experian given final chance after breaking GDPR

The ICO has warned Experian to comply with an enforcement notice or face a potentially huge GDPR fine for illegally using customer data for marketing purposes. The final notice asks for immediate changes and clarifications on its policy for dealing with the matter. This notice is among the steps taken post the investigation of the top three credit organisations operating in the UK including Experian, Equifax and TransUnion.

Read more here

Data Protection Commission finds prison security system in breach of GDPR

The Irish DPC found problems within the prison security system. The Irish prisons are found to be in breach of the General Data Protection Regulation (GDPR) after investigating a complaint by a prison officer. According to the findings the security system involves scanning prison officers’ thumbprints in order to admit them through security gates.

Read more here

Why is the ICO reducing fines?

ICO reduced GDPR fines to £20m for BA and £18.4m for Marriott. There are several mitigating factors at play here. Due to the initial severity of the breach, the ICO initially proposed a £30m fine as an appropriate starting point for BA, and £28m for Marriott. Later, only a month ago, the fines were reduced and revised.

The ICO considered the remedial measures proposed by BA and Marriott as mitigation factors, including the following:

  • They had each cooperated with the ICO’s investigation
  • They had each swiftly notified the affected data subjects and appropriate regulatory bodies
  • The breaches had a negative impact on brand and reputation with or without the fines
  • Neither BA nor Marriott received any financial gain as a result of the breach
  • Marriott acted quickly to mitigate the risk of damage suffered by its customers, including: (i) deploying real-time monitoring and forensic tools on 70,000 devices on the network; (ii) implementing password resets; (iii) disabling known compromised accounts; and (iv) implementing enhanced detection tools

Read more here

Hotel reservation platform leaves millions of people exposed in massive data breach

Hotel reservation platform, Prestige Software, based in Spain has been exposing highly sensitive data from millions of hotel guests worldwide, dating as far back as 2013 and including credit card details for 100,000s of people. It sells a channel management platform called Cloud Hospitality to hotels that automates their availability on online booking websites like Expedia and

Read more here

New draft EU advice for financial institutions

At the start of the initial lockdown,ATM transaction volumes in the UK fell by 62%. People instantly switched to contactless payments. This resulted in a rise in the potential for financial crimes and data associated with the transactions. The EU has drafted advice for finance institutions to help in managing such data safely.

Read more here

Surprise Suprise!

Did you know that you can avoid several lawsuits just by training your workforce on GDPR? It takes only 40 minutes to prove compliance. Find out where you stand with the GDPR, train your workforce and stay cyber-safe during the lockdown with ease. More on this in the video below:

How to reduce the liability on your business as your employees work from home.

Brexit and the end of the transition period:

Seers is hosting the next privacy webinar on the “Impact of Brexit: Privacy and Data Transfers” with key speakers: Gary O’Reilly and Katie Hewson on the 19th of November at 17:00 GMT.

This webinar will cover the impact of Brexit on data privacy for organisations at the end of the transition period (31st December 2020) as well as processes and procedures to remain compliant with data privacy regulations, data sharing agreements, data transfer strategy, EU/ UK Representative and more.

You can register here:

Also, in case you missed our previous privacy webinar “Consent Management: Cookies & Other Challenges” then here is a video recording.

GDPR Staff eTraining Solution

Help your staff to help your organisation stay safe during these challenging times by training them on complying with the GDPR.

GDPR Audit

Leave a Reply

Your email address will not be published. Required fields are marked *