- the Court acknowledged Morrison’s had comprehensive data protection procedures in place;
- Skelton had copied the data on his personal computer outside of work hours, and;
- Skelton’s intention was to harm his employer, not the employees’ whose data he violated.
First GDPR finesMuch has been said and written about the EU’s General Data Protection Regulations (GDPR) and the UK’s Data Protection Act 2018 (DPA 2018), which have now been in force for over a year. Significant fines have been issued, including some for eye-watering amounts levelled at Big Tech. However, across Europe, SMEs have also incurred penalties. In November 2018, A German chat site was fined €20,000 (£17,809) following a major data breach. Knuddels.de suffered a breach that saw information relating to 330,000 users’, such as email addresses and passwords, placed on Mega.nz and Pastebin.com. LfDI Baden-Württemberg, the regional data protection authority stated, “by storing the passwords in clear text, the company knowingly violated its duty to ensure data security in the processing of personal data in accordance with GDPR Article 32(1)(a).” In Portugal, the Portuguese Central Hospital of Barreiro Montijo was fined €400,000 after staff accessed patient data via fake profiles. No GDPR fines have been issued by the Information Commissioners Office (ICO) as yet. But British Airways is facing a record fine of £183m for last year's data leakage (1.5 percent of its turnover), and the hotel chain Marriott could have £99m (3 percent) struck off its balance sheet.
Cyber-attacksCyber-attacks are politically or economically motivated invasions of an organisation’s computer systems. They are generally launched over the Internet and are carried out through the spread of malicious programs (viruses), unauthorised web access, fake websites, remotely controlled IoT applications, and file sharing services. Examples of cyber-attack methods include:
- Malware – malicious software such as spyware, ransomware, viruses, or worms which breaches a computer network, installing dangerous software which can paralyse the network or lead to the theft of data.
- Phishing – the sending of fraudulent communications through an apparently reputable source, such as a company’s email, to fraudulently steal personal data.
- Man-in-the-Middle – the attacker places themselves in the middle of a transaction (for example transferring a house purchase deposit). Software is secretly installed to view and steal the victim’s information.
- Zero-day exploit – an attacker exploits an unknown flaw in an organisation’s software, hardware, or firmware. Because the flaw is undiscovered, no patch has been created, leaving it open to breach.
How can LawBite help?At LawBite, we can help guide businesses through the maze of initial compliance and with the process of remaining compliant with the GDPR obligations. Our suite of GDPR products provides the ideal solution to get your business fully compliant. While if you remain somewhat uncertain about your position regarding the full compliance of your data protection procedures you can check your position via our handy GDPR Checklist. For further GDPR legal advice, please enter an enquiry or call us today on 020 7148 1066 to speak to a member of our friendly Client Care Team.
Read our latest blog posts on GDPR, featuring all the latest legal news, analysis and opinion from our expert lawyers.
- By Lawbite Team
- March 26, 2020
Many businesses have needed to adapt and embrace remote working. For many, this can raise new working practices and question how data is managed wi...
- By Lawbite Team
- March 19, 2020
Coronavirus and its spread across borders is a concern for employers and employees. While employers will be concerned to ensure their business’ con...
- By Lawbite Team
- January 30, 2020
The ICO has published a statement on GDPR compliance after 31 January 2020 (the day that the UK leaves the European Union). There are no big surp...
LawBite can help you
LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.
Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.