The ICO has certainly got the New Year off to a flying start! On Thursday of last week, it fined DSG Retail Limited £500,000 for data protection law breaches associated with a cyber-attack which affected DSG’s Currys PC World and Dixons Travel stores between July 2017 and April 2018.
As the breaches occurred prior to 25th May 2018 (when the GDPR came into force), the fine was issued under the previous legislation, the Data Protection Act 1998 (‘DPA’). The fine amounted to the maximum penalty that could have been imposed under the DPA and the ICO has indicated that the fine would have been much higher had it been issued under the GDPR.
Once again, the fine related to technical and organisational security failures, which meant that personal data was put at risk. The ICO justified its imposition of the maximum fine possible on various grounds, including:
Once again, the fine highlights how important it is for organisations to:
For more information, please contact a member of our Information Law team.
RELATED: INFORMATION LAWGDPR
+44 (0)29 2039 1758email
Head of Knowledge Management, Cardiff
+44 (0)29 2039 1785email