Home » News updates and thoughts » Data Protection » Page 2

Category: Data Protection

GDPR Fines 2022

ICO logo

as at 10 June 2022 1087 fines had been issued for breaches of the GDPR. These fines totalled Euro1,631,665,332 that is an average of over euro150,000 per fine.

Fines can be issued to companies, charities, individuals in fact anyone the breaches the legislation.

The smallest fine issued so far was for Euro28, the largest Euro746,000,000

some notable names who have been warned, fined or both include:

  • Marriott International
  • British Airways
  • Facebook
  • Google
  • The Conservative Party
  • Reed online
  • Royal Mail Group
  • The Ministry of Justice
  • Virgin Media
  • The Cabinet Office
  • Unite the Union
  • Saga Services
  • Saga Personal Finance
  • Sports Direct
  • Papa Johns
  • American Express

Fines are also being issued for non payment of data protection fees!

Our courses on GDPR and PECR help you understand legislation and good practice and consequently be better able to stay within the law

7726 equals Spam

7726 = SPAM = £85000 Fine for Tempcover Ltd

Received an unsolicited marketing sms on your phone and you can report it by forwarding to the number 7726. The number is easy to remember 7726 spells out spam on your phone key pad.

12 users reported marketing sms messages from short term car and van insurer Temp Cover via the 7726 services and one additional user reported the messages direct to the ICO.

These complaints investigated by the ICO and Tempcover Ltd were fined £85,000.

Digging deeper into the case Tempcover believed they had consent because users had confirmed their agreement to Tempcover processing their details in line with Tempcover’s ” privacy policy and terms of business” But the ICO ruled that this was not sufficient stating Tempcover

“had failed to provide subscribers with an opportunity to opt-out of direct marketing when first obtaining their details, and essentially made agreement to marketing a condition of service. For this reason, the consent to receive unsolicited direct marketing messages cannot be said to have been ‘freely given’.”

This is clear example of why regular high quality GDPR training is essential for all businesses. No organisation can afford to get caught out by employees failing to understand or remember the rules

Concrew Trainings data protection courses start at just £285 for 14 people, at our prices all organisations can afford high quality GDPR and PECR training every year.

GDPR – 3 pivotal thoughts

Data Protection Training £285

For front line staff, getting 3 pivotal areas understood and adhered can be the difference between GDPR compliance and breach.

  1. Is all filing robust?
  2. When, where and how is information used and shared?
  3. Have all service users actively agreed to this?

Think about the following:

Filing
is everything that contains a personal name filed under lock and key?

  • staff records
  • service user records
  • customer details
  • supplier details
  • invoices – purchase/sales
  • what about laptops – are they encrypted?

Sharing of data
do you know in the ins and outs of how, when and where you share data?

  • with whom
  • by what method
  • how shared data is stored
  • how long shared data is kept for
  • how shared data is destroyed
  • what about?
    • telephone answer messages
    • online and cashless payment systems
    • data back ups
    • emails
    • what about any apps the organisation uses
    • what about any social networks use

Consent

    • have all service users been told about all of all of the above
    • have they agreed to it

If all staff, all honesty answer no to any of these questions you really do need to instigate update training on the latest rules and regulations relating to data protection, GDPR and PECR.

to be fully compliant every system procedure, process, project and initiative needs to assessed to ensure privacy is maintained at every stage. As a bare minimum every member of staff needs to think about the above questions and point out where things may be going wrong.

Our training courses on data protection, GDPR, PECR and Privacy Impact Assessments help.

GDPR & PECR Training 2022

ICO Logo

Following the appointment of John Edwards as the new Information Commissioner we are expecting changes in strategy, direction, guidelines, rules and regulations that impact on data protection, the UK-GDPR and the UK-PECR.

We are keeping a close eye on changes and will incorporate them into our data protection related courses as the appear

Whilst most of the headline news around GDPR/PECR relates to data breaches analysis of action and fines by the Information Commissioners Office (ICO) shows that most breaches are down to human error; poor understanding of data protection laws and poor practice; bad judgments and naivety remain the most common drivers behind breaches.

It is imperative that management and data protection teams keep up to date with the all the changes as they occur. Embed them in their policies and procedures and cascade to staff.

Regular update training for all is a low cost way to stay compliant and avoid the huge fines that apply in the event of GDPR/PECR breaches.

Check out our courses here. Prices start at just £285+vat for a group of 14.

 

 

 

 

30000 GDPR breaches

GDPR 2021

Hundreds of Afghan interpreters who worked with UK troops have had their lives, potentially, put at risk because an email was sent without using the BCC option.

A simple easy to make mistake you may say but one has to question the quality of the GDPR training in place. Avoiding mistakes like this is essential if breaches of the GDPR are to be avoided.

Unfortunately GDPR beaches are common, over 30,000 have been reported to the ICO and most are down to human errors and easily avoided mistakes.

It is essential that all organisations have robust annual training in place. The consequences and fines make robust training a high value solution.

ICO FINE We Buy Any Car, Sports Direct and Saga

ICO Logo

The ICO has announced fines totalling £495,000 to well-known companies that between them sent more than 354 million nuisance messages.

We Buy Any Car was fined £200,000 for sending more than 191 million emails. The firm also sent 3.6 million nuisance texts.Saga Services LtdandSaga Personal Financewere fined £150,000 and £75,000 respectively for instigating more than 157 million emails between them.Sports Direct has been fined £70,000 for sending 2.5 million emails.

None of the companies had permission from people to send them marketing emails or texts. This is against the law.

Concrew Trainings Courses help management and staff understand data protection laws and help keep you safe. Find out more via the links below

GDPR Training

PECR Training

Impact Assessment Training – Online Practice Sessions

Impact Assessment Training

To meet customer demand for practical hands on support on how to conduct low burden, high quality, impact assessments we now offer a 3 hour online session to help you carry out a live impact assessment on two of your policies, practices or procedures.

These sessions are not a replacement for training on equality, data protection, the GDPR or PECR but rather follow on sessions that complement and dove tail with such training to help ensure implementation is more robust and effective.

Our full courses on the Equality Act, the General Data Protection Regulations (GDPR) and the Privacy in Electronic and Communications Regulations (PECR) all have built in audits at the end that enable participants to consider how their specific policies and procedures measure up against expected legal compliance and best practice.

Our follow on course on Impact Assessments explore why this approach is key to legal compliance and provides guidance on how to develop a low burden effective approach to impact assessments, these new online sessions take the training a stage further and allow participants, guided by a subject specialist to impact assess two policies, practices or procedures of their choice.

The Public Sector Equality Duty (PSED) in the Equality Act requires public bodies to pay “due regard” to securing equality of choice and process in policies, practices, and procedures. ‘Due Regard’ is usually facilitated through an Equality Impact Assessments (EIAs).

By analogy, Data Protection laws have within them a new concept- “Privacy by Design”. Organisations simply have to think harder about privacy. This means adopting a “Risk Based Approach”. And where appropriate, Privacy Impact Assessments (PIAs) must be carried out on policies, practices, and procedures all with a focus on protecting data subject rights.

If you and/or your colleagues have received training on the equality and data protection laws but now need help in carrying out equality or privacy impact assessments we can assist.

Our online practice sessions enable up to 3 representatives from your organisation to carry live risk assessments on two of your policies, practices or procedures. In doing so they gain the knowledge and confidence to cascade and roll out further.

Whilst the session sets the stage with a brief overview of the latest legal position on equality and data protection laws it is assumed participants are fully conversant with the legislation applying to the policy, practice or procedure being assessed. Notably:

  • The Equality Act
  • General Data Protection Regulation (GDPR) and UK Data Protection Act
  • Privacy and Electronic Communication Regulations (PECR)

The live session focus on your specifically chosen policies, procedures, or practices. We have other courses that provide the necessary background information if necessary

The small print

  • Each session costs £695+ vat and the invoice needs to be paid in advance
  • Our standard cancellation terms apply
  • Each session is are run live on your video conferencing platform at a mutually convenient time.
  • Each session is prefaced with a 1 hour telephone/video conferencing scoping call with your lead representative.
  • Copies of the chosen policies need to be submitted in confidence in advance of the training.
  • You can choose two policy, practices, or procedures on which you need live IMPACT assistance. You can choose one for equality, one for privacy or two for equality or two for privacy.
  • If you have an existing EIA and/or PIA toolkit we will need a copy in advance and will dovetail the training to it, If not, we will provide one

GDPR to be replaced ?

GDPR are you compliant ? notice

An interesting article suggesting the GDPR may be replaced with a new more flexible approach to data protection that betters meets the needs of SME business and is flexible enough to adjust to changes in technology.

Its an interesting read, find it here

What ever the changes our courses on data protection will be updated to reflect them.

Why you need GDPR and PECR training NOW

Fines poster

Most people will have heard of the GDPR, but what about the PECR? Do you what it is or how high the fines for breaching it can be?

Unfortunately ignorance isn’t a suitable defence and most penalties for breaches of the GDPR and PECR can be attributed to staff errors. Poor or no knowledge of the regulations, insufficient understanding of what they, personally, need to do to meet the legislation. Poor quality, incomplete or missing privacy impact assessments or just laziness or it’s too much effort attitude and approach to privacy.

Concrew Trainings courses on GDPR and PECR bring these potentially dry dull and boring subjects to life and help participants understand why every company and every individual needs to understand fully the latest requirements for data protection.

Our courses start at just £285+vat for 14 people. The cost is miniscule relative to the fines the ICO hands out.

Well we would say that now wouldn’t we: ………………………..

Check out these recent ICO fines:

Mermaids Charity– 08 July 2021
The Information Commissioner’s Office (ICO) has fined transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure.

Brazier Consulting Services – 01 July 2021
The Information Commissioner’s Office (ICO) has fined Leeds-based Brazier Consulting Services Ltd (BCS) £200,000 for making unlawful claims management calls.

ColourCoat Ltd – 23 June 2021
£130,000 fine for multiple breaches of Regulations 21 and 24 of the PECR.

Global One 2015 Charity – 15 June 2021
fined £10,000 for sending unsolicited direct marketing messages

Papa Johns (GB) Ltd – 15 June 2021
fined £10,000 for sending nuisance marketing messages to its customers.

OK, I hear you say, but it won’t happen to us………….. We are too large/professional/organised/etc/etc

What about the recent names fined in the last 12 months

The Conservative Party MPN
The Information Commissioner’s Office (ICO) fined the Conservative Party £10,000 for sending marketing emails in the name of RT Hon Boris Jonson MP to people who did not want to receive them.

American Express Services Europe Limited
Direct marketing messages were sent by, or at the instigation, of American Express Services Europe Limited. These messages contained direct marketing material for which subscribers had not provided adequate consent. Fined £72,000

Marriott International
The ICO fined the hotel chain Marriott International Inc. £18.4million for failing to keep millions of customers’ personal data secure.

British Airways
The Information Commissioner’s Office (ICO) fined British Airways (BA) £20m for failing to protect the personal and financial details of its customers.

Singapore subway by Jim used under CC BY-SA 2.0