David Woods

+44 (0)1733 887793 dvwoods@greenwoodsgrm.co.uk

View full profile →

Data Protection : the maximum fine imposed

Corporate and Commercial / 20 September 2018

The Information Commissioner’s Office is still processing complaints arising under the Data Protection Act 1998 before the GDPR came into force on 25 May 2018.  They have just imposed the maximum fine under that Act – £500,000 – on Equifax, the credit rating agency.

The ICO found that the UK branch of Equifax had failed to take appropriate steps to protect the personal data of UK citizens.  Its systems were hit by a cyber-attack which exposed the personal data of some 700,000 UK citizens.

The data that was exposed included names, dates of birth, telephone numbers and, in some cases, driving licence numbers.

The ICO reports that the many failures found in this case included retaining personal information longer than necessary and leaving it vulnerable to attack.  Equifax had previously been warned about a critical vulnerability in its systems but had not taken appropriate steps to fix it.

The fine is the maximum available under that Data Protection Act 1998 – the GDPR has introduced the possibility of much greater fines.

This is another reminder – if one were needed – that we must all take very seriously our compliance with the laws on data protection.

If you have questions, we can help.  Please get in touch.

Back to Our Thinking →

Get in touch with us

Interested in finding out more? Use this form to let us know how to contact you and what you’d like to know, and we’ll get back to you.

Alternatively, contact anyone listed on our website direct, they will be happy to hear from you.

  • This field is for validation purposes and should be left unchanged.