GDPR - Protecting Personal Data

The UK Information Commissioner’s Office (ICO) has issued a notice that it intends to fine Marriott International £99m in relation to a reservation database incident announced on November 30, 2018.

FAI staff have been warned in an internal memo that bank account and PPS details could have been accessed during the hacking of the association's email servers.

Summary document from the European Data Protection Board setting out an overview of the implementation and enforcement of GDPR.

Here's one to keep an eye on, a case currently going through Court of Justice of the European Union. Basically, by including a "like" widget on your website, you could be passing personal data to 3rd party data processors, such as Facebook, Google & Twitter.

Although a pre GDPR data breach, Dixons announced on 31st July 2018 an update to the breach they identified in June. When initially announced on 13th June, it was 1.2 million customer records involved, but with further investigation the breach now looks to have affected approximately 10 million records.

I'm currently in discussion with Scottish Rugby about their privacy policy in relation to their new player registration system . In the past, for a person to play in a Scottish Rugby run competition, that person had to be registered on the SRU player registration system.  Player registrations were administered by the Club that player played with, with each Club being a independant organisation, all of whom are Members / mutual stakeholders in the Union.  All rugby union games in Scotland are governed by Scottish Rugby rules, regulations and bye-laws. From 25th May, a new player registration was introduced, which Clubs will still administer, but it also gives players direct access to their record.  The first stage of implementing the new system is for the individual player to confirm their record by logging into the system, firstly accepting the SRUs privacy policy.