Skip to main content


ICO to Fine British Airways £183m for Infringements of GDPR

Following an extensive investigation the ICO has issued a notice of its intention to fine British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR).
Recent posts

ICO to fine Marriott International £99m for 339 Guest Records Breach

The UK Information Commissioner’s Office (ICO) has issued a notice that it intends to fine Marriott International £99m in relation to a reservation database incident announced on November 30, 2018.

Football Association of Ireland (FAI) confirm security breach of payroll systems

FAI staff have been warned in an internal memo that bank account and PPS details could have been accessed during the hacking of the association's email servers.

Dixons Carphone Data Breach - Now Up to 10 Million Customer Records

Although a pre GDPR data breach, Dixons announced on 31st July 2018 an update to the breach they identified in June. When initially announced on 13th June, it was 1.2 million customer records involved, but with further investigation the breach now looks to have affected approximately 10 million records.

Scottish Rugby: Explicit Consent, Freely Given

I'm currently in discussion with Scottish Rugby about their privacy policy in relation to their new player registration system . In the past, for a person to play in a Scottish Rugby run competition, that person had to be registered on the SRU player registration system.  Player registrations were administered by the Club that player played with, with each Club being a independant organisation, all of whom are Members / mutual stakeholders in the Union.  All rugby union games in Scotland are governed by Scottish Rugby rules, regulations and bye-laws. From 25th May, a new player registration was introduced, which Clubs will still administer, but it also gives players direct access to their record.  The first stage of implementing the new system is for the individual player to confirm their record by logging into the system, firstly accepting the SRUs privacy policy.