Included in this issue of Data & Privacy News: Facebook issued with maximum £500,000 fine by ICO for serious breaches of data protection law; DHSC estimates WannaCry attack on NHS at £92m; Addleshaw Goddard's Data Team to hold GDPR seminars across the firm's UK offices in November

Facebook issued with maximum £500,000 fine by ICO for serious breaches of data protection law 

The Information Commissioner's Office (ICO) has issued Facebook with a fine of £500,000 for failing to protect users' personal data.

The ICO served a Notice of Intent on Facebook in July 2018. This was part of a wide ranging investigation into data analytics for political purposes.

Information Commissioner Elizabeth Denham is due to give a further update on the ICO's investigation into the use of data analytics for political purposes to the Department for Digital, Culture, Media and Sport Select Committee on Tuesday 6 November 2018.

UK Information Commissioner appointed Chair of the ICDPPC  

The UK's Information Commissioner, Elizabeth Denham, has been elected as Chair of the International Conference of Data Protection and Privacy Commissioners (ICDPPC), the leading global forum of data protection and privacy authorities. 

The ICDPPC, which includes more than 120 members from across all continents, works on global data protection policy issues and adopts resolutions and statements for governments. It also arranges an annual conference, the 40th of which is taking place in Brussels this week.

UK's NCSC thwarts 1,200 cyber-attacks over the last two years 

The UK's National Cyber Security Centre (NCSC) has revealed that it prevented Britain falling victim to nearly 1,200 cyber-attacks in the last two years. Most of these cyber-attacks were a result of state-sponsored hackers employed by hostile nations.

During its operation, the NCSC has tackled phisihng websites preying on UK consumers, led an initiative to mark legitimate government domains to help organisations sift emails threats and produced a code of conduct to help makers of smart gadgets with security.

DHSC estimates WannaCry attack on NHS at £92m 

A report by the Department for Health and Social Case (DHSC) has estimated that the WannaCry attack in May 2017 cost the NHS £92m, £19m in lost output and £73m to restore affected data and systems. 

The DHSC has also estimated that £275m will be spent on improvements to the NHS's cyber security infrastructure by the end of 2021.

Overall, the NHS is making good progress in implementing better cyber security programmes, with all but one of the trusts and foundation trusts now having recruited a board-level member with cyber security responsibility.

GPs in England are facing charges of up to £1,800 for data protection officer under GDPR 

GPs in parts of England are facing a charge of up to £1,800 a year to access data protection officers that are required under GDPR, according to medical publication Pulse. 

Data protection officers can be appointed by either the GP practice or CCGs and health boards. 

GP leaders have argued that commissioners should be supporting GP practices, particularly with the pressure GPs are currently under, rather than charging them for access to a data protection officer.

In August 2018, the British Medical Association asked GPs to lobby their MP over an increase in patient data requests by solicitors and insurance companies, forcing them to spend hours compiling records for free.

Addleshaw Goddard's Data Team to hold GDPR seminars across the firm's UK offices in November  

Now that the GDPR is in force, the Addleshaw Goddard team are holding a series of data protection seminars across the firm's UK offices during November. The team will draw upon their experience and insight on topics including:

  • Handling security incidents and trends on breach reporting;
  • A look at recent enforcement action and relevant privacy case law;
  • How data protection compliance is impacted by Brexit and how to plan for change; and
  • The latest on changes to marketing rules.

For further information, please click on one of the office locations below or alternatively contact one of the members of our data team.

Key Contacts

Helena Brown

Helena Brown

Partner, Commercial and Data Protection & Head of Data
Edinburgh, UK

View profile
Ross McKenzie

Ross McKenzie

Partner, Commercial & Data Protection
Aberdeen, UK

View profile

Read articles and register for events & webinars via LinkedIn

Follow AG Insight on LinkedIn

Related News

All News
Abstract Mergers Acquisitions 21 Dec 23

Addleshaw Goddard LLP, legal counsel to ETC Holdings, on its acquisition of Shanta Gold Limited
Abstract - Stairs - New Service 9 Mar 21

AG Supports the Creation of a Ground-Breaking New Dispute Resolution Service
26 Feb 18

Addleshaw Goddard adds fire power to Data offering with the hire of leading expert in Scotland

Related Insights

All Insights
Data Protection - March 2024 - Infographic Teaser 26 Mar 24

Data Diaries - March 2024
Technology 15 Mar 24

The Saudi National Cybersecurity Authority Publishes New Regime for the Regulation of Cybersecurity Service Providers
Data - wire 12 Mar 24

The executive regulations to the Oman personal data protection law - What you should know.

Subscribe to updates

Our legal experts regularly produce articles, legal publications and resources on a wide range of legal subjects and hot topics.

Sign up here