Included in this issue of Data & Privacy News: Facebook issued with maximum £500,000 fine by ICO for serious breaches of data protection law; DHSC estimates WannaCry attack on NHS at £92m; Addleshaw Goddard's Data Team to hold GDPR seminars across the firm's UK offices in November

Facebook issued with maximum £500,000 fine by ICO for serious breaches of data protection law 

The Information Commissioner's Office (ICO) has issued Facebook with a fine of £500,000 for failing to protect users' personal data.

The ICO served a Notice of Intent on Facebook in July 2018. This was part of a wide ranging investigation into data analytics for political purposes.

Information Commissioner Elizabeth Denham is due to give a further update on the ICO's investigation into the use of data analytics for political purposes to the Department for Digital, Culture, Media and Sport Select Committee on Tuesday 6 November 2018.

UK Information Commissioner appointed Chair of the ICDPPC  

The UK's Information Commissioner, Elizabeth Denham, has been elected as Chair of the International Conference of Data Protection and Privacy Commissioners (ICDPPC), the leading global forum of data protection and privacy authorities. 

The ICDPPC, which includes more than 120 members from across all continents, works on global data protection policy issues and adopts resolutions and statements for governments. It also arranges an annual conference, the 40th of which is taking place in Brussels this week.

UK's NCSC thwarts 1,200 cyber-attacks over the last two years 

The UK's National Cyber Security Centre (NCSC) has revealed that it prevented Britain falling victim to nearly 1,200 cyber-attacks in the last two years. Most of these cyber-attacks were a result of state-sponsored hackers employed by hostile nations.

During its operation, the NCSC has tackled phisihng websites preying on UK consumers, led an initiative to mark legitimate government domains to help organisations sift emails threats and produced a code of conduct to help makers of smart gadgets with security.

DHSC estimates WannaCry attack on NHS at £92m 

A report by the Department for Health and Social Case (DHSC) has estimated that the WannaCry attack in May 2017 cost the NHS £92m, £19m in lost output and £73m to restore affected data and systems. 

The DHSC has also estimated that £275m will be spent on improvements to the NHS's cyber security infrastructure by the end of 2021.

Overall, the NHS is making good progress in implementing better cyber security programmes, with all but one of the trusts and foundation trusts now having recruited a board-level member with cyber security responsibility.

GPs in England are facing charges of up to £1,800 for data protection officer under GDPR 

GPs in parts of England are facing a charge of up to £1,800 a year to access data protection officers that are required under GDPR, according to medical publication Pulse. 

Data protection officers can be appointed by either the GP practice or CCGs and health boards. 

GP leaders have argued that commissioners should be supporting GP practices, particularly with the pressure GPs are currently under, rather than charging them for access to a data protection officer.

In August 2018, the British Medical Association asked GPs to lobby their MP over an increase in patient data requests by solicitors and insurance companies, forcing them to spend hours compiling records for free.

Addleshaw Goddard's Data Team to hold GDPR seminars across the firm's UK offices in November  

Now that the GDPR is in force, the Addleshaw Goddard team are holding a series of data protection seminars across the firm's UK offices during November. The team will draw upon their experience and insight on topics including:

  • Handling security incidents and trends on breach reporting;
  • A look at recent enforcement action and relevant privacy case law;
  • How data protection compliance is impacted by Brexit and how to plan for change; and
  • The latest on changes to marketing rules.

For further information, please click on one of the office locations below or alternatively contact one of the members of our data team.

Key Contacts

Helena Brown

Helena Brown

Partner, Commercial and Data Protection & Head of Data
Edinburgh, UK

View profile
Ross McKenzie

Ross McKenzie

Partner, Commercial & Data Protection
Aberdeen, UK

View profile