Trio of U.K. fines expose third-party risks under GDPR

By Neil Hodge2020-11-30T21:34:00

Recent GDPR fines against British Airways, Marriott, and Ticketmaster by the U.K. Information Commissioner’s Office each saw the regulator dismiss claims by the companies that third parties were primarily responsible for the data breaches in question.

lock icon THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.

Become a Member

News and analysis for the well-informed compliance or audit exec.

Annual Membership best value

Subscribe now for $365

Our lowest price ($1 per day) for one year.

Receive the CW newsletter and access CPE webcasts.

Already a Compliance Week member?

Article
REWE International $9M GDPR fine a lesson in managing subsidiary risk

2022-01-25T19:24:00Z By Neil Hodge

A recent decision by the Austrian Data Protection Authority against food retailer REWE International underlines the fact parent companies are ultimately responsible for how their subsidiaries manage people’s data, even if the offshoot entity operates separately.
Article
Norwegian DPA warns Grindr of $11.7M GDPR fine

2021-01-26T20:38:00Z By Neil Hodge

Norway’s data privacy watchdog issued gay dating app Grindr with a notice of intention to fine it NOK 100 million (U.S. $11.7 million) for sharing personal data with third parties without users’ consent.
Article
British Airways breach could cost billions in landmark class-action push

2021-01-15T15:12:00Z By Neil Hodge

British Airways faces the largest group claim ever made in U.K. legal history over a 2018 data breach that exposed the financial and personal details of more than 400,000 of its customers.

More from GDPR

Article
Four years of GDPR: New tech testing data privacy law’s longevity?

2022-05-25T15:52:00Z By Neil Hodge

It has been four years since the European Union’s flagship data privacy legislation came into force, but concerns are already being raised about whether the General Data Protection Regulation is being outpaced by technological developments and their use of data.
Article
Dissatisfaction with GDPR pushing EU countries toward local laws

2021-12-21T15:18:00Z By Neil Hodge

So far, Europe’s wide-reaching data privacy rules have seemingly failed to curb Big Tech firms’ use and abuse of citizens’ personal data. As a result, some EU data regulators are pursuing their own investigations—often through other legislation.
Article
CWE panel: GDPR ‘the start of a culture of data protection’

2021-11-15T21:50:00Z By Neil Hodge

Belgian Data Protection Authority head David Stevens and Member of European Parliament Axel Voss discussed ways the General Data Protection Regulation could be improved for the future during a keynote at CW’s virtual Europe event.

“For tracking litigation, enforcement, and regulatory developments, Compliance Weekshould be your prime source.”

Trio of U.K. fines expose third-party risks under GDPR

Become a Member

Related articles

REWE International $9M GDPR fine a lesson in managing subsidiary risk

Norwegian DPA warns Grindr of $11.7M GDPR fine

British Airways breach could cost billions in landmark class-action push

More from GDPR

Four years of GDPR: New tech testing data privacy law’s longevity?

Dissatisfaction with GDPR pushing EU countries toward local laws

CWE panel: GDPR ‘the start of a culture of data protection’

“For tracking litigation, enforcement, and regulatory developments, Compliance Week
should be your prime source.”