GDPR, Freedom of Information and Data Protection Acts in the News

Published on: 17th September 2018

The pace of news around data privacy and data protection is increasing week by week in the UK. The GDPR/DPA2018 legislation that came into effect in May has precipitated a far greater awareness of the power of redress available to the public in regard to the abuse of their personal data. It has also, for the first time, legally obliged organisations to self-report when a data breach occurs within 72 hours.

This has led to an increased awareness of the public complaints process ( and shown that there is increased pressure on organisations to publish incidents that occur as quickly and fully as possible. The recent cases of data breach at British Airways and Ticketmaster have shown that full public engagement is the best way to minimise reputational damage.

Alongside the major companies in the press, the ICO website also shows an increase in enforcement actions against smaller businesses and organisations. Cases include instances of data loss, malicious theft or breach, poor data security, deliberate flouting of the law and a variety of fines and judgments against the individuals and organisations concerned. This week saw the results of first cases to be investigated under the new GDPR legislation appear in the press for Lewisham Council and Equifax.

The trend is obvious and should provide further pressure for all UK organisations to review their data protection, cyber security and data privacy processes as a matter of urgency. If these issues are ignored it is clear that the repercussions will be significant and perhaps severe. The thought that your organisation may end up on a name-and-shame list is a clear prompt to start addressing these issues urgently.

PYXI GDPR Team: 17th Sep 2018 08:06:00