Further Action Against Equifax Following 2016 Data Breach

Published on: 4th December 2018
By PYXI GDPR Team


A fine of £385,000 has been handed to Equifax Ltd for not doing enough to protect 15 million UK customers' data records. Although the breach was in the US, the US parent company Equifax Inc managed data services for Equifax Ltd.

"The UK arm of the company failed to take appropriate steps to ensure its American parent Equifax Inc, which was processing the data on its behalf, was protecting the information."

This case highlights the importance of shared / inherited liability for data processing under the new Data Protection Act 2018 and GDPR. As an organisation you have an obligation to ensure the compliance of all the data processors in your network.

You can read more about the judgement here.

PYXI GDPR Team: 4th Dec 2018 07:46:00