A good reputation is hard won but easy to lose. PwC, which ranks as the second largest professional services firm in the world, will no doubt be reflecting on that over worked saying, following the news that it has been fined for failing to comply with the General Data Protection Regulation (GDPR).
British Airways is one of the first organisations to have a major data breach since the enforcement of GDPR, which started on May 25th 2018, following the news that around 380,000 names and credit card information, including the CV2, had been stolen. Thomson Reuters Regulatory Intelligence asked me recently to write an article on the breach, outlining the reasons it happened and to provide practical advice to organisations large or small that want to avoid a similar incident affecting their business.
More than one year on from the General Data Protection Regulation, which came into force on 25th May 2018, the news that British Airways is to be fined more than £183m by the Information Commissioner’s Office after hackers stole the personal data of half a million of the airline’s customers will come as no surprise, says insurance, risk management and data privacy expert Darren Wray. Fifth Step’s CEO Wray says, however, that even at this early stage of the investigation it could be that BA's parent company got off lightly, writing for YouTalk Insurance.
This month marks 12 months since Europe’s General Data Protection Regulation came into force. Since the 25 May 2018, numerous high-profile data breaches have highlighted the importance of data protection, for individuals and businesses alike. Looking back at GDPR 12 months on, however, has it had any real impact?
The Institute of Directors has invited me to speak at a forthcoming Insurance Technology Forums lunchtime event at Lloyd’s of London on the 10th July where we’ll be discussing the topic GDPR’s first year: the lull before the 2019 storm. We’ll be discussing how does all this affect the Lloyd’s and London insurance market? And what’s in store for this coming year, Brexit or no Brexit?
Monday 28th of January is Data Privacy Day so I thought this might be an opportunity to share some tips on how to protect your business and, of course, your clients. Last May saw the biggest development of Data Protection Regulation for 20 years as the EU's GDPR came into force. So now the dust has settled let’s recap and celebrate all the hard work that went into complying with the regulation.
In my last blog on the new Bermuda Personal Information Protection Act (PIPA), I looked at the definition of the regulation. In this follow up I want to examine some of the potential impacts of the act on businesses. If you ”use” your customer’s personal data then your contracts need to be reviewed to ensure compliance with PIPA.
Now that the Personal Information Protection Act (PIPA) has been enacted, Bermuda joins the growing number of jurisdictions with enhanced privacy protections. PIPA was passed on July 27, 2016, and will be enforced in the latter part of 2018. In this introduction to PIPA I will outline the key considerations for all businesses in Bermuda that are using personal data or personal sensitive data.
Under the GDPR, there are two primary types of data user: first is the data controller, the person or company that decide and defines the purpose and data that is collected and processed. Second is the data processor, which is anyone (other than employees or direct subcontractors of the company) who processes the data on behalf of the data controller.
Business management consultant says while financial service industry is ahead of most, some companies are still way behind where they should be when it comes to GDPR, writes Darren Wray in Insurance Times magazine.