By decision of 30 October 2020, the ICO (i.e., the UK data protection authority) issued an £18.4 million fine on Marriott International Inc for failing to comply with its GDPR security obligation.
This decision stems from a cyber attack on Starwood, a company acquired by Marriot in 2016, notified to the ICO in 2018. The ICO investigation traced the cyber-attack back to 2014. It concerned million of customers’ personal information, including among other their reservation details, payment card details, and passport number.
The Information Commissioner’s Office (ICO) imposed a fine of £20m on British Airways (BA) for failing to protect the personal and financial details (payment card details) of more than 400,000 customers.
The ICO investigation revealed that the BA had not implemented adequate security measures and as a result, could not detect a cyber-attack, which took place in 2018 until BA was made aware of the attack by a third party two months later.
The Hamburg Commissioner for Data Protection and Freedom of Information imposed a 35.3 Million Euros Fine on H&M for illicit HR data procssing carried out in its Service Center based in Nuremberg. Indeed, the Authority discovered that the management team
By decision of 28 July 2020, the CNIL imposed a fine of €250,000 and an obligation to comply with the GDPR within 3 months of the decision, on SPARTOO, an online shoe retailer operating in 13 European countries. This is
During its 34th plenary session that took place on 20 July 2020, the European Data Protection Board (EDPB) adopted the following documents: a statement on the CJEU’s ruling in Facebook Ireland v Schrems in which it states that it is