GDPR claims first corporate victims

The General Data Protection Regulation (GDPR) has been in force for less than two months, and already some well-known brands have fallen foul due to data breaches.

Luxury retailer Fortnum & Mason admitted the loss of some 23,000 customer records - which included emails, telephone numbers and delivery addresses of customers who filled out a survey - due to the use of a third-party survey provider.

In a similar breach to that of digital-only bank Monzo, which also used Typeform, an unknown hacker gained access to its server and downloaded the data contained in survey forms.

Meanwhile, Travelodge was also forced to announce that 180,000 personal details of its clients were taken, including date of birth, passport numbers and billing information.

Under the new regulations - which require disclosure within 72 hours of a breach - both companies have had to contact each person whose data has been lost.

Colin Tankard, managing director of data security firm Digital Pathways, commented that if these brands had encrypted their data, they would not need to contact each customer as, under GDPR, if the data is encrypted, it is only the Information Commissioners Office which needs to be advised.

“Already, it seems that many companies are being ‘hit’ with requests regarding the use of personal information, putting huge strain on company resources,” he said. “It’s hard to believe that after months of pre-GDPR consultancy work and reports on what needs to be done, companies have not installed technology that would solve these problems.”

Tankard continued that companies must, automatically, move any personally identifiable data to a secure location, where encryption is applied.

“It seems a ‘no brainer’ to do this, rather than face a huge fine, high costs of managing and notifying thousands of people, as well as handling their subsequent questions, the public disclosure and the bad press.”

    Share Story:

Recent Stories


Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

Beyond compliance: Transforming document management into a strategic advantage for financial institutions
In this exclusive fireside chat, John Rockliffe, Pre-Sales Manager at d.velop, discusses the findings of Adapting to a Digital-Native World: Financial Services Document Management Beyond 2025 and explores how FSIs can turn document workflows into a competitive advantage.

Sanctions evasion in an era of conflict: Optimising KYC and monitoring to tackle crime
The ongoing war in Ukraine and resulting sanctions on Russia, and the continuing geopolitical tensions have resulted in an unprecedented increase in parties added to sanctions lists.

Achieving operational resilience in the financial sector: Navigating DORA with confidence
Operational resilience has become crucial for financial institutions navigating today's digital landscape riddled with cyber risks and challenges. The EU's Digital Operational Resilience Act (DORA) provides a harmonised framework to address these complexities, but there are key factors that financial institutions must ensure they consider.