GDPR claims first corporate victims

The General Data Protection Regulation (GDPR) has been in force for less than two months, and already some well-known brands have fallen foul due to data breaches.

Luxury retailer Fortnum & Mason admitted the loss of some 23,000 customer records - which included emails, telephone numbers and delivery addresses of customers who filled out a survey - due to the use of a third-party survey provider.

In a similar breach to that of digital-only bank Monzo, which also used Typeform, an unknown hacker gained access to its server and downloaded the data contained in survey forms.

Meanwhile, Travelodge was also forced to announce that 180,000 personal details of its clients were taken, including date of birth, passport numbers and billing information.

Under the new regulations - which require disclosure within 72 hours of a breach - both companies have had to contact each person whose data has been lost.

Colin Tankard, managing director of data security firm Digital Pathways, commented that if these brands had encrypted their data, they would not need to contact each customer as, under GDPR, if the data is encrypted, it is only the Information Commissioners Office which needs to be advised.

“Already, it seems that many companies are being ‘hit’ with requests regarding the use of personal information, putting huge strain on company resources,” he said. “It’s hard to believe that after months of pre-GDPR consultancy work and reports on what needs to be done, companies have not installed technology that would solve these problems.”

Tankard continued that companies must, automatically, move any personally identifiable data to a secure location, where encryption is applied.

“It seems a ‘no brainer’ to do this, rather than face a huge fine, high costs of managing and notifying thousands of people, as well as handling their subsequent questions, the public disclosure and the bad press.”

    Share Story:

Recent Stories


The Rise of Instant Payments
Instant payments are creating new business opportunities for banks by providing more touchpoints than ever. With these evolutions underway, Featurespace brought leading industry experts together to discuss how they are protecting customers from fraudsters in real time, utilizing innovative and disruptive solutions to reduce fraud. Click here to find out more.

Offloading Cyber Risk in the Cloud
As cyber attacks and data breaches are in the news on an increasingly regular basis - with regulatory penalties and customer trust on the line for financial services firms - it has never been more crucial to be compliant in the cloud.

This video, with Akamai’s EMEA director of security technology and strategy Richard Meeus, will help explain what your company can be doing to make sure it’s not embroiled in the next big fine or front-page scandal.