DPP Law Ltd.

€70,300

Insufficient technical and organisational measures to ensure information security

Dato for beslutning

14. april 2025

Myndighed

Information Commissioner (ICO)

GB

Sektor

Finance, Insurance and Consulting

Land

GB

Lovgivning

GDPR

Status

FINAL

Beskrivelse

The UK DPA (ICO) has imposed a fine of £ 60,000 (EUR 70,300) on the law firm DPP Law Ltd. The controller had suffered a cyber attack during which personal data of 791 clients and expert witnesses were exfiltrated and published on the dark web. The DPA found that the controller failed to implement adequate technical and organisational measures to prevent such an attack, including the failure to regularly audit administrative accounts on its network, thereby infringing Art. 5 (1) f), 32 (1), and 32 (2) UK GDPR. The controller also breached Art. 33 (1) UK GDPR by failing to notify the DPA within 72 hours, reporting the incident only 43 days later.

Juridiske citater

Art. 5 (1)Art. 32 (1)Art. 33 (1)

Problemer og overtrædelser

Insufficient technical and organisational measures to ensure information security
Se officielt dokument
Tilbage til bøde-databasen
Forrige bøde
Romanian National Supervisory Authority for Person...
Næste bøde
Data Protection Authority of Hamburg (HmbBfDI) - C...

Hold dig opdateret om håndhævelse af privatlivets fred

Vi respekterer dit privatliv. En e-mail om måneden, ingen spam, afmeld når som helst.