DPP Law Ltd.

€70,300

Insufficient technical and organisational measures to ensure information security

Date de décision

14 avril 2025

Autorité

Information Commissioner (ICO)

GB

Secteur

Finance, Insurance and Consulting

Pays

GB

Droit

GDPR

Statut

FINAL

Description

The UK DPA (ICO) has imposed a fine of £ 60,000 (EUR 70,300) on the law firm DPP Law Ltd. The controller had suffered a cyber attack during which personal data of 791 clients and expert witnesses were exfiltrated and published on the dark web. The DPA found that the controller failed to implement adequate technical and organisational measures to prevent such an attack, including the failure to regularly audit administrative accounts on its network, thereby infringing Art. 5 (1) f), 32 (1), and 32 (2) UK GDPR. The controller also breached Art. 33 (1) UK GDPR by failing to notify the DPA within 72 hours, reporting the incident only 43 days later.

Citations légales

Art. 5 (1)Art. 32 (1)Art. 33 (1)

Questions et violations

Insufficient technical and organisational measures to ensure information security
Voir le document officiel
Retour à la base de données des amendes
Précédent Amende
Romanian National Supervisory Authority for Person...
Prochaine amende
Data Protection Authority of Hamburg (HmbBfDI) - C...

Restez informé sur l'application de la législation en matière de protection de la vie privée

Nous respectons votre vie privée. Un courriel par mois, pas de spam, désabonnement à tout moment.