Tag

GDPR

Browsing

The UK data protection regulator, the Information Commissioner’s Office, has issued a monetary penalty to £20m on British Airways in connection with a cyber-attack which took place in 2018. In the ICO’s view there was a failure to process personal data in a manner that ensured appropriate security, as required under Articles 5(1)(f) and Articles 32 of the GDPR. The incident commenced with a “supply chain attack” where BA’s network was accessed by an attacker…

Questions continue to arise over the interplay of the second Payment Services Directive (PSD2) with the General Data Protection Regulation (GDPR). Both PSD2 and the GDPR are complex legislation and the relationship between distinct provisions of each law and how they work together is not altogether clear, which has led to uncertainty for payment service providers, including banks. For example, when is “consent” required to access payment data and what does consent mean? To this…