Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
Find up-to-date guidance on points of law and then easily pull up sources to support your advice with Lexis PSL
Check out our straightforward definitions of common legal terms.
Speed up all aspects of your legal work with tools that help you to work faster and smarter.
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Access our unrivalled global news content, business information and analytics solutions
Insurance, risk and compliance intelligence using big data, proprietary linking and advanced analytics.
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Our latest thinking on key legal industry developments
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Discuss the latest legal developments, ask questions, and share best practice with other LexisPSL subscribers
This month, we have seen further reported incidents of the use of malware and cyber security to gain personal data from consumers.
The Banks’ Integrated Reporting Dictionary (BIRD) website, owned by the European Central Bank (ECB), was hacked early this August, whereby the names, email addresses and job titles of the 481 subscribers to the bank’s e-newsletter may have been stolen.
Since 2018, the Information Commissioner’s Office (ICO) has made a total of 67 enforcements in an attempt to reinforce the confines of GDPR compliance and UK privacy laws.
In Banking, new data released from banking trade body, UK Finance, revealed that incidents of online payment scams reached nearly 85,000 in 2018, with total losses of £354.3m. In Science, more recently, we saw the incident of Eurofins Scientific, the UK’s biggest forensic services provider, being targeted by a highly sophisticated ransomware virus in June. British police suspended work at the company in order to deal with investigation, creating a backlog of 20,000 forensic samples as a result.
The amount of sensitive data handled by large companies makes them a prime target of cyber attacks. Poor data management could lead to firms becoming vulnerable to threats such as bank transfer fraud, phishing scams, ransomware or data breaches, which allow for additional compliance risks. Furthermore, data collected through fraudulent means can be used many years after the event has taken place, and can be used to facilitate deception scams against companies and consumers, making them highly convincing and far more difficult to guard against.
As digital transformation continues to proliferate, companies would be wise to look to key technology providers in the industry, in helping them navigate these potentially challenging new territories.
Our current commercial climate is becoming increasingly data-driven. With more and more companies offering access to data and services online, and a high upward trend in mobile users, which is currently forecasted to reach 5.9 billion by 2025, the equivalent to 71% of the world’s population. The more that corporate companies are expected to deliver their services digitally, and handle sensitive data frequently, in large volumes, the more they are at risk of advanced data breaches, and therefore the considerable resulting fines:
Fines applied to Knuddels, Google, Taxa4x35, and Bisnode, plus proposed penalties for British Airways and Marriott International, for GDPR compliance violations. Revenue figures calculated using publicly-available investor reports and estimates from Owler.com. Maximum possible fine is defined as either €20m (£17.6m) or 4% of annual revenue, depending on which is greater, as stipulated in GDPR.
Every breach is unique, therefore, knowing what to do in response to every breach that occurs can be challenging. Invariably, this means that not all potential or actual breaches can be reported in the same way, and defining the right process to also becomes more challenging
Having clarity at a business level of the risk severity and action points is very important. A lack of this results in companies being slower to make decisions, which impacts on the ability to meet deadlines and action points
Every step of the breach management process must be documented for the regulator – this audit trail is essential to minimise a fine. If there is no consistent process for this, or if it is manual, mistakes are more likely, and the regulator will likely consider this when assessing the fine
Communication during the process, whether it be to the regulators, supply chain partners, employees, media outlets, the Board, breach victims, stakeholders, and so on, will all be assessed when reviewing any fine. Clear, succinct templates are needed to ensure that no information is missed out
With no process or tools in place, an organisation’s ability to plan and focus resources against future incidents becomes impaired.
Cyber security and data protection will continue to be major topics of focus for in-house lawyers in 2019, with the heavy emphasis on protection of personal data, GDPR compliance and the avoidance of high-risk data breaches.
LexisNexis Cordery Breach Navigator is a sophisticated tool that combines legal expertise with the latest software to help Data Privacy Officers (DPOs) and their teams deal with current and potential data breaches in a consistent, informed manner using the very latest best practice techniques.
Cordery Breach Navigator’s decision engine is based on years of best practice intelligence developed by LexisNexis’ expert teams, who have worked with regulators, compliance teams and law enforcement to regularly understand the key issues faced by in-house legal teams. It is informed by direct legal advisory engagement on over 60 live cases, enhanced through analysis of over a year’s worth of regulatory findings from the Information Commissioner’s Office in the UK, and Data Protection Authorities across Europe.
This legal expertise allows the software to make consistent assessments of risk severity and reporting obligations, and to suggest actions and remediation plans that have proven to be effective in cases that share similar attributes.
 GSMA Intelligence 2019
Click to request a demo: LexisNexis Cordery Breach Navigator
Free trials are only available to individuals based in the UK
* denotes a required field
Amy is an established writer and researcher, having contributed to publications, such as The Law Society, LPM, City A.M. and Financial IT. Her role at LexisNexis UK involved leading content and thought leadership, as well as writing research reports, including "The Bellwether Report 2020, Covid-19: The next chapter" and "Are medium-sized firms the change-makers in legal?"
0330 161 1234