Risk and Compliance Update – 23rd October

Risk and Compliance Update – 23rd October

In this issue:

Risk & Compliance forecast

Data protection

Financial crime and sanctions

Cyber security

LexTalk®Risk & Compliance: a Lexis®PSL community


Risk & Compliance forecast

Our new Risk & Compliance forecast (as at 20 October 2020) is now live. This month, we report on issues including (1) regulation of legal services; (2) data protection; and (3) crime prevention. You can rest assured we’re tracking forthcoming regulatory changes so you can plan ahead.

See: Risk & Compliance forecast as at 20 October 2020.


Data protection

New detailed subject access request guidance published by ICO

The Information Commissioner’s Office (ICO) has published detailed guidance on the right of access. The guidance aims to help organisations deal with subject access requests effectively and efficiently. The content of the guidance has been informed by a public consultation, which called on the ICO to provide ‘additional content and examples’ and ‘more support and clarification on some aspects of the law’.

See: LNB News 21/10/2020 57.


ICO fines British Airways £20m for breach of data protection law

The ICO has fined British Airways (BA) £20m for breaching data protection law which affected approximately 429,612 customers and staff. An ICO investigation found that BA failed to protect the personal and financial details of its customers and staff as it processed a significant amount of personal data without implementing the necessary security measures, and was subsequently subject to a cyber attack during 2018 which remained undetected for over two months. The ICO stated that BA should have identified weaknesses in its security system and should have resolved them with the available security measures. The cyber attack is believed to have potentially gained access to names, addresses, payment card numbers, CVV numbers, usernames, passwords and PINs. The £20m fine is a notable step down from the £183.39m fine the ICO initially intended to impose on BA.

See: LNB News 16/10/2020 36 and News Analysis: BA’s long-awaited UK data-breach fine puts spotlight on security of remote-access networks.


EDPB adopts final Guidelines on Data Protection by Design & Default

The European Data Protection Board (EDPB) has adopted a final version of the Guidelines on Data Protection by Design & Default. The guidelin

Subscription Form

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Related Articles:
Latest Articles:

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.