The Information Commissioner’s Office (ICO) has hit Birthlink, a Scotland-based post-adoption support charity with an £18,000 fine for destroying an estimated 4,800 personal records without authorization.
In April 2025, the Co-operative Group, who are home to more than 6.5 million members, experienced a major cyber attack which resulted in the personal data of every single member being stolen. The breach, confirmed by Co-op chief Shirine Khoury-Haq, is one of the largest and most extensive cyber incidents ever seen in the UK retail sector.
The Data (Use and Access) Act 2025, first introduced in the House of Lords as the Data (Use and Access) Bill, has finally been granted royal ascent.
This Act aims to introduce amendments to UK data protection law, meaning that it isn’t a replacement for existing regulations, such as UK GDPR, The Data Protection Act 2018 and The Privacy and Electronic Communication Regulation 2003, rather it just makes them look a little different.
Over the weekend of 7-8 June 2025, Oxford City Council was hit by a cyber attack targeting its legacy IT systems. The breach exposed personal data, such as names and contact details, of individuals involved in council-administered elections between 2001 and 2022. These mainly consisted of current or former council officers, including polling station staff and ballot counters.
No evidence has been found that the compromised data was shared externally or downloaded in bulk.
On 19th June 2025, the UK’s Data (Use and Access) Bill was granted Royal Assent and will now be known as The UK Data (Use and Access) Act 2025, or DUAA.
At this point, it is important to clarify The DUAA will amend the existing UK data protection laws, not replace them. This means, we will still have the three primary underlying laws; UK GDPR, Data Protection Act 2018 and PECR 2003.. they’ll just look a bit different.
Reforms to data protection legislation were first proposed by the Conservative Government, promising to “overhaul” data protection legislation post-Brexit.. the early version of these reforms were more radical – even abolishing the requirement for Data Protection Officers (DPOs).
The Information Commissioner’s Office, the independent supervisory authority for data protection in the UK, has fined 23andMe, a genetic testing service, £2.31 million following an investigation into a cyber attack that happened in 2023.
Between April and September 2023, an attacker carried out a credential stuffing attack, which exploited reused login credentials that were stolen from previous unrelated cyber attacks. Credential stuffing is when login details, usually stolen from another breach, are tried on different services, relying on users reusing the same passwords.
Over the past few months, a wave of cyber attacks has swept through the UK retail sector, disrupting some of the country’s largest brands. Adidas, Harrods, The Co-Op and most publicized due to the impact of the attack, Marks & Spencer, have all been targeted by cyber criminals, resulting in outages, data breaches and multi-million-pound losses.
But why are these retailers so frequently targeted by attackers? This blog post will explore the unique risks that retailers face, what we can learn from recent incidents and how the sector as a whole can protect itself from future attacks.
PRIVACY HELPER’s mission is to help businesses by providing expert privacy guidance and aid with data protection compliance with zero-fuss, giving you the power and resources to do more. We aim to seamlessly integrate with your organisation and give you compliance solutions, enabling you to safeguard your personal data, meaning your customers and suppliers can trust you.
As is quite commonplace these days, the internet has thrown up some wonderful Christmas memes to brighten our days as we head towards the festive season, but one might be spreading a little fake news in disguise. A witty, but incorrect, reworking of a classic Christmas song has been calling into question Father Christmas’ data…
The fine imposed on British Airways (BA) by the Information Commissioners’ Office (ICO) has sent a strong message to businesses across the UK – a cyber-attack is no excuse for a data breach if you’ve not done enough to protect the data you hold. British Airways was fined after a data breach affecting 400,000 customers was…
