In a recent article in The Register online bank Monzo said it warned Ticketmaster that something weird was going on in early April, two months before the ticket-slinging giant revealed its payment pages had been hacked.
According to Monzo, 50 customers had complained on April 6 that someone had hijacked their bank cards and spent their money – and 35 of them, or 70 per cent – had used Ticketmaster.
The Ticketmaster cyber-break-in is the first major computer security breach since Europe's GDPR came into effect on May 25, so close attention will be paid on whether Ticketmaster complied with the regulation relating to breach notification and adequate security.
KEY ACTIONS YOU SHOULD TAKE
1. Make sure you have Data Processing Impact Assessments – if you have any risks or any doubts use a DPIA as an opportunity to think about the measures to mitigate or transfer risk.
2. Make sure you have good vendor due diligence – ensure the people you share data with are reliable and secure. Check their credentials, certifications and policies.
3. Make sure you have necessary Controller-Processor Contracts and Data Sharing Agreements – this should include clauses prescribed by law, plus arrangements for notifying each other and indemnities in case of Breach.
KEEP IN TOUCH
Come and visit
I am doing a series of workshops at Jersey Business from 8am to 10am so maybe you’d like to come to these
Wednesday 4th July
Wednesday 1st August
Wednesday 5th September
Wednesday 3rd October
Wednesday 7th November
Wednesday 5th December
I also provide bespoke training for organisations (£100/hour for businesses and £70/hour for Charities) If you don’t have all the necessary tools, training, templates, policies and procedures I provide a GDPR toolkit (£375 for Charities, £750 for businesses) If you use the link you can see both the contents and samples