On October 15, 2025, the UK’s Information Commissioner’s Office (ICO) fined Capita plc and Capita Pension Solutions Limited (collectively “Capita”) £14 million (~$18.8 million) for failing to implement adequate security measures to protect the personal data of over ~6.6 million individuals following a ransomware attack by Black Basta. The ICO’s penalty notice is available here. […]
European Privacy & Cybersecurity
The EU Data Act Comes Into Force
The EU officially adopted the Data Act in January 2024, and it came into force on September 12, 2025. The Data Act builds on existing laws like the General Data Protection Regulation and the Data Governance Act. Now that the legislation is active, companies that fall under its scope must proactively review its provisions and […]
EU-wide Breach Notification Template On The Horizon
Following their recent meeting in Finland, the EU Data Protection Authorities acting through the European Data Protection Board (EDPB) announced their intention to release new tools and an EU-wide data breach notification template to help companies comply with the requirements of the EU General Data Protection […]
UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack
On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK users. The penalty followed a joint investigation with the Office of the Privacy Commissioner of Canada, highlighting how regulators are […]
European Vulnerability Database Published by the European Union Agency for Cybersecurity
The European Union Agency for Cybersecurity (ENISA) has launched the European Vulnerability Database (EUVD), a tool designed to enhance digital security across the EU. The EUVD is available here. ENISA created the EUVD under the Network and Information Securities 2 Directive (NIS2). It is a centralised database containing information on cybersecurity vulnerabilities affecting information technology […]