Our Website Uses Cookies 

We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.

For more information, please contact us or consult our Privacy Notice.

Your binder contains too many pages, the maximum is 40.

We are unable to add this page to your binder, please try again later.

This page has been added to your binder.

ICO hits electronics retailer with maximum pre-GDPR fine

January 10, 2020, Global Data Review

Daniel Cooper is quoted in Global Data Review regarding the UK ICO’s decision to fine DSG Retail £500,000 under pre-GDPR data protection law. The fine stems from the company being compromised by a cyberattack affecting at least 14 million people.


Mr. Cooper says, “the ICO's imposition of a maximum fine appears due, in part, to the fact that it felt DSG should have learned its lesson from the Carphone Warehouse incident, but apparently did not. One further, interesting aspect to the case is that the ICO clearly did not like DSG's argument that certain aspects of the compromised data – customer primary account numbers and expiry dates associated with their payment cards – was not personal data. The ICO give this claim … very short shrift and it may have contributed to the ICO's generally dim view of DSG's practices.” He adds, “DSG may have been better served by not making such an argument, which the ICO were never likely to accept even at the best of times.”

Share this article: