Cyber Insurance, Privacy and Data Security Newsletter - March 2018 - DAC Beachcroft

Cyber Insurance, Privacy and Data Security Newsletter - March 2018's Tags

Tags related to this article

Cyber Insurance, Privacy and Data Security Newsletter - March 2018

Published 27 March 2018

GDPR – Are you ready?

It's the final countdown! With less than 60 days to go until the EU General Data Protection Regulation (GDPR) comes into force, this month's newsletter focusses on last minute preparations to ensure compliance.

Regulators across the EU are getting ready for the GDPR. In the UK, the ICO is regularly updating its GDPR guidance pages and, for those organisations that need a kick-start, has produced helpful checklists for both data processors and controllers to get ready.

In Spain, the Spanish Data Protection Agency (by its Spanish acronym AEPD) has been busy publishing guidance and setting up certification schemes. For more information, click here

Across the EU, the Article 29 Working Party has also issued guidance designed to clarify new rights and obligations under the GDPR. Guidance on notification of data breaches has been finalised. One important change from WP29's original draft is that it is now clear that where a breach is discovered by a data processor, the 72 hour time limit for a data controller to notify the breach to the supervisory authority will only begin once the data processor notifies the controller of the breach (which should be done without undue delay).

Finally, we at DAC Beachcroft are hard at work producing a new Breach Response Planner, which will allow organisations, big and small, to ensure they have a comprehensive plan in the event of a data breach. More details to follow soon, but if you would like further details, please contact us.

Why digital-age directors need directors and officers (D&O) cover

An article published by The Telegraph, and featuring commentary from DAC Beachcroft Partners Hans Allnutt and Graham Ludlam

"The ICO wants to see directors take responsibility and we may see more criminal cases. Beyond GDPR, there is also the UK’s Data Protection Bill and this has a particular section relating to criminal offences and directors’ liability"

The Data Protection Bill, likely to become the UK Data Protection Act, will give effect to the GDPR in the UK. As for every member state, the UK has certain derogations and flexibilities around the GDPR provisions. One such area is the UK’s proposal to include criminal sanctions for directors. To read the full article, click here.

Cyber Threat Advisory

NCC Group’s Network Threat Monitoring and Incident Response teams are reporting a significant and sustained increase in attacks where the victim’s computational resources are used by the attacker in order to ‘mine’ crypto-currencies, with one specific currency, ‘Monero’ being the current favourite [1]. Mining crypto-currencies is the process of generating revenue in exchange for providing the computational resources which are required to keep the currency working, by processing transactions.

Read more


In the wake of the catastrophic Spectre and Meltdown bugs published in January, the usual suspects are back at large again, with Microsoft and Adobe leading the way with serious vulnerabilities. Recent trends also show a spike in crypto-currency mining malware – is this the new Ransomware?

Read more

And finally….

We are delighted to be nominated for the Advisen Cyber Risk Awards 2018 Cyber Law Firm of Year for the second year running. The award recognises innovation and excellence in the provision of Cyber Law services and winners are determined by "People's Choice", so we would like to ask for a few moments of your time to make sure you register your vote.


Hans Allnutt

Hans Allnutt

London - Walbrook

+44 (0) 20 7894 6925

Patrick Hill

Patrick Hill

London - Walbrook

+44 (0)20 7894 6930

< Back to articles