On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found that DPP failed to implement appropriate technical and organisational measures, as required by Article 5(1)(f) and Article 32 UK GDPR. This is the second fine in Q1 2025 imposed by the ICO for such a failure. See the ICO’s action against Advanced Computer Software Group Ltd…
By: Alston & Bird
By: Alston & Bird
