Key takeaways

• The UK Information Commissioner’s Office (“ICO”) fined telecoms retailer Carphone Warehouse £400,000 for having inadequate safeguards in place to protect customer and employee personal data.
• The ICO’s Penalty Notice contains helpful guidance on technical and organisational safeguards companies may be expected to have to secure personal data.
• When the EU General Data Protection Regulation comes into force in May this year, potential penalties for data security failures will be much higher. Businesses handling personal data should consider whether their safeguards and controls suffer from the deficiencies for which the ICO fined Carphone Warehouse.