An alarming data breach seems to make the news nearly every week but have you heard about this one – it’s shocking, I promise…

Recently it was revealed that the NHS had a certain tracking widget installed on a number of its website backends that fed information to Facebook or Meta, including Personal Identifiable data such as Facebook account details and IP addresses. The particularly sensitive information shared, included details of patients searching NHS websites for information on:

• HIV.
• Self-harm.
• Gender identity.
• Sexual health.

Yikes!

And the Data Breaches Don’t Stop There…

Staying safe online is incredibly important when your modem can connect you to a data centre in Lagos or Auckland, especially if you’re living online, working, gaming or socialising. Data has been bought and sold since the dawn of the internet era, and for many years without our knowledge.

Since then, the data wild west has been corralled into the pen of European and UK GDPR and other data legislation that is hugely beneficial to the end user or consumer.

In 2021 LinkedIn was the subject of a data scraping attack which exposed the personal details of some 700 million users to the dark web. Whilst a lot of the data was publicly available, and LinkedIn refutes that it is responsible for the breach, the fact remains that personal identifiable data (including email addresses, phone numbers and geolocations) were available for hackers to take advantage of.

But When is a Data Breach, Not a Data Breach?

Any serious organisation worth its salt, would realise that what befell LinkedIn, would highlight the need for robust security and a reduction in the number of tracking cookies and tags that are allowed to ping around whilst we surf the net.

The internet used to be a fairly lawless society where a single click could permanently freeze the device you were surfing the net on. At best this was inconvenient, at worst, heart-breaking. The prevalence of ransomware and other nasty scams makes the internet’s final frontier a scary place to be if your data isn’t protected.

Our GDPR Services

As a full-service PR and Marketing agency, Allott and Associates has a specific interest in GDPR and data protection. GDPR came into force in May 2018 and was renamed in January 2021 to UK GDPR. UK GDPR affects virtually all businesses, trade associations and not-for-profits that hold personal identifiable data.

UK GDPR is broadly similar to EU GDPR but with a number of differences. The biggest is the territorial reach. This means that if you process data in the UK for anyone, whether they are based in the UK, EU or anywhere else in the world, the data subjects all have the same legal rights and remedies.

The fines associated with breaching GDPR and data protection rules can be substantial, so it’s better to get it right straight out of the starting gates.

Contact Allotts

At Allotts we work with small businesses to medium enterprises to multinationals. We know how important website clicks and visits can be, we also know that we have the right experts in house to make sure your site, and your data is fully compliant, and continues to delight your users.

To embark on your journey to GDPR compliance, contact Allotts.