CAPITA PLC: Insufficient technical and organisational measures to ensure information security

The UK DPA has imposed a fine of £ 8,000,000 (EUR 9,180,000) on CAPITA PLC. CAPITA PLC acts as the data controller for the CAPITA Group, which has suffered a cyber attack. The controller failed to implement adeqaute technical and organisational measures to ensure data security and also failed to adequatly react to the incident.

GDPR Articles: Art. 5 (1) f) UK GDPR, Art. 32 (1), (2) UK GDPR
Industry: Industry and Commerce