This piece on Law 360 covers off five key learnings from the UK Ticketmaster fraud fine.

The piece highlights how the U.K. Information Commissioner's Office's £1.25 million fine against Ticketmaster over cybersecurity failings that exposed customer payment card data offers several technical and organisational compliance lessons for companies subject to GDPR.

Luke Dembosky, Robert Maddox and Christopher Garrett cover off some very important elements which should be considered if you’re interested in GDPR and associated fines. Their key learnings in this piece focus on:

1. The Need for Vendor Cybersecurity Oversight 

2. The Need for Awareness of Emerging Attack Vectors 

3. The Impact of Industry Standards on GDPR Compliance 

4. The Need to Perform Risk Assessments and Document Key Decisions 

5. The Need to Evaluate Alerts of Potential Breaches Promptly 

As they say, the Ticketmaster penalty completes a hat trick of high-profile penalties imposed by the ICO, which also included fines against British Airways PLC and Marriott International Inc.

To read my previous post on the British Airways fine, take a look here: