A look back at Data Protection and Cyber Security in 2021…

Data Protection Milestones

UK Adequacy

In June the European Union approved adequacy decisions for the GDPR and the Law Enforcement Directive (LED). This means data can continue to flow as it did before, in the majority of circumstances.

UK Data Protection Reform Proposal

In September the UK government launched adata protection reform proposal;Data: a new direction. The Proposal included a number of categories including ICO reform, better delivery of public services and removal of administrative burdens for businesses.

In October the ICO published their response to the proposal.

Cookies Law – Landmark Case

In November the Supreme Court judgment in Lloyd v Google provided assistance for companies facing compensation claims under data protection legislation. The decision made it clear that loss of control of data will not be enough to support a claim. Individuals bringing data breach claims after visiting a company’s website which uses cookies without their consent may struggle to demonstrate they have suffered any (or sufficient) “damage” or “distress”.

Major Cyber incidents

Microsoft Exchange

Four zero-day exploits were discovered on on-premises Microsoft Exchange Servers in March. The attackers got privileged access rights on more than 250,000 servers. The attackers gained full access to emails and passwords on the affected servers.


More than 40 million customers were thought to be affected by the data breach which occurred in August.  The attack was blamed on a sophisticated cyberattack. Reports surfaced of another attack hitting the telecoms company at the end of December which is said to be linked to sim swapping and affecting a much smaller number of customers.


60 gigabytes of sensitive data was stolen by a group of hackers. The data included customers names, contact numbers and corporate financial data.


It was reported that 553 million Facebook users had their data stolen in April. Data included full names, phone numbers, dates of birth, locations, and email addresses.

Who has been targeted?

A UK Government survey published in March highlighted that the following types of organisations had experienced cyber security breaches or attacks:

  • 51% of high earning charities
  • 64% of large businesses
  • 65% of medium businesses
Common types of attack

In the second quarter of the year, 268 phishing incidents were reported to theInformation Commissioner’s Office which shows a marginal increase from the same period from the previous year. Conversely, reported ransomware incidents increased by over 30%.

What does a Cyber incident cost?

Ponemon Institute study estimated that a cyber security incident can cost $3.86 million (about £2.9 million) per incident.

TechRepublic reported that the Solar Winds breach cost affected companies $12m (about £8.9 million)this figure is based on 11% of worldwide revenue.

Defending your business

Recognise, respond and recover.

Staff are our greatest asset and also our first line of defence, training them on data protection and cybersecurity is essential. Midland Data Protection have complete staff training packages which can be tailored to your business.

Robust incident plans and policies are necessary to help you address any incidents.Disaster recovery and business continuity plans are essential to your business operation…we have you covered here at midland data protection.

Find more information about services here https://midlanddataprotection.co.uk/services/

Contact us for a discussion today.

Sign Up to Receive Articles and Information about our Services

To view our privacy notices please click here