Fintech

Keplin Group’s Expansion Paves the Way for Sustainable E-commerce with Seamless Payments

E-commerce solutions provider Keplin Group has solidified its presence in the West Midlands logistics scene by securing an additional 75,000 square feet of space at Meon Vale Business Park near Stratford-upon-Avon. This expansion builds upon Keplin Group’s existing 43,000 square foot unit at the site, bringing their total footprint to nearly 120,000 square feet. The […]

Keplin Group’s Expansion Paves the Way for Sustainable E-commerce with Seamless Payments Read More »

Boohoo’s Executive Bonus U-Turn: A Sign of the Times in Corporate Governance?

Online fashion giant Boohoo has reversed its decision to award £1 million bonuses to three of its top executives. This dramatic U-turn comes in the wake of intense shareholder backlash, raising questions about the evolving dynamics of executive compensation and corporate accountability. The proposed bonuses, intended for CEO John Lyttle and co-founders Mahmud Kamani and

Boohoo’s Executive Bonus U-Turn: A Sign of the Times in Corporate Governance? Read More »

N26 Gets Green Light for Unrestricted Growth After Regulatory Scrutiny

German neobank N26 has received a significant boost as financial regulator BaFin has lifted the growth restrictions imposed two and a half years ago due to concerns over money laundering and financial crime. This move signals a major turning point for the Berlin-based bank, which can now onboard an unlimited number of new customers starting

N26 Gets Green Light for Unrestricted Growth After Regulatory Scrutiny Read More »

Nexi and orderbird Collaborate to Launch New Payment Platform for German ISVs

Nexi, a leading European payments company, and its subsidiary Orderbird, a provider of Point of Sale (POS) systems, have announced the launch of the Nexi Partner Portal (NPP) in Germany, according to Fintech Finance News. This new platform is designed to streamline payment processing for Independent Software Vendors (ISVs) across various industries, including retail and

Nexi and orderbird Collaborate to Launch New Payment Platform for German ISVs Read More »

A 30% Jump in Visa & Mastercard Fees, who takes the hit?

The Payment Systems Regulator (PSR) published an interim report on their market review of card scheme and processing fees, particularly focusing on the dominance of Mastercard and Visa. This report, a comprehensive examination of the complex financial network that underpins everyday transactions, laid bare the substantial impact these fees have on businesses and consumers alike.

A 30% Jump in Visa & Mastercard Fees, who takes the hit? Read More »

Peace of Mind for Developers: Apple’s Secure Platform Empowers Innovation

The allure of smartphones and tablets is undeniable, but the vast ecosystem of apps that fuel them can be a breeding ground for fraudsters. Apple, however, has emerged as a champion for user safety, implementing a robust multi-layered defense system that has thwarted a staggering $7 billion in potentially fraudulent transactions on the App Store

Peace of Mind for Developers: Apple’s Secure Platform Empowers Innovation Read More »

Verifone & Logos Join Forces to Transform Self-Service Payments

The landscape of self-service payments is poised for a significant transformation. Industry leaders Verifone, a titan in FinTech solutions, and Logos Payment Solutions, a pioneer in unattended payment technology, have announced a strategic partnership. This collaboration aims to revolutionize the way businesses and consumers interact in a variety of unattended payment scenarios. What are Unattended

Verifone & Logos Join Forces to Transform Self-Service Payments Read More »

How Unified Ledgers Offer Efficiency and Flexibility

What are unified ledgers? Imagine your financial life as a house. You might have a room where you store cash and coins, another secure vault for precious metals and jewelry, and perhaps a digital safe for storing cryptocurrency. While these rooms serve their purposes, keeping everything separate creates inefficiencies. Moving assets between them can be

How Unified Ledgers Offer Efficiency and Flexibility Read More »

We use cookies to improve user experience and analyse website traffic. By clicking ‘Accept’, you agree to our website’s cookie use as described in our Privacy Policy.

Post-Brexit: data protection
Card processor sends sensitive data to wrong address
24 August 2022

Worldline SA subsidiary Payone GmbH has been accused of breaching data protection rules after it sent sensitive employee payroll information to the wrong address by accident. The Worldline Group holdS a 60% stake in the Frankfurt based company who have a small UK market presence.

In June 2021, one of Payone GmbH’s ex UK employees (the data subject) received a “potential data breach notification” from the firm advising him that his salary, National Insurance data, nationality (Special Category Data) was amongst various bits of information sent to an incorrect home address.

This included personal information such as the former employees name, age and address.  It also included details such as the date of birth and the amount of annual work bonus he received in his bank account amongst other identifiable data.

Payone GmbH confirmed that this document was sent out in error following an employee making a mistake when re-entering data processed by their third-party payroll provider.  The error arose when the employee was fulfilling an Article 15 GDPR request. The error was spotted by the data subject when he noticed in an email version of the document that the postal address was incorrect. An attempt to notify Payone GmbH of the error went in vain as the document was already irretrievably despatched.

The data subject was alarmed with the incident which exposed him to the possibility of fraudulent activity, amidst reasonable fears his data could end up on the dark web and used by criminals.  Habitually resident in the UK he complained to the Information Commissioner’s Office (ICO) in June 2021. He similarly raised the concern in Germany via The Hessian Commissioner for Data Protection and Freedom of Information (HBDI).

The ICO reprimanded Payone GmbH for the error in their final decision letter.
Similarly, the HBDI cited a violation of Article 5(f) of the General Data Protection Regulation (GDPR) relating to integrity and confidentiality.

The ICO stated in their July 2021 findings that Payone GmbH, “should take steps to ensure that all personal data records are accurate and up to date. Holding inaccurate information, such as addresses, does increase the risk of personal data breaches and poses risks to the security of information”.

The HBDI confirmed in their October 2021 findings that Payone GmbH had taken remedial action. They concluded that a monetary fine would not be imposed on Payone GmbH as they had taken technical and organisational steps in response to the data breach. Data subjects could now request their data in an autonomous portal.

The GDPR, which came into effect in 2018, gave the Information Commissioner’s Office greater powers to tackle data breaches. The new ‘UK GDPR’ charts its own course after Brexit whilst seeking to maintain EU GDPR adequacy.  In extreme scenarios, organisations face penalties of up to £20m or 4 per cent of their global worldwide turnover, whichever is more.

In the years prior to GDPR, the ICO fines were capped at £500,000.

The data subject said: “I am just glad I spotted it; they were going to resend the document again to another wrong address. Prior to Brexit the process would have been commenced via the ICO who in turn would liaise with the HBDI on the data subjects’ behalf; but I found myself communicating with both authorities separately which was an additional step but in the end was surprisingly
effective. Unfortunately, Payone GmbH again sent my incorrect address to the
Workers Pension Trust in January 2022, and documents yet again went to the wrong address. In my opinion they have not learned from the first time and my complaint is sitting with the ICO yet again”.

The former employee is pursuing a remedy under Article 82 UK GDPR via
the Court’s of England & Wales.

Extraordinary Experiences

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Our Core Values

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.