Transport company, Uber, has been under fire following an appeal they made against a landmark ruling to treat their drivers as workers by offering them minimum wage and the right to sickness and holiday pay. To make things worse, Transport for London had also stated that Uber London Ltd will not be reissued with a private hire operator license from 30th September, due to the fact that Uber “demonstrate a lack of corporate responsibility in relation to a number of issues which have potential public safety and security implications”.
The latest shocking development is that Uber has admitted they suffered a security breach in 2016 which affected 57 million customers and drivers worldwide and 2.7 million people in the UK, compromising information that included names, email addresses, and mobile phone numbers. Uber also confirmed that they paid the hackers responsible a staggering $100,000 to delete the data and keep quiet about the breach, concealing a massive global breach for over a year. The company has failed to notify individuals that were affected, as well as regulators and it has since come to light that the data was being stored unencrypted, vulnerable to hackers.
It is breaches and cover-ups such as this, that GDPR will be enforced from May 25th, 2018. Article 33 of the GDPR states that the notification of a personal data breach must be declared to the supervisory authority no later than 72 hours after becoming aware of it. If the notification is not made within 72 hours, it could lead to penalties if without a good reason for the delay.