anonym.legal

By · Last updated 2026-06-05

Rudi kwa BlogGDPR & Ufuatiliaji

ICO UK: Tofauti za GDPR Baada ya Brexit

ICO ilimuadhibu LastPass faini ya £1.2M kwa usimbaji fiche usiotosha mnamo Desemba 2025. Uamuzi huu unaweka usimbaji fiche wa upande wa mteja kama sharti la kisheria.

June 5, 20267 dakika kusoma
ICO UKUK GDPRLastPass fineencryption compliancepost-Brexit data protection

UK GDPR Baada ya Brexit: Nini Kilichobadilika

Sheria ya Ulinzi wa Data ya Uingereza 2018 iliingiza UK GDPR katika sheria. Inakaribia EU GDPR -- lakini si katika kila eneo. Ukifanya kazi nchini Uingereza na EU, unakabiliwa na ukaguzi mbili tofauti za utiifu.

Kilichobaki sawa:

  • Misingi sita ya kisheria ya usindikaji
  • Haki za mada: ufikiaji, kufutwa, urekebishaji, uhamishaji
  • Taarifa ya ukiukaji kwa msimamizi ndani ya masaa 72
  • Faragha kwa muundo na kwa chaguo-msingi

Kilichobadilika:

  • Uingereza unaendesha maamuzi yake ya kutosha kwa uhamishaji wa kimataifa
  • Mwongozo wa AI wa UK uliotolewa 2023--2024 unakwenda zaidi ya EDPB
  • Msamaha wa utafiti wa Uingereza ni pana kidogo zaidi kuliko wa EU
  • Msimamizi anahamia kutoka ushauri-kwanza hadi faini -- kwa kasi zaidi kuliko awali

Pengo kati ya sheria za UK na EU ni halisi. Zishughulikie kama orodha mbili tofauti za ukaguzi.

Faini ya LastPass: Usimbaji Fiche Sasa Ni Kipimo cha Kisheria

Mnamo Desemba 2025, ICO ilimuadhibu LastPass UK £1.2 milioni kwa mfumo wa usimbaji fiche wenye kasoro. Huu ndio uamuzi muhimu zaidi wa UK GDPR kuhusu usalama wa kiufundi hadi sasa.

Kilichogunduliwa na msimamizi: LastPass ilihifadhi rekodi za hifadhi na funguo zilizoshikiliwa na seva. Yeyote aliyefikia seva angeweza kusoma hifadhi. Uamuzi uligundua kuwa hii ilivunja kipimo cha "hatua za kiufundi zinazofaa" katika UK GDPR Kifungu cha 32.

Maneno muhimu kutoka kwenye taarifa: "Mdhibiti alipaswa kutumia usimbaji fiche wa upande wa mteja. Hii ingeiweka rekodi za hifadhi za mtumiaji salama hata kama seva ilishambuliwa."

Kinachowekwa na hii: Ikiwa muundo salama zaidi upo na unaweza kujengwa, kutumia uliodhoofika unaweza sasa kuvunja Kifungu cha 32. Usimamizi wa funguo za upande wa seva hauko tena salama kwa chaguo-msingi kwa rekodi nyeti.

Wanaohusika: Huduma yoyote inayohifadhi rekodi nyeti na kushikilia funguo za usimbaji fiche kwenye seva zake. Hii inajumuisha zana zinazoingia kwa rekodi za maandishi kwa ajili ya ukaguzi, takwimu za matumizi, au historia ya hati. Ikiwa seva inaweza kusoma maandishi, wasimamizi wanaweza kuuliza kwa nini hukutumia muundo wa upande wa mteja. Angalia jinsi anonym.legal inavyoshughulikia hii kwa usanifu wa zero-knowledge.

Mwongozo wa AI wa UK: Sheria Nane za Kiufundi

Msimamizi wa Uingereza alichapisha mwongozo wa kina wa AI 2023--2024. Unashughulikia mahitaji nane maalum kwa mifumo ya AI ya kuzalisha. Mwongozo unaofanana wa EU una maelezo machache.

1. Asili ya data ya mafunzo -- AI iliyofunzwa kwenye rekodi za kibinafsi lazima iandike wapi data hiyo ilitoka na hatua gani zilitumiwa kuisafisha.

2. Ufuatiliaji wa matokeo -- Mifumo inayozalisha matokeo ya kibinafsi lazima iwe na vidhibiti vya kukamata na kusimamisha ufafanuzi mbaya.

3. Upungufu wa madhumuni -- Rekodi zinazotumika kwa mafunzo ya AI lazima ziendane na madhumuni yaliyotajwa. Mafunzo ya jumla kwenye rekodi za wateja yanahitaji msingi wa kisheria ulio wazi.

4. Haki za maamuzi ya kiotomatiki -- Ikiwa AI yako inafanya maamuzi muhimu kuhusu mtu, lazima isaidie ufikiaji, maelezo, na rufaa.

5. Ufuatiliaji wa upendeleo -- Mifumo inayotumia sifa zilizolindwa -- moja kwa moja au kwa uhesabu -- lazima iwe na ukaguzi wa upendeleo.

6. Upunguzaji kabla ya marekebisho ya hali ya juu -- Lazima upunguze rekodi za kibinafsi kabla ya marekebisho ya hali ya juu. Sera peke yake haitoshi.

7. Kufutwa kutoka kwa uzito wa mfano -- Ikiwa rekodi zinaingiza uzito wa mfano, unahitaji mpango wa kushughulikia maombi ya kufutwa. Hatua za kiufundi au za sawa zinahitajika.

8. Ukaguzi wa AI wa tatu -- Ukitumia AI ya kampuni nyingine, lazima ukague na uandike utiifu wake na pointi zote nane.

Sheria hizi nane zinaunda orodha ya ukaguzi ya vitendo kwa usambazaji wowote wa AI nchini Uingereza.

Utekelezaji wa UK: Mpito kwa Faini

Msimamizi aliwahi kupendelea barua za mwongozo badala ya adhabu. Hiyo inabadilika. Vitendo vya hivi karibuni vinaonyesha mfumo wazi:

HatuaKiasiMwakaSababu
British Airways£20M2020Uvunjaji -- usalama dhaifu
Marriott International£18.4M2020Uvunjaji -- uangalifu duni
LastPass UK£1.2M2025Kushindwa kwa muundo wa usimbaji fiche
Electoral Commission£4.4M ukemeo2023Seva isiyosasishwa

Taarifa 67 za utekelezaji zilitolewa mwaka 2024 -- rekodi. Kesi ya LastPass ni muhimu kwa sababu faini ilikuwa kwa chaguo la muundo, si tu matokeo ya uvunjaji. Wasimamizi walipekua jinsi LastPass ilivyojenga mfumo wake. Hiyo ni mpya.

Uhamishaji UK--EU: Hatari ya Pande Mbili

Mashirika ya Uingereza yanayoshughulikia rekodi za kibinafsi za EU yanakabiliwa na majukumu kutoka pande zote mbili.

Kutoka EU hadi UK: EU ilitoa Uingereza uamuzi wa kutosha mwaka 2021. Bado ni halali. Lakini iko chini ya changamoto ya kisheria. Usitegemee peke yake -- vifungu vya kawaida vya kimkataba (SCCs) ni hifadhi nzuri.

Kutoka UK hadi EU: Hakuna sheria ya sasa inayozuia kuhamisha rekodi za UK kwa wasindikaji wa EU. Lakini msindikaji wa EU anayeshughulikia rekodi za UK bado anaweza kuchochea sheria za EU GDPR mwishowe.

Hatua ya vitendo: Andika msimamo wako wa UK GDPR na msimamo wako wa EU GDPR kama hati mbili tofauti. Angalia wanapolingana na wanapokafarakana. Hii ndiyo rekodi unayohitaji ikiwa msimamizi auliza. Muhtasari wetu wa utiifu unaorodhesha pande zote mbili.

Kwa mtazamo wa kina zaidi wa muundo wa zero-knowledge na jinsi unavyoshughulikia hatari ya uvunjaji wa seva iliyotambuliwa katika LastPass, soma ukurasa wetu wa usanifu wa usalama na faragha.

Vyanzo

Makala Zinazohusiana

GDPR & Ufuatiliaji

Japan My Number: Verhoeff & APPI

63% of generic tools fail My Number detection in Japanese documents. My Number uses Verhoeff algorithm — the most complex national ID checksum in Asia.

GDPR & Ufuatiliaji

HDPA Greece: AFM & AMKA Detection

Greek AFM detected with 52% accuracy by generic tools. HDPA issued 89 decisions in 2024 — up 162% from 2022. Tourism and maritime sectors face distinct.

GDPR & Ufuatiliaji

NAIH Hungary: TAJ-Szám and Adóazonosító Jel

Hungarian NER accuracy is 67% vs. EU average 82% — NAIH's 2024 assessment. TAJ-szám weighted checksum and adóazonosító jel detection gaps.

Tayari kulinda data yako?

Anza kuanonymisha PII na aina 285+ za vitu katika lugha 48.

Anza Jaribio la BureTazama Vipengele

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.