Below an overview of the only comprehensive fining methodologies that were published so far by EU DPAs (specifically, by the Dutch, Danish, and Latvian DPAs), as well as the relevant draft Statutory guidance issued by the UK DPA (ICO) in 2020. Therefore, this analysis will also show how the approach of the ICO in this […]
Bank of Ireland failed to:– report dataleaks without delay;– provide sufficient detail to the DPC;– issue communications to data subjects without undue delay;– failed to implement appropriate technical and organisational measures. Result: €463,000 fine
“Various claims are filed as a result of the issuance of duplicate SIM cards to third parties other than subscribers. As a result of the above, the holders of the telephone line are not only left without service, but the third parties access their bank accounts.” “Spanish DPA carries out research actions to analyze the […]
Systematically asking a copy of the ID of the data subject as a condition to send an access request is illegal, says the Belgian DPA, in accordance with the EDPB guidelines on the right to access.
The Guidelines offer practical recommendations to designers and users of social media platforms on how to assess and avoid so called “dark patterns” in social media interfaces that infringe on GDPR requirements. In the context of these Guidelines, “dark patterns” are considered as interfaces and user experiences implemented on social media platforms that lead users […]
The CNIL – French DPA-published its guide for DPOs. This Guide https://lnkd.in/eMXdDeRh analyzes, among other issues why and how to appoint a DPO, what means should be provided to fulfill its mission and the pros and cons of the internal, external and shared DPO roles are compared: 1) If you choose to appoint a member of the […]
The French DPA fined a French company for not having a retention period, keeping personal data since 2007. In fact they were using an out of date hashtag, not actually deleting data after data subject request. The CNIL fined the company 120.000 € for not taking all necessary measures to be compliant.
An economic study commissioned by Computer and Communications Industry (CCIA Europe) finds that the envisaged international transfer requirements could lead to as many as 40% of the polled EU companies to stop moving non-personal, commercially sensitive data to jurisdictions beyond its borders, implying a GDP loss of 79 billion euros per year. This finding contrasts, however, […]
Hellenic DPA fines Company for failure to comply with a data subject’s access request for a video recording, resulting in a € 30’000 GDPR Fine. Based on the complaint of a data subject, the Greek Data Protection Authority imposed the fine because the company had not properly complied with the complainant’s request for information. The […]
On May 24, 2021, a telephone conversation with an employee of the claimed entity was recorded without any informed consent and not following the principle of data minimization. . Through an email sent by the representative, he learned that his conversation was recorded, a fact he was not informed about. On November 15, 2021, the […]