fbpx

Download free GDPR compliance checklist!

Tag Archives for " DPA "

Twitter notifies Irish DPC about hack

Social media company Twitter has officially informed Ireland’s Data Protection Commissioner (DPC) of a cyberattack involving high-profile accounts.

The DPC is reviewing the notification and has yet to decide if to launch an investigation into the incident, according to media reports.

Source: Twitter notifies Irish DPC about hack

UK government reported 500 personal data breaches to ICO in a year

Central government reported almost 500 personal data breaches to the Information Commissioner’s Office in the 2020 fiscal year, with one in ten requiring formal investigation and at least 10 incidents that have required the department in question to take remedial action.

During FY20, the regulator also received a collective tally of 1,006 data-breach reports from the local government sector. The overall number of reports filed across all sectors quadrupled following the introduction of GDPR, from 3,331 in 20178/18 to 13,840 the following year.

Source: EXCL: Whitehall departments reported 500 personal data breaches to ICO in FY20 | PublicTechnology.net

The Netherlands DPA imposes EUR 830,000 fine for access request fees

On the 6 th of July 2020, the Dutch Data Protection Authority  published its decision to impose a fine of 830,000 EUR on Stichting Bureau Krediet Registratie (BKR).

BKR keeps an electronic file of the loans and debts people have in the Netherlands, stored in a central database. The fine has been imposed due to the fact that BKR’s procedure for data subjects to obtain access to their personal data was not in line with GDPR.

Source: The Netherlands – DPA imposes EUR 830,00 fine for access request fees

Norway pulls its coronavirus contacts-tracing app after privacy watchdog’s warning

One of the first national coronavirus contacts-tracing apps to be launched in Europe is being suspended in Norway after the country’s data protection authority raised concerns that the software, called “Smittestopp,” poses a disproportionate threat to user privacy — including by continuously uploading people’s location.

Following a warning from the watchdog Friday, the Norwegian Institute of Public Health (FHI) said today it will stop uploading data from tomorrow — ahead of a June 23 deadline when the DPA had asked for use of the app to be suspended so that changes could be made. It added that it disagrees with the watchdog’s assessment but will nonetheless delete user data “as soon as possible.”

Source: Norway pulls its coronavirus contacts-tracing app after privacy watchdog’s warning | TechCrunch

GDPR complaint lodged with UK data watchdog over coronavirus Test and Trace programme

Open Rights Group has instructed lawyers to lodge a complaint with the UK’s data watchdog over the rollout of the Test and Trace system because it says the system breaches the General Data Protection Regulation (GDPR).

The complaint to the ICO relates to the failure by the NHS and Public Health England (PHE), which runs the Test and Trace programme, to conduct a Data Protection Impact Assessment (DPIA), which is required under the GDPR before processing of data in high-risk situations.

Source: Legal complaint lodged with UK data watchdog over claims coronavirus Test and Trace programme flouts GDPR • The Register

Finland DPA imposes €72,000 GDPR fine against taxi company

The Office of the Data Protection Ombudsman has imposed an administrative fine against taxi company Taksi Helsinki for data protection violations.

Last summer, the company had replaced its camera surveillance system with one that recorded both audio and video, but failed to assess the legality of the related personal data processing as required by the EU General Data Protection Regulation (GDPR). Additionally, the taxi company also failed to conduct the impact assessments required by GDPR before the start of processing.

Source: #Privacy: Finland DPA imposes GDPR fine against taxi company

Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Following its investigation of a personal data breach, the Belgian Data Protection Authority (DPA) issued a ruling on April 28, 2020, imposing a €50,000 fine on an organization for negligence in having appointed the company’s head of compliance, risk and audit as its data protection officer (DPO).

Notably, the DPA highlighted that the organization had not implemented a policy defining the DPO’s role until at least July 2019. Although such a policy had been prepared, the DPA indicated that such preparation alone was not enough to demonstrate the DPO’s independence.

Source: Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Irish regulator reaches preliminary decision in Twitter privacy probe

Twitter may be the first big technology firm to face a fine by the EU’s lead regulator under the region’s tougher data protection rules after it submitted a preliminary decision in a probe into the social media firm to other member states.

The Twitter ruling relates to a 2019 probe into a bug in its Android app, where some users’ protected tweets were made public. Twitter is the subject of two of the 20 other inquiries the DPC had open into big tech firms at the end of 2019.

The DPC is not commenting on the substance of the preliminary Twitter decision at this point, Deputy Commissioner Graham Doyle told Reuters.

Source: Irish regulator reaches preliminary decision in Twitter privacy probe – EURACTIV.com

EasyJet faces £18 billion class-action lawsuit over data breach

UK budget airline easyJet is facing an £18 billion class-action lawsuit filed on behalf of customers impacted by a recently-disclosed data breach.

The lawsuit has been filed in the High Court of London on behalf of customers. According to the firm, easyJet’s data breach took place in January 2020, and while the ICO was apparently notified at this time, customers were not informed until four months later. The lawsuit aims to secure up to £2,000 per impacted customer.

Source: EasyJet faces £18 billion class-action lawsuit over data breach | ZDNet

HSE will no longer tell employers workers’ test results

The Health Service Executive has said it is to suspend the practice of informing employers of Covid-19 test results and is to seek guidance from the Data Protection Commissioner (DPC).

In some cases, the results were sent to employers who informed workers before the HSE. The DPC has said this is not legitimate.

In view of the concerns raised by some employees in relation to this issue, the HSE will reconsider the use of exceptions and has suspended the practice while it seeks guidance from the Data Protection Commissioner.

Source: HSE will no longer tell employers workers’ test results

1 2 3 45
>