fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " DPA "

The French Data Protection Authority Announces Stricter Enforcement

On April 15, 2019, the French Data Protection Authority (CNIL) published its 2018 activity report and announced its 2019 enforcement agenda.

The CNIL’s message is clear: if some leniency was tolerated in 2018, this transitional period for GDPR enforcement is now over. Going forward, the CNIL will adopt a stricter approach when investigating companies’ GDPR compliance and make full use of its enforcement powers, including the power to fine.

Source: The French Data Protection Authority Announces Stricter Enforcement

People have no absolute right to fadas in names

Irish people don’t have an “absolute right” to have their names spelt correctly, the State data watchdog has ruled.

Ciarán Ó Cofaigh complained to the Data Protection Commission after medics refused to include the fada on his name because computer software does not allow for fadas. He alleges the Health Service Executive (HSE) was in breach of Article 16 of the GDPR that gives the right to people to have “inaccurate personal data” held by organisations corrected “without undue delay”.

Source: People have no absolute right to fadas in names, watchdog finds

GDPR at a critical stage, says information commissioner

The ICO is calling on data protection officials to help kick off the next phase of the GDPR by embedding sound data governance at its annual conference.

Information Commissioner Elizabeth Denham said the GDRP enshrines in law an onus on companies to understand the risks that they create for others with their data processing, and to mitigate those risks. It also formalises the move away from box ticking to seeing data protection as something that is part of the cultural and business fabric of an organisation, and it reflects that people increasingly demand to be shown how their data is being used, and how it is being looked after, she added.

Source: GDPR at a critical stage, says information commissioner

Bounty UK fined £400,000 for sharing personal data unlawfully

The Information Commissioner’s Office (ICO) has fined Bounty (UK) Limited £400,000 for illegally sharing personal information belonging to more than 14 million people.

An ICO investigation found that Bounty, a pregnancy and parenting club, collected personal information for the purpose of membership registration through its website and mobile app, merchandise pack claim cards and directly from new mothers at hospital bedsides.

Source: Bounty UK fined £400,000 for sharing personal data unlawfully

ICO: businesses falling short on GDPR accountability

Businesses are falling short of meeting the General Data Protection Regulation’s (GDPR’s) accountability requirements, the UK’s information commissioner has said.

Elizabeth Denham highlighted the issue in a speech at the 2019 Data Protection Practitioners’ Conference on Monday.

Source: ICO: businesses falling short on GDPR accountability

ICO responds to Facebook call on governments to tighten internet regulation

The Information Commissioner, Elizabeth Denham has spoken out following Mark Zuckerberg’s demands for governments to do more to control what gets broadcast over the internet.

Last week, the Facebook chief had an op-ed published in the Washington Post, in which he described how regulation needed to be standardised in areas including privacy, election integrity, and data protection systems.

Source: ICO responds to Facebook call on governments to tighten internet regulation

German Authorities Issue 41 GDPR Fines

A survey by Handelsblatt shows that 41 fines have been issued by German privacy authorities through mid-January of this year, according to an analysis by Mondaq.

The highest fine has been €80,000 — for an entity that allowed health-related data to be publicly seen, the report continues. In addition, a €20,000 penalty was imposed on the chat portal Knuddels.de by the State Data Protection and Freedom of Information Officer for Baden-Württemberg.

Source: German Authorities Issue 41 GDPR Fines: Report 02/25/2019

Bavarian Data Protection Authority announces possible fines after website search

At the beginning of February, the Bavarian Data Protection Authority (DPA) participated in the Safer Internet Day (SID) 2019 and searched 40 websites of large companies based in Bavaria.

The DPA reviewed cyber security and user tracking practices with the finding that in the DPA’s view none of the 40 companies provided for GDPR-compliant practices on their websites. As a result, the DPA announced it is considering fines under the GDPR.

Source: Germany: Bavarian Data Protection Authority announces possible fines after sobering result of website search

Year 1 of GDPR: Over 200,000 cases reported, firms fined €56 meeelli… Oh, that’s mostly Google

European data protection agencies have issued fines totalling €56m for GDPR breaches since it was enforced last May, from more than 200,000 reported cases – but watchdogs have said they’re just warming up. However, almost all of it comes from French data watchdog CNIL’s €50m fine for Google.

One thing that did change immediately under GDPR, if not the fines, was the number of incident reports. This was particularly so for companies turning themselves in over data breaches. In the first nine months, there were 206,326 cases reported under the new law from the supervisory authorities in the 31 countries in the European Economic Area.

Source: Year 1 of GDPR: Over 200,000 cases reported, firms fined €56 meeelli… Oh, that’s mostly Google • The Register

The Netherlands DPA confirms its GDPR fining policy

The Netherlands’ Data Protection Authority has published its GDPR fining policy which divides breaches into four categories according to their severity.

There are 4 tiers of fines up to 1 million euro. A higher fine than 1 million euros is, of course, possible if the circumstances so require.

Source: The Netherlands DPA confirms its GDPR fining policy – Privacy Laws & Business

1 2 3 32
>