fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " DPA "

EDPB Publishes Opinion on the Competence of a Supervisory Authority Relating to the Main or Single Establishment

On July 9, 2019, the European Data Protection Board (EDPB) adopted Opinion 8/2019 on the Competence of a Supervisory Authority in Case of a Change in Circumstances Relating to the Main or Single Establishment at the request of the French and the Swedish data protection authorities.

A change of circumstances relating to the main or single establishment may occur when the single or main establishment is (i) relocated from an EEA country to another EEA country; (ii) moved from or ceases to exist in an EEA country; (iii) relocated from a non-EEA country to an EEA country or is set up in an EEA country.

Full article: EDPB Publishes Opinion on the Competence of a Supervisory Authority in Change in Circumstances Relating to the Main or Single Establishment

The Netherlands imposes first GDPR fine of EUR 460,000

The Dutch Data Protection Authority – Autoriteit Persoonsgegevens – has issued its first GDPR-fine of EUR 460,000. The fine is imposed on the Dutch Haga Hospital for having an insufficient internal security of patient records.

The hospital did not have in place two-factor authentication, which should have been the case when it comes to patient records. Also, while the hospital did control its logs (by a random check of six patient records per year), that this wasn’t sufficient to meet the requirement of ‘systematic, risk-oriented or intelligent control’, in particular considering the scale of data processing by the hospital.

Source: The Netherlands – First GDPR fine imposed: EUR 460,000

Irish privacy watchdog may launch another Google investigation

Google may have to face further investigations by the Irish Data Protection Commission after reports of contractors being able to hear users’ audio footage submitted to the tech firm’s digital assistant.

The prospective measures follow a data breach notification sent to the Irish data watchdog last week. The news of the Irish DPC’s prospective investigation comes two months after Google revealed upgraded privacy and data protection features at the firm’s annual developer conference.

Source: Irish privacy watchdog may launch another Google investigation

ICO intends to fine Marriott International, Inc more than £99m for data breach

Marriott International has received a notification from the Information Commissioner’s Office (ICO) of its intention to fine the company £99,200,396.

In November 2018, Marriott had disclosed that their Starwood reservation database had been compromised between 2014 and 2018. The breach resulted in approximately 339 million guest records globally being exposed.

Source: ICO intends to fine Marriott International, Inc more than £99m for data breach

EDPB publishes overview on the implementation of the GDPR and national DPAs

European Data Protection Board has published an overview of the implementation and enforcement of the General Data Protection Regulation (GDPR) covering both the cooperation mechanism and the consistency findings.

EDPB thinks that the GDPR cooperation and consistency mechanism work quite well in practice. The experiences of the EDPB regarding consistency is – up to now – limited, as no dispute resolution through this new EU body was necessary during the reported period.

Read full report.

Romanian DPA fines UniCredit €130,000 for data protection by design failures

The National Supervisory Authority for Personal Data Processing (‘ANSPDCP’) announced, on 4 July 2019, that it had fined UniCredit Bank S.A. €130,000 for breach of Article 25(1) of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) relating to the principles of data protection by design and by default.

The ANSPDCP found that failure to implement appropriate technical and organisational measures designed to effectively implement data protection principles and integrate necessary safeguards in the processing of data led to the disclosure of data concerning 300,000 data subjects during the period of 25 May 2018 to 10 December 2018

Source: Romania: ANSPDCP fines UniCredit €130,000 for data protection by design failures

Duch privacy watchdog warns banks not to use payments for marketing

On Wednesday Duch data protection authority – Autoriteit Persoonsgegevens –  announced that banks should not offer their customers products on the basis of their confidential spending patterns. It added that all banks ‘should therefore take a good look at their policies around direct marketing.’

It its letter, it warns that certain transactions are considered particularly sensitive in terms of privacy law, such as payments to ‘hospitals, pharmacies, casinos, sex clubs….religious groups [and political parties]’ and that bank clients have an expectation of privacy.

Source: Look away: privacy watchdog warns banks not to use payments for marketing – DutchNews.nl – Live

EU regulator launches third Apple investigation

The principle regulator for Apple in Europe, the Irish Data Protection Commission, has begun a third investigation into data privacy standards at the tech giant.

Speaking this week, a spokesperson for the Irish DPC confirmed that Apple’s compliancy with the EU’s General Data Protection Regulation (GDPR) will go under examination for the third time in the last month.

Source: EU regulator launches third Apple investigation

Cookie consent – What “good” compliance looks like according to the ICO

On 3 July 2019, the UK data protection authority (the ICO) updated its guidance on the rules that apply to the use of cookies and other similar technologies.

The ICO has also changed the cookie control mechanism on its own website to mirror the changes in the new guidance.

Full article: Cookie consent – What “good” compliance looks like according to the ICO

Données & Design: a platform to bring designers together on the topic of GDPR

Données & Design is a platform, created by French data protection authority CNIL, seeking to create spaces for collaboration and discussion for designers to build together user journeys respectful of privacy.

The platform aims at efficiently integrating those considerations in the daily work of designers in order to help them argue their choices and collaborate more effectively on data protection issues with privacy professionals and other members of a project team (DPO, product owner, projects manager…). The platform provides contents explaining and illustrating points of regulation on which designers can intervene.

Source: Données & Design: a platform to bring designers together on the topic of GDPR

>