fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " DPA "

Belgian Data Protection Authority Releases 2018 Annual Activity Report

On April 25, 2019, the Belgian Data Protection Authority (the “Belgian DPA”) published its Annual Activity Report for 2018 (the “Annual Report”), highlighting the main developments and accomplishments of the past year. New Authority On May 25, 2018, the Belgian Privacy Commission became the Belgian DPA.

Full article: Belgian Data Protection Authority Releases 2018 Annual Activity Report

ICO issues draft code of practice on designing online services for children

Earlier this month, the UK’s Information Commissioner’s Office published a draft code of practice (“Code”) on designing online services for children. The Code is now open for public consultation until May 31, 2019.

The Code sets out 16 standards of “age appropriate design” with which online service providers should comply when designing online services (such as apps, connected toys, social media platforms, online games, educational websites and streaming services) that children under the age of 18 are likely to access.

Source: ICO issues draft code of practice on designing online services for children

Irish data regulator looking into Facebook password gaffe

Ireland’s Data Protection Commission (DCP) has confirmed it’s looking into the hundreds of millions of passwords that Facebook stored without encryption.

The social network notified the regulator that user passwords for Facebook, Facebook Lite and Instagram were stored in plain text in the company’s internal servers.

Source: Irish data regulator looking into Facebook password gaffe | IT PRO

Greek DPA Issues EUR 30,000 Fine For Data Protection Violation

On April 15, 2019, the Greek Data Protection Authority fined Hellenic Petroleum S.A. EUR 20,000 for unlawful processing of personal data and EUR 10,000 for failing to adopt appropriate data security measures.

Hellenic Petroleum S.A. had engaged a vendor to conduct a study on its behalf. The study was exposed online, and its results—which included sensitive data such as political opinions, trade union membership and participation in associations—was publicly accessible on the Internet.

Source: Greek DPA Issues EUR 30,000 Fine For Data Protection Violation

Italy’s DPA Fines Data Processor for Information Security Failures

Italian Data Protection Authority, Garante, has issued a 50,000 EUR fine against a data processor platform for its failures to implement several information security measures.

Measures addressed by Garante includes: conducting periodic vulnerability assessments, ensuring timely implementation of patches, requiring strong passwords and ensuring password security.

Source: Italy’s DPA Fines Data Processor for Information Security Failures | Privacy Compliance & Data Security

Dutch DPA Issues Guidelines on Privacy Policies Following Investigation

On April 17, 2019, the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens (the “Dutch DPA”) issued six recommendations (in Dutch) for companies, to be taken into account when drafting privacy policies.

The published recommendations follow the Dutch DPA’s investigation of companies’ privacy policies. The investigation focused on companies that process sensitive personal data, including health data and data related to individuals’ political beliefs.

Source: Dutch DPA Issues Guidelines on Privacy Policies Following Investigation

Why you should pay close attention to the Polish DPA’s first GDPR fine

The Polish data protection authority’s first post-General Data Protection Regulation-era decision, and its first fine, raise questions about the GDPR’s retroactive applicability, transparency, procedural justice and legal competence.

Full article: Why you should pay close attention to the Polish DPA’s first GDPR fine

The French Data Protection Authority Announces Stricter Enforcement

On April 15, 2019, the French Data Protection Authority (CNIL) published its 2018 activity report and announced its 2019 enforcement agenda.

The CNIL’s message is clear: if some leniency was tolerated in 2018, this transitional period for GDPR enforcement is now over. Going forward, the CNIL will adopt a stricter approach when investigating companies’ GDPR compliance and make full use of its enforcement powers, including the power to fine.

Source: The French Data Protection Authority Announces Stricter Enforcement

People have no absolute right to fadas in names

Irish people don’t have an “absolute right” to have their names spelt correctly, the State data watchdog has ruled.

Ciarán Ó Cofaigh complained to the Data Protection Commission after medics refused to include the fada on his name because computer software does not allow for fadas. He alleges the Health Service Executive (HSE) was in breach of Article 16 of the GDPR that gives the right to people to have “inaccurate personal data” held by organisations corrected “without undue delay”.

Source: People have no absolute right to fadas in names, watchdog finds

>