fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " GDPR "

GDPR continues to shine a light for US legislation

Washington DC is to introduce a new data privacy bill, in a further reminder of the GDPR’s power as a policy influencer for governments the world over.

The Whitehouse is now set to put regulations in place that are heavily modelled on the GDPR which came into being on May 25 th of last year. The rules will also galvanise requirements for data controllers’ handling of citizens within the District of Columbia.

Source: GDPR continues to shine a light for US legislation

How to report a data breach under GDPR

Data breach notification requirements are now mandatory and time-sensitive under GDPR.

While the details of what an organization needs to report in the event of a breach is defined within the legislation, when to report a data breach and which authority you should report the incident to are not as clear.

Read full article: How to report a data breach under GDPR

Global recall: How the GDPR impacts product recalls

Not all potential consequences of the GDPR (and similarly situated laws) are clearly evident quite yet, but companies nonetheless will encounter challenges in their dealings with consumers in the global marketplace, pursuant to the GDPR and other such regulations.

One of the hidden consequences this new proliferation of consumer data privacy measures throughout the world will affect product liability matters, specifically concerning product recalls.

Full article: Global recall: How the GDPR impacts product recalls

European Commission urged to investigate Romanian GDPR implementation

Issue The Romanian law implementing the General Data Protection Regulation (GDPR) allows national political parties to process personal data, including sensitive data, in a manner that disregards citizen rights. Law no. 190/2018 excludes the need to acquire consent for processing personal data, including sensitive data.

Source: European Commission urged to investigate Romanian GDPR implementation

First fine imposed by the Polish privacy watchdog

The President of the Personal Data Protection Office (UODO) imposed its first fine for the amount of PLN 943 000 (around €220 000) for the failure to fulfil the information obligation.

The decision of the UODO’s President concerned the proceedings related to the activity of a company which processed the data subjects’ data obtained from publicly available sources, inter alia from the Central Electronic Register and Information on Economic Activity, and processed the data for commercial purposes. The authority verified incompliance with the information obligation in relation to natural persons conducting business activity – entrepreneurs who are currently conducting such activity or have suspended it, as well as entrepreneurs who conducted such activity in the past.

The controller fulfilled the information obligation by providing the information required under Art. 14 (1) – (3) of the GDPR only in relation to the persons whose e-mail addresses it had at its disposal. In case of the remaining persons the controller failed to comply with the information obligation – as it explained in the course of the proceedings – due to high operational costs. Therefore, it presented the information clause only on its website. In the opinion of the President of the Personal Data Protection Office, such action was insufficient.

Source: First fine imposed by the President of the Personal Data Protection Office | European Data Protection Board

Uber faces fresh legal challenge over driver data

Uber drivers in the U.K. are filing a lawsuit against the company over allegations the firm has continuously broken European data protection laws.

Four drivers are taking legal action against the ride-hailing giant, claiming the company is “failing to honour its obligations” under the EU’s General Data Protection Regulation (GDPR) legislation.

Source: Uber faces fresh legal challenge over driver data

Jourová on first lessons 10 months after the application of the GDPR

European Commission Věra Jourová at the 9th Annual European Data Protection and Privacy Conference delivered a speech “What next for European and global data privacy?”

It her speech First Jourová discusses lessons 10 months after the application of the GDPR, Facebook / Cambridge Analytica scandal and globalised discussion about challenges to privacy.

Read full speech: Speech by European Commission Věra Jourová at the 9th Annual European Data Protection and Privacy Conference: What next for European and global data privacy?

EU Commissioner says GDPR is an opportunity to build trust

European Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, delivered a speech on 20 March 2019 at the 9th annual European Data Protection Conference which stressed that the General Data Protection Regulation (GDPR) is an opportunity for businesses and individuals to build trust.

Full article: EU Commissioner says GDPR is an opportunity to build trust

German court ruled that protection of the whistle-blower confidentiality does not generally override the data subject access right

A mid-level German employment court recently had to consider the scope of subject access requests under the EU General Data Protection Regulation (GDPR) in the context of compliance and whistle-blowing regimes.

The Regional Labour Court ( Landesarbeitsgericht ) of Stuttgart decided that an employer was required not only to provide an employee with the records containing performance and behavioural data, but also to disclose information regarding internal investigations.

Source: German court ruled that protection of the whistle-blower confidentiality does not generally override the data subject access right

German Authorities Issue 41 GDPR Fines

A survey by Handelsblatt shows that 41 fines have been issued by German privacy authorities through mid-January of this year, according to an analysis by Mondaq.

The highest fine has been €80,000 — for an entity that allowed health-related data to be publicly seen, the report continues. In addition, a €20,000 penalty was imposed on the chat portal Knuddels.de by the State Data Protection and Freedom of Information Officer for Baden-Württemberg.

Source: German Authorities Issue 41 GDPR Fines: Report 02/25/2019

>