fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " sanctions "

CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates.

Source: CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

Spanish DPA fines soccer league 250K euros

La Liga has been fined 250,000 euros for violating the Spanish Data Protection Agency (AEPD) and the European General Data Protection Regulation (GDPR).

La Liga was using their mobile app to detect the bars that screen football matches without paying by activating the microphone of any user’s mobile so that it can detect sounds that bars emits if a private signal is used. AEPD found that information presented to users was opaque.

Source: Spanish DPA fines soccer league 250K euros

Belgian Data Protection Authority issues its first fine

On Tuesday 28 May 2019, the Belgian Data Protection Authority (DPA) imposed its first financial penalty since the entry into application of the GDPR.

The administrative fine amounts to EUR 2 000 and concerns the misuse of personal data for election purposes. Although the fine is modest, the message is not: Data protection is an important matter to us all, but data controllers must assume their responsibility, especially if they have a government mandate.

Read more: Belgium: Belgian Data Protection Authority issues its first fine

Caught between data protection and trade sanctions?

The rapid evolution of the economic sanctions environment constitutes a compliance challenge for multinationals and financial institutions in particular.

A significant emphasis is already placed on the use of technology for facilitating sanctions screening and filtering of listed individuals. While the technology will definitely improve sanctions compliance strategies, one might question to what extent these processing operations will be compatible with data protection rules?

Full article: Caught between data protection and trade sanctions? – CITIP blog

German regional data protection authorities impose fines of EUR 449,000 for GDPR breaches

German regional data protection authorities have imposed fines in 75 cases totalling EUR 449,0000 for breaches of the European General Data Protection Regulation (GDPR), since it came into effect in May 2018.

Fines have been imposed in six federal states. In Baden-Wurttemberg, for example, the data protection authorities imposed fined worth EUR 203,000 in seven cases, in Rhineland-Palatinate EUR 124,000 for nine cases, in Berlin EUR 105,600 for eighteen cases and in Hamburg, EUR 25,000 for two cases, the report added.

Source: German regional data protection authorities impose fines of EUR 449,000 for GDPR breaches – Telecompaper

Only 0.25% of reported data breach cases fined under GDPR

Data requested by digi.me shows that of 11,468 data breach cases closed by the Information Commissioner’s Office (ICO) since GDPR’s implementation, only 29 have resulted in financial penalties. That makes a penalty rate of just 0.25 per cent.

The data also revealed that 37,798 data protection concerns have been raised by members of the public since 25 May 2018. This figure is nearly three times the number of actual data breach cases investigated by the ICO during this same period (12,854).

Source: Digi.me investigation reveals only 0.25pc of reported data breach cases fined under GDPR – digi.me

Facebook facing 20-year consent agreement after privacy lapses

The social media giant Facebook is headed toward an agreement with the U.S. government over its privacy policies and practices that would put it under 20 years of oversight.

The agreement would resolve a probe of whether the company violated a similar consent pact reached in 2011. There had been expectations a deal was imminent after Facebook set aside $3 billion to pay what it said it expected to be a $3 billion to $5 billion penalty. But two sources said on Monday that no deal was expected this week.

Source: Facebook facing 20-year consent agreement after privacy lapses

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

European privacy authorities have received nearly 65,000 data breach notifications since the EU’s General Data Protection Regulation went into full effect in May 2018.

In addition, regulators in 11 European countries have imposed almost €56 million in General Data Protection Regulation fines. Though biggest part of it comes from Google €50 million GDPR fine.

Source: GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Lithuania DPA isuues EUR 61,500 GDPR fine

Lithuanian data protection authority (State Data Protection Inspectorate) imposed the first administrative fine in Lithuania for violations of the General Data Protection Regulation (GDPR) amounting to EUR 61,500.

Sanctions to UAB “MisterTango” have been adopted for the excessive processing of data, the breach of personal data security in the payment service system (the list of payments was visible on the Internet for 2 days), and breach of data security was not reported to the supervisory authority.

Source: State Data Protection Inspectorate – Articles: The Company’s Responsibilities Will Not Be Avoided – Significant fine for violations of the General Data Protection Regulation in Lithuania

Administrative fine of 170.000 € imposed on Bergen Municipality

The Norwegian Supervisory Authority (Datatilsynet) has imposed an administrative fine of 1.6 million Norwegian kroner, or the equivalent of 170.000 €, on the Municipality of Bergen.

The incident relates to computer files with usernames and passwords to over 35000 user accounts in the municipality’s computer system. The user accounts related to both pupils in the municipality’s primary schools, and to the employees of the same schools. Due to insufficient security measures, these files have been unprotected and openly accessible. The lack of security measures in the system made it possible for anyone to log in to the school’s various information systems, and thereby to access various categories of personal data relating to the pupils and employees of the schools.

Source: Administrative fine of 170.000 € imposed on Bergen Municipality | Datatilsynet

1 2 3 15
>