Organizations often ask how much chance they have on data protection fines and how much financial reserve they should make for that. Unit 27 June EDPB guidelines on calculating GDPR fines are released for public consultation. Interesting is to have a look at the example for mitigating and aggravating factors that could influence the height … Read more
Below an overview of the only comprehensive fining methodologies that were published so far by EU DPAs (specifically, by the Dutch, Danish, and Latvian DPAs), as well as the relevant draft Statutory guidance issued by the UK DPA (ICO) in 2020. Therefore, this analysis will also show how the approach of the ICO in this … Read more
The CNIL – French DPA-published its guide for DPOs. This Guide https://lnkd.in/eMXdDeRh analyzes, among other issues why and how to appoint a DPO, what means should be provided to fulfill its mission and the pros and cons of the internal, external and shared DPO roles are compared: 1) If you choose to appoint a member of the … Read more
The French DPA fined a French company for not having a retention period, keeping personal data since 2007. In fact they were using an out of date hashtag, not actually deleting data after data subject request. The CNIL fined the company 120.000 € for not taking all necessary measures to be compliant.
Hellenic DPA fines Company for failure to comply with a data subject’s access request for a video recording, resulting in a € 30’000 GDPR Fine. Based on the complaint of a data subject, the Greek Data Protection Authority imposed the fine because the company had not properly complied with the complainant’s request for information. The … Read more
On May 24, 2021, a telephone conversation with an employee of the claimed entity was recorded without any informed consent and not following the principle of data minimization. . Through an email sent by the representative, he learned that his conversation was recorded, a fact he was not informed about. On November 15, 2021, the … Read more
The Austrian Data Protection Authority has decided on a model case by noyb that the continuous use of Google Analytics violates the GDPR. This is the first decision on the 101 model complaints filed by noyb in the wake of the so-called “Schrems II” decision. In 2020, the Court of Justice (CJEU) decided that the … Read more
The Norwegian privacy regulator Datatilsynet has decided on the basis of research not to create a Facebook page because the privacy risks for users are too great. To the best of its knowledge, the regulator is the first organization to have carried out a risk analysis and a Data Protection Impact Assessment (DPIA) into the … Read more