The Belgian Data Protection Authority holds that a Data Protection Officer (DPO) may not himself/herself delete personal information of a data subject.
Doing so constitutes a violation of the General Data Protection...more
The Hellenic DPA has issued an opinion regarding the appropriate legal basis for processing employee data under GDPR:
Consent should be used as the legal basis only where the other legal bases do not apply....more
Italian Data protection Authority, Garante privacy, ordered a company that did not acquire granular consent for marketing from members of its loyalty programs to:
(i) stop processing personal data for marketing purposes...more
The Danish Data Protection Authority has issued guidance on the transmission of personal data via text messages (SMS).
Key takeaways:
Sending personal data by SMS is risky as it entails transmission in clear text, over...more
The Dutch Data Protection Authority has levied a fine of 460,000 euros on Haga Hospital for insufficient security following an investigation revealing that dozens of hospital staff had unnecessarily checked the medical...more
How do you verify the identity of an individual requesting access to their data or that data be deleted?
The Dutch Data Protection Authority, Autoriteitpersoonsgegevens, offers guidance which can be helpful and instructive...more
6/21/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
General Data Protection Regulation (GDPR) ,
Netherlands ,
Personally Identifiable Information ,
Privacy Laws
If you retain personal data indefinitely, or have not given thought to your retention schedule – now may be the time to take another look.
The Danish Data Protection Authority has fined a furniture store 200,000 EUR for...more
The Swedish Data Protection Authority has initiated an inquiry into how song streaming provider Spotify handles data access requests....more
The French Data protection authority, CNIL, has issued a “Developer Kit” setting forth best practices for data protection.
Key takeaways:
Before using a development tool, especially for personal data, read the...more
“The right to be forgotten does not apply in principle to medical records. However, as a patient, you may ask your health care provider to remove data from your medical record,” according to the Dutch Data Protection...more
Danish data protection authority Datatilsynet has ordered a bus company to explain, by July 15, how it will amend its IT systems to allow for compliance with the right to rectification (correction) under GDPR and provide a...more
The Finnish Data Protection Authority has ordered a company to modify its automated practices for assessing creditworthiness.
The authority held that the Credit Decision Service in the company’s online environment is an...more
Enforcement is coming – says CNIL, the French Data Protection Authority.
CNIL published its enforcement priorities for 2019. CNIL will no longer refrain from enforcing new obligations imposed by GDPR, but it will continue...more
Caveat Data Processor.
Italian Data Protection Authority, Garante, has issued a 50,000 EUR fine against a data processor platform for its failures to implement several information security measures....more
The Dutch Data Protection Authority makes six recommendations on drafting your data protection policy, based on its audits of privacy policies of blood banks, IVF clinics and political parties.
A good data protection policy...more
The French Data Protection Agency CNIL recieved 11,077 complaints in 2018, up 32.5 percent compared to 2017.
Other highlights from the CNIL 2018 report-
CNIL carried out 310 investigations in 2018, of which 204 were...more
“This call may be recorded for training purposes…if you consent say ‘Consent’.”
The Danish Data Protection Authority (Datatilsynet) has ordered a company to cease recording phone calls for training purposes until it...more
How has GDPR enforcement played out in the past year?
The Dutch Data Protection Authority (Autoriteitpersoonsgegevens, or AP) recently published a report on its 2018 activities....more
GDPR Data minimization in action. Danish Data Protection Authority (Datatilsynet) finds cab company Taxa 4×35’s records retention practices in violation of the GDPR data minimization principle.
The cab company removed names...more
Cookies and trackers sat on a wall, cookies and trackers had a great fall…
Dutch data protection authority, Autoreitpersoonsgegevens (AP), holds that the practice of a cookie banner that does not allow you to enter a...more
Now serving complaint #6241…
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has published guidelines on how it will prioritize the handling of complaints filed with it under the EU General Data...more
Forget me yes.
The Danish data protection authority has published a practical guide on data minimization and the right of erasure under GDPR:
If you use “soft delete,” a link is deleted but not the personal information...more
Forget me yes, part two.
Austrian Data Protection Authority holds that a data controller can meet its obligations to satisfy a data subject’s erasure request under GDPR by anonymizing personal data....more
GDPR is here and is instrumental in bolstering individuals’ rights to their data.
The European Commission has issued a statement in honor of Data Protection Day which will be celebrated worldwide on January 28....more
Keep your passwords close…and complex, and encrypted and unique, and ever-changing.
In the wake of recent data breaches involving passwords, the French data protection authority, the CNIL, has published guidelines for...more