GDPR does not prohibit a company from disclosing to one company shareholder, information identifying other shareholders in the same company, says the Higher Regional Court of Munich.
The legal basis under GDPR is that the...more
Asking to read an electronic ID card as a condition for the provision of a service (issuing a rewards/loyalty card) is disproportionate and in violation of GDPR, says the Belgian data protection authority. The company was...more
Do I have to disclose documents with confidential internal correspondence, and comments from my staff as part of a GDPR data subject access request? The Court of The Hague says “Yes, you do.”...more
Who is responsible for putting a GDPR Article 28 Data Processing Agreement in place?
Dutch Data Protection Authority, Autoreitpersoonsgegevens, says: BOTH the data controller and the data processor....more
If you condition participation in a sweepstakes on receiving advertising on a particular topic from the provider of the sweepstakes or from other third parties — this is still valid consent under GDPR, says the Higher...more
Following a decision from the Court of Justice of the EU, the UK Information Commissioner’s Office changed its guidance on how to calculate the GDPR 30-day time limit for data subject requests....more
Privacy notices are required under the European Union’s General Data Protection Regulation even if your data processing is video surveillance/CCTV.
The Romanian Data Protection Authority issued a fine against a company...more
The Belgian Data Protection Authority holds that a Data Protection Officer (DPO) may not himself/herself delete personal information of a data subject.
Doing so constitutes a violation of the General Data Protection...more
The Hellenic DPA has issued an opinion regarding the appropriate legal basis for processing employee data under GDPR:
Consent should be used as the legal basis only where the other legal bases do not apply....more
Tardiness with transposing data protection laws comes with a hefty fine.
The European Commission is asking the Court of Justice of the European Union to impose financial sanctions on Greece and Spain for failing to...more
Web crawling and data protection: CNIL has issued a 180,000 EUR fine against a provider of automobile insurance policies for failure to adequately protect data in violation of GDPR, specifically citing disallowing web...more
The European Commission has published a report looking at the impact of the EU data protection rules, and how implementation can be improved further....more
The United Kingdom’s Information Commissioners Office (ICO) has issued, for public consultation, draft guidelines for data sharing that—once adopted —will govern all controller-to-controller data sharing agreements which are...more
The French privacy regulator CNIL has released guidance on how to comply with the European Union’s General Data Protection Regulation (GDPR) when using cookies and other web tracking technologies that are an integral part of...more
The Dutch Data Protection Authority has levied a fine of 460,000 euros on Haga Hospital for insufficient security following an investigation revealing that dozens of hospital staff had unnecessarily checked the medical...more
The European Data Protection Board has issued guidance on the use of video surveillance.
Key takeaways:
The monitoring purposes of cameras should be documented in writing....more
The UK Information Commissioner’s Office has issued a data sharing code of conduct for public consultation.
Key takeaways:
When considering sharing data, assess your overall compliance with the data protection...more
The European Data Protection Board (EDPB) has issued an opinion on the standard contractual clauses proposed by the Denmark Data Protection Authority that contains important takeaways for drafting and negotiating of all...more
The European Data Protection Board’s addressed some interesting issues during its 12th Plenary Session on July 9 and 10:
Guidelines on how the GDPR applies to the processing of personal data when using video devices....more
Milk, meat, fruits, breads … and data protection.
These are the new food groups for your M&A deal.
Just 24 hours after the notice of intent to fine British Airways 183 Million GBP, the UK ICO issued an intent to fine...more
7/10/2019
/ Acquisitions ,
British Airways ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Due Diligence ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Mergers ,
Popular ,
UK
If you wait for them, the big General Data Protection Regulation (GDPR) fines will come.
UK Data protection authority, ICO, announced its intent to fine British Airways 183 million GBP (1.5 percent of annual revenue) for a...more
7/9/2019
/ British Airways ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
EU ,
Fines ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Popular ,
UK
How do you verify the identity of an individual requesting access to their data or that data be deleted?
The Dutch Data Protection Authority, Autoriteitpersoonsgegevens, offers guidance which can be helpful and instructive...more
6/21/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
General Data Protection Regulation (GDPR) ,
Netherlands ,
Personally Identifiable Information ,
Privacy Laws
If you retain personal data indefinitely, or have not given thought to your retention schedule – now may be the time to take another look.
The Danish Data Protection Authority has fined a furniture store 200,000 EUR for...more
The UK’s ICO has issued a report on data protection in the adtech process of real time bidding (RTB).
RTB relies on the potential advertiser seeing information about you....more
The Swedish Data Protection Authority has initiated an inquiry into how song streaming provider Spotify handles data access requests....more