(Data Protection News & Services)
In its recent decision of June 15, 2021, involving Facebook and the Belgium Data Protection Authority (“DPA”), the European Court of Justice (the “ECJ” or the “Court”) clarified the conditions under which the non-lead supervisory authorities may exercise their powers
On June 4, 2021, the European Commission released two new set of contractual clauses : A set of clauses for personal data transfers from Controller to Processor within the Union as required under article 28 GDPR (C to P clauses)
The Dutch Data Protection Authority (DPA) has imposed a €475,000 fine on Booking.com because the company reported a data breach to the DPA 22 days later instead of whithin the required 72 hours.
When the breach occurred, criminals accessed the personal data of over 4,000 customers including the payment card information of almost 300 people.
The Spanish Data Protection Authority (AEPD) imposed a total fine of 6.000.000 EUR on CAIXABANK, S.A., for : unlawful processing of its clients’ personal data (4.000.000 EUR); and not providing sufficient information regarding the processing of personal data (2.000.000 EUR).
Following the publication of its response to a data subject in a German newspapers the “Standard“, the Bavarian Data Protection Authority (DPA) took this opportunity to respond to recurring criticism and draw the attention of people on its actual enforcement