Other News

 

NDL: Booking.com fined €475,000 for a late data breach notification

NDL: Booking.com fined €475,000 for a late data breach notification

The Dutch Data Protection Authority (DPA) has imposed a €475,000 fine on Booking.com because the company reported a data breach to the DPA 22 days later instead of whithin the required 72 hours. When the breach occurred, criminals accessed the personal data of over 4,000 customers including the ...
Spain (AEPD): 6M€ fine on Caixabank for unlawful data processing and insufficient information

Spain (AEPD): 6M€ fine on Caixabank for unlawful data processing and insufficient information

The Spanish Data Protection Authority (AEPD) imposed a total fine of 6.000.000 EUR on CAIXABANK, S.A., for : unlawful processing of its clients’ personal data (4.000.000 EUR); and not providing sufficient information regarding the processing of personal data (2.000.000 EUR).  ...
Schrems II – Data transfers : The Bavarian DPA Responds to Recurring Criticism by Preventing a Company from Using Mailchimps

Schrems II – Data transfers : The Bavarian DPA Responds to Recurring Criticism by Preventing a Company from Using Mailchimps

Following the publication of its response to a data subject  in a German newspapers the “Standard“, the Bavarian Data Protection Authority (DPA) took this opportunity to respond to recurring criticism and draw the attention of people on its actual enforcement ...
Schrems 2: The French Conseil d’Etat Dismisses a Request for Suspension of Data Transfers to the US

Schrems 2: The French Conseil d’Etat Dismisses a Request for Suspension of Data Transfers to the US

By order of 12 March 2021, the Conseil d\'Etat (the French supreme administrative court) dismissed the request of various associations, including the Syndicat de la Médecine Générale (SMG) and the Ligue des Droits de l\'Homme (Human Rights League), asking the interim relief judge of the Conseil d\ ...
CNIL 2021 Control Programme: Cybersecurity, Health Data and Cookies are the Three Priority Themes

CNIL 2021 Control Programme: Cybersecurity, Health Data and Cookies are the Three Priority Themes

On 2 March 2021, the CNIL announced its control programme for the year 2021. In addition to the inspections that the CNIL carries out following complaints or in connection with the news, the CNIL will focus its inspection activities on ...
The EDPB Releases Draft Practical Guidelines on Personal Data Breach Notification

The EDPB Releases Draft Practical Guidelines on Personal Data Breach Notification

The European Data Protection Board (\"EDPB\") has recently released new draft guidelines on personal data breach notification.   These new guidelines complement the previous and more general guidelines on the same subject that were issued by the EDPB, then the article 29 Working Party, in October ...