NDL: Booking.com fined €475,000 for a late data breach notification

NDL: Booking.com fined €475,000 for a late data breach notification

Arnaud19/04/20213 min read

The Dutch Data Protection Authority (DPA) has imposed a €475,000 fine on Booking.com because the company reported a data breach to the DPA 22 days later instead of  making the notification within the required 72 hours. When the breach occurred,…


NDL: Booking.com fined €475,000 for a late data breach notification

NDL: Booking.com fined €475,000 for a late data breach notification

19/04/20211923 min read

The Dutch Data Protection Authority (DPA) has imposed a €475,000 fine on Booking.com because the company reported a data breach to the DPA 22 days later instead of  making the…

Spain (AEPD): 6M€ fine on Caixabank for unlawful data processing and insufficient information

Spain (AEPD): 6M€ fine on Caixabank for unlawful data processing and insufficient information

19/04/20211762 min read

The Spanish Data Protection Authority (AEPD) imposed a total fine of 6.000.000 EUR on CAIXABANK, S.A., for : unlawful processing of its clients’ personal data (4.000.000 EUR); and not providing…

Schrems II – Data transfers : The Bavarian DPA Responds to Recurring Criticism by Preventing a Company from Using Mailchimps

Schrems II – Data transfers : The Bavarian DPA Responds to Recurring Criticism by Preventing a Company from Using Mailchimps

15/04/20212104 min read

Following the publication of its response to a data subject  in a German newspapers the “Standard”, the Bavarian Data Protection Authority (DPA) took this opportunity to respond to recurring criticism…

Schrems 2: The French Conseil d’Etat Dismisses a Request for Suspension of Data Transfers to the US

Schrems 2: The French Conseil d’Etat Dismisses a Request for Suspension of Data Transfers to the US

22/03/20214226 min read

By order of 12 March 2021, the Conseil d’Etat (the French supreme administrative court) dismissed the request of various associations, including the Syndicat de la Médecine Générale (SMG) and the…

CNIL 2021 Control Programme: Cybersecurity, Health Data and Cookies are the Three Priority Themes

CNIL 2021 Control Programme: Cybersecurity, Health Data and Cookies are the Three Priority Themes

10/03/20212822 min read

On 2 March 2021, the CNIL announced its control programme for the year 2021. In addition to the inspections that the CNIL carries out following complaints or in connection with…