I discover with my little eye… a GDPR breach?
“Recent court rulings suggest that companies still face a Catch-22 when getting involved in U.S. discovery. There have been several cases … in which a party has objected to discovery based on GDPR concerns,” write Dr. Matthias Artzt and Gary D. Weingarden for IAPP – International
Data Processors beware.
France’s CNIL issued an enforcement action against both a data controller (150,000 EUR) and a data processor (75,000 EUR) for inadequate information security measures leading to a credential-stuffing attack.
The attackers were able to take the: last name, first name, email address, DOB, loyalty card balances and orders of approximately 40,000 individuals.
The European Data Protection Board has issued guidance on its Coordinated Enforcement Framework (CEF). The CEF provides a structure for coordinating recurring annual activities by EDPB Supervisory Authorities. The annual coordinated action focuses on a pre-defined topic which participating SAs may pursue using a pre-defined methodology
Denmark’s Data Protection Authority Datatilsynet has published an article emphasizing the importance of providing encrypted means for communicating personal information:
When it comes to entering into new agreements with non-EU providers that involve the processing of EU personal data, if in doubt – don’t, says Norway DPA Datatilsynet.
“One must be prepared for the fact that new agreements involving the illegal transfer of personal data to third countries may be considered more severely than existing
“I worry that we are caught in a DPA (Data Protection Authority) beauty contest of who issues the bigger fine,” said Ireland Data Protection Commissioner Helen Dixon in her keynote for Daniel Solove’s Privacy+Security Academy Fall Forum Keynote.
Due to the importance of data protection law for employee monitoring practices, a careful and considered approach must be taken when potentially highly intrusive methods, such as tracking employee vehicles, are used. Employees must be informed of the existence of tracking and how it operates, as well as being clearly informed of all the purposes
How does GDPR apply to the transfer of personal data from an EU entity to an international organization?
“Entities subject to the GDPR that exchange personal data with international organisations have to comply with the GDPR, including its rules on international transfers (Chapter V of the GDPR),” says the European Data Protection Board in a
The Data Protection Authority of Lower Saxony, Germany, has offered guidance on protecting data collected in the course of autonomous vehicle training.
The Washington Privacy Act is back and now includes provisions for handling personal data during a public health emergency such as a pandemic.
Its provisions are closer to the European Union’s General Data Privacy Regulation (GDPR) than the California Consumer Privacy Act (CCPA) and include: