Two cases concerning Svea Ekonomi, a financial credit company, have been processed at the Office of the Data Protection Ombudsman. As a result, the Data Protection Ombudsman has ordered the company to correct its practices in the processing of personal data related to the assessment of creditworthiness, the right of inspect one’s own personal data and notification practices.
The President of the Personal Data Protection Office (UODO) imposed its first fine for the amount of PLN 943 000 (around €220 000) for the failure to fulfil the information obligation.
On February 26, the EDPB Chair and Vice-Chair addressed the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE) on GDPR implementation.
The Commissioner has today issued his decision to the Lands Authority after concluding the investigation of the data breach, that was brought to his attention by the Times of Malta on 23rd November 2018. The findings of the investigation established that the online application platform available on the Authority’s portal lacked the necessary technical and organisational measures to ensure the security of processing. The Lands Authority was found to have infringed the provisions of Article 32 of the General Data Protection Regulation (GDPR) and, in terms of Article 21 of the Data Protection Act (CAP. 586), was served with an administrative fine of €5,000. The level of the fine was reached after the Commissioner took into account the circumstances set out under Article 83.2 of the GDPR.
The Hellenic DPA, in order to a) explore the level of compliance with the General Data Protection Regulation (GDPR) -six months after its entry into force- and the specific legislation on e-privacy, b) raise the awareness of data controllers and data subjects, and also c) exercise its envisaged powers, has carried out the following “ex officio” investigation, which was initiated in December 2018 and is ongoing.
The Austrian Data Protection Authority has finalised its investigation into the Austrian Post (Österreichische Post AG) and issued a decision stating the Austrian Post has violated several provisions of the GDPR.
Brussels, 13 February – On February 12th, the EEA Data Protection Authorities and the European Data Protection Supervisor, assembled in the European Data Protection Board, met for their seventh plenary session. During the plenary a wide range of topics were discussed.
On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.
On November 16th, the European Data Protection Authorities, assembled in the European Data Protection Board, met for their fourth plenary session. During the plenary a wide range of topics were discussed.
On September 25th and 26th, the European Data Protection Authorities, assembled in the European Data Protection Board, met for their third plenary session. During the plenary a wide range of topics were discussed.
Brussels, 19 July – An important innovation of the General Data Protection Regulation (GDPR) is the new way in which the supervisory authorities of the Member States closely cooperate to ensure a consistent application as well as a consistent protection of individuals throughout the EU.