The supervisory authority RLP imposes a fine of EUR 105,000 after a GDPR violation
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate (LfDI) has imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate. At the same time, the LfDI welcomes the resilient efforts made by the hospital to sustainably promote further developments and improvements in data protection management.
The European Court of Justice (ECJ) pronounced its judgment on July 29, 2019 in the case C-40/17 (Fashion ID). After the decision of the ECJ on the joint responsibility of the service provider Facebook and the fan page operator, the ECJ developed its case law on joint responsibility in the “Fashion ID” case; this time with far-reaching consequences for almost every website operator. The ECJ ruled that the concept of responsibility should be interpreted broadly and that both the integrator and the third-party provider could be responsible for the integration of third-party content. There is then a joint responsibility according to Art. 26 GDPR, which is limited to the extent that the person responsible actually decides on the purposes and means of data processing.
The GDPR meets practice. At the data protection day in Cologne on September 24th, 2019, experts discussed concrete implementation experiences with the new regulations. A surprising amount is still open. The point of contention is, in particular, the obligation to report data breaches.
The second European Payment Services Directive (PSD2), which applies within the EU and contains both regulatory and civil law elements, has been in full effect since September 14, 2019. What does this mean? What exactly is to be observed? What effects does PSD2 have on data protection for payment data? You can find out in the article.