VIDEO: Data protection fine due to breaches of Art. 38 & 39 GDPR – imposed by the data protection supervisory authority Luxembourg
During an audit of a company, deficiencies in the implementation of Art. 38 and Art. 39 GDPR were identified and a fine of 15,000 euros was imposed.
Read more … VIDEO: Data protection fine due to breaches of Art. 38 & 39 GDPR – imposed by the data protection supervisory authority Luxembourg
The Luxembourg data protection authority has imposed a GDPR fine in several cases on companies that fail to meet its standards for the position of data protection officers (DPOs) and is tightening its requirements for DPOs in the process. German authorities could follow these requirements.
Read more … GDPR fine – fine proceedings due to insufficient involvement of the data protection officer
Unlawful declaration of consent – data protection supervisory authority imposes a fine of 2 million euros
The General Data Protection Regulation sets out a whole series of conditions that must be met by an effective declaration of consent in accordance with Art. 6 Para.1 lit.a, 7 DSGVO. However, the fact that these requirements must also be observed in practice is now shown by the fine of 2 million euros imposed by the Austrian data protection supervisory authority.
Read more … Unlawful declaration of consent – data protection supervisory authority imposes a fine of 2 million euros
The Luxembourg National Data Protection Commission (CNPD) imposed a record fine of 746 million euros on Amazon Europe Core S.à r.l. based in Luxembourg. This emerges from the quarterly report of AMAZON.COM, Inc. dated June 30, 2021.
Data protection fine for insufficient involvement – Supervisory authorities monitor the position of the data protection officer
Articles 38 and 39 of the General Data Protection Regulation provide legal guidelines for the cooperation between the controller and the data protection officer. In practice, there are some differences between the appointment of an internal and an external data protection officer. However, the following points in particular are mandatory in all cases:
Read more … Data protection fine for insufficient involvement – Supervisory authorities monitor the position of the data protection officer
The Data Protection Officer (DPO) has been appointed, a corresponding forwarding via the e-mail address published in the data privacy statement, which directs the e-mail exclusively to the mailbox of the appointed DPO, has supposedly been set up. The availability of the data privacy officer for data subjects is thus permanently ensured. Really? Unfortunately, no! And the “no” can have unpleasant consequences for the data controller, i.e., for the company!
Read more … Requirements for the availability of the Data Protection Officer
For many companies, division of labour and cooperation are not only a matter of necessity, efficiency and cost reduction, but also a matter of course. What someone else can do better, he can usually do faster and cheaper, and if you sell to the same customers, there are synergies in the merger. In this respect, many companies think of many things when it comes to partnerships and cooperations with other companies – only data protection is often forgotten when it comes to the disclosure and transfer of data. It is often overlooked that cooperations with other companies require that personal data be disclosed to third parties. However, responsible companies should definitely check this data transfer in terms of data protection law and clearly define and regulate responsibilities in order to avoid fines.
Violations of the GDPR can cost companies dearly. The first thing that usually comes to mind are the high regulatory fines that are widely reported in the press. But not only high fines from the supervisory authorities threaten defaulting companies with incorrect information – compensation for pain and suffering can also be due, as the judgment of the Düsseldorf Labor Court of March 5, 2020 showed (Az. 9 Ca 6557/18). The reasoning for the judgment contained some fundamental statements regarding immaterial damages in connection with the violation of the GDPR.
Read more … GDPR violation: Compensation for incomplete and late information
“More paperwork, more documentation. That is just a hindrance and does not help anyone ”. Most likely react in this way or something similar when it comes to keeping a record of the processing activities that, according to Article 30 GDPR, must be kept in every organization and company as soon as personal data is processed. Article 83 GDPR creates an additional “monetary incentive” to act. Who would like to receive a fine because data protection has not been complied with? The loss of image due to publications is often greater than the resulting financial damage.
Read more … Processing activities – what should be considered?
In the day-to-day work of a data protection officer, you have to do a lot of persuading and repeatedly fight for compliance with the GDPR. Companies often shy away from costs and effort when making necessary adjustments. Business leaders generally question the GDPR, the demands of which are far too exaggerated. In the following we take a closer look at the topic of “data protection risk factors”:
Read more … Data protection risk factors: former employees and dissatisfied customers