Loading

Tag: personal data

Tag: personal data

A Polish catering company was fined €54,600 for a data breach after an employee lost a flash drive with sensitive data.

A Polish catering company was fined €54,600 for failing to protect personal data after an employee lost a flash drive containing sensitive information, revealing vulnerabilities in the company’s data security. The Polish Data Protection Authority (UODO) recently fined Res-Gastro M. Gaweł Sp. k., a catering company in Kolbuszowa, Poland, €54,600 for failing to implement adequate

Using AI in recruitment: Recommendations for business owners

The ICO has published recommendations for business owners on using AI in recruitment processes lawfully and ethically.   Artificial intelligence (AI) is transforming recruitment by saving time and improving efficiency for businesses of various sizes and across industries. Businesses are using AI tools to source potential candidates, summarize CVs, as well as score applicants. However,

ePrivacy Directive Article 5(3): Device Tracking and User Consent

Understanding Article 5(3) of the ePrivacy Directive and its Implications on Device Tracking and User Consent   The ePrivacy Directive, specifically Article 5(3), restricts the storage and access of information on users’ devices without their consent, except under specific conditions. This legislation plays a crucial role in protecting users from unauthorized storage and access to

Legitimate interest as a legal basis: Guidance from the EDPB

Controllers must ensure necessary, proportionate, processing which respects the rights of data subjects, ensuring GDPR compliance.   When processing personal data under the General Data Protection Regulation (GDPR), controllers must ensure that their actions are lawful. Specifically, if relying on Article 6(1)(f) of the GDPR, the processing must be based on a legitimate interest. This

Communication after a data breach: Lessons from the Dutch DPA

The Dutch DPA has emphasised the importance of communication after a data breach, after a 2023 study revealed that many organisations failed to inform victims in a timely manner.   In an age where personal data is often at risk due to cyberattacks and other breaches, individuals affected by data breaches can often feel left

Hong Kong’s AI model framework: the Personal Data (Privacy) Ordinance

The Hong Kong PCPD’s AI Model Framework provides guidelines for organisations using AI systems that process personal data, emphasising compliance with the PDPO.   On June 11, 2024, the Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD) unveiled its Artificial Intelligence Model Personal Data Protection Framework (Model Framework). This framework serves as

Right to be forgotten: how unfit data deletion protocol resulted in a fine from Dutch DPA

A company was fined by the Dutch Data Protection Agency for failure to delete data after receiving such requests, thereby violating individuals’ right to be forgotten under the GDPR.   The Dutch Data Protection Authority (DPA) has imposed a fine of 6,000 euros on a recruitment company. The company was fined for failing to delete

Web Scraping is almost always unlawful under the GDPR

Under the GDPR, web scraping is almost always unlawful, except for in very few exceptional cases.    The automatic collection and storage of information from the Internet is referred to as web scraping. Through this process, a computer program automatically extracts data from the internet, for example by scanning social media platforms. Scraping involves the

CPPA Enforcement Division issues its first advisory

An Enforcement Advisory has been issued by the CPPA Enforcement Division to help businesses ensure compliance with the CCPA.   On April 2, 2024, the Enforcement Division of the California Privacy Protection Agency (CPPA) released its inaugural Enforcement Advisory, marking a significant step in its efforts to ensure compliance with the California Consumer Privacy Act

Possible fines under US data protection laws

With various state-level data protection laws coming into force across the US, what possible fines could a business face for violating any of those laws?    In the United States, while there isn’t a comprehensive federal data protection law, more and more state laws governing the protection of personal data are coming into force, imposing