Loading

Tag: personal data

Tag: personal data
Page 3

UK-US Data Bridge heralds a new era of transatlantic data flow

Alongside the EU- and Swiss-US Data Privacy Frameworks, the implementation of the UK-US Data Bridge heralds a new era of transatlantic data flow, emphasizing the importance of data protection.   On 12th October 2023, a significant milestone was achieved as the UK-US Data Bridge officially became law, marking a new era of transatlantic data flow.

The Connecticut Data Privacy Act

The Connecticut Data Privacy Act regulates and protects the personal data of Connecticut residents and requires businesses to implement comprehensive data protection measures.    The Connecticut Data Privacy Act (CDPA) is a robust legal framework designed to protect citizens’ privacy rights and regulate how companies and organizations handle personal data. The CDPA, like other state

Unlawfully obtaining personal data results in the prosecution of former Health Advisor

A former Health Advisor pleaded guilty to, and was prosecuted for unlawfully obtaining personal data, and was ordered to compensate his victims.    A former Health Advisor has been prosecuted for obtaining the personal data of service users, particularly patients of South Warwickshire NHS Foundation Trust. He was found guilty of accessing the medical records

Danish bank fined for failure to delete the data it no longer needed

The Danish SA has proposed a fine, and had Danske bank reported to police officials, after the bank reportedly neglected to have data deleted.    The Danish Supervisory Authority has filed a police report against Danske Bank and proposed a fine on the bank, of €1.3 million, according to this report from the EDPB. This

Violation of data minimisation leads to administrative fine

The Finnish DPA has fined the Finnish Motor Insurers’ Centre, after this controller was found to be in violation of data minimisation.  The Finnish DPA has fined the Finnish Motor Insurers’ Centre over their inability to adhere to the principle of data minimisation. The company was fined late last year, for collecting an unnecessary amount

How subcontractors can reuse data: CNIL outlines specific conditions

How subcontractors can reuse data: this is possible only under specific conditions, which CNIL has outlined with specific context.   Under the GDPR, there are several conditions which need to be met in order for subcontractors to reuse data provided to them by the data controller. French regulator; CNIL has outlined the context under which

Employee right of access: how does it work?

The CNIL of France has released an article explaining the employee right of access under the EU GDPR.   Article 15 of the GDPR gives individuals the right to request a copy of any of their personal data from a data controller. This also applies when the data controller is the individual’s employer. CNIL has

Bank Millennium fined €80,000 by Polish DPA for failure to report a breach

Bank millennium fined €80,000 by Polish DPA for failure to report, and sufficiently inform data subjects of a breach.   Recently, a fine was imposed on Bank Millennium by the Polish DPA for a data breach which the bank failed to report, and about which they failed to sufficiently inform the affected customers. The supervisory

Encryption Keys and privacy: AEPD discusses how keys may be considered personal data

Encryption keys and privacy explored by the AEPD, and why some encryption keys may be considered personal data.       Encryption keys and privacy go hand in hand, and  have proven to be extremely useful in the online world. However some can be considered personal data under the GDPR, and must be treated as

GDPR Summary

GDPR Summary: here is how new EU rules will affect data The General Data Protection Regulation (GDPR) is a new set of European legislation designed to reform and harmonise the rules on individuals’ personal data. Ratified by the European Parliament on April 2016, it will enter into force on 2018.