Denmark
The Danish DPA suggested issuing a fine of approximately β¬67,000 (DKK 500,000) against a law firm for its insufficient security safeguards that rendered their IT systems vulnerable to a hacker attack. Read more or edit on GDPRhub...
Written with the support of derhagen
Finland
The Finnish DPA held that an insurance company violated the fairness, data minimisation and data protection by default principles, among others, by requesting the entire medical record of the data subject from their healthcare provider to determine the insurance company's liability. Read more or edit on GDPRhub...
Written with the support of Vadym Kublik
Germany
The Regional Court of Cologne (LG KΓΆln) held that a search engine is not allowed to show search results if the linked website contains untrue factual claims or expressions of opinion with an untrue factual core about criminal conduct of a data subject. Read more or edit on GDPRhub...
Written with the support of Fabian Dechent
Greece
The Greek DPA fined Clearview AI β¬20,000,000 for unlawful processing of biometric data and ordered it to stop the collection of such data, as well as to delete all existing data. Read more or edit on GDPRhub...
Italy
The Italian DPA held that Google LLC was not obliged to de-list search results linking to particular news articles, as the publication of the relevant information was in the public interest since it concerned ongoing judicial proceedings. Read more or edit on GDPRhub...
Romania
The Romanian DPA fined the processor S.C. Delivery Solutions S.A. (Sameday) β¬3,000 for not implementing necessary technical and organisational measures, which led to the disclosure and/or unauthorised access to personal data of 26,566 natural persons after its database was posted on the website 'Raidforums.' Read more or edit on GDPRhub...
Written with the support of Diana Rosu
The Romanian DPA also fined a controller approximately β¬4,000 for not implementing appropriate technical and organisational measures, and for not replying to the DPA's inquiries during its investigation. Read more or edit on GDPRhub...
Written with the support of Diana Rosu
Spain
The Spanish DPA fined an insurer β¬132,000 for violating Articles 5(1)(f), 32, and 33 GDPR by repeatedly sending medical data to an unauthorised third party and failing to report a data breach each time despite being alerted about it. Read more or edit on GDPRhub...
Written with the support of Carmen Jurado Taboada