โ ๏ธ Access request not handled in time!
Data Subject Rights, Regulated Sectors | 18/07/2025

















๐จ๐ฎ๐น Hard Drive Failure + Ignored Access Request = €2,000 Fine for Tirrenia Hospital Srl ๐๐พ

Regulator: GPDP (Italian DPA)Decision: 1...
Read more
๐ HR & Facebook
Legal basis | 18/07/2025
HR teams: stop mining employees’ Facebook posts. ๐ Autostrade per l’Italia fined €420,000 for… “screening” an employee’s Facebook ๐ฎ๐น

Regulator: GPDP ...
Read more
๐ TOS update
Data Transfers, Legal basis | 18/07/2025
๐๐ฆ WeTransfer: when a simple TOS update raises an GDPR tsunami

On 15 July, WeTransfer discreetly slipped the following statement into its new TOS: ‘W...
Read more
Poland: erroneous risk analysis
Cybersecurity, Regulated Sectors | 18/07/2025
๐ Cybersecurity ≠ Protection of rights & freedoms: the error that costs Białystok paediatric hospital fined PLN 66,500 / ~€15,000 ๐ต๐ฑ

UODO sanction :...
Read more
๐ข Spain, excessive data collection!
Data Subject Rights, Retention & Minimisation, Legal basis | 08/07/2025
๐ข Do you work in the hotel industry ๐ช๐ธ? Is your privacy policy really up to date?

๐๏ธ If you go to a hotel in Spain ๐ช๐ธ Expect to fill in a form with 4...
Read more
๐ธ๐ช Sweden: breathalyser tests
Retention & Minimisation, Legal basis | 30/06/2025
๐ณ๏ธ๐ซง When daily breath tests sink GDPR compliance: the WÅAB case (Sweden)

Regulator: IMY (Swedish DPA)Source: IMY-2024-1520, 18 June 2025

๐ The facts...
Read more
๐ฆ Penalty: vulnerabilities identified by unpatched pentests
Cybersecurity | 26/06/2025
๐จ Spain, a French supermarket chain sanctioned: For failing to correct all the flaws identified by the pentests.

Regulator : AEPD Source : ps-00128-2...
Read more
โ Delay in processing requests for access rights
Data Subject Rights | 26/06/2025
๐ When emails sent to the DPO are identified as SPAM!

Regulator: CNPD, Luxembourg Source: Deliberation no. 1FR/2025 of 6 January 2025

๐ฆ Response tim...
Read more
๐ซ๐ท Penalty amounts
Tools & Documentation | 26/06/2025
โ๏ธ 1. CNIL Penalties๐ No obligation to reveal how fines are calculated“The CNIL must state the legal and factual grounds for a sanction, but it is not...
Read more
๐ฎ๐น OPT-OUT / Penalty
Data Subject Rights | 26/06/2025
๐ฎ๐น Italy - ๐ Estate agency penalised for unwanted calls ๐ A reminder: a single complaint can trigger an inspection!

Regulator: Il Garante (GPDP) Sour...
Read more
Video surveillance: Use without authorization
Biometrics & Video Surveillance, Confidentiality & Security | 05/05/2025
Source : PS 0345-2024

๐ฏ Context: A supermarket customer complains about a refund error. An employee shows her the CCTV footage captured on her mobil...
Read more
๐ฃ A lack of confidentiality
Confidentiality & Security | 28/04/2025
๐ Confidentiality broken in an internal investigation protocol = €120,000 fine.

Source: PS 0505-2024 The Spanish regulator, AEPD has fined a company...
Read more