News

โš ๏ธ Access request not handled in time!

Data Subject Rights, Regulated Sectors | 18/07/2025

๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡น Hard Drive Failure + Ignored Access Request = €2,000 Fine for Tirrenia Hospital Srl ๐Ÿš‘๐Ÿ’พ Regulator: GPDP (Italian DPA)Decision: 1...

Read more

๐Ÿ”’ HR & Facebook

Legal basis | 18/07/2025

HR teams: stop mining employees’ Facebook posts. ๐Ÿ”Ž Autostrade per l’Italia fined €420,000 for… “screening” an employee’s Facebook ๐Ÿ‡ฎ๐Ÿ‡น Regulator: GPDP ...

Read more

๐Ÿ“š TOS update

Data Transfers, Legal basis | 18/07/2025

๐Ÿšš๐Ÿ“ฆ WeTransfer: when a simple TOS update raises an GDPR tsunami On 15 July, WeTransfer discreetly slipped the following statement into its new TOS: ‘W...

Read more

Poland: erroneous risk analysis

Cybersecurity, Regulated Sectors | 18/07/2025

๐Ÿ”— Cybersecurity ≠ Protection of rights & freedoms: the error that costs Białystok paediatric hospital fined PLN 66,500 / ~€15,000 ๐Ÿ‡ต๐Ÿ‡ฑ UODO sanction :...

Read more

๐Ÿ“ข Spain, excessive data collection!

Data Subject Rights, Retention & Minimisation, Legal basis | 08/07/2025

๐Ÿ“ข Do you work in the hotel industry ๐Ÿ‡ช๐Ÿ‡ธ? Is your privacy policy really up to date? ๐Ÿ‘๏ธ If you go to a hotel in Spain ๐Ÿ‡ช๐Ÿ‡ธ Expect to fill in a form with 4...

Read more

๐Ÿ‡ธ๐Ÿ‡ช Sweden: breathalyser tests

Retention & Minimisation, Legal basis | 30/06/2025

๐Ÿ›ณ๏ธ๐Ÿซง When daily breath tests sink GDPR compliance: the WÅAB case (Sweden) Regulator: IMY (Swedish DPA)Source: IMY-2024-1520, 18 June 2025 ๐Ÿ” The facts...

Read more

๐Ÿšฆ Penalty: vulnerabilities identified by unpatched pentests

Cybersecurity | 26/06/2025

๐Ÿšจ Spain, a French supermarket chain sanctioned: For failing to correct all the flaws identified by the pentests. Regulator : AEPD Source : ps-00128-2...

Read more

โŒ› Delay in processing requests for access rights

Data Subject Rights | 26/06/2025

๐Ÿ” When emails sent to the DPO are identified as SPAM! Regulator: CNPD, Luxembourg Source: Deliberation no. 1FR/2025 of 6 January 2025 ๐Ÿšฆ Response tim...

Read more

๐Ÿ‡ซ๐Ÿ‡ท Penalty amounts

Tools & Documentation | 26/06/2025

โš–๏ธ 1. CNIL Penalties๐Ÿ“ No obligation to reveal how fines are calculated“The CNIL must state the legal and factual grounds for a sanction, but it is not...

Read more

๐Ÿ‡ฎ๐Ÿ‡น OPT-OUT / Penalty

Data Subject Rights | 26/06/2025

๐Ÿ‡ฎ๐Ÿ‡น Italy - ๐Ÿ  Estate agency penalised for unwanted calls ๐Ÿ”” A reminder: a single complaint can trigger an inspection! Regulator: Il Garante (GPDP) Sour...

Read more

Video surveillance: Use without authorization

Biometrics & Video Surveillance, Confidentiality & Security | 05/05/2025

Source : PS 0345-2024 ๐ŸŽฏ Context: A supermarket customer complains about a refund error. An employee shows her the CCTV footage captured on her mobil...

Read more

๐Ÿ“ฃ A lack of confidentiality

Confidentiality & Security | 28/04/2025

๐Ÿ”Ž Confidentiality broken in an internal investigation protocol = €120,000 fine. Source: PS 0505-2024 The Spanish regulator, AEPD has fined a company...

Read more

Explore all our areas of expertise:

]]>