GDPR News

The French data protection authority, Commission Nationale Informatique & Libertés (CNIL), has determined the French laboratory software provider, Dedalus Biologie, violated articles 28(3), 29, and 32 of the General Data Protection Regulation (GDPR) and has […]

Data Protection Authorities in Ireland and Denmark have proposed sizeable financial penalties for Bank of Ireland and Danske Bank to resolve alleged violations of the General Data Protection Regulation (GDPR). Danish Data Protection Agency Proposes […]

A new Trans-Atlantic Data Privacy Framework has been agreed in principle between the European Commission of the European Union and the United States that will replace the EU-US Privacy Shield, which in 2020 was deemed […]

The Irish Data Protection Commission (DPC) has imposed a €17 million ($18.6 million) financial penalty on Meta to resolve violations of the General Data Protection Regulation (GDPR) related to a string of Facebook data breaches […]

The Austrian and French Data Protection Authorities (Datenschutzbehörde and Commission nationale de l’informatique et des Libertés) have both ruled this year that the use of Google Analytics is not compliant with the General Data Protection […]

The Belgian data protection authority (APD) has issued its final decision on a complaint against the digital advertising trade association, Interactive Advertising Bureau (IAB) Europe. The APD has found the pop-up legal form system used […]

The latest DLA Piper GDPR and data breach report shows data protection authorities in the European Union imposed more than €1.1 billion ($1.2 billion) in financial penalties on organizations to resolve alleged violations to the […]

The Dutch Data Protection Authority has imposed a €2.75 million (USD 3.1 million) financial penalty on the Dutch Tax Administration for the unlawful processing of the personal data of Dutch citizens with dual nationality, which […]

An investigation conducted by the Dutch Data Protection Authority (DDPA) – Autoriteit Persoonsgegevens – into the data processing activities of the Dutch Tax and Customs Administration has uncovered violations of the core principles of the […]

The Irish Data Protection Commission (DPC) has recently published a draft decision on its investigation of a complaint about Facebook’s data processing practices and found “a significant level of non-compliance” with Articles 5(1)(a), 12(1), and […]

The Irish Data Protection Commission (DPC) has imposed a record €225 million ($267m) financial penalty on WhatsApp for ‘severe’ violations of the EU General Data Protection Regulation (GDPR). WhatsApp, which is owned by Facebook, is […]

The largest ever financial penalty for GDPR violations has been handed to Amazon by the Luxembourg Data Protection Authority – Commission Nationale pour la Protection des Données (CNPD). The fine eclipses the previous highest GDPR […]

It has been more than 3 years since the EU General Data Protection Regulation (GDPR) took effect, and while there was a slow start to policing compliance with the GDPR, the number of violations being […]

Booking.com has been penalised and fined to the tune of  €475,000 ($560,000) after being found guilty of failing to report a data breach within the time period set down by the European Union’s General Data […]

The new General Data Protection Regulation (GDPR) which comes into force in May 2018 does not outlaw the use of a simple username and static password system for accessing personal data, but GDPR does state […]

Law firm DLA Piper has published a report that shows European Union-based businesses paid fines totalling €272.5m ($329m) for an extensive list of breaches of the General Data Protection Regulation (GDPR) since it was first […]

In Norway the data protection body, Datatilsynet, has sanctioned a fine of over $11.7 million for Gay dating app Grindr as it failed to get proper consent from users before sharing their personal information with […]

Following a preliminary judgement released by the Data Protection Commission (DPC) in Ireland, which has been shared with other European Union-based data protection regulation bodies for further review, WhatsApp may be sanctioned with a penalty […]

In Germany the data regulation authority in the Lower Saxony region has sanctioned a financial penalty of €10.4m against a a local laptop retailer due to the breach of the European Union’s general Data Protection […]

The European Court of Justice is considering issuing a ruling that will allow a complaint in relation to the General Data Protection Regulation (GDPR) to be heard by the the data protection authority in any […]

A recent report published by Finbold, the online financial news and analysis portal, relating to fines sanctioned during 2020 for breaches of the European Union’s General Data Protection Regulation, has indicated that €171.3m in financial […]

Due to the end of the Brexit transition period on January 1 2021, the United Kingdom was dues to be designated as a ‘third country’ in relation to the the European Union’s General Data Protection […]

Ireland’s Data Protection Commission (DPC) has revealed that Twitter, which has its European Union headquarters based in Dublin, has been hit with a fine €450,000 for breaching the General Data Protection Regulation (GDPR). This is […]

In a busy day for the French Data Protection Authority CNIL, it was announced on Thursday that e-commerce giant Amazon had been fined €35m for a breach of the European Union’s General Data Protection Regulation […]

In France, the data protection regulatory authority CNIL has sanctioned Google with its largest General Data Protection Regulation financial penalty to date, €100m, in relation to a breach of the GDPR legislation which governs the […]

It has been revealed in the United Kingdom recently that a special task force, the Digital Markets Unit (DMU), will be established in order to ensure that large Internet-based companies can be properly policed, including […]

In France the data protection regulator, Commission nationale de l’informatique et des libertés (CNIL), has penalised French retail giant Carrefour more than €3m ($3.7m) in relation to a number of breaches of the European Union’s […]

Vodafone’s Italian operations has been sanctioned with a GDPR penalty of over than €12.25 million (US$14.5m) as a result of what was deemed ‘aggressive’ telemarketing practices. The fine comes following ‘hundreds’ of official complaints into […]

In the United Kingdom the Information Commissioner’s Office (ICO) has applied a fine of £1.25million against  Ticketmaster UK Limited as a result of the company being found to be neglecting their duty to maintain its […]

Following the decision of a majority of EU data supervisors to support a proposed settlement from the Irish Data Protection Commission (DPC),  the enforcement of a General Data Protection Regulation penalty is imminent fir Twitter […]

In the United Kingdom the Information Commissioner’s Office (ICO) has hit hotel group Marriott International with an £18.4 million General Data Protection Regulation (GDPR) penalty for in its legal obligation to safeguard the private data […]

A report released by BuyShares has revealed that the United Kingdom tops for the imposition of data breach penalties with €132.7 million in the total value of General Data Protection Regulation fines since the legislation […]

In the United Kingdom a €22m (£20m) fine has been sanctioned against British Airways in relation to a breach of the European Union’s General Data Protection Regulation (GDPR) that impacted the personal and financial details […]

In the United Kingdom the Government’s Department for Eduction (DfE) has been found guilty of breaching the European Union’s General Data Protection Regulation in relation to the manner that it processes pupil data. This comes […]

In Germany the data protection authority located in Hamburg has announced that H&M, the second biggest retailer in the world, is being fined €35.2 (US $41.3m) for breaching the European Union’s General Data Protection Regulation […]

A new phishing attack has been identified where cybercriminals are sharing a fake GDPR compliance reminder in a bid to try and fool those receiving the email into sharing their email log in details. The […]

A report released by Gartner, Inc. has estimated that 65% of the world’s population will have its personal data policed by some form of data privacy legislation by 2023. Gartner analysts presented The report was […]

A preliminary order has been issued by Ireland’s Data Protection Commission (DPC) directing Facebook to cease transferring personal data transfer from Ireland to the United States. This order comes following the European Union Court ruling […]

Earlier this month the European Data Protection Board (EDPB) released draft GDPR social media targeting guideline that seek to give a greater understanding in relation to the roles and duties of those involved in managing […]

Since the start of the year European Union based-companies have been sanctioned with €68 million (£61.5m) for breaching the General Data Protection Regulation (GDPR). More that two-thirds of that has been paid over by Italian-companies, […]

In the United States a legal action has been filed by a consumer privacy campaign group against Salesforce and Oracle, alleging that both entities have breached the European Union’s General Data Protection Regulation with the […]

France’s CNIL announced that it has initiated an investigation into data management practices of the social media platform TikTok. A spokeswoman for France’s CNIL revealed that it begun examining how the social media app manages user […]

It has been revealed that the Italian Data Protection Authority ‘Garante’ is sanctioning a €16,729,600 fine on telecoms provider Wind Tre in relation to a number of data processing activities, mostly related to direct marketing, […]

The Dutch Credit Registration Bureau (BKR) has been hit with a €830,000 ($937,000) fine in the Netherlands in relation a General Data Protection Regulation breach impacting data subjects rights in the Netherlands. The fine is […]

A cybercriminal has been busy targeting unsecured MongoDB databases and threatening to report their vulnerability to data protection authorities, a move that could possibly result in a General Data Protection Regulation penalty being sanctioned. 23,000 […]

On Monday TikTok revealed that it has decided to base its operations for data privacy within the  European Union to Ireland. This comes following the establishment of  the social networking platform’s Trust and Safety Hub […]

A European Union, report which is due to be made public today, on the General Data Protection Regulation will reveal how small and medium-sized businesses are having great difficulty in investing the funds required to […]

Last Friday it was revealed that Google had been unsuccessful in the appeal of the €50m General Data Protection Regulation fine which was sanctioned against by the French data protection authority, the CNIL (Commission nationale […]

In the United Kingdom a legal action has been filed under Article 82 of the General Data Protection Regulation (GDPR) in the High Court on behalf of nine million easyJet customers whose private data was […]

In Hungary the government has taken the decision to suspending the rights of data subjects under the European Union’s General Data Protection Regulation (GDPR). This suspension will remain in place until such time as the […]

In Ireland the child and family protection agency, Tusla, has been fined €75,000 arising out of an investigation into three cases where information about children was wrongly disclosed to unauthorised parties. This makes Tusla has […]

In the Netherlands, the Dutch Data Protection Authority has sanctioned a €725,000 (US$791,000) General Data Protection Regulation (GDPR) fine against a company for scanning its employees’ biometrics with a fingerprint time and attendance system. The […]

The private personal information of over 600,000 Email.it account holders has been illegally obtained and made available for purchase via the dark web. The breach was revealed on Sunday, April 5, following a tweets broadcast […]

In Sweden, the Data Protection Authority (DPA) has taken the decision to sanction a 75 million kronor (US$8 million) General Data Protection Regulation Penalty in relation to a “failure to comply”. This step was taken […]

In the United Kingdom the Information Commissioner’s Office (ICO) has been contacted by Virgin Media to advise them that the personal data belonging to over 900,000 customers has been illegally obtained by an unauthorised third […]

The Information Commissioner’s Officer (ICO)  in the United Kingdom has sanctioned a £500,000 data breach penalty against airline Cathay Pacific in relation to security lapses which exposed of 111,578 UK citizens and up to 9.4 […]

In the United Kingdom, a report issued by the Independent Chief Inspectorate of Borders and Immigration (ICIBI) has revealed that the  Home Office (UK) has broken the European Union’s General Data Protection Regulation  100 times […]

Sports retailer Decathlon, which has outlets in 49 countries globally, has reported a data breach that impacted 123 million records which incorporated unencrypted passwords. The breach was first noticed by VPNmentor on 12 February, and […]

In Ireland, following the publication of the Data Protection  2019 Annual Report, the Irish Data Protection Commissioner has indicated that a litany of large General Data Protection Regulation (GDPR) fine may be on the way […]

In Ireland the Data Protection Commission has become the latest data protection authority in the European Union to instigate an enquiry into the data processing that is being carried out by online dating service Tinder […]

In the United Kingdom the data protection authority, the Information Commissioner’s Office (ICO), has issued a warning to businesses that they must adhere to existing data protection legislation as the country moves away from the […]

Since it was introduced on May 25 2018, €114m in fines and more than 160,000 General Data Protection Regulation (GDPR) data breach notifications have been registered by data protection authorities in the European Union, with […]

A General Data Protection Regulation complaint has been submitted in Norway against LGBTQ+ social networking app Grindr and a number of online advertising companies. The complaints in question were submitted by the Norwegian Consumer Council […]

A cyber breach that impacted approximately 14 million customers of Dixons Carphone in the UK has resulted in the highest possibly fine being applied to the retailer. It was discovered that the tills in retails […]

The first ever General Data Protection Regulation (GDPR) penalty in the United Kingdom has been sanctioned against a London-based pharmacy by the Information Commissioner’s Office (ICO) ICO has fined Doorstep Dispensaree €325,000 (UK£275,000) by the […]

Capgemini have published a new report which indicates that companies that comply with GDPR avail of certain advantages thanks to improved customer engagement and profits. The report has found that GDPR compliant organizations have outperformed […]

A fine of €9.55m has been sanctioned by the German Federal Commissioner for Data Protection and Freedom of Information (BfDI) against telecommunications provider 1&1  for a General Data Protection Regulation (GDPR) breach. The breach occurred […]

The Berlin DPA has sanctioned a General Date Protection Regulation penalty of €14.5 million against Deutsche Wohnen SE, a major real estate company. The real estate company was investigated, through onsite inspections, between June 2017 […]

German Data Protection bodies, known collectively as the DSK, has revealed that agreement has been reached in relation to the calculation of General Data Protection Regulation (GDPR) penalties. Using five different steps to calculate the […]

Poland’s Personal Data Protection Office (UODO) this week decided to fine an online retailer PLN 2.8 million, or €645,000 for “insufficient organizational and technical safeguards”. It has been reported the online retailer in question, Morele.net, […]

The results of a survey conducted by the Capgemini Research Institute has revealed that firms that companies seem to have greatly overestimated their level or preparation for the General Data Protection Regulation (GDPR) which was […]

Start-up Internet browser Brave has submitted new evidence to the Data Protection Commission (DPC) in Ireland which indicates that Google has been using a workaround to try and bypass General Data Protection Regulation (GDPR) rules […]

The Swedish Data Protection Authority (DPA) has  fined the Skelleftea municipality 200,000 Swedish Krona (£16,800, $20,700) for breaching the European Union General Data Protection law (GDPR) by trialling facial recognition on high-school students in Sweden […]

The customer records of 6.8 million customers of a venture capital-backed sneaker trading web portal StockX Incc have been stolen in a recent cybercriminal hacking attack. All the specific details of the attack have yet […]

Following a potential General Data Protection Regulation (GDPR) breach, digital bank Monzo has made contact with 500,000 of its customers to advise them to change their personal identification number (PIN). Monzo became aware of the […]

In Romania, following the conclusion of a National Supervisory Authority, Unicredit Bank has been sanctioned with a US$146,000 (EUR€135,000) General Data Protection Regulation (GDPR) fine in relation to how it uses personal data. This is […]

The Information Commissioner’s Office (ICO), the data authority in the United Kingdom, has revealed that it plans to sanction a $123,705,870 General Data Protection Regulation fine on the Marriott hotel group in relation to the […]

Recently security company Tripwire surveyed 298 IT security professionals who were attending Infosecurity Europe 2019 conference in order to  discover how much knowledge they have in relation to the disclosure requirements of the European Union’s […]

In the UK the Information Commissioner’s Office has sanction ‘Her Majesty’s Revenue and Customs’ (HMRC) with an enforcement action a voice authentication service was implemented which asked callers to record their voice and use it […]

A survey of over 500 United Kingdom-based business has indicated that unencrypted USB devices are still being used by businesses despite the fact that unsecured data could lead to massive general Data Protection penalties. The […]

A Danish taxi company, Taxa 4×35 (Taxa), has been issued with a General Data Protection Regulation penalty by the Denmark’s Data Protection Authority Datatilsynet (DPA) for breaching GDPR data retention periods. The DPA approved a […]

In a recent online article the Harvard Business Review, commenting on the latest massive data privacy breach to hit a U.S.-owned company, shared some important takeaway for  senior managers and regulators to consider in relation […]

Microsoft CEO Satya Nadella, speaking recently during an on-stage interview at World Economic Forum in Davos Switzerland, lead the calls for the global introduction of legislation that enshrines data privacy as a human right. Nadella […]

Last week the German antitrust authority, Bundeskartellamt, ruled that the manner in which Facebook gathers, merges, attributes to and uses data in user accounts is an abuse of its dominant market position. This follows a three-year investigation […]

A recent report, published by the UK-based multinational legal firm DLA Piper, has revealed that since the European Union’s General Data Protection Regulation became enforceable on May 25, 2018, almost 60,000 data breach notifications have […]

CNIL, the French data protection regulator, has sanctioned Google with a €50m fine for breaching its obligations laid down by the European Union’s General Data Protection Regulation (GDPR). The agency released a statement which said that […]

Despite the initial findings of an investigation into a General Data Protection Regulation (GDPR) breach at the Marriott Hotels group indicating that the number of people impacted is lower than expected, the group is facing […]

Guidance on what should happen with transfers of personal data to and from the United Kingdom, including Northern Ireland, following a possible ‘no deal’ Brexit has been published by the Irish Data Protection Commission (DPC). […]

Senior Policy Manager and EU Principal for Mozilla, a company know for its stance on privacy and open internet,  Raegan MacDonald has said that she feels that 2019 will see increased resources poured into the enforcement of the […]