GDPR decisions – May 2021
Court of law approves the opportunity for compensation in the event of a non-pecuniary loss following a data breach At the end of 2018, four PCs were stolen from the town hall of Gladsaxe. A spreadsheet was stored on the local drive of one of the PCs containing personal data on 20,620 citizens for inter-municipal …
GDPR decisions – April 2021
Application of old TLS version drew criticism from the Danish DPA When looking into a case initiated by the DPA itself, the DPA established that the self-service solution available with the Police for applying for a firearms certificate (www.digimeld.politi.dk/vaaben/HTML/index.aspx?type=p70401) – during which your personal ID number must be entered – warns you about the page …
GDPR decisions – March 2021
Decision delivered in France may greatly impact the option of legally using European subsidiaries with parent companies in the USA for hosting of data.
GDPR decisions – February 2021
Phone conversations recorded by on-call GPs A Danish citizen had filed a complaint about her phone conversation with an on-call GP in the Region of Southern Denmark being recorded and the fact that the on-call GP subsequently denied to erase the recordings. The Danish Data Protection Agency found that it was alright for the on-call …
The Danish Supreme Court finds in favour of Danish municipality
The Western Division of the Danish High Court had previously acquitted a Danish municipality in a case where the municipality’s mechanical ditch cleaners had caused damage to a telecommunications cable situated in a roadside ditch.
Employer acquitted of liability – workplace, person to be charged, instructions and supervision was at issue
On 5 July 2019, one of the Danish district courts (the District Court of Herning) found that a master painter was liable for compensation in connection with an injury accident caused when an apprentice fell off a balcony and suffered severe head injuries.
GDPR decisions – January 2021
Norwegian company fined EUR 95,000 for insufficient basis for processing Innovation Norway carried out four credit ratings of a one-man business, which the owner of the business complained about to the Norwegian data protection authority. The credit ratings were made over a 3-month period. Innovation Norway was not able to identify any customer relation or …
Looking back at GDPR matters in 2020
2020 is drawing close to an end, and also in terms of the GDPR, it is a fact that COVID-19 has taken up massive attention. New questions arose, to which answers were needed, e.g.: Is it allowed for an employer to register data about COVID-19? Is it allowed to transfer data about COVID-19? Where can …
GDPR decisions – December 2020
Danish municipality reported to the Police and is facing EUR 6,700 fine The Danish Data Protection Agency (the DPA) has reported the municipality of Guldborgsund to the Police and recommended a fine of EUR 6,700 (DKK 50,000) since the municipality failed to act with necessary alertness in connection with a security breach.
GDPR decisions – November 2020
The Irish DPA fines Tusla Child and Family Agency EUR 75,000 In May 2020, the Tusla Child and Family Agency (Tusla) was imposed with an administrative fine of EUR 75,000, which has now been heard and confirmed by an Irish court of law.