The Dutch Data Protection Authority has issued guidelines on the role of the DPO. Read the guidelines here →
The French Data Protection Authority has published a post on a step-by-step method to safely carry-out data transfers outside the European Union.You can find the post here →(in French)
The Danish Data Protection Authority issued guidelines on how to prevent and respond to ransomware attacks.Access the guidelines here →
2) Notable Case Law
The Data Protection Authority of Luxembourg issued an €18,000 fine against a company, notably for insufficiently involving their Data Protection Officer (DPO) in operational issues and not giving them the necessary resources. The Authority identified eleven points to verify during an investigation on the role of the DPO within an organisation. Read the decision here →
The Spanish Data Protection Authority issued a €3,000 fine against a website owner for the implementation of their cookie banner and cookie policy. The Authority’s decision notably ordered the company to allow the data subject to reject non-necessary cookies and for their choice to be respected. Read the decision and order to comply here →
A company was fined €2,856,169.00 by the Italian Data Protection Authority for sending telemarketing emails without the data subject’s consent. The company had not sufficiently demonstrated a balance between the rights of the data subject and the website owner’s interests. Read the decision here →
The Spanish Data Protection Authority has issued a €1.200 fine against a radio station, notably for setting non-necessary cookies on their website before obtaining the user’s consent.