Supervisor Authority: Failure to report a Data Breach
The Irish Data Protection Commissioner has imposed a fine of EUR 125,000 because a controller (the City of Dublin) disclosed personal data of approximately 13,000 people without authorisation after a server was attacked with malware. In addition to the master [...]
Control obligations in (chain) data processing: EDPB provides clarity
The European Data Protection Board (EDPB) has published Opinion 22/2024, which provides key clarifications on the data protection control responsibility of the controller in data processing. The statements are particularly important for multi-level contractual relationships and strengthen the role of [...]
RoPA – the centrepiece of data protection, but what needs to be done?
The records of processing activities (RoPA) are an essential component of the General Data Protection Regulation (GDPR). It is the centrepiece of the data protection management system (DSMS). It serves as proof of the legally compliant implementation of the data [...]
GDPR: Fines for incorrect risk assessment
Fines may be imposed for "incorrect" risk assessment in the event of a data breach. In the event of a data breach, in addition to notification to the data protection supervisory authority, it may also be necessary to notify the [...]
Data protection supervisory authority clears up data protection misconceptions
The Thuringian State Commissioner for Data Protection and Freedom of Information (TLfDI) has used Safer Internet Day 2024 to clarify persistent data protection misconceptions. Here are a few misconceptions: Data protection wants to prevent digitalisation No. Digitalisation, but legally compliant [...]
Preparation is everything: How to prepare for a cyberattack
Cyber attacks can affect any company, often occurring when least expected, rangning from data loss and financial setbacks to a permanently damaged reputation. How you can prepare your company? Creation of an incident response plan An Incident Response Plan (IRP) [...]
