Fine amounts to 2.8% of company’s turnover.
Company “anonymized” customer information after two years, by deleting customer names from its system – but retained phone numbers for three more years. Argument that phone numbers were integral to the database were dismissed.
- Subcontractor based in India to process sensitive personal data without adequate data processing / data transfer grounds
- Lack of contractual definition of adequate technical and organisational measures in India
- Sensitive personal data (with high severity) sent via unencrypted email
- Sensitive personal data on FTP server without restricted access controls
- Patient found his/her data via Internet search
In 2012, the Bavarian DPA scanned German web sites for the privacy compliant use of Google Analytics.
The DPA checked
- if a written processing agreement had been put in place with Google,
- if the privacy notice on the web site was transparent on the use of Google Analytics and the users’ option to avoid being tracked
- if the Google Analytics’ “anonymization feature” was enabled in the web site’s source code
13.404 Webseiten had been tested 2.371 companies were contacted for shortcomings.
More information (in German) on https://www.lda.bayern.de/de/google_analytics.html
The Norwegian DPA has given Gator AS orders to discontinue all processing of personal information about its customers since they have not provided enough information in the smart bells they provide. In addition, PepCall AS and GPS for children – Smartprodukt AS have been notified of similar decisions.
Use right-click in Chrome to translate: