In Finland one of the first fines handed out to a water supply management company which used location data in the vehicles used by employees which is considered systematic monitoring. A DPIA should be conducted. Taken from DLA Piper blogFollowed from a complaint made by an individual. Kymen Vesi processed location data of its employees … Continue reading Finnish business fined for tracking employees
2 years on and finally a fine pertaining directly to the role of the DPO.... hurray! What a great celebration for GDPR and each of us who have the privilege to be a Data Protection Officer. Avoidance of a conflict of interest for the DPO is super important in any organisation because the role requires … Continue reading Belgium DPO conflict of interest resulted in a fine
In celebration for GDPR 2 years on, I thought to repost some blogposts from June 2018. However, when looking I realised that they were a few and the theme was strong on how our personal data is public in Sweden and the use of utgivningsbevis to keep this status quo. So, I ended writing an … Continue reading Happy Birthday 2 years on with GDPR!
Covid-19 smart wearable using privacy enhancing technologies popped up in my LinkedIn feed just today.... I was sceptical until I started reading the academic paper for the Whisper Tracing protocol used by the product. This is a product which is not installed on a smart device, it is something you clip to your shirt (or … Continue reading The whispering protocol and covid-19
At least this is the latest position in Italy, which is rather interesting, and provides some lead in controlling this pandemic in the workplace, reducing the risk on rights and freedoms of employees. The relevant paragraph from the article worth reading and I am referring to is quoted below. The Italian data protection authority held … Continue reading Occupational doctor is controller when you test your employees for coronavirus
Ransomware has evolved into blackmail. We are all familiar with the concept of ransomware, whereby critical operational data, which includes personal data is encrypted by hackers, and hence inaccessible to the business. In order to get access, i.e. the decrypted data (the key is owned by the hacker), they need to pay a fee. The … Continue reading Watch out! Ransomeware actors have turned to blackmail
This clarification on the use of consent came out last week, and provides no surprises for those working daily with GDPR compliance. What is noteworthy though is the mention on the use of "cookie walls". What is a cookie wall then? One of the principle factors that one should keep returning to when thinking about … Continue reading Cookie walls are not GDPR compliant