If you have a policy, make sure it is documented, if you have a procedure, document that too…else..

Well it seems that another government authority in Sweden has been fined 120 000 kr (circa €12k) by the Swedish Data Protection authority. The region (county) of Örebro, and it was the heath authority, and it was sensitive data. What is important in this case, is that although they had procedures, they were not documented, … Continue reading If you have a policy, make sure it is documented, if you have a procedure, document that too…else..

Fine SEK200k on use of facial recognition in Swedish school

Finally some action in Sweden! The ruling is in Swedish, but to summarise the school was using facial recognition on its students. Facial recognition is biometric data, hence sensitive (special categories of data in the GDPR). They used consent as the legal basis but this was considered as unlawful due to the imbalance of relationship … Continue reading Fine SEK200k on use of facial recognition in Swedish school

We can justify our work!

I love this "A UK privacy authority has fined the solicitor behind ACS:Law £1,000 for failing to keep the personal data of at least 6,000 people secure." Although the fine was pretty pathetic, it is still good to see numbers appearing against cost of lost personal and sensitive data as this helps us justify why … Continue reading We can justify our work!