Proposed guidelines for the imposition of fines

The European Data Protection Board (‘EDPB’), composed of representatives of the EU national data protection authorities has drafted new guidelines with respect to the calculation of fines in case of non-compliance of the General Data Protection Regulation (‘GDPR’). These Guidelines complement the previously adopted Guidelines on the application and setting of administrative fines dating from 2016, which focus on the circumstances in which to impose a fine. This post outlines the main elements of the proposed guidelines and sets out the differences with the current national guidelines.

annual update data privacy

The General Data Protection Regulation celebrated its third anniversary in 2021.  Privacy is a subject that is now on the agenda of most organisations. Moreover, the developments in this area of law are moving fast. The European and national legislators are not sitting still, and the same can be said of the supervisory authorities. Also,

the right to be forgotten of search results

The right to be forgotten was introduced in the Google/Costeja judgement of 13 May 2014. In response, Google created a request form for individuals to request the removal of specific search results that appear when their name is searched on in Google’s search engine. Since then, nearly one million removal requests have already been submitted

transfer of personal data after Brexit (part 2)

Earlier we wrote about the consequences for the transfer of personal data to (organisations in) the UK in the event of a no-deal-Brexit. It is now known that a deal has been concluded between the EU and the UK. Below we will explain what has been agreed on the transfer of personal data since 1

transfer of personal data after Brexit

The United Kingdom (‘UK’) left the European Union (‘EU’) on 31 January 2020. There is a transition period until 31 December 2020. Until then the UK will continue to comply with all EU laws and legislation. What will happen after this period is still not clear yet. Deal or no deal? It is however certain

use of corona rapid tests in an employment context (part 3)

Last weekend a Dutch newspaper reported that many companies are losing sleep over the lockdown and the lack of testing capacity. Not surprisingly more and more organisations are considering to take the testing of employees into their own hands. Especially the use of corona rapid tests is often mentioned. But is the use of those

use of corona rapid tests in an employment context (part 2)

Earlier we wrote about the use of corona rapid tests in an employment context. Due to a lack of testing capacity, people sometimes have to stay at home for several days at a time. As a result, organisations are struggling with a lack of employees in the workplace. This has particularly serious consequences for sectors

use of corona rapid tests in an employment context (part 1)

Testing. Testing. Testing. This is the current motto of the Dutch government. Even in case of mild complaints. Unfortunately, there appears to be a great lack of testing capacity at the moment. As a result, people have to stay at home for several days at a time. As a result, organisations are struggling with a

Dutch Data Protection Authority imposes hefty fine on Tennis Union

The Dutch Data Protection Authority (‘DPA’) imposed an administrative fine of € 525,000 on the Dutch Tennis Union for selling the personal data of its members to two sponsors. These sponsors approached part of these members with (tennis related) offers. Below we will discuss several interesting points from the DPA’s decision. (Co-)controllership The Tennis Union

This site is registered on Toolset.com as a development site.