Employer acquitted of liability – workplace, person to be charged, instructions and supervision was at issue
On 5 July 2019, one of the Danish district courts (the District Court of Herning) found that a master painter was liable for compensation in connection with an injury accident caused when an apprentice fell off a balcony and suffered severe head injuries.
GDPR decisions – January 2021
Norwegian company fined EUR 95,000 for insufficient basis for processing Innovation Norway carried out four credit ratings of a one-man business, which the owner of the business complained about to the Norwegian data protection authority. The credit ratings were made over a 3-month period. Innovation Norway was not able to identify any customer relation or …
Looking back at GDPR matters in 2020
2020 is drawing close to an end, and also in terms of the GDPR, it is a fact that COVID-19 has taken up massive attention. New questions arose, to which answers were needed, e.g.: Is it allowed for an employer to register data about COVID-19? Is it allowed to transfer data about COVID-19? Where can …
GDPR decisions – December 2020
Danish municipality reported to the Police and is facing EUR 6,700 fine The Danish Data Protection Agency (the DPA) has reported the municipality of Guldborgsund to the Police and recommended a fine of EUR 6,700 (DKK 50,000) since the municipality failed to act with necessary alertness in connection with a security breach.
GDPR decisions – November 2020
The Irish DPA fines Tusla Child and Family Agency EUR 75,000 In May 2020, the Tusla Child and Family Agency (Tusla) was imposed with an administrative fine of EUR 75,000, which has now been heard and confirmed by an Irish court of law.
GDPR decisions – October 2020
All-time high fine of GBP 20 million imposed on British Airways for data breach The Information Commissioner’s Office (the ICO) has given a penalty notice of GBP 20 million (about EUR 22 million) to British Airways (BA) for infringements of the GDPR in 2018 affecting more than 400,000 of the company’s customers.
GDPR decisions – September 2020
In 2019, the Finnish DPA received complaints on the electronic direct marketing and neglection of rights of the data subject, contrary to what is provided for under the GDPR. The topics of direct marketing included various courses within building supply and asbestos removal. The data subjects reported that they had received direct marketing messages from …
GDPR decisions – August 2020
Danish DPA commits personal data breach and misses the 72-hour notification deadline
GDPR decisions – July 2020
Fine of approx. EUR 28,000 issued due to unlawful basis for processing
GDPR decisions – June 2020
Publication of club magazines from the early 1980s found lawful On 16 June 2020, the Danish Data Protection Agency (DPA) decided in a matter in which a citizen had complained about a sailing club that had posted three club magazines from 1981 and 1982 on the internet, thereby revealing information on the name, former address, …