Sypher Solutions’ Post

⚖️ Right to bring collective action for violations of information obligations under GDPR. The European Court of Justice (ECJ) recently ruled that if a company fails to provide clear and complete information about how it uses personal data (as required by Articles 12 and 13 of the GDPR), it can be taken to court by consumer advocacy groups. The specific case involved Meta (Facebook's parent company), which allowed third-party games on its platform to collect and share user data. The Federation of German Consumer Organisations (vzbv) argued that Meta hadn't properly informed users or obtained valid consent. The German courts referred the matter to the ECJ, which confirmed that such failures can be challenged through class actions. 💡 This decision means that companies must ensure that their privacy notices are clear, simple and easy to understand, or risk legal action from consumer groups. Read more 👇 --- #SypherPrivacyTalks Stay tuned for more:📌 follow the Sypher Solutions company page. We'll keep you updated on #dataprotection, #privacy, #privacymanagement, #GDPR, #GDPRcompliance, #DPO, #cookies, #consent.

📢 UK: Open consultation on data protection fee regime The UK government is holding a consultation to gather views on proposed changes to the data protection fees payable to the Information Commissioner's Office (ICO), which is primarily funded by fees paid by data controllers. Currently, these fees are split into three tiers based on an organisation's size and turnover, ranging from £40 to £2900. The fees have not been updated since 2018 ❗ The consultation, which is open until 26 September 2024, follows a review of the fee regime and aims to ensure that the ICO has sufficient resources to carry out its duties effectively, including new responsibilities under forthcoming legislation. Read more 👇 --- #SypherPrivacyTalks Stay tuned for more:📌 follow the Sypher Solutions company page. We'll keep you updated on #dataprotection, #privacy, #privacymanagement, #GDPR, #GDPRcompliance, #DPO, #cookies, #consent.

Moldova publishes data protection law aligned with the EU GDPR 🎉 📜 The National Centre for the Protection of Personal Data (CNPDCP) of the Republic of Moldova announced the official publication of Law No. 195/2024 on the protection of personal data on 23 August 2024. This law aims to protect the fundamental rights and freedoms of individuals with regard to the processing of personal data, in particular the right to privacy. It fully incorporates the provisions of the EU General Data Protection Regulation. The new law will enter into force two years after its publication and will replace the existing Law No. 133/2011 on the protection of personal data. Read more (article in Romanian). 👇 --- #SypherPrivacyTalks Stay tuned for more:📌 follow the Sypher Solutions company page. We'll keep you updated on #dataprotection, #privacy, #privacymanagement, #GDPR, #GDPRcompliance, #DPO, #cookies, #consent.

💥 Over three million Belgian WhatsApp users affected by data leak Safeonweb, an initiative run by the Belgian Cybersecurity Centre, has identified the details of 3.2 million Belgian WhatsApp users being illegally sold on a dark web forum, potentially exposing users to a range of cybersecurity risks. Safeonweb urges WhatsApp users to be vigilant about calls or messages from unknown numbers and not to share sensitive data online. The organisation also recommends enabling two-factor authentication in the WhatsApp application and checking current security settings. Read more 👇 --- #SypherPrivacyTalks Stay tuned for more:📌 follow the Sypher Solutions company page. We'll keep you updated on #dataprotection, #privacy, #privacymanagement, #GDPR, #GDPRcompliance, #DPO, #cookies, #consent.

💶 Uber has been fined €290 million in the Netherlands for transferring drivers' personal data - such as taxi licences, location data and even medical records - to the United States. Uber made these transfers without " appropriately safeguarding the data", according to the Dutch DPA. Uber claims it complied with the GDPR during three years of "immense uncertainty" between the US and the EU over how the rules would be applied. The problem, according to Uber, dates back to 2020, when the EU Court of Justice ruled that the current EU-US data transfer framework was no longer compliant with the GDPR. Read more 👇 --- #SypherPrivacyTalks Stay tuned for more:📌 follow the Sypher Solutions company page. We'll keep you updated on #dataprotection, #privacy, #privacymanagement, #GDPR, #GDPRcompliance, #DPO, #cookies, #consent.

📣 The European Commission recently announced the launch of a consultation on General Purpose Artificial Intelligence ("GPAI") models and invited stakeholders to express their interest in participating in the development of the first GPAI Code of Practice (the "Code") under the newly adopted EU AI Act. Once finalised, providers of GPAI models will be able to voluntarily rely on the Code to demonstrate their compliance with certain obligations under the AI Act. Participants can find more information on the consultation on the Code of Practice for GPAI (deadline 🗓️ Sept 18, 2024). Read more 👇 --- #SypherPrivacyTalks Stay tuned for more:📌 follow the Sypher Solutions company page. We'll keep you updated on #dataprotection, #privacy, #privacymanagement, #GDPR, #GDPRcompliance, #DPO, #cookies, #consent.

2,000 GDPR fine for recruitment 📨 email sent to wrong recipient ❗ 💶 The Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) imposed a €2,000 fine on a company after an employee mistakenly sent an email to the wrong recipient during a recruitment process. The email, intended for a job applicant, was accidentally sent to another individual, leading to an unauthorised disclosure of personal data, including the applicant's name, surname, and the store location where they applied. The ANSPDCP found that the company failed to implement adequate technical and organisational measures to prevent such data breaches, as required by GDPR. These measures are crucial to ensure a level of security that protects against accidental or illegal data processing, such as unauthorised disclosure or access. Read more (article in 🇷🇴 ) 👇 --- #SypherPrivacyTalks Stay tuned for more:📌 follow the Sypher Solutions company page. We'll keep you updated on #dataprotection, #privacy, #privacymanagement, #GDPR, #GDPRcompliance, #DPO, #cookies, #consent.

CJEU ruling on the concept of identity theft: when the controller shall pay compensation? ⚖️ This Lexology article by SMARTLEGAL Schmidt & Partners analyses the recent decision of the Court of Justice of the European Union on issues related to compensation for personal data breaches on several occasions. In the Scalable Capital case, the Court answered the questions of what should be taken into account when determining the amount of compensation and when the theft of personal data can be considered as identity theft. To learn what the Court concluded, read more 👇 --- #SypherPrivacyTalks Stay tuned for more:📌 follow the Sypher Solutions company page. We'll keep you updated on #dataprotection, #privacy, #privacymanagement, #GDPR, #GDPRcompliance, #DPO, #cookies, #consent.

💶 Ana Hotels SRL, a hotel company in Romania, has been fined €8,000 by the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) for a GDPR violation. The investigation began after the company reported a data security breach due to a ransomware attack that compromised personal data stored in its IT systems, affecting a significant number of employees. The fine was imposed because Ana Hotels SRL failed to implement appropriate technical and organisational measures to ensure a sufficient level of security for data processing, as required by the GDPR. In addition to the fine, the company was ordered to implement ☝️ a procedural plan to regularly test, evaluate and assess its IT systems, ensure data security and maintain continuous logging of access and data traffic on its servers for at least 30 days, including regular backups. Read more (article in 🇷🇴 )👇 --- #SypherPrivacyTalks Stay tuned for more:📌 follow the Sypher Solutions company page. We'll keep you updated on #dataprotection, #privacy, #privacymanagement, #GDPR, #GDPRcompliance, #DPO, #cookies, #consent.

🕵️♂️ Privacy watchdog NYOB has filed two complaints accusing the European Parliament of compromising the personal data of its staff in a massive cyber attack earlier this year. The complaints follow a significant data breach. The European Parliament's recruitment platform 'PEOPLE' was the target of a cyber attack. The breach exposed the personal data of more than 8,000 staff members. Read more 👇 --- #SypherPrivacyTalks Stay tuned for more:📌 follow the Sypher Solutions company page. We'll keep you updated on #dataprotection, #privacy, #privacymanagement, #GDPR, #GDPRcompliance, #DPO, #cookies, #consent.