Greek DPA imposes its highest to date fine on Telecom Providers
On January 27, the Hellenic Data Protection Authority (DPA) imposed a fine of 6 million euros and 3.25 million euros to the mobile phone operator Cosmote and its parent company OTE, respectively. The companies were involved in a data breach caused by a cyber-attack occurred in September 2020 concerning the leakage of subscriber call data. […]
The GoDaddy data breach
GoDaddy is an American domain registrar and web creating and hosting company. As reported at the beginning of 2021, the number of customers of the company was 20.6 million, and has likely increased since as statistics show. As part of its services, GoDaddy offers domain names suited to the requirements of a new company, hosts […]
Data Protection Compliance 2022 Priorities – International Data Transfers
For organisations in the process of deciding data protection compliance priorities for 2022, a particular focus should be on the need to ensure that adequate safeguards are in place when personal data is being transferred to third countries (e.g., from the EU to the US). This may include implementing supplemental measures, in addition to Article […]
How to Mitigate Data Breaches resulting from Human Error
The most recent European Data Protection Board (EDPB) Guidelines aim at helping data controllers decide how to handle data breaches and what factors to consider during risk assessment. The EDPB guidelines have been updated post public consultation and thus adopt a case study based approach, so they appear as a practical tool to be considered […]
EDPB Launches Coordinated Enforcement Actions on the use of Cloud Services by European Institutions and National Public Authorities
The adoption of cloud services by public authorities has doubled in the past six years and has further accelerated during the pandemic. In response to this, the European Data Protection Board (EDPB) announced the kick-off its first coordinated enforcement action. The EDPB initially foreshadowed this coordinated action in its decision to establish a Coordinated Enforcement […]
Online gambling: how can we combat the perfect disguise to transfer illicit profits?
Online gambling and money laundering have become the perfect partners. In 2020 the Online Gambling Gross Income in Europe reached approximately 24 billion Euros. According to EUROPOL, the EU loses an estimated 120 billion Euros annually due to money laundering. Add cryptocurrency into the mix and you face a challenge unforeseen by law enforcement agencies […]
A framework for regulating AI in the public sector
Technological and regulatory developments in the public sector across the globe signal a radical transition; the traditionally technologically conservative paper-based public sector is transitioning to a digitalised, tech-savvy, advanced and inter-connected system of public services, assimilating market features. Public services and infrastructure are being digitalised; artificial intelligence (AI) and other innovative technologies are being deployed […]
A lesson in transparency leads to a record fine under the GDPR for WhatsApp
WhatsApp has experienced significant backlash in regard to compliance with its transparency obligations under the General Data Protection Regulation (GDPR), and on 2 September 2021, the DPC imposed a fine of €225 million. In this article, we consider the nature of the inquiry, the challenges the DPC received from its European counterparts and the reasons […]
The UK is set to diverge from the GDPR
On 9 September 2020, the UK Department for Digital, Culture, Media & Sport (DCMS) published its National Data Strategy, which included: “responsible data” as a core pillar and an associated “securing a pro-growth and trusted data regime” priority mission. This included a June 2021 Taskforce on Innovation, Growth and Regulatory Reform (TIGRR) proposal to: “replace the […]
GDPR fines may be susceptible to significant reductions upon appeal
The General Data Protection Regulation (GDPR) substantially increased the amount that data protection authorities (DPAs) are empowered to fine organisations, to €20m or 4% of worldwide annual turnover. The UK Information Commissioner’s Office (ICO) has issued a limited number of fines for data protection breaches in the first 5 years of the UK GDPR. It […]
