The Spanish Data Protection Authority has published Guidance on Risk management and impact assessment in personal data processing. Access them here →(in Spanish) / Tweet this →
The European Data Protection Board has published a leaflet about its One-stop-shop for data protection enforcement. Open it by clicking here → / Tweet this →
The Italian Data Protection Authority (Garante) issued a decision to fine a company €2.6 million for a lack of transparency and accuracy in their use of algorithms to manage employees. In addition to the fine, the Garante ordered the company to implement measures that protect employees from the risks resulting from automated decision-making (for instance, the right to obtain human intervention). The company was also ordered to verify the accuracy of the data fuelling the algorithm and to prevent discrimination in the systems based on customer feedback. Read the decision here → / Tweet this →
The Norwegian Data Protection Authority (Datatilsynet) issued a decision to fine a company NOK 150,000 for failing to close and further accessing a former employee’s e-mail box after the termination of their contract. Read the decision here → / Tweet this →
In the United States, after Accellion (a company used to securely transfer files) suffered a data breach, the Supermarket chain Kroger Co. agreed to pay $5 million in a settlement on behalf of about 3.82 million customers and employees. The company had been accused of not putting in place sufficient security measures to protect the processed data. Read the motion for a preliminary approval of theclass action settlement here → / Tweet this →
