Category Archives: Sanctions

First GDPR sanctions are underway: the German case

On 22 November 2018, the Baden-Württenberg Data Protection Authority (LfDI) announced, with a press release available here in German, of having imposed a € 20.000 sanction on the chat site Knuddels.de, for breach of Art. 32 of the GDPR. Knuddels is an online chat service that was popular in the 2000s, before the Facebook era.… Read More »

GDPR in practice

Everybody is talking about GDPR in every session at Security Summit this year, whatever the topic, but in practice what companies are doing to get prepared? Alessandro Vallega started from here to introduce the conference dedicated by Europrivacy to the new European Regulation, on the second day of the Summit organized by Clusit in Milan.… Read More »

Cyber Crime and Compliance at Milan Politecnico

The headlines go to the Cyber Crime attacks, but ultimately the Compliance remains the main expense leverage in IT security, at least for SMEs. That’s what emerges from the 2016 Survey by the Information Security & Privacy Observatory of the Milan Politecnico School of Management, presented on 2/2 at the conference “Cyber Crime: the invisible threat… Read More »

Costs and security

The GDPR allows the controller to take into account also the cost of the security measures required to comply: article 32 says “Taking into account the state of the art, the costs of implementation…”. Compared to the current legislation this fact is strongly innovative, at least in Italy. “Taking into account the costs” is a… Read More »

Phishing: news from “Italian Data Protection Authority” in an schedule

In mid December the Italian Data Protection Authority (hereafter IDPA) in the framework of information items aimed to the raise of awareness in the privacy, edited a new schedule about phishing Phishing is a form of scam made on the Internet through deception of users, and is an unlawful technique used to steal confidential information… Read More »

German GDPR implementing rules

Germany has released the second draft of a rule implementing the GDPR, which will replace the current national Privacy legislation Bundesdatenschutzgesetz (BDSG), setting alongside the GDPR itself. According to the Regulation, member states may legislate on specific matters, while respecting the general principles set out in the Regulation: Germany apparently is already doing it. In… Read More »

Fines are higher for individual rights violations rather than poor data protection

Art. 24 Sanctions of the Directive 95/46 recital “The Member States shall adopt suitable measures to ensure the full implementation of the provisions of this Directive and shall in particular lay down the sanctions to be imposed in case of infringement of the provisions adopted pursuant to this Directive.” did not gave any specific criteria to… Read More »