CASES, SANCTIONS AND CLAIMS

  • (2019, Mar) Denmark: first GDPR fine is proposed by the Danish Data Protection Agency for a taxi company which failed to enforce personal data retention policies with regards to clients’ telephone number.
  • (2019, Jun) The French supervisory authority CNIL fines Estate Company 400K on issues of inadequate technical measures (Art. 32 GDPR) and non-compliance with retention periods (Art. 5(1)(e) GDPR).
  • (2019, Jun) The Danish DPA proposed a fine of DKK 1,5 million against IDDesign A/S, for failure to delete data about 385.000 customers.
  • (2019, Nov) Germany: Berlin Commissioner for Data Protection and Freedom of Information issued a fine of around 14.5 million Euros against Deutsche Wohnen SE for violations of the GDPR, including for failing to delete very old data.

REPORTS AND ARTICLES FROM OTHER ORGANISATIONS

  • (2020, Aug) Ian Gauci: Pandora’s box and data retention obligations in Europe (see the full article here).

OFFICIAL GUIDELINES, REPORTS AND STATEMENTS