CASES, SANCTIONS AND CLAIMS
- Denmark: first GDPR fine is proposed by the Danish Data Protection Agency for a taxi company which failed to enforce personal data retention policies with regards to clients’ telephone number.
- The French supervisory authority CNIL fines Estate Company 400K on issues of inadequate technical measures (Art. 32 GDPR) and non-compliance with retention periods (Art. 5(1)(e) GDPR).
- The Danish DPA proposed a fine of DKK 1,5 million against IDDesign A/S, for failure to delete data about 385.000 customers.
- Germany: Berlin Commissioner for Data Protection and Freedom of Information issued a fine of around 14.5 million Euros against Deutsche Wohnen SE for violations of the GDPR, including for failing to delete very old data.