SypherPrivacyTalks - August 2024 - Week 35
by Sypher | Published in News - August 27, 2024
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
Privacy watchdog files complaints against the European Parliament for massive data breach
europeanconservative.com • 2 min read
🕵️♂️ Privacy watchdog NYOB has filed two complaints accusing the European Parliament of compromising the personal data of its staff in a massive cyber attack earlier this year.
The complaints follow a significant data breach. The European Parliament's recruitment platform 'PEOPLE' was the target of a cyber attack. The breach exposed the personal data of more than 8,000 staff members… read more
European Commission launches consultation and call for expression of interest on GPAI code of practice
insideglobaltech.com • 4 min read
📣 The European Commission recently announced the launch of a consultation on General Purpose Artificial Intelligence ("GPAI") models and invited stakeholders to express their interest in participating in the development of the first GPAI Code of Practice (the "Code") under the newly adopted EU AI Act. Once finalised, providers of GPAI models will be able to voluntarily rely on the Code to demonstrate their compliance with certain obligations under the AI Act.
Participants can find more information on the consultation on the Code of Practice for GPAI (deadline Sept 18, 2024) … read more
Hotel receives 8,000 Euro GDPR fine for data breach due to a ransomware attack
💶 Ana Hotels SRL, a hotel company in Romania, has been fined €8,000 by the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) for a GDPR violation. The investigation began after the company reported a data security breach due to a ransomware attack that compromised personal data stored in its IT systems, affecting a significant number of employees.
The fine was imposed because Ana Hotels SRL failed to implement appropriate technical and organisational measures to ensure a sufficient level of security for data processing, as required by the GDPR. In addition to the fine, the company was ordered to implement a procedural plan to regularly test, evaluate and assess its IT systems, ensure data security and maintain continuous logging of access and data traffic on its servers for at least 30 days, including regular backups... read more (article in Romanian 🇷🇴).
CJEU ruling on the concept of identity theft: when the controller shall pay compensation?
⚖️ This Lexology article by SMARTLEGAL Schmidt & Partners analyses the recent decision of the Court of Justice of the European Union on issues related to compensation for personal data breaches on several occasions.
In the Scalable Capital case, the Court answered the questions of what should be taken into account when determining the amount of compensation and when the theft of personal data can be considered as identity theft. To learn what the Court concluded, read more.
2,000 GDPR fine for recruitment email sent to wrong recipient
💶 The Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) imposed a €2,000 fine on a company after an employee mistakenly sent an email to the wrong recipient during a recruitment process. The email, intended for a job applicant, was accidentally sent to another individual, leading to an unauthorised disclosure of personal data, including the applicant's name, surname, and the store location where they applied.
The ANSPDCP found that the company failed to implement adequate technical and organisational measures to prevent such data breaches, as required by GDPR. These measures are crucial to ensure a level of security that protects against accidental or illegal data processing, such as unauthorised disclosure or access… read more (article in Romanian 🇷🇴).
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
Photo by Frederic Köberl on Unsplash
