I provvedimenti spiegati alle aziende
con guide, checklist, modelli; AI assisted
Osservatorio a cura del dott. V. Spataro 



   dizionario 2024-02-09 ·  NEW:   Appunta · Stampa · Cita: 'Doc 98304' · pdf
  

Company offering electronic communication services – no complete information of the data subjects & no sufficient technical and organisational measures | European Data Protection Board

abstract:


documento annotato il 09.02.2024. La banca dati trasferita a multipli responsabili del trattamento che li hanno trasferiti ad altri ancora.

Fonte: europa.eu
Link: https://edpb.europa.eu/news/national-news/2024/com

analisi:

L'analisi è riservata agli iscritti. Segui la newsletter dell'Osservatorio oppure il Podcast iscrizione gratuita 30 giorni


index:

testo:

Company offering electronic communication services – no complete information of the data subjects & no sufficient technical and organisational measures

22 January 2024 

Background information

  • Date of final decision: 5 July 2023
  • National case
  • Controller: the data controller is a company offering electronic communication services.
  • Legal Reference(s): Article 13 (Information to be provided where personal data are collected from the data subject), Article 24 (Responsibility of the controller)
  • Decision: Administrative fine, Compliance order, Warning and Violation identified
  • Key words: Accountability, Administrative fine,Clients, Responsibility of the controller, Right to be informed

 

Summary of the Decision

 

Origin of the case  

A complaint. During the handling of the complaint, it appeared that the data controller transferred multiple times personal data of the complainant to its data processor, who then transmitted said data to a third party. Therefore, the Luxemburg Supervisory Authority (the CNPD) decided to open an investigation in order to verify the compliance with the provisions of the GDPR, and more precisely concerning the legal basis of the transfer of personal data of the complainant to a third party, as well as the information of the data subject concerning said transfer.


Key Findings 

The, CNPD, concluded that the data controller violated article 13.1.e) of the GDPR (no information about the recipients of the personal data, and more precisely about the transfer of the data to one specific data processor). In addition, the CNPD identified a violation of article 24.1 of the GDPR (responsibility of the data controller), as personal data of the complainant was illicitly transferred multiple times to a third party by a processor of the controller. 


Decision 

An administrative fine of 1.500 € was imposed, as well as a reprimand for having violated article 13.1.e) of the GDPR. In addition, the CNPD ordered the controller to bring the processing operations into compliance with article 24.1 of the GDPR, in particular by putting in place appropriate technical and organizational measures in order to verify that the data processor stops transferring the data of the complainant to a third party.  
 

For further information: national decision


Link: https://edpb.europa.eu/news/national-news/2024/com

Testo del 2024-02-09 Fonte: europa.eu




Commenta



i commenti sono anonimi e inviati via mail e cancellati dopo aver migliorato la voce alla quale si riferiscono: non sono archiviati; comunque non lasciare dati particolari. Si applica la privacy policy.







Nota: il dizionario è aggiornato frequentemente con correzioni e giurisprudenza