Divulgare la privacy e la cybersecurity nelle aziende
con spiegazioni semplici e operative, AI assisted
Osservatorio a cura del dott. V. Spataro 


Podcast Newsletter Dizionario Rassegna TG About

Caffe20.it - dal 2008 il podcast più longevo in Italia






Accesso


Password persa ?

oppure

Dallo store:

La banca dati:

221 voci nel dizionario
4159 documenti
1096 temi
104 dossier

store
i prodotti

   dizionario 2024-02-09 ·  NEW:   Appunta · Stampa · Cita: 'Doc 98304' · pdf

Company offering electronic communication services – no complete information of the data subjects & no sufficient technical and organisational measures | European Data Protection Board

abstract:



Documento annotato il 30.08.2024 Fonte: europa.eu
Link: https://edpb.europa.eu/news/national-news/2024/com




analisi:

L'analisi è riservata agli iscritti. Segui la newsletter dell'Osservatorio oppure il Podcast iscrizione gratuita 30 giorni




index:

Indice




    testo:

    Eestimated reading time: 1 min

    Background information

    • Date of final decision: 5 July 2023
    • National case
    • Controller: the data controller is a company offering electronic communication services.
    • Legal Reference(s): Article 13 (Information to be provided where personal data are collected from the data subject), Article 24 (Responsibility of the controller)
    • Decision: Administrative fine, Compliance order, Warning and Violation identified
    • Key words: Accountability, Administrative fine,Clients, Responsibility of the controller, Right to be informed

    Summary of the Decision

    Origin of the case  

    A complaint. During the handling of the complaint, it appeared that the data controller transferred multiple times personal data of the complainant to its data processor, who then transmitted said data to a third party. Therefore, the Luxemburg Supervisory Authority (the CNPD) decided to open an investigation in order to verify the compliance with the provisions of the GDPR, and more precisely concerning the legal basis of the transfer of personal data of the complainant to a third party, as well as the information of the data subject concerning said transfer.


    Key Findings 

    The, CNPD, concluded that the data controller violated article 13.1.e) of the GDPR (no information about the recipients of the personal data, and more precisely about the transfer of the data to one specific data processor). In addition, the CNPD identified a violation of article 24.1 of the GDPR (responsibility of the data controller), as personal data of the complainant was illicitly transferred multiple times to a third party by a processor of the controller. 


    Decision 

    An administrative fine of 1.500 € was imposed, as well as a reprimand for having violated article 13.1.e) of the GDPR. In addition, the CNPD ordered the controller to bring the processing operations into compliance with article 24.1 of the GDPR, in particular by putting in place appropriate technical and organizational measures in order to verify that the data processor stops transferring the data of the complainant to a third party.  
     

    For further information: national decision


    Link: https://edpb.europa.eu/news/national-news/2024/com

    Testo del 2024-02-09 Fonte: europa.eu




    Commenta



    i commenti sono anonimi e inviati via mail e cancellati dopo aver migliorato la voce alla quale si riferiscono: non sono archiviati; comunque non lasciare dati particolari. Si applica la privacy policy.


      Newsletter
    Ricevi gli aggiornamenti su Company offering electronic communication services – no complete information of the data subjects & no sufficient technical and organisational measures | European Data Protection Board e gli altri post del sito:

    Email: (gratis Info privacy)






    Nota: il dizionario è aggiornato frequentemente con correzioni e giurisprudenza
    Caffe20.it - dal 2008 il podcast più longevo in Italia