On 14 March 2019, the Dutch data protection authority (Autoriteit Persoonsgegevens, DPA) announced (in Dutch) its fining structure for violations of the European General Data Protection Regulation (GDPR) and the Dutch law implementing the GDPR (Implementation Act).
The GDPR sets two levels of administrative fines that may apply depending on which GDPR provisions have been infringed: The higher of €10 … Continue Reading
In our previous post we outlined the key issues regarding mHealth devices and services from a privacy law perspective. Now, we go further into the details and discuss the scope of the personal data involved, especially relating to sensitive health data. We introduce the relevant statutory requirements in the EU and the legal opinions of the Article 29 Working Party … Continue Reading
Written by Gonzalo F. Gállego and Belén Gámez
It is well-known that international transfers of personal data from EU data controllers to data processors based in “countries not granting an adequate level of protection” (“Third Countries“), are subject to certain requirements provided for in the laws implementing the Data Protection Directive (95/46/EC) (the “Directive“) in each … Continue Reading