Blog

A closer look to damages liability under the GDPR

The General Data Protection Regulation, GDPR (Regulation (EU) 2016/679) started to apply on May 25, 2018. See here. The GDPR sets forth the data subject’s right to compensation and liability for the damages caused by processing infringing the GDPR. Pursuant to Article 82, GDPR: “Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered”. Let’s Read more [...]

GDPR fines are clearly insurable only in Finland and Norway

Aon and DLA Piper released a “price of data security” report on where GDPR’s fines are generally insurable. According to the guide, only Finland and Norway allow insurance for this type of fines. In 20 out of 30 jurisdictions, GDPR fines do not seem insurable (like in UK, France, Italy and Spain), and in the rest, the situation is not clear and may depend on the instance. Attention: we are talking here of "GDPR fines', i.e. of the penalties that data protections authorities can issue against Read more [...]

$999,000 in HIPAA settlements for unauthorized disclosure of patients’ protected health information

On September 20, 2018, the Department of Health and Human Services, Office for Civil Rights (OCR) announced that it reached settlement with several medical centers after they allegedly compromised patients’ protected health information (PHI) by inviting film crews on premises to film an ABC’s television documentary series, without first obtaining authorization from patients. According to the settlements, to resolve potential HIPAA violations, the entities will pay around $1 million fine and Read more [...]

Argentina to adopt soon GDPR’s standards?

On September 19, 2018, Argentina’s president sent a data protection bill to the national Congress for approvaI. In Argentina the protection of personal data was constitutionally regulated in 1994 and by means of a law promulgated in 2000. See here. According to the bill’s preface, in consideration of the many technological innovations of the last 17 years, as well as the approval of the GDPR – this bill seeks to maintain the current international standards. In 2003, the European Commission Read more [...]

ICO served GDPR enforcement notice on a non resident organization (Canadian company)

On July 6, 2018, the UK Data Protection Authority, the Information Commissioner Officer (ICO), served what looks like the first enforcement notice regarding the processing of UK individuals’ personal data by a nonresident organization. The notice was directed to Aggregate IQ (AIQ), a digital advertising, web and software development company based in Canada.  According to the ICO, AIQ received personal data (including names and email addresses) from political organizations and used them to target Read more [...]