In its decision of 8.11.2019, GZ: DSBD122.970/0004-DSB/2019 (RIS), DSB had to deal with the processing of pseudonymised data (Art. 4 (5) GDPR). The complainant had created a user profile with the provider of an Internet small ad portal. The user profile used only a (freely choosable) username and an e-mail address as a “unique identifier”…. […]
Data protection warnings defused in Germany
Even before GDPR, many german lawyers sent out chargeable warning letters about small mistakes. With this law, the German federal government wants to protect small businesses and online shops in particular from high cost due to chargeable warning letters. Websites suffered automatic crawling to find minimal errors in the imprint or data protection notices. Chargeable… […]
Fine due to not naming a DPO
The SME Radidata GmbH (Germany) was fined 10.000 EUR for not naming a Data Protection Officer (DPO). In Germany a DPO is needed as soon 20 employees work with personal data. The data protection Authority requested Rapidata to name a DPO several times but was ignored. The fine takes into account that Rapidata is a… […]
Customer loyality programm – no right of partial deletion
With the decision DSB-D123.822 / 0005-DSB / 2019, the Austrian data protection authority had to deal with the question: Is there a certain data from a customer loyalty program? The affected company is a retailer offering a customer loyalty program. The complainant uses this customer loyalty program and subsequently requested the deletion of certain personal… […]
Right on Copy
In 2017, a data subject requested information from a bank about their data. Specifically, he asked for the names and addresses of service providers commissioned with the processing of his data, as well as information on current account transfers. The bank responded that it would provide regular account statements, there is a statement printer and… […]