The group appointed a DPO as a part of its data protection office located at its headquarters, while its Luxembourg subsidiary only had a data protection lawyer that acted as a point of contact for the DPO; this structure precluded the DPO from being informed and consulted from the earliest stages of all data protection matters in Luxembourg, as the lawyer only communicated with the DPO when they deemed it necessary.
Luxembourg CNPD Fines Group of Companies €18,000 for Lack of DPO Involvement
Related Posts
Irish National Police Data Leak Highlights Third-Party Risk
The recent data breach incident involving the Irish National Police. This breach underscores the critical importance of addressing…
Fines for breaches of EU GDPR privacy law spike sevenfold
Fines for GDPR breaches have increased sevenfold to 1.2 billion with EU-US data transfers being a major issue.
Do Not Call: AEPD Spain Fines Telecom €100,000
Telecom company fined €100,000 for unsolicited telemarketing calls to an individual on the do not call list.