The Polish Data Protection Authority (UODO) has fined McDonald’s Poland nearly €4 million (16.9 million PLN). The reason: a chain of security failures that led to a major data breach involving employee information. This case is a textbook example of how data protection responsibility can’t simply be outsourced to third-party vendors and why fundamental GDPR … Read more
Can ignoring fundamental security measures like multi-factor authentication (MFA) lead to a multi-million euro fine? The Estonian Data Protection Inspectorate (AKI) has answered this question with a resounding “Yes,” imposing a €3 million fine on the pharmaceutical wholesaler Allium UPI. The case is a stark warning for any company that processes customer data, demonstrating that … Read more
The Higher Regional Court (OLG) of Dresden addressed whether a claim for damages under Article 82 of the GDPR exists if the affected email address was already part of a previous data breach. What was the case about? The plaintiff sought damages due to a data breach in June 2020 in which her email address … Read more
The Higher Administrative Court (OVG) of Münster has addressed the question of whether public authorities are generally required to use end-to-end encryption when transmitting personal data. What was the case about? A plaintiff demanded that a public authority transmit personal data exclusively using end-to-end encryption. He argued that transport encryption alone (e.g., TLS) did not … Read more
© Copyright 2021 mip Consult GmbH. All Rights Reserved.