First GDPR fine from Romanian data protection authority

Romanian Data Protection Authority fine

The Romanian National Supervisory Authority (the Romanian equivalent of the UK’s ICO) has issued its first GDPR fine. They have fined Unicredit Bank €130,000 for breaches of Article 25(1) for “failure to implement appropriate technical and organisational measures, both within the determination of the processing means and processing operations themselves, designed to effectively implement data …

Read moreFirst GDPR fine from Romanian data protection authority

ICO Publishes DPIA Guidance consultation

GDPR transparency

The ICO has published draft guidance on the use of Data Protection Impact Assessments (DPIA), a tool used to assess the risks of processing personal data. The UK has had Privacy Impact Assessments (PIA) for some time as best practice but the GDPR enforces the need for DPIA in certain circumstances. The draft guidance: Covers …

Read moreICO Publishes DPIA Guidance consultation