Blog
Undocumented PDFs. CEO accountable for a €77 139 GDPR fine
The Norwegian Data Protection Authority (DPA) issues a fine of €77 139 against St Olav's Hospital. The fine is issued since PDFs, containing personal data, have been stored in a folder without being present in [...]
Chairman of the Board responsible for GDPR fine of €499 373
Ferde AS, a company that handles road tolls in Norway, has been fined € 499 373. The company has illegally transferred large amounts of unstructured data containing personal data to China and is criticized for lacking [...]
The board of directors that can manage exploding demand
The need for automated information classification is increasing exponentially. While regulators are turning the threat of GDPR fines into promises, the rise in cyberattacks makes it clear that information control is a prerequisite for both [...]
Practice makes perfect! Swedish police fined and forced to educate 33,000 employees in data protection.
Swedish IMY, formerly Datainspektionen, fines the Swedish Police Authority administrative sanction fee of €250 000 for violations of the Criminal Data Act. For the Swedish public sector, the maximum fine is €1M, so this constitutes as [...]
Webinar with CGI: How to take control of your business’ unstructured data
11 February 2021 at 14:00-15:00 Many authorities and companies have in the suites of the GDPR got their structured data in order, but the rules also apply to unstructured data that contains personal data. The [...]
Swedish government: The key to cloud services is information classification
The IT Operations Inquiry (IT-driftsutredningen) recently presented its report on “Secure and cost-effective IT operations” with a special focus on the legal conditions for public sector outsourcing. The conclusion is that an amendment to the [...]
A couple of PDFs in the cloud. Price: €55 000
Umeå University receives a fine of €55 000, announces the Swedish DPA Datainspektionen. A group of researchers at the university have scanned public criminal investigation protocols as PDFs and saved them in a US cloud [...]
Bad access management. Again. Price: €6 770 912
The Swedish DPA, Datainspektionen, announces that it has completed its review of eight care providers' medical record systems. During their supervision, they have found major shortcomings in the access management and also in functions for [...]
Bad access management. Price: €392 133
The Swedish DPA, Datainspektionen, issues a fine of SEK 4 million to the Board of Education in the city of Stockholm. The fine applies to the city's school platform, which on examination of the system [...]
Folksam illegally shared personal data of +1M individuals
Swedish insurance group Folksam reports that they voluntarily, but illegally, have shared personal data concerning more than 1 million data subjects with American companies such as Facebook, Google, Microsoft, Linkedin and Adobe. The illegal data transfers where [...]
Not monitoring your unstructured data. Price: €35 000 000
Swedish world-renowned retailer H&M reveals a €35M fine in their quarterly report. The fine has been issued by the data protection authority in Hamburg following a personal data incident in the company’s service center. It [...]
We are proud sponsors of Nordic Privacy Arena!
Nordic Privacy Arena, NPA, is the biggest gathering of privacy and security professionals in the Nordics. More than 700 professionals meet under two days and share insights and experiences. This year, although being digital, the [...]
Swedish DPA: Get in control of personal data and flows
The Swedish DPA Datainspektionen has now presented their first embryo of guidelines following the Shrems II case from July 16th. They conclude, as many others, that transfer of personal data from the EU to the [...]
CJEU: No more benefit of the doubt
As most have noticed, the decision communicated by the European Court of Justice, CJEU, the 16th of July in the Schrems II case has made the usage of American cloud services, if not impossible, [...]
Privacy shield has fallen. This changes everything.
Privacy shield has fallen. This changes everything.The European Court of Justice, ECJ, has decided in the Schrems II-case (C-311/18). They declare the Privacy Shield, an arrangement created by the by the U.S. Department of Commerce [...]
DPO having too many hats. Price: €50 000
The Belgian Data Protection Authority has decided on the role of the Data Protection Officer, and potential conflict of interest. Proximus SA has been fined €50,000 for appointing its Head of Compliance, Audit and Risk [...]
Slow reporting. Price: €20 000
The Swedish DPA Datainspektionen issues a fine of €20 000 towards the Swedish National Government Service Centre for breaches towards the GDPR. The Swedish National Government Service Centre got aware of a security hole in the [...]
Big data contact tracing – Aigine’s team #2 in Hack the crisis
The COVID-19 pandemic is affecting everyone’s lives, and unfortunately its impact seems to extend to our lives and economies long after the virus itself has been put under control. In order to save lives, unburden [...]
Video: We had a good time at a privacy webinar!
Recording from the very popular webinar we held in collaboration with Arrow, IBM and DLA Piper. And yes, we did have a very good time. https://youtu.be/xu6iUprsKjU Privacy-related EU fines, background https://youtu.be/xu6iUprsKjU?t=172 Damages and activism, new [...]
Can’t forget. Price: €6 980 000
Swedish DPA Datainspektion issues a fine of €6 980 000 towards Google for breach of the GDPR. Following a case from 2017, where Datainspektionen decided that certain personal data should be removed, they have now found that [...]
Aigine becomes a Norrsken House Impact Member
The right to a personal life is one of the fundamental human right found described in article 12 of the Declaration of human rights. It is also part of the United Nations sustainability goals and [...]
Tom Törngård strengthens Aigine
Tom started his career as an officer in the Swedish Armed Forces and has thereafter used his leadership skills in a wide variety of roles. He has solid experience in complex enterprise sales from his [...]
Procrastination. Price: €388 350
The Norwegian Data Protection Authority, Datatilsynet, issues a fine of €388 350 to the Norwegian Public Roads Administration. The fine is the highest in Norway and is targeting a public authority, without any data breach occurring. [...]
Swedish DPA: A storm is coming
Many have reacted with surprise on the near absence of enforcements coming from Scandinavian DPAs since GDPR entered into effect May 2018. And for sure, compared to a relatively much higher activity level from southern [...]