The Finnish supervisory authority (the “Ombudsman”) reminds controllers that IT system log data containing information related to the protection of personal data must be stored under the principle of accountability

The Spanish supervisory authority (Agencia Española de Protección de Datos – AEPD) has fined DATA 1000 FINCAS S.L., a property administration company, €2,000 for breach of Article 5(1) of the GDPR

The Personal Data Protection Office imposed a fine of over PLN 363,000 on Bank Millenium S.A. for failing to report a data protection breach and for failing to fully inform affected persons of the incident

The Cyprus supervisory authority has fined WS WiSpear Systems Ltd €925,000 for breaching the principles of lawfulness, fairness and transparency by collecting network card addresses (MAC addresses) and SIM card identifiers (IMSI) without users’ knowledge

The Privacy Protection Authority (PPA) in Israel has launched an investigation into a security incident suffered by CyberServe

The Dutch data protection authority (AP) has sent a letter to the GGD GHOR Nederland, the central office of public clinics, ordering additional measures to better protect personal data in the context of the processing of personal data in relation to the COVID-19 pandemic

The French data protection authority (CNIL) has published an awareness guide on compliance with the GDPR

The Personal Data Protection Office points out that the Polish legal system lacks comprehensive provisions on the use of drones by public authorities to perform their tasks or exercise public authority

The Federal Trade Commission (FTC) has suggested some easy-to-implement preventative measures that small businesses can take to strengthen their cybersecurity.

The Swedish Authority for Privacy Protection (IMY) has initiated a review of the national waiting time database used by the Swedish Association of Local Authorities and Regions (SKR) to compile statistics on waiting times in healthcare