In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider recent decision by the Swedish Data Protection Authority recently imposed a fine of 200,000 Swedish kronor (approximately €18,700 or $21,320) on the Swedish National Government Service Centre (“the NGSC”) for failing to notify both the Data Protection Authority and others about a personal data breach in sufficient time.  Some of the highlights are:

  1. What were the issues and interests involved in this case?
  2. What are the requirements for a reporting of a data breach under GDPR?
  3. What are the differences in duties of the Data Processor and Data Controller?
  4. What are the implications going forward?
  5. What is this decision’s precedential value?
  6. Is the decision Kafkaesque in its reasoning?

Check out the Cordery Compliance, client alert on this case, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.