16.2 really does the info protection power have the power to problem a ban on some control task? If yes, does these types of a ban need a court purchase?
The GDPR entitles the relevant data safety power to impose a temporary or conclusive constraint, like a bar on handling.
In , the NDPA offered advance notice towards the United States business Grindr LLC of their purpose to impose a management good of NOK 100 million (circa a‚¬10 million) in order to have disclosed individual facts, like sensitive and painful individual data, to alternative party advertisers without an appropriate grounds pursuant to reports 6 and 9 regarding the GDPR. Here http://datingmentor.org/afroromance-review/ is the greatest management fine in respect of which advance see has-been given by the NDPA and, if affirmed, would end up in the best NDPA great to date.
Another instance will be the administrative good of NOK 3 million (circa a‚¬276,000) implemented on Bergen Municipality when you look at the the autumn months of 2020 for breaches of personal facts protection because of the municipality’s education because of poor behavior for handling room address contact information where confidentiality had been needed. The municipality had not demonstrated nor communicated the necessary instructions to protected the private data of kids and parents who’d a confidential target before a brand new correspondence means had been put to use. Private facts which should happen private comprise hence open to unauthorised persons. The NDPA consequently in addition sent a letter with guidance to the municipality’s facts processor where they revealed the data processor’s task to make certain conformity featuring its data processing contract together with the municipality.
16.4 really does the info protection expert ever before exercise its powers against companies established in other jurisdictions? If yes, just how is it implemented?
The GDPR may also affect non-EEA enterprises even in the event they will have no physical presence inside EEA (look at reply to concern 3.1 above). This type of people must appoint a representative inside the EEA against that NDPA or even the related facts protection expert can take appropriate administration activity in GDPR.
A typical example of the physical exercise of enforcement capabilities by the NDPR against an everyone organization is the advance alerts of an administrative fine sent in from the NDPA to Grindr LLC for alleged violation regarding the GDPR (start to see the response to matter 16.3 above).
Unless there clearly was an explicit legal basis for the requested move, these types of a transfer will probably feel deemed for a purpose that is incompatible aided by the earliest purpose which is why the data had been amassed, therefore necessitating permission from the facts subject.
The NDPA prioritised the examination with the COVID-19 get in touch with tracing app (notice response to matter 18.2 below), issues linked to facts shelter and digital/online classes/courses for education and associations of degree, along with issues pertaining to privacy in employment scenarios.
The NDPA also focused on the institution industry and investigated cases of individual facts breach (discover, for instance, the answer to matter 16.3 above). Another priority had been the industry where, inter alia, the NDPA acted as a sparring lover regarding the nationwide wellness evaluation program (Helseanalyseplattformen) suggested because of the Norwegian Directorate for eHealth.