German healthcare company to get GDPR fine this month, regional regulator says
17 Apr 2019 12:00 am by Vesela Gladicheva
A large German healthcare-services company will this month be fined for breaches of EU privacy rules, the data-protection commissioner for the state of Rhineland-Palatinate has told MLex.
Dieter Kugelmann said the unidentified company, based in the state, had failed to properly implement controls mandated by the 11-month-old General Data Protection Regulation, making it possible for data breaches to occur.
Kugelmann's office has been investigating the company, which handles sensitive health records, since January following a complaint that it had violated the GDPR. The rules impose stricter conditions on entities handling sensitive data.
In an interview with MLex, Kugelmann said the German company may decide to appeal the decision, especially if the regulator hands it a large fine. Under the GDPR, fines can be up to 20 million euros ($23 million) or 4 percent of a company's global turnover, whichever is larger.
The regulator said he wasn't disclosing the name of the company as the procedure is ongoing. But the probe concerned "a pile of data breaches," including denying individuals access to data that the company holds about them.
"In this case, the core point is that the enterprise says that [there] has been a small fault [and that] only a limited number of people are concerned," Kugelmann said. "But the whole organization is lacking the correct structure. The reason why the breach happened is a lack of technical implementations of the GDPR structure."
"The core difference, finally, is: Is it only a single case concerning limited persons, or is it a case showing that the whole enterprise is organized in the wrong way, not in line with the GDPR, IT security and data protection compliance aspects?"
This logic reflects the Rhineland-Palatinate authority's approach to enforcing data-protection compliance at big enterprises: "They really have to take care about compliance, more than smaller firms," Kugelmann said.
His office is responsible for regulating the data-processing activities of 210,000 companies in the western German state, many of which are in the chemical, pharmaceutical, automotive and machinery industries. Major businesses include chemical maker BASF, drugmaker Boehringer Ingelheim and Internet-services company United Internet.
Kugelmann said imposing sanctions on big players was in part a prevention tactic to get smaller companies to comply with the law.
03 Aug 2020 9:29 pm by Ana Paula CandilCompanies are pressuring Brazilian lawmakers to delay implementation of the nation's data-protection law from Aug. 16 until next May.
Biggest cyberattack ever caused $15 billion loss to customers of companies directly hit, though banks softened impact, study says31 Jul 2020 12:00 pm by Neil RolandThe most damaging cyberattack ever in 2017, caused a $15 billion loss to customers of companies directly hit, a federal study said.
International companies more prepared than local companies for Brazilian data protection law, Alves says30 Jul 2020 11:00 am by Ana Paula CandilInternational companies are much more prepared for Brazil's new data protection law than Brazilian firms because they already comply with similar legislation.