gavel-3577254_1280-1-e1558538889934-634x360

Norwegian DPA issues GDPR fine to toll company

2021-10-01T15:43:00+01:00

No comments

Norway’s data protection authority, Datatilsynet, has imposed a financial penalty of NOK 5 million on the Norwegian toll company Ferde.

Through a news report, the Datatilsynet became aware that Ferde AS was transferring information related to passages in toll rings to a data processor in China.

An investigation discovered that Ferde AS had violated a number of basic obligations under the Privacy Ordinance for a period of between 1-2 years. The Privacy Ordinance requires that Ferde AS, as the data controller, document that they have implemented a number of measures to ensure that the personal data is processed in a sufficiently good manner.

In its investigations, the Data Inspectorate has revealed that Ferde AS lacked both a data processor agreement , a risk assessment and a transfer basis for the processing of personal data about motorists in China. These are all key obligations under the privacy regulations, and must be in place before the relevant processing of personal data can take place.

“This is a serious matter. The purpose of having these instruments in place is to set the framework for the handling of personal data, to identify possible weaknesses in the system and to ensure the secure and confidential processing of the data,” explained Bjørn Erik Thon, director of the Norwegian Data Protection Authority.

”The company has also transferred personal data to China, and a large number of people are affected. That is why we have now given such a large infringement fee.”

A large infringement fee of NOK 5 million has been imposed.

Topics

No comments

News
Euro politicians question UK’s Data Protection Bill compatibility with GDPR

2024-02-28T09:25:00Z By GRC World Forums

Paul Tang, a Member of the European Parliament, has raised concerns about the UK’s new Data Protection and Digital Information Bill (DPDI) and its potential to undermine elements of the GDPR.
News
Italian city first to receive fine for AI privacy violations

2024-01-29T15:27:00Z By GRC World Forums

The data privacy regulator in Italy has imposed a €50,000 fine on Trento for violating laws regarding the northern city’s use of artificial intelligence (AI) in urban surveillance schemes.
Video
ChatGPT: the data privacy nightmare?

2023-12-19T06:06:00Z

Within two months of its release, it reached 100 million active users, making it the fastest-growing consumer application ever launched.

No comments yet

You're not signed in.

Only registered users can comment on this article.

More from GDPR

Feature
Five years of GDPR - what does the dawn of AI mean for data privacy regulations?

2023-05-25T14:43:00Z By GRC World Forums

May 25, 2018 saw the introduction of the EU’s General Data Protection Regulation (GDPR), a ground-breaking legal framework that set new standards on how organisations both within and beyond EU borders obtain, process and store personal data.
News
Meta faces GDPR penalty on top of order to halt data transfers

2023-05-03T15:02:00Z

Meta is getting ready for the cessation of its EU-U.S. data transfers, as well as a fine for violating the EU General Data Protection Regulation, according to filings made with the U.S. Securities and Exchange Commission.
News
Potential cost increase to access EU markets due to new UK data law

2023-04-24T09:38:00Z

Proposed data regulations in the UK, currently awaiting approval from Parliament, may fall short of Europe’s GDPR standards.

Norwegian DPA issues GDPR fine to toll company

Topics

Related articles

Euro politicians question UK’s Data Protection Bill compatibility with GDPR

Italian city first to receive fine for AI privacy violations

ChatGPT: the data privacy nightmare?

No comments yet

Only registered users can comment on this article.

More from GDPR

Five years of GDPR - what does the dawn of AI mean for data privacy regulations?

Meta faces GDPR penalty on top of order to halt data transfers

Potential cost increase to access EU markets due to new UK data law