EsqSocial

On 31 March 2021 the Dutch Data Protection Authority (DPA) announced that it fined the online reservation platform Booking.com €475,000 for failing to notify the DPA of a data breach within the timeline established in the GDPR. The decision signals European regulators’ growing scrutiny of how companies exercise discretion in incident response decisions. Recently, Goodwin reported on the Irish Data Protection Commissioner’s fine on Twitter for similarly not meeting data breach notice timing...
By: Goodwin