In fall 2018, Denmark’s data protection authority, Datatilsynet, performed an audit of taxi company Taxa 4x35. The agency found Taxa had implemented a data retention policy but had failed to follow it, as it held onto the personal information related to about 9 million taxi rides beyond the lawful two-year retention policy. The DPA fined Taxa $180,000 for violations of Article 5 of the EU General Data Protection Regulation. In this piece for The Privacy Advisor, Andrew Chappell, CIPP/US, looks at how the Danish DPA’s fine could offer guidance on Article 5 enforcement going forward.
If you want to comment on this post, you need to login.