Norway's data protection authority, the Datatilsynet, fined U.S.-based Argon Medical Devices 2.5 million kroner for failing to report a July 2021 data breach within the 72-hour deadline required by the EU General Data Protection Regulation. "This case is an important reminder that data controllers — including those established outside the (European Economic Area) — must have suitable measures in place to be able to immediately determine whether a breach of personal data security has taken place, and to immediately notify the supervisory authority and the data subject," the DPA said.
22 March 2023
Norway's DPA fines medical device company for breach notification violation
Related stories
Notes from the IAPP Canada: CPS25 highlights privacy, AI, cybersecurity evolution
A view from DC: The FTC's next priorities
Developers prepare for uncertainty, look to prior regulations with AI Act coming online
Notes from the Asia-Pacific region: China ramps up AI governance
Preparing your company for a financing round: A privacy action plan
