CJEU rules that a supervisory authority is not required to exercise a corrective power in all cases of breach of the GDPR
The Court of Justice of the European Union has ruled in the case of Case C-768/21 | Land Hessen. A German savings bank found that one of its employees had accessed a customer’s personal data on several occasions without authorisation. The savings bank did not inform the customer of this, as its data protection officer…