Norway's DPA fines medical device company for breach notification violation

Norway's DPA fines medical device company for breach notification violation
Norway's data protection authority, the Datatilsynet, fined U.S.-based Argon Medical Devices 2.5 million kroner for failing to report a July 2021 data breach within the 72-hour deadline required by the EU General Data Protection Regulation. "This case is an important reminder that data controllers — including those established outside the (European Economic Area) — must have suitable measures in place to be able to immediately determine whether a breach of personal data security has taken place, and to immediately notify the supervisory authority and the data subject," the DPA said.

https://iapp.org/news/a/norwegian-dpa-fines-medical-device-company-for-breach-notification-violation