Regulatory Updates

Newsletter – September 2020

Brazil: Extension of two months granted for suspension of employment contracts and one month for reduction of wages and hours of employees.

Canada: Effective from July 1, 2020, British Columbia has introduced PST at a rate of 7% on digital services provided by non-resident businesses to the consumers residing in B.C. province.

China: ‘Local HR agencies’ in Beijing will no longer be able to provide social insurance and housing fund payment services on behalf of the client due to the recent restrictions imposed by Beijing social insurance authorities.

Hong Kong: Hong Kong to amend employment laws; Maternity leave to be increased from 10 weeks to 14 weeks

India: Extension of AGM till December 31, 2020 for year ended on March 31, 2020 without filing Form GNL-1.

Ireland: VAT rate stands reduced from 23% to 21% from September 1, 2020 to February 28, 2021.

Singapore: Companies including foreign companies that were required to maintain Register of Registrable Controllers (RORC) will now be required to file the RORC report with the Singpaore Company Registry (ACRA) by Sept 29, 2020.

CountryGDPR Fines
BelgiumThe Belgian Data Protection Authority has fined “Google” a fine of “EUR 600,000”  for not complying with European rules on a person’s “right to be forgotten” online  
DenmarkThe Danish data protection authority (‘Datatilsynet‘) fined “PrivatBo AmbA”, a fine of “DKK 150,000” for violation of Article 32 of the General Data Protection Regulation i.e. for transferring confidential information without appropriate technical and organisational security measures.
The Danish Data Protection authority (‘Datatilsynet‘) fined “Arp-Hansen” a sum of” DKK 1,100,000” for violation of GDPR i.e. not deleting personal data of approx. 500,000 customer profiles in line with the companies own deletion deadlines
FranceCommission Nationale de l’Informatique et des Libertés (CNIL) imposes fine of “EUR 250,000” on “SPATROO” for violation of several GDPR regulations such as ensuring data protection, obligation to limit the retention period of records/data etc. CNIL has also ordered to impose per day penalty of EUR 250 for delay in case of non-compliance of the order of authority within specified period.
NetherlandsThe Dutch Data Protection Authority fined “Stichting Bureau Krediet Registratie”, a fine of “EUR 830,000” for charging access request fees to data subjects for accessing personal data
NorwayNorwegian data protection authority (Datatilsynet) fines “Rælingen municipality” a fine of “NOK500,000” for inadequate security measures as per GDPR and failure to conduct Data Protection Impact Assessment.
SpainThe Spanish Data Protection Authority fined “Vodafone” a fine of “EUR 75,000” for unlawful processing of telephone number after erasure request

The Spanish Data Protection Authority fined “Vodafone España”  a fine of “EUR 60,000” for acting on client’s behalf without their consent and a fine of “EUR 100,000” for continued communications after data deletion request

The Spanish Data Protection Authority fined “Banco Bilbao Vizcaya Argentaria, SA” a fine of “EUR 24,000” for unlawful data processing , violating the General Data Protection Regulation
The Spanish Data Protection Authority fined “Iberia Lae” a fine of “EUR 40,000” for violating the right of access of the data subjects  under General Data Protection Regulation