8 June 2023
… The French SA has identified several infringements of the GDPR and a breach of the French Data Protection Act by KG … the personal data collected and used (Article 5.1.c GDPR) Failure to have a legal basis for the use of banking data (Article 6 GDPR) Failure to obtain prior consent to the collection of …
27 January 2025
… with Article 13 (1)(c)(e) and (f); and Article 13(2)(a) GDPR). Furthermore, customers did not receive sufficient … with Article 15 (1)(a)(c) and (d) and Article 15 (2) GDPR). These are violations of the GDPR. On several points, Netflix provided too little …
4 July 2025
… met TikTok’s transparency requirements as required by the GDPR. Key Findings The Irish SA found that that TikTok’s transfers to China infringed Article 46(1) GDPR because it failed to verify, guarantee and demonstrate … to that guaranteed within the EU. Article 13(1)(f) GDPR requires data controllers to provide data subjects with …
29 November 2019
… mentioned in Article 83 paragraph (5) letter a) of GDPR – fine in the amount of 2389.05 lei, the equivalent of … mentioned in Article 83 paragraph (5) letter b) of GDPR – reprimand; for the contravention found pursuant to … mentioned in Article 83 paragraph (4) letter a) of GDPR – reprimand. The sanctions were imposed following a …
14 January 2020
… as a controller had complied with the requirements of the GDPR and that its internal policies and regulations provided … had a legal right under Articles 5(1) and 6(1)(f) of the GDPR to carry out an internal investigation searching and … in his corporate PC. Following the finding that the GDPR had been infringed, the Authority decided in this …
23 September 2021
… National case Legal Reference: Information (Article 14 GDPR), Right of access by the data subject (Article 15 GDPR) Decision: Infringement of the GDPR, reprimand, and order to comply Summary of the Decision …
27 May 2018
… 2003 (see WP29 opinion of 2003 available here ). ICANN’s GDPR compliance process appears to have been formally … are concerned over the entry into application of the GDPR on 25 May 2018. The GDPR does not allow national supervisory authorities nor the …
17 May 2023
… Findings The French SA has identified four breaches of the GDPR and a breach of the French Data Protection Act by … the purposes for which they are processed (Article 5.1(e) GDPR) Failure to obtain consent from individuals to collect their health data (Article 9 GDPR) Failure to provide a formal legal framework for the …
22 April 2021
… implementing decision pursuant to Regulation (EU) 2016/679 (GDPR) on the adequate protection of personal data in the … Kingdom Guidelines on the application of Article 65(1)(a) GDPR Guidelines on the targeting of social media users … implementing decision pursuant to Regulation (EU) 2016/679 (GDPR) on the adequate protection of personal data in the …
16 December 2020
… adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft … consistency mechanism Further information on the Art. 65 GDPR procedure is available here … The EDPB adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft …
4 January 2021
… period Information note on data transfers under the GDPR after the Brexit transition period Guidelines on restrictions of data subject rights under Article 23 GDPR - version for public consultation Guidelines on the … of the Second Payment Services Directive (PSD2) and the GDPR (following public consultation) Guidelines on articles …
7 February 2023
… Legal references: Article 83 (1- 3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 28 (1) (3) and (9) GDPR (Processor), Article 33 (1) GDPR (Notification of a personal data breach to the …
18 September 2023
… Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation (Article 5(1)(c) of the GDPR) Infringement of the ban on processing sensitive data (Article 9 of the GDPR) A breach of the ban on processing personal data …
29 March 2023
… Legal Reference: Data minimisation (article 5.1.c of the GDPR), Contractual framework between the controller and processors (article 28.3 of the GDPR), Inform and collect user consent before writing and … French Data Protection Act) Decision: Infringement of the GDPR, Infringement of the French Data Protection Act, …
12 September 2022
… Right to object (Article 21) Decision: Infringement of the GDPR, Administrative fine Key words: Unlawful processing, … rights, in breach of the provision of Article 12(2) of the GDPR, and that the processing in question took place without … of the provisions of Articles 5(1)(a), 5(2) and (6) of the GDPR. Decision The Hellenic SA imposed a fine of EUR …
26 April 2024
… of Reykjavík infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to ensure that data is not further processed …
15 December 2020
… Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International … found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to … Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through …
10 September 2025
… National case Controller: Vodafone S.A Legal References: GDPR: Article 5.1.d Principle of accuracy GDPR: Article 28: Processor GDPR: Article 29: Processing under the authority of the …
20 February 2020
… (SAs) contributed to the evaluation and review of the GDPR as required by Art. 97 GDPR . The EDPB is of the opinion that the application of the GDPR in the first 20 months has been successful. Although …
13 December 2019
… 12 and 13 of the General Data Protection Regulation (GDPR); the infringement of Article 5 paragraph (1) letter c), Article 6 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letter c), Article 9 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letters …