Search results | European Data Protection Board

Dutch SA fines Transavia for poor personal data security
23 September 2021
News
… Article 32 (1) and (2) Decision: Infringement of the GDPR, administrative fine Key words: Security of processing, … Article 32 (1) and (2) Decision: Infringement of the GDPR, administrative fine Key words: Security of processing, …
Polish SA: administrative fine of 5 700 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Kutno for infringement of Articles 5, 24, 25, 28, 32 of the GDPR. An unencrypted pendrive with the personal data of … programme, for infringement of Articles 28 and 32 of the GDPR. For further information: decision in national language … Kutno for infringement of Articles 5, 24, 25, 28, 32 of the GDPR. An unencrypted pendrive with the personal data of …
The Norwegian SA imposes fine against Elektro & Automasjon Systemer AS
13 December 2021
News
… Legal basis (Article 6) Decision: Infringement of the GDPR declared and fine imposed, order to establish … Legal basis (Article 6) Decision: Infringement of the GDPR declared and fine imposed, order to establish …
Processing the personal data by a processor must be documented
20 December 2022
News
… that the processing of personal data complies with the GDPR. Key Findings Failure to verify the processor and its … that the processing of personal data complies with the GDPR. Key Findings Failure to verify the processor and its …
Polish SA: risk assessment and acting in accordance with established procedures counteract data loss
20 December 2022
News
… documentation since the beginning of the application of the GDPR and had performed a risk assessment. The controller was … documentation since the beginning of the application of the GDPR and had performed a risk assessment. The controller was …
Biometrics for attendance recording. The Italian SA fines a high school
15 July 2025
News
… Findings The Italian SA recalled that, according to the GDPR and the Italian Data Protection Code, the use of … Findings The Italian SA recalled that, according to the GDPR and the Italian Data Protection Code, the use of …
Codigo de conducta regulador del tratamiento de datos personales en los sistemas comunes de informacion del sector asegurador
15 September 2022
Other
… Spain Type Code for Controllers/Processors subject to GDPR Scope National Código de conducta regulador del …
Ivoclar Vivadent Group
23 July 2024
… 331.8KB German English Изтегляне Pre-GDPR No … Ivoclar Vivadent Group …
Decision of the Data Protection Commission made pursuant to Section 111 of the Data Protection Act, 2018 and Articles 60 and 65 of the General Data Protection Regulation
22 May 2023
Binding decision of the Board (Art. 65)
… Platforms Ireland Limited for its Facebook service (Art. 65 GDPR) … Decision of the Data Protection Commission made …
Second fine by the Romanian Supervisory Authority
2 July 2019
News
… the personal data breach provided by Article 33 of GDPR. The General Regulation on Data Protection establishes, … and updated where necessary.” Moreover, Recital (75) of GDPR states that: “The risk to the rights and freedoms of … the personal data breach provided by Article 33 of GDPR. The General Regulation on Data Protection establishes, …
CoC regulating the processing of personal data related to commercial information
29 April 2021
Other
… Italy Type Code for Controllers/Processors subject to GDPR Scope National Monitoring Body Organismo di …
CoC regulating credit assessment systems managed by private entities
6 October 2022
Other
… Italy Type Code for Controllers/Processors subject to GDPR Scope National Monitoring Body Organismo di …
‘Easy privacy information via icons? Yes, you can!’ The Italian DPA launches a contest calling for creative ideas from all quarters
14 April 2021
News
… in an information notice under Articles 13 and 14 of the GDPR. Proposals will be welcome until 30 May, 2021 and … in an information notice under Articles 13 and 14 of the GDPR. Proposals will be welcome until 30 May, 2021 and …
EDPB adopts final version of Guidelines on data subject rights - right of access
17 April 2023
News
… aligns the text of the Guidelines with the text of the GDPR, which does not provide for one-stop-shop for … aligns the text of the Guidelines with the text of the GDPR, which does not provide for one-stop-shop for …
Swedish SA: Administrative fine against the Equality Ombudsman when personal data was collected via a web form
15 July 2025
News
… The DO has violated the general data protection regulation (GDPR) by not having taken sufficiently effective security … The DO has violated the general data protection regulation (GDPR) by not having taken sufficiently effective security …
EDPBI:LT:OSS:D:2019:17
16 May 2019
… the relevant data breach as required by Art. 33 of the GDPR without providing a sufficient explanation of that …
Decision in the matter of Meta Platforms Ireland Limited and the "Instagram" social media network made pursuant to Section 111 of the Data Protection Act 2018
15 September 2022
Binding decision of the Board (Art. 65)
… Ireland Limited (Instagram) under Article 65(1)(a) GDPR … Decision in the matter of Meta Platforms Ireland …
CoC regulating the sector of telemarketing and tele-selling
7 March 2024
Other
… Italy Type Code for Controllers/Processors subject to GDPR Scope National Monitoring Body (website under …
Slovenian SA: launch of coordinated enforcement on role of data protection officers
… the position in their organisations required by Art. 37-39 GDPR and Chapter 6 of the Personal Data Protection Act and … the position in their organisations required by Art. 37-39 GDPR and Chapter 6 of the Personal Data Protection Act and …
Launch of coordinated enforcement on role of data protection officers
15 March 2023
News
… the position in their organisations required by Art. 37-39 GDPR and the resources needed to carry out their tasks, … on the role of data protection officers (EN) Italian SA: GDPR: focus dei Garanti europei sul ruolo dei responsabili … the position in their organisations required by Art. 37-39 GDPR and the resources needed to carry out their tasks, …