6 February 2025
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key … Administrative fine,Data subject rights, Personal data breach, Principles relating to processing of personal data, …
8 September 2022
… Supervisory Authority fines Enel Energie Muntenia S.A. for breaching Article 32 GDPR 8 September 2022 Romania … of processing (Article 32). Notification of a personal data breach to the supervisory authority (Article 33). … Infringement of the GDPR, Corrective measures. Key words: Data breach, security of processing. Summary of the …
4 March 2022
… (Art. 32) and Principles relating to processing of personal data (Art. 5) Decision: Infringement of the GDPR and fine … of the case The Norwegian parliament – the Storting – had a data breach in late 2020. In January 2022, the Norwegian … (Art. 32) and Principles relating to processing of personal data (Art. 5) Decision: Infringement of the GDPR and fine …
4 November 2024
… Article 9 (Processing of special categories of personal data) Decision: Administrative fine Key words: Lawfulness … penalty of NOK 250,000 to Eidskog Municipality for breach of the requirements for a legal basis in the General Data Protection Regulation. Key findings The Norwegian …
6 February 2025
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data), Article 28 (Processor), Article 34 (Communication of a personal data breach to the data subject), Article 33 (Notification of a …
18 September 2023
… Excessive data collection and lack of cooperation: the French SA … Article 5 (Principles relating to processing of personal data), Article 9 (Processing of special categories of … of data. Key Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation …
13 October 2022
… Article 9 (processing of special categories of personal data, including health data); Article 12 (transparent information, communication … fine and order to comply) Key words: GDPR, data breach, App, health data, lawfulness, fairness and … Article 9 (processing of special categories of personal data, including health data); Article 12 (transparent …
11 December 2020
… University failed to sufficiently protect sensitive personal data 11 December 2020 Sweden Umeå University has processed special categories of personal data concerning sexual life and health through, amongst … for failing to report the incident as a personal data breach. Since 25 May 2018, organisations are obliged to …
21 February 2022
… for Privacy Protection (IMY) fines Region Uppsala for breaches in its security 21 February 2022 Sweden Background … for Privacy Protection (IMY) has received two personal data breach notifications from Region Uppsala. The data breaches concern sensitive personal data sent without …
28 November 2024
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … processing), Article 34 (Communication of a personal data breach to the data subject). Decision: Administrative fine, …
12 October 2023
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 14 … processing), Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
16 May 2019
… reference Article 6 (Lawfulness of processing) Keywords Data security Lawfulness of processing Personal data breach Outcome No violation Summary 87.7KB Изтегляне … Decision: No liability of the processor Key words: Data breach, Lawfulness of processing, Security of …
18 November 2025
… SAMARITAINE SAS Legal Reference: obligation to process data lawfully and breach of the principle of liability (articles 5-1-a) and … GDPR); Failure to collect adequate, relevant and necessary data (article 5-1-c) of the GDPR); Failure to involve the … SAMARITAINE SAS Legal Reference: obligation to process data lawfully and breach of the principle of liability …
28 March 2022
… to object and unlawful processing of employee’s personal data 28 March 2022 Greece Background information Date of … Article 13: Information to be provided where personal data are collected from the data subject. Article 21: Right … and that the processing in question was carried out in breach of the provisions of Articles 5(1)(f)(a), 5(2) and 13 …
… Guidelines During its first plenary meeting the European Data Protection Board endorsed the GDPR related WP29 … of Regulation 2016/679, WP251rev.01 Guidelines on Personal data breach notification under Regulation 2016/679, WP250 rev.01 … During its first plenary meeting the European Data Protection Board endorsed the GDPR related WP29 …
6 February 2025
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data), Article 28 (Processor) Decision: Administrative fine, … administrative fine, Data subject rights, Personal data breach, Principles relating to processing of personal data, …
12 February 2021
… that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using Clearview AI to identify individuals. … that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using …
18 August 2020
… fine for Rælingen municipality The Norwegian Data Protection Authority has imposed an administrative fine … 47,500 to Rælingen Municipality. The fine is imposed after data concerning health of children with special needs was … started when we received a notification of a personal data breach from the municipality. Upon further investigation of …
7 May 2025
… Polish SA: lack of procedures to protect personal data processed by the press - administrative fine of 13 500 … fine, Compliance order Key words: Administrative fine, Data security, Encryption, Personal data breach, Data subject rights Summary of the Decision …
2 July 2019
… 32 (4) in relation to Article 32 (1) and (2) of the General Data Protection Regulation in respect of the security of processing. The data controller, WORLD TRADE CENTER BUCHAREST S.A., was … to a fine of 71028 lei, the equivalent of 15,000 Euros. The breach of personal data security consisted in the fact that …