29 November 2019
… mentioned in Article 83 paragraph (5) letter a) of GDPR – fine in the amount of 2389.05 lei, the equivalent of … mentioned in Article 83 paragraph (5) letter b) of GDPR – reprimand; for the contravention found pursuant to … mentioned in Article 83 paragraph (4) letter a) of GDPR – reprimand. The sanctions were imposed following a …
17 May 2023
… Findings The French SA has identified four breaches of the GDPR and a breach of the French Data Protection Act by … the purposes for which they are processed (Article 5.1(e) GDPR) Failure to obtain consent from individuals to collect their health data (Article 9 GDPR) Failure to provide a formal legal framework for the …
… dozorovým úřadům za účelem urovnání sporů při prosazování GDPR. Takové spory mohou nastat, pokud dozorové úřady … osobních údajů a návrhů právních předpisů (článek 70 GDPR). V některých případech vydává EDPB společná stanoviska … dozorových úřadů v přeshraničních záležitostech (článek 64 GDPR). Pokud úřady nerespektují stanovisko vydané EDPB, může …
2 February 2024
… be lawful only if it has a legal basis under Article 6(1) GDPR. Where the processing also involves special categories … the controller must have a legal basis under Article 6(1) GDPR and the processing must also comply with one of the situations set out in Article 9(2) GDPR. The Company’s reply to the request of access contained …
12 September 2022
… Right to object (Article 21) Decision: Infringement of the GDPR, Administrative fine Key words: Unlawful processing, … rights, in breach of the provision of Article 12(2) of the GDPR, and that the processing in question took place without … of the provisions of Articles 5(1)(a), 5(2) and (6) of the GDPR. Decision The Hellenic SA imposed a fine of EUR …
26 January 2023
… The principle of accountability (Article 5(2) of the GDPR), lawfulness of processing (Article 6(1) of the GDPR) Summary of the Decision Origin of the case The … of such measures must comply with the requirements of the GDPR. In the light of the principle of accountability …
16 September 2022
… Reference: data retention periods (Article 5.1.e of the GDPR), security of personal data (Article 32 of the GDPR) Decision: infringement of the GDPR, Administrative fine Key words: website, data retention … Reference: data retention periods (Article 5.1.e of the GDPR), security of personal data (Article 32 of the GDPR) …
18 September 2023
… Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation (Article 5(1)(c) of the GDPR) Infringement of the ban on processing sensitive data (Article 9 of the GDPR) A breach of the ban on processing personal data … Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation (Article 5(1)(c) …
13 October 2022
… Controller: US Company – Senseonics INC Legal Reference: GDPR Article 5, para 1 letters a), b) and f) (lawfulness, … in the Union) Decision: finding of infringements of the GDPR (imposition of administrative fine and order to comply) Key words: GDPR, data breach, App, health data, lawfulness, fairness …
8 February 2023
… Article 83 (1-3), Article 83 (4) (a), Article 83 (5) (a) GDPR (General conditions for imposing administrative fines), Article 5 (1) (f) and (2) GDPR (Principles relating to processing of personal data), Article 24 (1) GDPR (Responsibility of the controller), Article 25 (1) …
19 January 2024
… founded that the data controller infringed Article 12(3) of GDPR, because it failed to inform the Data Subject of the … transparent data processing according to Article 5(1)(a) of GDPR as the Data Subject could not see what additional data, … data. The Hungarian SA has also found that Article 5(2) of GDPR cannot be regarded as a provision requiring mandatory …
19 January 2023
… Legal references: Article 83 (1-3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 24 (1) GDPR (Responsibility of the controller), Article 25 (1) (2) … protection by design and by default), Article 32 (1) (2) GDPR (Security of processing), Article 5 (1) (e) (f) and (2) …
7 February 2023
… Legal references: Article 83 (1- 3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 28 (1) (3) and (9) GDPR (Processor), Article 33 (1) GDPR (Notification of a personal data breach to the … Legal references: Article 83 (1- 3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), …
18 November 2025
… the principle of liability (articles 5-1-a) and 5-2 of the GDPR); Failure to collect adequate, relevant and necessary data (article 5-1-c) of the GDPR); Failure to involve the Data Protection Officer in … to the protection of personal data (article 38-1 of the GDPR) Decision: administrative fine Key words: CCTV cameras, …
10 September 2025
… National case Controller: Vodafone S.A Legal References: GDPR: Article 5.1.d Principle of accuracy GDPR: Article 28: Processor GDPR: Article 29: Processing under the authority of the … National case Controller: Vodafone S.A Legal References: GDPR: Article 5.1.d Principle of accuracy GDPR: Article 28: …
14 January 2020
… as a controller had complied with the requirements of the GDPR and that its internal policies and regulations provided … had a legal right under Articles 5(1) and 6(1)(f) of the GDPR to carry out an internal investigation searching and … in his corporate PC. Following the finding that the GDPR had been infringed, the Authority decided in this …
26 April 2024
… of Reykjavík infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to ensure that data is not further processed …
21 April 2022
… Rescue team Legal Reference: Article 5 § 1 c) of the GDPR; Article 6 of the GDPR; Article 9 of the GDPR; Article 12 combined with 13 §1 c) of the GDPR; … Rescue team Legal Reference: Article 5 § 1 c) of the GDPR; Article 6 of the GDPR; Article 9 of the GDPR; Article …
14 March 2018
… their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory … their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory …
15 December 2020
… Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International … found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to … Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through …