Search results

  • Hungarian SA: deletion request in concerning an airline company

    19 January 2024
    News
    … founded that the data controller infringed Article 12(3) of GDPR, because it failed to inform the Data Subject of the … transparent data processing according to Article 5(1)(a) of GDPR as the Data Subject could not see what additional data, … data.  The Hungarian SA has also found that Article 5(2) of GDPR cannot be regarded as a provision requiring mandatory …

  • Polish SA imposed a fine on the Szczecin-Centrum District Court in Szczecin

    19 January 2023
    News
    … Legal references: Article 83 (1-3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 24 (1) GDPR (Responsibility of the controller),  Article 25 (1) (2) … protection by design and by default),  Article 32 (1) (2) GDPR (Security of processing), Article 5 (1) (e) (f) and (2) …

  • Failure to notify a personal data breach as the main reason for a fine imposed on a housing association by the Polish SA

    7 February 2023
    News
    … Legal references: Article 83 (1- 3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 28 (1) (3) and (9) GDPR (Processor),  Article 33 (1) GDPR (Notification of a personal data breach to the … Legal references: Article 83 (1- 3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), …

  • Úkoly a povinnosti

    … dozorovým úřadům za účelem urovnání sporů při prosazování GDPR. Takové spory mohou nastat, pokud dozorové úřady … osobních údajů a návrhů právních předpisů (článek 70 GDPR). V některých případech vydává EDPB společná stanoviska … dozorových úřadů v přeshraničních záležitostech (článek 64 GDPR). Pokud úřady nerespektují stanovisko vydané EDPB, může …

  • Investigation regarding access to and inspection by the employer of an employee’s emails on a company server, illegal installation and operation of a closed-circuit video-surveillance system and infringement of the right of access

    14 January 2020
    News
    … as a controller had complied with the requirements of the GDPR and that its internal policies and regulations provided … had a legal right under Articles 5(1) and 6(1)(f) of the GDPR to carry out an internal investigation searching and … in his corporate PC. Following the finding that the GDPR had been infringed, the Authority decided in this …

  • Hidden cameras: the CNIL fined the SAMARITAINE EUR 100 000 for concealing cameras in the store’s reserves

    18 November 2025
    News
    … the principle of liability (articles 5-1-a) and 5-2 of the GDPR); Failure to collect adequate, relevant and necessary data (article 5-1-c) of the GDPR);  Failure to involve the Data Protection Officer in … to the protection of personal data (article 38-1 of the GDPR) Decision: administrative fine Key words: CCTV cameras, …

  • Greek SA: Imposition of fines on a telecommunications company and the data processor for personal data breach and insufficient security measures

    10 September 2025
    News
    … National case Controller: Vodafone S.A Legal References: GDPR: Article 5.1.d Principle of accuracy GDPR: Article 28: Processor GDPR: Article 29: Processing under the authority of the … National case Controller: Vodafone S.A Legal References: GDPR: Article 5.1.d Principle of accuracy GDPR: Article 28: …

  • EDPB - Our Mission

    14 March 2018
    … their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory … their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory …

  • Icelandic SA: the municipality of Reykjavík fined ISK 2,000,000 for the use of Google Workspace for Education

    26 April 2024
    News
    … of Reykjavík infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to ensure that data is not further processed …

  • Temperature checks at Brussels Airport (Belgium) as part of the fight against COVID-19

    21 April 2022
    News
    … Rescue team     Legal Reference: Article 5 § 1 c) of the GDPR; Article 6 of the GDPR; Article 9 of the GDPR; Article 12 combined with 13 §1 c) of the GDPR; … Rescue team     Legal Reference: Article 5 § 1 c) of the GDPR; Article 6 of the GDPR; Article 9 of the GDPR; Article …

  • Romanian Supervisory Authority issues two fines each of 23,893 lei (EUR 5,000) against Entirely Shipping & Trading S.R.L.

    13 December 2019
    News
    … 12 and 13 of the General Data Protection Regulation (GDPR); the infringement of Article 5 paragraph (1) letter c), Article 6 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letter c), Article 9 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letters …

  • Irish Data Protection Commission announces decision in Twitter inquiry

    15 December 2020
    News
    … Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International … found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to … Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through …

  • Eighteenth EDPB Plenary Session

    20 February 2020
    Press releases
    … (SAs) contributed to the evaluation and review of the GDPR as required by Art. 97 GDPR . The EDPB is of the opinion that the application of the GDPR in the first 20 months has been successful. Although … (SAs) contributed to the evaluation and review of the GDPR as required by Art. 97 GDPR . The EDPB is of the …

  • EDPBI:UK:OSS:D:2019:31

    3 August 2019
    … of Article 5 of the General Data Protection Regulation (‘GDPR’) requires that the personal data processed by … controller did not comply with its obligations under the GDPR as it did not take sufficient action to assure itself …

  • EDPB publishes new register containing One-Stop-Shop decisions

    25 June 2020
    News
    … following the One-Stop-Shop cooperation procedure (Art. 60 GDPR) on its website. Under the GDPR, Supervisory Authorities have a duty to cooperate on … information showcasing how SAs work together to enforce the GDPR in practice. The information in the register has been …

  • EDPB adopted documents - 42nd & 43rd plenary

    4 January 2021
    News
    … period Information note on data transfers under the GDPR after the Brexit transition period Guidelines on restrictions of data subject rights under Article 23 GDPR - version for public consultation Guidelines on the … of the Second Payment Services Directive (PSD2) and the GDPR (following public consultation) Guidelines on articles …

  • EDPBI:DEHE:OSS:D:2020:111

    4 June 2020
    … against – Lawfulness of the processing (Article 6 GDPR) IMI A56ID: 81381 IMI Case: 92167 IMI A60DD: 92290 IMI … with the data minimization principle (Article 5(1) lit. c GDPR). Besides, the Belgian DPA wondered whether or not an … to minimize data in accordance with Article 5(1) lit. c GDPR. request to submit a selfie with photo identification …

  • Polish SA imposed a fine for processing without legal basis

    30 November 2022
    News
    … case: National case Legal references: Article 6 (1) GDPR (Lawfulness of processing), Article 5 (1) (a) GDPR (Principles relating to processing of personal data),  Article 9 (1) and (2) GDPR (Processing of special categories of personal data),  … case: National case Legal references: Article 6 (1) GDPR (Lawfulness of processing), Article 5 (1) (a) GDPR

  • Failure of an airline company to inform the data subject of completion of erasure request, failure of transparency obligations

    12 March 2024
    News
    … SA founded that the data controller infringed Article 12(3) GDPR because it failed to inform the Data Subject of the … of transparent data processing according to Article 5(1)(a) GDPR as the Data Subject could not see what additional data, … data. The Hungarian SA has also found that Article 5(2) GDPR cannot be regarded as a provision requiring mandatory …

  • French SA fines Cityscoot 125 000€

    29 March 2023
    News
    … Legal Reference: Data minimisation (article 5.1.c of the GDPR), Contractual framework between the controller and processors (article 28.3 of the GDPR), Inform and collect user consent before writing and … French Data Protection Act) Decision: Infringement of the GDPR, Infringement of the French Data Protection Act, …