Search results | European Data Protection Board

The French SA fines the economic interest group INFOGREFFE EUR 250000
16 September 2022
News
… Reference: data retention periods (Article 5.1.e of the GDPR), security of personal data (Article 32 of the GDPR) Decision: infringement of the GDPR, Administrative fine Key words: website, data retention …
The Lithuanian SA adopted a decision on the processing of employee’s personal correspondence
26 January 2023
News
… The principle of accountability (Article 5(2) of the GDPR), lawfulness of processing (Article 6(1) of the GDPR) Summary of the Decision Origin of the case The … of such measures must comply with the requirements of the GDPR. In the light of the principle of accountability …
Excessive data collection and lack of cooperation: the French SA imposes a fine of 200.000 euros on SAF LOGISTICS
18 September 2023
News
… Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation (Article 5(1)(c) of the GDPR) Infringement of the ban on processing sensitive data (Article 9 of the GDPR) A breach of the ban on processing personal data …
Italian SA fines US company offering diabetes app
13 October 2022
News
… Controller: US Company – Senseonics INC Legal Reference: GDPR Article 5, para 1 letters a), b) and f) (lawfulness, … in the Union) Decision: finding of infringements of the GDPR (imposition of administrative fine and order to comply) Key words: GDPR, data breach, App, health data, lawfulness, fairness …
Long cooperation between controller and processor does not guarantee data security – an administrative fine imposed by the Polish SA
8 February 2023
News
… Article 83 (1-3), Article 83 (4) (a), Article 83 (5) (a) GDPR (General conditions for imposing administrative fines), Article 5 (1) (f) and (2) GDPR (Principles relating to processing of personal data), Article 24 (1) GDPR (Responsibility of the controller), Article 25 (1) …
Hungarian SA: deletion request in concerning an airline company
19 January 2024
News
… founded that the data controller infringed Article 12(3) of GDPR, because it failed to inform the Data Subject of the … transparent data processing according to Article 5(1)(a) of GDPR as the Data Subject could not see what additional data, … data. The Hungarian SA has also found that Article 5(2) of GDPR cannot be regarded as a provision requiring mandatory …
Polish SA imposed a fine on the Szczecin-Centrum District Court in Szczecin
19 January 2023
News
… Legal references: Article 83 (1-3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 24 (1) GDPR (Responsibility of the controller), Article 25 (1) (2) … protection by design and by default), Article 32 (1) (2) GDPR (Security of processing), Article 5 (1) (e) (f) and (2) …
Failure to notify a personal data breach as the main reason for a fine imposed on a housing association by the Polish SA
7 February 2023
News
… Legal references: Article 83 (1- 3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 28 (1) (3) and (9) GDPR (Processor), Article 33 (1) GDPR (Notification of a personal data breach to the …
Investigation regarding access to and inspection by the employer of an employee’s emails on a company server, illegal installation and operation of a closed-circuit video-surveillance system and infringement of the right of access
14 January 2020
News
… as a controller had complied with the requirements of the GDPR and that its internal policies and regulations provided … had a legal right under Articles 5(1) and 6(1)(f) of the GDPR to carry out an internal investigation searching and … in his corporate PC. Following the finding that the GDPR had been infringed, the Authority decided in this …
Greek SA: Imposition of fines on a telecommunications company and the data processor for personal data breach and insufficient security measures
10 September 2025
News
… National case Controller: Vodafone S.A Legal References: GDPR: Article 5.1.d Principle of accuracy GDPR: Article 28: Processor GDPR: Article 29: Processing under the authority of the …
Icelandic SA: the municipality of Reykjavík fined ISK 2,000,000 for the use of Google Workspace for Education
26 April 2024
News
… of Reykjavík infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to ensure that data is not further processed …
Temperature checks at Brussels Airport (Belgium) as part of the fight against COVID-19
21 April 2022
News
… Rescue team Legal Reference: Article 5 § 1 c) of the GDPR; Article 6 of the GDPR; Article 9 of the GDPR; Article 12 combined with 13 §1 c) of the GDPR; …
Irish Data Protection Commission announces decision in Twitter inquiry
15 December 2020
News
… Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International … found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to … Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through …
Romanian Supervisory Authority issues two fines each of 23,893 lei (EUR 5,000) against Entirely Shipping & Trading S.R.L.
13 December 2019
News
… 12 and 13 of the General Data Protection Regulation (GDPR); the infringement of Article 5 paragraph (1) letter c), Article 6 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letter c), Article 9 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letters …
First EDPB Art. 65 Decision
16 December 2020
News
… adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft … consistency mechanism Further information on the Art. 65 GDPR procedure is available here … The EDPB adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft …
Eighteenth EDPB Plenary Session
20 February 2020
Press releases
… (SAs) contributed to the evaluation and review of the GDPR as required by Art. 97 GDPR . The EDPB is of the opinion that the application of the GDPR in the first 20 months has been successful. Although …
EDPB adopted documents - 48th plenary
22 April 2021
News
… implementing decision pursuant to Regulation (EU) 2016/679 (GDPR) on the adequate protection of personal data in the … Kingdom Guidelines on the application of Article 65(1)(a) GDPR Guidelines on the targeting of social media users … implementing decision pursuant to Regulation (EU) 2016/679 (GDPR) on the adequate protection of personal data in the …
EDPB adopted documents - 42nd & 43rd plenary
4 January 2021
News
… period Information note on data transfers under the GDPR after the Brexit transition period Guidelines on restrictions of data subject rights under Article 23 GDPR - version for public consultation Guidelines on the … of the Second Payment Services Directive (PSD2) and the GDPR (following public consultation) Guidelines on articles …
EDPB publishes new register containing One-Stop-Shop decisions
25 June 2020
News
… following the One-Stop-Shop cooperation procedure (Art. 60 GDPR) on its website. Under the GDPR, Supervisory Authorities have a duty to cooperate on … information showcasing how SAs work together to enforce the GDPR in practice. The information in the register has been …
French SA fines Cityscoot 125 000€
29 March 2023
News
… Legal Reference: Data minimisation (article 5.1.c of the GDPR), Contractual framework between the controller and processors (article 28.3 of the GDPR), Inform and collect user consent before writing and … French Data Protection Act) Decision: Infringement of the GDPR, Infringement of the French Data Protection Act, …