1 March 2023
… (Article 12(1), Article 13) Decision: Infringement of the GDPR, Order to comply, Administrative fine Key words: … data is collected through the Websites. The practical GDPR compliance of the cookie consent management system … the Websites if such processing was made compliant with the GDPR. An administrative fine was also issued in HUF equal to …
27 June 2023
… lawful ground for all processing operations (Article 6 (1) GDPR) Failure to comply with the obligation to process … fairly and in a transparent manner (Article 5(1)(a) GDPR) Decision No provision that clearly stipulates the … data unlawfully and against Articles 5(1)(a) and 6(1) GDPR, as the agency could not rely on any legal basis. …
5 August 2020
… breach or to mitigate its adverse effects (Art. 33 (3) (d) GDPR) The passwords of the affected accounts have been … or public communi- cation (Art. 34(1) or Art. 34(3) (c) GDPR) The controller has notified all data subjects and … the incident occurred, e.g. encryption (Article 34 (3) (a) GDPR) No particular measures beyond the standard IT security …
… According to the General Data Protection Regulation (GDPR), public authorities and certain businesses are obliged … DPOs have the role and position required by Articles 37-39 GDPR and the resources needed to carry out their tasks. The … According to the General Data Protection Regulation (GDPR), public authorities and certain businesses are obliged …
17 October 2023
… In its decision, IMY states that H&M has violated the GDPR by not ceasing to handle the complainants' personal … 28 500 EUR) against the company for violations of the GDPR. For further information: H&M har gjort det onödigt … In its decision, IMY states that H&M has violated the GDPR by not ceasing to handle the complainants' personal …
22 November 2021
… data subject (Article 34(1)) Decision: Infringement of the GDPR, fine imposed, order to comply Key words: Obligation to … — it did not meet the requirements set out in the GDPR. Key Finding In the course of the case, it turned out … by the breach in the manner set out in Art. 34(2) of the GDPR. For further information: …
16 September 2021
… “Luigi Bocconi” University in Milan Legal Reference: GDPR: Article 5 para. 1, letters a), c) and e) (lawfulness, … category data) Decision: Finding of infringements of GDPR; imposition of administrative fine and corrective … data without a lawful legal basis pursuant to Article 9 GDPR. The students’ consent could not be relied upon by the …
20 February 2019
… of Article 32 of the General Data Protection Regulation (GDPR) and, in terms of Article 21 of the Data Protection Act … account the circumstances set out under Article 83.2 of the GDPR. The temporary ban imposed on the Authority’s portal … of Article 32 of the General Data Protection Regulation (GDPR) and, in terms of Article 21 of the Data Protection Act …
13 October 2020
… IP address, refers to Art. 6 para. 1 sentence 1 lit. f GDPR. sees the legitimate interest in the processing of … attacks, in particular to meet the requirements of Art. 32 GDPR and § 13 para. 7 TMG. Furthermore, the method aims at … risks" in the sense of Art. 6 para. 1 sentence 1 lit. f GDPR. 3 III. Legal assessment The Brandenburg Commissioner …
1 February 2021
… and fathers-to-be in Belgium, for various breaches of the GDPR. Family Service is a marketing company that … of 50,000 euro, and ordered the company to comply with the GDPR. Given the size of the company, this is a considerable … model of Family Service is clearly not compliant with the GDPR. To read the decision (in Dutch) click here . For …
22 July 2021
… Urgent Binding Decision on the request under Article 66(2) GDPR from the Hamburg Supervisory Authority for ordering the … Urgent Binding Decision on the request under Article 66(2) GDPR from the Hamburg Supervisory Authority for ordering the …
11 March 2020
… 7 million euro) on Google for failure to comply with the GDPR. Google as a search engine operator has not fulfilled … against Google. – The General Data Protection Regulation, GDPR, increases the level of responsibility for … or superfluous. This right was strengthened with the GDPR entering into force 25th May 2018. The right is however …
7 June 2023
… a legally binding decision on the basis of Art. 65(1)(a) GDPR. Following public consultation, the guidelines were … of the EDPB Guidelines on the application of Art. 60 GDPR and changes to the EDPB Rules of Procedure. In … a legally binding decision on the basis of Art. 65(1)(a) GDPR. Following public consultation, the guidelines were …
5 August 2020
… breach or to mitigate its adverse effects (Art. 33 (3) (d) GDPR) Both the document and the entry were deleted. … or public communi- cation (Art. 34(1) or Art. 34(3) (c) GDPR) The data subjects concerned were informed in writing … the incident occurred, e.g. encryption (Article 34 (3) (a) GDPR) This was not a technical error. 6. Subsequent measures …
28 October 2021
… Trasporto Passeggeri Emilia Romagna S.p.A. Legal Reference: GDPR: Article 5 (Principles applying to personal data … remote surveillance) Decision: Finding of infringements of GDPR and Italian law, imposition of administrative fine Key … out in this respect by national law pursuant to Article 88 GDPR – namely, either an ad-hoc agreement with trade unions …
26 January 2023
… Legal references: The right of access to data (Art. 15 of GDPR) Decision: The complaint was upheld Summary of the … processed in accordance with the procedure laid down in the GDPR, and during the conversations requested, only those … to be an improper implementation of Article 15(3) of the GDPR. For further information: Išnagrinėjus skundą …
13 May 2021
… and contravened Article 6(1) and Article 5(1)(a) of the GDPR. The recordings had already been handed over to the … previous legislation The infringement occurred before the GDPR went into effect on 20 July 2018. The fine was … and contravened Article 6(1) and Article 5(1)(a) of the GDPR. The recordings had already been handed over to the …
13 July 2020
… breach or mitigate its adverse effects (Art. 33 (3) (d) GDPR) The company hired a forensics firm to identify network … or public com- munication (Art. 34 (1) or Art. 34 (3) (c) GDPR) The concerned data subjects were informed of the … incident occurred, e.g. encryption (Arti- cle 34 (3) (a) GDPR) - 3 - The stolen passwords were hashed with PBKDF2-SHA …
25 March 2019
… 4x35 for a total of DKK 1. 2 million for a breach of the GDPR. Taxa 4x35 could be fined for failure to delete … Agency proposes a fine in accordance with the rules of the GDPR. 8.873.333 taxi trips In the autumn of 2018, the Danish … only because the company’s system makes compliance with the GDPR burdensome. “We have opted for a fine in this case. …
22 June 2021
… for violation of the General Data Protection Regulation (GDPR). This case concerns insufficient risk assessment and … that the bank did not meet the requirements of the GDPR for risk assessment and appropriate technical measures … risk assessment and testing as required by the law. The GDPR requires that the data controller carry out risk …