Search results | European Data Protection Board

Polish SA: risk assessment and acting in accordance with established procedures counteract data loss
20 December 2022
News
… documentation since the beginning of the application of the GDPR and had performed a risk assessment. The controller was … documentation since the beginning of the application of the GDPR and had performed a risk assessment. The controller was …
Polish SA: administrative fine of 5 700 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Kutno for infringement of Articles 5, 24, 25, 28, 32 of the GDPR. An unencrypted pendrive with the personal data of … programme, for infringement of Articles 28 and 32 of the GDPR. For further information: decision in national language … Kutno for infringement of Articles 5, 24, 25, 28, 32 of the GDPR. An unencrypted pendrive with the personal data of …
Polish SA: administrative fine of 210 € for failure to notify personal data breach to supervisory authority
28 November 2024
News
… Office then explained the procedure resulting from the GDPR. In the case of such an incident, the risk to which the … a fine of 210 € for infringement of Article 33 of the GDPR. For further information: Decision in national … Office then explained the procedure resulting from the GDPR. In the case of such an incident, the risk to which the …
Processing the personal data by a processor must be documented
20 December 2022
News
… that the processing of personal data complies with the GDPR. Key Findings Failure to verify the processor and its … that the processing of personal data complies with the GDPR. Key Findings Failure to verify the processor and its …
Finnish SA: Administrative fine imposed on psychotherapy provider for shortcomings in fulfilling the client's right of access to data
4 September 2023
News
… the client's right of access to data as required by the GDPR. In the decision, particular attention was paid to the … the client's right of access to data as required by the GDPR. In the decision, particular attention was paid to the …
Slovenian SA: schools must adhere to the principle of data protection by design and by default
20 May 2025
Press releases
… by design and by default, as mandated by Article 25 of the GDPR. The inspection procedure revealed a lack of proper … by design and by default, as mandated by Article 25 of the GDPR. The inspection procedure revealed a lack of proper …
CoC regulating the sector of telemarketing and tele-selling
7 March 2024
Other
… Italy Type Code for Controllers/Processors subject to GDPR Scope National Monitoring Body (website under …
Ivoclar Vivadent Group
23 July 2024
… 331.8KB German English Stáhnout Pre-GDPR No … Ivoclar Vivadent Group …
Decision of the Data Protection Commission made pursuant to Section 111 of the Data Protection Act, 2018 and Articles 60 and 65 of the General Data Protection Regulation
22 May 2023
Binding decision of the Board (Art. 65)
… Platforms Ireland Limited for its Facebook service (Art. 65 GDPR) … Decision of the Data Protection Commission made …
Launch of coordinated enforcement on role of data protection officers
15 March 2023
News
… the position in their organisations required by Art. 37-39 GDPR and the resources needed to carry out their tasks, … on the role of data protection officers (EN) Italian SA: GDPR: focus dei Garanti europei sul ruolo dei responsabili … the position in their organisations required by Art. 37-39 GDPR and the resources needed to carry out their tasks, …
Polish DPA fines Warsaw University of Life Sciences (SGGW)
11 September 2020
News
… of confidentiality and accountability specified in the GDPR. It is worth noting that the personal data of … of the principle of storage limitation provided for in the GDPR. Moreover, in the course of the conducted proceedings … of confidentiality and accountability specified in the GDPR. It is worth noting that the personal data of …
EDPB schvaluje odpověď výboru LIBE týkající se druhého dodatkového protokolu k Úmluvě o počítačové kriminalitě, pokyny ke kodexům chování jako nástroje pro mezinárodní předávání údajů a dopis o odpovědnosti v oblasti umělé inteligence a jmenuje zástupce d
24 February 2022
News
… čl. 40 odst. 3 a čl. 46 odst. 2 písm. e) nařízení GDPR. Tato ustanovení stanoví, že po schválení příslušným … čl. 40 odst. 3 a čl. 46 odst. 2 písm. e) nařízení GDPR. Tato ustanovení stanoví, že po schválení příslušným …
Italian DPA imposes limitation on processing on TikTok after the death of a Girl from Palermo
26 January 2021
News
… with certainty. The SA decided to take urgent measures (GDPR, art. 58, comma 2, lett. f) and art. 66, comma 1) … with certainty. The SA decided to take urgent measures (GDPR, art. 58, comma 2, lett. f) and art. 66, comma 1) …
Personal data breach at the Breiðholt Upper Secondary School – Administrative fine
10 March 2020
News
… violations of, inter alia, Art. 5(1)f and Art. 32 of the GDPR. When determining the fine, the SA referred to the … violations of, inter alia, Art. 5(1)f and Art. 32 of the GDPR. When determining the fine, the SA referred to the …
EDPB adopts guidelines on processing personal data through blockchains and is ready to cooperate with AI office on guidelines on AI Act and EU data protection law
14 April 2025
News
… organisations using these technologies to comply with the GDPR. In its guidelines, the EDPB explains how blockchains … organisations using these technologies to comply with the GDPR. In its guidelines, the EDPB explains how blockchains …
Decision in the matter of Meta Platforms Ireland Limited and the "Instagram" social media network made pursuant to Section 111 of the Data Protection Act 2018
15 September 2022
Binding decision of the Board (Art. 65)
… Ireland Limited (Instagram) under Article 65(1)(a) GDPR … Decision in the matter of Meta Platforms Ireland …
Decision in the matter of TikTok Technology Limited made pursuant to Section 111 of the Data Protection Act, 2018 and Articles 60 and 65 of the General Data Protection Regulation
15 September 2023
Binding decision of the Board (Art. 65)
… the Irish SA regarding TikTok Technology Limited (Art. 65 GDPR) … Decision in the matter of TikTok Technology Limited …
The Norwegian SA issues fine to the Municipality of Østre Toten for flawed information security
7 July 2022
News
… the controller (Article 24) Decision: Infringement of the GDPR, Order to comply Key words: Cyber attack, Ransomware, … the controller (Article 24) Decision: Infringement of the GDPR, Order to comply Key words: Cyber attack, Ransomware, …
The Icelandic SA: HEI medical travel agency fined for an unlawful use of an e-mail address and not handling an access request
24 May 2022
News
… right of access (Article 15) Decision: infringement of the GDPR, fine 1.5 million ISK (approx. 10.700 Euros). Key … right of access (Article 15) Decision: infringement of the GDPR, fine 1.5 million ISK (approx. 10.700 Euros). Key …
Dutch SA fines Booking.com for delay in reporting data breach
10 December 2020
News
… authority, article 33 (1) Decision: Infringement of the GDPR, administrative fine Key words: Data breach, delayed … authority, article 33 (1) Decision: Infringement of the GDPR, administrative fine Key words: Data breach, delayed …