Search results | European Data Protection Board

Poland SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
26 July 2019
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision Type SA Poland 26 July 2019 Data Protection Impact Assessment (DPIA) Poland DPIA List …
Final decision of Hungarian Supervisory Authority about infringement of Article 26 of the GDPR caused by a foundation
3 January 2024
News
… 2023 Cross-border case Hungarian National Authority for Data Protection and Freedom of Information (Hungarian … Supervisory Authority, SA) and CSAs: Office for Personal Data Protection of the Slovak Republic (Slovak Supervisory … respective responsibilities. , The Foundation was found in breach of Article 26(1) of the GDPR, as the cooperation …
Monitoring employees and broadcasting CCTV footage: Slovenian SA fines DODO PIZZA
4 November 2024
News
… Decision: Compliance order, Definitive limitation data processing, Administrative fine Key words: CCTV, … business model. Key findings The Slovenian SA found two breaches in the inspection proceeding. First, unlawful CCTV … people or property (violation of Article 78 of the national Data Protection Act). And second, these CCTV footages were …
Norwegian DPA: Municipality of Asker fined
13 May 2021
News
… of Asker fined 13 May 2021 Norway The Norwegian Data Protection Authority has fined Asker municipality EUR … Municipality was fined for publishing confidential personal data and National Identity Numbers (NID) on its website. The municipality has breached the data protection regulations requirements …
One-Stop-Shop case digests
… taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external … One-Stop-Shop case digest on Security of Processing and Data Breach Notification 18 January 2024 Publication Type: … taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external …
Commercial prospection: the French SA fines TotalEnergies Électricité et Gaz France €1,000,000
6 July 2022
News
… (Article 21), Information to be provided where personal data have not been obtained from the data subject (Article 14), Information, communication and … The amount of this fine was decided in the light of the breaches identified as well as all the measures taken by the …
Decision by the Austrian SA against Clearview AI Infringements of Articles 5, 6, 9, 27 GDPR
12 May 2023
News
… Infringement of the GDPR, Order to erase complainant’s data, Order to name an Article 27 representative Key words: Facial recognition; biometric data Summary of the Decision Origin of the case … The permanent storage of personal data also constitutes a breach of data minimisation principle. Article 9(1): The …
Polish SA: administrative fine of EUR 1 170 for Social Welfare Centre and EUR 2 341 EUR for Mayor of Aleksandrów for ignoring the risk of ransomware attack
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 … processing), Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
EDPBI:SE:OSS:D:2022:352
29 March 2022
… reference Article 32 (Security of processing) Keywords Data security Personal data breach Outcome Reprimand Decision 79.9KB Download …
Romanian Supervisory Authority's fine of 9,544.40 lei (EUR 2,000) against Telekom Romania Mobile Communications SA
25 November 2019
News
… Communications SA was sanctioned with a reprimand for the breach of provisions of Article 32 paragraph (1) letter b) … Communications SA could not prove the accuracy of the data processed, which led to the violation of the basic principle for data processing provided by Article 5 paragraph (1) letter …
Polish SA: administrative fine of 262 500 € for hidden video surveillance in neonatology department and failure to implement appropriate security measures
2 May 2025
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 13 (Information to be provided where … to the President of the Personal Data Protection Office a breach involving the loss or theft of memory cards from the …
The French SA fines Clearview AI EUR 20 million
20 October 2022
News
… AI Legal Reference: Lawfulness of processing of personal data (article 6 of the GDPR), Rights of individuals … AI formal notice to cease the collection and use of data of persons on French territory in the absence of a … Key Findings Unlawful processing of personal data (breach of article 6 of the GDPR) Individuals' rights not …
Polish SA: administrative fine of 54 600 € for failure to implement appropriate technical and organisational measures to ensure a level of security
28 November 2024
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key … Administrative fine, Data subject rights, Personal data breach, Principles relating to processing of personal data, …
The CNIL’s restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC
21 January 2019
News
… the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, … ads personalization. On 25 and 28 May 2018, the National Data Protection Commission (CNIL) received group complaints … the CNIL’s restricted committee responsible for examining breaches of the Data Protection Act observed two types of …
EDPBI:IS:OSS:D:2021:216
29 April 2021
… Article 5 (Principles relating to processing of personal data) Keywords Personal data breach Data security Children Education Outcome …
EDPBI:NO:OSS:D:2025:1660
21 February 2025
… reference Article 32 (Security of processing) Keywords Data security Personal data breach Outcome Dismissal/Rejection of the case …
Commercial prospecting: French SA fined CEGEDIM SANTÉ EUR 800 000
17 September 2024
News
… Article 5 (Principles relating to processing of personal data) Decision: Administrative fine Key words: Health … had processed, without authorisation, non-anonymous health data, transmitted to its customers in order to carry out … of April 10, 2014). Then, the French SA found two breaches: Failure to comply with the obligation to carry out …
Italian SA: unfettered employee surveillance to be banned
13 May 2021
News
… 1, letters a) and c) (lawfulness, fairness, transparency; data minimisation); Article 6 (Lawful processing); Article 9 (Processing of special category data); Article 13 (Information); Article 35 (DPIA); Article … nature of the information that had been processed in breach of the law. Additionally, the municipality was …
The Norwegian Supervisory Authority’s fines Lillestrøm Municipal Council
5 May 2022
News
… and fine imposed Key words: special categories of personal data, unauthorised access Summary of the Decision Origin … of 21 attachments contained special categories of personal data, see Article 9 (1) of the GDPR. The municipality … Authority also received notice of a personal data breach from Lillestrøm Municipal Council on 29 September. …
Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications
28 January 2020
Guidelines
… Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility … reference: 1/2020 Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility … Guidelines Topics: New Technology e-Privacy The European Data Protection Board welcomes comments on the Guidelines …