17 May 2023
… Findings The French SA has identified four breaches of the GDPR and a breach of the French Data Protection Act by … the purposes for which they are processed (Article 5.1(e) GDPR) Failure to obtain consent from individuals to collect their health data (Article 9 GDPR) Failure to provide a formal legal framework for the …
29 April 2022
… in the interpretation and consistent application of the GDPR by endorsing and adopting no less than 57 Guidelines … is crucial for ensuring a consistent interpretation of the GDPR. To stay on top of this growing workload and make the … use of the possibilities for cooperation foreseen in the GDPR, we will yearly identify a number of cross-border cases …
14 March 2018
… their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory … their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory …
20 February 2020
… (SAs) contributed to the evaluation and review of the GDPR as required by Art. 97 GDPR . The EDPB is of the opinion that the application of the GDPR in the first 20 months has been successful. Although … (SAs) contributed to the evaluation and review of the GDPR as required by Art. 97 GDPR . The EDPB is of the …
16 December 2020
… adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft … consistency mechanism Further information on the Art. 65 GDPR procedure is available here … adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft …
13 December 2019
… 12 and 13 of the General Data Protection Regulation (GDPR); the infringement of Article 5 paragraph (1) letter c), Article 6 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letter c), Article 9 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letters …
29 March 2023
… Legal Reference: Data minimisation (article 5.1.c of the GDPR), Contractual framework between the controller and processors (article 28.3 of the GDPR), Inform and collect user consent before writing and … French Data Protection Act) Decision: Infringement of the GDPR, Infringement of the French Data Protection Act, …
23 March 2022
… national case: National case Legal references: Article 31 GDPR(Co-operation with the supervisory authority), Article 58 (1) (e) GDPR, Article 58 (2) (i) GDPR, Article 83 (1-3) and (5) (e) GDPR (General conditions … national case: National case Legal references: Article 31 GDPR(Co-operation with the supervisory authority), Article …
1 March 2023
… case Legal references: Article 83 (1), (2), (4) (a) GDPR (General conditions for imposing administrative fines), Article 57 (1) (a) and (h) GDPR, Article 58 (2) (e) and (i) GDPR, Article 33 (1) GDPR (Notification of a personal data … case Legal references: Article 83 (1), (2), (4) (a) GDPR (General conditions for imposing administrative fines), …
12 March 2024
… SA founded that the data controller infringed Article 12(3) GDPR because it failed to inform the Data Subject of the … of transparent data processing according to Article 5(1)(a) GDPR as the Data Subject could not see what additional data, … data. The Hungarian SA has also found that Article 5(2) GDPR cannot be regarded as a provision requiring mandatory …
15 December 2020
… Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International … found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to … Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through …
22 April 2021
… implementing decision pursuant to Regulation (EU) 2016/679 (GDPR) on the adequate protection of personal data in the … Kingdom Guidelines on the application of Article 65(1)(a) GDPR Guidelines on the targeting of social media users … implementing decision pursuant to Regulation (EU) 2016/679 (GDPR) on the adequate protection of personal data in the …
9 April 2026
… nye initiativer, der skal gøre det lettere at overholde GDPR, styrke sammenhængen, styrke dialogen og forbedre … om samspillet mellem forordningen om digitale markeder og GDPR. Udvalget arbejdede også sammen med Kommissionen om … for samspillet mellem forordningen om digitale tjenester og GDPR. At sætte interessenter i centrum for …
18 November 2025
… the principle of liability (articles 5-1-a) and 5-2 of the GDPR); Failure to collect adequate, relevant and necessary data (article 5-1-c) of the GDPR); Failure to involve the Data Protection Officer in … to the protection of personal data (article 38-1 of the GDPR) Decision: administrative fine Key words: CCTV cameras, …
26 January 2023
… a legal basis for the processing of data (Article 6(1)(a) GDPR), conditions for consent (Article 7 GDPR) Decision: The complaint was found to be well-founded … the corrective actions provided for in Article 58(2) of the GDPR have been taken Summary of the Decision Origin of …
26 June 2020
… on the basis of its legitimate interest (Article 6.1, f) GDPR), sent direct marketing messages to (former) donors for … subject to the data controller pursuant to Article 17.1 GDPR and its right to object pursuant to Article 21.2 GDPR. The Litigation Chamber decided that the data …
16 March 2020
… Board (EDPB), said: “Data protection rules (such as GDPR) do not hinder measures taken in the fight against the … to guarantee the lawful processing of personal data.” The GDPR is a broad legislation and also provides for the rules … a context such as the one relating to COVID-19. Indeed, the GDPR provides for the legal grounds to enable the employers …
25 June 2020
… following the One-Stop-Shop cooperation procedure (Art. 60 GDPR) on its website. Under the GDPR, Supervisory Authorities have a duty to cooperate on … information showcasing how SAs work together to enforce the GDPR in practice. The information in the register has been …
16 December 2021
… law. In seeking to ensure the consistent application of the GDPR, the process leading to consensus or majority positions … law and procedures. Within the framework provided by the GDPR, the Members of the Board work together in a respectful … that hold one position or another – it is simply the GDPR working as intended. In this regard, although not …
4 May 2022
… the authority of the controller or processor (Article 29 GDPR), Security of processing (Article 32 GDPR), Processor (Article 28 GDPR) Decision: Administrative fine Key words: Health data … the authority of the controller or processor (Article 29 GDPR), Security of processing (Article 32 GDPR), Processor …