Search results | European Data Protection Board

The Icelandic SA: The municipality of Kópavogur fined ISK 4,000,000 for the use of the Seesaw educational system
2 May 2023
News
… did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to provide a transparent arrangement for the … out jointly with another data controller (Article 26 GDPR) Failure to demonstrate a lawful ground for all processing operations (Article 6 GDPR) Failure to comply with the obligation to process …
Databeskyttelsesrådet vedtager sin første udtalelse om certificeringskriterier
2 February 2022
News
… — Databeskyttelsesrådet har vedtaget sin udtalelse om den GDPR-CARPA-certificeringsordning, som den luxembourgske … om kriterierne for en landsdækkende certificeringsordning. GDPR-CARPA-certificeringsordningen er en generel ordning, … er et vigtigt skridt i retning af større overholdelse af GDPR. Hovedformålet med certificeringsmekanismer er at …
Europe’s new data protection rules and the EDPB: giving individuals greater control
25 May 2018
Press releases
… is created by the General Data Protection Regulation (GDPR), which enters into application today. The EDPB, which … authorities to ensure a consistent application of the GDPR throughout the European Union. Andrea Jelinek, Chair of … to protect their personal data. I am convinced that the GDPR gives individuals and supervisory authorities the means …
Icelandic SA: the municipality of Hafnarfjörður fined EUR 18.580 for the use of Google Workspace for Education
26 April 2024
News
… of Hafnarfjörður infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
Icelandic SA: the municipality of Reykjanesbær fined EUR 16.590 for the use of Google Workspace for Education
26 April 2024
News
… of Reykjanesbær infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
Irish Supervisory Authority announces decision in Facebook “Data Scraping” inquiry
1 December 2022
News
… and consistency mechanism outlined in Article 60 GDPR. LSA: Irish Supervisory Authority (SA). and CSAs: all … Ireland Limited) (‘Meta Platforms’). Legal Reference: GDPR obligation for Data Protection by Design and Default (Article 25 GDPR). Decision: infringement of Articles 25(1) and 25(2) …
Romanian Supervisory Authority fine against Hora Credit IFN S.A.
10 December 2019
News
… certain provisions of General Data Protection Regulation (GDPR). The controller was sanctioned as follows: for the … mentioned in Article 83 paragraph (5) letter a) of GDPR – fine in the amount of 14336.1 lei, the equivalent of … mentioned in Article 83 paragraph (4) letter a) of GDPR – fine in the amount of 47787 lei, the equivalent of …
Greek SA: fine imposed on employer for failure to satisfy the right to object and unlawful processing of employee’s personal data
28 March 2022
News
… Foreign languages private school Legal Reference: GDPR: Article 5(1)(a): Principle of lawfulness, fairness and … Article 21: Right to object Decision: Infringement of the GDPR, Administrative fine Key words: Right to object, … the provisions of Articles 5(1)(f)(a), 5(2) and 13 of the GDPR and in any case without clearly specifying the legal …
EDPB publishes OSS case digest on Security of Processing and Data Breach Notification
18 January 2024
News
… case digest on Security of Processing (Art. 32 GDPR) and Data Breach Notification (Art. 33 & 34 GDPR) . Since the entry into force of the GDPR, data protection authorities (DPAs) have closely …
The Portuguese Supervisory Authority fines the Portuguese National Statistics Institute (INE) 4.3 million EUR
19 December 2022
News
… Statistics Institute (INE) Legal Reference: article 9(1) GDPR; article 12 GDPR; article 13 GDPR; article 28(1), (6) and (7) GDPR; article 35(1), (2) …
Geolocalisation data: the French SA fines UBEEQO International €175 000
25 July 2022
News
… Legal Reference: Data minimisation (Article 5.1.c GDPR), Retention period (Article 5.1.e GDPR), Information of individuals (Article 12 GDPR) Decision: Administrative fine Key words: Geolocation …
Irish Supervisory Authority’s final decision summary: fines confirmed
29 November 2022
News
… Legal Reference: 1. Articles 5(1)(f) and 32(1) of the GDPR 2. Article 5(1), Article 32(1), Article 33(1) of the GDPR 3. Article 15, Article 13, Article 12 of the GDPR 4. Article 5(1)(f) and 32(1), Article 24 and 30(1), …
Icelandic SA: the municipality of Kópavogur fined EUR 19.907 for the use of Google Workspace for Education
26 April 2024
News
… of Kópavogur infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
Databeskyttelsesrådet vedtager retningslinjer for pseudonymisering og baner vejen for at forbedre samarbejdet med konkurrencemyndighederne
17 January 2025
Press releases
… af pseudonymisering med henblik på overholdelse af GDPR Databeskyttelsesforordningen indfører udtrykket … interesser som retsgrundlag (artikel 6, stk. 1, litra f), i GDPR), så længe alle andre krav i GDPR er opfyldt. På samme måde kan pseudonymisering bidrage …
Databeskyttelsesrådets årsberetning for 2024: beskyttelse af personoplysninger i et landskab i forandring
23 April 2025
Press releases
… anvendelse af den generelle forordning om databeskyttelse (GDPR) i hele Europa. For at understøtte forståelsen og … i hele Europa, sikre konsekvent håndhævelse af GDPR og tackle nye udfordringer, herunder … der blev vedtaget i henhold til artikel 64, stk. 2, i GDPR, steg betydeligt. I 2024 vedtog Databeskyttelsesrådet …
Personalised advertising: French SA fined CRITEO EUR 40,000,000
15 June 2023
News
… Key Findings The French SA found five breaches of the GDPR: Failure to demonstrate that the person has given consent (Article 7.1 GDPR) Failure to comply with the obligation of information and transparency (Articles 12 and 13 GDPR) Failure to respect the right of access (Article 15.1 …
EDPB launches French and German versions of its Data Protection Guide for small business
17 May 2024
News
… The Guide provides practical information to SMEs about GDPR compliance and benefits in an accessible and easily … Guide for small business covers various aspects of the GDPR, from data protection basics, to data subject rights … practical materials to help SMEs on their way to become GDPR compliant In the near future, the Guide will become …
Endorsed WP29 Guidelines
… meeting the European Data Protection Board endorsed the GDPR related WP29 Guidelines: Guidelines on consent under … 9/2022 on personal data breach notification under GDPR Guidelines on the right to data portability under … records of processing activities pursuant to Article 30(5) GDPR Working Document Setting Forth a Co-Operation Procedure …
Sixteenth Plenary Session: adopted documents
11 December 2019
News
… Session, the EDPB adopted the following documents: Art. 64 GDPR Opinion on Accreditation Requirements for Codes of … Right to be Forgotten in the search engine cases under the GDPR” (part 1) … During its December Plenary Session, the EDPB adopted the following documents: Art. 64 GDPR Opinion on Accreditation Requirements for Codes of …
Belgian DPA fines controller for sending a direct marketing message to the wrong person and for not responding adequately to the subsequent request for access
19 June 2020
News
… answer to the request of the plaintiff (Article 15 GDPR), did not respond within the deadline set by the GDPR (Article 12.3 GDPR) and was not sufficiently transparent (Article 12.1 …