26 July 2024
… the company to applicants (infringements of Article 5(1)(a) GDPR (principles of fairness and transparency, Article 12(1) and (4) GDPR); processing in the context of a company’s ‘shadow … (infringements of lawfulness principle, Article 5(1)(a) GDPR and Article 6(1) GDPR); improper implementation of the …
1 July 2025
… found CDETB: Infringed Articles 5(1)(f), 32(1) and 32(2) GDPR by failing to implement appropriate technical and … the appropriate level of security, Infringed Article 33(1) GDPR by failing to notify the DPC of the breach without undue delay, Infringed Article 34(1) GDPR by failing to notify the affected data subjects of the …
22 January 2024
… order to verify the compliance with the provisions of the GDPR, and more precisely concerning the legal basis of the … that the data controller violated article 13.1.e) of the GDPR (no information about the recipients of the personal … the CNPD identified a violation of article 24.1 of the GDPR (responsibility of the data controller), as personal …
2 February 2024
… request, hence the Company breached Article 12(3) of GDPR when they failed to meet the Complainant’s erasure … right to erasure according to Article 17(1)(b) of GDPR. The Company also failed to meet the requirements of … database, so the Company breached Article 25(1) of GDPR. Decision The Authority established that the Company …
6 September 2023
… not complied with data protection principles in Article 5 GDPR and not informed the data subjects about processing in accordance with Article 12 and 13 GDPR. Key Findings Failure to comply with the obligation … fairly and in a transparent manner (Article 5(1)(a) GDPR) Failure to inform the data subjects about processing …
20 August 2020
… the e-Privacy Directive forms lex specialis vis-à-vis the GDPR (as lex generalis), as stated in article 95 GDPR, the provisions with regard to consent of the GDPR remain applicable as preconditions for lawful … the e-Privacy Directive forms lex specialis vis-à-vis the GDPR (as lex generalis), as stated in article 95 GDPR, the …
13 October 2021
… Controller: Ferde AS Legal Reference: Processor (ARTICLE 28 GDPR), Security of Processing (ARTICLE 32 GDPR), General principle for transfers (ARTICLE 44 GDPR) Decision: infringement declared and fine imposed Key … Controller: Ferde AS Legal Reference: Processor (ARTICLE 28 GDPR), Security of Processing (ARTICLE 32 GDPR), General …
22 February 2023
… by national DPAs via binding decisions under Art. 65 GDPR and to advise the EU legislator on data protection … further guidance and develop awareness-raising tools on the GDPR for a wider audience. Furthermore, the EDPB intends to … such as on the interplay between the AI Act and the GDPR and on the use of social media by public bodies. …
… analyse decisions related to different Articles of the GDPR and include examples of final One-Stop-Shop (OSS) … Supervisory Authorities (SAs) work together to enforce the GDPR. They offer an opportunity to read final decisions … of Experts projects Topics: Cooperation between authorities GDPR enforcement English Download One-Stop-Shop case digest …
8 September 2021
… Legal Reference: Data retention period (Article 5.1.e GDPR), Information (Articles 13 & 14 GDPR) Decision: Fine … had failed to comply with articles 5-1-e, 13 and 14 of the GDPR. Decision Breach of Article 5-1-e of the GDPR The … Legal Reference: Data retention period (Article 5.1.e GDPR), Information (Articles 13 & 14 GDPR) Decision: …
25 November 2020
… decision to specify certain viewpoints, the primacy of the GDPR as EU law resulted in the decision that a priori analysed potential breaches of the GDPR. Decision of the Litigation Chamber The litigation … were not processed in a lawful way under article 6.1.f. GDPR, as there were legitimate interests for the defendants …
7 December 2023
… request, hence the Company breached Article 12(3) GDPR when they failed to meet the Complainant’s erasure … right to erasure according to Article 17(1)(b) GDPR. The Company also failed to meet the requirements of … newsletter database, so the Company breached Article 25(1) GDPR. Decision The Hungarian Supervisory Authority …
30 June 2022
… (Articles 44 and 46). Decision: infringement of the GDPR; order to comply; order to suspend data flows to U.S.; … data transfers despite their being in violation of the GDPR. Key Findings: The Italian SA found that Caffeina … be transferred to the U.S. in violation of Chapter V of the GDPR, since the measures adopted by Google to supplement the …
20 January 2023
… OÜ Legal Reference: Lawfulness of processing (Article 6 GDPR), Information to be provided where personal data are collected from the data subject (Article 13 GDPR) Decision: precept, … whether it complies with the requirements in the GDPR. Estonian SA evaluated and analysed the documents, that …
20 January 2023
… relating to processing of personal data (Article 5 GDPR), Lawfulness of processing (Article 6 GDPR), Conditions for consent (Article 7 GDPR), Transparency and information obligations (Articles 12 … relating to processing of personal data (Article 5 GDPR), Lawfulness of processing (Article 6 GDPR), Conditions …
26 January 2023
… of legality, fairness and transparency (Art. 5(1)(a) of GDPR), consent of the data subject (Art. 7(2) of GDPR), direct marketing (Art. 81(1) of ECL) Decision: The … was upheld, infringements of Art. 5(1)(a) and Art. 7(2) of GDPR and Art. 81(1) ECL Summary of the Decision Origin …
6 December 2022
… three dispute resolution decisions on the basis of Art. 65 GDPR concerning Meta Platforms Ireland Limited (Meta IE). … in ensuring the correct and consistent application of the GDPR by the national Supervisory Authorities. The Irish SA … among others, the legal basis for processing (Art. 6 GDPR), data protection principles (Art. 5 GDPR), and the use …
22 May 2023
… Authority (IE DPA). This fine, which is the largest GDPR fine ever, was imposed for Meta’s transfers of personal … to bring its data transfers into compliance with the GDPR. Andrea Jelinek, EDPB Chair, said: “The EDPB found that … bring processing operations into compliance with Chapter V GDPR, by ceasing the unlawful processing, including storage, …
24 April 2020
… into the possibility of relying on a derogation of Art. 49 GDPR to enable international flows. The EDPB tackled this … research. In its letter, the EDPB reiterates that the GDPR allows for collaboration between EEA and non-EEA … decisions or appropriate safeguards (included in Article 46 GDPR) should be favoured, according to the EDPB. However, …
29 March 2021
… investigation under the General Data Protection Regulation (GDPR), in February 2021 imposed a fine for improper … for infringements of Article 32(1) (b) and (c) of the GDPR, namely failure to ensure the ongoing integrity, … to the risk, infringement of Article 32(1)(b)(c) of the GDPR, and also taking into account the factors listed in …