Search results | European Data Protection Board

Italian DPA imposes limitation on processing on TikTok after the death of a Girl from Palermo
26 January 2021
News
… with certainty. The SA decided to take urgent measures (GDPR, art. 58, comma 2, lett. f) and art. 66, comma 1) … with certainty. The SA decided to take urgent measures (GDPR, art. 58, comma 2, lett. f) and art. 66, comma 1) …
The role of DPOs at the heart of EU coordinated action for 2023
… they hold the position required by Articles 37 to 39 of the GDPR and whether they have the necessary resources to carry … they hold the position required by Articles 37 to 39 of the GDPR and whether they have the necessary resources to carry …
Personal data breach at the Breiðholt Upper Secondary School – Administrative fine
10 March 2020
News
… violations of, inter alia, Art. 5(1)f and Art. 32 of the GDPR. When determining the fine, the SA referred to the … violations of, inter alia, Art. 5(1)f and Art. 32 of the GDPR. When determining the fine, the SA referred to the …
CEF 2025: EDPB selects topic for next year’s Coordinated Action
10 October 2024
News
… the first semester of 2025. The right to erasure (Art.17 GDPR) is one of the most frequently exercised data … the first semester of 2025. The right to erasure (Art.17 GDPR) is one of the most frequently exercised data …
EDPB-EDPS Joint Opinion 1/2021 on standard contractual clauses between controllers and processors
14 January 2021
EDPB/EDPS Joint Opinion
… Directive 95/46/EC (General Data Protection Regulation or “GDPR”) establishes, in its Article 28, a set of provisions … be incorporated in it. 2. According to Article 28 (3) GDPR, the processing by a processor shall be governed by a … on behalf of the controller. 3. Under Article 28 (6) GDPR, without prejudice to an individual contract between …
Polish SA: administrative fine of 210 € for failure to notify personal data breach to supervisory authority
28 November 2024
News
… Office then explained the procedure resulting from the GDPR. In the case of such an incident, the risk to which the … a fine of 210 € for infringement of Article 33 of the GDPR. For further information: Decision in national … Office then explained the procedure resulting from the GDPR. In the case of such an incident, the risk to which the …
Data Pro Code
20 August 2020
Decision by the SA
… Netherlands Type Code for Controllers/Processors subject to GDPR Scope National Opinion/Guideline References Guidelines …
Decision in the matter of TikTok Technology Limited made pursuant to Section 111 of the Data Protection Act, 2018 and Articles 60 and 65 of the General Data Protection Regulation
15 September 2023
Binding decision of the Board (Art. 65)
… the Irish SA regarding TikTok Technology Limited (Art. 65 GDPR) … Decision in the matter of TikTok Technology Limited …
CoC regulating the sector of job agencies
11 January 2024
Other
… Italy Type Code for Controllers/Processors subject to GDPR Scope National Monitoring Body (website under …
The Norwegian SA issues fine to the Municipality of Østre Toten for flawed information security
7 July 2022
News
… the controller (Article 24) Decision: Infringement of the GDPR, Order to comply Key words: Cyber attack, Ransomware, … the controller (Article 24) Decision: Infringement of the GDPR, Order to comply Key words: Cyber attack, Ransomware, …
The Norwegian SA issues fine to the Norwegian Public Service Pension Fund
24 November 2021
News
… 5), Legal basis (Article 6) Decision: Infringement of the GDPR Key words: Income Data, Lack of Procedures, Special … 5), Legal basis (Article 6) Decision: Infringement of the GDPR Key words: Income Data, Lack of Procedures, Special …
Polish SA imposed fine for failing to implement appropriate technical and organisational measures
31 May 2023
News
… characteristics of a data breach within the meaning of the GDPR. The Polish SA, taking into account the scope of … characteristics of a data breach within the meaning of the GDPR. The Polish SA, taking into account the scope of …
Swedish SA: Administrative fine against bank for transferring customer data to Meta
2 September 2024
News
… bank has violated the general data protection regulation, GDPR, by not having taken appropriate technical and … bank has violated the general data protection regulation, GDPR, by not having taken appropriate technical and …
The Norwegian Supervisory Authority has fined the Norwegian Labour Inspection Authority
16 May 2022
News
… by the data subject (Art. 15) Decision: Infringement of the GDPR and fine imposed, Reprimand Key words: Credit rating … by the data subject (Art. 15) Decision: Infringement of the GDPR and fine imposed, Reprimand Key words: Credit rating …
Norwegian Supervisory Authority issues fine to Trumf
22 June 2022
News
… of Processing (Art. 32) Decision: Infringement of the GDPR and fine imposed Key words: unauthorised access, Lack … of Processing (Art. 32) Decision: Infringement of the GDPR and fine imposed Key words: unauthorised access, Lack …
Finnish SA: Administrative fine on business directory operator for infringements of the right to obtain call recordings
6 July 2023
News
… method of delivering call recordings in accordance with the GDPR. Neither did the company inform the Finnish SA of … method of delivering call recordings in accordance with the GDPR. Neither did the company inform the Finnish SA of …
Icelandic SA: administrative fine imposed on the Primary Health Care of the Capital area for the unlawful processing in relation to the integration of medical record systems.
7 March 2025
News
… lawfulness of the processing (Articles 5.1 (a), 6.1 and 9.1 GDPR). Decision The Icelandic SA imposed a fine of 33 854 … lawfulness of the processing (Articles 5.1 (a), 6.1 and 9.1 GDPR). Decision The Icelandic SA imposed a fine of 33 854 …
Slovenian SA: schools must adhere to the principle of data protection by design and by default
20 May 2025
Press releases
… by design and by default, as mandated by Article 25 of the GDPR. The inspection procedure revealed a lack of proper … by design and by default, as mandated by Article 25 of the GDPR. The inspection procedure revealed a lack of proper …
Polish DPA: The incident must be notified to the supervisory authority and the data subjects
30 June 2021
News
… therein in accordance with the requirements under the GDPR. The Polish DPA asked the Foundation to indicate … proceedings against the Foundation. Pursuant to the GDPR, in case of a personal data breach, the controller … therein in accordance with the requirements under the GDPR. The Polish DPA asked the Foundation to indicate …
Finnish DPA imposed three administrative fines for data protection violations
27 May 2020
News
… had not made the impact assessment required by the GDPR before starting to process the location data. The … controller’s documentation related to compliance with the GDPR. The company had asked for information on matters such … had not made the impact assessment required by the GDPR before starting to process the location data. The …