Search results | European Data Protection Board

The French SA fines COSMOSPACE EUR 250,000 and TELEMAQUE EUR 150,000
20 November 2024
News
… Article 5 (Principles relating to processing of personal data), Article 9 (Processing of special categories of personal data) Decision: Administrative fine Key words: Sensitive … carried out by the CNIL in 2021 revealed several breaches, including the collection of sensitive data without …
The Danish Data Protection Agency proposes a DKK 1,2 million fine for Danish taxi company
25 March 2019
News
… The Danish Data Protection Agency proposes a DKK 1,2 million fine for Danish taxi company 25 March 2019 Denmark The Danish Data Protection Agency has issued a statement declaring that … to fine Taxa 4x35 for a total of DKK 1. 2 million for a breach of the GDPR. Taxa 4x35 could be fined for failure to …
Commercial prospecting and rights of individuals: EDF France fined 600 000 euros
1 December 2022
News
… 14 of the GDPR) obligation to ensure security of personal data (Article 32 of the GDPR) Decision: administrative fine … and 14 of the GDPR) Failure to ensure security of personal data (Article 32 of the GDPR) Decision Based on findings … public. The amount of the fine was decided considering the breaches observed and the cooperation by the company and all …
Norwegian DPA: Administrative fine for Rælingen municipality
18 August 2020
News
… fine for Rælingen municipality The Norwegian Data Protection Authority has imposed an administrative fine … 47,500 to Rælingen Municipality. The fine is imposed after data concerning health of children with special needs was … started when we received a notification of a personal data breach from the municipality. Upon further investigation of …
Polish SA: administrative fine of 5 700 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data), Article 28 (Processor) Decision: Administrative fine, … administrative fine, Data subject rights, Personal data breach, Principles relating to processing of personal data, …
Help make GDPR compliance easy for organisations: what templates would be helpful for you? Provide your feedback
5 November 2025
News
… 5 November 2025 EDPB Brussels, 5 November - The European Data Protection Board (EDPB) is taking an important step … that organisations can readily implement to meet their data protection obligations. To ensure these templates … such as Data Protection Impact Assessments (DPIAs) and data breach notifications. Contributions can be submitted here …
Dutch DPA fines OLVG hospital for inadequate protection of medical records
11 February 2021
News
… of medical records 11 February 2021 Netherlands The Dutch Data Protection Authority (DPA) has imposed a fine of … security measures couldn’t guarantee that. That’s a serious breach and that’s why the DPA has imposed this fine.’ … medical information, patient records also contain personal data like citizen service numbers, addresses and phone …
Swedish DPA: Police unlawfully used facial recognition app
12 February 2021
News
… that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using Clearview AI to identify individuals. … that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using …
Second fine by the Romanian Supervisory Authority
2 July 2019
News
… 32 (4) in relation to Article 32 (1) and (2) of the General Data Protection Regulation in respect of the security of processing. The data controller, WORLD TRADE CENTER BUCHAREST S.A., was … to a fine of 71028 lei, the equivalent of 15,000 Euros. The breach of personal data security consisted in the fact that …
Belgian DPA imposes €50,000 Fine on Family Service
1 February 2021
News
… known by mothers and fathers-to-be in Belgium, for various breaches of the GDPR. Family Service is a marketing company … lodged at the DPA alleging the company transferred personal data to third parties, including data brokers, without valid consent on the part of the …
Norwegian Supervisory Authority issues fine to Trumf
22 June 2022
News
… Legal Reference: Notification of a personal data breach to the supervisory authority (Art. 33), Security of … people on their membership profiles, which is a personal data breach. Trumf has an obligation to report all such … Legal Reference: Notification of a personal data breach to the supervisory authority (Art. 33), Security …
Spanish Data Protection Authority (AEPD) imposes fine of 6.000.000 EUR on CAIXABANK, S.A.,
19 February 2021
News
… Spanish Data Protection Authority (AEPD) imposes fine of 6.000.000 … EUR on CAIXABANK, S.A., 19 February 2021 Spain The Spanish Data Protection Authority (AEPD) imposed a total fine of … personal data. The AEPD concluded that this constituted a breach of Article 6 of the GDPR, and according to Article 83 …
Fælles udtalelse nr. 2/2021 fra Databeskyttelsesrådet og Den Europæiske Tilsynsførende for Databeskyttelse om Europa-Kommissionens gennemførelsesafgørelse om standardkontraktbestemmelser for overførsel af personoplysninger til tredjelande
14 January 2021
EDPB/EDPS Joint Opinion
… Fælles udtalelse nr. 2/2021 fra Databeskyttelsesrådet og Den Europæiske Tilsynsførende for Databeskyttelse om Europa-Kommissionens … standard contractual clauses for the transfer of personal data to third countries for the matters referred to in … clauses are suspended or prohibited in the event of the breach of such clauses or if it is impossible to honour …
Norwegian DPA: BRAbank ASA fined
22 June 2021
News
… DPA: BRAbank ASA fined 22 June 2021 Norway The Norwegian Data Protection Authority has fined BRAbank EUR 40,000 (NOK 400,000) for violation of the General Data Protection Regulation (GDPR). This case concerns … This matter began with a notice of a personal data breach on 6 September 2019 from what was then Easybank ASA. …
Guidelines 4/2019 on Article 25 Data Protection by Design and by Default
20 November 2019
Guidelines
… Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Start Date: 20 … reference: 4/2019 Guidelines 4/2019 on Article 25 Data Protection by Design and by Default 711.4KB Download …
Hungarian SA’s decision on the handling of access request by an airline company
7 December 2023
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 15 (Right to access by the data subject) … Right of access, Lawfulness of processing, Personal data breach, Right of access Summary of the Decision Origin …
Hungarian SA’s decision on the handling of access request by an airline company
2 February 2024
News
… 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 15 (Right to access by the data subject) … Right of access, Lawfulness of processing, Personal data breach, Right of access Summary of the Decision Origin …
Making GDPR compliance easier through new initiatives: a key focus of the EDPB work programme 2026-2027
13 February 2026
News
… in addition to the already announced templates for data breach notifications and data protection impact assessment . This is also in line … in addition to the already announced templates for data breach notifications and data protection impact assessment . …
The Norwegian Data Protection Authority imposes a fine on the City of Oslo
18 December 2019
News
… The Norwegian Data Protection Authority imposes a fine on the City of Oslo … of Oslo, the Nursing Home Agency, for having stored patient data from the city’s nursing homes and health centres … The case commenced when the City of Oslo sent a data breach notification to the Data Protection Authority in …
French DPA: 1.75 million penalty against AG2R LA MONDIALE
8 September 2021
News
… national case Controller: AG2R LA MONDIALE Legal Reference: Data retention period (Article 5.1.e GDPR), Information … Key words: Insurances, data retention, information Summary of the Decision Origin … comply with articles 5-1-e, 13 and 14 of the GDPR. Decision Breach of Article 5-1-e of the GDPR The company had not …