Search results | European Data Protection Board

Administrative fine imposed on the Finnish Motor Insurers’ Centre for the collection of unnecessary patient information
8 February 2022
News
… Lawfulness, fairness and transparency (Art. 5(1)(a)), data minimisation (Art. 5(1)(c)), data protection by design and by default (Art. 25(2)) …
Polish DPA fines Surveyor General of Poland: Full inspection must be carried out
20 July 2020
News
… be carried out 20 July 2020 The President of the Personal Data Protection Office (UODO), after having conducted an … protection, and whether GGK has appointed a Data Protection Officer. Unfortunately, due to the lack of access by the …
EDPB publishes CSC biannual report and work programme 2025-2026
13 February 2025
News
… Information System (IMI) transparency obligations for data controllers . In addition, in July 2023, the CSC … ‘Europol’s information systems - a guide for exercising data subjects’ rights: the right of access, rectification, … programme 2025-2026 . To ensure a continuous high level of protection of individuals’ rights, the Committee will …
Polish DPA Fines ENEA S.A.: A data breach must be notified to the supervisory authority
11 January 2021
News
… Polish DPA Fines ENEA S.A.: A data breach must be notified to the supervisory authority 11 … 000) on ENEA S.A. company for failing to notify a personal data breach. The Personal Data Protection Office (UODO) received information about the …
Legal Framework - Coordinated Supervision Committee
… of 23 October 2018. Article 62 provides that the European Data Protection Supervisor (EDPS) and the national supervisory … coordinating the supervision of the processing of personal data in an EU large scale IT system or body, office or …
Polish SA: administrative fine of 81 000 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data), Article 28 (Processor), Article 34 (Communication of …
ICO statement: Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach
9 July 2019
News
… International, Inc more than £99 million under GDPR for data breach 9 July 2019 United Kingdom Statement in response … Office (ICO) intends to fine it for breaches of data protection law. Following an extensive investigation …
Europe Day 2021
7 May 2021
News
… a special webpage. Check it out here to learn more about data protection and privacy in the EU. For more information … a special webpage. Check it out here to learn more about data protection and privacy in the EU. For more information …
Polish SA fines controller EUR 5300 for failure to implement appropriate security measures
20 April 2023
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … of more than 5 300 EUR (23 580 PLN) on the Disciplinary Officer of the Bar Association for breaching the provisions …
Polish SA: administrative fine of 5 625 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key …
Polish DPA: Breach of the GDPR provisions by Funeda results in a fine
19 March 2021
News
… Sp. z o.o. company breached the provisions of the General Data Protection Regulation (GDPR) by not cooperating with Polish Data Protection Authority in the scope of performing the …
EDPB Response to Ailidh Callander, Legal Officer (Privacy International)
18 June 2020
Letters
… EDPB Response to Ailidh Callander, Legal Officer (Privacy International) 18 June 2020 Letters EDPB … … national supervisory authorities. The role of the European Data Protection Board is to ensure the consistent application of …
ICO statement: Intention to fine British Airways £183.39m under GDPR for data breach
8 July 2019
Press releases
… Intention to fine British Airways £183.39m under GDPR for data breach 8 July 2019 United Kingdom Following an … British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR). The proposed fine relates to a …
Race to become new EDPB Chair officially kicked off
26 April 2023
News
… end on 15 May 2024. The following Heads of national data protection authorities (DPAs) expressed their interest to … end on 15 May 2024. The following Heads of national data protection authorities (DPAs) expressed their interest …
Finnish DPA imposes financial sanction on a company due to carrying out electronic direct marketing without prior consent as well as neglecting the rights of the data subject
25 September 2020
News
… prior consent as well as neglecting the rights of the data subject 25 September 2020 Finland Financial sanction … prior consent as well as neglecting the rights of the data subject The sanctions board of the Finnish Data Protection Ombudsman has imposed an administrative fine on …
Finnish SA: Police reprimanded for illegal processing of personal data with facial recognition software
7 October 2021
News
… SA: Police reprimanded for illegal processing of personal data with facial recognition software 7 October 2021 Finland … Reference: Art. 14 in the Act on the Processing of Personal Data in Criminal Matters and in Connection with Maintaining … Summary of the Decision Origin of the case The Deputy Data Protection Ombudsman has issued a statutory reprimand to the …
Polish SA: administrative fine of 5 700 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data), Article 28 (Processor) Decision: Administrative fine, …
Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards
20 September 2019
News
… 20 September 2019 Poland The President of the Personal Data Protection Office imposed a fine of an amount higher than … and technical measures for the protection of personal data were not appropriate to the risk posed by the …
Polish DPA & WARTA: Failure to notify a personal data breach without undue delay as a reason for imposing a fine
13 January 2021
News
… Polish DPA & WARTA: Failure to notify a personal data breach without undue delay as a reason for imposing a … Company) infringed the provisions of the General Data Protection Regulation, because it did not notify a …
Coordinated Enforcement Framework
… Strategy to streamline enforcement and cooperation among Data Protection Authorities (DPAs). Each year, DPAs select the … on the designation and position of data protection officers (DPOs), 2023 Coordinated Enforcement Action, …