Search results | European Data Protection Board

Polish DPA fines Surveyor General of Poland: Full inspection must be carried out
20 July 2020
News
… be carried out 20 July 2020 The President of the Personal Data Protection Office (UODO), after having conducted an … protection, and whether GGK has appointed a Data Protection Officer. Unfortunately, due to the lack of access by the … The President of the Personal Data Protection Office (UODO), after having conducted an …
EDPB Response to Ailidh Callander, Legal Officer (Privacy International)
18 June 2020
Letters
… EDPB Response to Ailidh Callander, Legal Officer (Privacy International) 18 June 2020 Letters EDPB … national supervisory authorities. The role of the European Data Protection Board is to ensure the consistent application of … EDPB Response to Ailidh Callander, Legal Officer (Privacy International) …
Administrative fine imposed on the Finnish Motor Insurers’ Centre for the collection of unnecessary patient information
8 February 2022
News
… Lawfulness, fairness and transparency (Art. 5(1)(a)), data minimisation (Art. 5(1)(c)), data protection by design and by default (Art. 25(2)) … Lawfulness, fairness and transparency (Art. 5(1)(a)), data minimisation (Art. 5(1)(c)), data protection by design and by default (Art. 25(2)) Decision: …
EDPB publishes CSC biannual report and work programme 2025-2026
13 February 2025
News
… Information System (IMI) transparency obligations for data controllers . In addition, in July 2023, the CSC … ‘Europol’s information systems - a guide for exercising data subjects’ rights: the right of access, rectification, … programme 2025-2026 . To ensure a continuous high level of protection of individuals’ rights, the Committee will …
ICO statement: Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach
9 July 2019
News
… International, Inc more than £99 million under GDPR for data breach 9 July 2019 United Kingdom Statement in response … Office (ICO) intends to fine it for breaches of data protection law. Following an extensive investigation … Office (ICO) intends to fine it for breaches of data protection law. Following an extensive investigation …
Legal Framework - Coordinated Supervision Committee
… of 23 October 2018. Article 62 provides that the European Data Protection Supervisor (EDPS) and the national supervisory … coordinating the supervision of the processing of personal data in an EU large scale IT system or body, office or … of 23 October 2018. Article 62 provides that the European Data Protection Supervisor (EDPS) and the national …
Polish SA: administrative fine of 81 000 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data), Article 28 (Processor), Article 34 (Communication of … Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 …
Europe Day 2021
7 May 2021
News
… a special webpage. Check it out here to learn more about data protection and privacy in the EU. For more information … a special webpage. Check it out here to learn more about data protection and privacy in the EU. For more information …
Polish SA fines controller EUR 5300 for failure to implement appropriate security measures
20 April 2023
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … of more than 5 300 EUR (23 580 PLN) on the Disciplinary Officer of the Bar Association for breaching the provisions …
Polish DPA: Breach of the GDPR provisions by Funeda results in a fine
19 March 2021
News
… Sp. z o.o. company breached the provisions of the General Data Protection Regulation (GDPR) by not cooperating with Polish Data Protection Authority in the scope of performing the … Sp. z o.o. company breached the provisions of the General Data Protection Regulation (GDPR) by not cooperating with …
ICO statement: Intention to fine British Airways £183.39m under GDPR for data breach
8 July 2019
Press releases
… Intention to fine British Airways £183.39m under GDPR for data breach 8 July 2019 United Kingdom Following an … British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR). The proposed fine relates to a … British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR). The proposed fine relates …
Polish SA: administrative fine of 5 625 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key … Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 …
Polish SA: administrative fine of EUR 7 800 for non-public health care centre in Pyskowice for failing to carry out appropriate risk analysis
16 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), …
Race to become new EDPB Chair officially kicked off
26 April 2023
News
… end on 15 May 2024. The following Heads of national data protection authorities (DPAs) expressed their interest to … end on 15 May 2024. The following Heads of national data protection authorities (DPAs) expressed their interest to …
Finnish SA: Police reprimanded for illegal processing of personal data with facial recognition software
7 October 2021
News
… SA: Police reprimanded for illegal processing of personal data with facial recognition software 7 October 2021 Finland … Reference: Art. 14 in the Act on the Processing of Personal Data in Criminal Matters and in Connection with Maintaining … Summary of the Decision Origin of the case The Deputy Data Protection Ombudsman has issued a statutory reprimand to the …
Finnish DPA imposes financial sanction on a company due to carrying out electronic direct marketing without prior consent as well as neglecting the rights of the data subject
25 September 2020
News
… prior consent as well as neglecting the rights of the data subject 25 September 2020 Finland Financial sanction … prior consent as well as neglecting the rights of the data subject The sanctions board of the Finnish Data Protection Ombudsman has imposed an administrative fine on …
Coordinated Enforcement Framework
… Strategy to streamline enforcement and cooperation among Data Protection Authorities (DPAs). Each year, DPAs select the … on the designation and position of data protection officers (DPOs), 2023 Coordinated Enforcement Action, … Strategy to streamline enforcement and cooperation among Data Protection Authorities (DPAs). Each year, DPAs select …
Polish SA: administrative fine of EUR 4 500 for gastronomic entrepreneur for access hindering and failure to provide with the necessary information
25 September 2025
News
… case concerns a complaint to the President of the Personal Data Protection Office lodged by an individual in 2021 about … irregularities in the processing of his or her personal data by an entrepreneur from Silesia voivodeship. That was … case concerns a complaint to the President of the Personal Data Protection Office lodged by an individual in 2021 about …
Polish DPA & WARTA: Failure to notify a personal data breach without undue delay as a reason for imposing a fine
13 January 2021
News
… Polish DPA & WARTA: Failure to notify a personal data breach without undue delay as a reason for imposing a … Company) infringed the provisions of the General Data Protection Regulation, because it did not notify a … Company) infringed the provisions of the General Data Protection Regulation, because it did not notify a …
Biometrics for attendance recording. The Italian SA fines a high school
15 July 2025
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data) Decision: Administrative fine Key words: … recalled that, according to the GDPR and the Italian Data Protection Code, the use of biometric data in the workplace …