Search results | European Data Protection Board

Romanian Supervisory Authority fine of 2,389.05 lei (EUR 500) against an Association of Owners
29 November 2019
News
… mentioned in Article 83 paragraph (5) letter a) of GDPR – fine in the amount of 2389.05 lei, the equivalent of … mentioned in Article 83 paragraph (5) letter b) of GDPR – reprimand; for the contravention found pursuant to … mentioned in Article 83 paragraph (4) letter a) of GDPR – reprimand. The sanctions were imposed following a …
Investigation regarding access to and inspection by the employer of an employee’s emails on a company server, illegal installation and operation of a closed-circuit video-surveillance system and infringement of the right of access
14 January 2020
News
… as a controller had complied with the requirements of the GDPR and that its internal policies and regulations provided … had a legal right under Articles 5(1) and 6(1)(f) of the GDPR to carry out an internal investigation searching and … in his corporate PC. Following the finding that the GDPR had been infringed, the Authority decided in this …
Norwegian DPA: Reprimanded after accessing e-mail account
23 September 2021
News
… National case Legal Reference: Information (Article 14 GDPR), Right of access by the data subject (Article 15 GDPR) Decision: Infringement of the GDPR, reprimand, and order to comply Summary of the Decision …
Health data and use of cookies: French SA fines DOCTISSIMO
17 May 2023
News
… Findings The French SA has identified four breaches of the GDPR and a breach of the French Data Protection Act by … the purposes for which they are processed (Article 5.1(e) GDPR) Failure to obtain consent from individuals to collect their health data (Article 9 GDPR) Failure to provide a formal legal framework for the …
EDPB adopted documents - 42nd & 43rd plenary
4 January 2021
News
… period Information note on data transfers under the GDPR after the Brexit transition period Guidelines on restrictions of data subject rights under Article 23 GDPR - version for public consultation Guidelines on the … of the Second Payment Services Directive (PSD2) and the GDPR (following public consultation) Guidelines on articles …
The Lithuanian SA adopted a decision on the processing of employee’s personal correspondence
26 January 2023
News
… The principle of accountability (Article 5(2) of the GDPR), lawfulness of processing (Article 6(1) of the GDPR) Summary of the Decision Origin of the case The … of such measures must comply with the requirements of the GDPR. In the light of the principle of accountability …
Excessive data collection and lack of cooperation: the French SA imposes a fine of 200.000 euros on SAF LOGISTICS
18 September 2023
News
… Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation (Article 5(1)(c) of the GDPR) Infringement of the ban on processing sensitive data (Article 9 of the GDPR) A breach of the ban on processing personal data …
Polish SA imposed a fine on the Szczecin-Centrum District Court in Szczecin
19 January 2023
News
… Legal references: Article 83 (1-3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 24 (1) GDPR (Responsibility of the controller), Article 25 (1) (2) … protection by design and by default), Article 32 (1) (2) GDPR (Security of processing), Article 5 (1) (e) (f) and (2) …
Failure to notify a personal data breach as the main reason for a fine imposed on a housing association by the Polish SA
7 February 2023
News
… Legal references: Article 83 (1- 3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 28 (1) (3) and (9) GDPR (Processor), Article 33 (1) GDPR (Notification of a personal data breach to the …
DPAs decide on closer cooperation for strategic files
29 April 2022
Press releases
… in the interpretation and consistent application of the GDPR by endorsing and adopting no less than 57 Guidelines … is crucial for ensuring a consistent interpretation of the GDPR. To stay on top of this growing workload and make the … use of the possibilities for cooperation foreseen in the GDPR, we will yearly identify a number of cross-border cases …
Hungarian SA: deletion request in concerning an airline company
19 January 2024
News
… founded that the data controller infringed Article 12(3) of GDPR, because it failed to inform the Data Subject of the … transparent data processing according to Article 5(1)(a) of GDPR as the Data Subject could not see what additional data, … data. The Hungarian SA has also found that Article 5(2) of GDPR cannot be regarded as a provision requiring mandatory …
Irish Data Protection Commission announces decision in Twitter inquiry
15 December 2020
News
… Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International … found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to … Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through …
Eighteenth EDPB Plenary Session
20 February 2020
Press releases
… (SAs) contributed to the evaluation and review of the GDPR as required by Art. 97 GDPR . The EDPB is of the opinion that the application of the GDPR in the first 20 months has been successful. Although …
First EDPB Art. 65 Decision
16 December 2020
News
… adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft … consistency mechanism Further information on the Art. 65 GDPR procedure is available here … The EDPB adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft …
EDPB adopted documents - 48th plenary
22 April 2021
News
… implementing decision pursuant to Regulation (EU) 2016/679 (GDPR) on the adequate protection of personal data in the … Kingdom Guidelines on the application of Article 65(1)(a) GDPR Guidelines on the targeting of social media users … implementing decision pursuant to Regulation (EU) 2016/679 (GDPR) on the adequate protection of personal data in the …
Romanian Supervisory Authority issues two fines each of 23,893 lei (EUR 5,000) against Entirely Shipping & Trading S.R.L.
13 December 2019
News
… 12 and 13 of the General Data Protection Regulation (GDPR); the infringement of Article 5 paragraph (1) letter c), Article 6 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letter c), Article 9 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letters …
Icelandic SA: the municipality of Reykjavík fined ISK 2,000,000 for the use of Google Workspace for Education
26 April 2024
News
… of Reykjavík infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to ensure that data is not further processed …
EDPB publishes new register containing One-Stop-Shop decisions
25 June 2020
News
… following the One-Stop-Shop cooperation procedure (Art. 60 GDPR) on its website. Under the GDPR, Supervisory Authorities have a duty to cooperate on … information showcasing how SAs work together to enforce the GDPR in practice. The information in the register has been …
Temperature checks at Brussels Airport (Belgium) as part of the fight against COVID-19
21 April 2022
News
… Rescue team Legal Reference: Article 5 § 1 c) of the GDPR; Article 6 of the GDPR; Article 9 of the GDPR; Article 12 combined with 13 §1 c) of the GDPR; …
Failure of an airline company to inform the data subject of completion of erasure request, failure of transparency obligations
12 March 2024
News
… SA founded that the data controller infringed Article 12(3) GDPR because it failed to inform the Data Subject of the … of transparent data processing according to Article 5(1)(a) GDPR as the Data Subject could not see what additional data, … data. The Hungarian SA has also found that Article 5(2) GDPR cannot be regarded as a provision requiring mandatory …