Search results | European Data Protection Board

The Icelandic SA: The University of Iceland fined 1.500.000 ISK for the use of video surveillance
6 September 2023
News
… Article 5 (Principles relating to processing of personal data), Article 12 (Transparent information, communication, … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … system, unfairly and in an untransparent manner, in breach of Article 5(1)(a), and had not informed the data …
EDPBI:FR:OSS:D:2021:297
22 November 2021
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data security Notification of personal data breach Outcome …
EDPBI:NL:OSS:D:2020:173
10 December 2020
Decision by the SA
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Notification of personal data breach Administrative fine Outcome Administrative fine …
EDPBI:SE:OSS:D:2022:465
18 August 2022
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Definition of controller Personal data breach Outcome No violation Decision 75.3KB Download … …
EDPBI:AT:OSS:D:2021:264
4 August 2021
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Personal data breach Outcome No sanction Decision 152.1KB Download … …
Swedish SA: Administrative fine against two companies in the SL Group
17 July 2025
News
… Article 9 (Processing of special categories of personal data), Article 83 (General conditions for imposing … fines) Decision: Administrative fine Key words: Personal data breach, Sensitive data, Administrative fine, Data retention, …
EDPBI:DK:OSS:D:2023:734
2 May 2023
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Data subject …
EDPBI:FR:OSS:D:2022:437
28 July 2022
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data security Encryption Notification of personal data …
EDPBI:FR:OSS:D:2024:1433
4 September 2024
… NO Main legal reference Article 15 (Right of access by the data subject) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Personal data …
Dutch DPA: Orthodontic practice fined for unsecured patient website
10 June 2021
News
… patient website 10 June 2021 Netherlands The Dutch Data Protection Authority (DPA) has imposed a €12,000 fine … website. As a result, patients’ sensitive personal data, such as their citizen service number (BSN), could have … case. If the confidentiality of sensitive personal data is breached, this could put people at serious risk. It could, …
EDPBI:NO:OSS:D:2023:850
21 June 2023
… Article 5 (Principles relating to processing of personal data) Article 32 (Security of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data …
EDPBI:FR:OSS:D:2024:1411
19 August 2024
… of the controller) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Accountability Personal data breach Outcome Dismissal/Rejection of the case …
EDPBI:DEHE:OSS:D:2020:162
11 November 2020
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Data security …
EDPBI:NO:OSS:D:2021:219
12 May 2021
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data security Personal data breach Outcome No violation …
Personalised advertising: French SA fined CRITEO EUR 40,000,000
15 June 2023
News
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 15 … into CRITEO. Key Findings The French SA found five breaches of the GDPR: Failure to demonstrate that the person …
One-Stop-Shop case digests
… taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external … One-Stop-Shop case digest on Security of Processing and Data Breach Notification 18 January 2024 Publication Type: …
The French SA fines Clearview AI EUR 20 million
20 October 2022
News
… AI Legal Reference: Lawfulness of processing of personal data (article 6 of the GDPR), Rights of individuals … AI formal notice to cease the collection and use of data of persons on French territory in the absence of a … Key Findings Unlawful processing of personal data (breach of article 6 of the GDPR) Individuals' rights not …
Commercial prospection: the French SA fines TotalEnergies Électricité et Gaz France €1,000,000
6 July 2022
News
… (Article 21), Information to be provided where personal data have not been obtained from the data subject (Article 14), Information, communication and … The amount of this fine was decided in the light of the breaches identified as well as all the measures taken by the …
Guidelines 4/2019 on Article 25 Data Protection by Design and by Default
20 October 2020
Guidelines
… Guidelines 4/2019 on Article 25 Data Protection by Design and by Default 20 October 2020 … Guidelines EDPB … Adopted 1 Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted … appropriate measures designed to prevent and manage data breach incidents; to guarantee the proper execution of data …
EDPBI:EE:OSS:D:2024:445
18 December 2024
… Article 5 (Principles relating to processing of personal data) Article 24 (Responsibility of the controller) Article … of processing) Article 34 (Communication of a personal data breach to the data subject) Keywords Principles …