27 April 2021
… also a failure to cooperate 27 April 2021 Poland The Polish Data protection Authority, stating that PNP SA with its … office in Warsaw violated the provisions of the General Data Protection Regulation, imposed an administrative fine … by failing to respond to the Polish DPA's requests, breached its obligation to provide the supervisory authority …
25 September 2025
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … access to the IT systems was blocked, resulting in a breach of the confidentiality and availability of personal …
21 May 2025
… professionals in the sector, particularly those who resell data, including the many intermediaries in this ecosystem known as data brokers. The French SA carried out investigations on … on the market, the financial benefit derived from the breaches, and the measures taken by the company to comply …
19 March 2019
… Municipality 19 March 2019 On March 19th, the Norwegian Data Protection Authority imposed an administrative fine of … the municipality’s computer system, containing the personal data of over 35,000 pupils and employees of the … individuals, primarily children The fact that the security breach encompasses personal data to over 35 000 individuals, …
22 May 2019
… days short of the GDPR’s first anniversary, the European Data Protection Board surveyed the Supervisory Authorities … 2017. Over 144.000 queries and complaints* and over 89.000 data breaches have been logged by the EEA Supervisory …
24 November 2020
… the City of Stockholm 24 November 2020 Sweden The Swedish Data Protection Authority has reviewed the so-called School … Board of Education in the City of Stockholm. The Swedish Data Protection Authority has received a number of personal data breach notifications from the City of Stockholm's Board of …
16 May 2022
… Controller: The municipality of Reykjavík. Legal Reference: data protection principles (Article 5), lawfulness of processing (Article 6), transparency (Article 13), data protection by design and default (Article 25), joint … SA concluded that the municipality of Reykjavík had breached various provisions of the GDPR using Seesaw. …
12 February 2019
… Administrative Arrangement for the transfer of personal data between European Economic Area (“EEA”) Financial … 8 adopted 3 The European Data Protection Board Having regard to Article 63, Article … such as “personal data”, “processing”, “personal data breach”, “right of access”, “right of erasure” which are in …
21 October 2022
… regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR) 10 … the design choices for a digital euro from the privacy and data protection perspective 10 October 2022 Publication … public consultation. Guidelines 9/2022 on personal data breach notification under GDPR 10 October 2022 Publication …
15 June 2021
… for inadequate testing 15 June 2021 Norway The Norwegian Data Protection Authority has fined the Norwegian … GDPR violation. The backdrop for this case is that personal data about 3.2 million Norwegians was available online for … Data Protection Authority also found the incident to be in breach of the principles of legality, data minimisation and …
27 July 2020
… on July 9th on account of several instances of unlawful data processing that were mostly related to marketing. The … similar infringements that had occurred when the previous data protection law was in force. The fine was imposed … activities to call centres, which collected data in breach of the law. The pleadings submitted by Wind Tre and …
5 May 2022
… not exclusively against Google LLC, even if it is the sole data controller. On the basis of the CJEU's Google Spain … shortcomings of the GDPR by Google LLC, (2) that these breaches are attributable to Google Belgium SA and (3) that … SA (highest level of protection for the benefit of the data subjects). Decision Even if the BE SA dismissed the …
31 October 2019
… entity 31 October 2019 Poland The President of the Personal Data Protection Office (“The President of the Office”) … was that the mayor of the city did not conclude a personal data processing agreement with the entities to which he … 5(2) of the GDPR). The principle of accountability was also breached in connection with the shortcomings in the register …
29 March 2022
… reference Article 32 (Security of processing) Keywords Data security Personal data breach Outcome Reprimand Decision 79.9KB Download … Decision …
26 June 2019
… into the controller UNICREDIT BANK S.A. and found that it breached the provisions of Article 25 (1) of Regulation (EU) … natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data …
29 April 2021
… Article 5 (Principles relating to processing of personal data) Keywords Personal data breach Data security Children Education Outcome …
21 February 2025
… reference Article 32 (Security of processing) Keywords Data security Personal data breach Outcome Dismissal/Rejection of the case …
16 May 2024
… Article 5 (Principles relating to processing of personal data) Keywords Retention time Personal data breach Outcome Dismissal/Rejection of the case No …
4 October 2023
… Article 5 (Principles relating to processing of personal data) Article 15 (Right of access by the data subject) Article 34 (Communication of a personal data breach to the data subject) Keywords Data minimisation Data …
2 September 2021
… the draft decision of the IE SA already identified a severe breach of Art. 12-13-14 GDPR. The EDPB identified additional … Art. 5(1)(a) GDPR . Regarding WhatsApp IE’s collection of data of non-users - when users decide to use the Contact … IE does not lead to anonymisation of the collected personal data. Regarding the imposed fine and the calculation of the …