Search results | European Data Protection Board

Commercial prospecting and rights of individuals: EDF France fined 600 000 euros
1 December 2022
News
… Postal and Electronic Communications Code and 7 of the GDPR) obligations of information (Articles 13 and 14 of the GDPR) and to respect the exercise of rights (Articles 13 and 14 of the GDPR) obligation to ensure security of personal data …
EDPB requests that Irish SA amends WhatsApp decision with clarifications on transparency and on the calculation of the amount of the fine due to multiple infringements
2 September 2021
News
… a dispute resolution decision on the basis of Art. 65 GDPR. This binding decision seeks to address the dispute … supervisory authorities (CSAs). In accordance with the GDPR, the EDPB’s binding decision has now been published, … IE SA already identified a severe breach of Art. 12-13-14 GDPR. The EDPB identified additional shortcomings with the …
Twelfth Plenary Session: adopted documents
15 July 2019
News
… Committee on the implications of the US CLOUD Act Art.64 GDPR Opinion on Standard Contractual Clauses for processors under Art.28.8 GDPR by DK SA Art. 64 GDPR Opinion on Accreditation Criteria for monitoring bodies …
EDPBI:MT:OSS:D:2019:26
4 March 2019
… Data Protection Regulation - Regulation (EU) 2016/679 ("GDPR" or "the Regulation). The complainant contended that … that the controller did not infringe the provisions of the GDPR, and consequently dismissed the compliant. … Decision …
Europe’s new data protection rules and the EDPB: giving individuals greater control
25 May 2018
Press releases
… is created by the General Data Protection Regulation (GDPR), which enters into application today. The EDPB, which … authorities to ensure a consistent application of the GDPR throughout the European Union. Andrea Jelinek, Chair of … to protect their personal data. I am convinced that the GDPR gives individuals and supervisory authorities the means …
Romanian Supervisory Authority fine against Hora Credit IFN S.A.
10 December 2019
News
… certain provisions of General Data Protection Regulation (GDPR). The controller was sanctioned as follows: for the … mentioned in Article 83 paragraph (5) letter a) of GDPR – fine in the amount of 14336.1 lei, the equivalent of … mentioned in Article 83 paragraph (4) letter a) of GDPR – fine in the amount of 47787 lei, the equivalent of …
The Portuguese Supervisory Authority fines the Portuguese National Statistics Institute (INE) 4.3 million EUR
19 December 2022
News
… Statistics Institute (INE) Legal Reference: article 9(1) GDPR; article 12 GDPR; article 13 GDPR; article 28(1), (6) and (7) GDPR; article 35(1), (2) …
Europe’s new data protection rules and the EDPB: giving individuals greater control
25 May 2018
Press releases
… is created by the General Data Protection Regulation (GDPR), which enters into application as of today. The EDPB, … authorities to ensure a consistent application of the GDPR throughout the European Union, as well as consistent … data are inherent to human beings. I am convinced that the GDPR gives individuals and supervisory authorities the means …
Simplification of record-keeping obligation: EDPB and EDPS adopt letter to EU Commission
8 May 2025
News
… the simplification of record-keeping obligation under the GDPR, amounting to a targeted amendment of Art. 30(5) GDPR. The joint letter replies to the letter sent by the … how it intends to introduce specific modifications to the GDPR. The EDPB and EDPS understand that a formal …
The Icelandic SA: The municipality of Kópavogur fined ISK 4,000,000 for the use of the Seesaw educational system
2 May 2023
News
… did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to provide a transparent arrangement for the … out jointly with another data controller (Article 26 GDPR) Failure to demonstrate a lawful ground for all processing operations (Article 6 GDPR) Failure to comply with the obligation to process …
EDPB Launches Data Protection Guide for small business
27 April 2023
News
… compliant. The Guide aims to raise awareness about the GDPR and to provide practical information to SMEs about GDPR compliance in an accessible and easily understandable … tools and practical tips to help them comply with the GDPR. It includes concrete examples gathered during our 5 …
Icelandic SA: the municipality of Hafnarfjörður fined EUR 18.580 for the use of Google Workspace for Education
26 April 2024
News
… of Hafnarfjörður infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
Icelandic SA: the municipality of Reykjanesbær fined EUR 16.590 for the use of Google Workspace for Education
26 April 2024
News
… of Reykjanesbær infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
EDPB adopts first opinion on certification criteria
2 February 2022
News
… 2 February 2022 EDPB The EDPB adopted its opinion on the GDPR-CARPA certification scheme submitted to the Board by … on criteria for a nationwide certification scheme. The GDPR-CARPA certification scheme is a general scheme, which … said: “This opinion is an important step towards greater GDPR compliance. The main aim of certification mechanisms is …
Legal Framework
… was created by the EU General Data Protection Regulation (GDPR), adopted on 27 April 2016 and published in the EU … on 4 May 2016. Please note that a corrigendum of the GDPR was published in the Official Journal on 23 May 2018 … version of the EU General Protection Regulation (GDPR) is available here . The GDPR, which entered into …
EDPB adopts Art. 65 decision regarding WhatsApp Ireland
28 July 2021
News
… a dispute resolution decision on the basis of Art. 65 GDPR. The binding decision seeks to address the lack of … its transparency obligations pursuant to Art. 12, 13 & 14 GDPR. On 24 December 2020, the LSA shared its draft decision with the CSAs in accordance with Art. 60 (3) GDPR. The CSAs issued objections pursuant to Art. 60 (4) …
Irish Supervisory Authority announces decision in Facebook “Data Scraping” inquiry
1 December 2022
News
… and consistency mechanism outlined in Article 60 GDPR. LSA: Irish Supervisory Authority (SA). and CSAs: all … Ireland Limited) (‘Meta Platforms’). Legal Reference: GDPR obligation for Data Protection by Design and Default (Article 25 GDPR). Decision: infringement of Articles 25(1) and 25(2) …
European Data Protection Board - Eighth Plenary session
14 March 2019
Press releases
… - Eighth Plenary session: Interplay ePrivacy Directive and GDPR, statement on ePrivacy Regulation, DPIA Lists ES & IS, … topics were discussed. Interplay ePrivacy Directive and GDPR The EDPB adopted its opinion on the interplay between … of personal data triggers the material scope of both the GDPR and the ePrivacy Directive, limits the competences, …
Icelandic SA: the municipality of Kópavogur fined EUR 19.907 for the use of Google Workspace for Education
26 April 2024
News
… of Kópavogur infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
EDPBI:UK:OSS:D:2019:31
3 August 2019
… of Article 5 of the General Data Protection Regulation (‘GDPR’) requires that the personal data processed by … controller did not comply with its obligations under the GDPR as it did not take sufficient action to assure itself …