26 September 2018
… an important tool for the consistent application of the GDPR across the EU. DPIA is a process to help identify and … the types of processing which could require a DPIA, the GDPR calls for the national supervisory authorities to … and challenges of consistency in practice. The GDPR does not require full harmonisation or an 'EU list', …
8 September 2021
… Legal Reference: Data retention period (Article 5.1.e GDPR), Information (Articles 13 & 14 GDPR) Decision: Fine … had failed to comply with articles 5-1-e, 13 and 14 of the GDPR. Decision Breach of Article 5-1-e of the GDPR The … Legal Reference: Data retention period (Article 5.1.e GDPR), Information (Articles 13 & 14 GDPR) Decision: …
10 November 2020
… first dispute resolution decision on the basis of Art. 65 GDPR. The binding decision seeks to address the dispute … draft decision with the CSAs in accordance with Art. 60 (3) GDPR. The CSAs then had four weeks to submit their RROs. … others, the CSAs issued RROs on the infringements of the GDPR identified by the LSA, the role of Twitter …
1 July 2025
… found CDETB: Infringed Articles 5(1)(f), 32(1) and 32(2) GDPR by failing to implement appropriate technical and … the appropriate level of security, Infringed Article 33(1) GDPR by failing to notify the DPC of the breach without undue delay, Infringed Article 34(1) GDPR by failing to notify the affected data subjects of the …
1 March 2023
… case Legal references: Article 83 (1), (2), (4) (a) GDPR (General conditions for imposing administrative fines), Article 57 (1) (a) and (h) GDPR, Article 58 (2) (e) and (i) GDPR, Article 33 (1) GDPR (Notification of a personal data … case Legal references: Article 83 (1), (2), (4) (a) GDPR (General conditions for imposing administrative fines), …
… Tools The principle of accountability under the GDPR requires that organisations put in place appropriate … to put in place a structured approach to their GDPR compliance efforts. These codes, prepared by business associations, of conduct operationalise GDPR obligations. The codes are approved by data protection …
7 December 2023
… adopted an order imposing a temporary ban under Art. 66 (1) GDPR on Meta IE and Facebook Norway AS (“Facebook Norway”) … EDPB concluded that there are ongoing infringements of the GDPR and there is an urgent need to act in light of the … found that there was an ongoing infringement of art. 6 (1) GDPR because of the inappropriate use of the legal bases of …
30 June 2022
… (Articles 44 and 46). Decision: infringement of the GDPR; order to comply; order to suspend data flows to U.S.; … data transfers despite their being in violation of the GDPR. Key Findings: The Italian SA found that Caffeina … be transferred to the U.S. in violation of Chapter V of the GDPR, since the measures adopted by Google to supplement the …
4 January 2021
… period Information note on data transfers under the GDPR after the Brexit transition period Guidelines on restrictions of data subject rights under Article 23 GDPR - version for public consultation Guidelines on the … of the Second Payment Services Directive (PSD2) and the GDPR (following public consultation) Guidelines on articles …
16 December 2021
… law. In seeking to ensure the consistent application of the GDPR, the process leading to consensus or majority positions … law and procedures. Within the framework provided by the GDPR, the Members of the Board work together in a respectful … that hold one position or another – it is simply the GDPR working as intended. In this regard, although not …
24 March 2026
… and competition , 2) the Digital Markets Act (DMA) and the GDPR , and 3) the Digital Services Act (DSA) and the GDPR . During the first panel , speakers emphasised the … panel centred on the joint guidelines on the DMA and the GDPR , which were developed by the European Commission and …
11 December 2019
… Session, the EDPB adopted the following documents: Art. 64 GDPR Opinion on Accreditation Requirements for Codes of … Right to be Forgotten in the search engine cases under the GDPR” (part 1) … Session, the EDPB adopted the following documents: Art. 64 GDPR Opinion on Accreditation Requirements for Codes of …
7 December 2023
… request, hence the Company breached Article 12(3) GDPR when they failed to meet the Complainant’s erasure … right to erasure according to Article 17(1)(b) GDPR. The Company also failed to meet the requirements of … newsletter database, so the Company breached Article 25(1) GDPR. Decision The Hungarian Supervisory Authority …
26 January 2021
… fine of NOK 100 000 000 for not complying with the GDPR rules on consent. - Our preliminary conclusion is that … to users. We consider that this was contrary to the GDPR requirements for valid consent. - Grindr is seen as a … magnitude as our findings suggest grave violations of the GDPR. Grindr has 13.7 million active users, of which …
19 November 2018
… on clinical trials Q&A on the interplay between the GDPR and the Clinical Trials Regulation Following a … developed by the Commission, on the interplay between the GDPR and the Clinical Trials Regulation. Guidelines on … a common interpretation of the territorial scope of the GDPR and provide further clarification on the application of …
… analyse decisions related to different Articles of the GDPR and include examples of final One-Stop-Shop (OSS) … Supervisory Authorities (SAs) work together to enforce the GDPR. They offer an opportunity to read final decisions … of Experts projects Topics: Cooperation between authorities GDPR enforcement English Download One-Stop-Shop case digest …
20 May 2021
… During its plenary session, the EDPB adopted two Art. 64 GDPR opinions on the first draft decisions on transnational … guidance and define specific requirements (i.e. Art. 28 GDPR) for processors in the EU subject to these Codes. They … is of the opinion that both draft codes comply with the GDPR and fulfil the requirements set forth in Art. 40 and 41 …
14 March 2018
… their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory … their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory …
19 February 2021
… that CAIXABANK had violated Articles 13 and 14 of the GDPR. Following Article 83 (5) b of the GDPR, a fine of 2.000.000 EUR was imposed. When deciding on … that this constituted a breach of Article 6 of the GDPR, and according to Article 83 (5) a of the GDPR, an …
24 April 2020
… into the possibility of relying on a derogation of Art. 49 GDPR to enable international flows. The EDPB tackled this … research. In its letter, the EDPB reiterates that the GDPR allows for collaboration between EEA and non-EEA … decisions or appropriate safeguards (included in Article 46 GDPR) should be favoured, according to the EDPB. However, …