… Authorities (SAs) to settle disputes when they enforce the GDPR. Such disputes may arise when SAs do not reach an … protection of personal data and draft legislation (Art. 70 GDPR). In some instances, the EDPB issues Joint Opinions … Supervisory Authorities on cross border matters (Art. 64 GDPR). If authorities fail to respect an opinion issued by …
27 January 2020
… of personal data", as defined under Article 9(1) of the GDPR. Providing personal data to an automated system, … needs to be in line with the principles defined in the GDPR. The controller carried out an impact assessment of the … issues with specific rules in line with article 88 of the GDPR. After assessing all the elements gathered for the …
4 December 2019
… the plenary, several topics were discussed. Art. 64 GDPR Opinion on Accreditation Requirements for Codes of … Right to be Forgotten in the search engine cases under the GDPR” (part 1) The Board adopted draft guidelines on “the … Right to be Forgotten in the search engine cases under the GDPR.” The guidelines provide an interpretation of Art. 17 …
23 October 2019
… on the basis of the evidence that ÖPAG had violated the GDPR by processing personal data on the alleged political … purpose of direct marketing, as this is not covered by the GDPR. These violations of the GDPR were committed unlawfully and culpably, which is why …
25 May 2018
… the greatly anticipated General Data Protection Regulation (GDPR) entered into application and its pre-decessor … role is to safeguard the consistent application of the GDPR, but it has additional competences. It advises the … will be crucial for the success and effectiveness of the GDPR. Agenda First Plenary 224.3KB English Download …
25 September 2025
… was signed, despite the fact that in accordance with the GDPR (Art. 28 (4) and (9)) and the concluded obligation … concerning the protection of personal data (Article 38 (1) GDPR). In McDonald’s, the DPO was not involved in the … fine of 387 738 € for infringement of Article 28 (1) of the GDPR, EUR 3 231 143 for infringement of Article 24 (1), 25 …
12 August 2019
… which did not meet the criteria set out in Art. 7 GDPR and also violated its duty to provide information pursuant to Art. 13, 14 GDPR. Moreover, despite handling sensitive data, no data protection impact assessment, pursuant to Art. 35 GDPR, was carried out. The administrative fine is not final …
16 June 2020
… processing of his data for marketing purposes (article 15.3 GDPR), and for not collaborating with the authority (article 31 GDPR). In a previous decision, the Belgian DPA had ordered … a complete lack of interest for both the application of the GDPR and the procedure. For this attitude, as well as the …
5 November 2019
… for violations of the General Data Protection Regulation (GDPR). During on-site inspections in June 2017 and March … and nine months after the start of application of the GDPR, the company was still unable to either demonstrate a … imposition of a fine for an infringement of Article 25 (1) GDPR and Article 5 GDPR during the period between May 2018 …
7 October 2020
… Register, constitutes unlawful processing (article 6.1 GDPR), as the legal ground for the processing activities in … carrying out a task in the public interest (article 6.1.e. GDPR), and this processing in concreto was not necessary to … data minimisation (resp. article 5.1.d. and article 5.1.c. GDPR.), which means the institution breaches these …
16 December 2020
… adopted an information note on data transfers under the GDPR after the Brexit transition period ends . The EDPB … on restrictions of data subject rights under Article 23 GDPR . The guidelines aim to recall the conditions … in light of the Charter of Fundamental Rights and the GDPR. They provide a thorough analysis of the criteria to …
6 November 2019
… of processing of personal data, specified in the GDPR. The President of the Personal Data Protection Office … actions were also inconsistent with Article 7(3) of the GDPR. The company did not take into account the principle … of the subject rights, as required by Article 12(2) of the GDPR. The proceedings of the President of PDPO established …
24 February 2023
… the provisions on international transfers as per Chapter V GDPR : The Guidelines clarify the interplay between the territorial scope of the GDPR (Art. 3) and the provisions on international transfers … design patterns in social media interfaces that infringe on GDPR requirements. The guidelines give concrete examples of …
2 July 2025
… that the DSP: infringed Articles 5(1)(a), 6(1), and 9(1) GDPR by failing to identify a valid lawful basis for the … regard to the preceding finding, infringed Article 5(1)(e) GDPR by retaining biometric data collected as part of SAFE 2 registration; infringed Articles 13(1)(c) and 13(2)(a) GDPR by failing to put in place suitably transparent …
15 April 2024
… Key Findings The French SA found several breaches of the GDPR: Failure of the obligation to have a legal basis for processing data (Article 6 GDPR). The misleading appearance of the data collection … not have a valid legal basis for data collection (Article 6 GDPR) for commercial prospecting by phone calls. It also …
15 January 2024
… Key Findings The French SA found several breaches of the GDPR: Failure to comply with the obligation to retain data … purpose for which it was collected (article 5.1.e of the GDPR) Failure to comply with the obligation to inform individuals (Articles 12 and 13 of the GDPR) Failure to comply with the obligation to ensure the …
19 December 2023
… any of the draft pledge principles would be contrary to the GDPR and the ePrivacy Directive. The draft pledging … by organisations does not equal compliance with the GDPR or ePrivacy Directive. The data protection authorities … competent to exercise their powers when necessary. Topics: GDPR e-Privacy …
… context of scientific research Study on the enforcement of GDPR obligations against entities established outside the EEA but falling under Article 3(2) GDPR Study on the national administrative rules impacting … study on the appropriate safeguards under Article 89(1) GDPR for the processing of personal data for scientific …
12 September 2022
… Affairs, Greek Seamen’s Fund (NAT) Legal Reference: GDPR: Principles relating to processing of personal data … assessment (Article 35) Decision: Infringement of the GDPR, Reprimand, Administrative fines Key words: Ex officio … (SA), in exercising its ex officio competence under the GDPR and the national Law 4624/2019 , examined the …
23 January 2025
… Key Findings The CNIL found several breaches of the GDPR: Failure to comply with the obligation to have a legal basis (Article 6 of the GDPR) Failure to comply with the obligation to define and … to the purpose of the processing (Article 5-1-e of the GDPR) Failure to comply with the obligation to provide …