Search results | European Data Protection Board

Fifteenth Plenary Session: adopted documents
22 November 2019
News
… Privacy Shield Guidelines on the Territorial Scope of the GDPR (version following public consultation) Guidelines on … Privacy Shield Guidelines on the Territorial Scope of the GDPR (version following public consultation) Guidelines on …
Safety of property can be a legitimate interest for GPS tracking, but the measure must be appropriate and necessary
4 October 2022
News
… Data Protection Act), Article 5.1(c) and 6.1(f) of the GDPR Decision: Order to comply Key words: GPS tracking … processing the personal data pursuant to Article 6 of the GDPR. Decision The Slovenian SA was assessing whether … was lawful in accordance to Article 6.1 (f) of the GDPR – legitimate interests. Slovenian SA confirmed that …
Polish DPA: Bank Millennium fined for failure to notify the breach and the data subjects about the incident
22 November 2021
News
… data subject (Article 34(1)) Decision: Infringement of the GDPR, fine imposed, order to comply Key words: Obligation to … — it did not meet the requirements set out in the GDPR. Key Finding In the course of the case, it turned out … by the breach in the manner set out in Art. 34(2) of the GDPR. For further information: …
Belgian DPA imposes €50,000 Fine on Family Service
1 February 2021
News
… and fathers-to-be in Belgium, for various breaches of the GDPR. Family Service is a marketing company that … of 50,000 euro, and ordered the company to comply with the GDPR. Given the size of the company, this is a considerable … model of Family Service is clearly not compliant with the GDPR. To read the decision (in Dutch) click here . For …
European Data Protection Board - Thirty-fifth Plenary session: Information note on Binding Corporate Rules with UK SA as Lead Authority
23 July 2020
News
… UK SA will no longer qualify as a competent SA under the GDPR at the end of the transition period, the approval decisions of the UK SA taken under the GDPR will no longer have legal effect in the EEA. In … of the EDPB. Any BCR approved by the UK SA under the GDPR will require the new EEA BCR Lead SA to issue a new …
Polish SA: administrative fine of 2 500 € for the way of collecting the data
28 November 2024
News
… took place, but in his opinion there was no breach of the GDPR provisions. However, the proceeding conducted by the … the DPA revealed a breach of a number of provisions of the GDPR, including those relating to personal data security. … € for infringement of Articles 24, 25, 32, 33 and 34 of the GDPR. In the decision, the President of the Personal Data …
Facial recognition at airports: individuals should have maximum control over biometric data
24 May 2024
Press releases
… with the storage limitation principle (Article 5(1)(e) GDPR), the integrity and confidentiality principle (Article 5(1)((f)) GDPR, data protection by design and default (Article 25 GDPR) and security of processing (Article 32 GPDR). …
EDPBI:NO:OSS:D:2020:108
18 May 2020
… in the meaning of the General Data Protection Regulation (GDPR). They confirmed that the head office in Norway makes … the doctor’s opinion as covered by the right of access in GDPR art. 15 and about their routines for handling of access …
EDPB establishes cookie banner taskforce
27 September 2021
News
… was established in accordance with Art. 70 (1) (u) GDPR and aims to promote cooperation, information sharing … was established in accordance with Art. 70 (1) (u) GDPR and aims to promote cooperation, information sharing …
The Secretariat of the European Data Protection Board
25 May 2018
Press releases
… all the tasks it is required to carry out under the GDPR. The EDPB Secretariat is composed of legal experts, … all the tasks it is required to carry out under the GDPR. The EDPB Secretariat is composed of legal experts, …
European Data Protection Board - Our Mission
14 March 2018
… their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory … their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory …
Data Protection Day 2023
27 January 2023
News
… Data Protection Day, we invite you to take a look back at GDPR enforcement over the last few years and explore how the … Data Protection Day, we invite you to take a look back at GDPR enforcement over the last few years and explore how the …
EDPB determines privacy recommendations for use of cloud services by public sector & adopts report on Cookie Banner Task Force
18 January 2023
Press releases
… need for public bodies to act in full compliance with the GDPR and includes recommendations for public sector … to cloud services and they face difficulties in obtaining GDPR-compliant services and products. Personal data handled … point of reference for public bodies looking at sourcing GDPR-compliant cloud services.” In the course of 2022, 22 …
IDPC - Lands Authority Personal Data Breach
20 February 2019
News
… of Article 32 of the General Data Protection Regulation (GDPR) and, in terms of Article 21 of the Data Protection Act … account the circumstances set out under Article 83.2 of the GDPR. The temporary ban imposed on the Authority’s portal … of Article 32 of the General Data Protection Regulation (GDPR) and, in terms of Article 21 of the Data Protection Act …
EDPB adopts Recommendations on the application for approval and on the elements and principles to be found in Controller Binding Corporate Rules
15 November 2022
News
… BCR applications since the entering into application of the GDPR. The recommendations provide additional guidance and … essentially equivalent to the one provided by the GDPR. The aim of these recommendations is to: provide an … BCR applications since the entering into application of the GDPR. The recommendations provide additional guidance and …
Coordinated investigation of the role of data protection officers
… According to the General Data Protection Regulation (GDPR), public authorities and certain businesses are obliged … DPOs have the role and position required by Articles 37-39 GDPR and the resources needed to carry out their tasks. The … According to the General Data Protection Regulation (GDPR), public authorities and certain businesses are obliged …
EDPB adopts final version of Guidelines on the calculation of administrative fines following public consultation
7 June 2023
News
… a legally binding decision on the basis of Art. 65(1)(a) GDPR. Following public consultation, the guidelines were … of the EDPB Guidelines on the application of Art. 60 GDPR and changes to the EDPB Rules of Procedure. In … a legally binding decision on the basis of Art. 65(1)(a) GDPR. Following public consultation, the guidelines were …
EDPBI:DEBE:OSS:D:2019:46
3 September 2019
… Final Decision Art 60 Complaint No infringement of the GDPR Background information Date of final decision: 3 … of access (Article 15) Decision: No infringement of the GDPR Key words: Right of access, Transparency and … the controller had complied with his obligations under the GDPR. 2 Furthermore, the LSA was informed by the SA …
Data breach: the Italian SA fines INAIL EUR 50,000
10 June 2022
News
… Insurance Against Occupational Accidents. Legal Reference: GDPR: Art. 5.1, letters a) and f) (lawfulness, fairness and … personal data). Decision: finding of infringements of the GDPR (imposition of administrative fine); finding of data … users’) personal data including health data (Art. 4.10 GDPR), which amounted to the unauthorised disclosure of …
Icelandic SA fines eCommerce 2020 ApS EUR 50 204 for processing credit information without a legal basis
27 June 2023
News
… lawful ground for all processing operations (Article 6 (1) GDPR) Failure to comply with the obligation to process … fairly and in a transparent manner (Article 5(1)(a) GDPR) Decision No provision that clearly stipulates the … data unlawfully and against Articles 5(1)(a) and 6(1) GDPR, as the company could not rely on any legal basis. …