Search results | European Data Protection Board

Polish SA: administrative fine of 81 000 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… data. This was because, contrary to the indications of the GDPR the controller had not carried out an adequate risk … so that the processing meets the requirements of the GDPR and protects the rights of data subjects (point I(b) of … to comply with the principle of accountability under the GDPR (Article 5(2)) both before and after the incident. At …
Finnish SA: Fine for a company for carrying out direct marketing with robocalls without consent
6 July 2021
News
… required by the General Data Protection Regulation (GDPR) for carrying out direct marketing. The Office of the … their rights as data subjects in accordance with the GDPR, because the robot could not understand the question of … and the method for obtaining it were not compliant with the GDPR, because consent was not requested separately for …
Italian Garante - E-INVOICES: NO DATABASE TO BE SET UP BY ITALY’S REVENUE AGENCY. NO E-INVOICES FOR HEALTH CARE SERVICES
20 March 2019
News
… relying on the new powers set out in Article 58 of the EU GDPR. The warning was addressed to the Revenue Agency to … the 15 th of April this year, pursuant to Article 35 of the GDPR. The Garante had already emphasized that the Agency … data protection by design approach that is set forth in the GDPR; indeed, the Garante had pointed out that such a …
The Secretariat of the European Data Protection Board
25 May 2018
Press releases
… all the tasks it is required to carry out under the GDPR. The EDPB Secretariat is composed of legal experts, … all the tasks it is required to carry out under the GDPR. The EDPB Secretariat is composed of legal experts, …
EDPB establishes cookie banner taskforce
27 September 2021
News
… was established in accordance with Art. 70 (1) (u) GDPR and aims to promote cooperation, information sharing … was established in accordance with Art. 70 (1) (u) GDPR and aims to promote cooperation, information sharing …
European Data Protection Board - Our Mission
14 March 2018
… their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory … their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory …
Data Protection Day 2023
27 January 2023
News
… Data Protection Day, we invite you to take a look back at GDPR enforcement over the last few years and explore how the … Data Protection Day, we invite you to take a look back at GDPR enforcement over the last few years and explore how the …
Data protection issues arising in connection with the use of Artificial Intelligence
20 May 2022
News
… 12(1), 13, 21(1), 21(2), 24(1), 25(1), and 25(2) of the GDPR, Order to comply with the above Articles, Imposing … the serious infringement of numerous articles of the GDPR for a long period, ordered the data controller to stop … continue the data processing if made compliant with the GDPR, and issued an administrative fine in HUF equal to …
The French SA fines SOLOCAL €900 000
21 May 2025
News
… consent, in compliance with the requirements of the GDPR, which would have formed the basis for the prospecting … to processing of his or her personal data (Article 7 of the GDPR): The company failed to provide the French SA with … Code (CPCE) and the General Data Protection Regulation (GDPR) regarding the collection and proof of consent. It …
Croatian SA imposed an administrative fine on debt collection agency B2 Kapital
16 May 2023
News
… from May 25, 2018 until today. Contrary to Article 28 the GDPR, the data controller did not conclude a contract on … personal data , which is contrary to Article 32.2 of the GDPR. Due to not undertaking appropriate measures, the … EUR due to violations of Articles 13, 28 and 32 of the GDPR. For further information: Agenciji za naplatu …
EDPB adopted documents - 26th, 28th and 30th plenary
9 June 2020
News
… to NGOs on Hungarian government decrees Statement on Art 23 GDPR … to NGOs on Hungarian government decrees Statement on Art 23 GDPR …
December Plenary - adopted documents
12 January 2022
News
… consultation) Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory … consultation) Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory …
Thirty-first Plenary session: Establishment of a taskforce on TikTok, Response to MEPs on use of Clearview AI by law enforcement authorities, Response to ENISA Advisory Group, Response to Open Letter NYOB
10 June 2020
Press releases
… by all data controllers whose processing is subject to the GDPR, in particular when it comes to the transfer of … data by public authorities or the application of the GDPR territorial scope, in particular when it comes to the processing of minors’ data. The EDPB recalls that the GDPR applies to the processing of personal data by a …
Imposition of a fine on a bank for an incident of personal data breach
30 April 2025
News
… breach to the data subject) Decision: infringement of the GDPR, administrative fines imposed Key words: access … default, in conjunction with Articles 32, 33, and 34 of the GDPR, as well as an administrative fine of EUR 20,000 for … breach to the data subject) Decision: infringement of the GDPR, administrative fines imposed Key words: access …
Legacy: Art. 29 Working Party
… data until 25 May 2018 (entry into application of the GDPR). Archived news on Art. 29 WP , European Commission … data until 25 May 2018 (entry into application of the GDPR). Archived news on Art. 29 WP , European Commission …
London pharmacy fined after “careless” storage of patient data
20 December 2019
Press releases
… an infringement of the General Data Protection Regulations (GDPR). The ICO launched its investigation into Doorstep … considered the contravention from 25 May 2018, when the GDPR came into effect. Doorstep Dispensaree has also been … Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), …
European Data Protection Board - Second plenary meeting: ICANN, PSD2, Privacy Shield
5 July 2018
Press releases
… thorough preparation of the WP29 in the past two years. The GDPR does not offer a quick fix in case of a complaint but … (ICANN), providing guidance to enable ICANN to develop a GDPR-compliant model for access to personal data processed … personal data concerning registrants in compliance with the GDPR, without leading to an unlimited publication of those …
Employees’ right of access: Italian SA fines Unicredit S.p.A. and orders corrective measures
20 September 2022
News
… delivering the information notice as per Articles 13 and 14 GDPR; the right of access to one’s personal data and the … rights which are set forth in separate provisions of the GDPR and are intended to afford safeguards and protection in … delivering the information notice as per Articles 13 and 14 GDPR; the right of access to one’s personal data and the …
Finnish SA: administrative fine on company for processing health information without an appropriate consent
27 January 2023
News
… that the company did not have the consent required by the GDPR for processing data on body mass indices and maximal … The consent requested did not meet the requirements of the GDPR as it was not specific and informed. The SA finds that … that the company did not have the consent required by the GDPR for processing data on body mass indices and maximal …
EDPB and EDPS support harmonisation of clinical trials under European Biotech Act, but call for specific safeguards for sensitive health data
12 March 2026
Press releases
… data should always be based on a legal basis under the GDPR. “Europe’s ambition to lead in medical innovation must … legal basis for clinical trials, which will facilitate GDPR compliance and strengthen consistency across the Union. … Wiewiórowski Topics: EU Legislative proposal and strategy GDPR Health Artificial intelligence Legal basis Controller …