Search results | European Data Protection Board

EDPB annual report 2024: protecting personal data in a changing landscape
23 April 2025
Press releases
… EDPB annual report 2024: protecting personal data in a changing landscape 23 April 2025 EDPB Brussels, 23 April - The European Data Protection Board (EDPB) has published its 2024 Annual …
Polish DPA Fines ENEA S.A.: A data breach must be notified to the supervisory authority
11 January 2021
News
… Polish DPA Fines ENEA S.A.: A data breach must be notified to the supervisory authority 11 … 000) on ENEA S.A. company for failing to notify a personal data breach. The Personal Data Protection Office (UODO) received information about the …
Finnish SA: pharmacy company Yliopiston Apteekki issued administrative fine for online shop data protection shortcomings
17 June 2025
Press releases
… Apteekki issued administrative fine for online shop data protection shortcomings 17 June 2025 Finland Background … Article 5 (Principles relating to processing of personal data), Article 25 (Data protection by design and by …
Polish SA: administrative fine of EUR 1 170 for Social Welfare Centre and EUR 2 341 EUR for Mayor of Aleksandrów for ignoring the risk of ransomware attack
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 …
Polish SA: administrative fine of EUR 4 022 773 for McDonald’s Polska sp. z o.o. and EUR 43 680 for 24/7 Communication Sp. z o.o. for negligence in risk analysis and safeguards
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 … data subject), Article 38 (Position of the data protection officer) Decision: Administrative fine Key words: …
EDPB adopts statement on DPAs role in AI Act framework, EU-U.S. Data Privacy Framework FAQ and new European Data Protection Seal
17 July 2024
News
… adopts statement on DPAs role in AI Act framework, EU-U.S. Data Privacy Framework FAQ and new European Data Protection Seal 17 July 2024 EDPB Brussels, 17 July - …
Zdravko Vukić elected new Deputy Chair of the European Data Protection Board
19 June 2024
Press releases
… Zdravko Vukić elected new Deputy Chair of the European Data Protection Board 19 June 2024 EDPB Brussels, 19 June - … from 2005 to 2016, he served as a Chief Human Resources Officer in charge of the organisation's employees and legal …
Polish DPA fines Surveyor General of Poland: Full inspection must be carried out
20 July 2020
News
… be carried out 20 July 2020 The President of the Personal Data Protection Office (UODO), after having conducted an … protection, and whether GGK has appointed a Data Protection Officer. Unfortunately, due to the lack of access by the …
EDPB publishes final version of guidelines on data transfers to third country authorities and SPE training material on AI and data protection
5 June 2025
News
… EDPB publishes final version of guidelines on data transfers to third country authorities and SPE training material on AI and data protection 5 June 2025 EDPB Brussels, 05 June - During its … to professionals with a legal focus like data protection officers (DPO) or privacy professionals. The second report, …
The Polish supervisory authority imposed first administrative fine on a public entity
31 October 2019
News
… entity 31 October 2019 Poland The President of the Personal Data Protection Office (“The President of the Office”) imposed … was that the mayor of the city did not conclude a personal data processing agreement with the entities to which he …
Polish SA: administrative fine of 262 500 € for hidden video surveillance in neonatology department and failure to implement appropriate security measures
2 May 2025
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 13 (Information to be provided where … 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security …
CEF 2025: EDPB selects topic for next year’s Coordinated Action
10 October 2024
News
… 10 October - During its October 2024 plenary, the European Data Protection Board (EDPB) selected the topic for its fourth … sector, the designation and position of Data Protection Officers and the implementation of the right of access by …
Polish SA: administrative fine of 81 000 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data), Article 28 (Processor), Article 34 (Communication of …
Minors: Italian SA sanctions nursery school. Cameras installed without safeguards and photos of children published online
18 November 2025
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 7 … are collected from the data subject), Article 35 (Data protection impact assessment), Article 37 (Designation of the data protection officer), Article 38 (Position of the data protection …
EDPB publishes CSC biannual report and work programme 2025-2026
13 February 2025
News
… Information System (IMI) transparency obligations for data controllers . In addition, in July 2023, the CSC … ‘Europol’s information systems - a guide for exercising data subjects’ rights: the right of access, rectification, … programme 2025-2026 . To ensure a continuous high level of protection of individuals’ rights, the Committee will …
Polish DPA: Breach of the GDPR provisions by Funeda results in a fine
19 March 2021
News
… Sp. z o.o. company breached the provisions of the General Data Protection Regulation (GDPR) by not cooperating with Polish Data Protection Authority in the scope of performing the …
Administrative fine imposed on the Finnish Motor Insurers’ Centre for the collection of unnecessary patient information
8 February 2022
News
… Lawfulness, fairness and transparency (Art. 5(1)(a)), data minimisation (Art. 5(1)(c)), data protection by design and by default (Art. 25(2)) …
Legal Framework - Coordinated Supervision Committee
… of 23 October 2018. Article 62 provides that the European Data Protection Supervisor (EDPS) and the national supervisory … coordinating the supervision of the processing of personal data in an EU large scale IT system or body, office or …
Polish SA fines controller EUR 5300 for failure to implement appropriate security measures
20 April 2023
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … of more than 5 300 EUR (23 580 PLN) on the Disciplinary Officer of the Bar Association for breaching the provisions …
ICO statement: Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach
9 July 2019
News
… International, Inc more than £99 million under GDPR for data breach 9 July 2019 United Kingdom Statement in response … Office (ICO) intends to fine it for breaches of data protection law. Following an extensive investigation …