Search results | European Data Protection Board

EDPBI:DEBE:OSS:D:2020:103
30 April 2020
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Data security Personal data breach … DD 110613 FD 122414 Final Decision 1. Facts concerning the data breach - Controller: Delivery Hero SE - Description of …
Polish SA: administrative fine of 262 500 € for hidden video surveillance in neonatology department and failure to implement appropriate security measures
2 May 2025
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 13 (Information to be provided where … 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security …
EDPB publishes final version of guidelines on data transfers to third country authorities and SPE training material on AI and data protection
5 June 2025
News
… EDPB publishes final version of guidelines on data transfers to third country authorities and SPE training material on AI and data protection 5 June 2025 EDPB Brussels, 05 June - During its … to professionals with a legal focus like data protection officers (DPO) or privacy professionals. The second report, …
Polish SA: administrative fine of 81 000 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data), Article 28 (Processor), Article 34 (Communication of … Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 …
Minors: Italian SA sanctions nursery school. Cameras installed without safeguards and photos of children published online
18 November 2025
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 7 … are collected from the data subject), Article 35 (Data protection impact assessment), Article 37 (Designation of the data protection officer), Article 38 (Position of the data protection …
CEF 2025: EDPB selects topic for next year’s Coordinated Action
10 October 2024
News
… 10 October - During its October 2024 plenary, the European Data Protection Board (EDPB) selected the topic for its fourth … sector, the designation and position of Data Protection Officers and the implementation of the right of access by … 10 October - During its October 2024 plenary, the European Data Protection Board (EDPB) selected the topic for its …
EDPB publishes CSC biannual report and work programme 2025-2026
13 February 2025
News
… Information System (IMI) transparency obligations for data controllers . In addition, in July 2023, the CSC … ‘Europol’s information systems - a guide for exercising data subjects’ rights: the right of access, rectification, … programme 2025-2026 . To ensure a continuous high level of protection of individuals’ rights, the Committee will …
Polish DPA: Breach of the GDPR provisions by Funeda results in a fine
19 March 2021
News
… Sp. z o.o. company breached the provisions of the General Data Protection Regulation (GDPR) by not cooperating with Polish Data Protection Authority in the scope of performing the … Sp. z o.o. company breached the provisions of the General Data Protection Regulation (GDPR) by not cooperating with …
EDPBI:FR:OSS:D:2019:73
16 December 2019
… and modalities for the exercise of the rights of the data subject) Article 13 (Information to be provided where personal data are collected from the data subject) Article 14 (Information to be provided where … Nationale de l’Informatique et des Libertés (French Data Protection Authority), Having regard to Treaty no. 108 …
Legal Framework - Coordinated Supervision Committee
… of 23 October 2018. Article 62 provides that the European Data Protection Supervisor (EDPS) and the national supervisory … coordinating the supervision of the processing of personal data in an EU large scale IT system or body, office or … of 23 October 2018. Article 62 provides that the European Data Protection Supervisor (EDPS) and the national …
Administrative fine imposed on the Finnish Motor Insurers’ Centre for the collection of unnecessary patient information
8 February 2022
News
… Lawfulness, fairness and transparency (Art. 5(1)(a)), data minimisation (Art. 5(1)(c)), data protection by design and by default (Art. 25(2)) … Lawfulness, fairness and transparency (Art. 5(1)(a)), data minimisation (Art. 5(1)(c)), data protection by design and by default (Art. 25(2)) Decision: …
Polish SA fines controller EUR 5300 for failure to implement appropriate security measures
20 April 2023
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … of more than 5 300 EUR (23 580 PLN) on the Disciplinary Officer of the Bar Association for breaching the provisions …
Coordinated Enforcement Framework
… Strategy to streamline enforcement and cooperation among Data Protection Authorities (DPAs). Each year, DPAs select the … on the designation and position of data protection officers (DPOs), 2023 Coordinated Enforcement Action, … Strategy to streamline enforcement and cooperation among Data Protection Authorities (DPAs). Each year, DPAs select …
ICO statement: Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach
9 July 2019
News
… International, Inc more than £99 million under GDPR for data breach 9 July 2019 United Kingdom Statement in response … Office (ICO) intends to fine it for breaches of data protection law. Following an extensive investigation … Office (ICO) intends to fine it for breaches of data protection law. Following an extensive investigation …
Polish SA: administrative fine of 5 700 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data), Article 28 (Processor) Decision: Administrative fine, … Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 …
Reprimand for disclosure of the list of quarantined persons
25 November 2020
News
… 25 November 2020 Poland The President of the Personal Data Protection Office, after having conducted ex officio proceedings relating to breach of personal data protection of persons subject to medical quarantine by … The President of the Personal Data Protection Office, after having conducted ex officio …
European Data Protection Board - Sixth Plenary session: Privacy Shield, Brexit, clinical trials Q&A, DPIA lists, guidelines on certification, EDPB answer to Australian SA on data breach notification
24 January 2019
Press releases
… European Data Protection Board - Sixth Plenary session: Privacy Shield, … on certification, EDPB answer to Australian SA on data breach notification 24 January 2019 EDPB Brussels, 24 January - On January 22nd and 23rd, the European Data Protection Authorities, assembled in the European Data …
Polish DPA: Failure to respond to the supervisory authority’s requests is also a failure to cooperate
27 April 2021
News
… also a failure to cooperate 27 April 2021 Poland The Polish Data protection Authority, stating that PNP SA with its … office in Warsaw violated the provisions of the General Data Protection Regulation, imposed an administrative fine … The Polish Data protection Authority, stating that PNP SA with its …
Polish SA: administrative fine of EUR 4 500 for gastronomic entrepreneur for access hindering and failure to provide with the necessary information
25 September 2025
News
… case concerns a complaint to the President of the Personal Data Protection Office lodged by an individual in 2021 about … irregularities in the processing of his or her personal data by an entrepreneur from Silesia voivodeship. That was … case concerns a complaint to the President of the Personal Data Protection Office lodged by an individual in 2021 about …
Polish SA: administrative fine of EUR 7 800 for non-public health care centre in Pyskowice for failing to carry out appropriate risk analysis
16 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), …