Search results | European Data Protection Board

EDPB clarifies notion of main establishment and calls on EU legislators to make sure CSAM Regulation respects rights to privacy and data protection
14 February 2024
Press releases
… of the One-Stop-Shop mechanism , following an Art. 64(2) GDPR request by the French Data Protection Authority … be considered as a main establishment under Art. 4(16)(a) GDPR only if it takes the decisions on the purposes and … of the One-Stop-Shop mechanism , following an Art. 64(2) GDPR request by the French Data Protection Authority …
Polish DPA fines Warsaw University of Life Sciences (SGGW)
11 September 2020
News
… of confidentiality and accountability specified in the GDPR. It is worth noting that the personal data of … of the principle of storage limitation provided for in the GDPR. Moreover, in the course of the conducted proceedings … of confidentiality and accountability specified in the GDPR. It is worth noting that the personal data of …
Polish SA: administrative fine of 5 700 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Kutno for infringement of Articles 5, 24, 25, 28, 32 of the GDPR. An unencrypted pendrive with the personal data of … programme, for infringement of Articles 28 and 32 of the GDPR. For further information: decision in national language … Kutno for infringement of Articles 5, 24, 25, 28, 32 of the GDPR. An unencrypted pendrive with the personal data of …
EU Cloud Code of Conduct
20 May 2021
Decision by the SA
… Belgium Type Code for Controllers/Processors subject to GDPR Scope Transnational Monitoring Body Scope Europe, …
Second fine by the Romanian Supervisory Authority
2 July 2019
News
… the personal data breach provided by Article 33 of GDPR. The General Regulation on Data Protection establishes, … and updated where necessary.” Moreover, Recital (75) of GDPR states that: “The risk to the rights and freedoms of … the personal data breach provided by Article 33 of GDPR. The General Regulation on Data Protection establishes, …
EDPB & EDPS call for ban on use of AI for automated recognition of human features in publicly accessible spaces, and some other uses of AI that can lead to unfair discrimination
21 June 2021
News
… clarify that existing EU data protection legislation (GDPR, the EUDPR and the LED) applies to any processing of … protection authorities (DPAs) are already enforcing the GDPR and the LED on AI systems involving personal data, in … clarify that existing EU data protection legislation (GDPR, the EUDPR and the LED) applies to any processing of …
Malta Authorisation for the use of an Administrative Arrangement between EEA and non-EEA Financial Supervisory Authorities
13 August 2019
Decision by the SA
… of an Administrative Arrangement pursuant to Article 46.3.b GDPR 67KB Download Opinion / Binding decision References …
Autodesk Group
24 May 2022
… national decision Autodesk processor 401.8KB Download Pre-GDPR No … Autodesk Group …
Autodesk Group
24 May 2022
… SA national decision Autodesk 2023 402.8KB Download Pre-GDPR No … Autodesk Group …
EDPB adopts final version of Guidelines on data subject rights - right of access
17 April 2023
News
… aligns the text of the Guidelines with the text of the GDPR, which does not provide for one-stop-shop for … aligns the text of the Guidelines with the text of the GDPR, which does not provide for one-stop-shop for …
July Plenaries - adopted documents
2 August 2022
News
… Ireland Limited (Meta IE)). In accordance with Art. 65 (5) GDPR, the EDPB will publish its decision on its website … Ireland Limited (Meta IE)). In accordance with Art. 65 (5) GDPR, the EDPB will publish its decision on its website …
Polish SA: administrative fine of 210 € for failure to notify personal data breach to supervisory authority
28 November 2024
News
… Office then explained the procedure resulting from the GDPR. In the case of such an incident, the risk to which the … a fine of 210 € for infringement of Article 33 of the GDPR. For further information: Decision in national … Office then explained the procedure resulting from the GDPR. In the case of such an incident, the risk to which the …
German Authorisation for the use of an Administrative Arrangement between EEA and non-EEA Financial Supervisory Authorities
24 April 2019
Decision by the SA
… of an Administrative Arrangement pursuant to Article 46.3.b GDPR 157KB German English Download Opinion / Binding …
Processing the personal data by a processor must be documented
20 December 2022
News
… that the processing of personal data complies with the GDPR. Key Findings Failure to verify the processor and its … that the processing of personal data complies with the GDPR. Key Findings Failure to verify the processor and its …
Polish SA: risk assessment and acting in accordance with established procedures counteract data loss
20 December 2022
News
… documentation since the beginning of the application of the GDPR and had performed a risk assessment. The controller was … documentation since the beginning of the application of the GDPR and had performed a risk assessment. The controller was …
Finnish SA: Administrative fine imposed on psychotherapy provider for shortcomings in fulfilling the client's right of access to data
4 September 2023
News
… the client's right of access to data as required by the GDPR. In the decision, particular attention was paid to the … the client's right of access to data as required by the GDPR. In the decision, particular attention was paid to the …
Norwegian DPA: Waxing Palace AS fined
28 October 2021
News
… to be in breach of the General Data Protection Regulation (GDPR). The fine amount is based on an overall assessment, … to be in breach of the General Data Protection Regulation (GDPR). The fine amount is based on an overall assessment, …
General Court: WhatsApp annulment action inadmissible
7 December 2022
News
… a draft decision of the Irish DPA concerning WhatsApp IE’s GDPR transparency obligations to both users and non-users of … a draft decision of the Irish DPA concerning WhatsApp IE’s GDPR transparency obligations to both users and non-users of …
Norwegian DPA: Company fined for illegal forwarding of e-mail
13 May 2021
News
… in addition to the requirement for legal basis under the GDPR. Nor had the business drawn up procedures for access to … in addition to the requirement for legal basis under the GDPR. Nor had the business drawn up procedures for access to …
Infosys Group
2 December 2024
… of the Infosys Group National Decision 402.5KB Download Pre-GDPR No … Infosys Group …