Search results | European Data Protection Board

December Plenary - adopted documents
12 January 2022
News
… use of the Pegasus spyware Guidelines on examples regarding data breach notifications (following public consultation) Opinion … authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by …
Hungarian SA’s decision: failure by an airline company to comply with an erasure request concerning an email address used for direct marketing
2 February 2024
News
… and modalities for the exercise of the rights of the data subject), Article 17 (Right to erasure (‘right to be forgotten’)), Article 25 (Data protection by design and by default) … respect to the Complainant’s request, hence the Company breached Article 12(3) of GDPR when they failed to meet the …
Hamburg Data Protection Commissioner's €51,000 fine against Facebook Germany GmbH
1 December 2019
News
… Hamburg Data Protection Commissioner's €51,000 fine against Facebook … GmbH 1 December 2019 Germany The Hamburg Commissioner for Data Protection and Freedom of Information imposed a fine of … of personal data of users. Given the negligence of the breach and the fact that Facebook only failed to notify an …
Norwegian DPA imposes administrative fine to Østfold HF Hospital
25 November 2020
News
… Østfold HF Hospital 25 November 2020 Norway The Norwegian Data Protection Authority has decided on an administrative … the safe zone. The case started with a notice of personal data breach from the hospital. The folders where the extracts …
Norwegian Supervisory Authority issues fine to the Norwegian parliament
4 March 2022
News
… (Art. 32) and Principles relating to processing of personal data (Art. 5) Decision: Infringement of the GDPR and fine … of the case The Norwegian parliament – the Storting – had a data breach in late 2020. In January 2022, the Norwegian …
Data brokers: French SA fined Tagadamedia €75,000
2 February 2024
News
… Data brokers: French SA fined Tagadamedia €75,000 2 February … professionals in the sector, in particular those who resell data, including many intermediaries in this ecosystem, known … operation of any legal basis. The French SA found two breaches of the GDPR: Failure to comply with the obligation …
Hungarian SA’s decision: failure by an airline company to comply with an erasure request concerning an email address used for direct marketing
7 December 2023
News
… and modalities for the exercise of the rights of the data subject), Article 17 (Right to erasure (‘right to be forgotten’)), Article 25 (Data protection by design and by default) Decision: Warning … respect to the Complainant’s request, hence the Company breached Article 12(3) GDPR when they failed to meet the …
Italian SA fines US company offering diabetes app
13 October 2022
News
… Article 9 (processing of special categories of personal data, including health data); Article 12 (transparent information, communication … fine and order to comply) Key words: GDPR, data breach, App, health data, lawfulness, fairness and …
Greek SA: fine imposed on employer for failure to satisfy the right to object and unlawful processing of employee’s personal data
28 March 2022
News
… to object and unlawful processing of employee’s personal data 28 March 2022 Greece Background information Date of … Article 13: Information to be provided where personal data are collected from the data subject. Article 21: Right … and that the processing in question was carried out in breach of the provisions of Articles 5(1)(f)(a), 5(2) and 13 …
Polish SA: fine of 9 300 € for Independent Public Health Care Centre after hacker attack
28 November 2024
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … processing), Article 34 (Communication of a personal data breach to the data subject). Decision: Administrative fine, …
Commercial prospecting: French SA fined HUBSIDE.STORE €525,000
15 April 2024
News
… Article 14 (Information to be provided where personal data have not been obtained from the data subject) Decision: Administrative fine Key words: … websites. Key Findings The French SA found several breaches of the GDPR: Failure of the obligation to have a …
Italian SA finds monitoring system for online university exams to be in breach of privacy, fines university
16 September 2021
News
… monitoring system for online university exams to be in breach of privacy, fines university 16 September 2021 Italy … letters a), c) and e) (lawfulness, fairness, transparency; data minimisation; storage limitation); Article 6 (Lawful processing); Article 9 (Special category data); Article 13 (Information); Article 25 (Privacy by …
Polish SA: administrative fine of 330 000 € for a medical company after a hacker attack
28 November 2024
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), … order Key words: Accountability, Administrative fine, Data subject rights, Hacker attack, National identification … have had a real impact on the occurrence of a personal data breach. Key Findings The President of the Personal Data …
Guidelines relevant for controllers and processors
… and processors Guidelines 01/2021 on Examples regarding Data Breach Notification - version for public consultation … compliance with the EU level of protection of personal data - version for public consultation Guidelines 4/2019 on …
Polish SA: administrative fine of 5 700 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data), Article 28 (Processor) Decision: Administrative fine, … administrative fine, Data subject rights, Personal data breach, Principles relating to processing of personal data, …
Belgian DPA imposes €50,000 Fine on Family Service
1 February 2021
News
… known by mothers and fathers-to-be in Belgium, for various breaches of the GDPR. Family Service is a marketing company … lodged at the DPA alleging the company transferred personal data to third parties, including data brokers, without valid consent on the part of the …
Second fine by the Romanian Supervisory Authority
2 July 2019
News
… 32 (4) in relation to Article 32 (1) and (2) of the General Data Protection Regulation in respect of the security of processing. The data controller, WORLD TRADE CENTER BUCHAREST S.A., was … to a fine of 71028 lei, the equivalent of 15,000 Euros. The breach of personal data security consisted in the fact that …
Norwegian DPA: Administrative fine for Rælingen municipality
18 August 2020
News
… fine for Rælingen municipality The Norwegian Data Protection Authority has imposed an administrative fine … 47,500 to Rælingen Municipality. The fine is imposed after data concerning health of children with special needs was … started when we received a notification of a personal data breach from the municipality. Upon further investigation of …
Endorsed WP29 Guidelines
… Guidelines During its first plenary meeting the European Data Protection Board endorsed the GDPR related WP29 … of Regulation 2016/679, WP251rev.01 Guidelines on Personal data breach notification under Regulation 2016/679, WP250 rev.01 …
Commercial prospecting and rights of individuals: EDF France fined 600 000 euros
1 December 2022
News
… 14 of the GDPR) obligation to ensure security of personal data (Article 32 of the GDPR) Decision: administrative fine … and 14 of the GDPR) Failure to ensure security of personal data (Article 32 of the GDPR) Decision Based on findings … public. The amount of the fine was decided considering the breaches observed and the cooperation by the company and all …