Search results | European Data Protection Board

Dutch SA fines Transavia for poor personal data security
23 September 2021
News
… Article 32 (1) and (2) Decision: Infringement of the GDPR, administrative fine Key words: Security of processing, … Article 32 (1) and (2) Decision: Infringement of the GDPR, administrative fine Key words: Security of processing, …
Decision concerning a complaint directed against WhatsApp Ireland Limited in respect of the WhatsApp service made pursuant to Section 113 of the Data Protection Act 2018 (Inquiry 18-5-6)
24 January 2023
Decision by the SA
… by the Irish SA regarding WhatsApp Ireland Limited (Art. 65 GDPR) … Decision concerning a complaint directed against …
Decision concerning a complaint directed against Meta Platforms Ireland Limited in respect of the Instagram service made pursuant to Section 113 of the Data Protection Act 2018 (Inquiry 18-5-7)
12 January 2023
Decision by the SA
… Ireland Limited and its Instagram service (Art. 65 GDPR) … Decision concerning a complaint directed against …
Ivoclar Vivadent Group
23 July 2024
… 331.8KB German English Descarga Pre-GDPR No … Ivoclar Vivadent Group …
Norwegian DPA: Company fined for illegal forwarding of e-mail
13 May 2021
News
… in addition to the requirement for legal basis under the GDPR. Nor had the business drawn up procedures for access to … in addition to the requirement for legal basis under the GDPR. Nor had the business drawn up procedures for access to …
Polish SA: administrative fine of 5 700 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Kutno for infringement of Articles 5, 24, 25, 28, 32 of the GDPR. An unencrypted pendrive with the personal data of … programme, for infringement of Articles 28 and 32 of the GDPR. For further information: decision in national language … Kutno for infringement of Articles 5, 24, 25, 28, 32 of the GDPR. An unencrypted pendrive with the personal data of …
EDPBI:LT:OSS:D:2019:17
16 May 2019
… the relevant data breach as required by Art. 33 of the GDPR without providing a sufficient explanation of that …
Decision of the Data Protection Commission made pursuant to Section 111 of the Data Protection Act, 2018 and Articles 60 and 65 of the General Data Protection Regulation
22 May 2023
Binding decision of the Board (Art. 65)
… Platforms Ireland Limited for its Facebook service (Art. 65 GDPR) … Decision of the Data Protection Commission made …
CoC regulating the processing of personal data related to commercial information
29 April 2021
Other
… Italy Type Code for Controllers/Processors subject to GDPR Scope National Monitoring Body Organismo di …
EDPBI:FR:OSS:D:2019:3
18 January 2019
… as to the identity of the complainant according to Art 12.6 GDPR. “The level of verification to be carried out is …
The Norwegian SA imposes fine against Elektro & Automasjon Systemer AS
13 December 2021
News
… Legal basis (Article 6) Decision: Infringement of the GDPR declared and fine imposed, order to establish … Legal basis (Article 6) Decision: Infringement of the GDPR declared and fine imposed, order to establish …
Processing the personal data by a processor must be documented
20 December 2022
News
… that the processing of personal data complies with the GDPR. Key Findings Failure to verify the processor and its … that the processing of personal data complies with the GDPR. Key Findings Failure to verify the processor and its …
Polish SA: risk assessment and acting in accordance with established procedures counteract data loss
20 December 2022
News
… documentation since the beginning of the application of the GDPR and had performed a risk assessment. The controller was … documentation since the beginning of the application of the GDPR and had performed a risk assessment. The controller was …
Second fine by the Romanian Supervisory Authority
2 July 2019
News
… the personal data breach provided by Article 33 of GDPR. The General Regulation on Data Protection establishes, … and updated where necessary.” Moreover, Recital (75) of GDPR states that: “The risk to the rights and freedoms of … the personal data breach provided by Article 33 of GDPR. The General Regulation on Data Protection establishes, …
Launch of coordinated enforcement on role of data protection officers
15 March 2023
News
… the position in their organisations required by Art. 37-39 GDPR and the resources needed to carry out their tasks, … on the role of data protection officers (EN) Italian SA: GDPR: focus dei Garanti europei sul ruolo dei responsabili … the position in their organisations required by Art. 37-39 GDPR and the resources needed to carry out their tasks, …
EDPB & EDPS call for ban on use of AI for automated recognition of human features in publicly accessible spaces, and some other uses of AI that can lead to unfair discrimination
21 June 2021
News
… clarify that existing EU data protection legislation (GDPR, the EUDPR and the LED) applies to any processing of … protection authorities (DPAs) are already enforcing the GDPR and the LED on AI systems involving personal data, in … clarify that existing EU data protection legislation (GDPR, the EUDPR and the LED) applies to any processing of …
CoC regulating the sector of telemarketing and tele-selling
7 March 2024
Other
… Italy Type Code for Controllers/Processors subject to GDPR Scope National Monitoring Body (website under …
CoC regulating credit assessment systems managed by private entities
6 October 2022
Other
… Italy Type Code for Controllers/Processors subject to GDPR Scope National Monitoring Body Organismo di …
‘Easy privacy information via icons? Yes, you can!’ The Italian DPA launches a contest calling for creative ideas from all quarters
14 April 2021
News
… in an information notice under Articles 13 and 14 of the GDPR. Proposals will be welcome until 30 May, 2021 and … in an information notice under Articles 13 and 14 of the GDPR. Proposals will be welcome until 30 May, 2021 and …
EDPB adopts final version of Guidelines on data subject rights - right of access
17 April 2023
News
… aligns the text of the Guidelines with the text of the GDPR, which does not provide for one-stop-shop for … aligns the text of the Guidelines with the text of the GDPR, which does not provide for one-stop-shop for …