Search results | European Data Protection Board

Polish SA: administrative fine of 19 800 € for failure to notify a personal data breach to the supervisory authority
6 February 2025
News
… a broad extent, should have a legal basis. In turn, the GDPR clearly provides (in Article 6(1)) that the processing … are under special protection, according to Article 9 of the GDPR. It should be emphasised that the National Public … how it should - in accordance with the provisions of the GDPR - notify the person whose data has been affected by the …
EDPBI:DEBE:OSS:D:2020:124
13 July 2020
… breach or mitigate its adverse effects (Art. 33 (3) (d) GDPR) The company hired a forensics firm to identify network … or public com- munication (Art. 34 (1) or Art. 34 (3) (c) GDPR) The concerned data subjects were informed of the … incident occurred, e.g. encryption (Arti- cle 34 (3) (a) GDPR) - 3 - The stolen passwords were hashed with PBKDF2-SHA …
EDPB adopts letter on Polish presidential elections data disclosure & discusses recent Hungarian government decrees in relation to the coronavirus during the state of emergency
8 May 2020
Press releases
… attention. The Board underlines that, according to the GDPR, personal data, such as names and addresses, and … data.” However, the EDPB stresses that enforcement of the GDPR lies with the national supervisory authorities. The … In the first instance, the assessment of alleged GDPR infringements falls within the competence of the …
Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 - Annex 2
14 February 2019
Guidelines
… taken into consideration. Since the EDPB is required by the GDPR (art. 70(4)) to make the results of this consultation … in accordance with the legal requirements provided by the GDPR and, where applicable, by national legislation. 2 SCOPE … of processing operations of controllers under the GDPR without specifying further the area of application …
EDPBI:FR:OSS:D:2020:105
11 May 2020
… of Article 56.1 of the General Data Protection Regulation (GDPR). lodged a complaint with the CNIL regarding the … in accordance with the provisions of Article 58.2.b) of the GDPR. Indeed, has to ensure and be able to demonstrate that … manner in relation to them (Articles 5.1.a) and 5.2 GDPR). In addition, pursuant to Articles 17.1 and 21.1 GDPR, …
EDPB Opinions on draft UK adequacy decisions
16 April 2021
News
… on the EDPB website. Opinion 14/2021 is based on the GDPR and assesses both general data protection aspects and … on the EDPB website. Opinion 14/2021 is based on the GDPR and assesses both general data protection aspects and …
The Romanian Supervisory Authority fines Raiffeisen Bank S.A. and Vreau Credit S.R.L.
31 October 2019
News
… with Article 32 paragraph (1) and paragraph (2) of the GDPR , which led to imposing an administrative fine in the … with Article 32 paragraph (1) and paragraph (2) of the GDPR , as well as of Article 33 paragraph (1) of the GDPR, which led to imposing an administrative fine in the …
Polish SA: administrative fine of 81 000 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… data. This was because, contrary to the indications of the GDPR the controller had not carried out an adequate risk … so that the processing meets the requirements of the GDPR and protects the rights of data subjects (point I(b) of … to comply with the principle of accountability under the GDPR (Article 5(2)) both before and after the incident. At …
Polish SA: administrative fine of 928 498,06 € for failure to inform data breach victims
6 February 2025
News
… bank has failed to comply with its obligations under the GDPR after the personal data of a group of customers was … secrets does not exempt from the application of the GDPR. Decision The President of the Personal Data … 928 498,06 € on mBank for infringement of Article 34 of the GDPR. The fine amount represents 24 thousandths of one per …
Tax Administration fined for fraud ‘black list’
16 May 2022
News
… - article 35(2) icw 38(1) Decision: infringement of the GDPR, administrative fines Key words: illegally processing … violations of the General Data Protection Regulation (GDPR). For example, the Tax Administration had no statutory … - article 35(2) icw 38(1) Decision: infringement of the GDPR, administrative fines Key words: illegally processing …
Finnish SA: Fine for a company for carrying out direct marketing with robocalls without consent
6 July 2021
News
… required by the General Data Protection Regulation (GDPR) for carrying out direct marketing. The Office of the … their rights as data subjects in accordance with the GDPR, because the robot could not understand the question of … and the method for obtaining it were not compliant with the GDPR, because consent was not requested separately for …
Italian Garante - E-INVOICES: NO DATABASE TO BE SET UP BY ITALY’S REVENUE AGENCY. NO E-INVOICES FOR HEALTH CARE SERVICES
20 March 2019
News
… relying on the new powers set out in Article 58 of the EU GDPR. The warning was addressed to the Revenue Agency to … the 15 th of April this year, pursuant to Article 35 of the GDPR. The Garante had already emphasized that the Agency … data protection by design approach that is set forth in the GDPR; indeed, the Garante had pointed out that such a …
AEPD fine of EUR 3,000,000 to CAIXABANK PAYMENTS & CONSUMER EFC, EP, S.A.U. for lack of specific and informed consent regarding profiling for commercial purposes
3 February 2022
News
… of processing (Article 6). Decision: Infringement of the GDPR, order to comply. Key words: … operations into compliance with the provisions of the GDPR within six months of this decision. For further … of processing (Article 6). Decision: Infringement of the GDPR, order to comply. Key words: …
Dutch SA fines DPG Media Magazines for unnecessarily requesting copies of identity documents
28 March 2022
News
… Media Magazines B.V. Legal Reference: article 12 (2) GDPR Decision: Infringement of the GDPR, administrative fine Key words: identity document; … Media Magazines B.V. Legal Reference: article 12 (2) GDPR Decision: Infringement of the GDPR, administrative …
Temperature checks at Brussels South Charleroi Airport (Belgium) as part of the fight against COVID-19
21 April 2022
News
… data pertaining to a special category of data under the GDPR (health data). The temperature checks were mainly based … of Mobility, which does not meet the criteria of the GDPR, i.e. to be a clear and precise legal standard whose … data pertaining to a special category of data under the GDPR (health data). The temperature checks were mainly based …
EDPBI:EE:OSS:D:2019:55
7 October 2019
… Summary Final Decision Art 60 Complaint Infringement of the GDPR EDPBI:EE:OSS:D:2019:55 Background information Date of … Right to erasure (Article 17) Decision: Infringement of the GDPR, issue of reprimand in accordance with Article 58(2)(b) GDPR Key words: Right to object, Right to erasure, …
EDPBI:FR:OSS:D:2020:120
3 July 2020
… due to the complainant’s letter not mentioning the words ‘GDPR’, ‘CNIL’, ‘data protection’ or ‘personal data’. The … request, despite the time limits set out under Article 12 GDPR.Decision The LSA will issue reprimands to the controller in accordance with Article 58(2)(b) GDPR. Further, in accordance with Articles 12 and 24 GDPR, …
Polish SA: administrative fine of 132 000 € for improper positioning of the DPO and failure to include profiling in documentation
7 May 2025
News
… fine of 60 000 € for infringement of Article 38(3) of the GDPR and a fine of 72 000 € for infringement of Articles 30(1), 35(1,7) of the GDPR. Total amount of imposed fine on Toyota Bank Polska … fine of 60 000 € for infringement of Article 38(3) of the GDPR and a fine of 72 000 € for infringement of Articles …
Hamburg DPA: Penalty against Vattenfall Europe Sales GmbH
14 October 2021
News
… obligations under data protection law (Article 12, 13 GDPR) through this procedure, as the customers were not … permissible at all. This is not explicitly regulated in the GDPR; there are no clear legal requirements in this respect. … obligations under data protection law (Article 12, 13 GDPR) through this procedure, as the customers were not …
Norwegian DPA: Fine for accessing former employee’s e-mail inbox and failing to close e-mail inbox
1 July 2021
News
… established by the General Data Protection Regulation (GDPR). Furthermore, the enterprise had failed to fulfil its duty to provide information (Article 13 of the GDPR), its duty to delete the contents of the complainant’s … established by the General Data Protection Regulation (GDPR). Furthermore, the enterprise had failed to fulfil its …