12 January 2022
… use of the Pegasus spyware Guidelines on examples regarding data breach notifications (following public consultation) Opinion … authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by … use of the Pegasus spyware Guidelines on examples regarding data breach notifications (following public consultation) …
20 July 2020
… be carried out 20 July 2020 The President of the Personal Data Protection Office (UODO), after having conducted an … (Główny Geodeta Kraju, GGK). The President of the Personal Data Protection established that the Surveyor General of … the General Data Protection Regulation (GDPR), where the breach consisted in failure to provide the supervisory …
4 May 2021
… green pass and it is affected additionally by several data protection shortcomings including the lack of any … Contrary to the requirements laid down in the EU General Data Protection Regulation, the decree does not specify the … of the controller of the processing at issue, which is in breach of the transparency principle and hampers or …
15 January 2024
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 13 (Information to be provided where personal data are collected from the data subject) Decision: … facility is rented out for events or other gatherings, in breach of Article 6. Furthermore, the Icelandic SA …
11 June 2021
… says. Medhelp is the medical care provider and personal data controller. In this capacity, they are the ones … to ensure an adequate level of security to protect personal data – in this case voice recordings – so that unauthorized … in health and medical care laid down by law. This is a breach of the GDPR’s principle of lawfulness. Further to the …
4 September 2025
… without free and informed consent (Article 82 of the French Data Protection Act) Decision: Infringement of the French … Electronic Communications Code, Infringement of the French Data Protection Act, Administrative fine and injunction Key … this context was therefore not valid, which constituted a breach of the French Data Protection Act (Article 82). …
26 May 2021
… certify COVID-19 vaccination, recovery or negativity was in breach of privacy laws. The certification was intended to be … this processing, who was authorised to access and use the data, or who was tasked with checking that the certificates … default. At all events, the Region should have performed a data protection impact assessment beforehand in order to …
5 March 2020
… a school 5 March 2020 Poland The President of the Personal Data Protection Office imposed a fine of PLN 20 000 in connection with the breach consisting in the processing of biometric data of children when using the school canteen. The school … The President of the Personal Data Protection Office imposed a fine of PLN 20 000 in …
17 January 2020
… concerning respectively illicit processing of personal data in the context of promotional activities and the … criticalities with regard to the general processing of data. The violations brought to light include advertising … such data to Egl. The second fine of EUR 3 million concerns breaches due to the conclusion of unsolicited contracts for …
5 November 2025
… 5 November 2025 EDPB Brussels, 5 November - The European Data Protection Board (EDPB) is taking an important step … that organisations can readily implement to meet their data protection obligations. To ensure these templates … such as Data Protection Impact Assessments (DPIAs) and data breach notifications. Contributions can be submitted here …
10 June 2022
… confidentiality); Art. 13 and 14 (Information); Art. 25 (Data protection by design and by default); Art. 28 … originated from a set of inspections on the processing of data acquired via whistle-blowing management systems, with … processing activities for which it was the controller (in breach of Article 28, paragraphs 1 and 3, GDPR) – ranging …
25 November 2020
… a fine of 1,500 EUR for unlawful processing of personal data made via a video surveillance system. The positioning … this video system also constituted an infringement of the data protection by design principle, the DPA concluded. … resulted in the decision that a priori analysed potential breaches of the GDPR. Decision of the Litigation Chamber The …
5 November 2025
… the EDPB will already work on creating a template for data protection impact assessment (DPIA) and for data breach notifications. We invite you to provide your … the EDPB will already work on creating a template for data protection impact assessment (DPIA) and for data breach …
28 October 2021
… Decision Origin of the case Image files containing health data about people with no connection to the municipality … to staff at the health clinic. Key Findings The Norwegian Data Protection Authority noted that the municipality did … internal deficiencies in its access management. This is a breach of the requirements regarding personal data security …
21 January 2019
… the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, … ads personalization. On 25 and 28 May 2018, the National Data Protection Commission (CNIL) received group complaints … the CNIL’s restricted committee responsible for examining breaches of the Data Protection Act observed two types of …
28 October 2021
… lawfulness, fairness and transparency (article 5 (1) (a)), data minimisation (article 5 (1) (c)), Transparent … relating to CCTV monitoring of salon premises, the Data Protection Authority has concluded that the enterprise … monitoring of the reception area has been found to be in breach of the General Data Protection Regulation (GDPR). The …
28 October 2021
… and fine imposed Key words: Access Management, Health Data, Information Security Summary of the Decision Origin … to introduce relevant measures in order to improve personal data security. Key Findings The fine is imposed due to a … folder areas outside patient records. This constitutes a breach of the requirements regarding personal data security …
17 September 2020
… Roads Administration 17 September 2020 Norway The Norwegian Data Protection Authority has issued the Norwegian Public … a fine of 37,400 EUR (400 000 NOK) for processing personal data for purposes that were incompatible with the originally … employees. The usage of such photos for documenting breaches of contract several months after the incidents took …
23 September 2021
… Information (Article 14 GDPR), Right of access by the data subject (Article 15 GDPR) Decision: Infringement of the … Key Findings Having investigated the complaint, the Data Protection Authority concluded that the enterprise had … Data Protection Authority has reprimanded an enterprise for breach of the General Data Protection Regulation’s (GDPR) …
3 February 2023
… National case Controller: DISCORD INC. Legal Reference: Data retention periods (article 5.1.e of the GDPR), Information to individuals (article 13 of the GDPR), Data protection by default (article 25.2 of the GDPR), … public. The amount of the fine was decided regarding the breaches identified, the number of people concerned, but …