2 September 2024
… and modalities for the exercise of the rights of the data subject), Article 15 (Right to access by the data subject) Decision: Administrative fine Key words: … the modalities of the right to access, the defendant has breached the articles 12.2, 12.3 et 15 GDPR because of the …
13 May 2021
… 1, letters a) and c) (lawfulness, fairness, transparency; data minimisation); Article 6 (Lawful processing); Article 9 (Processing of special category data); Article 13 (Information); Article 35 (DPIA); Article … nature of the information that had been processed in breach of the law. Additionally, the municipality was …
28 October 2021
… Reference: GDPR: Article 5 (Principles applying to personal data processing); Article 6 (Lawfulness of processing); … service; inbound calls management; trade union agreements; data minimization Summary of the … found that the company had processed its employees’ data in breach of sector-specific national law and the general …
17 September 2024
… Article 5 (Principles relating to processing of personal data) Decision: Administrative fine Key words: Health … had processed, without authorisation, non-anonymous health data, transmitted to its customers in order to carry out … of April 10, 2014). Then, the French SA found two breaches: Failure to comply with the obligation to carry out …
4 September 2025
… STYLES SERVICES CO. LIMITED Legal Reference: The French Data Protection Act (Article 82): failure to obtain user … withdrawing consent Decision: Infringement of the French Data Protection Act, Administrative fine Key words: Cookies … it has repeatedly sanctioned organisations for similar breaches and has made its decisions public. The massive …
18 December 2019
… 18 December 2019 Germany The Federal Commissioner for Data Protection and Freedom of Information (BfDI) imposed a … another case, the BfDI imposed a fine of EUR 10. 000 on Rapidata GmbH. Concerning this matter, the Federal Commissioner … The BfDI considers this authentication procedure to be in breach of Article 32 of the GDPR which obliges the company …
23 January 2024
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 12 … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … from employees. Key Findings The French SA found several breaches of the GDPR regarding: Warehouse stock and order …
21 May 2025
… professionals in the sector, particularly those who resell data, including the many intermediaries in this ecosystem known as data brokers. The French SA carried out investigations on … on the market, the financial benefit derived from the breaches, and the measures taken by the company to comply …
19 July 2023
… information note for individuals and entities transferring data to the U.S.. This note aims to provide concise and … to the U.S., the redress mechanisms available under the Data Privacy Framework (DPF), and the new redress mechanism … a processing, the strengthening of the duty to notify data breaches to the Japanese data protection authority and to …
19 March 2019
… Municipality 19 March 2019 On March 19th, the Norwegian Data Protection Authority imposed an administrative fine of … the municipality’s computer system, containing the personal data of over 35,000 pupils and employees of the … individuals, primarily children The fact that the security breach encompasses personal data to over 35 000 individuals, …
27 July 2020
… on July 9th on account of several instances of unlawful data processing that were mostly related to marketing. The … similar infringements that had occurred when the previous data protection law was in force. The fine was imposed … activities to call centres, which collected data in breach of the law. The pleadings submitted by Wind Tre and …
15 April 2024
… fine Keywords: own-initiative investigation, biometric data, Data Protection Impact Assessments Summary of the Decision … on the Hellenic Ministry of Migration and Asylum for the breaches found in relation to the cooperation with the …
7 October 2019
… a telephone service provider (1) Imposition of a fine for breach of the principle of accuracy and data protection by design when keeping personal data of subscribers The Hellenic DPA has received complaints …
5 June 2025
… Article 5 (Principles relating to processing of personal data) Decision: administrative fine Key words: … in this ecosystem, in particular intermediaries who resell data, known as data brokers. Thus, the CNIL carried out … on the market, the financial benefit derived from the breaches and the complete cessation of activity of the …
22 May 2019
… days short of the GDPR’s first anniversary, the European Data Protection Board surveyed the Supervisory Authorities … 2017. Over 144.000 queries and complaints* and over 89.000 data breaches have been logged by the EEA Supervisory …
24 November 2020
… the City of Stockholm 24 November 2020 Sweden The Swedish Data Protection Authority has reviewed the so-called School … Board of Education in the City of Stockholm. The Swedish Data Protection Authority has received a number of personal data breach notifications from the City of Stockholm's Board of …
16 May 2022
… Controller: The municipality of Reykjavík. Legal Reference: data protection principles (Article 5), lawfulness of processing (Article 6), transparency (Article 13), data protection by design and default (Article 25), joint … SA concluded that the municipality of Reykjavík had breached various provisions of the GDPR using Seesaw. …
25 September 2025
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … access to the IT systems was blocked, resulting in a breach of the confidentiality and availability of personal …
15 June 2021
… for inadequate testing 15 June 2021 Norway The Norwegian Data Protection Authority has fined the Norwegian … GDPR violation. The backdrop for this case is that personal data about 3.2 million Norwegians was available online for … Data Protection Authority also found the incident to be in breach of the principles of legality, data minimisation and …
12 July 2019
… Guidelines 3/2019 on processing of personal data through video devices Guidelines 3/2019 on processing of personal data through video devices The European Data Protection … A company is experiencing difficulties with security breaches in their public entrance and is using video …