… analyse decisions related to different Articles of the GDPR and include examples of final One-Stop-Shop (OSS) … Supervisory Authorities (SAs) work together to enforce the GDPR. They offer an opportunity to read final decisions … Publication Type: Support Pool of Experts projects Topics: GDPR enforcement Cooperation between authorities English …
10 June 2022
… of the whistle-blowing management system Legal Reference: GDPR: Art. 5, para. 1, letters a) and f) (lawfulness, … of processing); Art. 35 (DPIA). Decision: finding of GDPR infringement; imposition of administrative fine. Key … activity was found in the record referred to in Article 30 GDPR; the authentication credentials enabling the …
27 January 2020
… of personal data", as defined under Article 9(1) of the GDPR. Providing personal data to an automated system, … needs to be in line with the principles defined in the GDPR. The controller carried out an impact assessment of the … issues with specific rules in line with article 88 of the GDPR. After assessing all the elements gathered for the …
17 June 2020
… two letters to MEP Körner - on encryption and on Article 25 GDPR - and a letter to CEAOB on PCAOB arrangements. The EDPB … necessary in this context. The statement also addresses the GDPR principles that Member States need to pay special … encryption would seriously undermine compliance with GDPR security obligations applicable to controllers and …
25 June 2020
… following the One-Stop-Shop cooperation procedure (Art. 60 GDPR) on its website. Under the GDPR, Supervisory Authorities have a duty to cooperate on … information showcasing how SAs work together to enforce the GDPR in practice. The information in the register has been …
12 May 2022
… opinions on the UK draft adequacy decisions, under both the GDPR and the Law Enforcement Directive (LED), as well as its … national authorities. In 2021, the EDPB adopted 35 Art. 64 GDPR consistency opinions. Most of these opinions concern … In July 2021, the EDPB adopted its very first Art. 66 GDPR Urgent Binding Decision following a request from the …
4 November 2019
… conjunction with Article 5 paragraph (1) letter f) of the GDPR, which lead to the application of an administrative … the provisions of Article 32 paragraph (1) letter d) of the GDPR. In this context, we mention that Article 25 paragraph (1) of GDPR provides the following: ”Taking into account the state …
16 December 2021
… law. In seeking to ensure the consistent application of the GDPR, the process leading to consensus or majority positions … law and procedures. Within the framework provided by the GDPR, the Members of the Board work together in a respectful … that hold one position or another – it is simply the GDPR working as intended. In this regard, although not …
22 February 2023
… by national DPAs via binding decisions under Art. 65 GDPR and to advise the EU legislator on data protection … further guidance and develop awareness-raising tools on the GDPR for a wider audience. Furthermore, the EDPB intends to … such as on the interplay between the AI Act and the GDPR and on the use of social media by public bodies. … The …
9 January 2025
… Key Findings The CNIL found several breaches of the GDPR: Failure to comply with the obligation to have a legal basis (Article 6 of the GDPR) Failure to comply with the obligation to define and … to the purpose of the processing (Article 5-1-e of the GDPR) Failure to comply with the obligation to provide …
23 January 2025
… Key Findings The CNIL found several breaches of the GDPR: Failure to comply with the obligation to have a legal basis (Article 6 of the GDPR) Failure to comply with the obligation to define and … to the purpose of the processing (Article 5-1-e of the GDPR) Failure to comply with the obligation to provide …
15 January 2024
… Key Findings The French SA found several breaches of the GDPR: Failure to comply with the obligation to retain data … purpose for which it was collected (article 5.1.e of the GDPR) Failure to comply with the obligation to inform individuals (Articles 12 and 13 of the GDPR) Failure to comply with the obligation to ensure the …
15 April 2024
… Key Findings The French SA found several breaches of the GDPR: Failure of the obligation to have a legal basis for processing data (Article 6 GDPR). The misleading appearance of the data collection … not have a valid legal basis for data collection (Article 6 GDPR) for commercial prospecting by phone calls. It also …
14 October 2025
… information under the General Data Protection Regulation (GDPR) . The GDPR ensures that individuals are informed when their data … the right to erasure or the “right to be forgotten” (Art.17 GDPR) . The report on the outcome of this action will be …
2 July 2025
… that the DSP: infringed Articles 5(1)(a), 6(1), and 9(1) GDPR by failing to identify a valid lawful basis for the … regard to the preceding finding, infringed Article 5(1)(e) GDPR by retaining biometric data collected as part of SAFE 2 registration; infringed Articles 13(1)(c) and 13(2)(a) GDPR by failing to put in place suitably transparent …
12 September 2022
… Affairs, Greek Seamen’s Fund (NAT) Legal Reference: GDPR: Principles relating to processing of personal data … assessment (Article 35) Decision: Infringement of the GDPR, Reprimand, Administrative fines Key words: Ex officio … (SA), in exercising its ex officio competence under the GDPR and the national Law 4624/2019 , examined the …
7 October 2020
… Register, constitutes unlawful processing (article 6.1 GDPR), as the legal ground for the processing activities in … carrying out a task in the public interest (article 6.1.e. GDPR), and this processing in concreto was not necessary to … data minimisation (resp. article 5.1.d. and article 5.1.c. GDPR.), which means the institution breaches these …
21 December 2021
… of data (Article 9) Decision: Infringement of the GDPR declared and fine imposed Key words: Data sharing, … users. The Authority consider that this was contrary to the GDPR requirements for valid consent. The Authority consider … category data that merit particular protection under the GDPR. As the consents Grindr collected were not valid, …
24 February 2023
… the provisions on international transfers as per Chapter V GDPR : The Guidelines clarify the interplay between the territorial scope of the GDPR (Art. 3) and the provisions on international transfers … design patterns in social media interfaces that infringe on GDPR requirements. The guidelines give concrete examples of …
25 September 2020
… in accordance with the General Data Protection Regulation (GDPR). The topics of direct marketing included various … Article 4(11) of the EU General Data Protection Regulation (GDPR), the consent must be a freely given, specific, … the data subjects’ right to object in accordance with the GDPR. In the controller’s view, it has targeted the …