Search results | European Data Protection Board

Fine imposed for preventing the Supervisory Authority from performing an inspection
3 April 2020
News
… the company infringed the provisions of Article 31 of the GDPR with regard to Article 58(1)(e) and (f) of the GDPR referring to cooperation with the supervisory authority … the company infringed the provisions of Article 31 of the GDPR with regard to Article 58(1)(e) and (f) of the GDPR …
EDPB adopts template complaint form and a final version of Recommendations on the application for approval and on the elements and principles to be found in Controller BCRs
21 June 2023
News
… BCR applications since the entering into application of the GDPR. The recommendations provide additional guidance and … essentially equivalent to the one provided by the GDPR. A second set of recommendations for BCR-processors … BCR applications since the entering into application of the GDPR. The recommendations provide additional guidance and …
Polish DPA fines non-public nursery and pre-school: Lack of cooperation with the supervisory authority
20 July 2020
News
… a data breach to the data subject in accordance with the GDPR (Article 58(1)(e) of the GDPR). The controller notified to the President of the UODO … a data breach to the data subject in accordance with the GDPR (Article 58(1)(e) of the GDPR). The controller …
Swedish DPA: Investigation of 1177-incident finalized
11 June 2021
News
… calling 1177 with information according to the rules in the GDPR and the Patient Records Act, for example how their … and medical care laid down by law. This is a breach of the GDPR’s principle of lawfulness. Further to the … on behalf of Medhelp. The Data Protection Regulation, the GDPR, lays down obligations also for processors, i.e. …
Reprimand for disclosure of the list of quarantined persons
25 November 2020
News
… constitutes personal data within the meaning of the GDPR, and the fact that persons are in quarantine … controller is subject to the obligations resulting from the GDPR. UODO also took into account that the confidentiality … to ensure the security of processing. Article 33(1) of the GDPR sets forth that in the case of a personal data breach, …
Icelandic SA: the municipality of Reykjavík fined 5.000.000 ISK for the use of the Seesaw educational system
16 May 2022
News
… safeguards (Article 46). Decision: infringement of the GDPR, order to suspend processing and erasure of personal … of Reykjavík had breached various provisions of the GDPR using Seesaw. Following that decision, the Icelandic SA … safeguards (Article 46). Decision: infringement of the GDPR, order to suspend processing and erasure of personal …
EDPB Opinions on draft UK adequacy decisions
16 April 2021
News
… on the EDPB website. Opinion 14/2021 is based on the GDPR and assesses both general data protection aspects and … on the EDPB website. Opinion 14/2021 is based on the GDPR and assesses both general data protection aspects and …
Polish DPA: A data breach must be notified to the supervisory authority
11 January 2021
News
… not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative … DPA reminds that pursuant to Article 33 (1) and (3) of the GDPR, in the case of a personal data breach, the controller … not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative …
State Commissioner for Data Protection in Lower Saxony imposes € 10.4 million fine against notebooksbilliger.de
26 January 2021
News
… Lower Saxony under the General Data Protection Regulation (GDPR). The GDPR enables supervisory authorities to impose fines of up … Lower Saxony under the General Data Protection Regulation (GDPR). The GDPR enables supervisory authorities to impose …
Polish DPA Fines ENEA S.A.: A data breach must be notified to the supervisory authority
11 January 2021
News
… not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative … DPA reminds that pursuant to Article 33 (1) and (3) of the GDPR, in the case of a personal data breach, the controller … not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative …
The President of the Personal Data Protection Office imposes a fine in cross-border proceedings
10 July 2020
News
… it and does not fulfil the obligation – provided for in the GDPR – to provide it with access to personal data and other … of the personal data protection system specified by the GDPR), the intentional nature of the breach and the … it and does not fulfil the obligation – provided for in the GDPR – to provide it with access to personal data and other …
EDPB Stakeholder Event on processing of personal data for scientific research purposes
16 March 2021
News
… remote stakeholder event on the topic " application of the GDPR to the processing of personal data for scientific … remote stakeholder event on the topic " application of the GDPR to the processing of personal data for scientific …
Polish SA: administrative fine of 330 000 € for a medical company after a hacker attack
28 November 2024
News
… 330 000 € for infringement of Article 5, 24 and 32 of the GDPR and has ordered the controller to bring processing … operations into compliance with the provisions of GDPR). For further information: Decision in national … 330 000 € for infringement of Article 5, 24 and 32 of the GDPR and has ordered the controller to bring processing …
First fine by the Romanian Supervisory Authority
26 June 2019
News
… safeguards in the processing, in order to meet the GDPR requirements and to protect the rights of the data … statement/details. Pursuant to Article 5 (1) c) of GDPR (“Principles relating to processing of personal data”), … safeguards in the processing, in order to meet the GDPR requirements and to protect the rights of the data …
EDPB promotes consistent approach for 101 NOYB data transfers complaints
19 April 2023
News
… to comply with the requirements of Chapter V of the GDPR, and if necessary, to stop the transfer at stake. The … to comply with the requirements of Chapter V of the GDPR, and if necessary, to stop the transfer at stake. The …
Spanish Data Protection Authority (AEPD) imposes fine of 70.000 EUR on XFERA MOVILES
18 August 2020
News
… of confidentiality, established in Article 5(1)(f) of the GDPR. You can read the text of the decision here . For … of confidentiality, established in Article 5(1)(f) of the GDPR. You can read the text of the decision here . For …
Spanish DPA imposes fine on Telefónica Móviles España
25 November 2020
News
… Móviles España, S.A.U., violated Article 6(1) of the GDPR, by processing the claimant's personal data without any … Móviles España, S.A.U., violated Article 6(1) of the GDPR, by processing the claimant's personal data without any …
Second fine by the Romanian Supervisory Authority
2 July 2019
News
… the personal data breach provided by Article 33 of GDPR. The General Regulation on Data Protection establishes, … and updated where necessary.” Moreover, Recital (75) of GDPR states that: “The risk to the rights and freedoms of … the personal data breach provided by Article 33 of GDPR. The General Regulation on Data Protection establishes, …
Polish SA: administrative fine of 5 700 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Kutno for infringement of Articles 5, 24, 25, 28, 32 of the GDPR. An unencrypted pendrive with the personal data of … programme, for infringement of Articles 28 and 32 of the GDPR. For further information: decision in national language … Kutno for infringement of Articles 5, 24, 25, 28, 32 of the GDPR. An unencrypted pendrive with the personal data of …
The Norwegian SA fines Krokatjønnvegen 15 AS
20 January 2023
News
… of processing (Article 6) Decision: Infringement of the GDPR, Administrative fine and Order to comply Key words: … of processing (Article 6) Decision: Infringement of the GDPR, Administrative fine and Order to comply Key words: …