Search results | European Data Protection Board

EDPB adopted documents - 34th, 35th & 36th plenary
28 July 2020
News
… interplay of the Second Payment Services Directive and the GDPR - version for public consultation letter to MEP Ďuriš … interplay of the Second Payment Services Directive and the GDPR - version for public consultation letter to MEP Ďuriš …
EDPB stakeholder event AI models
5 November 2024
News
… the Irish Data Protection Authority under Art. 64 (2) GDPR. EDPB Chair Anu Talus said: “During the stakeholder … the Irish Data Protection Authority under Art. 64 (2) GDPR. EDPB Chair Anu Talus said: “During the stakeholder …
Estonia participates in the pan-European role of public and private data protection officers in joint supervision
… are outlined in Section 4 of Chapter 4 of the GDPR. In order to gauge whether data protection officers … in organisations that meet the conditions of Articles 37-39 GDPR and have the necessary resources to carry out their … are outlined in Section 4 of Chapter 4 of the GDPR. In order to gauge whether data protection officers …
Hungarian SA’s procedure on the handling of unsubscribe from newsletter
12 December 2023
News
… procedure was launched in accordance with Article 56 (1) of GDPR with a view to identifying the lead supervisory … submitted an erasure request according to Chapter III of GDPR, the competence of the HU SA could not be established … procedure was launched in accordance with Article 56 (1) of GDPR with a view to identifying the lead supervisory …
Polish SA: record fine imposed on Fortum Marketing and Sales Polska S.A. for personal data breach
17 March 2022
News
… (Art. 32(1) and Art. 32(2)). Decision: infringement of the GDPR, administrative fine. Key words: responsibility of the … The Polish DPA found that the controller infringed the GDPR provisions i.e. Art. 5(1)(f), Art. 24(1), Art. 25(1), … (Art. 32(1) and Art. 32(2)). Decision: infringement of the GDPR, administrative fine. Key words: responsibility of the …
Fine imposed for preventing the Supervisory Authority from performing an inspection
3 April 2020
News
… the company infringed the provisions of Article 31 of the GDPR with regard to Article 58(1)(e) and (f) of the GDPR referring to cooperation with the supervisory authority … the company infringed the provisions of Article 31 of the GDPR with regard to Article 58(1)(e) and (f) of the GDPR …
EDPB adopts template complaint form and a final version of Recommendations on the application for approval and on the elements and principles to be found in Controller BCRs
21 June 2023
News
… BCR applications since the entering into application of the GDPR. The recommendations provide additional guidance and … essentially equivalent to the one provided by the GDPR. A second set of recommendations for BCR-processors … BCR applications since the entering into application of the GDPR. The recommendations provide additional guidance and …
Polish DPA fines non-public nursery and pre-school: Lack of cooperation with the supervisory authority
20 July 2020
News
… a data breach to the data subject in accordance with the GDPR (Article 58(1)(e) of the GDPR). The controller notified to the President of the UODO … a data breach to the data subject in accordance with the GDPR (Article 58(1)(e) of the GDPR). The controller …
Swedish DPA: Investigation of 1177-incident finalized
11 June 2021
News
… calling 1177 with information according to the rules in the GDPR and the Patient Records Act, for example how their … and medical care laid down by law. This is a breach of the GDPR’s principle of lawfulness. Further to the … on behalf of Medhelp. The Data Protection Regulation, the GDPR, lays down obligations also for processors, i.e. …
Reprimand for disclosure of the list of quarantined persons
25 November 2020
News
… constitutes personal data within the meaning of the GDPR, and the fact that persons are in quarantine … controller is subject to the obligations resulting from the GDPR. UODO also took into account that the confidentiality … to ensure the security of processing. Article 33(1) of the GDPR sets forth that in the case of a personal data breach, …
Icelandic SA: the municipality of Reykjavík fined 5.000.000 ISK for the use of the Seesaw educational system
16 May 2022
News
… safeguards (Article 46). Decision: infringement of the GDPR, order to suspend processing and erasure of personal … of Reykjavík had breached various provisions of the GDPR using Seesaw. Following that decision, the Icelandic SA … safeguards (Article 46). Decision: infringement of the GDPR, order to suspend processing and erasure of personal …
Polish SA: administrative fine of EUR 15 556 for University Children’s Clinical Hospital in Białystok for failing to implement appropriate technical and organisational measures
25 September 2025
News
… infringement of Articles 24(1), 25(1) and 32(1,2) of the GDPR. In addition, the President of the Personal Data … the processing operations into line with the provisions of GDPR by: implementing appropriate technical and … infringement of Articles 24(1), 25(1) and 32(1,2) of the GDPR. In addition, the President of the Personal Data …
EDPB Opinions on draft UK adequacy decisions
16 April 2021
News
… on the EDPB website. Opinion 14/2021 is based on the GDPR and assesses both general data protection aspects and … on the EDPB website. Opinion 14/2021 is based on the GDPR and assesses both general data protection aspects and …
Polish DPA: A data breach must be notified to the supervisory authority
11 January 2021
News
… not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative … DPA reminds that pursuant to Article 33 (1) and (3) of the GDPR, in the case of a personal data breach, the controller … not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative …
State Commissioner for Data Protection in Lower Saxony imposes € 10.4 million fine against notebooksbilliger.de
26 January 2021
News
… Lower Saxony under the General Data Protection Regulation (GDPR). The GDPR enables supervisory authorities to impose fines of up … Lower Saxony under the General Data Protection Regulation (GDPR). The GDPR enables supervisory authorities to impose …
Polish DPA Fines ENEA S.A.: A data breach must be notified to the supervisory authority
11 January 2021
News
… not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative … DPA reminds that pursuant to Article 33 (1) and (3) of the GDPR, in the case of a personal data breach, the controller … not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative …
The President of the Personal Data Protection Office imposes a fine in cross-border proceedings
10 July 2020
News
… it and does not fulfil the obligation – provided for in the GDPR – to provide it with access to personal data and other … of the personal data protection system specified by the GDPR), the intentional nature of the breach and the … it and does not fulfil the obligation – provided for in the GDPR – to provide it with access to personal data and other …
EDPB centralised register of records
… and the EDPB on the interplay between the DMA and the GDPR Please note that this page is regularly updated, either … and the EDPB on the interplay between the DMA and the GDPR Please note that this page is regularly updated, either …
EDPB Stakeholder Event on processing of personal data for scientific research purposes
16 March 2021
News
… remote stakeholder event on the topic " application of the GDPR to the processing of personal data for scientific … remote stakeholder event on the topic " application of the GDPR to the processing of personal data for scientific …
EDPB Specific Privacy Statements
… and the EDPB on the interplay between the DMA and the GDPR For any queries, including on older versions of privacy … and the EDPB on the interplay between the DMA and the GDPR For any queries, including on older versions of privacy …