Search results | European Data Protection Board

Zdravko Vukić elected new Deputy Chair of the European Data Protection Board
19 June 2024
Press releases
… EDPB Members work together closely to raise awareness of GDPR at both national and EU levels, to empower individuals … small and medium-sized enterprises in aligning with the GDPR. About the Chair and Deputy Chair election procedure: According to Art.73 GDPR, the Board elects one Chair and two Deputy Chairs …
Third fine imposed by Polish SA on the Surveyor General of Poland for failure to notify the personal data breach
23 September 2022
News
… of personal data set forth in Article 4(1) of the GDPR, according to which personal data is any information … fine imposed on GGK by the Polish SA since the GDPR came into force. In issuing the decision imposing the … of personal data set forth in Article 4(1) of the GDPR, according to which personal data is any information …
The Polish SA has once again investigated Virgin Mobile's personal data breach
20 January 2023
News
… imposing a fine. The authority noted that Article 5 of the GDPR indicates the principles concerning the processing of … measures at all. The Polish SA, finding a violation of the GDPR, decided to impose an administrative fine of 340 717,27 … imposing a fine. The authority noted that Article 5 of the GDPR indicates the principles concerning the processing of …
Polish SA imposed a fine on TIMSHEL for lack of cooperation with the supervisory authority
30 August 2022
News
… TIMSHEL Legal references: Article 58 (2) (i) and (1) (a) GDPR, Article 83 (1) (2) and (5) (e) GDPR (General conditions for imposing administrative fines) … TIMSHEL Legal references: Article 58 (2) (i) and (1) (a) GDPR, Article 83 (1) (2) and (5) (e) GDPR (General …
EDPB adopted documents - 34th, 35th & 36th plenary
28 July 2020
News
… interplay of the Second Payment Services Directive and the GDPR - version for public consultation letter to MEP Ďuriš … interplay of the Second Payment Services Directive and the GDPR - version for public consultation letter to MEP Ďuriš …
EDPB stakeholder event AI models
5 November 2024
News
… the Irish Data Protection Authority under Art. 64 (2) GDPR. EDPB Chair Anu Talus said: “During the stakeholder … the Irish Data Protection Authority under Art. 64 (2) GDPR. EDPB Chair Anu Talus said: “During the stakeholder …
Estonia participates in the pan-European role of public and private data protection officers in joint supervision
… are outlined in Section 4 of Chapter 4 of the GDPR. In order to gauge whether data protection officers … in organisations that meet the conditions of Articles 37-39 GDPR and have the necessary resources to carry out their … are outlined in Section 4 of Chapter 4 of the GDPR. In order to gauge whether data protection officers …
Hungarian SA’s procedure on the handling of unsubscribe from newsletter
12 December 2023
News
… procedure was launched in accordance with Article 56 (1) of GDPR with a view to identifying the lead supervisory … submitted an erasure request according to Chapter III of GDPR, the competence of the HU SA could not be established … procedure was launched in accordance with Article 56 (1) of GDPR with a view to identifying the lead supervisory …
Polish SA: record fine imposed on Fortum Marketing and Sales Polska S.A. for personal data breach
17 March 2022
News
… (Art. 32(1) and Art. 32(2)). Decision: infringement of the GDPR, administrative fine. Key words: responsibility of the … The Polish DPA found that the controller infringed the GDPR provisions i.e. Art. 5(1)(f), Art. 24(1), Art. 25(1), … (Art. 32(1) and Art. 32(2)). Decision: infringement of the GDPR, administrative fine. Key words: responsibility of the …
Fine imposed for preventing the Supervisory Authority from performing an inspection
3 April 2020
News
… the company infringed the provisions of Article 31 of the GDPR with regard to Article 58(1)(e) and (f) of the GDPR referring to cooperation with the supervisory authority … the company infringed the provisions of Article 31 of the GDPR with regard to Article 58(1)(e) and (f) of the GDPR …
EDPB adopts template complaint form and a final version of Recommendations on the application for approval and on the elements and principles to be found in Controller BCRs
21 June 2023
News
… BCR applications since the entering into application of the GDPR. The recommendations provide additional guidance and … essentially equivalent to the one provided by the GDPR. A second set of recommendations for BCR-processors … BCR applications since the entering into application of the GDPR. The recommendations provide additional guidance and …
Polish DPA fines non-public nursery and pre-school: Lack of cooperation with the supervisory authority
20 July 2020
News
… a data breach to the data subject in accordance with the GDPR (Article 58(1)(e) of the GDPR). The controller notified to the President of the UODO … a data breach to the data subject in accordance with the GDPR (Article 58(1)(e) of the GDPR). The controller …
Swedish DPA: Investigation of 1177-incident finalized
11 June 2021
News
… calling 1177 with information according to the rules in the GDPR and the Patient Records Act, for example how their … and medical care laid down by law. This is a breach of the GDPR’s principle of lawfulness. Further to the … on behalf of Medhelp. The Data Protection Regulation, the GDPR, lays down obligations also for processors, i.e. …
Reprimand for disclosure of the list of quarantined persons
25 November 2020
News
… constitutes personal data within the meaning of the GDPR, and the fact that persons are in quarantine … controller is subject to the obligations resulting from the GDPR. UODO also took into account that the confidentiality … to ensure the security of processing. Article 33(1) of the GDPR sets forth that in the case of a personal data breach, …
Icelandic SA: the municipality of Reykjavík fined 5.000.000 ISK for the use of the Seesaw educational system
16 May 2022
News
… safeguards (Article 46). Decision: infringement of the GDPR, order to suspend processing and erasure of personal … of Reykjavík had breached various provisions of the GDPR using Seesaw. Following that decision, the Icelandic SA … safeguards (Article 46). Decision: infringement of the GDPR, order to suspend processing and erasure of personal …
Polish SA: administrative fine of EUR 15 556 for University Children’s Clinical Hospital in Białystok for failing to implement appropriate technical and organisational measures
25 September 2025
News
… infringement of Articles 24(1), 25(1) and 32(1,2) of the GDPR. In addition, the President of the Personal Data … the processing operations into line with the provisions of GDPR by: implementing appropriate technical and … infringement of Articles 24(1), 25(1) and 32(1,2) of the GDPR. In addition, the President of the Personal Data …
EDPB Opinions on draft UK adequacy decisions
16 April 2021
News
… on the EDPB website. Opinion 14/2021 is based on the GDPR and assesses both general data protection aspects and … on the EDPB website. Opinion 14/2021 is based on the GDPR and assesses both general data protection aspects and …
Polish DPA: A data breach must be notified to the supervisory authority
11 January 2021
News
… not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative … DPA reminds that pursuant to Article 33 (1) and (3) of the GDPR, in the case of a personal data breach, the controller … not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative …
State Commissioner for Data Protection in Lower Saxony imposes € 10.4 million fine against notebooksbilliger.de
26 January 2021
News
… Lower Saxony under the General Data Protection Regulation (GDPR). The GDPR enables supervisory authorities to impose fines of up … Lower Saxony under the General Data Protection Regulation (GDPR). The GDPR enables supervisory authorities to impose …
Polish DPA Fines ENEA S.A.: A data breach must be notified to the supervisory authority
11 January 2021
News
… not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative … DPA reminds that pursuant to Article 33 (1) and (3) of the GDPR, in the case of a personal data breach, the controller … not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative …