Search results | European Data Protection Board

Finnish DPA imposed three administrative fines for data protection violations
27 May 2020
News
… had not made the impact assessment required by the GDPR before starting to process the location data. The … controller’s documentation related to compliance with the GDPR. The company had asked for information on matters such … had not made the impact assessment required by the GDPR before starting to process the location data. The …
EDPB adopts Guidelines on Right of Access and letter on cookie consent
19 January 2022
Press releases
… to support controllers to answer access requests in a GDPR compliant manner.” The Guidelines will be subject to … to support controllers to answer access requests in a GDPR compliant manner.” The Guidelines will be subject to …
Processing of personal data related to Danish research projects
3 October 2022
News
… 32) Decision: in accordance with the GDPR Key words: sensitive data, health records, research … 32) Decision: in accordance with the GDPR Key words: sensitive data, health records, research …
Norwegian Supervisory Authority with final decision to fine NAV
21 June 2022
News
… of personal data (Art. 5) Decision: Infringement of the GDPR and fine imposed Key words: Employment, unauthorised … of personal data (Art. 5) Decision: Infringement of the GDPR and fine imposed Key words: Employment, unauthorised …
Norwegian Supervisory Authority issues fine to the Norwegian parliament
4 March 2022
News
… of personal data (Art. 5) Decision: Infringement of the GDPR and fine imposed Key words: Information Security, … of personal data (Art. 5) Decision: Infringement of the GDPR and fine imposed Key words: Information Security, …
Spanish Data Protection Authority (AEPD) imposes fine on company for not complying with advertisement exclusion
18 August 2020
News
… to processing for marketing purposes under Article 21 GDPR. However, the company did not comply with its … to processing for marketing purposes under Article 21 GDPR. However, the company did not comply with its …
Join the stakeholder event on EDPB opinion on ‘AI models’
11 October 2024
News
… on issues relating to the request for an Art. 64(2) GDPR opinion on artificial intelligence ("AI") submitted to … on issues relating to the request for an Art. 64(2) GDPR opinion on artificial intelligence ("AI") submitted to …
The Norwegian SA issues fine and order company to establish procedures after unlawful credit rating
17 December 2021
News
… Legal basis (Article 6) Decision: Infringement of the GDPR, Order to establish procedures Key words: Credit Rating … Legal basis (Article 6) Decision: Infringement of the GDPR, Order to establish procedures Key words: Credit Rating …
Norwegian DPA: Waxing Palace AS fined
28 October 2021
News
… to be in breach of the General Data Protection Regulation (GDPR). The fine amount is based on an overall assessment, … to be in breach of the General Data Protection Regulation (GDPR). The fine amount is based on an overall assessment, …
Norwegian DPA issues fine to Gveik AS
11 February 2021
News
… personal purposes The General Data Protection Regulation (GDPR) requires that all processing of personal data must … personal purposes The General Data Protection Regulation (GDPR) requires that all processing of personal data must …
Norwegian SA issues administrative fine to the University of Agder
5 November 2024
News
… EUR 12 700 on the University of Agder for violation of the GDPR. The University had not taken appropriate measures to … EUR 12 700 on the University of Agder for violation of the GDPR. The University had not taken appropriate measures to …
Dutch SA fines Transavia for poor personal data security
23 September 2021
News
… Article 32 (1) and (2) Decision: Infringement of the GDPR, administrative fine Key words: Security of processing, … Article 32 (1) and (2) Decision: Infringement of the GDPR, administrative fine Key words: Security of processing, …
The Norwegian SA imposes fine against Elektro & Automasjon Systemer AS
13 December 2021
News
… Legal basis (Article 6) Decision: Infringement of the GDPR declared and fine imposed, order to establish … Legal basis (Article 6) Decision: Infringement of the GDPR declared and fine imposed, order to establish …
Biometrics for attendance recording. The Italian SA fines a high school
15 July 2025
News
… Findings The Italian SA recalled that, according to the GDPR and the Italian Data Protection Code, the use of … Findings The Italian SA recalled that, according to the GDPR and the Italian Data Protection Code, the use of …
Polish DPA fines Smart Cities: Another fine for lack of cooperation with the Personal Data Protection Office
2 February 2021
News
… supervisory authority within the remit of Article 51 of the GDPR, UODO monitors and enforces the application of this … supervisory authority within the remit of Article 51 of the GDPR, UODO monitors and enforces the application of this …
EDPB adopts final version of Guidelines on data subject rights - right of access
17 April 2023
News
… aligns the text of the Guidelines with the text of the GDPR, which does not provide for one-stop-shop for … aligns the text of the Guidelines with the text of the GDPR, which does not provide for one-stop-shop for …
Slovenian SA: launch of coordinated enforcement on role of data protection officers
… the position in their organisations required by Art. 37-39 GDPR and Chapter 6 of the Personal Data Protection Act and … the position in their organisations required by Art. 37-39 GDPR and Chapter 6 of the Personal Data Protection Act and …
Norwegian DPA: Company fined for illegal forwarding of e-mail
13 May 2021
News
… in addition to the requirement for legal basis under the GDPR. Nor had the business drawn up procedures for access to … in addition to the requirement for legal basis under the GDPR. Nor had the business drawn up procedures for access to …
Swedish SA: Administrative fine against the Equality Ombudsman when personal data was collected via a web form
15 July 2025
News
… The DO has violated the general data protection regulation (GDPR) by not having taken sufficiently effective security … The DO has violated the general data protection regulation (GDPR) by not having taken sufficiently effective security …
July Plenaries - adopted documents
2 August 2022
News
… Ireland Limited (Meta IE)). In accordance with Art. 65 (5) GDPR, the EDPB will publish its decision on its website … Ireland Limited (Meta IE)). In accordance with Art. 65 (5) GDPR, the EDPB will publish its decision on its website …