3 March 2022
… but the risk of their occurrence as a reason for breach notification 3 March 2022 Poland Background … S.A. Legal Reference: Communication of a personal data breach to the data subject (Article 34(1)) Decision: Infringement of the …
8 September 2022
… Supervisory Authority fines Enel Energie Muntenia S.A. for breaching Article 32 GDPR 8 September 2022 Romania … of processing (Article 32). Notification of a personal data breach to the supervisory authority (Article 33). … Infringement of the GDPR, Corrective measures. Key words: Data breach, security of processing. Summary of the …
19 March 2021
… Polish DPA: Breach of the GDPR provisions by Funeda results in a fine 19 … Sp. z o.o. company breached the provisions of the General Data Protection Regulation (GDPR) by not cooperating with Polish Data Protection Authority in the scope of performing the …
18 July 2023
… Romanian SA fines UiPath SRL for breaching Articles 25 and 32 GDPR 18 July 2023 Romania … Controller: UiPath SRL Legal references: Article 25 (Data protection by design and by default), Article 32 … Decision: Administrative fine, Compliance order Key words: Data protection by design and by default, Personal data …
15 December 2020
… Irish Data Protection Commission announces decision in Twitter inquiry 15 December 2020 Ireland The Data Protection Commission (DPC) has today announced a … commenced in January, 2019 following receipt of a breach notification from Twitter and the DPC has found that …
30 June 2021
… must be notified to the supervisory authority and the data subjects 30 June 2021 Poland Mediation Promotion and … 13 000 PLN (3 000 EUR) for failing to notify the personal data breach to the supervisory authority without undue delay, and …
28 November 2024
… fine of 2 500 € for the way of collecting the data 28 November 2024 Poland Background information Date of … Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … of processing), Article 33 (Notification of a personal data breach to the supervisory authority), Article 34 …
30 April 2020
… The Swedish Data Protection Authority issues fine against the National … Government Service Centre 30 April 2020 Sweden The Swedish Data Protection Authority imposes an administrative fine of … well as the Data Protection Authority about a personal data breach in due time. The Data Protection Authority (DPA) …
12 February 2021
… reprimand to Telenor for inadequate protection of personal data 12 February 2021 Norway The Norwegian Data Protection Authority have issued a reprimand to Telenor … in its voicemail function, and for failing to submit a data breach notification to the Norwegian Data Protection …
5 January 2022
… fine imposed on psychotherapy centre Vastaamo for data protection violations 5 January 2022 Finland Background … Vastaamo Legal Reference: Notification of a personal data breach to the supervisory authority (Art. 33(1)), …
6 July 2022
… Loss of a document with personal data and failure to notify the incident as a reason for a … z o.o. Sp. k. Legal Reference: notification of a personal data breach to the supervisory authority (Art. 33 (1)) Decision: …
17 April 2023
… EDPB adopts final version of Guidelines on data subject rights - right of access 17 April 2023 EDPB … the EDPB has adopted a final version of the Guidelines on data subject rights - Right of access . The Guidelines … lead supervisory authority and the Guidelines on data breach notification . Both guidelines concern an update of …
15 July 2025
… fine against the Equality Ombudsman when personal data was collected via a web form 15 July 2025 Sweden … administrative fine Key words: administrative fine, data security, restriction of processing, personal data breach, public administration, sensitive data Summary of …
8 February 2023
… between controller and processor does not guarantee data security – an administrative fine imposed by the Polish … and (2) GDPR (Principles relating to processing of personal data), Article 24 (1) GDPR (Responsibility of the … words: Data security, Administrative fine, Personal data breach Summary of the Decision Origin of the case The …
2 September 2024
… Administrative fine against bank for transferring customer data to Meta 2 September 2024 Sweden Background information … Article 5 (Principles relating to processing of personal data), Article 32 (Security of processing), Article 83 … Administrative fine Key words: Finance, Personal data breach, Administrative fine Summary of the Decision …
20 December 2022
… acting in accordance with established procedures counteract data loss 20 December 2022 Poland Background information … case Controller: Mayor of the Commune Legal Reference: Data protection by design and by default Article 25(1) … to the Polish Supervisory Authority, SA a personal data breach which occurred as a result of a break-in in the …
11 December 2020
… University failed to sufficiently protect sensitive personal data 11 December 2020 Sweden Umeå University has processed special categories of personal data concerning sexual life and health through, amongst … for failing to report the incident as a personal data breach. Since 25 May 2018, organisations are obliged to …
7 October 2021
… SA: Police reprimanded for illegal processing of personal data with facial recognition software 7 October 2021 Finland … Reference: Art. 14 in the Act on the Processing of Personal Data in Criminal Matters and in Connection with Maintaining … Security Decision: Reprimand Key words: Personal data breach Summary of the Decision Origin of the case The Deputy …
23 September 2021
… Dutch SA fines Transavia for poor personal data security 23 September 2021 Netherlands Ireland France … administrative fine Key words: Security of processing, data security breach Summary of the Decision Origin of the case The …
12 September 2022
… Debt Management Company for unlawful processing of personal data and non-essential examination of rights to object and … fairness and transparency of processing of personal data (Article 5.1a). Principle of accountability (Article … unduly impeded the exercise of the complainant’s rights, in breach of the provision of Article 12(2) of the GDPR, and …