2 May 2024
… network vulnerabilities, unauthorised access, dark web, data breach, data breach notification, network intrusion, ransomware, … network vulnerabilities, unauthorised access, dark web, data breach, data breach notification, network intrusion, …
25 March 2019
… The Danish Data Protection Agency proposes a DKK 1,2 million fine for Danish taxi company 25 March 2019 Denmark The Danish Data Protection Agency has issued a statement declaring that … to fine Taxa 4x35 for a total of DKK 1. 2 million for a breach of the GDPR. Taxa 4x35 could be fined for failure to …
20 July 2020
… authority 20 July 2020 The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 5 000 on … provide the President of the UODO with access to personal data and other information necessary for the performance of … for assessment whether the controller communicated a data breach to the data subject in accordance with the GDPR …
16 May 2023
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Electronic communications, Hacker attack, Personal data breach, Principles relating to processing of personal data, …
20 April 2023
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … security, Data subject rights, Encryption, Personal data breach, Responsibility of the controller, Technical and …
6 April 2022
… imposed administrative fines on BOI of €463,000 Key words: Data Breach Summary of the Decision Origin of the case This inquiry was commenced in respect of 22 personal data breach notifications that Bank of Ireland Group plc … imposed administrative fines on BOI of €463,000 Key words: Data Breach Summary of the Decision Origin of the case …
19 February 2021
… Spanish Data Protection Authority (AEPD) imposes fine of 6.000.000 … EUR on CAIXABANK, S.A., 19 February 2021 Spain The Spanish Data Protection Authority (AEPD) imposed a total fine of … personal data. The AEPD concluded that this constituted a breach of Article 6 of the GDPR, and according to Article 83 …
31 October 2019
… an investigation, following the notification of a personal data breach to the supervisory authority, by filling in the form on the personal data breach in compliance with Regulation (EU) 2016/679. The … an investigation, following the notification of a personal data breach to the supervisory authority, by filling in the …
13 January 2021
… 13 January 2021 Poland The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 1.9 … measures to ensure the security of the processed data. UODO stated that the company infringed the principles … some of the company’s clients. In connection with a data breach, as a result of which an unauthorised person obtained …
7 September 2022
… unlawfully collecting a disproportionate amount of personal data 7 September 2022 Belgium Background information Date … Lawfulness (Article 6), Purpose limitation (Article 5.1.b), Data Minimisation (Article 5.1.c) Decision: Infringement of … prior to the mandatory data collection, and had therefore breached the principles of lawfulness, purpose limitation …
4 November 2024
… Article 9 (Processing of special categories of personal data) Decision: Administrative fine Key words: Lawfulness … penalty of NOK 250,000 to Eidskog Municipality for breach of the requirements for a legal basis in the General Data Protection Regulation. Key findings The Norwegian …
18 December 2019
… The Norwegian Data Protection Authority imposes a fine on the City of Oslo … of Oslo, the Nursing Home Agency, for having stored patient data from the city’s nursing homes and health centres … The case commenced when the City of Oslo sent a data breach notification to the Data Protection Authority in …
11 September 2020
… 11 September 2020 Poland The President of the Personal Data Protection Office, after having found a personal data breach by the Warsaw University of Life Sciences … The President of the Personal Data Protection Office, after having found a personal data breach by the Warsaw University of Life Sciences (SGGW), …
6 February 2025
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data), Article 28 (Processor), Article 34 (Communication of a personal data breach to the data subject), Article 33 (Notification of a …
19 January 2023
… (Responsibility of the controller), Article 25 (1) (2) (Data protection by design and by default), Article 32 (1) … and (2) GDPR (Principles relating to processing of personal data), Article 57 (1) (a) and (h) GDPR, Article 58 (2) (i) GDPR , Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
29 June 2021
… ice cream parlours for processing employee‘s personal data via video surveillance camera installed in an employee … ice cream parlours for processing employee‘s personal data via video surveillance camera installed in an employee … amount of the fine was that the company was found to be in breach of numerous provisions of the Icelandic Act No. …
26 March 2019
… First fine imposed by the President of the Personal Data Protection Office 26 March 2019 Poland The President of the Personal Data Protection Office (UODO) imposed its first fine for the … of the Personal Data Protection Office considered the breach to be serious, since it concerns the fundamental …
30 August 2022
… fine, Cooperation with the supervisory authority, Personal data breach Summary of the Decision Origin of the case TIMSHEL notified a personal data breach to the supervisory authority by e-mail. However, … fine, Cooperation with the supervisory authority, Personal data breach Summary of the Decision Origin of the case …
25 September 2025
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 … processing), Article 34 (Communication of a personal data breach to the data subject), Article 38 (Position of the …
10 March 2020
… for two municipalities 10 March 2020 Denmark The Danish Data Protection Agency has reported the municipality of … of an adequate level of security under the General Data Protection Regulation (GDPR). For the municipalities of … both municipalities notified the agency of personal data breaches relating to the theft of computers containing …