20 July 2020
… authority 20 July 2020 The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 5 000 on … provide the President of the UODO with access to personal data and other information necessary for the performance of … for assessment whether the controller communicated a data breach to the data subject in accordance with the GDPR …
16 May 2023
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Electronic communications, Hacker attack, Personal data breach, Principles relating to processing of personal data, …
20 April 2023
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … security, Data subject rights, Encryption, Personal data breach, Responsibility of the controller, Technical and …
6 April 2022
… imposed administrative fines on BOI of €463,000 Key words: Data Breach Summary of the Decision Origin of the case This inquiry was commenced in respect of 22 personal data breach notifications that Bank of Ireland Group plc … imposed administrative fines on BOI of €463,000 Key words: Data Breach Summary of the Decision Origin of the case …
7 September 2022
… unlawfully collecting a disproportionate amount of personal data 7 September 2022 Belgium Background information Date … Lawfulness (Article 6), Purpose limitation (Article 5.1.b), Data Minimisation (Article 5.1.c) Decision: Infringement of … prior to the mandatory data collection, and had therefore breached the principles of lawfulness, purpose limitation …
31 October 2019
… an investigation, following the notification of a personal data breach to the supervisory authority, by filling in the form on the personal data breach in compliance with Regulation (EU) 2016/679. The … an investigation, following the notification of a personal data breach to the supervisory authority, by filling in the …
13 January 2021
… 13 January 2021 Poland The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 1.9 … measures to ensure the security of the processed data. UODO stated that the company infringed the principles … some of the company’s clients. In connection with a data breach, as a result of which an unauthorised person obtained …
18 December 2019
… The Norwegian Data Protection Authority imposes a fine on the City of Oslo … of Oslo, the Nursing Home Agency, for having stored patient data from the city’s nursing homes and health centres … The case commenced when the City of Oslo sent a data breach notification to the Data Protection Authority in …
29 June 2021
… ice cream parlours for processing employee‘s personal data via video surveillance camera installed in an employee … ice cream parlours for processing employee‘s personal data via video surveillance camera installed in an employee … amount of the fine was that the company was found to be in breach of numerous provisions of the Icelandic Act No. …
4 November 2024
… Article 9 (Processing of special categories of personal data) Decision: Administrative fine Key words: Lawfulness … penalty of NOK 250,000 to Eidskog Municipality for breach of the requirements for a legal basis in the General Data Protection Regulation. Key findings The Norwegian …
26 March 2019
… First fine imposed by the President of the Personal Data Protection Office 26 March 2019 Poland The President of the Personal Data Protection Office (UODO) imposed its first fine for the … of the Personal Data Protection Office considered the breach to be serious, since it concerns the fundamental …
11 September 2020
… 11 September 2020 Poland The President of the Personal Data Protection Office, after having found a personal data breach by the Warsaw University of Life Sciences … The President of the Personal Data Protection Office, after having found a personal data breach by the Warsaw University of Life Sciences (SGGW), …
6 February 2025
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data), Article 28 (Processor), Article 34 (Communication of a personal data breach to the data subject), Article 33 (Notification of a …
19 January 2023
… (Responsibility of the controller), Article 25 (1) (2) (Data protection by design and by default), Article 32 (1) … and (2) GDPR (Principles relating to processing of personal data), Article 57 (1) (a) and (h) GDPR, Article 58 (2) (i) GDPR , Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
30 August 2022
… fine, Cooperation with the supervisory authority, Personal data breach Summary of the Decision Origin of the case TIMSHEL notified a personal data breach to the supervisory authority by e-mail. However, … fine, Cooperation with the supervisory authority, Personal data breach Summary of the Decision Origin of the case …
12 January 2023
… Instagram decisions: “Important impact on use of personal data for behavioural advertising” 12 January 2023 EDPB … dispute resolution decisions of 5 December 2022, the Irish Data Protection Authority (IE DPA) has adopted its decisions … corrective measures. The EDPB noted that the grave breaches of transparency obligations impacted the reasonable …
25 September 2025
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 … processing), Article 34 (Communication of a personal data breach to the data subject), Article 38 (Position of the …
10 March 2020
… for two municipalities 10 March 2020 Denmark The Danish Data Protection Agency has reported the municipality of … of an adequate level of security under the General Data Protection Regulation (GDPR). For the municipalities of … both municipalities notified the agency of personal data breaches relating to the theft of computers containing …
5 November 2024
… of the controller, Publicly available data, Data security, Employment Summary of the Decision Origin … employees without a need to know had access to. The data breach has been ongoing since the university started using … of the controller, Publicly available data, Data security, Employment Summary of the Decision …
2 May 2025
… for Commander-in-Chief of the Polish Police for disclosing data of a citizen at a press conference 2 May 2025 Poland … Article 9 (Processing of special categories of personal data), Article 24 (Responsibility of the controller) … Making the data available by the Commander-in-Chief in breach of the GDPR (without a legal basis) during the …