Search results | European Data Protection Board

Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards
20 September 2019
News
… 20 September 2019 Poland The President of the Personal Data Protection Office imposed a fine of an amount higher … and technical measures for the protection of personal data were not appropriate to the risk posed by the … the fine, the supervisory authority concluded that the breach which took place in this case was of considerable …
The CNIL, French Supervisory Authority fines FREE EUR 300,000
16 December 2022
News
… 12 and 21 of the GDPR), obligation to secure personal data (Article 32 of the GDPR), obligation to document a personal data breach (Article 33 of the GDPR) Decision: infringement of …
Commercial prospecting and personal rights: French SA fined NS CARDS FRANCE €105,000
15 January 2024
News
… Article 5 (Principles relating to processing of personal data), Article 12 (Transparent information, communication … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … carried out two investigations on the company. It found breaches concerning the time user account data was kept, the …
Facebook and Instagram decisions: “Important impact on use of personal data for behavioural advertising”
12 January 2023
Press releases
… Instagram decisions: “Important impact on use of personal data for behavioural advertising” 12 January 2023 EDPB … dispute resolution decisions of 5 December 2022, the Irish Data Protection Authority (IE DPA) has adopted its decisions … corrective measures. The EDPB noted that the grave breaches of transparency obligations impacted the reasonable …
Commercial prospecting and personal rights: French SA fined GROUPE CANAL+ EUR 600,000
12 October 2023
News
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 14 … processing), Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
Polish SA imposed fine for failing to implement appropriate technical and organisational measures
31 May 2023
News
… fine, Cooperation, Employment, Notification of personal data breach Summary of the Decision Origin of the case The … This documentation contained, inter alia, personal data of the controller's employees and persons who were …
Polish SA: administrative fine of 17 880 € for Commander-in-Chief of the Polish Police for disclosing data of a citizen at a press conference
2 May 2025
News
… for Commander-in-Chief of the Polish Police for disclosing data of a citizen at a press conference 2 May 2025 Poland … Article 9 (Processing of special categories of personal data), Article 24 (Responsibility of the controller) … Making the data available by the Commander-in-Chief in breach of the GDPR (without a legal basis) during the …
Polish SA: administrative fine of 5 625 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key … Administrative fine,Data subject rights, Personal data breach, Principles relating to processing of personal data, …
Hungarian SA’s decision: failure by an airline company to comply with an erasure request concerning an email address used for direct marketing
2 February 2024
News
… and modalities for the exercise of the rights of the data subject), Article 17 (Right to erasure (‘right to be forgotten’)), Article 25 (Data protection by design and by default) … respect to the Complainant’s request, hence the Company breached Article 12(3) of GDPR when they failed to meet the …
Norwegian DPA imposes administrative fine to Østfold HF Hospital
25 November 2020
News
… Østfold HF Hospital 25 November 2020 Norway The Norwegian Data Protection Authority has decided on an administrative … the safe zone. The case started with a notice of personal data breach from the hospital. The folders where the extracts …
Italian SA fines US company offering diabetes app
13 October 2022
News
… Article 9 (processing of special categories of personal data, including health data); Article 12 (transparent information, communication … fine and order to comply) Key words: GDPR, data breach, App, health data, lawfulness, fairness and …
Hungarian SA’s decision: failure by an airline company to comply with an erasure request concerning an email address used for direct marketing
7 December 2023
News
… and modalities for the exercise of the rights of the data subject), Article 17 (Right to erasure (‘right to be forgotten’)), Article 25 (Data protection by design and by default) Decision: Warning … respect to the Complainant’s request, hence the Company breached Article 12(3) GDPR when they failed to meet the …
Lithuanian DPA imposes fine for improperly processed personal data of the parents of an adopted child
21 October 2020
News
… DPA imposes fine for improperly processed personal data of the parents of an adopted child 21 October 2020 Lithuania The State Data Protection Inspectorate – personal data protection … the principle of accuracy of processed personal data and breached Articles 5(1)(d) and 5(1)(f) of the GDPR. When …
Polish SA: fine of 9 300 € for Independent Public Health Care Centre after hacker attack
28 November 2024
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … processing), Article 34 (Communication of a personal data breach to the data subject). Decision: Administrative fine, …
Norwegian Supervisory Authority issues fine to the Norwegian parliament
4 March 2022
News
… (Art. 32) and Principles relating to processing of personal data (Art. 5) Decision: Infringement of the GDPR and fine … of the case The Norwegian parliament – the Storting – had a data breach in late 2020. In January 2022, the Norwegian …
EDPB Annual Report 2021: Enhancing the depth and breadth of data protection
12 May 2022
Press releases
… EDPB Annual Report 2021: Enhancing the depth and breadth of data protection 12 May 2022 EDPB Today, Andrea Jelinek, Chair of the European Data Protection Board (EDPB) presented the EDPB Annual … and recommendations on topics such as personal data breach notifications, connected vehicles and virtual voice …
Polish SA: administrative fine of 330 000 € for a medical company after a hacker attack
28 November 2024
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), … order Key words: Accountability, Administrative fine, Data subject rights, Hacker attack, National identification … have had a real impact on the occurrence of a personal data breach. Key Findings The President of the Personal Data …
Commercial prospecting: French SA fined HUBSIDE.STORE €525,000
15 April 2024
News
… Article 14 (Information to be provided where personal data have not been obtained from the data subject) Decision: Administrative fine Key words: … websites. Key Findings The French SA found several breaches of the GDPR: Failure of the obligation to have a …
Dutch DPA fines OLVG hospital for inadequate protection of medical records
11 February 2021
News
… of medical records 11 February 2021 Netherlands The Dutch Data Protection Authority (DPA) has imposed a fine of … security measures couldn’t guarantee that. That’s a serious breach and that’s why the DPA has imposed this fine.’ … medical information, patient records also contain personal data like citizen service numbers, addresses and phone …
Polish SA: administrative fine of 5 700 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data), Article 28 (Processor) Decision: Administrative fine, … administrative fine, Data subject rights, Personal data breach, Principles relating to processing of personal data, …