18 November 2025
… SAMARITAINE SAS Legal Reference: obligation to process data lawfully and breach of the principle of liability (articles 5-1-a) and … GDPR); Failure to collect adequate, relevant and necessary data (article 5-1-c) of the GDPR); Failure to involve the … SAMARITAINE SAS Legal Reference: obligation to process data lawfully and breach of the principle of liability …
28 November 2024
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), … order Key words: Accountability, Administrative fine, Data subject rights, Hacker attack, National identification … have had a real impact on the occurrence of a personal data breach. Key Findings The President of the Personal Data …
15 April 2024
… Article 14 (Information to be provided where personal data have not been obtained from the data subject) Decision: Administrative fine Key words: … websites. Key Findings The French SA found several breaches of the GDPR: Failure of the obligation to have a …
11 February 2021
… of medical records 11 February 2021 Netherlands The Dutch Data Protection Authority (DPA) has imposed a fine of … security measures couldn’t guarantee that. That’s a serious breach and that’s why the DPA has imposed this fine.’ … medical information, patient records also contain personal data like citizen service numbers, addresses and phone …
6 February 2025
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data), Article 28 (Processor) Decision: Administrative fine, … administrative fine, Data subject rights, Personal data breach, Principles relating to processing of personal data, …
30 June 2025
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 9 … administrative fine, communication order personal data breach Key words: administrative fine, reprimand to …
2 July 2019
… 32 (4) in relation to Article 32 (1) and (2) of the General Data Protection Regulation in respect of the security of processing. The data controller, WORLD TRADE CENTER BUCHAREST S.A., was … to a fine of 71028 lei, the equivalent of 15,000 Euros. The breach of personal data security consisted in the fact that …
5 May 2021
… million fine to Disqus Inc. 5 May 2021 Norway The Norwegian Data Protection Authority has notified Disqus Inc. (Disqus) … it also engages in programmatic advertising. The Norwegian Data Protection Authority was made aware of the matter … In our advance notification, we also consider that Disqus breached the GDPR transparency and information requirements …
… Guidelines During its first plenary meeting the European Data Protection Board endorsed the GDPR related WP29 … of Regulation 2016/679, WP251rev.01 Guidelines on Personal data breach notification under Regulation 2016/679, WP250 rev.01 … During its first plenary meeting the European Data Protection Board endorsed the GDPR related WP29 …
20 November 2024
… Article 5 (Principles relating to processing of personal data), Article 9 (Processing of special categories of personal data) Decision: Administrative fine Key words: Sensitive … carried out by the CNIL in 2021 revealed several breaches, including the collection of sensitive data without …
18 August 2020
… fine for Rælingen municipality The Norwegian Data Protection Authority has imposed an administrative fine … 47,500 to Rælingen Municipality. The fine is imposed after data concerning health of children with special needs was … started when we received a notification of a personal data breach from the municipality. Upon further investigation of …
22 June 2022
… Legal Reference: Notification of a personal data breach to the supervisory authority (Art. 33), Security of … people on their membership profiles, which is a personal data breach. Trumf has an obligation to report all such … Legal Reference: Notification of a personal data breach to the supervisory authority (Art. 33), Security …
13 May 2021
… of Asker fined 13 May 2021 Norway The Norwegian Data Protection Authority has fined Asker municipality EUR … Municipality was fined for publishing confidential personal data and National Identity Numbers (NID) on its website. The municipality has breached the data protection regulations requirements …
12 February 2021
… that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using Clearview AI to identify individuals. … that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using …
1 February 2021
… known by mothers and fathers-to-be in Belgium, for various breaches of the GDPR. Family Service is a marketing company … lodged at the DPA alleging the company transferred personal data to third parties, including data brokers, without valid consent on the part of the …
1 December 2022
… 14 of the GDPR) obligation to ensure security of personal data (Article 32 of the GDPR) Decision: administrative fine … and 14 of the GDPR) Failure to ensure security of personal data (Article 32 of the GDPR) Decision Based on findings … public. The amount of the fine was decided considering the breaches observed and the cooperation by the company and all …
22 June 2021
… DPA: BRAbank ASA fined 22 June 2021 Norway The Norwegian Data Protection Authority has fined BRAbank EUR 40,000 (NOK 400,000) for violation of the General Data Protection Regulation (GDPR). This case concerns … This matter began with a notice of a personal data breach on 6 September 2019 from what was then Easybank ASA. …
7 December 2023
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 15 (Right to access by the data subject) … Right of access, Lawfulness of processing, Personal data breach, Right of access Summary of the Decision Origin …
2 February 2024
… 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 15 (Right to access by the data subject) … Right of access, Lawfulness of processing, Personal data breach, Right of access Summary of the Decision Origin …
8 September 2021
… national case Controller: AG2R LA MONDIALE Legal Reference: Data retention period (Article 5.1.e GDPR), Information … Key words: Insurances, data retention, information Summary of the Decision Origin … comply with articles 5-1-e, 13 and 14 of the GDPR. Decision Breach of Article 5-1-e of the GDPR The company had not …