Search results | European Data Protection Board

Endorsed WP29 Guidelines
… meeting the European Data Protection Board endorsed the GDPR related WP29 Guidelines: Guidelines on consent under … 9/2022 on personal data breach notification under GDPR Guidelines on the right to data portability under … records of processing activities pursuant to Article 30(5) GDPR Working Document Setting Forth a Co-Operation Procedure …
Belgian DPA fines controller for sending a direct marketing message to the wrong person and for not responding adequately to the subsequent request for access
19 June 2020
News
… answer to the request of the plaintiff (Article 15 GDPR), did not respond within the deadline set by the GDPR (Article 12.3 GDPR) and was not sufficiently transparent (Article 12.1 … answer to the request of the plaintiff (Article 15 GDPR), did not respond within the deadline set by the GDPR …
EDPB launches French and German versions of its Data Protection Guide for small business
17 May 2024
News
… The Guide provides practical information to SMEs about GDPR compliance and benefits in an accessible and easily … Guide for small business covers various aspects of the GDPR, from data protection basics, to data subject rights … practical materials to help SMEs on their way to become GDPR compliant In the near future, the Guide will become …
Icelandic SA: the municipality of Garðabær fined EUR 16 590 for the use of Google Workspace for Education
26 April 2024
News
… municipality of Garðabær infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to ensure that data is not further processed …
The French SA fines Clearview AI EUR 20 million
20 October 2022
News
… Lawfulness of processing of personal data (article 6 of the GDPR), Rights of individuals (articles 12, 15 and 17 of the GDPR), Cooperation with supervisory authority (article 31 of the GDPR) Decision: Infringement of the GDPR, Administrative … Lawfulness of processing of personal data (article 6 of the GDPR), Rights of individuals (articles 12, 15 and 17 of the …
Personalised advertising: French SA fined CRITEO EUR 40,000,000
15 June 2023
News
… Key Findings The French SA found five breaches of the GDPR: Failure to demonstrate that the person has given consent (Article 7.1 GDPR) Failure to comply with the obligation of information and transparency (Articles 12 and 13 GDPR) Failure to respect the right of access (Article 15.1 …
New EDPB opinion on certification criteria
19 September 2022
News
… may lead to an inconsistent application of the GDPR and a number of changes need to be made in … order to fulfil the requirements imposed by Art. 42 GDPR. After approval by the DPA, the certification mechanism … and data protection seals in accordance with Art. 42 (8) GDPR. …
New EDPB opinion on certification criteria
19 September 2022
News
… may lead to an inconsistent application of the GDPR and a number of changes need to be made in … order to fulfil the requirements imposed by Art. 42 GDPR. After approval by the DPA, the certification mechanism … and data protection seals in accordance with Art. 42 (8) GDPR. …
Commercial prospecting and personal rights: French SA fined GROUPE CANAL+ EUR 600,000
12 October 2023
News
… Findings The French SA has found several breaches of the GDPR: Failure to comply with the obligation to obtain … Post and Electronic Communications Code (CPCE) and 7 of the GDPR) Failure to provide information (Articles 13 and 14 of the GDPR) and to respect the exercise of rights (Articles 12 and …
The Lithuanian SA adopted a decision on the processing of employee’s personal correspondence
26 January 2023
News
… The principle of accountability (Article 5(2) of the GDPR), lawfulness of processing (Article 6(1) of the GDPR) Summary of the Decision Origin of the case The … of such measures must comply with the requirements of the GDPR. In the light of the principle of accountability …
The French SA fines the economic interest group INFOGREFFE EUR 250000
16 September 2022
News
… Reference: data retention periods (Article 5.1.e of the GDPR), security of personal data (Article 32 of the GDPR) Decision: infringement of the GDPR, Administrative fine Key words: website, data retention … Reference: data retention periods (Article 5.1.e of the GDPR), security of personal data (Article 32 of the GDPR) …
Excessive data collection and lack of cooperation: the French SA imposes a fine of 200.000 euros on SAF LOGISTICS
18 September 2023
News
… Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation (Article 5(1)(c) of the GDPR) Infringement of the ban on processing sensitive data (Article 9 of the GDPR) A breach of the ban on processing personal data … Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation (Article 5(1)(c) …
EDPB adopted documents - 42nd & 43rd plenary
4 January 2021
News
… period Information note on data transfers under the GDPR after the Brexit transition period Guidelines on restrictions of data subject rights under Article 23 GDPR - version for public consultation Guidelines on the … of the Second Payment Services Directive (PSD2) and the GDPR (following public consultation) Guidelines on articles …
Investigation regarding access to and inspection by the employer of an employee’s emails on a company server, illegal installation and operation of a closed-circuit video-surveillance system and infringement of the right of access
14 January 2020
News
… as a controller had complied with the requirements of the GDPR and that its internal policies and regulations provided … had a legal right under Articles 5(1) and 6(1)(f) of the GDPR to carry out an internal investigation searching and … in his corporate PC. Following the finding that the GDPR had been infringed, the Authority decided in this …
Romanian Supervisory Authority fine of 2,389.05 lei (EUR 500) against an Association of Owners
29 November 2019
News
… mentioned in Article 83 paragraph (5) letter a) of GDPR – fine in the amount of 2389.05 lei, the equivalent of … mentioned in Article 83 paragraph (5) letter b) of GDPR – reprimand; for the contravention found pursuant to … mentioned in Article 83 paragraph (4) letter a) of GDPR – reprimand. The sanctions were imposed following a …
Italian SA fines US company offering diabetes app
13 October 2022
News
… Controller: US Company – Senseonics INC Legal Reference: GDPR Article 5, para 1 letters a), b) and f) (lawfulness, … in the Union) Decision: finding of infringements of the GDPR (imposition of administrative fine and order to comply) Key words: GDPR, data breach, App, health data, lawfulness, fairness …
Long cooperation between controller and processor does not guarantee data security – an administrative fine imposed by the Polish SA
8 February 2023
News
… Article 83 (1-3), Article 83 (4) (a), Article 83 (5) (a) GDPR (General conditions for imposing administrative fines), Article 5 (1) (f) and (2) GDPR (Principles relating to processing of personal data), Article 24 (1) GDPR (Responsibility of the controller), Article 25 (1) …
Hungarian SA’s decision on the handling of access request by an airline company
2 February 2024
News
… be lawful only if it has a legal basis under Article 6(1) GDPR. Where the processing also involves special categories … the controller must have a legal basis under Article 6(1) GDPR and the processing must also comply with one of the situations set out in Article 9(2) GDPR. The Company’s reply to the request of access contained …
Hungarian SA: deletion request in concerning an airline company
19 January 2024
News
… founded that the data controller infringed Article 12(3) of GDPR, because it failed to inform the Data Subject of the … transparent data processing according to Article 5(1)(a) of GDPR as the Data Subject could not see what additional data, … data. The Hungarian SA has also found that Article 5(2) of GDPR cannot be regarded as a provision requiring mandatory …
The European Data Protection Board endorsed the statement of the WP29 on ICANN/WHOIS.
27 May 2018
… 2003 (see WP29 opinion of 2003 available here ). ICANN’s GDPR compliance process appears to have been formally … are concerned over the entry into application of the GDPR on 25 May 2018. The GDPR does not allow national supervisory authorities nor the … 2003 (see WP29 opinion of 2003 available here ). ICANN’s GDPR compliance process appears to have been formally …