17 December 2019
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Hacker attack Personal data breach … users’ sessions to be taken over and part of their profile data being accessed (e.g. posts and comments on fo- rum and …
18 December 2019
… 18 December 2019 Germany The Federal Commissioner for Data Protection and Freedom of Information (BfDI) imposed a fine … 37 of the GDPR to appoint an internal data protection officer. When imposing the 10.000 Euro fine, the fact was … The Federal Commissioner for Data Protection and Freedom of Information (BfDI) imposed a …
13 June 2019
… 17 (Right to erasure (‘right to be forgotten’)) Keywords Data subject rights Right to erasure Outcome No violation … Request The Office of the Commissioner for Personal Data Protection (hereafter “CY SA”) refers to the complaint of … Right to erasure, e-commerce, Exercise of the rights of data subjectsSummary of the DecisionOrigin of the case The …
19 February 2020
… and modalities for the exercise of the rights of the data subject) Article 17 (Right to erasure (‘right to be … to your company regarding a violation of the General Data Protection Regulation (GDPR) when processing personal data … to have his player account deleted from the controller database of the online game he had previously bought. The …
12 February 2021
… 12 February 2021 Sweden The Swedish Authority for Privacy Protection finds that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using Clearview AI to identify individuals. … that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using …
3 January 2024
… 2023 Cross-border case Hungarian National Authority for Data Protection and Freedom of Information (Hungarian Supervisory Authority, SA) and CSAs: Office for Personal Data Protection of the Slovak Republic (Slovak Supervisory … 2023 Cross-border case Hungarian National Authority for Data Protection and Freedom of Information (Hungarian …
29 June 2020
… to erasure (‘right to be forgotten’)) Keywords Consumer protection Outcome Reprimand Summary 62.2KB Télécharger … Hatóság (Hungarian National Authority for Data Protection and Freedom of Information, hereinafter: the … complainant. As a result of an administrative error, the data controller failed to inform the complainant about the …
13 May 2021
… DPA: Dragefossen AS fined 13 May 2021 Norway The Norwegian Data Protection Agency has fined the power company Dragefossen AS … on YouTube and the company’s own website. Up until the Data Protection Authority contacted the company, it was … The Norwegian Data Protection Agency has fined the power company …
5 January 2021
… based in Warsaw, which, as the controller of personal data, did not meet the obligation of cooperation with the … is closely related to obtaining and processing of personal data. The personal data protection regulations and the obligations they impose on … based in Warsaw, which, as the controller of personal data, did not meet the obligation of cooperation with the …
16 May 2023
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), …
13 January 2021
… threat and remove it led the company ID Finance Poland to data loss. Therefore, the President of the Personal Data Protection Office (UODO) found that the company had not … threat and remove it led the company ID Finance Poland to data loss. Therefore, the President of the Personal Data …
2 February 2022
… Article 5 (Principles relating to processing of personal data) Article 6 (Lawfulness of processing) Article 7 … Article 32 (Security of processing) Article 35 (Data protection impact assessment) Article 37 (Designation of the data protection officer) Keywords Advertising E-Commerce Lawfulness of …
2 September 2020
… of a Reprimand for the Processing of Students’ Personal Data 2 September 2020 Poland The President of the Personal Data Protection Office (UODO) imposed a penalty of a reprimand … The President of the Personal Data Protection Office (UODO) imposed a penalty of a …
26 July 2019
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision … 1 The list of types of personal data processing operations, for which carrying out a Data …
13 December 2019
… of provisions of Articles 12 and 13 of the General Data Protection Regulation (GDPR); the infringement of Article 5 … it provided clear, complete and correct information to the data subjects; fine in the amount of 23893 lei, the … of provisions of Articles 12 and 13 of the General Data Protection Regulation (GDPR); the infringement of …
13 January 2021
… 13 January 2021 Poland The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 1.9 million … measures to ensure the security of the processed data. UODO stated that the company infringed the principles … The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 1.9 …
25 February 2020
… controller) Article 32 (Security of processing) Keywords Data security Password Right of access Outcome Reprimand … the exchanges of emails between the CNIL and your company's Data Protection Officer (hereinafter referred to as "DPO") in the … words: Password, Right of access, Marketing preferences, Data securitySummary of the DecisionOrigin of the case The …
12 September 2019
… of processing operations exempt from the requirement for a Data Protection Impact Assessment under Art 35(5) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision … the list of the kind of processing operations for which a data protection impact assessment is not required The …
3 June 2020
… Article 32 (Security of processing) Keywords Personal data breach Outcome Reprimand Summary 60.4KB Télécharger … J.No. 2019-441-3337 Doc.no. 167462 Caseworker The Danish Data Protection Agency Borgergade 28, 5. 1300 Copenhagen Denmark … 1 Summary Final Decision Art 60 Notification of Data Breach Reprimand to controller EDPBI:DK:OSS:D:2020:110 …
15 October 2018
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision … 15.10.2018 1 (3) Office of the Data Protection Ombudsman P.O. Box 800, FIN-00521 Helsinki, …