Search results | European Data Protection Board

Poland SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
26 July 2019
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision …
Polish SA fines controller EUR 6700 for failure to implement appropriate security measures
16 May 2023
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security …
Polish DPA fines Anwara Sp. Z o.o. for failing to cooperate
5 January 2021
News
… based in Warsaw, which, as the controller of personal data, did not meet the obligation of cooperation with the … is closely related to obtaining and processing of personal data. The personal data protection regulations and the obligations they impose on …
EDPBI:BE:OSS:D:2022:325
2 February 2022
… Article 5 (Principles relating to processing of personal data) Article 6 (Lawfulness of processing) Article 7 … Article 32 (Security of processing) Article 35 (Data protection impact assessment) Article 37 (Designation of the data protection officer) Keywords Advertising E-Commerce Lawfulness of …
Polish DPA & ID Finance Poland: Checking potential system vulnerabilities cannot be delayed
13 January 2021
News
… threat and remove it led the company ID Finance Poland to data loss. Therefore, the President of the Personal Data Protection Office (UODO) found that the company had not …
French SAs list of the kind of processing operations exempt from the requirement for a Data Protection Impact Assessment under Art 35(5) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
12 September 2019
Decision by the SA
… of processing operations exempt from the requirement for a Data Protection Impact Assessment under Art 35(5) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision …
Polish DPA imposes a Penalty of a Reprimand for the Processing of Students’ Personal Data
2 September 2020
News
… of a Reprimand for the Processing of Students’ Personal Data 2 September 2020 Poland The President of the Personal Data Protection Office (UODO) imposed a penalty of a reprimand …
Romanian Supervisory Authority issues two fines each of 23,893 lei (EUR 5,000) against Entirely Shipping & Trading S.R.L.
13 December 2019
News
… of provisions of Articles 12 and 13 of the General Data Protection Regulation (GDPR); the infringement of Article 5 … it provided clear, complete and correct information to the data subjects; fine in the amount of 23893 lei, the …
Finland SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
15 October 2018
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision …
Norway SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
16 March 2019
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision …
Germany SAs' list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
16 October 2018
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision …
Polish DPA & Virgin Mobile Polska: Incidental safeguards review is not regular testing of technical measures
13 January 2021
News
… 13 January 2021 Poland The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 1.9 million … measures to ensure the security of the processed data. UODO stated that the company infringed the principles …
Greece SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
16 October 2018
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the … scale as set out in the Guidelines for the Data Protection Officer (WP243) and the Impact Assessment (WP248). c. …
Czech Republic SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
8 February 2019
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision …
Finnish SA: Fine for a company for carrying out direct marketing with robocalls without consent
6 July 2021
News
… with robocalls without consent 6 July 2021 Finland The Data Protection Ombudsman’s sanctions board has imposed an administrative fine on a magazine publisher due to data protection violations related to direct marketing. The …
The Norwegian Supervisory Authority’s fines Lillestrøm Municipal Council
5 May 2022
News
… and fine imposed Key words: special categories of personal data, unauthorised access Summary of the Decision Origin … public access, which they should have been. The executive officer failed to notice this, and the document passed … is a violation of Article 32 (1) (b) of the General Data Protection Regulation, which requires implementation of a …
Decision in the matter of Twitter International Company made pursuant to Section 111 of the Data Protection Act 2018
9 December 2020
Decision by the SA
… International Company made pursuant to Section 111 of the Data Protection Act 2018 Decision Type SA Ireland 9 December 2020 … at that point, insofar as the Global Data Protection Officer (‘the DPO’) was not added to the incident “ticket”, …
Italian DPA: Major Critical Issues for Vaccination Pass
4 May 2021
News
… green pass and it is affected additionally by several data protection shortcomings including the lack of any assessment … Contrary to the requirements laid down in the EU General Data Protection Regulation, the decree does not specify the …
Guidelines 01/2021 on Examples regarding Data Breach Notification
19 January 2021
Guidelines
… Guidelines 01/2021 on Examples regarding Data Breach Notification Start Date: 19 January 2021 End … Topics: Cybersecurity and data breach The European Data Protection Board welcomes comments on the Guidelines … their obligation to immediately report it to the security officer.  Emphasize the need of identifying the type of the …
Strengthening Schengen security and preventing irregular migration: EU Entry Exit System enters into operation
10 October 2025
News
… of all individuals. Processing of individuals’ personal data by the EES The EES records personal data from travel documents such as name, date of birth, and … data is supervised. Ensuring data subject rights The protection of personal data is a fundamental right, which …