Search results | European Data Protection Board

Polish SA: administrative fine of EUR 15 556 for University Children’s Clinical Hospital in Białystok for failing to implement appropriate technical and organisational measures
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … access to the IT systems was blocked, resulting in a breach of the confidentiality and availability of personal …
Guidelines 10/2020 on restrictions under Article 23 GDPR
18 December 2020
Guidelines
… Type: Guidelines Topics: Restrictions The European Data Protection Board welcomes comments on the Guidelines … set out in the Regulation and in accordance with applicable data protection rules. All legal details can be found in our … GDPR........................... 9 3.3.7 Protection of the data subject or the rights and freedoms of …
Polish SA: administrative fine of 330 000 € for a medical company after a hacker attack
28 November 2024
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), … order Key words: Accountability, Administrative fine, Data subject rights, Hacker attack, National identification … have had a real impact on the occurrence of a personal data breach. Key Findings The President of the Personal Data …
THE ITALIAN SUPERVISORY AUTHORITY FINES ENI GAS E LUCE EUR 11.5 MILLION - On account of unsolicited telemarketing and contracts
17 January 2020
News
… concerning respectively illicit processing of personal data in the context of promotional activities and the … criticalities with regard to the general processing of data. The violations brought to light include advertising … such data to Egl. The second fine of EUR 3 million concerns breaches due to the conclusion of unsolicited contracts for …
EDPB and EDPS support strengthening EU’s cybersecurity and easing compliance while protecting individuals’ personal data
19 March 2026
Press releases
… easing compliance while protecting individuals’ personal data 19 March 2026 EDPB EDPS Brussels, 19 March 2026 – The European Data Protection Board (EDPB) and the European Data … a single-entry point for the notification of personal data breaches , as it would reduce the administrative burden for …
Dutch DPA fines OLVG hospital for inadequate protection of medical records
11 February 2021
News
… of medical records 11 February 2021 Netherlands The Dutch Data Protection Authority (DPA) has imposed a fine of … security measures couldn’t guarantee that. That’s a serious breach and that’s why the DPA has imposed this fine.’ … medical information, patient records also contain personal data like citizen service numbers, addresses and phone …
Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679
13 October 2020
Guidelines
… Topics: Cooperation between authorities The European Data Protection Board welcomes comments on the Guidelines … set out in the Regulation and in accordance with applicable data protection rules. All legal details can be found in our … 9 3.2.2 Risks to fundamental rights and freedoms of data subjects......................................... 10 …
EDPB requests that Irish SA amends WhatsApp decision with clarifications on transparency and on the calculation of the amount of the fine due to multiple infringements
2 September 2021
News
… the draft decision of the IE SA already identified a severe breach of Art. 12-13-14 GDPR. The EDPB identified additional … Art. 5(1)(a) GDPR . Regarding WhatsApp IE’s collection of data of non-users - when users decide to use the Contact … IE does not lead to anonymisation of the collected personal data. Regarding the imposed fine and the calculation of the …
EDPBI:FR:OSS:D:2023:802
8 June 2023
… Article 5 (Principles relating to processing of personal data) Article 6 (Lawfulness of processing) Article 9 (Processing of special categories of personal data) Article 12 (Transparent information, communication and … of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Administrative …
Decision 01/2020 on the dispute arisen on the draft decision of the Irish Supervisory Authority regarding Twitter International Company under Article 65(1)(a) GDPR
9 November 2020
Binding decision of the Board (Art. 65)
… 33(3) GDPR on the content of the notification of a personal data breach on security of processing … of Article 34 GDPR on the communication of a personal data breach to the data …
Dutch DPA imposes fine of €525,000 on Locatefamily.com
12 May 2021
News
… on Locatefamily.com 12 May 2021 Netherlands The Dutch Data Protection Authority (DPA) has imposed a fine of … in the EU. The lack of a representative in the EU is a breach of the General Data Protection Regulation (GDPR) and is the reason the fine … The Dutch Data Protection Authority (DPA) has imposed a fine of …
Belgian DPA fine for unlawful processing of video images
25 November 2020
News
… a fine of 1,500 EUR for unlawful processing of personal data made via a video surveillance system. The positioning … this video system also constituted an infringement of the data protection by design principle, the DPA concluded. … resulted in the decision that a priori analysed potential breaches of the GDPR. Decision of the Litigation Chamber The …
Romanian Supervisory Authority fine against Hora Credit IFN S.A.
10 December 2019
News
… the infringement of certain provisions of General Data Protection Regulation (GDPR). The controller was … Hora Credit IFN SA sent documents containing the personal data of another person to the e-mail address. Although this … risks and notification of the ANSPDCP in case of a security breach, under the conditions provided by Article 33 …
Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)
23 November 2018
Guidelines
… 3) - version adopted after public consultation The European Data Protection Board welcomes comments on the Guidelines … In addition, if your comments also contain personal data, and you accept the publication of such data, please include the following sentence, either at the …
Facial recognition at airports: individuals should have maximum control over biometric data
24 May 2024
Press releases
… individuals should have maximum control over biometric data 24 May 2024 EDPB Brussels, 24 May - During its latest … Article 64(2) Opinion, following a request from the French Data Protection Authority, addresses a matter of general … Consistency New Technology Cybersecurity and data breach …
EDPB response to the Australian Information Commissioner and Privacy Commissioner
23 January 2019
Letters
… By email only Subject: Co-operation with the European Data Protection Board (02018/010231) Brussels, 23 January … and for your question related to the publication of the data breach notification. I would like to assure you that …
EDPBI:ES:OSS:D:2020:146
15 October 2020
… and modalities for the exercise of the rights of the data subject) Article 13 (Information to be provided where personal data are collected from the data subject) Article 14 (Information to be provided where … / penalty imposed 40.000 € and requirement of adaptation to data protection regulations 1054-0319 Summary of the …
EDPB letter to the Presidency of the Council of the EU on WADA
17 October 2019
Letters
… to the Code and its International Standards. The European Data Protection Board (EDPB), as successor of the Art.29 … has been made in relation to the safeguards on privacy and data protection provided by the Code and its Standards and … said set of rules, provided that such compliance does not breach other applicable laws. In cases where such compliance …
MARKETING: THE ITALIAN SA FINES TIM EUR 27.8 MILLION
1 February 2020
News
… to light a number of severe infringements of personal data protection legislation. TIM were proven to be … call centre operators relied upon by TIM had contacted the data subjects in the absence of whatever consent. In one … respect of different purposes including marketing. The data breach management system proved ineffective as well and no …
EDPB Annual Report 2019
18 May 2020
Annual report
… EDPB Annual Report 2019 1 EDPB Annual Report 2019 1 European Data Protection Board 2019 Annual Report WORKING TOGETHER … duties Guiding principles 5 6 2.1. 2.2. ABOUT THE EUROPEAN DATA PROTECTION BOARD 3 7 2019 - AN OVERVIEW4 8 Functioning … measures for ensuring data protection, which led to data breaches. Several significant incidents involved the …