12 September 2022
… Right to object (Article 21) Decision: Infringement of the GDPR, Administrative fine Key words: Unlawful processing, … rights, in breach of the provision of Article 12(2) of the GDPR, and that the processing in question took place without … of the provisions of Articles 5(1)(a), 5(2) and (6) of the GDPR. Decision The Hellenic SA imposed a fine of EUR …
16 September 2022
… Reference: data retention periods (Article 5.1.e of the GDPR), security of personal data (Article 32 of the GDPR) Decision: infringement of the GDPR, Administrative fine Key words: website, data retention … Reference: data retention periods (Article 5.1.e of the GDPR), security of personal data (Article 32 of the GDPR) …
26 January 2023
… The principle of accountability (Article 5(2) of the GDPR), lawfulness of processing (Article 6(1) of the GDPR) Summary of the Decision Origin of the case The … of such measures must comply with the requirements of the GDPR. In the light of the principle of accountability …
18 September 2023
… Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation (Article 5(1)(c) of the GDPR) Infringement of the ban on processing sensitive data (Article 9 of the GDPR) A breach of the ban on processing personal data … Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation (Article 5(1)(c) …
7 February 2023
… Legal references: Article 83 (1- 3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 28 (1) (3) and (9) GDPR (Processor), Article 33 (1) GDPR (Notification of a personal data breach to the … Legal references: Article 83 (1- 3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), …
18 November 2025
… the principle of liability (articles 5-1-a) and 5-2 of the GDPR); Failure to collect adequate, relevant and necessary data (article 5-1-c) of the GDPR); Failure to involve the Data Protection Officer in … to the protection of personal data (article 38-1 of the GDPR) Decision: administrative fine Key words: CCTV cameras, …
19 January 2023
… Legal references: Article 83 (1-3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 24 (1) GDPR (Responsibility of the controller), Article 25 (1) (2) … protection by design and by default), Article 32 (1) (2) GDPR (Security of processing), Article 5 (1) (e) (f) and (2) …
26 April 2024
… of Reykjavík infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to ensure that data is not further processed …
27 May 2018
… 2003 (see WP29 opinion of 2003 available here ). ICANN’s GDPR compliance process appears to have been formally … are concerned over the entry into application of the GDPR on 25 May 2018. The GDPR does not allow national supervisory authorities nor the … 2003 (see WP29 opinion of 2003 available here ). ICANN’s GDPR compliance process appears to have been formally …
23 September 2021
… National case Legal Reference: Information (Article 14 GDPR), Right of access by the data subject (Article 15 GDPR) Decision: Infringement of the GDPR, reprimand, and order to comply Summary of the Decision … National case Legal Reference: Information (Article 14 GDPR), Right of access by the data subject (Article 15 GDPR) …
21 April 2022
… Rescue team Legal Reference: Article 5 § 1 c) of the GDPR; Article 6 of the GDPR; Article 9 of the GDPR; Article 12 combined with 13 §1 c) of the GDPR; … Rescue team Legal Reference: Article 5 § 1 c) of the GDPR; Article 6 of the GDPR; Article 9 of the GDPR; Article …
15 December 2020
… Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International … found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to … Concerned Supervisory Authorities under Article 60 of the GDPR in May of this year, was the first one to go through …
13 December 2019
… 12 and 13 of the General Data Protection Regulation (GDPR); the infringement of Article 5 paragraph (1) letter c), Article 6 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letter c), Article 9 and Article 7 of GDPR; the infringement of Article 5 paragraph (1) letters …
29 April 2022
… in the interpretation and consistent application of the GDPR by endorsing and adopting no less than 57 Guidelines … is crucial for ensuring a consistent interpretation of the GDPR. To stay on top of this growing workload and make the … use of the possibilities for cooperation foreseen in the GDPR, we will yearly identify a number of cross-border cases …
20 February 2020
… (SAs) contributed to the evaluation and review of the GDPR as required by Art. 97 GDPR . The EDPB is of the opinion that the application of the GDPR in the first 20 months has been successful. Although … (SAs) contributed to the evaluation and review of the GDPR as required by Art. 97 GDPR . The EDPB is of the …
25 June 2020
… following the One-Stop-Shop cooperation procedure (Art. 60 GDPR) on its website. Under the GDPR, Supervisory Authorities have a duty to cooperate on … information showcasing how SAs work together to enforce the GDPR in practice. The information in the register has been …
4 January 2021
… period Information note on data transfers under the GDPR after the Brexit transition period Guidelines on restrictions of data subject rights under Article 23 GDPR - version for public consultation Guidelines on the … of the Second Payment Services Directive (PSD2) and the GDPR (following public consultation) Guidelines on articles …
30 November 2022
… case: National case Legal references: Article 6 (1) GDPR (Lawfulness of processing), Article 5 (1) (a) GDPR (Principles relating to processing of personal data), Article 9 (1) and (2) GDPR (Processing of special categories of personal data), … case: National case Legal references: Article 6 (1) GDPR (Lawfulness of processing), Article 5 (1) (a) GDPR …
12 March 2024
… SA founded that the data controller infringed Article 12(3) GDPR because it failed to inform the Data Subject of the … of transparent data processing according to Article 5(1)(a) GDPR as the Data Subject could not see what additional data, … data. The Hungarian SA has also found that Article 5(2) GDPR cannot be regarded as a provision requiring mandatory …
29 March 2023
… Legal Reference: Data minimisation (article 5.1.c of the GDPR), Contractual framework between the controller and processors (article 28.3 of the GDPR), Inform and collect user consent before writing and … French Data Protection Act) Decision: Infringement of the GDPR, Infringement of the French Data Protection Act, …