… analyse decisions related to different Articles of the GDPR and include examples of final One-Stop-Shop (OSS) … Supervisory Authorities (SAs) work together to enforce the GDPR. They offer an opportunity to read final decisions … Publication Type: Support Pool of Experts projects Topics: GDPR enforcement Cooperation between authorities English …
6 December 2022
… three dispute resolution decisions on the basis of Art. 65 GDPR concerning Meta Platforms Ireland Limited (Meta IE). … in ensuring the correct and consistent application of the GDPR by the national Supervisory Authorities. The Irish SA … among others, the legal basis for processing (Art. 6 GDPR), data protection principles (Art. 5 GDPR), and the use …
31 October 2019
… 40,000 on a public entity for failure to comply with the GDPR. The reason for imposing the fine was that the mayor of … of the Office concluded that Article 28 (3) of the GDPR had been violated. This provision obliges the … of lawfulness of processing (Article 5(1)(a) of the GDPR) and the principle of confidentiality (Article 5(1)(f) …
19 February 2021
… that CAIXABANK had violated Articles 13 and 14 of the GDPR. Following Article 83 (5) b of the GDPR, a fine of 2.000.000 EUR was imposed. When deciding on … that this constituted a breach of Article 6 of the GDPR, and according to Article 83 (5) a of the GDPR, an …
12 August 2019
… which did not meet the criteria set out in Art. 7 GDPR and also violated its duty to provide information pursuant to Art. 13, 14 GDPR. Moreover, despite handling sensitive data, no data protection impact assessment, pursuant to Art. 35 GDPR, was carried out. The administrative fine is not final …
12 January 2023
… decisions were adopted on the basis of Art. 65(1)(a) GDPR, after the IE DPA as lead supervisory authority (LSA) … concerning the legal basis for processing (Art. 6 GDPR), data protection principles (Art. 5 GDPR), and the use of corrective measures including fines. …
4 September 2020
… on the concepts of controller and processor in the GDPR and Guidelines on the targeting of social media users. … on the concepts of controller and processor in the GDPR . Since the entry into application of the GDPR, questions have been raised as to what extent the GDPR …
5 May 2022
… Right to erasure (Article 17) Decision: Infringement of the GDPR: article 12.1 and 12.3 GDPR Key words: Search engine - delisting request Summary … Spain case law, the applicability of Article 3.1. of the GDPR (not contested by the Google parties) and the useful …
24 March 2026
… and competition , 2) the Digital Markets Act (DMA) and the GDPR , and 3) the Digital Services Act (DSA) and the GDPR . During the first panel , speakers emphasised the … panel centred on the joint guidelines on the DMA and the GDPR , which were developed by the European Commission and …
… and application of the General Data Protection Regulation (GDPR) . … and application of the General Data Protection Regulation (GDPR) . …
… of the General Data Protection Regulation (hereinafter: GDPR) 1 . The aim of the coordinated enforcement action is … data protection officers are in accordance with Art. 37-39 GDPR and they have the resources needed to carry out their … protection officer in any case pursuant to Art. 37 1. (a) GDPR 2 . The Authority intends to implement the CEF in the …
15 April 2024
… Key Findings The French SA found several breaches of the GDPR: Failure of the obligation to have a legal basis for processing data (Article 6 GDPR). The misleading appearance of the data collection … not have a valid legal basis for data collection (Article 6 GDPR) for commercial prospecting by phone calls. It also …
3 September 2019
… non-compliance with the General Data Protection Regulation (GDPR), nonconformity with data subjects rights to erasure … comply with an order issued by the DSI in accordance with GDPR Article 58(2)(c) and (g) and Article 23 of the Personal … with the rights of the data subject in accordance with GDPR Article 17 – data subject right to obtain from the …
23 October 2019
… on the basis of the evidence that ÖPAG had violated the GDPR by processing personal data on the alleged political … purpose of direct marketing, as this is not covered by the GDPR. These violations of the GDPR were committed unlawfully and culpably, which is why …
25 May 2018
… the greatly anticipated General Data Protection Regulation (GDPR) entered into application and its pre-decessor … role is to safeguard the consistent application of the GDPR, but it has additional competences. It advises the … will be crucial for the success and effectiveness of the GDPR. Agenda First Plenary 224.3KB English Íoslódáil …
13 September 2022
… implementation of the General Data Protection Regulation (GDPR). There are high expectations regarding the GDPR’s success in reining in data protection abuses, … its legal duties at the service of the EDPB and of the GDPR. Should this happen, the enforcement of individuals’ …
14 October 2025
… information under the General Data Protection Regulation (GDPR) . The GDPR ensures that individuals are informed when their data … the right to erasure or the “right to be forgotten” (Art.17 GDPR) . The report on the outcome of this action will be … information under the General Data Protection Regulation (GDPR) . The GDPR ensures that individuals are informed when …
24 February 2023
… the provisions on international transfers as per Chapter V GDPR : The Guidelines clarify the interplay between the territorial scope of the GDPR (Art. 3) and the provisions on international transfers … design patterns in social media interfaces that infringe on GDPR requirements. The guidelines give concrete examples of …
2 July 2025
… that the DSP: infringed Articles 5(1)(a), 6(1), and 9(1) GDPR by failing to identify a valid lawful basis for the … regard to the preceding finding, infringed Article 5(1)(e) GDPR by retaining biometric data collected as part of SAFE 2 registration; infringed Articles 13(1)(c) and 13(2)(a) GDPR by failing to put in place suitably transparent …
15 January 2024
… Key Findings The French SA found several breaches of the GDPR: Failure to comply with the obligation to retain data … purpose for which it was collected (article 5.1.e of the GDPR) Failure to comply with the obligation to inform individuals (Articles 12 and 13 of the GDPR) Failure to comply with the obligation to ensure the …