12 September 2018
… administrative penal decision for infringements of the GDPR and Austrian Data Protection Act. The Austrian DPA … café as the controller within the meaning of Article 4. 7 GDPR of an image processing system (video surveillance). The … Art. 6 para. 1 of the General Data Protection Regulation (GDPR) and several provisions of the Austrian Data Protection …
18 December 2019
… 16 – for infringement of the Credit Information Act and the GDPR. The website has carried out credit information … the majority of its publishing activities, meaning that the GDPR does not apply under those circumstances. The website … Information Act applies, including its references to the GDPR. The website furthermore published information about …
5 August 2020
… breach or to mitigate its adverse effects (Art. 33 (3) (d) GDPR) The passwords of the affected accounts have been … or public communi- cation (Art. 34(1) or Art. 34(3) (c) GDPR) The controller has notified all data subjects and … the incident occurred, e.g. encryption (Article 34 (3) (a) GDPR) No particular measures beyond the standard IT security …
12 May 2022
… opinions on the UK draft adequacy decisions, under both the GDPR and the Law Enforcement Directive (LED), as well as its … national authorities. In 2021, the EDPB adopted 35 Art. 64 GDPR consistency opinions. Most of these opinions concern … In July 2021, the EDPB adopted its very first Art. 66 GDPR Urgent Binding Decision following a request from the …
17 June 2020
… two letters to MEP Körner - on encryption and on Article 25 GDPR - and a letter to CEAOB on PCAOB arrangements. The EDPB … necessary in this context. The statement also addresses the GDPR principles that Member States need to pay special … encryption would seriously undermine compliance with GDPR security obligations applicable to controllers and …
17 June 2020
… two letters to MEP Körner - on encryption and on Article 25 GDPR - and a letter to CEAOB on PCAOB arrangements. The EDPB … necessary in this context. The statement also addresses the GDPR principles that Member States need to pay special … encryption would seriously undermine compliance with GDPR security obligations applicable to controllers and …
5 December 2018
… into application of the General Data Protection Regulation (GDPR), it will set a precedent. DPIA lists The EDPB adopted … an important tool for the consistent application of the GDPR across the EEA. DPIA is a process to help identify and … and challenges of consistency in practice. The GDPR does not require full harmonisation or an 'EU list', …
15 July 2022
… legitimate interest (Article 6(1)(f) GDPR) Decision: Issuance of warning to controller that … transposing directive 2002/58/EC and Article 6(1)(f) GDPR; Key words: Personalised advertising; legal basis; … user’s consent; warning to controller; Article 58(2)(a) GDPR; Section 154(1)(f) of Italian personal data protection …
18 November 2021
… cooperation to investigate compliance of this website with GDPR. The supervisory authorities have jointly established a … the compliance of the processing of data by Vinted with the GDPR provisions. … "The news here published concerns … cooperation to investigate compliance of this website with GDPR. The supervisory authorities have jointly established a …
24 February 2020
… documents: EDPB Contribution to the evaluation of the GDPR under Article 97 Guidelines on Articles 46 (2) (a) and … documents: EDPB Contribution to the evaluation of the GDPR under Article 97 Guidelines on Articles 46 (2) (a) and …
13 October 2020
… IP address, refers to Art. 6 para. 1 sentence 1 lit. f GDPR. sees the legitimate interest in the processing of … attacks, in particular to meet the requirements of Art. 32 GDPR and § 13 para. 7 TMG. Furthermore, the method aims at … risks" in the sense of Art. 6 para. 1 sentence 1 lit. f GDPR. 3 III. Legal assessment The Brandenburg Commissioner …
13 October 2021
… Reference: Purpose limitation (article 5, par. 1, let. b) GDPR), lawfulness of processing (article 6, par. 1, let. a) GDPR), adequacy of the measures (articles 24, 25 GDPR); SA’s power to request information from controller or …
17 April 2024
… the EDPB adopted an Opinion following an Art. 64(2) GDPR request by the Dutch, Norwegian & Hamburg Data … factor in the assessment of valid consent under the GDPR. The EDPB stresses that obtaining consent does not … from adhering to all the principles outlined in Art. 5 GDPR, such as purpose limitation, data minimisation and …
11 April 2022
… Reference: Article 5 (2) Decision: Infringement of the GDPR Key words: Deletion Summary of the Decision Origin … million EUR) for the infringement of Article 5 (2) of the GDPR. Decision The Danish Supervisory Authority has reported … million EUR) for the infringement of Article 5 (2) of the GDPR. For further information: …
5 August 2020
… breach or to mitigate its adverse effects (Art. 33 (3) (d) GDPR) Both the document and the entry were deleted. … or public communi- cation (Art. 34(1) or Art. 34(3) (c) GDPR) The data subjects concerned were informed in writing … the incident occurred, e.g. encryption (Article 34 (3) (a) GDPR) This was not a technical error. 6. Subsequent measures …
21 January 2019
… in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and … as defined in the General Data Protection Regulation (“GDPR”), the CNIL sent these two complaints to its European … assess if it was competent to deal with them. Indeed, the GDPR establishes a “one-stop-shop mechanism” which provides …
25 September 2020
… in accordance with the General Data Protection Regulation (GDPR). The topics of direct marketing included various … Article 4(11) of the EU General Data Protection Regulation (GDPR), the consent must be a freely given, specific, … the data subjects’ right to object in accordance with the GDPR. In the controller’s view, it has targeted the …
14 March 2022
… the data subject (Article 13) Decision: Infringement of the GDPR, administrative fine and reprimand Summary of the … right to inspect their own data in accordance with the GDPR or to give a reason for restricting this right. The … Ombudsman issued the company a reprimand for violating the GDPR and ordered it to change its procedure to comply with …
12 June 2023
… Origin of the case The General Data Protection Regulation, GDPR, entered into force in 2018 and means, among other … information pursuant to article 15.1 a-h and 15.2 of the GDPR that should be provided to the individual making the … violations of articles 12.1, 15.1 a-d, g and 15.2 of the GDPR. IMY has further found that Spotify had failed in its …
2 May 2025
… examined the case and found that the provisions of the GDPR had been infringed (Article 6(1) and 9(1)). The Polish DPA concludes that this infringement of the GDPR is of a serious nature. The personal data of the person … data available by the Commander-in-Chief in breach of the GDPR (without a legal basis) during the conference entails …