23 January 2025
… Key Findings The CNIL found several breaches of the GDPR: Failure to comply with the obligation to have a legal basis (Article 6 of the GDPR) Failure to comply with the obligation to define and … to the purpose of the processing (Article 5-1-e of the GDPR) Failure to comply with the obligation to provide …
12 September 2022
… Affairs, Greek Seamen’s Fund (NAT) Legal Reference: GDPR: Principles relating to processing of personal data … assessment (Article 35) Decision: Infringement of the GDPR, Reprimand, Administrative fines Key words: Ex officio … (SA), in exercising its ex officio competence under the GDPR and the national Law 4624/2019 , examined the …
10 June 2022
… of the whistle-blowing management system Legal Reference: GDPR: Art. 5, para. 1, letters a) and f) (lawfulness, … of processing); Art. 35 (DPIA). Decision: finding of GDPR infringement; imposition of administrative fine. Key … activity was found in the record referred to in Article 30 GDPR; the authentication credentials enabling the …
1 July 2021
… the requirements of the General Data Protection Regulation (GDPR). This is in response to a complaint from an … that this type of obtaining consent is in violation of the GDPR. The regulation requires consent to be freely given and specific. “It is a basic requirement of the GDPR that consent for processing of personal data must be …
25 May 2023
… the newly adopted EU digital legislation overlaps with the GDPR. Going forward, it is crucial to ensure that the legal … foundations to build upon. In the past five years, the GDPR has become a global landmark as the world’s most … greatly from the expertise of Anu.” According to Art. 73 GDPR, the Board elects one Chair and two Deputy Chairs …
… moltaí agus dea-chleachtais a eisiúint i ndáil leis an GDPR agus i ndáil leis an Treoir maidir le Cosaint Sonraí … moltaí agus dea-chleachtais a eisiúint i ndáil leis an GDPR agus i ndáil leis an Treoir maidir le Cosaint Sonraí …
6 November 2019
… of processing of personal data, specified in the GDPR. The President of the Personal Data Protection Office … actions were also inconsistent with Article 7(3) of the GDPR. The company did not take into account the principle … of the subject rights, as required by Article 12(2) of the GDPR. The proceedings of the President of PDPO established …
6 May 2025
… the European Commission’s draft adequacy decision under the GDPR concerning the European Patent Organisation (EPO) . In … extend the validity of the UK adequacy decisions under the GDPR and the Law Enforcement Directive (LED) . Finally, the … an adequate level of protection on the basis of Art.45 GDPR. The EDPB underlines the importance of ongoing dialogue …
8 July 2021
… the application of articles 40 (3) and 46 (2) (e) of the GDPR. These provisions stipulate that once approved by a … and used by controllers and processors not subject to the GDPR to provide appropriate safeguards to transfers of data … mechanism, while also taking into account article 64(2) GDPR and EDPB opinion 8/2019 on the competence of a …
5 June 2025
… consent, in compliance with the requirements of the GDPR, which would have formed the basis for the prospecting … (Article L. 34-5 of the CPCE as referred to in Article 7 of GDPR): under the system implemented by CALOGA, it was not … to have a legal basis for processing data (Article 6 of the GDPR): As part of its activity as a data broker, the company …
25 September 2025
… was signed, despite the fact that in accordance with the GDPR (Art. 28 (4) and (9)) and the concluded obligation … concerning the protection of personal data (Article 38 (1) GDPR). In McDonald’s, the DPO was not involved in the … fine of 387 738 € for infringement of Article 28 (1) of the GDPR, EUR 3 231 143 for infringement of Article 24 (1), 25 …
5 May 2021
… fine of NOK 25 000 000 for not complying with the GDPR rules on accountability, lawfulness, and transparency. … that this happened because Disqus was unaware that the GDPR applied in Norway, which Disqus’ parent company Zeta … a lawful basis, despite the company being unware that the GDPR applied to data subjects in Norway. Based on our …
5 August 2020
… breach or to mitigate its adverse effects (Art. 33 (3) (d) GDPR) Both the document and the entry were deleted. … or public communi- cation (Art. 34(1) or Art. 34(3) (c) GDPR) The data subjects concerned were informed in writing … the incident occurred, e.g. encryption (Article 34 (3) (a) GDPR) This was not a technical error. 6. Subsequent measures …
31 August 2022
… authority), Article 58 (2) (i) and (1) (a) and (e) GDPR, Article 83 (1-3) and (4) (a) and 5 (e) GDPR (General conditions for imposing administrative fines) … information obligation to the data subject (Article 15 of GDPR). The controller did not take any action in response to …
16 December 2020
… adopted an information note on data transfers under the GDPR after the Brexit transition period ends . The EDPB … on restrictions of data subject rights under Article 23 GDPR . The guidelines aim to recall the conditions … in light of the Charter of Fundamental Rights and the GDPR. They provide a thorough analysis of the criteria to …
1 July 2019
… Euros) for the infringement of provisions of Article 12 of GDPR and; a fine of 7100.55 lei (the equivalent of 1500 … of Article 5 (1) letter c) in conjunction with Article 6 of GDPR. The sanctions were applied to the data controller … number, by disclosure, according to Article 6 of GDPR. The National Supervisory Authority applied the …
5 June 2019
… in relation to the application of Articles 40 and 41 GDPR. The guidelines intend to help clarify the procedures … how to interpret and implement the provisions of Article 43 GDPR. In particular, they aim to help Member States, … bodies that issue certification in accordance with the GDPR. The annex provides guidance on the additional …
12 September 2018
… administrative penal decision for infringements of the GDPR and Austrian Data Protection Act. The Austrian DPA … café as the controller within the meaning of Article 4. 7 GDPR of an image processing system (video surveillance). The … Art. 6 para. 1 of the General Data Protection Regulation (GDPR) and several provisions of the Austrian Data Protection …
18 December 2019
… 16 – for infringement of the Credit Information Act and the GDPR. The website has carried out credit information … the majority of its publishing activities, meaning that the GDPR does not apply under those circumstances. The website … Information Act applies, including its references to the GDPR. The website furthermore published information about …
12 May 2022
… opinions on the UK draft adequacy decisions, under both the GDPR and the Law Enforcement Directive (LED), as well as its … national authorities. In 2021, the EDPB adopted 35 Art. 64 GDPR consistency opinions. Most of these opinions concern … In July 2021, the EDPB adopted its very first Art. 66 GDPR Urgent Binding Decision following a request from the …