Search results | European Data Protection Board

Code of Conduct for Service Providers in Clinical Research
12 September 2024
Decision by the SA
… France Type Code for Controllers/Processors subject to GDPR Scope Transnational Opinion/Guideline References …
General Court: WhatsApp annulment action inadmissible
7 December 2022
News
… a draft decision of the Irish DPA concerning WhatsApp IE’s GDPR transparency obligations to both users and non-users of … a draft decision of the Irish DPA concerning WhatsApp IE’s GDPR transparency obligations to both users and non-users of …
Twenty-first plenary session of the European Data Protection Board - Letter concerning the European Commission's draft Guidance on apps supporting the fight against the COVID-19 pandemic
14 April 2020
Press releases
… of advising and ensuring the correct application of the GDPR and the E-Privacy Directive, to be fully involved in … of advising and ensuring the correct application of the GDPR and the E-Privacy Directive, to be fully involved in …
Italian DPA imposes limitation on processing on TikTok after the death of a Girl from Palermo
26 January 2021
News
… with certainty. The SA decided to take urgent measures (GDPR, art. 58, comma 2, lett. f) and art. 66, comma 1) … with certainty. The SA decided to take urgent measures (GDPR, art. 58, comma 2, lett. f) and art. 66, comma 1) …
EDPB adopts guidelines on processing personal data through blockchains and is ready to cooperate with AI office on guidelines on AI Act and EU data protection law
14 April 2025
News
… organisations using these technologies to comply with the GDPR. In its guidelines, the EDPB explains how blockchains … organisations using these technologies to comply with the GDPR. In its guidelines, the EDPB explains how blockchains …
Biometrics for attendance recording. The Italian SA fines a high school
16 September 2025
News
… Garante found several infringements of the EU Regulation (GDPR), including the lack of clear and transparent … Garante found several infringements of the EU Regulation (GDPR), including the lack of clear and transparent …
Polish SA: administrative fine of 210 € for failure to notify personal data breach to supervisory authority
28 November 2024
News
… Office then explained the procedure resulting from the GDPR. In the case of such an incident, the risk to which the … a fine of 210 € for infringement of Article 33 of the GDPR. For further information: Decision in national … Office then explained the procedure resulting from the GDPR. In the case of such an incident, the risk to which the …
Decision in the matter of TikTok Technology Limited made pursuant to Section 111 of the Data Protection Act, 2018 and Articles 60 and 65 of the General Data Protection Regulation
15 September 2023
Binding decision of the Board (Art. 65)
… the Irish SA regarding TikTok Technology Limited (Art. 65 GDPR) … Decision in the matter of TikTok Technology Limited …
Dutch SA fines Booking.com for delay in reporting data breach
10 December 2020
News
… authority, article 33 (1) Decision: Infringement of the GDPR, administrative fine Key words: Data breach, delayed … authority, article 33 (1) Decision: Infringement of the GDPR, administrative fine Key words: Data breach, delayed …
Slovenian SA: schools must adhere to the principle of data protection by design and by default
20 May 2025
Press releases
… by design and by default, as mandated by Article 25 of the GDPR. The inspection procedure revealed a lack of proper … by design and by default, as mandated by Article 25 of the GDPR. The inspection procedure revealed a lack of proper …
Danish DPA set to fine furniture company
11 June 2019
News
… data in the old system had never been deleted. The GDPR establishes that personal data must be stored in such a … data in the old system had never been deleted. The GDPR establishes that personal data must be stored in such a …
The role of DPOs at the heart of EU coordinated action for 2023
… they hold the position required by Articles 37 to 39 of the GDPR and whether they have the necessary resources to carry … they hold the position required by Articles 37 to 39 of the GDPR and whether they have the necessary resources to carry …
The Romanian National Supervisory Authority issues a fine against FAN COURIER EXPRESS SR
28 October 2019
News
… the provisions of Article 5 paragraph (1) letter f) of the GDPR. Legal and Communication Department To read the press … the provisions of Article 5 paragraph (1) letter f) of the GDPR. Legal and Communication Department To read the press …
CEF 2025: EDPB selects topic for next year’s Coordinated Action
10 October 2024
News
… the first semester of 2025. The right to erasure (Art.17 GDPR) is one of the most frequently exercised data … the first semester of 2025. The right to erasure (Art.17 GDPR) is one of the most frequently exercised data …
Polish DPA: The incident must be notified to the supervisory authority and the data subjects
30 June 2021
News
… therein in accordance with the requirements under the GDPR. The Polish DPA asked the Foundation to indicate … proceedings against the Foundation. Pursuant to the GDPR, in case of a personal data breach, the controller … therein in accordance with the requirements under the GDPR. The Polish DPA asked the Foundation to indicate …
Decision concerning a complaint directed against Meta Platforms Ireland Limited in respect of the Facebook service made pursuant to Section 113 of the Data Protection Act 2018 (Inquiry 18-5-5)
12 January 2023
Decision by the SA
… Platforms Ireland Limited and its Facebook service (Art. 65 GDPR) … Decision concerning a complaint directed against …
Data Pro Code
20 August 2020
Decision by the SA
… Netherlands Type Code for Controllers/Processors subject to GDPR Scope National Opinion/Guideline References Guidelines …
CoC regulating the sector of job agencies
11 January 2024
Other
… Italy Type Code for Controllers/Processors subject to GDPR Scope National Monitoring Body (website under …
The Norwegian SA issues fine to the Municipality of Østre Toten for flawed information security
7 July 2022
News
… the controller (Article 24) Decision: Infringement of the GDPR, Order to comply Key words: Cyber attack, Ransomware, … the controller (Article 24) Decision: Infringement of the GDPR, Order to comply Key words: Cyber attack, Ransomware, …
The Norwegian SA issues fine to the Norwegian Public Service Pension Fund
24 November 2021
News
… 5), Legal basis (Article 6) Decision: Infringement of the GDPR Key words: Income Data, Lack of Procedures, Special … 5), Legal basis (Article 6) Decision: Infringement of the GDPR Key words: Income Data, Lack of Procedures, Special …