18 December 2024
… Article 5 (Principles relating to processing of personal data) Article 24 (Responsibility of the controller) Article … of processing) Article 34 (Communication of a personal data breach to the data subject) Keywords Principles …
11 February 2021
… fine to Coop Finnmark 11 February 2021 Norway The Norwegian Data Protection Authority has issued a fine in the amount of … in this case. Lacked legal basis All processing of personal data requires a legal basis in order to be lawful. After … explains. This case was reported as a personal data breach notification from Coop Finnmark AS on April 10th …
17 July 2025
… Article 9 (Processing of special categories of personal data), Article 83 (General conditions for imposing … fines) Decision: Administrative fine Key words: Personal data breach, Sensitive data, Administrative fine, Data retention, … Article 9 (Processing of special categories of personal data), Article 83 (General conditions for imposing …
6 September 2023
… Article 5 (Principles relating to processing of personal data), Article 12 (Transparent information, communication, … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … system, unfairly and in an untransparent manner, in breach of Article 5(1)(a), and had not informed the data …
15 June 2023
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 15 … into CRITEO. Key Findings The French SA found five breaches of the GDPR: Failure to demonstrate that the person …
6 November 2018
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision Type SA France 6 November 2018 Data Protection Impact Assessment (DPIA) France DPIA List …
21 January 2019
… the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, … ads personalization. On 25 and 28 May 2018, the National Data Protection Commission (CNIL) received group complaints … the CNIL’s restricted committee responsible for examining breaches of the Data Protection Act observed two types of …
3 January 2024
… 2023 Cross-border case Hungarian National Authority for Data Protection and Freedom of Information (Hungarian … Supervisory Authority, SA) and CSAs: Office for Personal Data Protection of the Slovak Republic (Slovak Supervisory … respective responsibilities. , The Foundation was found in breach of Article 26(1) of the GDPR, as the cooperation …
18 December 2018
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision Type SA United Kingdom 18 December 2018 Data Protection Impact Assessment (DPIA) United Kingdom DPIA …
… taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external … One-Stop-Shop case digest on Security of Processing and Data Breach Notification 18 January 2024 Publication Type: … taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external …
11 October 2018
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision Type SA Italy 11 October 2018 Data Protection Impact Assessment (DPIA) Italy DPIA list …
15 May 2020
… Danish recruitment company 15 May 2020 Denmark The Danish Data Protection Authority considers that in a case on the … JobTeam has not met the basic requirements of the General Data Protection Regulation (GDPR) that personal data must be … It is the view of the Danish Data Protection Agency that a breach of the fundamental principles of the regulation …
26 July 2019
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision Type SA Poland 26 July 2019 Data Protection Impact Assessment (DPIA) Poland DPIA List …
12 February 2019
… o Nacrtu administrativnog dogovora za prijenos osobnih podataka između financijskih nadzornih tijela Europskoga … Administrative Arrangement for the transfer of personal data between European Economic Area (“EEA”) Financial … such as “personal data”, “processing”, “personal data breach”, “right of access”, “right of erasure” which are in …
4 November 2024
… Decision: Compliance order, Definitive limitation data processing, Administrative fine Key words: CCTV, … business model. Key findings The Slovenian SA found two breaches in the inspection proceeding. First, unlawful CCTV … people or property (violation of Article 78 of the national Data Protection Act). And second, these CCTV footages were …
28 January 2020
… Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility … reference: 1/2020 Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility … Guidelines Topics: New Technology e-Privacy The European Data Protection Board welcomes comments on the Guidelines …
10 June 2021
… patient website 10 June 2021 Netherlands The Dutch Data Protection Authority (DPA) has imposed a €12,000 fine … website. As a result, patients’ sensitive personal data, such as their citizen service number (BSN), could have … case. If the confidentiality of sensitive personal data is breached, this could put people at serious risk. It could, …
25 November 2019
… Communications SA was sanctioned with a reprimand for the breach of provisions of Article 32 paragraph (1) letter b) … Communications SA could not prove the accuracy of the data processed, which led to the violation of the basic principle for data processing provided by Article 5 paragraph (1) letter …
1 February 2024
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 26 … or together with others - the goals and means of data processing, i.e. who (the Slovak school or the … Therefore, the Hungarian SA found that the Foundation breached Article 26(1) GDPR. Decision Based on Article …
12 May 2023
… Infringement of the GDPR, Order to erase complainant’s data, Order to name an Article 27 representative Key words: Facial recognition; biometric data Summary of the Decision Origin of the case … The permanent storage of personal data also constitutes a breach of data minimisation principle. Article 9(1): The …