26 January 2023
… The principle of accountability (Article 5(2) of the GDPR), lawfulness of processing (Article 6(1) of the GDPR) Summary of the Decision Origin of the case The … of such measures must comply with the requirements of the GDPR. In the light of the principle of accountability …
18 September 2023
… Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation (Article 5(1)(c) of the GDPR) Infringement of the ban on processing sensitive data (Article 9 of the GDPR) A breach of the ban on processing personal data …
24 January 2023
… instructed the IE DPA to add an infringement of Art. 6(1) GDPR. Additionally, the EDPB instructed the IE DPA to … of the principle of fairness under Art. 5(1)(a) GDPR. The EDPB further decided that the IE DPA must carry … it processes special categories of personal data (Art. 9 GDPR); whether it processes data for the purposes of …
23 September 2021
… National case Legal Reference: Information (Article 14 GDPR), Right of access by the data subject (Article 15 GDPR) Decision: Infringement of the GDPR, reprimand, and order to comply Summary of the Decision …
13 October 2022
… Controller: US Company – Senseonics INC Legal Reference: GDPR Article 5, para 1 letters a), b) and f) (lawfulness, … in the Union) Decision: finding of infringements of the GDPR (imposition of administrative fine and order to comply) Key words: GDPR, data breach, App, health data, lawfulness, fairness …
8 February 2023
… Article 83 (1-3), Article 83 (4) (a), Article 83 (5) (a) GDPR (General conditions for imposing administrative fines), Article 5 (1) (f) and (2) GDPR (Principles relating to processing of personal data), Article 24 (1) GDPR (Responsibility of the controller), Article 25 (1) …
29 November 2019
… mentioned in Article 83 paragraph (5) letter a) of GDPR – fine in the amount of 2389.05 lei, the equivalent of … mentioned in Article 83 paragraph (5) letter b) of GDPR – reprimand; for the contravention found pursuant to … mentioned in Article 83 paragraph (4) letter a) of GDPR – reprimand. The sanctions were imposed following a …
14 January 2020
… as a controller had complied with the requirements of the GDPR and that its internal policies and regulations provided … had a legal right under Articles 5(1) and 6(1)(f) of the GDPR to carry out an internal investigation searching and … in his corporate PC. Following the finding that the GDPR had been infringed, the Authority decided in this …
19 January 2024
… founded that the data controller infringed Article 12(3) of GDPR, because it failed to inform the Data Subject of the … transparent data processing according to Article 5(1)(a) of GDPR as the Data Subject could not see what additional data, … data. The Hungarian SA has also found that Article 5(2) of GDPR cannot be regarded as a provision requiring mandatory …
6 July 2022
… TotalEnergies Électricité et Gaz France Legal Reference: GDPR: Right of access (Article 15), Right to object (Article … prospection (Article L.34-5). Decision: Infringement of the GDPR, infringement of the French Postal and Electronic … French Post and Electronic Communications Code or CPCE). GDPR: Failure to comply with the obligation to inform …
19 January 2023
… Legal references: Article 83 (1-3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 24 (1) GDPR (Responsibility of the controller), Article 25 (1) (2) … protection by design and by default), Article 32 (1) (2) GDPR (Security of processing), Article 5 (1) (e) (f) and (2) …
8 June 2023
… The French SA has identified several infringements of the GDPR and a breach of the French Data Protection Act by KG … the personal data collected and used (Article 5.1.c GDPR) Failure to have a legal basis for the use of banking data (Article 6 GDPR) Failure to obtain prior consent to the collection of …
7 February 2023
… Legal references: Article 83 (1- 3) and (4) (a) and (5) (a) GDPR (General conditions for imposing administrative fines), Article 28 (1) (3) and (9) GDPR (Processor), Article 33 (1) GDPR (Notification of a personal data breach to the …
27 January 2025
… with Article 13 (1)(c)(e) and (f); and Article 13(2)(a) GDPR). Furthermore, customers did not receive sufficient … with Article 15 (1)(a)(c) and (d) and Article 15 (2) GDPR). These are violations of the GDPR. On several points, Netflix provided too little …
21 April 2022
… Rescue team Legal Reference: Article 5 § 1 c) of the GDPR; Article 6 of the GDPR; Article 9 of the GDPR; Article 12 combined with 13 §1 c) of the GDPR; …
17 May 2023
… Findings The French SA has identified four breaches of the GDPR and a breach of the French Data Protection Act by … the purposes for which they are processed (Article 5.1(e) GDPR) Failure to obtain consent from individuals to collect their health data (Article 9 GDPR) Failure to provide a formal legal framework for the …
22 April 2021
… implementing decision pursuant to Regulation (EU) 2016/679 (GDPR) on the adequate protection of personal data in the … Kingdom Guidelines on the application of Article 65(1)(a) GDPR Guidelines on the targeting of social media users … implementing decision pursuant to Regulation (EU) 2016/679 (GDPR) on the adequate protection of personal data in the …
16 December 2020
… adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft … consistency mechanism Further information on the Art. 65 GDPR procedure is available here … The EDPB adopted its first binding decision on the basis of Art. 65 GDPR on November 9th. This decision concerns a draft …
20 February 2020
… (SAs) contributed to the evaluation and review of the GDPR as required by Art. 97 GDPR . The EDPB is of the opinion that the application of the GDPR in the first 20 months has been successful. Although …
26 April 2024
… of Reykjavík infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to ensure that data is not further processed …