Search results | European Data Protection Board

EDPBI:ES:OSS:D:2024:1400
14 August 2024
… Article 5 (Principles relating to processing of personal data) Article 32 (Security of processing) Keywords Personal data breach Outcome Administrative fine decision-no-1400.pdf …
EDPBI:BG:OSS:D:2024:1287
7 February 2024
… Article 5 (Principles relating to processing of personal data) Article 32 (Security of processing) Keywords Clients Data security Phishing emails Personal data breach Outcome Compliance order …
Italian SA bans remote surveillance of customer care employees
28 October 2021
News
… Reference: GDPR: Article 5 (Principles applying to personal data processing); Article 6 (Lawfulness of processing); … service; inbound calls management; trade union agreements; data minimization Summary of the … found that the company had processed its employees’ data in breach of sector-specific national law and the general …
EDPBI:FR:OSS:D:2021:181
6 January 2021
Decision by the SA
… and modalities for the exercise of the rights of the data subject) Article 32 (Security of processing) Keywords Personal data breach Data security Password Data subject rights …
Polish SA: administrative fine of 54 600 € for failure to implement appropriate technical and organisational measures to ensure a level of security
28 November 2024
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key … Administrative fine, Data subject rights, Personal data breach, Principles relating to processing of personal data, …
BfDI imposes Fines on Telecommunications Service Providers
18 December 2019
News
… 18 December 2019 Germany The Federal Commissioner for Data Protection and Freedom of Information (BfDI) imposed a … another case, the BfDI imposed a fine of EUR 10. 000 on Rapidata GmbH. Concerning this matter, the Federal Commissioner … The BfDI considers this authentication procedure to be in breach of Article 32 of the GDPR which obliges the company …
French SA: Cookies and advertisements inserted between emails: GOOGLE fined 325 000 000 EUR by the CNIL
4 September 2025
News
… without free and informed consent (Article 82 of the French Data Protection Act) Decision: Infringement of the French … Electronic Communications Code, Infringement of the French Data Protection Act, Administrative fine and injunction Key … this context was therefore not valid, which constituted a breach of the French Data Protection Act (Article 82). …
October plenary - adopted documents
21 October 2022
News
… regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR) 10 … the design choices for a digital euro from the privacy and data protection perspective 10 October 2022 Publication … public consultation. Guidelines 9/2022 on personal data breach notification under GDPR 10 October 2022 Publication …
EDPBI:NO:OSS:D:2024:1408
20 August 2024
… and modalities for the exercise of the rights of the data subject) Article 13 (Information to be provided where personal data are collected from the data subject) Keywords … Privacy statement International transfer Personal data breach Right to erasure Outcome No sanction …
Swedish SA fines Board of Education in the City of Stockholm
24 November 2020
News
… the City of Stockholm 24 November 2020 Sweden The Swedish Data Protection Authority has reviewed the so-called School … Board of Education in the City of Stockholm. The Swedish Data Protection Authority has received a number of personal data breach notifications from the City of Stockholm's Board of …
Parere 5/2019 sull'interazione tra la direttiva e-privacy e il regolamento generale sulla protezione dei dati, in particolare per quanto concerne competenze, compiti e poteri delle autorità per la protezione dei dati
12 March 2019
Opinion of the Board (Art. 64)
… in particular regarding the competence, tasks and powers of data protection authorities Adopted on 12 March 2019 adopted … 15 5 On the competence, tasks and powers of data protection authorities … application of this article relates to the personal data breach notification obligation, which is imposed by both the …
Telephone Operators: Italian SA Fines Wind EUR 17 million and Iliad EUR 0.8 million
27 July 2020
News
… on July 9th on account of several instances of unlawful data processing that were mostly related to marketing. The … similar infringements that had occurred when the previous data protection law was in force. The fine was imposed … activities to call centres, which collected data in breach of the law. The pleadings submitted by Wind Tre and …
Polish SA: administrative fine of EUR 15 556 for University Children’s Clinical Hospital in Białystok for failing to implement appropriate technical and organisational measures
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … access to the IT systems was blocked, resulting in a breach of the confidentiality and availability of personal …
Administrative fines imposed on a telephone service provider
7 October 2019
News
… a telephone service provider (1) Imposition of a fine for breach of the principle of accuracy and data protection by design when keeping personal data of subscribers The Hellenic DPA has received complaints …
Norwegian DPA: Norwegian Confederation of Sport fined for inadequate testing
15 June 2021
News
… for inadequate testing 15 June 2021 Norway The Norwegian Data Protection Authority has fined the Norwegian … GDPR violation. The backdrop for this case is that personal data about 3.2 million Norwegians was available online for … Data Protection Authority also found the incident to be in breach of the principles of legality, data minimisation and …
EDPBI:FR:OSS:D:2021:310
30 December 2021
… Article 5 (Principles relating to processing of personal data) Article 13 (Information to be provided where personal data are collected from the data subject) Article 17 (Right … be informed Right to erasure Data retention Personal data breach Data security Password Outcome Administrative fine …
Riconoscimento facciale negli aeroporti: le persone dovrebbero avere il massimo controllo sui dati biometrici
24 May 2024
Press releases
… le potenziali violazioni commesse e cessate prima di tale data. Le indagini nazionali relative a potenziali violazioni … intelligence Consistency New Technology Cybersecurity and data breach … Bruxelles, 24 maggio - Nel corso della sua ultima …
Administrative fine of €170,000 imposed on Bergen Municipality
19 March 2019
Press releases
… Municipality 19 March 2019 On March 19th, the Norwegian Data Protection Authority imposed an administrative fine of … the municipality’s computer system, containing the personal data of over 35,000 pupils and employees of the … individuals, primarily children The fact that the security breach encompasses personal data to over 35 000 individuals, …
Guidelines 07/2020 on the concepts of controller and processor in the GDPR
6 September 2020
Guidelines
… Type: Guidelines Topics: Controller Processor The European Data Protection Board welcomes comments on the Guidelines … set out in the Regulation and in accordance with applicable data protection rules. All legal details can be found in our … expertise with regard to security measures and data breaches); the processor’s reliability; the processor’s …
EDPBI:BG:OSS:D:2023:1066
13 September 2023
… Article 5 (Principles relating to processing of personal data) Article 25 (Data protection by design and by default) Article 28 … fine Data protection by design and by default Personal data breach Processor Responsibility of the controller Outcome …