7 October 2019
… 1/6 Ref No. UOOU-03390/19-7 ORDER The Office for Personal Data Protection, as the competent administrative authority … natural persons with regard to the processing of personal data and on the free movement of such data, and repealing … the proceedings, and the party to the proceedings has thus breached the controller’s obligations stemming from …
8 June 2023
… 5 (1)(e)(Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 32 (Security of processing), Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
2 May 2024
… network vulnerabilities, unauthorised access, dark web, data breach, data breach notification, network intrusion, ransomware, … network vulnerabilities, unauthorised access, dark web, data breach, data breach notification, network intrusion, …
20 July 2020
… authority 20 July 2020 The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 5 000 on … provide the President of the UODO with access to personal data and other information necessary for the performance of … for assessment whether the controller communicated a data breach to the data subject in accordance with the GDPR …
25 November 2020
… 25 November 2020 Poland The President of the Personal Data Protection Office, after having conducted ex officio proceedings relating to breach of personal data protection of persons subject to medical quarantine by … The President of the Personal Data Protection Office, after having conducted ex officio …
10 March 2025
… provider Sambla Group issued administrative fine for data security neglect 10 March 2025 Finland Background … Article 5 (Principles relating to processing of personal data), Article 25 (Data protection by design and by … Administrative fine, Communication order personal data breach, Reprimand Key words: Data security, Personal data …
16 May 2023
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Electronic communications, Hacker attack, Personal data breach, Principles relating to processing of personal data, …
20 April 2023
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … security, Data subject rights, Encryption, Personal data breach, Responsibility of the controller, Technical and …
20 May 2025
… Slovenian SA: schools must adhere to the principle of data protection by design and by default 20 May 2025 … Controller: High school Legal Reference(s): Article 25 (Data protection by design and by default) … an ex officio inspection after receiving an official data breach notification. A school reported an unauthorized …
10 July 2020
… The President of the Personal Data Protection Office imposes a fine in cross-border … 10 July 2020 Poland The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 15 000 … circumstances, among others, the seriousness of the breach (undermining the proper functioning of the personal …
14 January 2021
… standard contractual clauses for the transfer of personal data to third countries for the matters referred to in … 4.3.1 Clause 1 - Data protection safeguards – Module One (Transfer controller … clauses are suspended or prohibited in the event of the breach of such clauses or if it is impossible to honour …
13 January 2021
… threat and remove it led the company ID Finance Poland to data loss. Therefore, the President of the Personal Data Protection Office (UODO) found that the company had not … the security features on its servers and notified data breach to the supervisory authority at the same time. In …
31 October 2019
… an investigation, following the notification of a personal data breach to the supervisory authority, by filling in the form on the personal data breach in compliance with Regulation (EU) 2016/679. The … an investigation, following the notification of a personal data breach to the supervisory authority, by filling in the …
5 November 2024
… of the controller, Publicly available data, Data security, Employment Summary of the Decision Origin … employees without a need to know had access to. The data breach has been ongoing since the university started using … of the controller, Publicly available data, Data security, Employment Summary of the Decision …
30 August 2022
… fine, Cooperation with the supervisory authority, Personal data breach Summary of the Decision Origin of the case TIMSHEL notified a personal data breach to the supervisory authority by e-mail. However, … fine, Cooperation with the supervisory authority, Personal data breach Summary of the Decision Origin of the case …
19 January 2023
… (Responsibility of the controller), Article 25 (1) (2) (Data protection by design and by default), Article 32 (1) … and (2) GDPR (Principles relating to processing of personal data), Article 57 (1) (a) and (h) GDPR, Article 58 (2) (i) GDPR , Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
11 September 2020
… 11 September 2020 Poland The President of the Personal Data Protection Office, after having found a personal data breach by the Warsaw University of Life Sciences … The President of the Personal Data Protection Office, after having found a personal data breach by the Warsaw University of Life Sciences (SGGW), …
16 December 2022
… 12 and 21 of the GDPR), obligation to secure personal data (Article 32 of the GDPR), obligation to document a personal data breach (Article 33 of the GDPR) Decision: infringement of … 12 and 21 of the GDPR), obligation to secure personal data (Article 32 of the GDPR), obligation to document a …
18 August 2020
… Spanish Data Protection Authority (AEPD) imposes fine of 70.000 EUR on XFERA MOVILES 18 August 2020 Spain The Spanish Data Protection Authority (AEPD) imposed a fine of 70.000 … phone number). The AEPD considered that this constitutes a breach of the principle of confidentiality, established in …
13 September 2024
… and order to comply following a leak of expats’ personal data file 13 September 2024 Greece Background information … GDPR: Article 14: Information to be provided where personal data have not been obtained from the data subject; GDPR: … GDPR: Article 33: Notification of a personal data breach Controllers: Hellenic Ministry of the Interior, and a …