5 August 2020
… August 2020 535.1000 A56ID 75410 CR 126887 DD 126889 FD 142710 Final Decision 1. Facts concerning the data breach - … breach or to mitigate its adverse effects (Art. 33 (3) (d) GDPR) The passwords of the affected accounts have been … or public communi- cation (Art. 34(1) or Art. 34(3) (c) GDPR) The controller has notified all data subjects and …
27 June 2023
… 141 for processing credit information without a legal basis 27 June 2023 Iceland Background information Date of … lawful ground for all processing operations (Article 6 (1) GDPR) Failure to comply with the obligation to process … fairly and in a transparent manner (Article 5(1)(a) GDPR) Decision No provision that clearly stipulates the …
23 June 2020
… based on Articles 33-34 of the Regulation (EU) 2016/6791 (’GDPR’) concerning the data breach notified to the NAIH on … fully complied with the provisions of Articles 33-34 of the GDPR. Based on the data breach notification and the … 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with …
3 December 2024
… Guidelines 02/2024 on Article 48 GDPR Guidelines 02/2024 on Article 48 GDPR Start Date: 03 December 2024 End Date: 27 January 2025 Public consultation reference: 02/2024 … Guidelines 02/2024 on Article 48 GDPR …
13 October 2021
… 2021 Norway Background information Date of final decision: 27 September 2021 Cross-border case or national case: … Controller: Ferde AS Legal Reference: Processor (ARTICLE 28 GDPR), Security of Processing (ARTICLE 32 GDPR), General principle for transfers (ARTICLE 44 GDPR) …
12 May 2022
… on the calculation of administrative fines under the GDPR Guidelines 04/2022 on the calculation of administrative fines under the GDPR Start Date: 16 May 2022 End Date: 27 June 2022 Public consultation reference: 04/2022 … on the calculation of administrative fines under the GDPR …
13 September 2024
… 2024 Greece Background information Date of final decision: 27 May 2024 National case Legal Reference (s): GDPR: Article 5.1.a: Principle of lawfulness, fairness and transparency; GDPR: Article 6.1.f: Processing based on legitimate … decision: 27 May 2024 National case Legal Reference (s): GDPR: Article 5.1.a: Principle of lawfulness, fairness and …
6 April 2022
… Ireland Group plc Legal Reference: Article 32(1), 33 and 34 GDPR Decision: Infringement of Article 32(1), 33 and 34 GDPR, Order to comply with article 32(1) GDPR, Issued … Protection Commission (DPC) between 9 November 2018 and 27 June 2019. The notifications related to the corruption of …
8 December 2020
… Opinion 27/2020 on the draft decision of the Danish Supervisory … Adopted Opinion 27/2020 on the draft decision of the Danish Supervisory … such data, and repealing Directive 95/46/EC (hereinafter “GDPR”), Having regard to the European Economic Area … the “EDPB”) is to ensure the consistent application of the GDPR throughout the EEA. To this effect, it follows from …
20 July 2022
… case Controller: Clearview AI Inc. Legal Reference: GDPR: Article 3: Territorial scope. Article 5(1)(a) and (2): … not established in the Union. Decision: Infringement of the GDPR, Administrative fine. Key words: Web scraping, Images … 9 GDPR) and its obligations under Articles 12, 14, 15 and 27 of the GDPR. Decision: The Hellenic DPA imposed a fine …
13 July 2020
… 13 July 2020 631.87 535.699 A56ID 74975 CR 82038 RD 129527 FD 135778 Final Decision The Berlin DPA closes the case. … breach or mitigate its adverse effects (Art. 33 (3) (d) GDPR) The company hired a forensics firm to identify network … or public com- munication (Art. 34 (1) or Art. 34 (3) (c) GDPR) The concerned data subjects were informed of the …
3 June 2020
… has the following reference number: INC000002310272. 1. Decision Following a review of the case, the Danish … Article 32(1) of the General Data Protection Regulation (GDPR). The reprimand is issued in accordance with the rules … personal data. According to Article 5(1)(f) of the GDPR, personal data must be processed confidentially, such …
27 June 2022
… The CNPD adopts the certification mechanism GDPR-CARPA 27 June 2022 Luxembourg Luxembourg becomes the first country … to introduce a certification mechanism according to the GDPR criteria. The National Data Protection Commission … to introduce a certification mechanism according to the GDPR criteria. The National Data Protection Commission …
27 September 2019
… of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision Type SA Netherlands 27 September 2019 Data Protection Impact Assessment (DPIA) … of a data protection impact assessment (Article 35.4 GDPR) … 1 State Current 2019 No 6441827 November 2019 Decision concerning list of types of …
23 January 2024
… 2024 France Background information Date of final decision: 27 December 2023 Cross-border case or national case: … Key Findings The French SA found several breaches of the GDPR regarding: Warehouse stock and order management: … with the principle of data minimisation (Article 5.1.c GDPR). Failure to ensure lawful processing (Article 6 GDPR) …
21 December 2018
… of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision Type SA Slovenia 21 December 2018 Data … Download Opinion / Binding decision References Opinion 27/2018 on the draft list of the competent supervisory … of a data protection impact assessment (Article 35.4 GDPR) …
3 February 2022
… 2022 Greece Background information Date of final decision: 27 January 2022 Cross-border case or national case: … Regulation (EU) 611/2013 Decision: Infringement of the GDPR, Fines imposed Key words: GDPR, Data breach, Security, Data protection impact … Regulation (EU) 611/2013 Decision: Infringement of the GDPR, Fines imposed Key words: GDPR, Data breach, Security, …
15 July 2025
… 2025 Italy Background information Date of final decision: 27 March 2025 National case Controller: Istituto di … Findings The Italian SA recalled that, according to the GDPR and the Italian Data Protection Code, the use of … Findings The Italian SA recalled that, according to the GDPR and the Italian Data Protection Code, the use of …
4 December 2018
… Nuomonė Nr. 27/2018 dėl Slovėnijos kompetentingos priežiūros … 1 Adopted EDPB Plenary meeting, 04/05.12.2018 Opinion 27/2018 on the draft list of the competent supervisory … of a data protection impact assessment (Article 35.4 GDPR) Adopted on 4 December 2018 2 Adopted TABLE OF CONTENTS …
… of the General Data Protection Regulation (hereinafter: GDPR) 1 . The aim of the coordinated enforcement action is … data protection officers are in accordance with Art. 37-39 GDPR and they have the resources needed to carry out their … 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with …