Search results | European Data Protection Board

Polish SA: lack of procedures to protect personal data processed by the press - administrative fine of 13 500 €
7 May 2025
News
… 500 € for infringement of Article 24(1) and 32(1,2) of the GDPR. Additionally, on the basis of the issued decision, … 500 € for infringement of Article 24(1) and 32(1,2) of the GDPR. Additionally, on the basis of the issued decision, …
Administrative fine imposed on the Finnish Motor Insurers’ Centre for the collection of unnecessary patient information
8 February 2022
News
… for claims handling. This practice has violated the GDPR. The Data Protection Ombudsman notes that the Traffic … for claims handling. This practice has violated the GDPR. The Data Protection Ombudsman notes that the Traffic …
Spanish SA imposes a fine on Vodafone España, for a loss of confidentiality related to mobile phone sim card duplicate and a lack of accountability
31 March 2022
News
… of accountability by not having implemented an effective GDPR compliance and management model to avoid the risk of … of accountability by not having implemented an effective GDPR compliance and management model to avoid the risk of …
Romanian Supervisory Authority's fine of 9,544.40 lei (EUR 2,000) against Telekom Romania Mobile Communications SA
25 November 2019
News
… provided by Article 5 paragraph (1) letter d) of the GDPR. Thus, according to Article 5 paragraph (1) letter d) … provided by Article 5 paragraph (1) letter d) of the GDPR. Thus, according to Article 5 paragraph (1) letter d) …
Norwegian DPA: Dragefossen AS fined
13 May 2021
News
… contravened Article 6(1) and Article 5(1)(a) of the GDPR. In its decision, the Data Protection Authority has … contravened Article 6(1) and Article 5(1)(a) of the GDPR. In its decision, the Data Protection Authority has …
Fine proposed for Danish recruitment company
15 May 2020
News
… requirements of the General Data Protection Regulation (GDPR) that personal data must be processed lawfully, fairly … requirements of the General Data Protection Regulation (GDPR) that personal data must be processed lawfully, fairly …
Finnish SA: Administrative fine on Viking Line for unlawful processing of employees' health data
6 January 2023
News
… of the processing of their personal data as required by the GDPR. For further information: press release: … of the processing of their personal data as required by the GDPR. For further information: press release: …
Polish SA: administrative fine of € 24.000 for failure to notify a personal data breach
14 March 2024
News
… administrative fine, on the basis of on Article 83 (2) (a) GDPR, taking into account aggravating circumstances such as: … administrative fine, on the basis of on Article 83 (2) (a) GDPR, taking into account aggravating circumstances such as: …
Decision in the matter of WhatsApp Ireland Limited made pursuant to Section 111 of the Data Protection Act 2018
20 August 2021
Decision by the SA
… Authority regarding WhatsApp Ireland under Article 65(1)(a) GDPR … Decision in the matter of WhatsApp Ireland Limited …
Unlawful use of body cams in Stockholm’s public transport
21 June 2021
News
… who operate the public transport in Stockholm, has violated GDPR when equipping ticket inspectors with body cameras that … who operate the public transport in Stockholm, has violated GDPR when equipping ticket inspectors with body cameras that …
The Swedish Data Protection Authority issues fine against the National Government Service Centre
30 April 2020
News
… The documentation of the breach, as required under the GDPR, was also found incomplete with regards to the NGSC’s … The documentation of the breach, as required under the GDPR, was also found incomplete with regards to the NGSC’s …
EDPB-EDPS Joint Opinion 1/2021 on standard contractual clauses between controllers and processors
14 January 2021
EDPB/EDPS Joint Opinion
… Directive 95/46/EC (General Data Protection Regulation or “GDPR”) establishes, in its Article 28, a set of provisions … be incorporated in it. 2. According to Article 28 (3) GDPR, the processing by a processor shall be governed by a … on behalf of the controller. 3. Under Article 28 (6) GDPR, without prejudice to an individual contract between …
AUDITOR conformity assessment
… cloud service provider as processor pursuant to Article 28 GDPR, as well as limited processing operations conducted by …
January plenary - adopted documents
27 February 2024
News
… Officers 17 January 2024 Publication Type: Other Topics: GDPR enforcement Cooperation between authorities Members: …
Fines proposed for two municipalities
10 March 2020
News
… of security under the General Data Protection Regulation (GDPR). For the municipalities of Gladsaxe and Hørsholm … of security under the General Data Protection Regulation (GDPR). For the municipalities of Gladsaxe and Hørsholm …
Dutch DPA: PVV Overijssel fined for failing to report data breach
11 May 2021
News
… safeguards The General Data Protection Regulation (GDPR) provides additional safeguards for people's political … safeguards The General Data Protection Regulation (GDPR) provides additional safeguards for people's political …
Italian DPA: The Italian SA issues a warning to the Campania Region
26 May 2021
News
… the system was in breach of basic principles of the EU GDPR such as lawfulness, fairness, transparency, and privacy … the system was in breach of basic principles of the EU GDPR such as lawfulness, fairness, transparency, and privacy …
Audio recording requires legal basis. Administrative fine imposed on Warsaw Centre for Intoxicated Persons.
6 July 2022
News
… invoke any of the grounds listed in Article 6.1 of the GDPR, and in particular the one indicated in Article 6.1(c), … invoke any of the grounds listed in Article 6.1 of the GDPR, and in particular the one indicated in Article 6.1(c), …
Commercial prospecting: French SA fined CEGEDIM SANTÉ EUR 800 000
17 September 2024
News
… obligation to process data lawfully (Article 5.1.a of the GDPR). The company used the “HRi” teleservice set up by the … obligation to process data lawfully (Article 5.1.a of the GDPR). The company used the “HRi” teleservice set up by the …
Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards
20 September 2019
News
… of confidentiality, as set out in Article 5 (1)(f) of the GDPR. Therefore, there has been unauthorised access to and … of confidentiality, as set out in Article 5 (1)(f) of the GDPR. Therefore, there has been unauthorised access to and …