6 December 2024
… on the controller for unlawful processing (Art. 5 and 6.1 GDPR). The controller was reprimanded for the shortcomings … and was ordered to correct its unlawful practices (Art. 13 GDPR). In addition, the DPA instructed the controller to … so that only necessary personal data is processed (Art. 25 GDPR). For further information: National press release: …
4 November 2024
… failed to demonstrate compliance with Article 6 of the GDPR in accordance with the accountability principle. … decided that there is no legal basis under Article 6 of the GDPR for the broadcast of the CCTV footage of employees … of the national Data Protection Act and Article 13 of the GDPR since the company also failed to inform data subjects …
2 June 2021
… EDPB. In 2020, the EDPB issued 32 Opinions under Art. 64 GDPR. Most of these Opinions concern draft accreditation … first dispute resolution decision on the basis of Art. 65 GDPR. The binding decision addressed the dispute that arose … reasoned objections expressed by a few Concerned SAs. The GDPR requires the EEA SAs to cooperate closely to ensure the …
14 March 2018
… their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory … their rights and obligations. We are also empowered by the GDPR to make binding decisions towards national supervisory …
12 January 2022
… consultation) Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory … consultation) Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory …
3 February 2022
… Regulation (EU) 611/2013 Decision: Infringement of the GDPR, Fines imposed Key words: GDPR, Data breach, Security, Data protection impact … ΟΤΕ S.A. was found to have infringed Article 32 of the GDPR due to inadequate security measures taken in relation … Regulation (EU) 611/2013 Decision: Infringement of the GDPR, Fines imposed Key words: GDPR, Data breach, Security, …
27 June 2023
… lawful ground for all processing operations (Article 6 (1) GDPR) Failure to comply with the obligation to process … fairly and in a transparent manner (Article 5(1)(a) GDPR) Decision No provision that clearly stipulates the … data unlawfully and against Articles 5(1)(a) and 6(1) GDPR, as the company could not rely on any legal basis. …
25 May 2018
… all the tasks it is required to carry out under the GDPR. The EDPB Secretariat is composed of legal experts, … all the tasks it is required to carry out under the GDPR. The EDPB Secretariat is composed of legal experts, …
4 October 2022
… Data Protection Act), Article 5.1(c) and 6.1(f) of the GDPR Decision: Order to comply Key words: GPS tracking … processing the personal data pursuant to Article 6 of the GDPR. Decision The Slovenian SA was assessing whether … was lawful in accordance to Article 6.1 (f) of the GDPR – legitimate interests. Slovenian SA confirmed that …
19 March 2019
… constituted violations of both art. 5(1)f and art. 32 GDPR. Consequently the supervisory authority issued an … that the data security was inadequate. - In the GDPR, children are defined as a particularly vulnerable … trust the public sector, says director Bjørn Erik Thon. The GDPR stipulates that administrative fines shall be …
6 February 2025
… on the controller under Articles 37(1)(a) and 37(7) of the GDPR. Under these provisions, public authorities or entities … accordance with the provisions of Articles 38 and 39 of the GDPR. In the case of the PINB in Częstochowa, the controller … in Częstochowa for infringement of Article 37 of the GDPR. The effective designation and publication of the DPO's …
10 June 2022
… Insurance Against Occupational Accidents. Legal Reference: GDPR: Art. 5.1, letters a) and f) (lawfulness, fairness and … personal data). Decision: finding of infringements of the GDPR (imposition of administrative fine); finding of data … users’) personal data including health data (Art. 4.10 GDPR), which amounted to the unauthorised disclosure of …
27 June 2023
… lawful ground for all processing operations (Article 6 (1) GDPR) Failure to comply with the obligation to process … fairly and in a transparent manner (Article 5(1)(a) GDPR) Decision No provision that clearly stipulates the … data unlawfully and against Articles 5(1)(a) and 6(1) GDPR, as the agency could not rely on any legal basis. …
20 November 2024
… and processing by COSMOSPACE (Article 5.1.c of the GDPR) Failure to comply with the obligation to retain data … limited to the intended purpose (Article 5.1.e of the GDPR) Failure to comply with the obligation to obtain prior … special categories of personal data (Article 9 of the GDPR) Failure to comply with the obligation to obtain …
26 August 2024
… as a company in Belgium. Based on Article 60.8 of GDPR, the decision to reject the complaint was made by the … of Articles 12.1, 12.2, 12.3, 12.4, 17, 24 and 25.1 GDPR as stated by the complainant, as it was shown by the … data erasure. The Belgian SA found violations of the GDPR outside the scope of the complaint, which will be …
17 October 2023
… In its decision, IMY states that H&M has violated the GDPR by not ceasing to handle the complainants' personal … 28 500 EUR) against the company for violations of the GDPR. For further information: H&M har gjort det onödigt … In its decision, IMY states that H&M has violated the GDPR by not ceasing to handle the complainants' personal …
16 September 2021
… “Luigi Bocconi” University in Milan Legal Reference: GDPR: Article 5 para. 1, letters a), c) and e) (lawfulness, … category data) Decision: Finding of infringements of GDPR; imposition of administrative fine and corrective … data without a lawful legal basis pursuant to Article 9 GDPR. The students’ consent could not be relied upon by the …
28 November 2024
… took place, but in his opinion there was no breach of the GDPR provisions. However, the proceeding conducted by the … the DPA revealed a breach of a number of provisions of the GDPR, including those relating to personal data security. … € for infringement of Articles 24, 25, 32, 33 and 34 of the GDPR. In the decision, the President of the Personal Data …
5 August 2020
… breach or to mitigate its adverse effects (Art. 33 (3) (d) GDPR) The passwords of the affected accounts have been … or public communi- cation (Art. 34(1) or Art. 34(3) (c) GDPR) The controller has notified all data subjects and … the incident occurred, e.g. encryption (Article 34 (3) (a) GDPR) No particular measures beyond the standard IT security …
22 November 2021
… data subject (Article 34(1)) Decision: Infringement of the GDPR, fine imposed, order to comply Key words: Obligation to … — it did not meet the requirements set out in the GDPR. Key Finding In the course of the case, it turned out … by the breach in the manner set out in Art. 34(2) of the GDPR. For further information: …