Search results | European Data Protection Board

Polish SA: record fine imposed on Fortum Marketing and Sales Polska S.A. for personal data breach
17 March 2022
News
… (Art. 32(1) and Art. 32(2)). Decision: infringement of the GDPR, administrative fine. Key words: responsibility of the … The Polish DPA found that the controller infringed the GDPR provisions i.e. Art. 5(1)(f), Art. 24(1), Art. 25(1), … (Art. 32(1) and Art. 32(2)). Decision: infringement of the GDPR, administrative fine. Key words: responsibility of the …
Fine imposed for preventing the Supervisory Authority from performing an inspection
3 April 2020
News
… the company infringed the provisions of Article 31 of the GDPR with regard to Article 58(1)(e) and (f) of the GDPR referring to cooperation with the supervisory authority … the company infringed the provisions of Article 31 of the GDPR with regard to Article 58(1)(e) and (f) of the GDPR …
EDPB adopts template complaint form and a final version of Recommendations on the application for approval and on the elements and principles to be found in Controller BCRs
21 June 2023
News
… BCR applications since the entering into application of the GDPR. The recommendations provide additional guidance and … essentially equivalent to the one provided by the GDPR. A second set of recommendations for BCR-processors … BCR applications since the entering into application of the GDPR. The recommendations provide additional guidance and …
Polish DPA fines non-public nursery and pre-school: Lack of cooperation with the supervisory authority
20 July 2020
News
… a data breach to the data subject in accordance with the GDPR (Article 58(1)(e) of the GDPR). The controller notified to the President of the UODO … a data breach to the data subject in accordance with the GDPR (Article 58(1)(e) of the GDPR). The controller …
International Business Machines Corporation (IBM)
1 July 2017
… of the Group’s respective regular business activities Pre-GDPR Yes … International Business Machines Corporation (IBM) …
Simon-Kucher & Partners
1 July 2015
… of the Group’s respective regular business activities Pre-GDPR Yes … Simon-Kucher & Partners …
Fiserv, Inc. (First Data Corporation)
1 July 2011
… of the Group’s respective regular business activities Pre-GDPR Yes … Fiserv, Inc. (First Data Corporation) …
Marsh and McLennan Companies Inc.
1 July 2017
… of the Group’s respective regular business activities. Pre-GDPR Yes … Marsh and McLennan Companies Inc. …
Fiserv, Inc. (First Data Corporation)
1 July 2011
… of the Group’s respective regular business activities Pre-GDPR Yes … Fiserv, Inc. (First Data Corporation) …
Marsh and McLennan Companies Inc.
1 July 2017
… of the Group’s respective regular business activities. Pre-GDPR Yes … Marsh and McLennan Companies Inc. …
ARDIAN(previously known as AXA PRIVATE EQUITY)
1 July 2013
… of the Group’s respective regular business activities. Pre-GDPR Yes … ARDIAN(previously known as AXA PRIVATE EQUITY) …
October plenary - adopted documents
21 October 2022
News
… as European Data Protection Seal pursuant to Article 42.5 (GDPR) 10 October 2022 Publication Type: Opinion of the Board … 9/2022 on personal data breach notification under GDPR 10 October 2022 Publication Type: Guidelines Topics: …
May Plenaries - adopted documents
31 May 2022
News
… on the calculation of administrative fines under the GDPR 12 May 2022 Publication Type: Guidelines Topics: … of the Second Payment Services Directive (PSD2) and GDPR 30 May 2022 Publication Type: Letters Topics: Financial …
Processing of personal data related to Danish research projects
3 October 2022
News
… 32) Decision: in accordance with the GDPR Key words: sensitive data, health records, research … 32) Decision: in accordance with the GDPR Key words: sensitive data, health records, research …
Norwegian Supervisory Authority with final decision to fine NAV
21 June 2022
News
… of personal data (Art. 5) Decision: Infringement of the GDPR and fine imposed Key words: Employment, unauthorised … of personal data (Art. 5) Decision: Infringement of the GDPR and fine imposed Key words: Employment, unauthorised …
Norwegian Supervisory Authority issues fine to the Norwegian parliament
4 March 2022
News
… of personal data (Art. 5) Decision: Infringement of the GDPR and fine imposed Key words: Information Security, … of personal data (Art. 5) Decision: Infringement of the GDPR and fine imposed Key words: Information Security, …
EU Open Days 2019
9 April 2019
News
… Board (EDPB) ensures the consistent application of the GDPR throughout the European Economic Area (EEA), and … Board (EDPB) ensures the consistent application of the GDPR throughout the European Economic Area (EEA), and …
Icelandic SA: the municipality of Reykjavík fined 5.000.000 ISK for the use of the Seesaw educational system
16 May 2022
News
… safeguards (Article 46). Decision: infringement of the GDPR, order to suspend processing and erasure of personal … of Reykjavík had breached various provisions of the GDPR using Seesaw. Following that decision, the Icelandic SA … safeguards (Article 46). Decision: infringement of the GDPR, order to suspend processing and erasure of personal …
Polish SA: administrative fine of EUR 15 556 for University Children’s Clinical Hospital in Białystok for failing to implement appropriate technical and organisational measures
25 September 2025
News
… infringement of Articles 24(1), 25(1) and 32(1,2) of the GDPR. In addition, the President of the Personal Data … the processing operations into line with the provisions of GDPR by: implementing appropriate technical and … infringement of Articles 24(1), 25(1) and 32(1,2) of the GDPR. In addition, the President of the Personal Data …
Nokia
14 April 2025
… the Nokia Group SA Decision 167KB English Lejupielādēt Pre-GDPR No … Nokia …