Search results | European Data Protection Board

Commercial prospecting: French SA fined HUBSIDE.STORE €525,000
15 April 2024
News
… Article 14 (Information to be provided where personal data have not been obtained from the data subject) Decision: Administrative fine Key words: … websites. Key Findings The French SA found several breaches of the GDPR: Failure of the obligation to have a …
Atzinums 4/2019 par administratīvās vienošanās projektu par personas datu pārsūtīšanu starp Eiropas Ekonomikas zonas (EEZ) finanšu uzraudzības iestādēm un EEZ nepiederīgām finanšu uzraudzības iestādēm
12 February 2019
Opinion of the Board (Art. 64)
… Administrative Arrangement for the transfer of personal data between European Economic Area (“EEA”) Financial … 8 adopted 3 The European Data Protection Board Having regard to Article 63, Article … such as “personal data”, “processing”, “personal data breach”, “right of access”, “right of erasure” which are in …
Polish SA: fine of 9 300 € for Independent Public Health Care Centre after hacker attack
28 November 2024
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … processing), Article 34 (Communication of a personal data breach to the data subject). Decision: Administrative fine, …
The Norwegian SA issues one administrative fine and five reprimands for unlawful sharing of personal information through tracking pixels
30 June 2025
News
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 9 … administrative fine, communication order personal data breach Key words: administrative fine, reprimand to …
Greek SA: fine imposed on employer for failure to satisfy the right to object and unlawful processing of employee’s personal data
28 March 2022
News
… to object and unlawful processing of employee’s personal data 28 March 2022 Greece Background information Date of … Article 13: Information to be provided where personal data are collected from the data subject. Article 21: Right … and that the processing in question was carried out in breach of the provisions of Articles 5(1)(f)(a), 5(2) and 13 …
Hidden cameras: the CNIL fined the SAMARITAINE EUR 100 000 for concealing cameras in the store’s reserves
18 November 2025
News
… SAMARITAINE SAS Legal Reference: obligation to process data lawfully and breach of the principle of liability (articles 5-1-a) and … GDPR); Failure to collect adequate, relevant and necessary data (article 5-1-c) of the GDPR); Failure to involve the … SAMARITAINE SAS Legal Reference: obligation to process data lawfully and breach of the principle of liability …
Polish SA: administrative fine of 330 000 € for a medical company after a hacker attack
28 November 2024
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), … order Key words: Accountability, Administrative fine, Data subject rights, Hacker attack, National identification … have had a real impact on the occurrence of a personal data breach. Key Findings The President of the Personal Data …
Commercial prospecting and rights of individuals: EDF France fined 600 000 euros
1 December 2022
News
… 14 of the GDPR) obligation to ensure security of personal data (Article 32 of the GDPR) Decision: administrative fine … and 14 of the GDPR) Failure to ensure security of personal data (Article 32 of the GDPR) Decision Based on findings … public. The amount of the fine was decided considering the breaches observed and the cooperation by the company and all …
Italian SA finds monitoring system for online university exams to be in breach of privacy, fines university
16 September 2021
News
… monitoring system for online university exams to be in breach of privacy, fines university 16 September 2021 Italy … letters a), c) and e) (lawfulness, fairness, transparency; data minimisation; storage limitation); Article 6 (Lawful processing); Article 9 (Special category data); Article 13 (Information); Article 25 (Privacy by …
Endorsed WP29 Guidelines
… Guidelines During its first plenary meeting the European Data Protection Board endorsed the GDPR related WP29 … of Regulation 2016/679, WP251rev.01 Guidelines on Personal data breach notification under Regulation 2016/679, WP250 rev.01 … During its first plenary meeting the European Data Protection Board endorsed the GDPR related WP29 …
The French SA fines COSMOSPACE EUR 250,000 and TELEMAQUE EUR 150,000
20 November 2024
News
… Article 5 (Principles relating to processing of personal data), Article 9 (Processing of special categories of personal data) Decision: Administrative fine Key words: Sensitive … carried out by the CNIL in 2021 revealed several breaches, including the collection of sensitive data without …
Help make GDPR compliance easy for organisations: what templates would be helpful for you? Provide your feedback
5 November 2025
News
… 5 November 2025 EDPB Brussels, 5 November - The European Data Protection Board (EDPB) is taking an important step … that organisations can readily implement to meet their data protection obligations. To ensure these templates … such as Data Protection Impact Assessments (DPIAs) and data breach notifications. Contributions can be submitted here …
Norwegian DPA: Administrative fine for Rælingen municipality
18 August 2020
News
… fine for Rælingen municipality The Norwegian Data Protection Authority has imposed an administrative fine … 47,500 to Rælingen Municipality. The fine is imposed after data concerning health of children with special needs was … started when we received a notification of a personal data breach from the municipality. Upon further investigation of …
Polish SA: administrative fine of 5 700 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data), Article 28 (Processor) Decision: Administrative fine, … administrative fine, Data subject rights, Personal data breach, Principles relating to processing of personal data, …
Pamatnostādnes 4/2019 par 25. pantu Integrēta datu aizsardzība un datu aizsardzība pēc noklusējuma
20 October 2020
Guidelines
… Adopted 1 Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted … 5 2.1 Article 25(1) of the GDPR: Data protection by … appropriate measures designed to prevent and manage data breach incidents; to guarantee the proper execution of data …
Dutch DPA fines OLVG hospital for inadequate protection of medical records
11 February 2021
News
… of medical records 11 February 2021 Netherlands The Dutch Data Protection Authority (DPA) has imposed a fine of … security measures couldn’t guarantee that. That’s a serious breach and that’s why the DPA has imposed this fine.’ … medical information, patient records also contain personal data like citizen service numbers, addresses and phone …
Swedish DPA: Police unlawfully used facial recognition app
12 February 2021
News
… that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using Clearview AI to identify individuals. … that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using …
Second fine by the Romanian Supervisory Authority
2 July 2019
News
… 32 (4) in relation to Article 32 (1) and (2) of the General Data Protection Regulation in respect of the security of processing. The data controller, WORLD TRADE CENTER BUCHAREST S.A., was … to a fine of 71028 lei, the equivalent of 15,000 Euros. The breach of personal data security consisted in the fact that …
EDPBI:ES:OSS:D:2022:382
16 June 2022
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Personal data …
Norwegian Supervisory Authority issues fine to Trumf
22 June 2022
News
… Legal Reference: Notification of a personal data breach to the supervisory authority (Art. 33), Security of … people on their membership profiles, which is a personal data breach. Trumf has an obligation to report all such … Legal Reference: Notification of a personal data breach to the supervisory authority (Art. 33), Security …