23 March 2022
… national case: National case Legal references: Article 31 GDPR(Co-operation with the supervisory authority), Article 58 (1) (e) GDPR, Article 58 (2) (i) GDPR, Article 83 (1-3) and (5) (e) GDPR (General conditions …
1 March 2023
… case Legal references: Article 83 (1), (2), (4) (a) GDPR (General conditions for imposing administrative fines), Article 57 (1) (a) and (h) GDPR, Article 58 (2) (e) and (i) GDPR, Article 33 (1) GDPR (Notification of a personal data …
22 January 2024
… order to verify the compliance with the provisions of the GDPR, and more precisely concerning the legal basis of the … that the data controller violated article 13.1.e) of the GDPR (no information about the recipients of the personal … the CNPD identified a violation of article 24.1 of the GDPR (responsibility of the data controller), as personal …
1 July 2025
… found CDETB: Infringed Articles 5(1)(f), 32(1) and 32(2) GDPR by failing to implement appropriate technical and … the appropriate level of security, Infringed Article 33(1) GDPR by failing to notify the DPC of the breach without undue delay, Infringed Article 34(1) GDPR by failing to notify the affected data subjects of the …
26 July 2024
… the company to applicants (infringements of Article 5(1)(a) GDPR (principles of fairness and transparency, Article 12(1) and (4) GDPR); processing in the context of a company’s ‘shadow … (infringements of lawfulness principle, Article 5(1)(a) GDPR and Article 6(1) GDPR); improper implementation of the …
26 June 2020
… on the basis of its legitimate interest (Article 6.1, f) GDPR), sent direct marketing messages to (former) donors for … subject to the data controller pursuant to Article 17.1 GDPR and its right to object pursuant to Article 21.2 GDPR. The Litigation Chamber decided that the data …
20 August 2020
… the e-Privacy Directive forms lex specialis vis-à-vis the GDPR (as lex generalis), as stated in article 95 GDPR, the provisions with regard to consent of the GDPR remain applicable as preconditions for lawful …
20 May 2021
… l-EDPB adotta żewġ opinjonijiet skont l-Artikolu 64 tal-GDPR dwar l-ewwel abbozzi ta’ deċiżjonijiet dwar Kodiċijiet … rekwiżiti speċifiċi (jiġifieri l-Artikolu 28 tal-GDPR) għall-proċessuri fl-UE soġġetti għal dawn … li ż-żewġ abbozzi tal-kodiċijiet jikkonformaw mal-GDPR u jissodisfaw ir-rekwiżiti stabbiliti fl-Artikoli 40 u …
17 January 2025
… jiċċara l-użu tal-psewdonimizzazzjoni għall-konformità mal-GDPR Il-GDPR jintroduċi t-terminu “psewdonimizzazzjoni”* u jirreferi … leġittimi bħala bażi ġuridika (l-Artikolu 6(1)(f) tal-GDPR), sakemm jiġu ssodisfati r-rekwiżiti l-oħra kollha …
23 April 2025
… tar-Regolament Ġenerali dwar il-Protezzjoni tad-Data (GDPR) madwar l-Ewropa. Biex nappoġġaw il-fehim u … madwar l-Ewropa, jiġi żgurat infurzar konsistenti tal-GDPR, u jiġu indirizzati l-isfidi emerġenti, inkluża … ta’ konsistenza adottati skont l-Artikolu 64(2) tal-GDPR żdied b’mod sinifikanti. Fl-2024, il-Bord adotta tmien …
11 July 2019
… Guidelines on Video Surveillance, which clarify how the GDPR applies to the processing of personal data when using … devices and aim to ensure the consistent application of the GDPR in this regard. The guidelines cover both traditional … EU data subjects and legal certainty for businesses. Art.64 GDPR Opinion on Standard Contractual Clauses for processors …
6 September 2023
… not complied with data protection principles in Article 5 GDPR and not informed the data subjects about processing in accordance with Article 12 and 13 GDPR. Key Findings Failure to comply with the obligation … fairly and in a transparent manner (Article 5(1)(a) GDPR) Failure to inform the data subjects about processing …
2 February 2024
… request, hence the Company breached Article 12(3) of GDPR when they failed to meet the Complainant’s erasure … right to erasure according to Article 17(1)(b) of GDPR. The Company also failed to meet the requirements of … database, so the Company breached Article 25(1) of GDPR. Decision The Authority established that the Company …
13 October 2021
… Controller: Ferde AS Legal Reference: Processor (ARTICLE 28 GDPR), Security of Processing (ARTICLE 32 GDPR), General principle for transfers (ARTICLE 44 GDPR) Decision: infringement declared and fine imposed Key …
15 July 2021
… vinkolanti urġenti tiegħu skont l-Artikolu 66(2) tal-GDPR wara talba mill-awtorità superviżorja ta’ Hamburg … Ireland Ltd (Facebook IE) abbażi tal-Artikolu 66(1) tal-GDPR. Id-DE-HH SA ordnat projbizzjoni fuq l-ipproċessar tad- … ta’ urġenza, l-EDPB ikkunsidra li l-Artikolu 61(8) tal-GDPR ma kienx applikabbli peress li d-DE-HH SA ma wrietx li …
16 December 2021
… law. In seeking to ensure the consistent application of the GDPR, the process leading to consensus or majority positions … law and procedures. Within the framework provided by the GDPR, the Members of the Board work together in a respectful … that hold one position or another – it is simply the GDPR working as intended. In this regard, although not …
22 February 2023
… by national DPAs via binding decisions under Art. 65 GDPR and to advise the EU legislator on data protection … further guidance and develop awareness-raising tools on the GDPR for a wider audience. Furthermore, the EDPB intends to … such as on the interplay between the AI Act and the GDPR and on the use of social media by public bodies. … The …
8 September 2021
… Legal Reference: Data retention period (Article 5.1.e GDPR), Information (Articles 13 & 14 GDPR) Decision: Fine … had failed to comply with articles 5-1-e, 13 and 14 of the GDPR. Decision Breach of Article 5-1-e of the GDPR The …
25 November 2020
… decision to specify certain viewpoints, the primacy of the GDPR as EU law resulted in the decision that a priori analysed potential breaches of the GDPR. Decision of the Litigation Chamber The litigation … were not processed in a lawful way under article 6.1.f. GDPR, as there were legitimate interests for the defendants …
7 December 2023
… request, hence the Company breached Article 12(3) GDPR when they failed to meet the Complainant’s erasure … right to erasure according to Article 17(1)(b) GDPR. The Company also failed to meet the requirements of … newsletter database, so the Company breached Article 25(1) GDPR. Decision The Hungarian Supervisory Authority …