Search results | European Data Protection Board

Poland SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
26 July 2019
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision Type SA Poland 26 July 2019 Data Protection Impact Assessment (DPIA) Poland DPIA List …
Polish SA: administrative fine of 54 600 € for failure to implement appropriate technical and organisational measures to ensure a level of security
28 November 2024
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key … Administrative fine, Data subject rights, Personal data breach, Principles relating to processing of personal data, …
BfDI imposes Fines on Telecommunications Service Providers
18 December 2019
News
… 18 December 2019 Germany The Federal Commissioner for Data Protection and Freedom of Information (BfDI) imposed a … another case, the BfDI imposed a fine of EUR 10. 000 on Rapidata GmbH. Concerning this matter, the Federal Commissioner … The BfDI considers this authentication procedure to be in breach of Article 32 of the GDPR which obliges the company …
Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications
28 January 2020
Guidelines
… Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility … reference: 1/2020 Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility … Guidelines Topics: New Technology e-Privacy The European Data Protection Board welcomes comments on the Guidelines …
Italian SA bans remote surveillance of customer care employees
28 October 2021
News
… Reference: GDPR: Article 5 (Principles applying to personal data processing); Article 6 (Lawfulness of processing); … service; inbound calls management; trade union agreements; data minimization Summary of the … found that the company had processed its employees’ data in breach of sector-specific national law and the general …
French SA: Cookies and advertisements inserted between emails: GOOGLE fined 325 000 000 EUR by the CNIL
4 September 2025
News
… without free and informed consent (Article 82 of the French Data Protection Act) Decision: Infringement of the French … Electronic Communications Code, Infringement of the French Data Protection Act, Administrative fine and injunction Key … this context was therefore not valid, which constituted a breach of the French Data Protection Act (Article 82). …
Draft administrative arrangement following EDPB opinion 04/2019 for the transfer of personal data between each of the European Economic Area (“EEA”) Authorities set out in Appendix A and each of the non-EEA Authorities set out in Appendix B
7 January 2019
Other
… following EDPB opinion 04/2019 for the transfer of personal data between each of the European Economic Area (“EEA”) … administrative arrangement for the transfer of personal data between Each of the European Economic Area (“EEA”) … social identity of that natural person; (e) “personal data breach” means a breach of data security leading to the …
Polish SA: administrative fine of EUR 15 556 for University Children’s Clinical Hospital in Białystok for failing to implement appropriate technical and organisational measures
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … access to the IT systems was blocked, resulting in a breach of the confidentiality and availability of personal …
One-Stop-Shop case digests
… taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external … One-Stop-Shop case digest on Security of Processing and Data Breach Notification 18 January 2024 Publication Type: … taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external …
Norwegian DPA: Norwegian Confederation of Sport fined for inadequate testing
15 June 2021
News
… for inadequate testing 15 June 2021 Norway The Norwegian Data Protection Authority has fined the Norwegian … GDPR violation. The backdrop for this case is that personal data about 3.2 million Norwegians was available online for … Data Protection Authority also found the incident to be in breach of the principles of legality, data minimisation and …
Swedish SA fines Board of Education in the City of Stockholm
24 November 2020
News
… the City of Stockholm 24 November 2020 Sweden The Swedish Data Protection Authority has reviewed the so-called School … Board of Education in the City of Stockholm. The Swedish Data Protection Authority has received a number of personal data breach notifications from the City of Stockholm's Board of …
Telephone Operators: Italian SA Fines Wind EUR 17 million and Iliad EUR 0.8 million
27 July 2020
News
… on July 9th on account of several instances of unlawful data processing that were mostly related to marketing. The … similar infringements that had occurred when the previous data protection law was in force. The fine was imposed … activities to call centres, which collected data in breach of the law. The pleadings submitted by Wind Tre and …
EDPBI:FR:OSS:D:2020:88
20 February 2020
… and modalities for the exercise of the rights of the data subject) Article 21 (Right to object) Keywords … that took place between the CNIL's services and the Data Protection Officer (hereinafter "DPO") of in the … to object to receive direct marketing by text messages. The breaches identified through the several exchanges between …
EDPBI:SE:OSS:D:2022:352
29 March 2022
… reference Article 32 (Security of processing) Keywords Data security Personal data breach Outcome Reprimand Decision 79.9KB Download …
Administrative fines imposed on a telephone service provider
7 October 2019
News
… a telephone service provider (1) Imposition of a fine for breach of the principle of accuracy and data protection by design when keeping personal data of subscribers The Hellenic DPA has received complaints … of a fine for breach of the principle of accuracy and data protection by design when keeping personal data of …
Administrative fine of €170,000 imposed on Bergen Municipality
19 March 2019
Press releases
… Municipality 19 March 2019 On March 19th, the Norwegian Data Protection Authority imposed an administrative fine of … the municipality’s computer system, containing the personal data of over 35,000 pupils and employees of the … individuals, primarily children The fact that the security breach encompasses personal data to over 35 000 individuals, …
EDPBI:IS:OSS:D:2021:216
29 April 2021
… Article 5 (Principles relating to processing of personal data) Keywords Personal data breach Data security Children Education Outcome …
Polish SA: administrative fine of 330 000 € for a medical company after a hacker attack
28 November 2024
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), … order Key words: Accountability, Administrative fine, Data subject rights, Hacker attack, National identification … have had a real impact on the occurrence of a personal data breach. Key Findings The President of the Personal Data …
EDPBI:NO:OSS:D:2025:1660
21 February 2025
… reference Article 32 (Security of processing) Keywords Data security Personal data breach Outcome Dismissal/Rejection of the case …
Polish DPA: Identifying breaches too late puts customers at risk
22 April 2021
News
… Polish DPA: Identifying breaches too late puts customers at risk 22 April 2021 … with a long delay. Because of this negligence the Polish Data Protection Authority imposed a fine on the company in … of over PLN 1.1 million. Lost correspondence with personal data or delivery of such a mail to the wrong recipient - …