10 December 2019
… certain provisions of General Data Protection Regulation (GDPR). The controller was sanctioned as follows: for the … mentioned in Article 83 paragraph (5) letter a) of GDPR – fine in the amount of 14336.1 lei, the equivalent of … mentioned in Article 83 paragraph (4) letter a) of GDPR – fine in the amount of 47787 lei, the equivalent of …
19 December 2022
… Statistics Institute (INE) Legal Reference: article 9(1) GDPR; article 12 GDPR; article 13 GDPR; article 28(1), (6) and (7) GDPR; article 35(1), (2) …
26 April 2024
… of Hafnarfjörður infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
26 April 2024
… of Reykjanesbær infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
1 December 2022
… and consistency mechanism outlined in Article 60 GDPR. LSA: Irish Supervisory Authority (SA). and CSAs: all … Ireland Limited) (‘Meta Platforms’). Legal Reference: GDPR obligation for Data Protection by Design and Default (Article 25 GDPR). Decision: infringement of Articles 25(1) and 25(2) …
28 March 2022
… Foreign languages private school Legal Reference: GDPR: Article 5(1)(a): Principle of lawfulness, fairness and … Article 21: Right to object Decision: Infringement of the GDPR, Administrative fine Key words: Right to object, … the provisions of Articles 5(1)(f)(a), 5(2) and 13 of the GDPR and in any case without clearly specifying the legal …
25 July 2022
… Legal Reference: Data minimisation (Article 5.1.c GDPR), Retention period (Article 5.1.e GDPR), Information of individuals (Article 12 GDPR) Decision: Administrative fine Key words: Geolocation …
14 March 2019
… - Eighth Plenary session: Interplay ePrivacy Directive and GDPR, statement on ePrivacy Regulation, DPIA Lists ES & IS, … topics were discussed. Interplay ePrivacy Directive and GDPR The EDPB adopted its opinion on the interplay between … of personal data triggers the material scope of both the GDPR and the ePrivacy Directive, limits the competences, …
18 January 2024
… case digest on Security of Processing (Art. 32 GDPR) and Data Breach Notification (Art. 33 & 34 GDPR) . Since the entry into force of the GDPR, data protection authorities (DPAs) have closely …
26 April 2024
… of Kópavogur infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
25 January 2019
… one from Finland, three from Austria) according to Art. 34 GDPR. The information was provided in the respective … one from Finland, three from Austria) according to Art. 34 GDPR. The information was provided in the respective …
26 April 2024
… municipality of Garðabær infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to ensure that data is not further processed …
29 November 2022
… Legal Reference: 1. Articles 5(1)(f) and 32(1) of the GDPR 2. Article 5(1), Article 32(1), Article 33(1) of the GDPR 3. Article 15, Article 13, Article 12 of the GDPR 4. Article 5(1)(f) and 32(1), Article 24 and 30(1), …
4 March 2019
… Data Protection Regulation - Regulation (EU) 2016/679 ("GDPR" or "the Regulation). The complainant contended that … that the controller did not infringe the provisions of the GDPR, and consequently dismissed the compliant. … Decision …
20 October 2022
… Lawfulness of processing of personal data (article 6 of the GDPR), Rights of individuals (articles 12, 15 and 17 of the GDPR), Cooperation with supervisory authority (article 31 of the GDPR) Decision: Infringement of the GDPR, Administrative …
8 June 2023
… The French SA has identified several infringements of the GDPR and a breach of the French Data Protection Act by KG … the personal data collected and used (Article 5.1.c GDPR) Failure to have a legal basis for the use of banking data (Article 6 GDPR) Failure to obtain prior consent to the collection of …
15 June 2023
… Key Findings The French SA found five breaches of the GDPR: Failure to demonstrate that the person has given consent (Article 7.1 GDPR) Failure to comply with the obligation of information and transparency (Articles 12 and 13 GDPR) Failure to respect the right of access (Article 15.1 …
19 June 2020
… answer to the request of the plaintiff (Article 15 GDPR), did not respond within the deadline set by the GDPR (Article 12.3 GDPR) and was not sufficiently transparent (Article 12.1 …
… meeting the European Data Protection Board endorsed the GDPR related WP29 Guidelines: Guidelines on consent under … 9/2022 on personal data breach notification under GDPR Guidelines on the right to data portability under … records of processing activities pursuant to Article 30(5) GDPR Working Document Setting Forth a Co-Operation Procedure …
12 October 2023
… Findings The French SA has found several breaches of the GDPR: Failure to comply with the obligation to obtain … Post and Electronic Communications Code (CPCE) and 7 of the GDPR) Failure to provide information (Articles 13 and 14 of the GDPR) and to respect the exercise of rights (Articles 12 and …