26 April 2024
… of Hafnarfjörður infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
26 April 2024
… of Reykjanesbær infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
8 May 2025
… the simplification of record-keeping obligation under the GDPR, amounting to a targeted amendment of Art. 30(5) GDPR. The joint letter replies to the letter sent by the … how it intends to introduce specific modifications to the GDPR. The EDPB and EDPS understand that a formal …
1 December 2022
… and consistency mechanism outlined in Article 60 GDPR. LSA: Irish Supervisory Authority (SA). and CSAs: all … Ireland Limited) (‘Meta Platforms’). Legal Reference: GDPR obligation for Data Protection by Design and Default (Article 25 GDPR). Decision: infringement of Articles 25(1) and 25(2) …
28 March 2022
… Foreign languages private school Legal Reference: GDPR: Article 5(1)(a): Principle of lawfulness, fairness and … Article 21: Right to object Decision: Infringement of the GDPR, Administrative fine Key words: Right to object, … the provisions of Articles 5(1)(f)(a), 5(2) and 13 of the GDPR and in any case without clearly specifying the legal …
4 March 2019
… Data Protection Regulation - Regulation (EU) 2016/679 ("GDPR" or "the Regulation). The complainant contended that … that the controller did not infringe the provisions of the GDPR, and consequently dismissed the compliant. … Decision …
25 July 2022
… Legal Reference: Data minimisation (Article 5.1.c GDPR), Retention period (Article 5.1.e GDPR), Information of individuals (Article 12 GDPR) Decision: Administrative fine Key words: Geolocation …
14 March 2019
… - Eighth Plenary session: Interplay ePrivacy Directive and GDPR, statement on ePrivacy Regulation, DPIA Lists ES & IS, … topics were discussed. Interplay ePrivacy Directive and GDPR The EDPB adopted its opinion on the interplay between … of personal data triggers the material scope of both the GDPR and the ePrivacy Directive, limits the competences, …
18 January 2024
… case digest on Security of Processing (Art. 32 GDPR) and Data Breach Notification (Art. 33 & 34 GDPR) . Since the entry into force of the GDPR, data protection authorities (DPAs) have closely …
26 April 2024
… of Kópavogur infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to demonstrate a specified, explicit, and …
26 April 2024
… municipality of Garðabær infringed multiple Articles of the GDPR with its use of Google’s educational system i.e.: … accordance with the Regulation (Articles 5, 24(1) & 28(1) GDPR) Data processing agreement did not meet the minimum requirements (Article 28(3)(a) GDPR) Failure to ensure that data is not further processed …
29 November 2022
… Legal Reference: 1. Articles 5(1)(f) and 32(1) of the GDPR 2. Article 5(1), Article 32(1), Article 33(1) of the GDPR 3. Article 15, Article 13, Article 12 of the GDPR 4. Article 5(1)(f) and 32(1), Article 24 and 30(1), …
3 August 2019
… of Article 5 of the General Data Protection Regulation (‘GDPR’) requires that the personal data processed by … controller did not comply with its obligations under the GDPR as it did not take sufficient action to assure itself …
11 July 2019
… a. Privacy Policy, 15 sheets, b. Compliance with the GDPR — FAQ, 5 sheets; 15. Supplemental statement of the … party failed to comply with Articles 5(2) and 24(1) GDPR, which was interpreted as the obligation to take into … to properly show compliance with Articles 5(2) and 24(1) GDPR was provided. The last objection was partially …
3 August 2019
… general-data-protection-regulation-gdpr/individual-rights/right-of-access/ In the absence of … controller did not comply with its obligations under the GDPR as it did not take sufficient action to assure itself …
20 October 2022
… Lawfulness of processing of personal data (article 6 of the GDPR), Rights of individuals (articles 12, 15 and 17 of the GDPR), Cooperation with supervisory authority (article 31 of the GDPR) Decision: Infringement of the GDPR, Administrative …
8 June 2023
… The French SA has identified several infringements of the GDPR and a breach of the French Data Protection Act by KG … the personal data collected and used (Article 5.1.c GDPR) Failure to have a legal basis for the use of banking data (Article 6 GDPR) Failure to obtain prior consent to the collection of …
15 June 2023
… Key Findings The French SA found five breaches of the GDPR: Failure to demonstrate that the person has given consent (Article 7.1 GDPR) Failure to comply with the obligation of information and transparency (Articles 12 and 13 GDPR) Failure to respect the right of access (Article 15.1 …
4 July 2025
… met TikTok’s transparency requirements as required by the GDPR. Key Findings The Irish SA found that that TikTok’s transfers to China infringed Article 46(1) GDPR because it failed to verify, guarantee and demonstrate … to that guaranteed within the EU. Article 13(1)(f) GDPR requires data controllers to provide data subjects with …
19 June 2020
… answer to the request of the plaintiff (Article 15 GDPR), did not respond within the deadline set by the GDPR (Article 12.3 GDPR) and was not sufficiently transparent (Article 12.1 …