Search results | European Data Protection Board

Stakeholder event on ‘AI models’: express your interest to participate
15 October 2024
News
… stakeholders in the context of a request for an Art. 64(2) GDPR opinion relating to artificial intelligence models (‘AI … stakeholders in the context of a request for an Art. 64(2) GDPR opinion relating to artificial intelligence models (‘AI …
Polish DPA fines non-public nursery and pre-school: Lack of cooperation with the supervisory authority
20 July 2020
News
… a data breach to the data subject in accordance with the GDPR (Article 58(1)(e) of the GDPR). The controller notified to the President of the UODO … a data breach to the data subject in accordance with the GDPR (Article 58(1)(e) of the GDPR). The controller …
Third fine imposed by Polish SA on the Surveyor General of Poland for failure to notify the personal data breach
23 September 2022
News
… of personal data set forth in Article 4(1) of the GDPR, according to which personal data is any information … fine imposed on GGK by the Polish SA since the GDPR came into force. In issuing the decision imposing the … of personal data set forth in Article 4(1) of the GDPR, according to which personal data is any information …
Irish additional accreditation requirements for certification bodies
1 June 2020
Decision by the SA
… of a certification body pursuant to Article 43.3 (GDPR) … 17065) and in accordance with Articles 43(1)(b) and 43(3) GDPR. The points below (aside from section 9) refer to ISO … and operational procedures in relation to accreditation for GDPR certification schemes. 1 SCOPE This document contains …
Polish SA: administrative fine of EUR 15 556 for University Children’s Clinical Hospital in Białystok for failing to implement appropriate technical and organisational measures
25 September 2025
News
… infringement of Articles 24(1), 25(1) and 32(1,2) of the GDPR. In addition, the President of the Personal Data … the processing operations into line with the provisions of GDPR by: implementing appropriate technical and … infringement of Articles 24(1), 25(1) and 32(1,2) of the GDPR. In addition, the President of the Personal Data …
Icelandic SA: the municipality of Reykjavík fined 5.000.000 ISK for the use of the Seesaw educational system
16 May 2022
News
… safeguards (Article 46). Decision: infringement of the GDPR, order to suspend processing and erasure of personal … of Reykjavík had breached various provisions of the GDPR using Seesaw. Following that decision, the Icelandic SA … safeguards (Article 46). Decision: infringement of the GDPR, order to suspend processing and erasure of personal …
Hungarian SA’s procedure on the handling of unsubscribe from newsletter
12 December 2023
News
… procedure was launched in accordance with Article 56 (1) of GDPR with a view to identifying the lead supervisory … submitted an erasure request according to Chapter III of GDPR, the competence of the HU SA could not be established … procedure was launched in accordance with Article 56 (1) of GDPR with a view to identifying the lead supervisory …
EDPBI:FR:OSS:D:2020:120
3 July 2020
… due to the complainant’s letter not mentioning the words ‘GDPR’, ‘CNIL’, ‘data protection’ or ‘personal data’. The … request, despite the time limits set out under Article 12 GDPR.Decision The LSA will issue reprimands to the controller in accordance with Article 58(2)(b) GDPR. Further, in accordance with Articles 12 and 24 GDPR, …
Race to become new EDPB Chair officially kicked off
26 April 2023
News
… their candidacy to the Board. In accordance with the GDPR, the Board elects one Chair and two Deputy Chairs … their candidacy to the Board. In accordance with the GDPR, the Board elects one Chair and two Deputy Chairs …
The Norwegian SA fines Recover AS for violation of privacy
20 January 2023
News
… of processing (Article 6) Decision: Infringement of the GDPR and fine imposed Key words: Credit ratings, special … of processing (Article 6) Decision: Infringement of the GDPR and fine imposed Key words: Credit ratings, special …
AT SA's decision on the accreditation requirements for a code of conduct monitoring body
30 August 2019
Decision by the SA
… a code of conduct monitoring body pursuant to article 41 GDPR … monitor compliance with code of conduct pursuant to Art. 40 GDPR (monitoring bodies) by implementing the provisions of … 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”), OJ L 119 of 4.5.2016 p. 1, as amended by the …
Fine imposed for preventing the Supervisory Authority from performing an inspection
3 April 2020
News
… the company infringed the provisions of Article 31 of the GDPR with regard to Article 58(1)(e) and (f) of the GDPR referring to cooperation with the supervisory authority … the company infringed the provisions of Article 31 of the GDPR with regard to Article 58(1)(e) and (f) of the GDPR …
EDPB adopts template complaint form and a final version of Recommendations on the application for approval and on the elements and principles to be found in Controller BCRs
21 June 2023
News
… BCR applications since the entering into application of the GDPR. The recommendations provide additional guidance and … essentially equivalent to the one provided by the GDPR. A second set of recommendations for BCR-processors … BCR applications since the entering into application of the GDPR. The recommendations provide additional guidance and …
Decision in the matter of Twitter International Company made pursuant to Section 111 of the Data Protection Act 2018
9 December 2020
Decision by the SA
… Twitter International Company under Article 65(1)(a) GDPR … Accountability Controller obligations under the GDPR 7. Issue I – TIC’s Compliance with Article 33(1) 29 - … 2018 Act 135 - 138 12. Corrective Powers – Article 58(2) GDPR 138 - 140 The Reprimand 13. Administrative Fine – …
Bulgaria Authorisation for the use of an Administrative Arrangement between EEA and non-EEA Financial Supervisory Authorities
25 March 2019
Decision by the SA
… of an Administrative Arrangement pursuant to Article 46.3.b GDPR 222.9KB Download Opinion / Binding decision References … in the absence of a decision under Article 45(3) of the GDPR (a decision for an adequate level of data transmission … Board (the EDPB) ensures the consistent application of the GDPR within the European Economic Community, and under …
Polish DPA: A data breach must be notified to the supervisory authority
11 January 2021
News
… not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative … DPA reminds that pursuant to Article 33 (1) and (3) of the GDPR, in the case of a personal data breach, the controller … not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative …
Polish SA: record fine imposed on Fortum Marketing and Sales Polska S.A. for personal data breach
17 March 2022
News
… (Art. 32(1) and Art. 32(2)). Decision: infringement of the GDPR, administrative fine. Key words: responsibility of the … The Polish DPA found that the controller infringed the GDPR provisions i.e. Art. 5(1)(f), Art. 24(1), Art. 25(1), … (Art. 32(1) and Art. 32(2)). Decision: infringement of the GDPR, administrative fine. Key words: responsibility of the …
Polish DPA Fines ENEA S.A.: A data breach must be notified to the supervisory authority
11 January 2021
News
… not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative … DPA reminds that pursuant to Article 33 (1) and (3) of the GDPR, in the case of a personal data breach, the controller … not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative …
State Commissioner for Data Protection in Lower Saxony imposes € 10.4 million fine against notebooksbilliger.de
26 January 2021
News
… Lower Saxony under the General Data Protection Regulation (GDPR). The GDPR enables supervisory authorities to impose fines of up … Lower Saxony under the General Data Protection Regulation (GDPR). The GDPR enables supervisory authorities to impose fines of up …
The President of the Personal Data Protection Office imposes a fine in cross-border proceedings
10 July 2020
News
… it and does not fulfil the obligation – provided for in the GDPR – to provide it with access to personal data and other … of the personal data protection system specified by the GDPR), the intentional nature of the breach and the … it and does not fulfil the obligation – provided for in the GDPR – to provide it with access to personal data and other …