5 January 2022
… fine imposed on psychotherapy centre Vastaamo for data protection violations 5 January 2022 Finland Background … Vastaamo Legal Reference: Notification of a personal data breach to the supervisory authority (Art. 33(1)), … Vastaamo Legal Reference: Notification of a personal data breach to the supervisory authority (Art. 33(1)), …
6 July 2022
… Loss of a document with personal data and failure to notify the incident as a reason for a … z o.o. Sp. k. Legal Reference: notification of a personal data breach to the supervisory authority (Art. 33 (1)) Decision: … z o.o. Sp. k. Legal Reference: notification of a personal data breach to the supervisory authority (Art. 33 (1)) …
17 April 2023
… EDPB adopts final version of Guidelines on data subject rights - right of access 17 April 2023 EDPB … the EDPB has adopted a final version of the Guidelines on data subject rights - Right of access . The Guidelines … lead supervisory authority and the Guidelines on data breach notification . Both guidelines concern an update of …
4 September 2020
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Personal data … The Berlin DPA closes the case. 1. Facts concerning the data breach - Controller: Apassionata World GmbH - Incident: …
12 February 2021
… reprimand to Telenor for inadequate protection of personal data 12 February 2021 Norway The Norwegian Data Protection Authority have issued a reprimand to Telenor … in its voicemail function, and for failing to submit a data breach notification to the Norwegian Data Protection …
15 July 2025
… fine against the Equality Ombudsman when personal data was collected via a web form 15 July 2025 Sweden … administrative fine Key words: administrative fine, data security, restriction of processing, personal data breach, public administration, sensitive data Summary of …
5 November 2025
… the EDPB will already work on creating a template for data protection impact assessment (DPIA) and for data breach notifications. We invite you to provide your … the EDPB will already work on creating a template for data protection impact assessment (DPIA) and for data breach …
22 March 2022
… Irish SA fines Meta Platforms (formerly Facebook) €17M for data breaches 22 March 2022 Ireland Background information Date … Administrative fine of €17m imposed Key words: Personal data breach; demonstration of implementation of security … Administrative fine of €17m imposed Key words: Personal data breach; demonstration of implementation of security …
2 February 2021
… EDPB response to TikTok letter on confidentiality breach 2 February 2021 Letters EDPB … the matter of a letter of 13 August 2020 from the Irish Data Protection Commissioner (the “IE SA”) to TikTok, which … issue to our attention. We are indeed concerned about any breach of confidentiality. Should you have further …
20 December 2022
… acting in accordance with established procedures counteract data loss 20 December 2022 Poland Background information … case Controller: Mayor of the Commune Legal Reference: Data protection by design and by default Article 25(1) … to the Polish Supervisory Authority, SA a personal data breach which occurred as a result of a break-in in the …
8 February 2023
… between controller and processor does not guarantee data security – an administrative fine imposed by the Polish … and (2) GDPR (Principles relating to processing of personal data), Article 24 (1) GDPR (Responsibility of the … words: Data security, Administrative fine, Personal data breach Summary of the Decision Origin of the case The …
18 November 2025
… Finnish SA: Aktia Bank fined for data security shortcomings in its strong electronic … Article 5 (Principles relating to processing of personal data), Article 25 (Data protection by design and by … by design and by default, Data security, Personal data breach, Third party access to personal data Summary of the …
2 September 2024
… Administrative fine against bank for transferring customer data to Meta 2 September 2024 Sweden Background information … Article 5 (Principles relating to processing of personal data), Article 32 (Security of processing), Article 83 … Administrative fine Key words: Finance, Personal data breach, Administrative fine Summary of the Decision …
7 October 2021
… SA: Police reprimanded for illegal processing of personal data with facial recognition software 7 October 2021 Finland … Reference: Art. 14 in the Act on the Processing of Personal Data in Criminal Matters and in Connection with Maintaining … Security Decision: Reprimand Key words: Personal data breach Summary of the Decision Origin of the case The Deputy …
12 September 2022
… Debt Management Company for unlawful processing of personal data and non-essential examination of rights to object and … fairness and transparency of processing of personal data (Article 5.1a). Principle of accountability (Article … unduly impeded the exercise of the complainant’s rights, in breach of the provision of Article 12(2) of the GDPR, and …
9 December 2020
… International Company made pursuant to Section 111 of the Data Protection Act 2018 Decision Type SA Ireland 9 December 2020 Fines Cybersecurity and data breach IE Final Decision 2MB Download Opinion / Binding … Chosaint Sonraí, 21 Cearnóg Mhic Liam, Baile Átha Cliath 2. Data Protection Commission, 21 Fitzwilliam Square, Dublin 2. …
23 September 2021
… Dutch SA fines Transavia for poor personal data security 23 September 2021 Netherlands Ireland France … administrative fine Key words: Security of processing, data security breach Summary of the Decision Origin of the case The … administrative fine Key words: Security of processing, data security breach Summary of the Decision Origin of …
21 June 2021
… out a fair risk analysis 21 June 2021 Poland The Polish Data Protection Authority has imposed an administrative fine … PLN 160 000 (EUR 35 000) for failing to notify a personal data protection breach. In addition, the company was fined for failing to … The Polish Data Protection Authority has imposed an administrative fine …
10 October 2019
… Information and Data Protection Commissioner Vs COMPLAINT Reference is made … received from the Berlin Commissioner for Data Protection and Freedom of Information (the "concerned … who is alleging that ("the controller" or " ") breached his data protection rights, as enshrined under the …
8 June 2021
… fines P4 company PLN 100,000 8 June 2021 Poland The Polish Data Protection Authority has imposed an administrative fine … authority within 24 hours after having detected a personal data breach. The reason for the administrative fine is that the … The Polish Data Protection Authority has imposed an administrative fine …