Search results | European Data Protection Board

Polish SA: administrative fine of EUR 4 022 773 for McDonald’s Polska sp. z o.o. and EUR 43 680 for 24/7 Communication Sp. z o.o. for negligence in risk analysis and safeguards
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 … processing), Article 34 (Communication of a personal data breach to the data subject), Article 38 (Position of the …
EDPBI:LT:OSS:D:2019:17
16 May 2019
… Article 14 (Information to be provided where personal data have not been obtained from the data subject) Article 24 (Responsibility of the controller) … of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 5 (Principles …
Health data and use of cookies: French SA fines DOCTISSIMO
17 May 2023
News
… Health data and use of cookies: French SA fines DOCTISSIMO 17 May … 5 (1)(e)(Principles relating to processing of personal data: storage limitation), Article 9 (Processing of special … of users. Key Findings The French SA has identified four breaches of the GDPR and a breach of the French Data …
Excessive data collection and lack of cooperation: the French SA imposes a fine of 200.000 euros on SAF LOGISTICS
18 September 2023
News
… Excessive data collection and lack of cooperation: the French SA … Article 5 (Principles relating to processing of personal data), Article 9 (Processing of special categories of … of data. Key Findings The French SA has found several breaches of the GDPR: Infringement of the data minimisation …
Norwegian Supervisory Authority issues fine to the Norwegian parliament
4 March 2022
News
… (Art. 32) and Principles relating to processing of personal data (Art. 5) Decision: Infringement of the GDPR and fine … of the case The Norwegian parliament – the Storting – had a data breach in late 2020. In January 2022, the Norwegian … (Art. 32) and Principles relating to processing of personal data (Art. 5) Decision: Infringement of the GDPR and fine …
Polish SA: administrative fine of 5 625 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key … Administrative fine,Data subject rights, Personal data breach, Principles relating to processing of personal data, …
EDPBI:UK:OSS:D:2020:147
16 October 2020
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Data security … 2020 LSA: UK CSAs: All SAs Legal Reference: Personal data breach (Articles 33 and 34), Security of processing …
December Plenary - adopted documents
12 January 2022
News
… use of the Pegasus spyware Guidelines on examples regarding data breach notifications (following public consultation) Opinion … authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by … use of the Pegasus spyware Guidelines on examples regarding data breach notifications (following public consultation) …
Greek SA: fine imposed on employer for failure to satisfy the right to object and unlawful processing of employee’s personal data
28 March 2022
News
… to object and unlawful processing of employee’s personal data 28 March 2022 Greece Background information Date of … Article 13: Information to be provided where personal data are collected from the data subject. Article 21: Right … and that the processing in question was carried out in breach of the provisions of Articles 5(1)(f)(a), 5(2) and 13 …
Norwegian SA issues administrative fine to Eidskog Municipality
4 November 2024
News
… Article 9 (Processing of special categories of personal data) Decision: Administrative fine Key words: Lawfulness … penalty of NOK 250,000 to Eidskog Municipality for breach of the requirements for a legal basis in the General Data Protection Regulation. Key findings The Norwegian …
University failed to sufficiently protect sensitive personal data
11 December 2020
News
… University failed to sufficiently protect sensitive personal data 11 December 2020 Sweden Umeå University has processed special categories of personal data concerning sexual life and health through, amongst … for failing to report the incident as a personal data breach. Since 25 May 2018, organisations are obliged to …
Italian SA fines US company offering diabetes app
13 October 2022
News
… Article 9 (processing of special categories of personal data, including health data); Article 12 (transparent information, communication … fine and order to comply) Key words: GDPR, data breach, App, health data, lawfulness, fairness and … Article 9 (processing of special categories of personal data, including health data); Article 12 (transparent …
Polish SA: fine of 9 300 € for Independent Public Health Care Centre after hacker attack
28 November 2024
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … processing), Article 34 (Communication of a personal data breach to the data subject). Decision: Administrative fine, …
Swedish Authority for Privacy Protection (IMY) fines Region Uppsala for breaches in its security
21 February 2022
News
… for Privacy Protection (IMY) fines Region Uppsala for breaches in its security 21 February 2022 Sweden Background … for Privacy Protection (IMY) has received two personal data breach notifications from Region Uppsala. The data breaches concern sensitive personal data sent without …
Hidden cameras: the CNIL fined the SAMARITAINE EUR 100 000 for concealing cameras in the store’s reserves
18 November 2025
News
… SAMARITAINE SAS Legal Reference: obligation to process data lawfully and breach of the principle of liability (articles 5-1-a) and … GDPR); Failure to collect adequate, relevant and necessary data (article 5-1-c) of the GDPR); Failure to involve the … SAMARITAINE SAS Legal Reference: obligation to process data lawfully and breach of the principle of liability …
Commercial prospecting and personal rights: French SA fined GROUPE CANAL+ EUR 600,000
12 October 2023
News
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 14 … processing), Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
Italian SA finds monitoring system for online university exams to be in breach of privacy, fines university
16 September 2021
News
… monitoring system for online university exams to be in breach of privacy, fines university 16 September 2021 Italy … letters a), c) and e) (lawfulness, fairness, transparency; data minimisation; storage limitation); Article 6 (Lawful processing); Article 9 (Special category data); Article 13 (Information); Article 25 (Privacy by …
Polish SA: lack of procedures to protect personal data processed by the press - administrative fine of 13 500 €
7 May 2025
News
… Polish SA: lack of procedures to protect personal data processed by the press - administrative fine of 13 500 … fine, Compliance order Key words: Administrative fine, Data security, Encryption, Personal data breach, Data subject rights Summary of the Decision …
The Danish Data Protection Agency proposes a DKK 1,2 million fine for Danish taxi company
25 March 2019
News
… The Danish Data Protection Agency proposes a DKK 1,2 million fine for Danish taxi company 25 March 2019 Denmark The Danish Data Protection Agency has issued a statement declaring that … to fine Taxa 4x35 for a total of DKK 1. 2 million for a breach of the GDPR. Taxa 4x35 could be fined for failure to …
Norwegian DPA: Administrative fine for Rælingen municipality
18 August 2020
News
… fine for Rælingen municipality The Norwegian Data Protection Authority has imposed an administrative fine … 47,500 to Rælingen Municipality. The fine is imposed after data concerning health of children with special needs was … started when we received a notification of a personal data breach from the municipality. Upon further investigation of …

First page
Previous page
…
3
4
5
6
7
8
9
10
11
…
Next page
Last page