Search results | European Data Protection Board

Biometrics for attendance recording. The Italian SA fines a high school
16 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 13 (Information to be provided where … scrive a Confcommercio: attenzione agli abusi - Data breach, il Garante sanziona Poste Vita per 80mila euro - …
EDPBI:AT:OSS:D:2023:689
21 June 2023
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Data security …
Commercial prospecting: French SA fined HUBSIDE.STORE €525,000
15 April 2024
News
… Article 14 (Information to be provided where personal data have not been obtained from the data subject) Decision: Administrative fine Key words: … websites. Key Findings The French SA found several breaches of the GDPR: Failure of the obligation to have a …
EDPBI:DEBE:OSS:D:2021:197
24 March 2021
Decision by the SA
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Personal data …
Commercial prospecting and personal rights: French SA fined NS CARDS FRANCE €105,000
15 January 2024
News
… Article 5 (Principles relating to processing of personal data), Article 12 (Transparent information, communication … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … carried out two investigations on the company. It found breaches concerning the time user account data was kept, the …
Whistle-blowing without privacy: the Italian SA fines hospital and IT service provider
10 June 2022
News
… confidentiality); Art. 13 and 14 (Information); Art. 25 (Data protection by design and by default); Art. 28 … originated from a set of inspections on the processing of data acquired via whistle-blowing management systems, with … processing activities for which it was the controller (in breach of Article 28, paragraphs 1 and 3, GDPR) – ranging …
EDPBI:ES:OSS:D:2021:277
15 September 2021
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Personal data breach Data security Outcome No sanction decision.pdf …
EDPBI:CY:OSS:D:2021:182
17 February 2021
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Personal data breach Data security Electronic communications …
EDPBI:FR:OSS:D:2021:201
31 March 2021
Decision by the SA
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Personal data breach Outcome Reprimand Decision 202.5KB Download …
EDPBI:SE:OSS:D:2023:774
30 May 2023
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Article 32 (Security of processing) Keywords Data security Sensitive data Personal data breach Outcome No …
EDPBI:SI:OSS:D:2023:680
8 March 2023
… of processing) Article 34 (Communication of a personal data breach to the data subject) Keywords Personal data breach Data security …
EDPBI:DK:OSS:D:2021:190
27 January 2021
Decision by the SA
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data security Personal data breach Employment Outcome No …
EDPBI:RO:OSS:D:2023:760
24 April 2023
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Personal data breach Data security Outcome No sanction Decision …
EDPBI:DK:OSS:D:2022:380
13 June 2022
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data security Personal data breach Finance Outcome Reprimand …
EDPBI:AT:OSS:D:2023:860
7 August 2023
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Encryption Notification of personal data breach Outcome Dismissal/Rejection of the case Decision …
EDPBI:NL:OSS:D:2020:173
10 December 2020
Decision by the SA
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Notification of personal data breach Administrative fine Outcome Administrative fine …
Polish DPA imposes a fine on Warsaw University of Technology for not complying with its obligation
14 January 2022
News
… Legal Reference: Principles (Art. 5(1)(f), Art. 5(2)), Data protection by design and by default (Art. 25(1)), … fine issued Key words: principles, processing, security, data protection Summary of the Decision Origin of the … after the Polish Data Protection Authority received a data breach notification. As it was indicated, an unauthorized …
Clubhouse fined EUR 2 million by the Italian SA
20 January 2023
News
… Reference: Principles relating to processing of personal data (Article 5(1)(a)(e); Lawfulness of processing (Article … and modalities for the exercise of the rights of the data subject (Article 12); Information to be provided where … failure to designate a representative in the EU in breach of Article 27(4); failure to carry out a DPIA with …
EDPBI:AT:OSS:D:2021:264
4 August 2021
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Personal data breach Outcome No sanction Decision 152.1KB Download …
EDPBI:FR:OSS:D:2021:297
22 November 2021
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data security Notification of personal data breach Outcome …