Search results | European Data Protection Board

Finnish SA: Administrative fine on Viking Line for unlawful processing of employees' health data
6 January 2023
News
… of the processing of their personal data as required by the GDPR. For further information: press release: … of the processing of their personal data as required by the GDPR. For further information: press release: …
Administrative fine imposed on the Finnish Motor Insurers’ Centre for the collection of unnecessary patient information
8 February 2022
News
… for claims handling. This practice has violated the GDPR. The Data Protection Ombudsman notes that the Traffic … for claims handling. This practice has violated the GDPR. The Data Protection Ombudsman notes that the Traffic …
Fine proposed for Danish recruitment company
15 May 2020
News
… requirements of the General Data Protection Regulation (GDPR) that personal data must be processed lawfully, fairly … requirements of the General Data Protection Regulation (GDPR) that personal data must be processed lawfully, fairly …
EuroPriSe
… processing operations by processors in accordance with the GDPR using the EuroPriSe method Type of criteria National …
Polish SA: administrative fine of € 24.000 for failure to notify a personal data breach
14 March 2024
News
… administrative fine, on the basis of on Article 83 (2) (a) GDPR, taking into account aggravating circumstances such as: … administrative fine, on the basis of on Article 83 (2) (a) GDPR, taking into account aggravating circumstances such as: …
Unlawful use of body cams in Stockholm’s public transport
21 June 2021
News
… who operate the public transport in Stockholm, has violated GDPR when equipping ticket inspectors with body cameras that … who operate the public transport in Stockholm, has violated GDPR when equipping ticket inspectors with body cameras that …
The Swedish Data Protection Authority issues fine against the National Government Service Centre
30 April 2020
News
… The documentation of the breach, as required under the GDPR, was also found incomplete with regards to the NGSC’s … The documentation of the breach, as required under the GDPR, was also found incomplete with regards to the NGSC’s …
EDPB-EDPS Joint Opinion 1/2021 on standard contractual clauses between controllers and processors
14 January 2021
EDPB/EDPS Joint Opinion
… Directive 95/46/EC (General Data Protection Regulation or “GDPR”) establishes, in its Article 28, a set of provisions … be incorporated in it. 2. According to Article 28 (3) GDPR, the processing by a processor shall be governed by a … on behalf of the controller. 3. Under Article 28 (6) GDPR, without prejudice to an individual contract between …
AI: the Italian Supervisory Authority fines company behind chatbot “Replika”
21 May 2025
News
… 6; Articles 5.1 (a), 12, 13, 5.1 (c), 24 and 25.1 of the GDPR. Additionally, the Italian SA reserves the right to … 6; Articles 5.1 (a), 12, 13, 5.1 (c), 24 and 25.1 of the GDPR. Additionally, the Italian SA reserves the right to …
Decision in the matter of WhatsApp Ireland Limited made pursuant to Section 111 of the Data Protection Act 2018
20 August 2021
Decision by the SA
… Authority regarding WhatsApp Ireland under Article 65(1)(a) GDPR … Decision in the matter of WhatsApp Ireland Limited …
Dutch DPA: PVV Overijssel fined for failing to report data breach
11 May 2021
News
… safeguards The General Data Protection Regulation (GDPR) provides additional safeguards for people's political … safeguards The General Data Protection Regulation (GDPR) provides additional safeguards for people's political …
Fines proposed for two municipalities
10 March 2020
News
… of security under the General Data Protection Regulation (GDPR). For the municipalities of Gladsaxe and Hørsholm … of security under the General Data Protection Regulation (GDPR). For the municipalities of Gladsaxe and Hørsholm …
Italian DPA: The Italian SA issues a warning to the Campania Region
26 May 2021
News
… the system was in breach of basic principles of the EU GDPR such as lawfulness, fairness, transparency, and privacy … the system was in breach of basic principles of the EU GDPR such as lawfulness, fairness, transparency, and privacy …
Commercial prospecting: French SA fined CEGEDIM SANTÉ EUR 800 000
17 September 2024
News
… obligation to process data lawfully (Article 5.1.a of the GDPR). The company used the “HRi” teleservice set up by the … obligation to process data lawfully (Article 5.1.a of the GDPR). The company used the “HRi” teleservice set up by the …
European Data Protection Board - 45th Plenary session
3 February 2021
Press releases
… and aim to provide clarity as to the application of the GDPR in the domain of scientific health research. The EDPB … and aim to provide clarity as to the application of the GDPR in the domain of scientific health research. The EDPB …
Audio recording requires legal basis. Administrative fine imposed on Warsaw Centre for Intoxicated Persons.
6 July 2022
News
… invoke any of the grounds listed in Article 6.1 of the GDPR, and in particular the one indicated in Article 6.1(c), … invoke any of the grounds listed in Article 6.1 of the GDPR, and in particular the one indicated in Article 6.1(c), …
One-Stop-Shop case digest on Security of Processing and Data Breach Notification
18 January 2024
Support Pool of Experts projects
… Experts projects EDPB … Since the entry into force of the GDPR, data protection authorities (DPAs) have closely … insights into how DPAs have interpreted and applied GDPR provisions on security and data breaches in diverse … from the EDPB’s public register (based on Article 60 of the GDPR). Such case digests complement the EDPB's public …
Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards
20 September 2019
News
… of confidentiality, as set out in Article 5 (1)(f) of the GDPR. Therefore, there has been unauthorised access to and … of confidentiality, as set out in Article 5 (1)(f) of the GDPR. Therefore, there has been unauthorised access to and …
Belgian SA: a baptized person has the right to be deleted from the baptismal register
11 January 2024
News
… the register. The right to data deletion, enshrined in the GDPR, is not absolute and can only be exercised under … the register. The right to data deletion, enshrined in the GDPR, is not absolute and can only be exercised under …
AUDITOR conformity assessment
… cloud service provider as processor pursuant to Article 28 GDPR, as well as limited processing operations conducted by …