8 September 2021
… national case Controller: AG2R LA MONDIALE Legal Reference: Data retention period (Article 5.1.e GDPR), Information … Key words: Insurances, data retention, information Summary of the Decision Origin … comply with articles 5-1-e, 13 and 14 of the GDPR. Decision Breach of Article 5-1-e of the GDPR The company had not …
20 September 2019
… 20 September 2019 Poland The President of the Personal Data Protection Office imposed a fine of an amount higher … and technical measures for the protection of personal data were not appropriate to the risk posed by the … the fine, the supervisory authority concluded that the breach which took place in this case was of considerable …
26 March 2019
… First fine imposed by the President of the Personal Data Protection Office 26 March 2019 Poland The President of the Personal Data Protection Office (UODO) imposed its first fine for the … of the Personal Data Protection Office considered the breach to be serious, since it concerns the fundamental …
15 January 2024
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 13 (Information to be provided where personal data are collected from the data subject) Decision: … facility is rented out for events or other gatherings, in breach of Article 6. Furthermore, the Icelandic SA …
29 June 2021
… ice cream parlours for processing employee‘s personal data via video surveillance camera installed in an employee … ice cream parlours for processing employee‘s personal data via video surveillance camera installed in an employee … amount of the fine was that the company was found to be in breach of numerous provisions of the Icelandic Act No. …
4 May 2021
… green pass and it is affected additionally by several data protection shortcomings including the lack of any … Contrary to the requirements laid down in the EU General Data Protection Regulation, the decree does not specify the … of the controller of the processing at issue, which is in breach of the transparency principle and hampers or …
28 October 2021
… Decision Origin of the case Image files containing health data about people with no connection to the municipality … to staff at the health clinic. Key Findings The Norwegian Data Protection Authority noted that the municipality did … internal deficiencies in its access management. This is a breach of the requirements regarding personal data security …
14 January 2021
… standard contractual clauses for the transfer of personal data to third countries for the matters referred to in … 4.3.1 Clause 1 - Data protection safeguards – Module One (Transfer controller … clauses are suspended or prohibited in the event of the breach of such clauses or if it is impossible to honour …
18 July 2023
… Romanian SA fines UiPath SRL for breaching Articles 25 and 32 GDPR 18 July 2023 Romania … Controller: UiPath SRL Legal references: Article 25 (Data protection by design and by default), Article 32 … Decision: Administrative fine, Compliance order Key words: Data protection by design and by default, Personal data …
20 November 2019
… Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Start Date: 20 … The security of personal data shall both prevent data breach incidents as well as facilitate the proper execution …
20 July 2020
… be carried out 20 July 2020 The President of the Personal Data Protection Office (UODO), after having conducted an … (Główny Geodeta Kraju, GGK). The President of the Personal Data Protection established that the Surveyor General of … the General Data Protection Regulation (GDPR), where the breach consisted in failure to provide the supervisory …
16 June 2022
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Personal data …
14 January 2021
… ..................................................7 4.2.5 Data Subject rights (Clause 8 of the Draft … Adopted 3 The European Data Protection Board and the European Data Protection … at the latest to notify the controller of a personal data breach. Such delay may be short in some situations and may …
5 March 2020
… a school 5 March 2020 Poland The President of the Personal Data Protection Office imposed a fine of PLN 20 000 in connection with the breach consisting in the processing of biometric data of children when using the school canteen. The school …
26 May 2021
… certify COVID-19 vaccination, recovery or negativity was in breach of privacy laws. The certification was intended to be … this processing, who was authorised to access and use the data, or who was tasked with checking that the certificates … default. At all events, the Region should have performed a data protection impact assessment beforehand in order to …
18 February 2021
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Personal data …
26 October 2021
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Personal data …
24 January 2024
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Data security …
16 November 2021
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Personal data …
9 September 2022
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Notification of …