Search results | European Data Protection Board

Norwegian DPA: Reprimanded after accessing e-mail account
23 September 2021
News
… Information (Article 14 GDPR), Right of access by the data subject (Article 15 GDPR) Decision: Infringement of the … Key Findings Having investigated the complaint, the Data Protection Authority concluded that the enterprise had …
Polish DPA: Bank Millennium fined for failure to notify the breach and the data subjects about the incident
22 November 2021
News
… Millennium fined for failure to notify the breach and the data subjects about the incident 22 November 2021 Poland … S.A. Legal Reference: Notification of a personal data breach to the supervisory authority (Article 33(1)), … of the Decision Origin of the case The Personal Data Protection Office (UODO) learnt about the personal data …
Data protection issues arising in connection with the use of Artificial Intelligence
20 May 2022
News
… Data protection issues arising in connection with the use of … Article 21(2)), Appropriate Measures (Article 24(1)), Data protection by design and by default (Article 25(1), Article …
Norwegian DPA: Fine for accessing former employee’s e-mail inbox and failing to close e-mail inbox
1 July 2021
News
… legal basis After looking into the matter, the Norwegian Data Protection Authority found that the enterprise lacks a legal … of the legal basis requirement established by the General Data Protection Regulation (GDPR). Furthermore, the …
Spanish DPA imposes fine on Telefónica Móviles España
25 November 2020
News
… Móviles España 25 November 2020 Spain The Spanish Data Protection Authority (AEPD) imposed a fine of 75.000 EUR on … S.A.U., for unlawfully processing the claimant’s personal data by charging them several invoices corresponding to a …
Greece SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
16 October 2018
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the … scale as set out in the Guidelines for the Data Protection Officer (WP243) and the Impact Assessment (WP248). c. …
Legal Framework - Coordinated Supervision Committee
… of 23 October 2018. Article 62 provides that the European Data Protection Supervisor (EDPS) and the national supervisory … coordinating the supervision of the processing of personal data in an EU large scale IT system or body, office or …
Race to become new EDPB Chair officially kicked off
26 April 2023
News
… end on 15 May 2024. The following Heads of national data protection authorities (DPAs) expressed their interest to … end on 15 May 2024. The following Heads of national data protection authorities (DPAs) expressed their interest …
Hellenic SA: Ex officio audit of processing of personal data in the context of COVID-19 self-test result declaration
12 September 2022
News
… Hellenic SA: Ex officio audit of processing of personal data in the context of COVID-19 self-test result declaration … GDPR: Principles relating to processing of personal data (Article 5). Information to be provided where personal … data are collected from the data subject (Article 13). Data protection by design and by default (Article 25). Data …
Norwegian DPA fines Odin Flissenter for performing a credit check of a sole proprietorship without having a lawful basis for the processing
26 October 2020
News
… for the processing 26 October 2020 Norway The Norwegian Data Protection Authority has issued Odin Flissenter AS (Tile … about a sole proprietorship is regarded as personal data, as the owner is directly identified with the …
Polish DPA: Withdrawal of consent shall not be impeded
6 November 2019
News
… 6 November 2019 Poland The President of the Personal Data Protection Office imposed an administrative fine of over PLN … the right to withdraw consent to the processing of personal data. The company - ClickQuickNow Sp. z o.o. did not …
Norwegian DPA: Ålesund municipality fined for use of Strava
13 May 2021
News
… fined for use of Strava 13 May 2021 Norway The Norwegian Data Protection Authority has fined Ålesund municipality EUR … sessions and enables them to analyse and compare their data with their own previous performance or others’ training …
France SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
6 November 2018
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision …
Germany SAs' list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
16 October 2018
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision …
Finland SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
15 October 2018
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision …
Norway SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
16 March 2019
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision …
Netherland SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
27 September 2019
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision …
Bavarian DPA (BayLDA) calls for German company to cease the use of 'Mailchimp' tool
30 March 2021
News
… formal supervisory measures regarding a complaint by a data subject, in which the controller (an individual … and translated informally: "... We are referring to your data protection complaint against .... concerning the use of …
Italian SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
11 October 2018
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision …
Romania SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)
18 October 2018
Decision by the SA
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision …