28 May 2019
… amounts to EUR 2 000 and concerns the misuse of personal data for election purposes. Although the fine is modest, the message is not: Data protection is an important matter to us all, but data …
30 April 2025
… Imposition of a fine on a bank for an incident of personal data breach 30 April 2025 Greece Background information Date … and Confidentiality), Article 15 (Right of access by the data subject), Article 25.1 (Data protection by design and by default), Article 32 (Security …
17 May 2023
… Health data and use of cookies: French SA fines DOCTISSIMO 17 May … 5 (1)(e)(Principles relating to processing of personal data: storage limitation), Article 9 (Processing of special … four breaches of the GDPR and a breach of the French Data Protection Act by DOCTISSIMO: A failure to store data for no …
7 November 2019
… with Article 32 paragraphs (1) and (2) of the General Data Protection Regulation. The investigation was carried out as a result of a data breach notification of the supervisory authority by SC …
30 June 2021
… - Improvements are needed 30 June 2021 Germany The data protection supervisory authorities of several German States … to the protection of their IT systems and their personal data. Initial adjustments made by some controllers have not …
… Guidelines During its first plenary meeting the European Data Protection Board endorsed the GDPR related WP29 Guidelines: … 2016/679, WP248 rev.01 Guidelines on Data Protection Officers ('DPO'), WP243 rev.01 Guidelines for identifying a …
27 January 2023
… agency for not responding to requests to exercise the data subjects rights 27 January 2023 Finland Background … that the company had not replied to requests to access the data subjects’ data. One of the complainants had received a … regularly failed to reply to requests concerning the data protection rights of the data subject. The Finnish SA finds …
27 February 2024
… Coordinated Enforcement Action, Designation and Position of Data Protection Officers 17 January 2024 Publication Type: Other Topics: …
16 May 2023
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security …
30 June 2021
… Article 13 (Information to be provided where personal data are collected from the data subject) Article 37 (Designation of the data protection officer) Keywords Transparency Right to be informed Data …
8 July 2021
… the Customers and Employees 8 July 2021 Lithuania The State Data Protection Inspectorate (SDPI) has carried out an investigation into processing of biometric personal data in a sports club and imposed a fine in the amount of …
4 November 2022
… Article 5 (Principles relating to processing of personal data) Article 6 (Lawfulness of processing) Article 7 (Conditions for consent) Article 38 (Position of the data protection officer) Keywords Lawfulness of processing Consent Data …
6 January 2023
… on Viking Line for unlawful processing of employees' health data 6 January 2023 Finland Sweden Estonia Norway Background … Controller: Viking Line Oy Abp Legal Reference: accuracy of data (Article 5(1)(d)), data protection by design and by default (Article 25(1)), right …
4 November 2019
… the implementation of adequate safeguards in the automated data processing system during the settlement process of card … such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an …
13 January 2021
… 13 January 2021 Poland The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 1.9 million … measures to ensure the security of the processed data. UODO stated that the company infringed the principles …
19 January 2021
… Guidelines 01/2021 on Examples regarding Data Breach Notification Start Date: 19 January 2021 End … Topics: Cybersecurity and data breach The European Data Protection Board welcomes comments on the Guidelines … their obligation to immediately report it to the security officer. Emphasize the need of identifying the type of the …
1 February 2021
… to additional social platforms The Garante (Italian data protection authority) is stepping up its action to protect … to additional social platforms The Garante (Italian data protection authority) is stepping up its action to …
8 September 2020
… Hatóság (Hungarian National Authority for Data Protection and Freedom of Information, hereinafter: … Authority) imposed a total of 4.5 million forints in data protection fines on Mediarey Hungary Services Zrt. …
6 December 2024
… fine imposed on Posti for unlawful processing of personal data 6 December 2024 Finland Background information Date of … Article 13 (Information to be provided where personal data are collected from the data subject) Article 5 … relating to processing of personal data) Article 25 (Data protection by design and by default) Decision: …
8 May 2024
… € 856,000 for failing to define storage period of customer data 8 May 2024 Finland Background information Date of final … Article 5 (Principles relating to processing of personal data), Article 25 (Data protection by design and by default) Decision: …