Search results | European Data Protection Board

Data Protection Code of Conduct for Cloud Infrastructure Service Providers
3 June 2021
Decision by the SA
… France Type Code for Controllers/Processors subject to GDPR Scope Transnational Monitoring Body EY CERTIFYPOINT BV … 2021_cispe_cloud_iaas_data_protection_code_of_conduct_-_gdpr_compliance.pdf 1.4MB Download file 1 …
EU Cloud Code of Conduct
20 May 2021
Decision by the SA
… Belgium Type Code for Controllers/Processors subject to GDPR Scope Transnational Monitoring Body Scope Europe, …
EDPBI:UK:OSS:D:2020:147
16 October 2020
… measures, as required by Article 5(1)(f) and by Article 32 GDPR. The LSA concluded that there are a number of … constitute a serious failure to comply with the GDPR. The LSA decided to impose on the controller an …
The Norwegian SA issues fine and order company to establish procedures after unlawful credit rating
17 December 2021
News
… Legal basis (Article 6) Decision: Infringement of the GDPR, Order to establish procedures Key words: Credit Rating … Legal basis (Article 6) Decision: Infringement of the GDPR, Order to establish procedures Key words: Credit Rating …
Processing of personal data related to Danish research projects
3 October 2022
News
… 32) Decision: in accordance with the GDPR Key words: sensitive data, health records, research … 32) Decision: in accordance with the GDPR Key words: sensitive data, health records, research …
Norwegian Supervisory Authority issues fine to the Norwegian parliament
4 March 2022
News
… of personal data (Art. 5) Decision: Infringement of the GDPR and fine imposed Key words: Information Security, … of personal data (Art. 5) Decision: Infringement of the GDPR and fine imposed Key words: Information Security, …
Spanish Data Protection Authority (AEPD) imposes fine on company for not complying with advertisement exclusion
18 August 2020
News
… to processing for marketing purposes under Article 21 GDPR. However, the company did not comply with its … to processing for marketing purposes under Article 21 GDPR. However, the company did not comply with its …
Join the stakeholder event on EDPB opinion on ‘AI models’
11 October 2024
News
… on issues relating to the request for an Art. 64(2) GDPR opinion on artificial intelligence ("AI") submitted to … on issues relating to the request for an Art. 64(2) GDPR opinion on artificial intelligence ("AI") submitted to …
Polish DPA: A data breach must be notified to the supervisory authority
11 January 2021
News
… not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative … DPA reminds that pursuant to Article 33 (1) and (3) of the GDPR, in the case of a personal data breach, the controller … not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative …
Polish SA: record fine imposed on Fortum Marketing and Sales Polska S.A. for personal data breach
17 March 2022
News
… (Art. 32(1) and Art. 32(2)). Decision: infringement of the GDPR, administrative fine. Key words: responsibility of the … The Polish DPA found that the controller infringed the GDPR provisions i.e. Art. 5(1)(f), Art. 24(1), Art. 25(1), … (Art. 32(1) and Art. 32(2)). Decision: infringement of the GDPR, administrative fine. Key words: responsibility of the …
State Commissioner for Data Protection in Lower Saxony imposes € 10.4 million fine against notebooksbilliger.de
26 January 2021
News
… Lower Saxony under the General Data Protection Regulation (GDPR). The GDPR enables supervisory authorities to impose fines of up … Lower Saxony under the General Data Protection Regulation (GDPR). The GDPR enables supervisory authorities to impose …
Polish DPA Fines ENEA S.A.: A data breach must be notified to the supervisory authority
11 January 2021
News
… not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative … DPA reminds that pursuant to Article 33 (1) and (3) of the GDPR, in the case of a personal data breach, the controller … not complied with the obligation under Article 33 of the GDPR. When determining the amount of the administrative …
The President of the Personal Data Protection Office imposes a fine in cross-border proceedings
10 July 2020
News
… it and does not fulfil the obligation – provided for in the GDPR – to provide it with access to personal data and other … of the personal data protection system specified by the GDPR), the intentional nature of the breach and the … it and does not fulfil the obligation – provided for in the GDPR – to provide it with access to personal data and other …
July Plenaries - adopted documents
2 August 2022
News
… Ireland Limited (Meta IE)). In accordance with Art. 65 (5) GDPR, the EDPB will publish its decision on its website … Ireland Limited (Meta IE)). In accordance with Art. 65 (5) GDPR, the EDPB will publish its decision on its website …
Swedish DPA: Investigation of 1177-incident finalized
11 June 2021
News
… calling 1177 with information according to the rules in the GDPR and the Patient Records Act, for example how their … and medical care laid down by law. This is a breach of the GDPR’s principle of lawfulness. Further to the … on behalf of Medhelp. The Data Protection Regulation, the GDPR, lays down obligations also for processors, i.e. …
Reprimand for disclosure of the list of quarantined persons
25 November 2020
News
… constitutes personal data within the meaning of the GDPR, and the fact that persons are in quarantine … controller is subject to the obligations resulting from the GDPR. UODO also took into account that the confidentiality … to ensure the security of processing. Article 33(1) of the GDPR sets forth that in the case of a personal data breach, …
Autodesk Group
24 May 2022
… national decision Autodesk processor 401.8KB Download Pre-GDPR No … Autodesk Group …
Autodesk Group
24 May 2022
… SA national decision Autodesk 2023 402.8KB Download Pre-GDPR No … Autodesk Group …
Norwegian DPA: Waxing Palace AS fined
28 October 2021
News
… to be in breach of the General Data Protection Regulation (GDPR). The fine amount is based on an overall assessment, … to be in breach of the General Data Protection Regulation (GDPR). The fine amount is based on an overall assessment, …
Norwegian DPA issues fine to Gveik AS
11 February 2021
News
… personal purposes The General Data Protection Regulation (GDPR) requires that all processing of personal data must … personal purposes The General Data Protection Regulation (GDPR) requires that all processing of personal data must …