Search results | European Data Protection Board

Personal data breach at the Breiðholt Upper Secondary School – Administrative fine
10 March 2020
News
… violations of, inter alia, Art. 5(1)f and Art. 32 of the GDPR. When determining the fine, the SA referred to the … violations of, inter alia, Art. 5(1)f and Art. 32 of the GDPR. When determining the fine, the SA referred to the …
Polish SA: administrative fine of 210 € for failure to notify personal data breach to supervisory authority
28 November 2024
News
… Office then explained the procedure resulting from the GDPR. In the case of such an incident, the risk to which the … a fine of 210 € for infringement of Article 33 of the GDPR. For further information: Decision in national … Office then explained the procedure resulting from the GDPR. In the case of such an incident, the risk to which the …
The Norwegian SA issues fine to the Municipality of Østre Toten for flawed information security
7 July 2022
News
… the controller (Article 24) Decision: Infringement of the GDPR, Order to comply Key words: Cyber attack, Ransomware, … the controller (Article 24) Decision: Infringement of the GDPR, Order to comply Key words: Cyber attack, Ransomware, …
The Norwegian SA issues fine to the Norwegian Public Service Pension Fund
24 November 2021
News
… 5), Legal basis (Article 6) Decision: Infringement of the GDPR Key words: Income Data, Lack of Procedures, Special … 5), Legal basis (Article 6) Decision: Infringement of the GDPR Key words: Income Data, Lack of Procedures, Special …
Dutch SA fines Booking.com for delay in reporting data breach
10 December 2020
News
… authority, article 33 (1) Decision: Infringement of the GDPR, administrative fine Key words: Data breach, delayed … authority, article 33 (1) Decision: Infringement of the GDPR, administrative fine Key words: Data breach, delayed …
Finnish SA: Administrative fine on business directory operator for infringements of the right to obtain call recordings
6 July 2023
News
… method of delivering call recordings in accordance with the GDPR. Neither did the company inform the Finnish SA of … method of delivering call recordings in accordance with the GDPR. Neither did the company inform the Finnish SA of …
Slovenian SA: schools must adhere to the principle of data protection by design and by default
20 May 2025
Press releases
… by design and by default, as mandated by Article 25 of the GDPR. The inspection procedure revealed a lack of proper … by design and by default, as mandated by Article 25 of the GDPR. The inspection procedure revealed a lack of proper …
Biometrics for attendance recording. The Italian SA fines a high school
16 September 2025
News
… Garante found several infringements of the EU Regulation (GDPR), including the lack of clear and transparent … Garante found several infringements of the EU Regulation (GDPR), including the lack of clear and transparent …
Decision in the matter of TikTok Technology Limited made pursuant to Section 111 of the Data Protection Act, 2018 and Articles 60 and 65 of the General Data Protection Regulation
15 September 2023
Binding decision of the Board (Art. 65)
… the Irish SA regarding TikTok Technology Limited (Art. 65 GDPR) … Decision in the matter of TikTok Technology Limited …
Polish DPA: The incident must be notified to the supervisory authority and the data subjects
30 June 2021
News
… therein in accordance with the requirements under the GDPR. The Polish DPA asked the Foundation to indicate … proceedings against the Foundation. Pursuant to the GDPR, in case of a personal data breach, the controller … therein in accordance with the requirements under the GDPR. The Polish DPA asked the Foundation to indicate …
Finnish DPA imposed three administrative fines for data protection violations
27 May 2020
News
… had not made the impact assessment required by the GDPR before starting to process the location data. The … controller’s documentation related to compliance with the GDPR. The company had asked for information on matters such … had not made the impact assessment required by the GDPR before starting to process the location data. The …
Twenty-first plenary session of the European Data Protection Board - Letter concerning the European Commission's draft Guidance on apps supporting the fight against the COVID-19 pandemic
14 April 2020
Press releases
… of advising and ensuring the correct application of the GDPR and the E-Privacy Directive, to be fully involved in … of advising and ensuring the correct application of the GDPR and the E-Privacy Directive, to be fully involved in …
The Romanian National Supervisory Authority issues a fine against FAN COURIER EXPRESS SR
28 October 2019
News
… the provisions of Article 5 paragraph (1) letter f) of the GDPR. Legal and Communication Department To read the press … the provisions of Article 5 paragraph (1) letter f) of the GDPR. Legal and Communication Department To read the press …
CEF 2025: EDPB selects topic for next year’s Coordinated Action
10 October 2024
News
… the first semester of 2025. The right to erasure (Art.17 GDPR) is one of the most frequently exercised data … the first semester of 2025. The right to erasure (Art.17 GDPR) is one of the most frequently exercised data …
The Norwegian Supervisory Authority has fined the Norwegian Labour Inspection Authority
16 May 2022
News
… by the data subject (Art. 15) Decision: Infringement of the GDPR and fine imposed, Reprimand Key words: Credit rating … by the data subject (Art. 15) Decision: Infringement of the GDPR and fine imposed, Reprimand Key words: Credit rating …
Icelandic SA: administrative fine imposed on the Primary Health Care of the Capital area for the unlawful processing in relation to the integration of medical record systems.
7 March 2025
News
… lawfulness of the processing (Articles 5.1 (a), 6.1 and 9.1 GDPR). Decision The Icelandic SA imposed a fine of 33 854 … lawfulness of the processing (Articles 5.1 (a), 6.1 and 9.1 GDPR). Decision The Icelandic SA imposed a fine of 33 854 …
Decision concerning a complaint directed against Meta Platforms Ireland Limited in respect of the Facebook service made pursuant to Section 113 of the Data Protection Act 2018 (Inquiry 18-5-5)
12 January 2023
Decision by the SA
… Platforms Ireland Limited and its Facebook service (Art. 65 GDPR) … Decision concerning a complaint directed against …
Data Pro Code
20 August 2020
Decision by the SA
… Netherlands Type Code for Controllers/Processors subject to GDPR Scope National Opinion/Guideline References Guidelines …
Code of Conduct regulating the processing of personal data in clinical trials and other clinical research and pharmacovigilance activities (English and Spanish versions)
10 February 2022
Decision by the SA
… Spain Type Code for Controllers/Processors subject to GDPR Scope National Monitoring Body Internal Code of Conduct …
CoC regulating the sector of job agencies
11 January 2024
Other
… Italy Type Code for Controllers/Processors subject to GDPR Scope National Monitoring Body (website under …