Search results | European Data Protection Board

Norwegian DPA: Dragefossen AS fined
13 May 2021
News
… contravened Article 6(1) and Article 5(1)(a) of the GDPR. In its decision, the Data Protection Authority has … contravened Article 6(1) and Article 5(1)(a) of the GDPR. In its decision, the Data Protection Authority has …
Fine proposed for Danish recruitment company
15 May 2020
News
… requirements of the General Data Protection Regulation (GDPR) that personal data must be processed lawfully, fairly … requirements of the General Data Protection Regulation (GDPR) that personal data must be processed lawfully, fairly …
Finnish SA: Administrative fine on Viking Line for unlawful processing of employees' health data
6 January 2023
News
… of the processing of their personal data as required by the GDPR. For further information: press release: … of the processing of their personal data as required by the GDPR. For further information: press release: …
Polish SA: administrative fine of € 24.000 for failure to notify a personal data breach
14 March 2024
News
… administrative fine, on the basis of on Article 83 (2) (a) GDPR, taking into account aggravating circumstances such as: … administrative fine, on the basis of on Article 83 (2) (a) GDPR, taking into account aggravating circumstances such as: …
AUDITOR conformity assessment
… cloud service provider as processor pursuant to Article 28 GDPR, as well as limited processing operations conducted by …
Decision in the matter of WhatsApp Ireland Limited made pursuant to Section 111 of the Data Protection Act 2018
20 August 2021
Decision by the SA
… Authority regarding WhatsApp Ireland under Article 65(1)(a) GDPR … Decision in the matter of WhatsApp Ireland Limited …
EDPB-EDPS Joint Opinion 1/2021 on standard contractual clauses between controllers and processors
14 January 2021
EDPB/EDPS Joint Opinion
… Directive 95/46/EC (General Data Protection Regulation or “GDPR”) establishes, in its Article 28, a set of provisions … be incorporated in it. 2. According to Article 28 (3) GDPR, the processing by a processor shall be governed by a … on behalf of the controller. 3. Under Article 28 (6) GDPR, without prejudice to an individual contract between …
The Swedish Data Protection Authority issues fine against the National Government Service Centre
30 April 2020
News
… The documentation of the breach, as required under the GDPR, was also found incomplete with regards to the NGSC’s … The documentation of the breach, as required under the GDPR, was also found incomplete with regards to the NGSC’s …
AI: the Italian Supervisory Authority fines company behind chatbot “Replika”
21 May 2025
News
… 6; Articles 5.1 (a), 12, 13, 5.1 (c), 24 and 25.1 of the GDPR. Additionally, the Italian SA reserves the right to … 6; Articles 5.1 (a), 12, 13, 5.1 (c), 24 and 25.1 of the GDPR. Additionally, the Italian SA reserves the right to …
Dutch DPA: PVV Overijssel fined for failing to report data breach
11 May 2021
News
… safeguards The General Data Protection Regulation (GDPR) provides additional safeguards for people's political … safeguards The General Data Protection Regulation (GDPR) provides additional safeguards for people's political …
Fines proposed for two municipalities
10 March 2020
News
… of security under the General Data Protection Regulation (GDPR). For the municipalities of Gladsaxe and Hørsholm … of security under the General Data Protection Regulation (GDPR). For the municipalities of Gladsaxe and Hørsholm …
Italian DPA: The Italian SA issues a warning to the Campania Region
26 May 2021
News
… the system was in breach of basic principles of the EU GDPR such as lawfulness, fairness, transparency, and privacy … the system was in breach of basic principles of the EU GDPR such as lawfulness, fairness, transparency, and privacy …
January plenary - adopted documents
27 February 2024
News
… Officers 17 January 2024 Publication Type: Other Topics: GDPR enforcement Cooperation between authorities Members: …
Audio recording requires legal basis. Administrative fine imposed on Warsaw Centre for Intoxicated Persons.
6 July 2022
News
… invoke any of the grounds listed in Article 6.1 of the GDPR, and in particular the one indicated in Article 6.1(c), … invoke any of the grounds listed in Article 6.1 of the GDPR, and in particular the one indicated in Article 6.1(c), …
Commercial prospecting: French SA fined CEGEDIM SANTÉ EUR 800 000
17 September 2024
News
… obligation to process data lawfully (Article 5.1.a of the GDPR). The company used the “HRi” teleservice set up by the … obligation to process data lawfully (Article 5.1.a of the GDPR). The company used the “HRi” teleservice set up by the …
Polish SA: administrative fine of EUR 7 800 for non-public health care centre in Pyskowice for failing to carry out appropriate risk analysis
16 September 2025
News
… infringement of Articles 24(1), 25(1) and 32(1,2) of the GDPR. For further information: National press release: … infringement of Articles 24(1), 25(1) and 32(1,2) of the GDPR. For further information: National press release: …
Belgian SA: a baptized person has the right to be deleted from the baptismal register
11 January 2024
News
… the register. The right to data deletion, enshrined in the GDPR, is not absolute and can only be exercised under … the register. The right to data deletion, enshrined in the GDPR, is not absolute and can only be exercised under …
Polish SA: administrative fine of 4 375 273 € for ING Bank Śląski S.A. for scanning customers’ identity cards without appropriate purpose analysis
25 September 2025
News
… of Articles 5 (1)(a,b,c) and Article 6 (1) of the GDPR. For further information: • National press release: … of Articles 5 (1)(a,b,c) and Article 6 (1) of the GDPR. For further information: • National press release: …
Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards
20 September 2019
News
… of confidentiality, as set out in Article 5 (1)(f) of the GDPR. Therefore, there has been unauthorised access to and … of confidentiality, as set out in Article 5 (1)(f) of the GDPR. Therefore, there has been unauthorised access to and …
Facial recognition: Italian SA fines Clearview AI EUR 20 million
10 March 2022
News
… the company infringed several fundamental principles of the GDPR, such as transparency, purpose limitation, and storage … the company infringed several fundamental principles of the GDPR, such as transparency, purpose limitation, and storage …