30 August 2022
… fine, Cooperation with the supervisory authority, Personal data breach Summary of the Decision Origin of the case TIMSHEL notified a personal data breach to the supervisory authority by e-mail. However, … fine, Cooperation with the supervisory authority, Personal data breach Summary of the Decision Origin of the case …
11 September 2020
… 11 September 2020 Poland The President of the Personal Data Protection Office, after having found a personal data breach by the Warsaw University of Life Sciences … The President of the Personal Data Protection Office, after having found a personal data breach by the Warsaw University of Life Sciences (SGGW), …
16 December 2022
… 12 and 21 of the GDPR), obligation to secure personal data (Article 32 of the GDPR), obligation to document a personal data breach (Article 33 of the GDPR) Decision: infringement of … 12 and 21 of the GDPR), obligation to secure personal data (Article 32 of the GDPR), obligation to document a …
7 October 2020
… The Belgian Data Protection Authority has issued a warning and reprimand … institution for wrongful processing of personal data from the National Register. 7 October 2020 Belgium The … has the competence to take action in the case of a breach against environmental legislation, for example in the …
10 March 2020
… for two municipalities 10 March 2020 Denmark The Danish Data Protection Agency has reported the municipality of … of an adequate level of security under the General Data Protection Regulation (GDPR). For the municipalities of … both municipalities notified the agency of personal data breaches relating to the theft of computers containing …
12 October 2023
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 14 … processing), Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
15 January 2024
… Article 5 (Principles relating to processing of personal data), Article 12 (Transparent information, communication … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … carried out two investigations on the company. It found breaches concerning the time user account data was kept, the …
3 December 2019
… Fine against hospital due to data protection deficits in patient management 3 December 2019 Germany The Commissioner for Data Protection and the Freedom of Information … in Rhineland-Palatinate. The fine is based on several breaches of the General Data Protection Regulation in the …
13 July 2021
… Polish SA: Personal data carrier must be secured 13 July 2021 Poland The … President of the District Court did not secure the company data carrier, but only instructed his employees to do it … to the scope of the personal data disclosed, the indicated breach caused a high risk of infringement of rights or …
16 October 2020
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Data security … 2020 LSA: UK CSAs: All SAs Legal Reference: Personal data breach (Articles 33 and 34), Security of processing …
20 December 2022
… Processing the personal data by a processor must be documented 20 December 2022 … of the case The Polish SA has been notified of a personal data breach at the Sułkowice Cultural Centre. In the course of … of the case The Polish SA has been notified of a personal data breach at the Sułkowice Cultural Centre. In the course …
11 February 2021
… School of Judiciary and Public Prosecution (KSSIP) for breaching the GDPR rules 11 February 2021 Poland The … its obligations as a controller. According to the Personal Data Protection Office, the controller did not take the … measures in order to ensure the security of personal data contained in the copy of the database of the training …
18 August 2020
… Spanish Data Protection Authority (AEPD) imposes fine on company for … advertisement exclusion 18 August 2020 Spain The Spanish Data Protection Authority (AEPD) imposed a fine of 1.200 EUR … the promotion. The AEPD considered that this constitutes a breach of Article 48(1)(b) of the Spanish Law 9/2014 General …
31 May 2023
… fine, Cooperation, Employment, Notification of personal data breach Summary of the Decision Origin of the case The … This documentation contained, inter alia, personal data of the controller's employees and persons who were … fine, Cooperation, Employment, Notification of personal data breach Summary of the Decision Origin of the case …
12 January 2022
… use of the Pegasus spyware Guidelines on examples regarding data breach notifications (following public consultation) Opinion … authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by … use of the Pegasus spyware Guidelines on examples regarding data breach notifications (following public consultation) …
8 September 2022
… Supervisory Authority fines Enel Energie Muntenia S.A. for breaching Article 32 GDPR 8 September 2022 Romania … of processing (Article 32). Notification of a personal data breach to the supervisory authority (Article 33). … Infringement of the GDPR, Corrective measures. Key words: Data breach, security of processing. Summary of the …
25 September 2025
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 … processing), Article 34 (Communication of a personal data breach to the data subject), Article 38 (Position of the …
1 December 2019
… Hamburg Data Protection Commissioner's €51,000 fine against Facebook … GmbH 1 December 2019 Germany The Hamburg Commissioner for Data Protection and Freedom of Information imposed a fine of … of personal data of users. Given the negligence of the breach and the fact that Facebook only failed to notify an …
2 February 2024
… Data brokers: French SA fined Tagadamedia €75,000 2 February … professionals in the sector, in particular those who resell data, including many intermediaries in this ecosystem, known … operation of any legal basis. The French SA found two breaches of the GDPR: Failure to comply with the obligation …
6 February 2025
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data), Article 28 (Processor), Article 34 (Communication of a personal data breach to the data subject), Article 33 (Notification of a …