Search results | European Data Protection Board

Polish SA: administrative fine of EUR 4 022 773 for McDonald’s Polska sp. z o.o. and EUR 43 680 for 24/7 Communication Sp. z o.o. for negligence in risk analysis and safeguards
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 … data subject), Article 38 (Position of the data protection officer) Decision: Administrative fine Key words: …
Danish DPA set to fine furniture company
11 June 2019
News
… to fine furniture company 11 June 2019 Denmark The Danish Data Protection Agency has reported IDDesign A/S and proposed a fine of DKK 1,5 million for failure to delete data about 385.000 customers. In the autumn of 2018, the … The Danish Data Protection Agency has reported IDDesign A/S and …
Luxembourg’s supervisory authority CNPD has published 18 decisions on the outcome of investigations
9 June 2021
News
… and of the thematic audit campaign on the role of the data protection officer (DPO). These decisions concern the adoption of … and of the thematic audit campaign on the role of the data protection officer (DPO). These decisions concern the …
EDPBI:DEBE:OSS:D:2020:99
7 April 2020
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Data retention Right to erasure … the controller informs the complainant that his personal data have been the subject of a data leak. The controller …
Fine proposed for Danish recruitment company
15 May 2020
News
… Danish recruitment company 15 May 2020 Denmark The Danish Data Protection Authority considers that in a case on the right … JobTeam has not met the basic requirements of the General Data Protection Regulation (GDPR) that personal data must be … The Danish Data Protection Authority considers that in a case on the …
Norwegian DPA issues fine to Cyberbook AS
11 February 2021
News
… fine to Cyberbook AS 11 February 2021 Norway The Norwegian Data Protection Authority has fined Cyberbook AS EUR 20 000 (NOK … being informed of it. After reviewing the matter, the Data Protection Authority finds that the forwarding is in … The Norwegian Data Protection Authority has fined Cyberbook AS EUR 20 000 …
Polish SA: administrative fine of 262 500 € for hidden video surveillance in neonatology department and failure to implement appropriate security measures
2 May 2025
News
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 13 (Information to be provided where … 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security …
Norwegian DPA issues fine to Aquateknikk AS
23 February 2021
News
… to Aquateknikk AS 23 February 2021 Norway The Norwegian Data Protection Authority has fined Aquateknikk AS EUR 10,000 … or any other connection with the company. The General Data Protection Regulation requires that all processing of … The Norwegian Data Protection Authority has fined Aquateknikk AS EUR …
Swedish DPA: Police unlawfully used facial recognition app
12 February 2021
News
… 12 February 2021 Sweden The Swedish Authority for Privacy Protection finds that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using Clearview AI to identify individuals. … that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using …
Personal data breach at the National Center of Addiction Medicine – Administrative fine
10 March 2020
News
… Personal data breach at the National Center of Addiction Medicine – … of Addiction Medicine in a case relating to a personal data breach. The National Center of Addiction Medicine is an … a result of a lack of implementation of appropriate data protection policies and appropriate technical and …
Lithuanian DPA imposes fine for improperly processed personal data of the parents of an adopted child
21 October 2020
News
… DPA imposes fine for improperly processed personal data of the parents of an adopted child 21 October 2020 Lithuania The State Data Protection Inspectorate – personal data protection … The State Data Protection Inspectorate – personal data protection … DPA imposes fine for improperly processed personal data of the parents of an adopted child …
EDPBI:DEBE:OSS:D:2019:46
3 September 2019
… and modalities for the exercise of the rights of the data subject) Article 13 (Information to be provided where personal data are collected from the data subject) Article 14 (Information to be provided where … and the link to a portal for en- quiries from data subjects are now also integrated as a contact option. …
The Icelandic DPA has fined a company running ice cream parlours for processing employee‘s personal data via video surveillance camera installed in an employee area.
29 June 2021
News
… ice cream parlours for processing employee‘s personal data via video surveillance camera installed in an employee … ice cream parlours for processing employee‘s personal data via video surveillance camera installed in an employee area. The Icelandic Data Protection Authority has issued an administrative fine in …
Initial conclusions from the Hellenic DPA’s “ex officio” GDPR compliance investigation
31 January 2019
News
… to a) explore the level of compliance with the General Data Protection Regulation (GDPR) -six months after its entry … a sufficient degree, more than 70%, of Data Protection Officers’ designation was noted in the private sector. On … to a) explore the level of compliance with the General Data Protection Regulation (GDPR) -six months after its …
Polish SA: administrative fine of 5 625 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key … Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 …
Polish SA: administrative fine of 81 000 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data), Article 28 (Processor), Article 34 (Communication of … Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 …
Polish DPA: Breach of the GDPR provisions by Funeda results in a fine
19 March 2021
News
… Sp. z o.o. company breached the provisions of the General Data Protection Regulation (GDPR) by not cooperating with Polish Data Protection Authority in the scope of performing the … Sp. z o.o. company breached the provisions of the General Data Protection Regulation (GDPR) by not cooperating with …
Polish SA: administrative fine of EUR 7 800 for non-public health care centre in Pyskowice for failing to carry out appropriate risk analysis
16 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), …
EDPBI:DEBE:OSS:D:2020:130
24 July 2020
… 17 (Right to erasure (‘right to be forgotten’)) Keywords Data subject rights Right to erasure Outcome Reprimand … reprimand Noisli Ltd. for an infringement of the General Data Protection Regulation (GDPR). Justification: Our decision is … 17) Decision: Reprimand to the Controller Key words: Data subjects right; Right to erasure Summary of the …
Norwegian DPA: Dragefossen AS fined
13 May 2021
News
… DPA: Dragefossen AS fined 13 May 2021 Norway The Norwegian Data Protection Agency has fined the power company Dragefossen AS … on YouTube and the company’s own website. Up until the Data Protection Authority contacted the company, it was … The Norwegian Data Protection Agency has fined the power company …