11 February 2021
… fine to Gveik AS 11 February 2021 Norway The Norwegian Data Protection Authority has fined Gveik AS EUR 7 500 (NOK … rating on them. The individual filed a complaint with the Data Protection Authority. Credit rating for personal …
1 July 2021
… to amend agreements 1 July 2021 Norway The Norwegian Data Protection Authority’s inspection of Oslo University … hospital cannot document satisfactory control of patient data when the hospital needs laboratory services from other …
20 September 2019
… 20 September 2019 Poland The President of the Personal Data Protection Office imposed a fine of an amount higher than … and technical measures for the protection of personal data were not appropriate to the risk posed by the …
11 February 2021
… fine to Coop Finnmark 11 February 2021 Norway The Norwegian Data Protection Authority has issued a fine in the amount of EUR … in this case. Lacked legal basis All processing of personal data requires a legal basis in order to be lawful. After …
11 February 2021
… for forwarding e-mail 11 February 2021 Norway The Norwegian Data Protection Authority has fined an organization EUR 40 000 … for more than a month. After investigating the matter, the Data Protection Authority concludes that the forwarding was …
21 February 2022
… Swedish Authority for Privacy Protection (IMY) fines Region Uppsala for breaches in its … for Privacy Protection (IMY) has received two personal data breach notifications from Region Uppsala. The data breaches concern sensitive personal data sent without …
11 June 2019
… to fine furniture company 11 June 2019 Denmark The Danish Data Protection Agency has reported IDDesign A/S and proposed a fine of DKK 1,5 million for failure to delete data about 385.000 customers. In the autumn of 2018, the …
20 April 2023
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security … of more than 5 300 EUR (23 580 PLN) on the Disciplinary Officer of the Bar Association for breaching the provisions …
18 November 2025
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 7 … are collected from the data subject), Article 35 (Data protection impact assessment), Article 37 (Designation of the data protection officer), Article 38 (Position of the data protection …
7 April 2020
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Data retention … them has been de- leted. Shortly before the reported data protection violation, the controller switched to a more …
25 September 2025
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 … data subject), Article 38 (Position of the data protection officer) Decision: Administrative fine Key words: …
15 May 2020
… Danish recruitment company 15 May 2020 Denmark The Danish Data Protection Authority considers that in a case on the right … JobTeam has not met the basic requirements of the General Data Protection Regulation (GDPR) that personal data must be …
11 February 2021
… fine to Cyberbook AS 11 February 2021 Norway The Norwegian Data Protection Authority has fined Cyberbook AS EUR 20 000 (NOK … being informed of it. After reviewing the matter, the Data Protection Authority finds that the forwarding is in …
29 June 2020
… to erasure (‘right to be forgotten’)) Keywords Consumer protection Outcome Reprimand Summary 62.2KB Download … Hatóság (Hungarian National Authority for Data Protection and Freedom of Information, hereinafter: the … was launched pursuant to Article 57(1)(f) of the General Data Protection Regulation (hereinafter: GDPR), and Section …
9 June 2021
… and of the thematic audit campaign on the role of the data protection officer (DPO). These decisions concern the adoption of …
5 April 2022
… The Swedish Authority for Privacy Protection (IMY) issues an administrative fine against … Reference: principles relating to processing of personal data (Articles 5.1a, 5.2), rights of the data subject (Articles 12.1, 13.1 c, e-f, 13.2 a-b, f, 14.2 …
23 February 2021
… to Aquateknikk AS 23 February 2021 Norway The Norwegian Data Protection Authority has fined Aquateknikk AS EUR 10,000 … or any other connection with the company. The General Data Protection Regulation requires that all processing of …
2 May 2025
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 13 (Information to be provided where … 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 (Security …
5 August 2020
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Personal data … a company pro- ject as testers Berlin Commissioner for Data Protection and Freedom of Information Friedrichstr. 219 …
6 August 2020
… National Credit Register (BKR) fined for personal data access charges 6 August 2020 Netherlands The National … can no longer charge people who wish to access the personal data it holds on them. In addition, if data subjects wish to … this is not permitted. As a result, the Dutch Data Protection Authority (Dutch DPA) issued the BKR with a …