Search results | European Data Protection Board

Fine for processing students’ fingerprints imposed on a school
5 March 2020
News
… a school 5 March 2020 Poland The President of the Personal Data Protection Office imposed a fine of PLN 20 000 in connection with the breach consisting in the processing of biometric data of children when using the school canteen. The school …
EDPBI:SI:OSS:D:2023:680
8 March 2023
… of processing) Article 34 (Communication of a personal data breach to the data subject) Keywords Personal data breach Data security …
EDPBI:AT:OSS:D:2023:860
7 August 2023
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Encryption Notification of personal data breach Outcome Dismissal/Rejection of the case Decision …
EDPBI:FR:OSS:D:2021:297
22 November 2021
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data security Notification of personal data breach Outcome …
EDPBI:NL:OSS:D:2020:173
10 December 2020
Decision by the SA
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Notification of personal data breach Administrative fine Outcome Administrative fine …
EDPBI:SE:OSS:D:2022:465
18 August 2022
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Definition of controller Personal data breach Outcome No violation Decision 75.3KB Download … …
EDPBI:AT:OSS:D:2021:264
4 August 2021
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Personal data breach Outcome No sanction Decision 152.1KB Download … …
EDPBI:FR:OSS:D:2022:437
28 July 2022
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data security Encryption Notification of personal data …
Swedish DPA: Investigation of 1177-incident finalized
11 June 2021
News
… says. Medhelp is the medical care provider and personal data controller. In this capacity, they are the ones … to ensure an adequate level of security to protect personal data – in this case voice recordings – so that unauthorized … in health and medical care laid down by law. This is a breach of the GDPR’s principle of lawfulness. Further to the …
EDPBI:FR:OSS:D:2024:1433
4 September 2024
… NO Main legal reference Article 15 (Right of access by the data subject) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Personal data …
EDPBI:FR:OSS:D:2024:1411
19 August 2024
… of the controller) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Accountability Personal data breach Outcome Dismissal/Rejection of the case …
Norwegian DPA: Reprimanded after accessing e-mail account
23 September 2021
News
… Information (Article 14 GDPR), Right of access by the data subject (Article 15 GDPR) Decision: Infringement of the … Key Findings Having investigated the complaint, the Data Protection Authority concluded that the enterprise had … Data Protection Authority has reprimanded an enterprise for breach of the General Data Protection Regulation’s (GDPR) …
EDPBI:DK:OSS:D:2023:734
2 May 2023
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Data subject …
EDPBI:NO:OSS:D:2021:219
12 May 2021
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data security Personal data breach Outcome No violation …
EDPBI:NO:OSS:D:2023:850
21 June 2023
… Article 5 (Principles relating to processing of personal data) Article 32 (Security of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data …
EDPBI:DEHE:OSS:D:2020:162
11 November 2020
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Data security …
Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
24 February 2020
Guidelines
… 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies … 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies … if one of the parties becomes aware of a personal data breach, it will inform the other party (ies) as soon as …
Polish SA: administrative fine of 17 880 € for Commander-in-Chief of the Polish Police for disclosing data of a citizen at a press conference
2 May 2025
News
… for Commander-in-Chief of the Polish Police for disclosing data of a citizen at a press conference 2 May 2025 Poland … Article 9 (Processing of special categories of personal data), Article 24 (Responsibility of the controller) … Making the data available by the Commander-in-Chief in breach of the GDPR (without a legal basis) during the …
The Norwegian SA issues one administrative fine and five reprimands for unlawful sharing of personal information through tracking pixels
30 June 2025
News
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 9 … administrative fine, communication order personal data breach Key words: administrative fine, reprimand to …
Whistle-blowing without privacy: the Italian SA fines hospital and IT service provider
10 June 2022
News
… confidentiality); Art. 13 and 14 (Information); Art. 25 (Data protection by design and by default); Art. 28 … originated from a set of inspections on the processing of data acquired via whistle-blowing management systems, with … processing activities for which it was the controller (in breach of Article 28, paragraphs 1 and 3, GDPR) – ranging …