28 April 2020
… of processing) Article 15 (Right of access by the data subject) Keywords Consumer protection Right of access … reprimand your company for an infringement of the Gen- eral Data Protection Regulation (GDPR) when processing personal … the mistake of an indi- vidual employee. There has been a breach of Art. 12 (3) (1) GDPR (one- month period). You have …
10 May 2019
… FR Main legal reference Article 15 (Right of access by the data subject) Article 32 (Security of processing) Article 5 (Principles relating to processing of personal data) Article 6 (Lawfulness of processing) Keywords … processing Right of access Third party access to personal data Outcome No violation Summary 61.1KB Download Decision …
12 February 2021
… reprimand to Telenor for inadequate protection of personal data 12 February 2021 Norway The Norwegian Data Protection Authority have issued a reprimand to Telenor … in its voicemail function, and for failing to submit a data breach notification to the Norwegian Data Protection …
18 July 2023
… Romanian SA fines UiPath SRL for breaching Articles 25 and 32 GDPR 18 July 2023 Romania … Controller: UiPath SRL Legal references: Article 25 (Data protection by design and by default), Article 32 … Decision: Administrative fine, Compliance order Key words: Data protection by design and by default, Personal data …
6 July 2022
… Loss of a document with personal data and failure to notify the incident as a reason for a … z o.o. Sp. k. Legal Reference: notification of a personal data breach to the supervisory authority (Art. 33 (1)) Decision: … z o.o. Sp. k. Legal Reference: notification of a personal data breach to the supervisory authority (Art. 33 (1)) …
18 November 2025
… Finnish SA: S-Bank fined for data security vulnerability 18 November 2025 Finland … Article 5 (Principles relating to processing of personal data), Article 25 (Data protection by design and by … design and by default, Administrative fine, Personal data breach Summary of the Decision Origin of the case The …
5 August 2019
… Article 13 (Information to be provided where personal data are collected from the data subject) Keywords Data subject rights Outcome No violation Summary 59.8KB … file number CDP/IMI/LSA/6/2019) received from the Spanish Data Protection Agency (Agencia Espanola de Proteccion de …
5 January 2022
… fine imposed on psychotherapy centre Vastaamo for data protection violations 5 January 2022 Finland Background … Vastaamo Legal Reference: Notification of a personal data breach to the supervisory authority (Art. 33(1)), … Vastaamo Legal Reference: Notification of a personal data breach to the supervisory authority (Art. 33(1)), …
4 September 2020
… Main legal reference Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Personal data … The Berlin DPA closes the case. 1. Facts concerning the data breach - Controller: Apassionata World GmbH - Incident: …
17 April 2023
… EDPB adopts final version of Guidelines on data subject rights - right of access 17 April 2023 EDPB … the EDPB has adopted a final version of the Guidelines on data subject rights - Right of access . The Guidelines … lead supervisory authority and the Guidelines on data breach notification . Both guidelines concern an update of …
5 November 2025
… the EDPB will already work on creating a template for data protection impact assessment (DPIA) and for data breach notifications. We invite you to provide your … the EDPB will already work on creating a template for data protection impact assessment (DPIA) and for data breach …
10 May 2019
… Article 5 (Principles relating to processing of personal data) Article 6 (Lawfulness of processing) Keywords Data subject rights E-Commerce Third party access to personal data Outcome No violation Summary 89KB Download Decision … police. The third party access to the complainant personal data seems to indicate that his personal data have not been …
15 July 2025
… fine against the Equality Ombudsman when personal data was collected via a web form 15 July 2025 Sweden … administrative fine Key words: administrative fine, data security, restriction of processing, personal data breach, public administration, sensitive data Summary of …
7 October 2019
… 1/6 Ref No. UOOU-03390/19-7 ORDER The Office for Personal Data Protection, as the competent administrative authority … natural persons with regard to the processing of personal data and on the free movement of such data, and repealing … the proceedings, and the party to the proceedings has thus breached the controller’s obligations stemming from …
2 February 2021
… EDPB response to TikTok letter on confidentiality breach 2 February 2021 Letters EDPB … the matter of a letter of 13 August 2020 from the Irish Data Protection Commissioner (the “IE SA”) to TikTok, which … issue to our attention. We are indeed concerned about any breach of confidentiality. Should you have further …
8 June 2021
… fines P4 company PLN 100,000 8 June 2021 Poland The Polish Data Protection Authority has imposed an administrative fine … authority within 24 hours after having detected a personal data breach. The reason for the administrative fine is that the … The Polish Data Protection Authority has imposed an administrative fine …
2 September 2024
… Administrative fine against bank for transferring customer data to Meta 2 September 2024 Sweden Background information … Article 5 (Principles relating to processing of personal data), Article 32 (Security of processing), Article 83 … Administrative fine Key words: Finance, Personal data breach, Administrative fine Summary of the Decision …
28 October 2019
… PL Main legal reference Article 15 (Right of access by the data subject) Keywords Data subject rights Right of access Outcome Administrative … Information and Data Protection Commissioner Vs COMPLAINT Reference is made … who is alleging that ("the controller" or " ") breached her data protection rights, as enshrined under the …
8 February 2023
… between controller and processor does not guarantee data security – an administrative fine imposed by the Polish … and (2) GDPR (Principles relating to processing of personal data), Article 24 (1) GDPR (Responsibility of the … words: Data security, Administrative fine, Personal data breach Summary of the Decision Origin of the case The …
20 December 2022
… acting in accordance with established procedures counteract data loss 20 December 2022 Poland Background information … case Controller: Mayor of the Commune Legal Reference: Data protection by design and by default Article 25(1) … to the Polish Supervisory Authority, SA a personal data breach which occurred as a result of a break-in in the …