Search results | European Data Protection Board

Polish SA imposed a fine on TIMSHEL for lack of cooperation with the supervisory authority
30 August 2022
News
… fine, Cooperation with the supervisory authority, Personal data breach Summary of the Decision Origin of the case TIMSHEL notified a personal data breach to the supervisory authority by e-mail. However, … fine, Cooperation with the supervisory authority, Personal data breach Summary of the Decision Origin of the case …
The CNIL, French Supervisory Authority fines FREE EUR 300,000
16 December 2022
News
… 12 and 21 of the GDPR), obligation to secure personal data (Article 32 of the GDPR), obligation to document a personal data breach (Article 33 of the GDPR) Decision: infringement of … 12 and 21 of the GDPR), obligation to secure personal data (Article 32 of the GDPR), obligation to document a …
Norwegian Data Protection Authority: Decision to Fine Bergen Municipality
14 October 2020
News
… Norwegian Data Protection Authority: Decision to Fine Bergen Municipality 14 October 2020 Norway The Norwegian Data Protection Authority has given Bergen municipality a … Data Protection Authority was notified of a personal data breach by Bergen Municipality regarding the municipality's …
Commercial prospecting and personal rights: French SA fined GROUPE CANAL+ EUR 600,000
12 October 2023
News
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 14 … processing), Article 33 (Notification of a personal data breach to the supervisory authority) Decision: …
Polish SA: administrative fine of 81 000 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data), Article 28 (Processor), Article 34 (Communication of a personal data breach to the data subject), Article 33 (Notification of a …
Fine against hospital due to data protection deficits in patient management
3 December 2019
News
… Fine against hospital due to data protection deficits in patient management 3 December 2019 Germany The Commissioner for Data Protection and the Freedom of Information … in Rhineland-Palatinate. The fine is based on several breaches of the General Data Protection Regulation in the …
Commercial prospecting and personal rights: French SA fined NS CARDS FRANCE €105,000
15 January 2024
News
… Article 5 (Principles relating to processing of personal data), Article 12 (Transparent information, communication … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … carried out two investigations on the company. It found breaches concerning the time user account data was kept, the …
Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards
20 September 2019
News
… 20 September 2019 Poland The President of the Personal Data Protection Office imposed a fine of an amount higher … and technical measures for the protection of personal data were not appropriate to the risk posed by the … the fine, the supervisory authority concluded that the breach which took place in this case was of considerable …
Polish SA imposed fine for failing to implement appropriate technical and organisational measures
31 May 2023
News
… fine, Cooperation, Employment, Notification of personal data breach Summary of the Decision Origin of the case The … This documentation contained, inter alia, personal data of the controller's employees and persons who were … fine, Cooperation, Employment, Notification of personal data breach Summary of the Decision Origin of the case …
Data brokers: French SA fined Tagadamedia €75,000
2 February 2024
News
… Data brokers: French SA fined Tagadamedia €75,000 2 February … professionals in the sector, in particular those who resell data, including many intermediaries in this ecosystem, known … operation of any legal basis. The French SA found two breaches of the GDPR: Failure to comply with the obligation …
The Norwegian Data Protection Authority: Ferde AS fined
13 October 2021
News
… The Norwegian Data Protection Authority: Ferde AS fined 13 October 2021 … on the Norwegian national broadcaster, NRK, the Norwegian Data Protection Authority learned that Ferde AS transfers … Data Protection Authority’s conclusion is that Ferde AS has breached several of the organization’s basic …
Spanish Data Protection Authority (AEPD) imposes fine on company for not complying with advertisement exclusion
18 August 2020
News
… Spanish Data Protection Authority (AEPD) imposes fine on company for … advertisement exclusion 18 August 2020 Spain The Spanish Data Protection Authority (AEPD) imposed a fine of 1.200 EUR … the promotion. The AEPD considered that this constitutes a breach of Article 48(1)(b) of the Spanish Law 9/2014 General …
Polish SA: administrative fine of EUR 4 022 773 for McDonald’s Polska sp. z o.o. and EUR 43 680 for 24/7 Communication Sp. z o.o. for negligence in risk analysis and safeguards
25 September 2025
News
… Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 … processing), Article 34 (Communication of a personal data breach to the data subject), Article 38 (Position of the …
Polish SA: administrative fine of 5 625 € for failure to implement appropriate technical and organisational measures to ensure security
6 February 2025
News
… Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 32 … Article 5 (Principles relating to processing of personal data) Decision: Administrative fine, Compliance order Key … Administrative fine,Data subject rights, Personal data breach, Principles relating to processing of personal data, …
EDPBI:UK:OSS:D:2020:147
16 October 2020
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) Keywords Data security … 2020 LSA: UK CSAs: All SAs Legal Reference: Personal data breach (Articles 33 and 34), Security of processing …
December Plenary - adopted documents
12 January 2022
News
… use of the Pegasus spyware Guidelines on examples regarding data breach notifications (following public consultation) Opinion … authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by … use of the Pegasus spyware Guidelines on examples regarding data breach notifications (following public consultation) …
Greek SA: fine imposed on employer for failure to satisfy the right to object and unlawful processing of employee’s personal data
28 March 2022
News
… to object and unlawful processing of employee’s personal data 28 March 2022 Greece Background information Date of … Article 13: Information to be provided where personal data are collected from the data subject. Article 21: Right … and that the processing in question was carried out in breach of the provisions of Articles 5(1)(f)(a), 5(2) and 13 …
Hamburg Data Protection Commissioner's €51,000 fine against Facebook Germany GmbH
1 December 2019
News
… Hamburg Data Protection Commissioner's €51,000 fine against Facebook … GmbH 1 December 2019 Germany The Hamburg Commissioner for Data Protection and Freedom of Information imposed a fine of … of personal data of users. Given the negligence of the breach and the fact that Facebook only failed to notify an …
Norwegian Supervisory Authority issues fine to the Norwegian parliament
4 March 2022
News
… (Art. 32) and Principles relating to processing of personal data (Art. 5) Decision: Infringement of the GDPR and fine … of the case The Norwegian parliament – the Storting – had a data breach in late 2020. In January 2022, the Norwegian … (Art. 32) and Principles relating to processing of personal data (Art. 5) Decision: Infringement of the GDPR and fine …
Hungarian SA’s decision: failure by an airline company to comply with an erasure request concerning an email address used for direct marketing
2 February 2024
News
… and modalities for the exercise of the rights of the data subject), Article 17 (Right to erasure (‘right to be forgotten’)), Article 25 (Data protection by design and by default) … respect to the Complainant’s request, hence the Company breached Article 12(3) of GDPR when they failed to meet the …

First page
Previous page
…
4
5
6
7
8
9
10
11
12
…
Next page
Last page