20 November 2019
… Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Start Date: 20 … reference: 4/2019 Guidelines 4/2019 on Article 25 Data Protection by Design and by Default 711.4KB Download …
26 March 2019
… First fine imposed by the President of the Personal Data Protection Office 26 March 2019 Poland The President of the Personal Data Protection Office (UODO) imposed its first fine for the … of the Personal Data Protection Office considered the breach to be serious, since it concerns the fundamental …
18 August 2020
… fine for Rælingen municipality The Norwegian Data Protection Authority has imposed an administrative fine … 47,500 to Rælingen Municipality. The fine is imposed after data concerning health of children with special needs was … started when we received a notification of a personal data breach from the municipality. Upon further investigation of …
18 December 2019
… The Norwegian Data Protection Authority imposes a fine on the City of Oslo … of Oslo, the Nursing Home Agency, for having stored patient data from the city’s nursing homes and health centres … The case commenced when the City of Oslo sent a data breach notification to the Data Protection Authority in …
2 February 2024
… 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 15 (Right to access by the data subject) … Right of access, Lawfulness of processing, Personal data breach, Right of access Summary of the Decision Origin …
11 February 2021
… of medical records 11 February 2021 Netherlands The Dutch Data Protection Authority (DPA) has imposed a fine of … security measures couldn’t guarantee that. That’s a serious breach and that’s why the DPA has imposed this fine.’ … medical information, patient records also contain personal data like citizen service numbers, addresses and phone …
5 November 2025
… 5 November 2025 EDPB Brussels, 5 November - The European Data Protection Board (EDPB) is taking an important step … that organisations can readily implement to meet their data protection obligations. To ensure these templates … such as Data Protection Impact Assessments (DPIAs) and data breach notifications. Contributions can be submitted here …
5 May 2021
… million fine to Disqus Inc. 5 May 2021 Norway The Norwegian Data Protection Authority has notified Disqus Inc. (Disqus) … it also engages in programmatic advertising. The Norwegian Data Protection Authority was made aware of the matter … In our advance notification, we also consider that Disqus breached the GDPR transparency and information requirements …
22 June 2022
… Legal Reference: Notification of a personal data breach to the supervisory authority (Art. 33), Security of … people on their membership profiles, which is a personal data breach. Trumf has an obligation to report all such … Legal Reference: Notification of a personal data breach to the supervisory authority (Art. 33), Security …
7 December 2023
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 15 (Right to access by the data subject) … Right of access, Lawfulness of processing, Personal data breach, Right of access Summary of the Decision Origin …
22 June 2021
… DPA: BRAbank ASA fined 22 June 2021 Norway The Norwegian Data Protection Authority has fined BRAbank EUR 40,000 (NOK 400,000) for violation of the General Data Protection Regulation (GDPR). This case concerns … This matter began with a notice of a personal data breach on 6 September 2019 from what was then Easybank ASA. …
20 July 2020
… be carried out 20 July 2020 The President of the Personal Data Protection Office (UODO), after having conducted an … (Główny Geodeta Kraju, GGK). The President of the Personal Data Protection established that the Surveyor General of … the General Data Protection Regulation (GDPR), where the breach consisted in failure to provide the supervisory …
8 September 2021
… national case Controller: AG2R LA MONDIALE Legal Reference: Data retention period (Article 5.1.e GDPR), Information … Key words: Insurances, data retention, information Summary of the Decision Origin … comply with articles 5-1-e, 13 and 14 of the GDPR. Decision Breach of Article 5-1-e of the GDPR The company had not …
12 January 2023
… Instagram decisions: “Important impact on use of personal data for behavioural advertising” 12 January 2023 EDPB … dispute resolution decisions of 5 December 2022, the Irish Data Protection Authority (IE DPA) has adopted its decisions … corrective measures. The EDPB noted that the grave breaches of transparency obligations impacted the reasonable …
13 February 2026
… in addition to the already announced templates for data breach notifications and data protection impact assessment . This is also in line … in addition to the already announced templates for data breach notifications and data protection impact assessment . …
4 September 2025
… without free and informed consent (Article 82 of the French Data Protection Act) Decision: Infringement of the French … Electronic Communications Code, Infringement of the French Data Protection Act, Administrative fine and injunction Key … this context was therefore not valid, which constituted a breach of the French Data Protection Act (Article 82). …
4 May 2021
… green pass and it is affected additionally by several data protection shortcomings including the lack of any … Contrary to the requirements laid down in the EU General Data Protection Regulation, the decree does not specify the … of the controller of the processing at issue, which is in breach of the transparency principle and hampers or …
2 May 2025
… for Commander-in-Chief of the Polish Police for disclosing data of a citizen at a press conference 2 May 2025 Poland … Article 9 (Processing of special categories of personal data), Article 24 (Responsibility of the controller) … Making the data available by the Commander-in-Chief in breach of the GDPR (without a legal basis) during the …
15 January 2024
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 13 (Information to be provided where personal data are collected from the data subject) Decision: … facility is rented out for events or other gatherings, in breach of Article 6. Furthermore, the Icelandic SA …
21 October 2020
… DPA imposes fine for improperly processed personal data of the parents of an adopted child 21 October 2020 Lithuania The State Data Protection Inspectorate – personal data protection … the principle of accuracy of processed personal data and breached Articles 5(1)(d) and 5(1)(f) of the GDPR. When …