27 January 2023
… that the company did not have the consent required by the GDPR for processing data on body mass indices and maximal … The consent requested did not meet the requirements of the GDPR as it was not specific and informed. The SA finds that … that the company did not have the consent required by the GDPR for processing data on body mass indices and maximal …
30 April 2025
… breach to the data subject) Decision: infringement of the GDPR, administrative fines imposed Key words: access … default, in conjunction with Articles 32, 33, and 34 of the GDPR, as well as an administrative fine of EUR 20,000 for … breach to the data subject) Decision: infringement of the GDPR, administrative fines imposed Key words: access …
… Processing of Personal Data pursuant to Art. 42 GDPR (‘GDPR – information privacy standard’), Version 0.9.7 Opinion … IT-supported processing of Personal Data pursuant to art 42 GDPR (‘GDPR – information privacy standard’)” presented 2 …
20 July 2020
… the provisions of the General Data Protection Regulation (GDPR), where the breach consisted in failure to provide the … tasked with monitoring and enforcing the application of the GDPR. Within the scope of its competences, it conducts inter … proceedings on the application of the provisions of the GDPR. For the performance of its tasks, the supervisory …
30 September 2020
… purpose of applying the General Data Protection Regulation (GDPR). This meant that the DPC’s role in relation to your … in relation to your complaint pursuant to Article 60 of GDPR. The BfDI dismissed your complaint based on its … Your right to an effective judicial remedy Article 78 GDPR entitles you to an effective judicial remedy against a …
12 February 2019
… taken into consideration. Since the EDPB is required by the GDPR (art. 70(4)) to make the results of this consultation … such data, and repealing Directive 95/46/EC (hereinafter “GDPR”), Having regard to the EEA Agreement and in particular … OPINION: 1 INTRODUCTION 1. Regulation 2016/6791 (“the GDPR”) came into effect on 25 May 2018. One of the main …
7 September 2022
… Minimisation (Article 5.1.c) Decision: Infringement of the GDPR; Reprimand; Order to bring the processing operations into compliance with the GDPR Key words: Lawfulness; Purpose limitation; Data … to bring the processing operation into compliance with the GDPR by no longer requiring the conduct of a social and …
16 May 2023
… from May 25, 2018 until today. Contrary to Article 28 the GDPR, the data controller did not conclude a contract on … personal data , which is contrary to Article 32.2 of the GDPR. Due to not undertaking appropriate measures, the … EUR due to violations of Articles 13, 28 and 32 of the GDPR. For further information: Agenciji za naplatu …
16 May 2022
… processing - article 32(1). Decision: infringement of the GDPR, administrative fine, order subject to a financial … infringements of the General Data Protection Regulation (GDPR) in its visa-issuing process. In addition to imposing a … processing - article 32(1). Decision: infringement of the GDPR, administrative fine, order subject to a financial …
20 September 2022
… delivering the information notice as per Articles 13 and 14 GDPR; the right of access to one’s personal data and the … rights which are set forth in separate provisions of the GDPR and are intended to afford safeguards and protection in … delivering the information notice as per Articles 13 and 14 GDPR; the right of access to one’s personal data and the …
2 May 2024
… HELLENIC POST SERVICES S.A. Decision: Infringement of the GDPR, administrative fine Key words: non-compliance with … Hellenic Supervisory Authority (SA), in accordance with the GDPR. The first incident involves a breach of data … HELLENIC POST SERVICES S.A. Decision: Infringement of the GDPR, administrative fine Key words: non-compliance with …
10 March 2025
… from accessing the data in the loan applications (art. 32 GDPR, art. 25 GDPR and art. 5(1)(f)). Due to poor data security, the … from accessing the data in the loan applications (art. 32 GDPR, art. 25 GDPR and art. 5(1)(f)). Due to poor data …
6 February 2025
… a broad extent, should have a legal basis. In turn, the GDPR clearly provides (in Article 6(1)) that the processing … are under special protection, according to Article 9 of the GDPR. It should be emphasised that the National Public … how it should - in accordance with the provisions of the GDPR - notify the person whose data has been affected by the …
8 May 2020
… attention. The Board underlines that, according to the GDPR, personal data, such as names and addresses, and … data.” However, the EDPB stresses that enforcement of the GDPR lies with the national supervisory authorities. The … In the first instance, the assessment of alleged GDPR infringements falls within the competence of the …
12 July 2019
… taken into consideration. Since the EDPB is required by the GDPR (art. 70(4)) to make the results of this consultation … such data, and repealing Directive 95/46/EC, (hereinafter “GDPR”), Having regard to the EEA Agreement and in particular … or even the risks of misuse. The general principles in GDPR (Article 5), should always be carefully considered when …
14 February 2019
… taken into consideration. Since the EDPB is required by the GDPR (art. 70(4)) to make the results of this consultation … in accordance with the legal requirements provided by the GDPR and, where applicable, by national legislation. 2 SCOPE … of processing operations of controllers under the GDPR without specifying further the area of application …
5 August 2020
… breach or to mitigate its adverse effects (Art. 33 (3) (d) GDPR) The passwords of the affected accounts have been … or public communi- cation (Art. 34(1) or Art. 34(3) (c) GDPR) The controller has notified all data subjects and … the incident occurred, e.g. encryption (Article 34 (3) (a) GDPR) No particular measures beyond the standard IT security …
31 October 2019
… with Article 32 paragraph (1) and paragraph (2) of the GDPR , which led to imposing an administrative fine in the … with Article 32 paragraph (1) and paragraph (2) of the GDPR , as well as of Article 33 paragraph (1) of the GDPR, which led to imposing an administrative fine in the …
16 April 2021
… on the EDPB website. Opinion 14/2021 is based on the GDPR and assesses both general data protection aspects and … on the EDPB website. Opinion 14/2021 is based on the GDPR and assesses both general data protection aspects and …
6 February 2025
… data. This was because, contrary to the indications of the GDPR the controller had not carried out an adequate risk … so that the processing meets the requirements of the GDPR and protects the rights of data subjects (point I(b) of … to comply with the principle of accountability under the GDPR (Article 5(2)) both before and after the incident. At …