27 May 2025
… of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Notification of personal data breach Data security Outcome No sanction Other …
23 January 2025
… spite of user consent withdrawal (Article 82 of the French Data Protection Act) Decision: Infringement of the French … Electronic Communications Code, Infringement of the French Data Protection Act, Administrative fine Key words: … spite of user consent withdrawal Decision For these two breaches, the restricted committee decided to impose a …
21 June 2023
… Article 5 (Principles relating to processing of personal data) Article 32 (Security of processing) Article 33 (Notification of a personal data breach to the supervisory authority) Keywords Data …
25 November 2020
… a fine of 1,500 EUR for unlawful processing of personal data made via a video surveillance system. The positioning … this video system also constituted an infringement of the data protection by design principle, the DPA concluded. … resulted in the decision that a priori analysed potential breaches of the GDPR. Decision of the Litigation Chamber The …
16 September 2025
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data), Article 13 (Information to be provided where … scrive a Confcommercio: attenzione agli abusi - Data breach, il Garante sanziona Poste Vita per 80mila euro - …
20 January 2023
… Reference: Principles relating to processing of personal data (Article 5(1)(a)(e); Lawfulness of processing (Article … and modalities for the exercise of the rights of the data subject (Article 12); Information to be provided where … failure to designate a representative in the EU in breach of Article 27(4); failure to carry out a DPIA with …
3 February 2023
… National case Controller: DISCORD INC. Legal Reference: Data retention periods (article 5.1.e of the GDPR), Information to individuals (article 13 of the GDPR), Data protection by default (article 25.2 of the GDPR), … public. The amount of the fine was decided regarding the breaches identified, the number of people concerned, but …
18 December 2024
… Article 5 (Principles relating to processing of personal data) Article 24 (Responsibility of the controller) Article … of processing) Article 34 (Communication of a personal data breach to the data subject) Keywords Principles …
14 January 2022
… Legal Reference: Principles (Art. 5(1)(f), Art. 5(2)), Data protection by design and by default (Art. 25(1)), … fine issued Key words: principles, processing, security, data protection Summary of the Decision Origin of the … after the Polish Data Protection Authority received a data breach notification. As it was indicated, an unauthorized …
7 November 2019
… with Article 32 paragraphs (1) and (2) of the General Data Protection Regulation. The investigation was carried out as a result of a data breach notification of the supervisory authority by SC … with Article 32 paragraphs (1) and (2) of the General Data Protection Regulation. The investigation was carried …
12 February 2019
… Administrative Arrangement for the transfer of personal data between European Economic Area (“EEA”) Financial … 8 adopted 3 The European Data Protection Board Having regard to Article 63, Article … such as “personal data”, “processing”, “personal data breach”, “right of access”, “right of erasure” which are in …
11 February 2021
… fine to Coop Finnmark 11 February 2021 Norway The Norwegian Data Protection Authority has issued a fine in the amount of … in this case. Lacked legal basis All processing of personal data requires a legal basis in order to be lawful. After … explains. This case was reported as a personal data breach notification from Coop Finnmark AS on April 10th …
6 November 2018
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision Type SA France 6 November 2018 Data Protection Impact Assessment (DPIA) France DPIA List …
18 December 2018
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision Type SA United Kingdom 18 December 2018 Data Protection Impact Assessment (DPIA) United Kingdom DPIA …
11 October 2018
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision Type SA Italy 11 October 2018 Data Protection Impact Assessment (DPIA) Italy DPIA list …
4 November 2024
… Decision: Compliance order, Definitive limitation data processing, Administrative fine Key words: CCTV, … business model. Key findings The Slovenian SA found two breaches in the inspection proceeding. First, unlawful CCTV … people or property (violation of Article 78 of the national Data Protection Act). And second, these CCTV footages were …
3 January 2024
… 2023 Cross-border case Hungarian National Authority for Data Protection and Freedom of Information (Hungarian … Supervisory Authority, SA) and CSAs: Office for Personal Data Protection of the Slovak Republic (Slovak Supervisory … respective responsibilities. , The Foundation was found in breach of Article 26(1) of the GDPR, as the cooperation …
17 July 2025
… Article 9 (Processing of special categories of personal data), Article 83 (General conditions for imposing … fines) Decision: Administrative fine Key words: Personal data breach, Sensitive data, Administrative fine, Data retention, … Article 9 (Processing of special categories of personal data), Article 83 (General conditions for imposing …
26 July 2019
… operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR) Decision Type SA Poland 26 July 2019 Data Protection Impact Assessment (DPIA) Poland DPIA List …
… taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external … One-Stop-Shop case digest on Security of Processing and Data Breach Notification 18 January 2024 Publication Type: … taken by, and involving, different SAs relating to specific data subject rights. The projects are conducted by external …