Search results | European Data Protection Board

Decision concerning a complaint directed against Meta Platforms Ireland Limited in respect of the Facebook service made pursuant to Section 113 of the Data Protection Act 2018 (Inquiry 18-5-5)
12 January 2023
Decision by the SA
… Platforms Ireland Limited and its Facebook service (Art. 65 GDPR) … Decision concerning a complaint directed against …
Code of Conduct regulating the processing of personal data in clinical trials and other clinical research and pharmacovigilance activities (English and Spanish versions)
10 February 2022
Decision by the SA
… Spain Type Code for Controllers/Processors subject to GDPR Scope National Monitoring Body Internal Code of Conduct …
The Icelandic SA: HEI medical travel agency fined for an unlawful use of an e-mail address and not handling an access request
24 May 2022
News
… right of access (Article 15) Decision: infringement of the GDPR, fine 1.5 million ISK (approx. 10.700 Euros). Key … right of access (Article 15) Decision: infringement of the GDPR, fine 1.5 million ISK (approx. 10.700 Euros). Key …
Supervisory authorities of the Baltic States launch of coordinated inspection of the compliance of personal data processing in the field of short-term vehicle rental
27 July 2022
News
… the application of the General Data Protection Regulation (GDPR) and so proactively address potential threats to … the application of the General Data Protection Regulation (GDPR) and so proactively address potential threats to …
Finnish SA: Administrative fine imposed on psychotherapy provider for shortcomings in fulfilling the client's right of access to data
4 September 2023
News
… the client's right of access to data as required by the GDPR. In the decision, particular attention was paid to the … the client's right of access to data as required by the GDPR. In the decision, particular attention was paid to the …
General Court: WhatsApp annulment action inadmissible
7 December 2022
News
… a draft decision of the Irish DPA concerning WhatsApp IE’s GDPR transparency obligations to both users and non-users of … a draft decision of the Irish DPA concerning WhatsApp IE’s GDPR transparency obligations to both users and non-users of …
Italian DPA imposes limitation on processing on TikTok after the death of a Girl from Palermo
26 January 2021
News
… with certainty. The SA decided to take urgent measures (GDPR, art. 58, comma 2, lett. f) and art. 66, comma 1) … with certainty. The SA decided to take urgent measures (GDPR, art. 58, comma 2, lett. f) and art. 66, comma 1) …
Personal data breach at the Breiðholt Upper Secondary School – Administrative fine
10 March 2020
News
… violations of, inter alia, Art. 5(1)f and Art. 32 of the GDPR. When determining the fine, the SA referred to the … violations of, inter alia, Art. 5(1)f and Art. 32 of the GDPR. When determining the fine, the SA referred to the …
Polish SA: administrative fine of 210 € for failure to notify personal data breach to supervisory authority
28 November 2024
News
… Office then explained the procedure resulting from the GDPR. In the case of such an incident, the risk to which the … a fine of 210 € for infringement of Article 33 of the GDPR. For further information: Decision in national … Office then explained the procedure resulting from the GDPR. In the case of such an incident, the risk to which the …
The Norwegian SA issues fine to the Municipality of Østre Toten for flawed information security
7 July 2022
News
… the controller (Article 24) Decision: Infringement of the GDPR, Order to comply Key words: Cyber attack, Ransomware, … the controller (Article 24) Decision: Infringement of the GDPR, Order to comply Key words: Cyber attack, Ransomware, …
The Norwegian SA issues fine to the Norwegian Public Service Pension Fund
24 November 2021
News
… 5), Legal basis (Article 6) Decision: Infringement of the GDPR Key words: Income Data, Lack of Procedures, Special … 5), Legal basis (Article 6) Decision: Infringement of the GDPR Key words: Income Data, Lack of Procedures, Special …
Polish SA imposed fine for failing to implement appropriate technical and organisational measures
31 May 2023
News
… characteristics of a data breach within the meaning of the GDPR. The Polish SA, taking into account the scope of … characteristics of a data breach within the meaning of the GDPR. The Polish SA, taking into account the scope of …
Swedish SA: Administrative fine against bank for transferring customer data to Meta
2 September 2024
News
… bank has violated the general data protection regulation, GDPR, by not having taken appropriate technical and … bank has violated the general data protection regulation, GDPR, by not having taken appropriate technical and …
Finnish SA: Administrative fine on business directory operator for infringements of the right to obtain call recordings
6 July 2023
News
… method of delivering call recordings in accordance with the GDPR. Neither did the company inform the Finnish SA of … method of delivering call recordings in accordance with the GDPR. Neither did the company inform the Finnish SA of …
Slovenian SA: schools must adhere to the principle of data protection by design and by default
20 May 2025
Press releases
… by design and by default, as mandated by Article 25 of the GDPR. The inspection procedure revealed a lack of proper … by design and by default, as mandated by Article 25 of the GDPR. The inspection procedure revealed a lack of proper …
EDPB-EDPS Joint Opinion 1/2021 on standard contractual clauses between controllers and processors
14 January 2021
EDPB/EDPS Joint Opinion
… Directive 95/46/EC (General Data Protection Regulation or “GDPR”) establishes, in its Article 28, a set of provisions … be incorporated in it. 2. According to Article 28 (3) GDPR, the processing by a processor shall be governed by a … on behalf of the controller. 3. Under Article 28 (6) GDPR, without prejudice to an individual contract between …
Polish DPA: The incident must be notified to the supervisory authority and the data subjects
30 June 2021
News
… therein in accordance with the requirements under the GDPR. The Polish DPA asked the Foundation to indicate … proceedings against the Foundation. Pursuant to the GDPR, in case of a personal data breach, the controller … therein in accordance with the requirements under the GDPR. The Polish DPA asked the Foundation to indicate …
Finnish DPA imposed three administrative fines for data protection violations
27 May 2020
News
… had not made the impact assessment required by the GDPR before starting to process the location data. The … controller’s documentation related to compliance with the GDPR. The company had asked for information on matters such … had not made the impact assessment required by the GDPR before starting to process the location data. The …
Polish DPA fines Warsaw University of Life Sciences (SGGW)
11 September 2020
News
… of confidentiality and accountability specified in the GDPR. It is worth noting that the personal data of … of the principle of storage limitation provided for in the GDPR. Moreover, in the course of the conducted proceedings … of confidentiality and accountability specified in the GDPR. It is worth noting that the personal data of …
March Plenary - adopted documents
21 March 2022
News
… Guidelines 02/2022 on the application of Article 60 GDPR 14 March 2022 Publication Type: Guidelines Topics: …