16 May 2022
… order as meant in article 58(2) point d. Key words: rights data subjects, information to be provided, technical and … per year for the past three years. The personal data in all these applications is not sufficiently … large-scale, serious infringements of the General Data Protection Regulation (GDPR) in its visa-issuing process. In …
19 December 2022
… of fine of 4.3 million EUR Key words: special categories of data; international data transfers; public body; DPIA; transparency obligations; … of processing; adequate safeguards; equivalent level of protection; fines Summary of the Decision Origin of the …
4 October 2022
… in private sector Legal Reference: National Law (Personal Data Protection Act), Article 5.1(c) and 6.1(f) of the GDPR … tracking Summary of the Decision Origin of the case The data controller introduced GPS tracking of seven company …
31 May 2023
… fine, Cooperation, Employment, Notification of personal data breach Summary of the Decision Origin of the case … This documentation contained, inter alia, personal data of the controller's employees and persons who were … measures that would ensure an adequate level of data protection. In the present case, the cooperation with the …
18 May 2020
… Annual Report 2019 1 EDPB Annual Report 2019 1 European Data Protection Board 2019 Annual Report WORKING TOGETHER FOR … (IMI). It has also set up a network of communications officers within the SAs, to develop and implement shared …
6 July 2023
… and modalities for the exercise of the rights of the data subject), Article 15 (Right to access by the data subject) Decision: Administrative fine, Reprimand Key … individuals who had asked for them in accordance with data protection legislation. The Finnish SA finds that the …
20 September 2022
… ordered the controller to grant the access request by the data subject Key words: processing of data in the employment sector, right of access to one’s … of the GDPR and are intended to afford safeguards and protection in ways that are not fully superimposable. The …
11 November 2020
… transfer tools to ensure compliance with the EU level of protection of personal data Start Date: 11 November 2020 End Date: 21 December 2020 … transmitted or as such communications are stored; or (E) an officer, employee, or agent of an entity described in …
16 May 2022
… fines Key words: illegally processing personal data in ‘fraud identification facility’, access control, … Authority (SA) uncovered numerous violations of the General Data Protection Regulation (GDPR). For example, the Tax …
7 January 2019
… following EDPB opinion 04/2019 for the transfer of personal data between each of the European Economic Area (“EEA”) … administrative arrangement for the transfer of personal data between Each of the European Economic Area (“EEA”) … data between them, recognizing the importance of the protection of personal data and of having robust data …
1 December 2022
… 14 of the GDPR) obligation to ensure security of personal data (Article 32 of the GDPR) Decision: administrative fine … and 14 of the GDPR) Failure to ensure security of personal data (Article 32 of the GDPR) Decision Based on findings … with its obligations provided for by the General Data Protection Regulation (GDPR) and the French Postal and …
20 July 2022
… and (2): Principles relating to processing of personal data. Article 6 (1)(a)(b)(c)(d)(e)(f): Lawfulness of … and 9(2)(e): Processing of special categories of personal data. Article 12: Transparent information, communication and … be examined on the whole from the point of view of the protection of personal data. Key Findings: The Authority …
16 May 2022
… Lawfulness of processing (Art 6), Right of access by the data subject (Art. 15) Decision: Infringement of the GDPR … Further, credit ratings in cases like this collect personal data from a third party. According to Article 15 of the General Data Protection Regulation, a data subject has the right to …
27 January 2025
… procedure (OSS). LSA: Netherlands and CSAs: Austria (two data subjects from Austria lodged a complaint with the … Article 5 (Principles relating to processing of personal data), Article 12 (Transparent information, communication … Those complaints were submitted to the Austrian data protection authority and forwarded to the Dutch SA, because …
6 September 2023
… Article 5 (Principles relating to processing of personal data), Article 12 (Transparent information, communication, … and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where … SA concluded that the University had not complied with data protection principles in Article 5 GDPR and not informed the …
15 June 2023
… and modalities for the exercise of the rights of the data subject), Article 13 (Information to be provided where personal data are collected from the data subject), Article 15 … Pursuant to the one-stop shop set up by the General Data Protection Regulation (GDPR), this decision was submitted to …
21 March 2023
… imposed on Suomen Asiakastieto for non-compliance with the Data Protection Ombudsman's order The news published here does … imposed on Suomen Asiakastieto for non-compliance with the Data Protection Ombudsman's order … Finnish SA: …
12 January 2024
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing), Article 9 (Processing of special categories of personal data) Decision: Administrative fine Key words: … 10 GDPR and Article 10 of the LOPDGDD (national data protection law) for unlawfully requesting a criminal …
27 June 2023
… Article 5 (Principles relating to processing of personal data), Article 6 (Lawfulness of processing) Decision: … Association of Iceland regarding the processing of personal data by the credit information agency Creditinfo Lánstraust … hf. According to Article 15 of the Icelandic Data Protection Act the operation of credit reference agencies …
31 May 2023
… website. Using an online form, the bank requested various data about the applicant's income, occupation and personal … details. Based on the information requested and additional data from external sources, the bank's algorithm rejected … the automated rejection and complained to the Berlin data protection commissioner. Key Findings Even when asked by …