Resources

Cyber Security Handbook for Small Business and Not-for-Profit Directors by Australian Information Security Association

Technical and Organisational Measures (TOMs)

Training and Awareness Toolkit Tracker

Technical and Organisational Measures (TOMs)

Information & Cyber Security Checklist Tracker

Technical and Organisational Measures (TOMs)

Accountability Toolkit Tracker

Accountability

Information & Cyber Security Checklist Tracker – more information about the Toolkit by UK ICO

Technical and Organisational Measures (TOMs)

Training and Awareness Toolkit Tracker – more information about the Toolkit by UK ICO

Technical and Organisational Measures (TOMs)

Accountability Toolkit Tracker – more information about the Toolkit by UK ICO

Accountability

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Apoteket AB. (8/29/2024)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Apohem AB (8/29/2024)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-Uber Technologies Inc., Uber B.V. (7/22/2024)

Data Transfers

Polish National Personal Data Protection Office (UODO)-National Prosecutor’s Office (9/2/2024)

Consent, Controllers and Processors, Data Breaches, Lawfulness of Processing, Principles, Sensitive Data

Dutch Supervisory Authority for Data Protection (AP)-Clearview AI Inc. (5/16/2024)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Principles, Representative, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Company (5/20/2024)

Controllers and Processors, Integrity and confidentiality, Principles, Representative, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-Municipality of Korou (7/22/2024)

Controllers and Processors, Cooperation with Supervisory Authorithy, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Azienda Sanitaria Locale TO4 (5/23/2024)

Integrity and confidentiality, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-AXA REAL ESTATE INVESTMENT MANAGERS IBERICA S.A. y SEUR GEOPOST, S.L. (6/26/2024)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-METRO SA (6/27/2024)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Eni Plenitude S.p.A. (6/6/2024)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Professional association (5/23/2024)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Comune di Ustica (6/6/2024)

Lawfulness of Processing, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Committee (4/24/2024)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-I.N.P.A.S. (4/24/2024)

Controllers and Processors, Lawfulness of Processing, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda ospedale università di Padova (5/9/2024)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Cappello Giovanni & Figli s.r.l. (6/6/2024)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Olimpia S.r.l. (4/11/2024)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Corint Logistic SRL. (5/30/2024)

Access Requests (DSAR), Data Subjects Rights, Lawfulness of Processing, Principles, Right to Object, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Res-Gastro M. Gaweł Sp. k. (4/29/2024)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-DENTALCUADROS BCN S.L.P. (5/8/2024)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Centro Riparazioni Piacentino S.p.A. (3/7/2024)

Data Subjects Rights, Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Innova Camara (4/11/2024)

Principles, Sensitive Data, Storage limitation

Italian Data Protection Authority (Garante)-Facile.Energy S.r.l. (4/11/2024)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Enel Energia SpA (2/8/2024)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Data Protection Authority of Hamburg-Daycare center (7/15/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-AIO E-COMMERCE, S.L. (10/26/2022)

Data minimisation, Principles, Sensitive Data

Data Protection Authority of Brandenburg-Supermarket (7/15/1905)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Hellenic Data Protection Authority (HDPA)-Greek Ministry of Immigration and Asylum (4/2/2024)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Principles, Privacy by Design

Spanish Data Protection Authority (aepd)-CTC EXTERNALIZACIÓN, S.L (2/12/2024)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights

Italian Data Protection Authority (Garante)-Azienda socio-sanitaria locale n. 1 di Sassari (2/8/2024)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Municipality of Modica (7/18/2023)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-SANITAS, S.A. DE SEGUROS (2/6/2024)

Lawfulness of Processing, Principles, Sensitive Data

Bulgarian Commission for Personal Data Protection (KZLD)-Unknown (2/9/2023)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Hamburg-Company (7/15/1905)

Data Subjects Rights, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-EURO MINI STORAGE ROMANIA SRL (3/5/2024)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Medtronic Italia (2/8/2024)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Icelandic data protection authority (‘Persónuvernd’)-Stjörnuna ehf (3/24/2024)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Trasporto Passeggeri Emilia-Romagna S.p.A. (2/22/2024)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Bremen-Operator of a dating platform (7/15/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Baden-Wuerttemberg-Private individual (7/15/1905)

Lawfulness of Processing, Principles, Sensitive Data

Hellenic Data Protection Authority (HDPA)-Ministry of Rural Development and Food (1/29/2024)

Controllers and Processors, Cooperation with Supervisory Authorithy, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-CAIXABANK, S.A. (10/26/2023)

Controllers and Processors, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Owners’ association (2/5/2024)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Account Exchange SRL (2/7/2024)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Municipality (1/24/2024)

Lawfulness of Processing, Principles, Representative, Sensitive Data

Dutch Supervisory Authority for Data Protection (AP)-International Card Services B.V. (1/15/2024)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Polish National Personal Data Protection Office (UODO)-Disciplinary officer (4/20/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-TECHNINK LEB SRL (1/15/2024)

Controllers and Processors, Sensitive Data, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Company (12/30/2022)

Administratives Measures, Liability and Remedies, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Alior Bank SA (1/12/2024)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda socio sanitaria territoriale nord Milano, C.F. (12/7/2023)

Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Sectorul 1 al Municipiului București (1/30/2024)

Administratives Measures, Liability and Remedies, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Limit Call S.r.l.s. (11/30/2023)

Accountability, Consent, Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Principles, Representative

Italian Data Protection Authority (Garante)-Comune di Lonato del Garda (11/16/2023)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Comune di Castel Goffredo (11/16/2023)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-RCS Mediagroup S.p.a. (6/8/2023)

Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Hora Credit IFN SA (12/7/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-Kourou municipality (12/12/2023)

Controllers and Processors, Cooperation with Supervisory Authorithy, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Azienda socio sanitaria territoriale di Lodi CF (10/12/2023)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Region of Lombardy (10/26/2023)

Principles, Representative, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Unknown (11/16/2023)

Administratives Measures, Liability and Remedies, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Unknown (8/30/2023)

Administratives Measures, Liability and Remedies, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Private individual (12/15/2023)

Administratives Measures, Liability and Remedies, Principles, Sensitive Data

Data Protection Authority of Sweden-Östersund Municipality’s Department for Children and Education (11/28/2023)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Norwegian Supervisory Authority (Datatilsynet)-Norwegian Labor and Welfare Administration (11/27/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

National Commission for Data Protection (CNPD)-Unknown (9/21/2023)

Data Subjects Rights, Principles, Purpose limitation, Sensitive Data

Austrian Data Protection Authority (dsb)-Phyisician (9/26/2023)

Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Eurocollege Oxford English Institute S.L. (11/17/2023)

Controllers and Processors, Data minimisation, Principles, Representative, Sensitive Data

Hellenic Data Protection Authority (HDPA)-Athens Urban Transport Organization (9/25/2023)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Principles, Storage limitation

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-OTP BANK ROMANIA SA (11/3/2023)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Sweden-Indcap AB (11/7/2023)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-APOLLONIA TOPCO, S.L. (11/2/2023)

Controllers and Processors, Data minimisation, Principles, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Azienda Usl Toscana centro (9/28/2023)

Controllers and Processors, Lawfulness of Processing, Sensitive Data, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Rompetrol Downstream SRL (11/13/2023)

Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Salvator Mundi International Hospital s.r.l (9/28/2023)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Ministero dell’Ambiente e della Sicurezza Energetica (9/28/2023)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Nimbus s.r.l. (9/14/2023)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Tiscali Italia SpA (7/18/2023)

Lawfulness of Processing, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Company (7/18/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Mensajero SRL (10/24/2023)

Controllers and Processors, Sensitive Data, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Mednow Medical Center di Giugni Marco (8/31/2023)

Accuracy, Data Subjects Rights, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Università Telematica E-Campus (7/18/2023)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-SC Spark Car Sharing SRL (10/25/2023)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Physician (9/28/2023)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Axpo Italia Spa (9/28/2023)

Accountability, Controllers and Processors, Lawfulness of Processing, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Asl Napoli 3 Sud (9/28/2023)

Controllers and Processors, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-Cypriot Ministry of the Interior (7/15/1905)

Lawfulness of Processing, Sensitive Data

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Schockholm School borard (10/3/2023)

Consent, Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Croatian Data Protection Authority (azop)-Debt collection company (10/5/2023)

Accountability, Controllers and Processors, Data Subjects Rights, Principles, Representative

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-RESTART ENERGY ONE S.A. (9/26/2023)

Controllers and Processors, Sensitive Data, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Azienda Socio Sanitaria Territoriale Ovest Milanese (7/18/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Croatian Data Protection Authority (azop)-Hotel (9/26/2023)

Consent, Controllers and Processors, Lawfulness of Processing, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-SAF LOGISTICS (9/18/2023)

Controllers and Processors, Cooperation with Supervisory Authorithy, Data minimisation, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-UAT Comuna Albeni (9/25/2023)

Administratives Measures, Liability and Remedies, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-RCS Mediagroup Spa (8/31/2023)

Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-FEDERACIÓN DE BALONMANO DE CASTILLA LA MANCHA (9/25/2023)

Data Subjects Rights, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Rinascente S.p.A. (6/8/2023)

Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-FONTANORTE, S.L. (7/27/2023)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Camedi s.r.l. (6/1/2023)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Azienda Tutela della Salute della Sardegna (6/7/2023)

Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Thin Srl (6/1/2023)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Ew Business Machines S.p.A. (6/1/2023)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Usl Toscana Sud Est. (6/1/2023)

Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Company (5/31/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Lithuanian Data Protection Authority (VDAI)-Company (4/20/2023)

Principles, Sensitive Data, Storage limitation, Technical and Organisational Measures (TOMs)

Data Protection Authority of Ireland-Irish Departement of Health (6/16/2023)

Data minimisation, Principles, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Citynews S.p.A. (4/14/2023)

Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Company (6/21/2023)

Administratives Measures, Liability and Remedies, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-CaixaBank, S.A. (7/4/2023)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Municipality (5/16/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Benetton Group S.r.l. (4/27/2023)

Data minimisation, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Icelandic data protection authority (‘Persónuvernd’)-Sjúkratyringur Íslands (6/28/2023)

Controllers and Processors, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Icelandic data protection authority (‘Persónuvernd’)-Heilsuveru (7/3/2023)

Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Data Protection Authority of Sweden-Tele2 Sverige Aktiebolag (6/30/2023)

Data Transfers

Data Protection Authority of Sweden-CDON AB (6/30/2023)

Data Transfers

Italian Data Protection Authority (Garante)-La Risorsa Umana.it s.r.l. (3/23/2023)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Ufficio Scolastico Regionale per la Puglia, Ufficio VI – Ambito Territoriale di Lecce (4/27/2023)

Controllers and Processors, Principles, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Comune di Cogollo del Cengio (4/13/2023)

Controllers and Processors, Principles, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda socio sanitaria locale n. 3 di Nuoro (4/13/2023)

Controllers and Processors, Principles, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Website operator (5/17/2023)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Municipality (5/5/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Ama S.p.a. (4/27/2023)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Farmacia Ardealul SRL (6/27/2023)

Controllers and Processors, Sensitive Data, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Azienda ULSS 6 Euganea (5/17/2023)

Controllers and Processors, Principles, Representative, Technical and Organisational Measures (TOMs)

Belgian Data Protection Authority (APD)-Belgian Order of Pharmacists (6/16/2023)

Lawfulness of Processing, Sensitive Data

Data Protection Authority of Nordrhein-Westfalen-Physician (7/14/1905)

Controllers and Processors, Principles, Representative, Sensitive Data

Data Protection Commissioner of Malta-Unknown (7/15/1905)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Roma Capitale (4/27/2023)

Lawfulness of Processing, Sensitive Data

Data Protection Authority of Niedersachsen-Company (7/14/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-KG COM (6/8/2023)

Data minimisation, Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-BRD-Groupe Société Générale S.A. (6/15/2023)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Green Network S.p.A. (4/14/2023)

Accountability, Data Subjects Rights, Principles

Italian Data Protection Authority (Garante)-Sorgenia S.p.a. (4/14/2023)

Accountability, Principles, Privacy by Design

Italian Data Protection Authority (Garante)-TIM S.p.A. (4/13/2023)

Accountability, Data Subjects Rights, Principles, Representative

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-NN Pensii Societate de Administrare a unui Fond de Pensii Administrat Privat S.A. (5/12/2023)

Controllers and Processors, Sensitive Data, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-NN Asigurări de Viață S.A. (5/12/2023)

Controllers and Processors, Sensitive Data, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-AUTOMOBILE BAVARIA SRL (5/18/2023)

Controllers and Processors, Principles, Privacy by Design, Sensitive Data, Technical and Organisational Measures (TOMs)

Data Protection Authority of Ireland-Meta Platforms Ireland Limited (5/12/2023)

Data Transfers

Italian Data Protection Authority (Garante)-Bolzano municipality (3/23/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Bulgarian Commission for Personal Data Protection (KZLD)-Bulgarian Post EAD (5/4/2022)

Controllers and Processors, Sensitive Data, Technical and Organisational Measures (TOMs)

Data Protection Commissioner of Malta-Unknown (7/14/1905)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Data Protection Commissioner of Malta-Unknown (7/14/1905)

Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Consorzio Concessioni Reti Gas S.c.a.r.l. (3/9/2023)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-I&S Limited Kft (2/6/2023)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Political party (4/22/2022)

Accountability, Data Subjects Rights, Principles

Spanish Data Protection Authority (aepd)-GSMA LTD. (5/3/2023)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Polish National Personal Data Protection Office (UODO)-Company (2/8/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Croatian Data Protection Authority (azop)-Debt collection agency (5/4/2023)

Consent, Controllers and Processors, Data Processing Agreement (DPA), Lawfulness of Processing, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-Epic Ltd. (2/3/2023)

Consent, Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Burwebs S.L. (11/3/2022)

Data Subjects Rights, Lawfulness of Processing, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Coin dealer (9/12/2022)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-ALBERO FORTE COMPOSITE, S.L. (4/28/2023)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Spanish Data Protection Authority (aepd)-KFC RESTAURANTS SPAIN, S.L. (4/20/2023)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Data Protection Authority of Sweden-Skåne region (4/26/2023)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Azienda sanitaria locale di Bari (3/2/2023)

Lawfulness of Processing, Principles, Sensitive Data

Austrian Data Protection Authority (dsb)-Operator of a public toilet (8/23/2022)

Lawfulness of Processing, Legitimate Interest, Sensitive Data

Italian Data Protection Authority (Garante)-Ediscom S.p.a. (2/23/2023)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Eurosanità S.P.A. (12/15/2022)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-Dutch Social Insurance Institution (SVB) (1/19/2023)

Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Real Federación Española de Tenis de Mesa (4/4/2023)

Principles, Sensitive Data

Hellenic Data Protection Authority (HDPA)-Vodafone (2/2/2023)

Lawfulness of Processing, Principles, Sensitive Data

Hellenic Data Protection Authority (HDPA)-Piraeus Bank (2/2/2023)

Data Breaches, Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Partidul Uniunea Salvați România (4/19/2023)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Hessen-Covid-19 test center (7/14/1905)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Hamburg-Logistics company (7/14/1905)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Data Protection Authority of Hamburg-Physician (7/14/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Hamburg-Covid-19 test center (7/14/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

National Commission for Data Protection (CNPD)-Company (10/27/2021)

Controllers and Processors, Data Protection Officer (DPO), Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Azienda Ospedaliera Bianchi Melacrino Morelli (1/26/2023)

Principles, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-WUNSCHURLAUB S.L. (2/28/2023)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-REGENCY COMPANY SRL (4/7/2023)

Lawfulness of Processing, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-TV2 Média Csoport Zrt. (9/26/2022)

Consent, Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Ospedale-Università Padova (1/11/2023)

Integrity and confidentiality, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda socio-sanitaria locale n. 1 di Sassari (3/23/2023)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Integral Collection SRL (3/6/2023)

Controllers and Processors, Sensitive Data, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Partidul Uniunea Salvați România (3/15/2023)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Med Life S.A. (3/16/2023)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Performance of Contract, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Szczecin-Centrum District Court (1/19/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Azienda ULSS n.5 Polesana (1/26/2023)

Integrity and confidentiality, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Ufficio Scolastico Regionale per la Lombardia, Ufficio IV – Ambito Territoriale di Brescia (1/11/2023)

Controllers and Processors, Principles, Representative, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Tehnoplus Industry SRL (3/23/2023)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Ireland-Centric Health Ltd. (1/23/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Representative, Technical and Organisational Measures (TOMs)

Data Protection Authority of Ireland-A&G Couriers Limited T/A Fastway Couriers (Ireland) (12/30/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Finopro IFN SA (3/6/2023)

Controllers and Processors, Sensitive Data, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Medijobs Platform SRL (2/8/2023)

Technical and Organisational Measures (TOMs)

Belgian Data Protection Authority (APD)-Company (8/23/2022)

Accuracy, Controllers and Processors, Principles, Representative, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Direzione Didattica Statale 1° Circolo-Eboli (4/28/2022)

Controllers and Processors, Principles, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Tecnomed Trento s.r.l. (4/7/2022)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Douglas Italia S.p.a. (10/20/2022)

Accountability, Lawfulness of Processing, Principles, Purpose limitation, Sensitive Data

Italian Data Protection Authority (Garante)-Società Lombarda Sport s.r.l. (11/24/2022)

Principles, Sensitive Data

Norwegian Supervisory Authority (Datatilsynet)-Sats ASA (2/6/2023)

Consent, Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Mister Brick S.a.s. (8/5/2022)

Access Requests (DSAR), Accountability, Controllers and Processors, Data Subjects Rights, Principles, Representative

Cypriot Data Protection Commissioner-Bank of Cyprus Public Company Ltd. (7/14/1905)

Controllers and Processors, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-Cyprus Electricity Authority (7/14/1905)

Controllers and Processors, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-Cypriot Ministry of Defense (7/14/1905)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-DW Dynamic Works LIMITED (7/14/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Private individual (11/24/2022)

Controllers and Processors, Principles, Representative, Sensitive Data, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Scuola Statale Secondaria di I^ grado ‘Bianco-Pascol’ (12/15/2022)

Controllers and Processors, Data Subjects Rights, Principles, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Istituto di Istruzione Superiore G. Renda di Polistena, Reggio Calabria (10/20/2022)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Italian Archery Federation (FITARCO) (10/20/2022)

Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-PIONIER (law firm) (11/30/2022)

Controllers and Processors, Lawfulness of Processing, Principles, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Comune di Bracciano (12/15/2022)

Controllers and Processors, Principles, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Comune di Salento (10/20/2022)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Universitaria Friuli Occidentale (12/15/2022)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Universitaria Friuli Centrale (12/15/2022)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Universitaria Giuliano Isontina (12/15/2022)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Cypriot Data Protection Commissioner-Hermes Airport Ltd. (7/14/1905)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-DW Dynamic Works LIMITED (7/14/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-Universal Life Insurance Public Co Ltd. (7/14/1905)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Dentist (1/31/2023)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Fondazione Teatro Regio di Torino (10/20/2022)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Ospedaliero-Universitaria Careggi di Firenze (10/20/2022)

Integrity and confidentiality, Principles, Sensitive Data

Deputy Data Protection Ombudsman-Company (12/27/2022)

Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Istituto Comprensivo – IC Cosenza III “V. Negroni” (9/21/2021)

Controllers and Processors, Principles, Representative, Sensitive Data

Polish National Personal Data Protection Office (UODO)-TIMSHEL Sp. z o.o. (8/30/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Dalarna Region (1/17/2023)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Lithuanian Data Protection Authority (VDAI)-Praktiškas UAB (1/9/2023)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-A.R.N.A.S. Civico (12/1/2022)

Controllers and Processors, Principles, Representative, Sensitive Data

Spanish Data Protection Authority (aepd)-Thomas International Systems, S.A. (1/16/2023)

Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Apă Canal Ilfov SA (1/4/2023)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Performance of Contract, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Areti spa (11/24/2022)

Accountability, Accuracy, Data Subjects Rights, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Sportitalia (11/10/2022)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

French Data Protection Authority (CNIL)-FREE SAS (12/8/2022)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-SUDREZIDENȚIAL Broker S.R.L. (12/22/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Portuguese Data Protection Authority (CNPD)-Portuguese National Statistical Institute (11/2/2022)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Deputy Data Protection Ombudsman-Viking Line Oy Abp (12/9/2022)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-I.S.P.R.O. (10/20/2022)

Integrity and confidentiality, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Villafranca di Verona municipality (11/10/2022)

Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Medicover S.R.L. (11/24/2022)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Performance of Contract, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Alpha Exploration (10/6/2022)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Usl Valle d’Aosta (11/10/2022)

Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Spanish Data Protection Authority (aepd)-Federation of Sports for People with Intellectual Disabilities of Castilla la Mancha-FECAM (12/2/2022)

Data Subjects Rights, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Mayor (11/2/2022)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-DISCORD INC. (11/10/2022)

Controllers and Processors, Data Subjects Rights, Principles, Storage limitation, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-ING Bank NV Amsterdam Sucursala București (11/21/2022)

Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-TECHPUMP SOLUTIONS S.L. (10/31/2022)

Consent, Lawfulness of Processing, Sensitive Data

Portuguese Data Protection Authority (CNPD)-Setúbal municipality (11/2/2022)

Principles, Sensitive Data, Storage limitation

Italian Data Protection Authority (Garante)-Colosseo S.r.l. (8/5/2022)

Access Requests (DSAR), Accountability, Controllers and Processors, Data Subjects Rights, Principles, Representative

Spanish Data Protection Authority (aepd)-BANCO BILBAO VIZCAYA ARGENTARIA, S.A. (10/31/2022)

Controllers and Processors, Principles, Purpose limitation, Representative, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Romanian Post (11/7/2022)

Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-ADSL HOUSE, S.L. (10/24/2022)

Data Subjects Rights, Data Transfers

Italian Data Protection Authority (Garante)-Thiene municipality (9/15/2022)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Intesa Sanpaolo Vita S.p.a. (7/7/2022)

Lawfulness of Processing, Principles, Sensitive Data

Hellenic Data Protection Authority (HDPA)-School (9/9/2022)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Curtea Veche Publishing SRL (9/21/2022)

Controllers and Processors, Sensitive Data, Technical and Organisational Measures (TOMs)

Information Commissioner (ICO)-Easylife Ltd. (10/4/2022)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Principles, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Lazio Region (9/15/2022)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Senseonics Inc. (7/7/2022)

Lawfulness of Processing, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Website operator (10/3/2022)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Liceo Statale ‘Edoardo Amaldi” (9/1/2022)

Controllers and Processors, Principles, Representative, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Bank (10/5/2022)

Accountability, Controllers and Processors, Data Subjects Rights, Principles, Representative

Danish Data Protection Authority (Datatilsynet)-Hørsholm municipality (9/12/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Company (8/8/2022)

Accountability, Consent, Lawfulness of Processing, Principles, Purpose limitation, Sensitive Data

Italian Data Protection Authority (Garante)-Auto Hi-Fi System S.n.c (7/28/2022)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Austrian Data Protection Authority (dsb)-Private individual (7/13/1905)

Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-SOLIVESA MASTER FRANCHISE S.L. (8/28/2022)

Controllers and Processors, Data Processing Agreement (DPA), Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Federazione Italiana Sommelier, Albergatori e Ristoratori (6/30/2022)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Enel Energie Muntenia S.A. (8/22/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-E Software Concept SRL (7/7/2022)

Administratives Measures, Liability and Remedies, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Cribis Credit Management s.r.l. (6/9/2022)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Ireland-Meta Platforms, Inc. (9/5/2022)

Consent, Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Schleswig-Holstein-Physician (7/13/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Schleswig-Holstein-Physician (7/13/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Saarland-Restaurant (7/13/1905)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Information Commissioner of Isle of Man-Manx Care Ltd (7/13/2022)

Accountability, Controllers and Processors, Data minimisation, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Santa Ninfa municipality (4/29/2021)

Lawfulness of Processing, Sensitive Data

Danish Data Protection Authority (Datatilsynet)-Lolland municipiality (8/11/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Niedersachsen-Unknown (7/13/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Niedersachsen-Unknown (7/13/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-LAST LAP, S.L. (8/1/2022)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Policoro municipality (8/1/2022)

Accountability, Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Synlab Med srl (5/13/2021)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Niedersachsen-Volkswagen (7/26/2022)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights

Spanish Data Protection Authority (aepd)-ESVETEL, S.L. (7/22/2022)

Controllers and Processors, Data Processing Agreement (DPA), Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Territorial Administration of the Government of Genoa (9/29/2021)

Lawfulness of Processing, Sensitive Data

French Data Protection Authority (CNIL)-UBEEQO INTERNATIONAL (7/7/2022)

Data minimisation, Data Subjects Rights, Principles, Sensitive Data

Data Protection Authority of Hamburg-Company (7/13/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Afragola municipality (5/26/2022)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda sanitaria universitaria Friuli Centrale (5/26/2022)

Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda sanitaria universitaria Friuli Occidentale (5/26/2022)

Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Danish Data Protection Authority (Datatilsynet)-SIRIUS (law firm) (7/14/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Azienda Socio Sanitaria Territoriale Dei Sette Laghi (5/22/2022)

Controllers and Processors, Integrity and confidentiality, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-Clearview Al Inc. (7/13/2022)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Principles, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-City of Rome (Roma capitale) (1/27/2021)

Lawfulness of Processing, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Continental Automotive Romania SRL (6/30/2022)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Zito Auto di Gianfranco Zito (5/22/2022)

Lawfulness of Processing, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Budapest Bank Zrt. (2/8/2022)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Intesa Sanpaolo S.p.A (5/26/2022)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Comune di Partanna (4/28/2022)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Brandenburg-Physician (7/13/1905)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Il Sole 24 Ore S.p.a. (4/28/2022)

Data Subjects Rights, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Ospedale San Raffaele s.r.l. (4/28/2022)

Integrity and confidentiality, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Asociația de Proprietari Aviației Park (6/20/2022)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Isabella Gonzaga’ high school (4/28/2022)

Controllers and Processors, Principles, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Palumbo Superyacht Ancona s.r.l. (4/7/2022)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Findomestic Banca spa (4/7/2022)

Lawfulness of Processing, Principles, Sensitive Data

Information Commissioner (ICO)-Clearview Al Inc. (5/18/2022)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Educationest s.r.l. (4/28/2022)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Italian Ministry of Defense (4/28/2022)

Controllers and Processors, Lawfulness of Processing, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Istituto Nazionale Assicurazione Infortuni sul Lavoro (4/28/2022)

Lawfulness of Processing, Principles, Public Interests, Sensitive Data

Danish Data Protection Authority (Datatilsynet)-Civilstyrelsen (5/12/2022)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-MED LIFE S.A. (5/24/2022)

Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-TIGERS MARKET, S.L. (5/17/2022)

Data Subjects Rights, Data Transfers

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Workshop (3/29/2022)

Legitimate Interest, Principles, Purpose limitation, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Kredyt Inkaso Investments RO S.A (5/18/2022)

Controllers and Processors, Data Breaches, Principles, Representative, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-MAYR MELNHOF PACKAGING ROMANIA S.R.L. (5/17/2022)

Accountability, Lawfulness of Processing, Principles, Purpose limitation, Sensitive Data

Icelandic data protection authority (‘Persónuvernd’)-City of Reykjavík (5/3/2022)

Controllers and Processors, Principles, Representative, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-ASST di Lodi (4/26/2022)

Controllers and Processors, Integrity and confidentiality, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Belgian Data Protection Authority (APD)-Nationale Maatschappij der Belgische Spoorwegen (5/4/2022)

Consent, Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda ospedaliera di Perugia (4/7/2022)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda USL Toscana Centro (3/10/2022)

Controllers and Processors, Lawfulness of Processing, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-DEDALUS BIOLOGIE (4/15/2022)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-Dutch Tax and Customs Administration (4/7/2022)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Agenzia Regionale per la Tutela dell’Ambiente dell’Abruzzo (3/10/2022)

Lawfulness of Processing, Principles, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Company (3/2/2022)

Accountability, Controllers and Processors, Data Subjects Rights, Principles, Representative

Danish Data Protection Authority (Datatilsynet)-Danish National Genome Center (3/25/2022)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Polish National Personal Data Protection Office (UODO)-PIKA Sp. z o.o. (1/19/2022)

Controllers and Processors, Data Processing Agreement (DPA), Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-English School Cyprus (3/22/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-English School staff union (ESSA) (3/21/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Condor SA (3/28/2022)

Technical and Organisational Measures (TOMs)

Data Protection Authority of Ireland-Bank of Ireland (4/5/2022)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Comune di Guidizzolo (2/10/2022)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Bremen-BREBAU GmbH (3/3/2022)

Controllers and Processors, Principles, Representative, Sensitive Data

Belgian Data Protection Authority (APD)-Brussels Airport Charleroi (4/4/2022)

Lawfulness of Processing, Legal Obligation, Principles, Sensitive Data

Belgian Data Protection Authority (APD)-Ambuce Rescue Team (4/4/2022)

Controllers and Processors, Principles, Representative, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Property owners’ association (4/7/2022)

Administratives Measures, Liability and Remedies, Principles, Sensitive Data

Danish Data Protection Authority (Datatilsynet)-Danske Bank (4/5/2022)

Accountability, Principles

Croatian Data Protection Authority (azop)-Retail company (name not available at the moment) (3/8/2022)

Controllers and Processors, Sensitive Data, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Civil law firm ‘Sabou, Burz & Cuc’ (2/22/2022)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Clearview Al Inc. (2/10/2022)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda socio sanitaria territoriale Melegnano e della Martesana (2/10/2022)

Integrity and confidentiality, Principles, Sensitive Data

Data Protection Authority of Ireland-Meta Platforms Ireland Limited (3/15/2022)

Accountability, Data Subjects Rights, Principles

Italian Data Protection Authority (Garante)-Azienda sanitaria unica regionale Marche (1/13/2022)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Integrity and confidentiality, Principles

Italian Data Protection Authority (Garante)-Ubi Banca spa (12/16/2021)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Hamburg-Restaurant (7/12/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Hamburg-Restaurant (7/12/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Hamburg-Restaurant (7/12/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-ASL Latina (12/17/2021)

Controllers and Processors, Integrity and confidentiality, Principles, Representative, Sensitive Data

Hellenic Data Protection Authority (HDPA)-OTE Group (1/27/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Belgian Data Protection Authority (APD)-Researcher (1/27/2022)

Consent, Lawfulness of Processing, Sensitive Data

Belgian Data Protection Authority (APD)-EU DisinfoLab (1/27/2022)

Consent, Lawfulness of Processing, Sensitive Data

Deputy Data Protection Ombudsman-Travel agency (12/16/2021)

Controllers and Processors, Data Subjects Rights, Integrity and confidentiality, Principles, Privacy by Design, Technical and Organisational Measures (TOMs)

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Uppsala regional board (1/26/2022)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Centro di Medicina preventiva s.r.l. (12/16/2021)

Controllers and Processors, Data Protection Officer (DPO), Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Enel Energia S.p.A (12/16/2021)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda USL di Parma (12/2/2021)

Integrity and confidentiality, Principles, Sensitive Data

Deputy Data Protection Ombudsman-Motor insurance center (12/16/2021)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Corradi s.r.l. (12/16/2021)

Data Subjects Rights, Lawfulness of Processing, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Lawyer (12/3/2021)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-SC Grupex 2000 SRL (2/1/2022)

Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Warsaw University of Technology (12/9/2021)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Società H San Raffaele Resnati s.r.l. (11/25/2021)

Integrity and confidentiality, Principles, Sensitive Data

Portuguese Data Protection Authority (CNPD)-Lisbon City Council (12/21/2021)

Lawfulness of Processing, Sensitive Data

Austrian Data Protection Authority (dsb)-Private individual (8/5/2021)

Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Telekom Romania Communications SA (12/6/2021)

Access Requests (DSAR), Accountability, Accuracy, Data Subjects Rights, Principles, Sensitive Data

Danish Data Protection Authority (Datatilsynet)-Municipality of Frederiksberg (12/16/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Norwegian Supervisory Authority (Datatilsynet)-Norwegian State Pension Fund (SPK) (11/24/2021)

Consent, Data minimisation, Lawfulness of Processing, Principles, Sensitive Data

Norwegian Supervisory Authority (Datatilsynet)-Grindr LLC (12/13/2021)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Lithuanian Data Protection Authority (VDAI)-UAB Prime Leasing (11/29/2021)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-TIGERS MARKET, S.L. (11/29/2021)

Data Subjects Rights, Data Transfers

Spanish Data Protection Authority (aepd)-INTRODUCTION BUSINESS CAPITAL MEDIA, S.L. (12/1/2021)

Data Subjects Rights, Data Transfers

Italian Data Protection Authority (Garante)-Physician (9/29/2021)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Health Protection Agency of Sardinia (ATS) (10/14/2021)

Principles, Sensitive Data

Dutch Supervisory Authority for Data Protection (AP)-Transavia (11/12/2021)

Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-Régie autonome des transports parisiens (11/4/2021)

Accountability, Controllers and Processors, Data minimisation, Principles, Representative, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Valoris Center S.R.L. (11/26/2021)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights, Technical and Organisational Measures (TOMs)

Icelandic data protection authority (‘Persónuvernd’)-YAY ehf. (11/23/2021)

Controllers and Processors, Data Processing Agreement (DPA), Principles, Representative, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-SERVICIOS LOGÍSTICOS MARTORELL SIGLO XXI, S.L. (10/26/2021)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-IKEA ROMÂNIA SA (11/1/2021)

Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-S.P.E.E.H. Hidroelectrica S.A. (11/1/2021)

Technical and Organisational Measures (TOMs)

National Commission for Data Protection (CNPD)-Unknown (10/13/2021)

Controllers and Processors, Data Protection Officer (DPO), Technical and Organisational Measures (TOMs)

National Commission for Data Protection (CNPD)-Unknown (10/13/2021)

Controllers and Processors, Data Protection Officer (DPO), Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Comune di Montalbano Jonico (9/16/2021)

Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-CLUB DEPORTIVO SANSUEÑA, S.L. (10/5/2021)

Controllers and Processors, Principles, Representative, Storage limitation, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-La Prima S.r.l. (9/16/2021)

Controllers and Processors, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Ciechi Ardizzone Gioeni di Catania (9/16/2021)

Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Bocconi University (9/16/2021)

Lawfulness of Processing, Sensitive Data

Danish Data Protection Authority (Datatilsynet)-Danish Cancer Society (9/29/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Norwegian Supervisory Authority (Datatilsynet)-Høylandet Municipality (9/20/2021)

Technical and Organisational Measures (TOMs)

Norwegian Supervisory Authority (Datatilsynet)-ST. OLAVS HOSPITAL HF (9/20/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-NOW DOCTOR – Εταιρία Παροχής Ηλεκτρονικών Υπηρεσιών Αναζήτησης και Προβολής Ιατρών Ε.Π.Ε. (8/26/2021)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Agency (8/23/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Danish Data Protection Authority (Datatilsynet)-Midtjylland Region (9/8/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Atac s.p.a. (7/22/2021)

Controllers and Processors, Principles, Representative, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-APOEL FC (9/6/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-AC Omonia (9/6/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-Hellenic Technical Enterprises Ltd. (9/6/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Danish Data Protection Authority (Datatilsynet)-Favrskov municipality (9/16/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Danish Data Protection Authority (Datatilsynet)-Syddanmark Region (9/17/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Regione Lombardia (7/22/2021)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Aeroporto Guglielmo Marconi di Bologna S.p.a. (6/10/2021)

Controllers and Processors, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-President of the Zgierz District Court (8/13/2021)

Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Banco Bilbao Vizcaya Argentaria, S.A. (8/25/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Website operator (4/20/2021)

Accountability, Data Subjects Rights, Principles

Spanish Data Protection Authority (aepd)-Club Náutico el Estacio (8/2/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Niedersachsen-Company (7/12/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Private Individual (7/30/2021)

Consent, Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Deliveroo Italy s.r.l. (7/22/2021)

Data Subjects Rights, Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-Private Individual (7/27/2021)

Data minimisation, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Usl della Romagna (5/27/2021)

Integrity and confidentiality, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Provinciale per i Servizi Sanitari di Trento (5/27/2021)

Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Mercadona S.A. (7/26/2021)

Controllers and Processors, Data minimisation, Data Subjects Rights, Principles, Representative, Sensitive Data

Croatian Data Protection Authority (azop)-IT services company (7/5/2021)

Technical and Organisational Measures (TOMs)

National Commission for Data Protection (CNPD)-Unknown (6/11/2021)

Controllers and Processors, Data minimisation, Data Subjects Rights, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-UWV (Dutch employee insurance service provider) (5/31/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Danish Data Protection Authority (Datatilsynet)-Region of Syddanmark (7/16/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Foodinho s.r.l. (6/10/2021)

Data Subjects Rights, Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Comune di Bolzano (5/13/2021)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Dentist (6/10/2021)

Lawfulness of Processing, Principles, Sensitive Data

Lithuanian Data Protection Authority (VDAI)-Unknown (7/12/1905)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Directorate of the Östra Skaraborg Rescue Service (6/9/2021)

Lawfulness of Processing, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Norwegian Supervisory Authority (Datatilsynet)-BRAbank ASA (5/28/2021)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-Orthodontic Clinic (2/4/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Danish Data Protection Authority (Datatilsynet)-Vejle Municipality (6/16/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-BRICO PRIVÉ (6/14/2021)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Principles, Storage limitation, Technical and Organisational Measures (TOMs)

Norwegian Supervisory Authority (Datatilsynet)-Moss municipality (6/4/2021)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-PURPLE SEA MΟΝΟΠΡΟΣΩΠΗ ΙΚΕ (6/3/2021)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Lithuanian Data Protection Authority (VDAI)-UAB VS FITNESS (6/21/2021)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Storstockholms Lokaltrafik (6/21/2021)

Data Subjects Rights, Lawfulness of Processing, Legitimate Interest, Principles, Sensitive Data

Icelandic data protection authority (‘Persónuvernd’)-Huppuís ehf (6/15/2021)

Consent, Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Voice Integrate Nordic AB (6/7/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Fondazione Policlinico Tor Vergata di Roma (4/21/2021)

Data Subjects Rights, Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

National Commission for Data Protection (CNPD)-Unknown (5/12/2021)

Data minimisation, Principles, Sensitive Data

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-MedHelp AB (6/7/2021)

Lawfulness of Processing, Principles, Sensitive Data

Polish Data Protection Authority (UODO)-Cyfrowy Polsat S.A. (4/22/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Comune di Palermo (4/15/2021)

Controllers and Processors, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Società triveneta di chirurgia (4/15/2021)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Physician (4/15/2021)

Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Owners Association of Iasi Municipality (5/19/2021)

Administratives Measures, Liability and Remedies, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Banca Comercială Română S.A. (5/19/2021)

Lawfulness of Processing, Sensitive Data

Dutch Supervisory Authority for Data Protection (AP)-CP&A (3/24/2020)

Data Subjects Rights, Principles, Sensitive Data

Data Protection Authority of Ireland-Irish Credit Bureau DAC (3/23/2021)

Accountability, Data Subjects Rights, Principles, Privacy by Design

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Budapest Főváros Kormányhivatala XI. kerületi Hivatalát (11th District Public Health Department of the Government Office of the Capital City Budapest) (3/24/2021)

Controllers and Processors, Data Breaches, Sensitive Data, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-World Class România S.A. (5/7/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Icelandic data protection authority (‘Persónuvernd’)-InfoMentor ehf (4/29/2021)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Comune di Castellanza (3/25/2021)

Lawfulness of Processing, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Website operator (5/14/2021)

Consent, Lawfulness of Processing, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Operator of a care facility (3/25/2021)

Lawfulness of Processing, Sensitive Data

Hellenic Data Protection Authority (HDPA)-A. ΕΠΙΛΟΓΗ ΙΔΙΩΤΙΚΗ ΚΕΦΑΛΑΙΟΥΧΙΚΗ ΕΤΑΙΡΕΙΑ (5/12/2021)

Access Requests (DSAR), Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Czech Data Protection Auhtority (UOOU)-Bank (7/12/1905)

Data Subjects Rights, Data Transfers

Italian Data Protection Authority (Garante)-Comune di San Marco in Lamis (3/11/2021)

Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-Equifax Iberica S.L. (4/23/2021)

Lawfulness of Processing, Sensitive Data

Spanish Data Protection Authority (aepd)-Kukimbia S.L. (4/5/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Electrotecnica Bastida S.L. (4/5/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Istituti ospedalieri bergamaschi (2/11/2021)

Controllers and Processors, Lawfulness of Processing, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Norwegian Supervisory Authority (Datatilsynet)-Asker Municipality (3/15/2021)

Controllers and Processors, Lawfulness of Processing, Performance of Contract, Principles, Representative, Technical and Organisational Measures (TOMs)

Czech Data Protection Auhtority (UOOU)-Private healthcare provider (7/12/1905)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Azienda Ospedaliera Universitaria Careggi (2/25/2021)

Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-S.C. Tip Top Food Industry S.R.L (4/15/2021)

Accountability, Lawfulness of Processing, Principles, Purpose limitation, Sensitive Data

Norwegian Supervisory Authority (Datatilsynet)-Ålesund Municipality (3/15/2021)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Lawfulness of Processing, Performance of Contract

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-S.C. Medicover S.R.L. (3/23/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Air Europa Lineas Aereas, SA. (3/15/2021)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Telekom Romania Mobile Communications S.A. (3/30/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Roma Capitale (2/11/2021)

Controllers and Processors, Data Processing Agreement (DPA), Principles, Representative, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Roma Servizi per La Mobilita S.r.l. (2/11/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Comune di Conflenti (2/25/2021)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Comune di Commezzadura (2/25/2021)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Fondazione di religione e di culto “Casa sollievo della sofferenza” Opera di San Pio da Pietrelcina (2/11/2021)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Ministero dell’Istruzione, Ufficio Scolastico Regionale per il Lazio (2/25/2021)

Controllers and Processors, Lawfulness of Processing, Principles, Representative, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Natural person holding the position of General Secretary for a political party in Bucharest (3/4/2021)

Administratives Measures, Liability and Remedies, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Xfera Moviles S.A. (3/10/2021)

Controllers and Processors, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (3/11/2021)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights, Data Transfers

Cypriot Data Protection Commissioner-Electricity Authority of Cyprus (3/3/2021)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Comune di Santo Stefano Belbo (12/17/2020)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Comune di Luino (12/17/2020)

Lawfulness of Processing, Sensitive Data

Italian Data Protection Authority (Garante)-Istituto Nazionale Previdenza Sociale (INPS) (2/25/2021)

Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Italian Data Protection Authority (Garante)-Ministero dello Sviluppo Economico (2/11/2021)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Baden-Wuerttemberg-VfB Stuttgart 1893 AG (3/10/2021)

Accountability, Principles

Italian Data Protection Authority (Garante)-Regione Lazio (1/14/2021)

Accountability, Data Subjects Rights, Principles

Polish National Personal Data Protection Office (UODO)-Krajowa Szkoła Sądownictwa i Prokuratury (2/11/2021)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Croatian Data Protection Authority (azop)-Security company (name not available at the moment) (2/22/2021)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Data Protection Authority of Ireland-Tusla Child and Family Agency (8/12/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Lithuanian Data Protection Authority (VDAI)-Nacionaliniam visuomenės sveikatos centrui (NVSC) (2/26/2021)

Controllers and Processors, Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Lithuanian Data Protection Authority (VDAI)-IT sprendimai sėkmei (2/26/2021)

Controllers and Processors, Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Lithuanian Data Protection Authority (VDAI)-Registrų Centras (3/2/2021)

Controllers and Processors, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-Hellenic Bank (3/3/2021)

Controllers and Processors, Principles, Sensitive Data, Storage limitation, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-Cypriot Real Estate Registration Authority (3/3/2021)

Controllers and Processors, Cooperation with Supervisory Authorithy, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-KEPIDES (3/3/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Avilon Center 2016 S.L. (2/24/2021)

Data Subjects Rights, Data Transfers

Italian Data Protection Authority (Garante)-Azienda Ospedaliero Universitaria di Parma (1/27/2021)

Integrity and confidentiality, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Usl di Bologna (1/14/2021)

Integrity and confidentiality, Principles, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown (12/16/2020)

Controllers and Processors, Data minimisation, Data Subjects Rights, Principles, Representative, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Budapesti Műszaki és Gazdaságtudományi Egyetem (Budapest University of Technology and Economics) (12/10/2020)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-I-DE Redes Eléctricas Inteligentes, S.A.U (3/2/2021)

Performance of Contract, Principles, Purpose limitation, Sensitive Data

Data Protection Authority of Ireland-University College Dublin (12/17/2020)

Controllers and Processors, Data Breaches, Principles, Sensitive Data, Storage limitation, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-OLVG (2/11/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Vamavi Phone S.L. (2/11/2021)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights, Data Transfers

Italian Data Protection Authority (Garante)-Azienda sanitaria provinciale di Enna (1/14/2021)

Controllers and Processors, Lawfulness of Processing, Principles, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda USL della Romagna (1/27/2021)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Ospedaliero Universitaria Senese (1/27/2021)

Integrity and confidentiality, Principles, Sensitive Data

Belgian Data Protection Authority (APD)-Unknown (1/22/2021)

Controllers and Processors, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-Unknown (1/27/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-Unknown (1/27/2021)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Miropass S.r.l. (12/17/2020)

Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Qualitance QBS SA (12/29/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-ID Finance Poland Sp. z o.o. (12/17/2020)

Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Concentrix Cvg Italy s.r.l. (11/26/2020)

Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (1/4/2021)

Accuracy, Principles, Sensitive Data

French Data Protection Authority (CNIL)-Perfomeclic (12/7/2020)

Data minimisation, Data Subjects Rights, Principles, Right to Object, Sensitive Data

Polish National Personal Data Protection Office (UODO)-L. Sp. z o.o. (11/1/2019)

Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Gaypa s.r.l. (10/29/2020)

Data Subjects Rights, Lawfulness of Processing, Sensitive Data

French Data Protection Authority (CNIL)-Doctor (12/17/2020)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-Doctor (12/17/2020)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Next Time Media Agency Ltd. (Next Time Media Ügynökség Kft.) (12/16/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Iberdrola Clientes, SAU (12/22/2020)

Data Subjects Rights, Data Transfers

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown (12/16/2020)

Principles, Purpose limitation, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-S.C. C&V Water Control S.A. (12/22/2020)

Administratives Measures, Liability and Remedies, Principles, Sensitive Data

Austrian Data Protection Authority (dsb)-Private Individual (10/19/2020)

Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Gnosjö Municipality (11/25/2020)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Principles, Representative

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Dada Creation S.R.L. (11/24/2020)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Provincial Health Authority of Cosenza (11/17/2020)

Principles, Sensitive Data

Cypriot Data Protection Commissioner-Bank of Cyprus Public Company Ltd (10/19/2020)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Integrity and confidentiality, Principles, Representative, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-Cyprus Police (10/22/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Università Campus Bio-medico di Roma (Polyclinic) (10/26/2020)

Accountability, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Scanshare s.r.l. (9/30/2020)

Controllers and Processors, Lawfulness of Processing, Principles, Representative, Sensitive Data, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-S.C. Marsorom S.R.L. (10/15/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Warsaw University of Life Sciences (9/8/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Global Business Travel Spain SLU (7/10/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Romanian Post National Company (7/30/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-SC Cntar Tarom SA (7/27/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Norwegian Supervisory Authority (Datatilsynet)-Østfold HF Hospital (6/22/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Proleasing Motors SRL (7/9/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Norwegian Supervisory Authority (Datatilsynet)-Municipality of Rælingen (7/10/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Wind Tre S.p.A. (7/13/2020)

Controllers and Processors, Data Subjects Rights, Principles, Representative, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Telekom Romania Communications SA (4/23/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Accounting firm (1/24/2020)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Data Protection Authority of Baden-Wuerttemberg-Allgemeine Ortskrankenkasse (‘AOK’) (health insurance company) (6/30/2020)

Controllers and Processors, Principles, Representative, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Enel Energie (6/18/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Telekom Romania (6/11/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Digi Távközlési Szolgáltató Kft. (‘Digi’) (electronic communication service provider) (6/12/2020)

Controllers and Processors, Principles, Purpose limitation, Technical and Organisational Measures (TOMs)

Deputy Data Protection Ombudsman-Taksi Helsinki (5/29/2020)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Principles, Representative

Norwegian Supervisory Authority (Datatilsynet)-Telenor Norge AS (5/3/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Attorney (6/9/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Estee Lauder Romania (4/23/2020)

Controllers and Processors, Data Protection Officer (DPO), Lawfulness of Processing, Principles, Sensitive Data

Deputy Data Protection Ombudsman-Kymen Vesi Oy (5/22/2020)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Enel Energie (3/25/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Vodafone Romania (3/25/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Banca Comercială Română SA (5/5/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-Unknown Organisation (4/30/2020)

Principles, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown Company (10/15/2019)

Controllers and Processors, Data Subjects Rights, Principles, Representative, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-School in Gdansk (Danzig) (fine imposed against town of Gdansk) (3/4/2020)

Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Liceo Artistico Statale di Napoli (3/6/2020)

Controllers and Processors, Principles, Representative, Sensitive Data

Italian Data Protection Authority (Garante)-Liceo Scientifico Nobel di Torre del Greco (3/6/2020)

Controllers and Processors, Principles, Representative, Sensitive Data

Spanish Data Protection Authority (aepd)-Vodafone ONO, S.A.U. (2/28/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-Aegean Marine Petroleum Network Inc. (12/19/2019)

Controllers and Processors, Principles, Representative, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-LGS Handling Ltd, Louis Travel Ltd, and Louis Aviation Ltd (10/25/2019)

Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Entirely Shipping & Trading S.R.L. (12/13/2019)

Consent, Controllers and Processors, Lawfulness of Processing, Principles, Representative, Sensitive Data

Spanish Data Protection Authority (aepd)-Shop Macoyn, S.L. (12/10/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Hora Credit IFN SA (12/10/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-Social Insurance Services of the Ministry of Labor, Welfare and Social Insurance (1/13/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Cypriot Data Protection Commissioner-LGS Handling Ltd, Louis Travel Ltd, and Louis Aviation Ltd (10/25/2019)

Lawfulness of Processing, Principles, Sensitive Data

Cypriot Data Protection Commissioner-LGS Handling Ltd, Louis Travel Ltd, and Louis Aviation Ltd (10/25/2019)

Lawfulness of Processing, Principles, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Military Hospital (10/24/2019)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Telekom Romania Mobile Communications SA (12/18/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown Company (12/11/2019)

Controllers and Processors, Data Subjects Rights, Principles, Representative, Technical and Organisational Measures (TOMs)

Information Commissioner (ICO)-Doorstep Dispensaree Ltd. (Pharmacy) (12/17/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Homeowners Association (11/29/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Rheinland-Pfalz-Hospital (12/3/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-S CNTAR TAROM SA (Airline) (12/4/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-ING Bank N.V. (11/28/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Royal President S.R.L. (11/29/2019)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Representative, Technical and Organisational Measures (TOMs)

The Federal Commissioner for Data Protection and Freedom of Information (BfDI)-Telecoms provider (1&1 Telecom GmbH) (11/11/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-VODAFONE ONO, S.A.U. (7/11/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Baden-Wuerttemberg-Unknown (7/11/1905)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Madrileña Red de Gas (Unknown)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-UWV (Dutch employee insurance service provider) (10/31/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Slovak Data Protection Office-Social Insurance Agency (Unknown)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Czech Data Protection Auhtority (UOOU)-Individual entrepreneur – no further details published (Unknown)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Corporación radiotelevisión espanola (11/19/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-FAN Courier Express SRL (11/25/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Xfera Moviles S.A. (11/19/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Raiffeisen Bank SA (10/9/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Vreau Credit SRL (10/9/2019)

Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Slovak Data Protection Office-Slovak Telekom (Unknown)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Authority of Sweden-School in Skellefteå (8/20/2019)

Controllers and Processors, Data minimisation, Data Protection Impact Assessment (DPIA), Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-LEGAL COMPANY & TAX HUB SRL (7/5/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-Haga Hospital (6/18/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-ACTIVE ASSURANCES (car insurer) (7/25/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Austrian Data Protection Authority (dsb)-Company in the medical sector (8/1/2019)

Controllers and Processors, Data Protection Officer (DPO), Data Subjects Rights, Technical and Organisational Measures (TOMs)

Data Protection Commision of Bulgaria (KZLD)-National Revenue Agency (8/28/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Commision of Bulgaria (KZLD)-DSK Bank (8/28/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Norwegian Supervisory Authority (Datatilsynet)-Oslo Municipal Education Department (4/29/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Morele.net (9/10/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-Employer UNIONTRAD COMPANY (6/13/2019)

Controllers and Processors, Data minimisation, Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-WORLD TRADE CENTER BUCHAREST SA (7/2/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Information Commissioner (ICO)-Marriott International, Inc (10/30/2020)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Data Protection Commision of Bulgaria (KZLD)-Medical centers (4/8/2019)

Consent, Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Baden-Wuerttemberg-Knuddels.de (11/21/2018)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Italian political party Movimento 5 Stelle (4/17/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Czech Data Protection Auhtority (UOOU)-Unknown (2/28/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

Czech Data Protection Auhtority (UOOU)-Credit brokerage (2/4/2019)

Controllers and Processors, Technical and Organisational Measures (TOMs)

EU Cyber Resilience Act (CRA)

Technical and Organisational Measures (TOMs)

Study Finds ChatGPT Can Perform Biometric Tasks: A Closer Look at Privacy Risks

AI, Sensitive Data

Case C‑21/23 CJEU (full text in german)

Controllers and Processors, Data Breaches, Health Data, Lawfulness of Processing, Principles, Sensitive Data

Press Release No 159/24 on Judgment of the Court in Case C-21/23 CJEU

Controllers and Processors, Data Breaches, Health Data, Lawfulness of Processing, Principles, Sensitive Data

The EU’s International Cooperation on Cyber Capacity Building| second edition

Technical and Organisational Measures (TOMs)

Secure Future Initiative Report by Microsoft

Technical and Organisational Measures (TOMs)

Cyber Threat Modelling for Risk Assessment by CSB

Risk Management, Technical and Organisational Measures (TOMs)

Guide to Good Governance in Cybersecurity by DCSD

Technical and Organisational Measures (TOMs)

ENISA Threat Landscape 2024 EU Agency for Cybersecurity

Technical and Organisational Measures (TOMs)

EDPS Model Administrative Arrangement

Data Processing by the Government, Data Transfers, Specific processing situations

Meta Fined $101 Million for Exposing Millions of Passwords in Plaintext

Lawfulness of Processing, Technical and Organisational Measures (TOMs)

C-340/21

Controllers and Processors, Liability and Remedies, Supervisory Authorities, Technical and Organisational Measures (TOMs)

MITIGATING SECURITY & PRIVACY RISKS by Data Security Council of India

Technical and Organisational Measures (TOMs)

Genetic Testing Company 23andMe Pays $30M for Data Breach

Data Breaches, Sensitive Data

The IDTA, Addendum and TRA: practical guidance for cross-border transfers by the UK ICO

Access Requests (DSAR), Data Transfers

Privacy Impact Assessment (PIA) Templates by CNIL

Data Protection Impact Assessment (DPIA)

Artificial Intelligence and Machine Learning in Health Care and Medical Sciences Best Practices by Pitfalls Gyorgy J. Simon Constantin Aliferis Springer

AI, Health Data, Principles, Sensitive Data, Specific processing situations

Recommendation 01/2019 on the draft list of the European Data Protection Supervisor regarding the processing operations subject to the requirement of a data protection impact assessment (Article 39.4 of Regulation (EU) 2018/1725) |EPDB

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Opinion 36/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Booking.com Group |EPDB

Data Transfers

Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR) |EPDB

Data Transfers

Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data |Version 2.0 |EPDB

Data Transfers

Recommendations 01/2021 on the adequacy referential under the Law Enforcement Directive |EPDB

Adequacy Decisions, Data Transfers

Opinion 31/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Thalès Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 32/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Thalès Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 33/2023 on the draft decision of the Hesse Supervisory Authority (Germany) regarding the Controller Binding Corporate Rules of the Cerner Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 34/2023 on the draft decision of the Hesse Supervisory Authority (Germany) regarding the Processor Binding Corporate Rules of the Cerner Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 35/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Carlsberg Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 01/2024 on the draft decision of the Dutch Supervisory Authority regarding the Processor Binding Corporate Rules of the Booking.com Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 2/2024 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the TELEFÓNICA Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 3/2024 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Accenture Group |EPDB

Binding Corporate Rules, Data Transfers

National Strategy to Advance Privacy-Preserving Data Sharing and Analytics by the EO by the US President

Anonymisation, Controllers and Processors, Technical and Organisational Measures (TOMs)

Opinion 23/2023 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules for customer data of the UPS Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 24/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Nestlé Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 25/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the SHV Holding N.V. Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 26/2023 on the draft decision of the Romanian Supervisory Authority regarding the Processor Binding Corporate Rules of the OSF Global Services Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 27/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Tessi Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 28/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Servier Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 29/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Sodexo Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 30/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Sodexo Group |EPDB

Binding Corporate Rules, Data Transfers

Comparison of U.S. State Privacy Laws. Data Protection Assessments by CIPL

Controllers and Processors, Data Protection Impact Assessment (DPIA)

EO 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Controllers and Processors, Technical and Organisational Measures (TOMs)

SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES ISSUED BY THE U.S. DEPARTMENT OF COMMERCE

Data Transfers

EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES ISSUED BY THE U.S. DEPARTMENT OF COMMERCE

Data Transfers

THE NEW STANDARD CONTRACTUAL CLAUSES – QUESTIONS AND ANSWERS

Data Transfers, Standard Contractual Clauses (SCC)

Biometric Data Guidance by the UK ICO

Principles, Sensitive Data

International Data Transfer Agreements – Transitional Provisions

Data Transfers

Transfer Risk Assessment Tool by the UK ICO

Data Transfers

Transfer Impact Assessment (TIA) Template by HSE

Data Transfers

[UK EXTENSION] EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES ISSUED BY THE U.S. DEPARTMENT OF COMMERCE

Data Transfers

Draft Impact Assessment Framework by the UK ICO

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Guide to Technical and Organisational Data Protection Measures (TOM) by the Swiss FDPIC

Controllers and Processors, Technical and Organisational Measures (TOMs)

[UK] International Data Transfer Addendum to the EU Commission Standard Contractual Clauses

Data Transfers

[UK] Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018

Data Transfers

One-stop-shop case digest on Security of Processing and Data Breach Notification by the EDPB

Controllers and Processors, Data Breaches, Technical and Organisational Measures (TOMs)

Report on the first review of the functioning of the adequacy decisions adopted pursuant to Article 25(6) of Directive 95/46/EC

Adequacy Decisions, Data Transfers

Guide to Binding Corporate Rules by the UK ICO

Data Transfers

GUIDELINES CLOCKING AND ATTENDANCE CONTROL PROCESSING USING BIOMETRIC SYSTEMS BY THE AEPD

Employment, Principles, Sensitive Data, Specific processing situations

Case C 683-2021

Data Controller, Data Processors, Joint Controllers

[Draft] Transfer Impact Assessment by the CNIL

Data Transfers

Information Commissioner’s Further Response to the Data Protection and Digital Information Bill (DPDI Bill)

Principles, Sensitive Data

Annex: A summary of the Transparency in Health and Social Care guidance impact assessment by the UK ICO

Controllers and Processors, Data Protection Impact Assessment (DPIA), Principles, Sensitive Data, Transparency

Transparency in health and social care by the UK ICO

Controllers and Processors, Data Protection Impact Assessment (DPIA), Principles, Sensitive Data, Transparency

International data transfer agreement and guidance by the UK ICO

Data Transfers

RISK FRAMEWORK FOR BODY-RELATED DATA IN IMMERSIVE TECHNOLOGIES BY FPF

Principles, Sensitive Data

[Draft] Guidelines on the processing of personal data in regard to recruitment by the UK ICO

Automated Decision-making, Controllers and Processors, Data Protection Impact Assessment (DPIA), Employment, Specific processing situations

Privacy-Enhancing and Privacy Preserving Technologies: Understanding the Role of PETs and PPTs in the Digital Age by CIPL

Controllers and Processors, Technical and Organisational Measures (TOMs)

Cybersecurity of Artificial Intelligence in the AI Act by the European Commision

Controllers and Processors, Technical and Organisational Measures (TOMs)

Understanding the Role of PETs and PPTs in the Digital Age

Controllers and Processors, Technical and Organisational Measures (TOMs)

Privacy Impact Assessment Tool by the Australian Government

Controllers and Processors, Data Protection Impact Assessment (DPIA)

SME Guide on Information Security Controls by European Digital SME Alliance

Controllers and Processors, Technical and Organisational Measures (TOMs)

Guidelines for evaluating differential priavacy gurantees by NIST

Anonymisation, Controllers and Processors, Technical and Organisational Measures (TOMs)

DPIA for AI template

Controllers and Processors, Data Protection Impact Assessment (DPIA)

TOWARDS A SUSTAINABLE, MULTILATERAL, AND UNIVERSAL SOLUTION FOR INTERNATIONAL DATA TRANSFER by the UK Government

Data Transfers

AI and Data Protection Risk Toolkit by UK ICO

AI, Controllers and Processors, Data Protection Impact Assessment (DPIA), Specific processing situations

Audit Requirements for Personal Data Processing Activities involving AI by AEPD

Controllers and Processors, Data Protection Impact Assessment (DPIA), Technical and Organisational Measures (TOMs)

Bulgarian CPPD Newsletter

Children as data subjects, Controllers and Processors, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Human rights Impact Assessments for AI

Controllers and Processors, Data Protection Impact Assessment (DPIA)

T‑553-23 R

Data Transfers

Baseline Cyber Security for SMEs

Controllers and Processors, Technical and Organisational Measures (TOMs)

Public Benefit and Privacy Panel for Health and Social Care (Guidance for applicants)

Health Data, Principles, Sensitive Data

Case C-101/01

Data Transfers, Definitions, Principles, Processing of personal data, Sensitive Data

OPINION 1/15 OF 26. 7. 2017

Data Transfers

Guidelines 01/2023 on Article 37 Law Enforcement Directive

Data Transfers

C-272/19

Access Requests (DSAR), Data Controller, Data Subjects Rights, Definitions

C-136/17

Data Subjects Rights, Principles, Right to Erasure, Search Engines, Sensitive Data, Specific processing situations

C-184/20

Principles, Sensitive Data

C-252/21

Lawfulness of Processing, Performance of Contract, Principles, Sensitive Data

Case C-60/22

Accountability, Controllers and Processors, Joint Controllers, Principles

Effective Cyber Risk Management: A best practice governance guide for digitally secure and resilient organisations by Governance Institute of Australia

Risk Management, Technical and Organisational Measures (TOMs)

NIST Special Publication_1800: Implementing a Zero Trust Architecture

Technical and Organisational Measures (TOMs)

CNIL open source PIA software – data protection impact assessment

Data Protection Impact Assessment (DPIA)

Case C‑461/22 CURIA

Data Controller, Definitions

Frequently Asked Questions (FAQ) NIS2 in Belgium by Centre for cybersecurity Belgium

Technical and Organisational Measures (TOMs)

EU-U.S. DATA PRIVACY FRAMEWORK F.A.Q. FOR EUROPEAN BUSINESSES BY EDPB

Data Transfers

Data protection impact assessment for AI Solutions by Danish DPA

AI, Controllers and Processors, Data Protection Impact Assessment (DPIA), Specific processing situations

PRIVACY ENHANCING TECHNOLOGY (PET): PROPOSED GUIDE ON SYNTHETIC DATA GENERATION BY PDPC

Principles, Sensitive Data

Guidelines 01/2023 on Article 37 Law Enforcement Directive by EDPB

Data Transfers

Case 4:23-cv-01110-P AHA v. Bacerra

Health Data, Principles, Sensitive Data

Data protection impact assessment on the processing of personal data on government Facebook Pages

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Information note by EDPB on data transfers under the GDPR to the United States after the adoption of the adequacy decision on 10 July 2023

Adequacy Decisions, Data Transfers

Guideline on the massive collection of personal data from the web for the training of generative artificial intelligence (GenAI) models by the Italian Data Protection Authority (Garante)

AI, Data scraping, Specific processing situations

Opinion 18/2021 on the draft Standard Contractual Clauses submitted by the LT SA (Article 28(8) GDPR) |EDPB

Controllers and Processors, Data Transfers, Standard Contractual Clauses (SCC)

Opinion 26/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Controller Binding Corporate Rules of the Internet Initiative Japan Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 27/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Processor Binding Corporate Rules of the Internet Initiative Japan Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 28/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Oregon Tool, Inc (formerly “Blount”) |EDPB

Binding Corporate Rules, Data Transfers

Opinion 29/2021 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of Oregon Tool, Inc (Formerly “Blount”) |EDPB

Binding Corporate Rules, Data Transfers

Opinion 30/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the COLT Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 31/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of the COLT Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 21/2021 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the CGI Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 22/2021 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the CGI Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 14/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the United Kingdom |EPDB

Adequacy Decisions, Data Transfers

Opinion 15/2021 regarding the European Commission Draft Implementing Decision pursuant to Directive (EU) 2016/680 on the adequate protection of personal data in the United Kingdom |EDPB

Adequacy Decisions, Data Transfers

Opinion 32/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the Republic of Korea |EDPB

Adequacy Decisions, Data Transfers

Information Note by EDPB on the redress mechanism for EU/EEA individuals in relation to alleged violations of U.S. law with respect to their data collected by U.S authorities competent for national security

Adequacy Decisions, Data Transfers

EU-US Data Privacy Framework Template Complaint Form for Submitting Commercial Related Complaints to EU DPAs by EDPB

Adequacy Decisions, Data Transfers

Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by the data subject |EPDB

Data Controller, Data Subjects Rights, Definitions

Opinion 03/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the WEBHELP Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 30/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the COLT Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 31/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of the COLT Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 33/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Carrier |EPDB

Binding Corporate Rules, Data Transfers

Opinion 34/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Otis |EPDB

Binding Corporate Rules, Data Transfers

Opinion 08/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Bioclinica Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 06/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Groupon International Limited |EPDB

Binding Corporate Rules, Data Transfers

Opinion 05/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Lundbeck Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 07/2022 on the draft decision of the Hungarian Supervisory Authority regarding the Controller Binding Corporate Rules of MOL Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 04/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Norican Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 32/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the Republic of Korea |EPDB

Adequacy Decisions, Data Transfers

EDPB-EDPS Joint Opinion 2/2022 on the Proposal of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act)

Data Transfers

EDPB-EDPS Joint Opinion 1/2022 on the Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) 2021/953 on a framework for the issuance, verification and acceptance of interoperable COVID-19 vaccination, test and recovery certificates (EU Digital COVID Certificate) to facilitate free movement during the COVID-19 pandemic |EPDB

Health Data, Principles, Sensitive Data

Opinion 17/2022 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the ANTOLIN Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 18/2022 on the draft decision of the Baden-Württemberg (Germany) Supervisory Authority regarding the Controller Binding Corporate Rules of the Daimler Truck Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 19/2022 on the draft decision of the Baden-Württemberg (Germany) Supervisory Authority regarding the Controller Binding Corporate Rules of the MercedesBenz Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 20/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of the Ellucian Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 21/2022 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Ellucian Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 22/2022 on the draft decision of the Liechtenstein Supervisory Authority regarding the Controller Binding Corporate Rules of Hilti Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 23/2022 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of the Samres Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 24/2022 on the draft decision of the Swedish Supervisory Authority regarding the Processor Binding Corporate Rules of the Samres Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 26/2022 on the draft decision of the Data Protection Authority of Bavaria for the Private Sector regarding the Controller Binding Corporate Rules of the Munich Re Reinsurance Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 09/2022 on the draft decision of the Danish Supervisory Authority regarding the Processor Binding Corporate Rules of Bioclinica Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 10/2022 on the draft decision of the Hesse Supervisory Authority (Germany) regarding the Controller Binding Corporate Rules of Fresenius Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 02/2022 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the WEBHELP Group |EPDB

Binding Corporate Rules, Data Transfers

EDPB-EDPS Joint Opinion 03/2022 on the Proposal for a Regulation on the European Health Data Space

Health Data, Principles, Sensitive Data

Opinion 31/2022 on the draft decision of the Slovak Supervisory Authority regarding the Processor Binding Corporate Rules of Piano Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 32/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Ramboll Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 14/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Vestas Wind Systems Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 18/2023 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of the Collibra Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 19/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the American Express Global Business Travel Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 20/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Comcast Corporation Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 21/2023 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of the UPS Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 22/2023 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules for employee data of the UPS Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 7/2023 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Autodesk Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 8/2023 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of Autodesk Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 5/2023 on the European Commission Draft Implementing Decision on the adequate protection of personal data under the EU-US Data Privacy Framework |EPDB

Adequacy Decisions, Data Transfers

Opinion 9/2023 on the draft decision of the Italian Supervisory Authority regarding the Controller Binding Corporate Rules of Vertiv |EPDB

Binding Corporate Rules, Data Transfers

Opinion 10/2023 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the PROSEGUR Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 16/2023 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of the Informatica Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 17/2023 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Informatica Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 6/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Royal Greenland Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 27/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of LEYTON Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 29/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the DSV Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 30/2022 on the draft decision of the Slovak Supervisory Authority regarding the Controller Binding Corporate Rules of Piano Group |EPDB

Binding Corporate Rules, Data Transfers

EO 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Technical and Organisational Measures (TOMs)

Zapier’s Transfer Impact Assessment

Data Transfers

Transfer Impact Assessment (TIA)

Data Transfers

Cybersecurity panel session: SME Focus by the UK ICO

Technical and Organisational Measures (TOMs)

Cybersecurity panel session: Supply chain attacks by the UK ICO

Technical and Organisational Measures (TOMs)

Cybersecurity panel session: An introduction to incident response, common cyber threats and ways to mitigate risk by the UK ICO

Technical and Organisational Measures (TOMs)

Personal data breaches in the health sector: how to avoid them (and how to deal with them when they happen) by the UK ICO

Data Breaches, Health Data

Human rights Impact Assessments for AI by Access Now

AI, Data Protection Impact Assessment (DPIA)

Maximillian Schrems v. Data Protection Commissioner [2015] Case C-362/14, 6 October 2015.

Data Transfers

Fashion ID, 29 July 2019, C-40/17, ECLI:EU:C:2019:629

Data Controller, Data Processors

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v Wirtschaftsakademie Schleswig-Holstein GmbH, in the presence of Facebook Ireland Ltd (Case C-210/16).

Data Controller

EU-Canada PNR Agreement of 26 July 2017 (Grand Chamber) (EU:C:2017:592)

Data Transfers

Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Case C-311/18), 16 July 2020.

Data Transfers

Information note on data transfers under the GDPR to the US | EDPB

Data Transfers

Guide to Data Protection Impact Assessments by PDPC Singapore

Data Protection Impact Assessment (DPIA)

Data Protection Impact Assessments (DPIA) Template by UK ICO

Data Protection Impact Assessment (DPIA)

How to manage DPIAs by Data Protection Network (DPN)

Data Protection Impact Assessment (DPIA)

Data Protection Impact Assessment (DPIAs) by APDCAT

Data Protection Impact Assessment (DPIA)

Guide to Data Protection Impact Assessments (DPIAs) by the Irish DPC

Data Protection Impact Assessment (DPIA)

GDPR Risk Assessment by the AEPD

Data Protection Impact Assessment (DPIA)

COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework

Adequacy Decisions, Data Transfers

Joint Guide to ASEAN MCC and EU SCC

Data Transfers, Standard Contractual Clauses (SCC)

Guide to Accountability and Governance | UK ICO

Accountability

Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679

Data Protection Impact Assessment (DPIA)

Privacy Impact Assessment (PIA) Knowledge Bases by CNIL

Data Protection Impact Assessment (DPIA)

Privacy Impact Assessment (PIA) Methodology by CNIL

Data Protection Impact Assessment (DPIA)

Privacy Impact Assessment (PIA) Methodology Mindmap by CNIL

Data Protection Impact Assessment (DPIA)

Privacy Impact Assessment – Internet of Things Devices (CNIL)

Data Protection Impact Assessment (DPIA)

Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679

Data Transfers

Guidelines 07/2020 on the concepts of controller and processor in the GDPR

Data Controller, Data Processors, Definitions

Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies

Data Transfers

Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak

Health Data

Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak

Health Data

Guidelines 04/2021 on Codes of Conduct as tools for transfers

Data Transfers

Telegram CEO’s Arrest Sparks Debate on Privacy vs. Regulation

Personal Data Collection, Technical and Organisational Measures (TOMs)

The NSW AI Assessment Framework

Controllers and Processors, Data Protection Impact Assessment (DPIA)

AI Possible Risks & Mitigations Optical Character Recognition by EDPB

AI, Controllers and Processors, Data Protection Impact Assessment (DPIA), Specific processing situations

AI Possible Risks & Mitigations Named Entity Recognition by EDPB

AI, Controllers and Processors, Data Protection Impact Assessment (DPIA), Specific processing situations

Second Report on the application of the General Data Protection Regulation by EU Commission

Data Subjects Rights, Data Transfers

5310-C Privacy Threshold Assessments and Privacy Impact Assessments by Office of Information Security

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Administrative fine against Grindr LLC by The Norwegian Data Protection Authority

Consent, Lawfulness of Processing, Principles, Sensitive Data

Rules of Procedure by EDPB on the cooperation and respective roles of national SAs and the EDPB Secretariat regarding the submission of complaints in the redress mechanism available to EU individuals in relation to alleged violations of U.S law with respect to their data collected by U.S. authorities competent for national security

Adequacy Decisions, Data Transfers, Risk Management

Rules of Procedure for the “Informal Panel of EU DPAs”according to the EU-US Data Privacy Framework by EDPB

Adequacy Decisions, Data Transfers

Template Complaint Form to the U.S. Office of the Director of National Intelligence’s Civil Liberties Protection Officer (CLPO) by EDPB

Adequacy Decisions, Data Transfers

Technical and organisational measures signed by Superhosting.bg

Controllers and Processors, Technical and Organisational Measures (TOMs)

Technical and Organizational Measures by Adobe Cloud Services

Controllers and Processors, Technical and Organisational Measures (TOMs)

Technical Recommendations on the use of APIs by CNIL

Controllers and Processors, Technical and Organisational Measures (TOMs)

[UK] International Data Transfer Addendum to the EU Commission Standard Contractual Clauses

Data Transfers

[UK] International Data Transfer Agreements – Transitional Provisions

Data Transfers

AI and Data Protection risk toolkit by the UK ICO

AI, Data Protection Impact Assessment (DPIA)

Building a Cybersecurity and Privacy Learning Program | NIST | Initial Public Draft

Data Breaches, Employment, Risk Management, Technical and Organisational Measures (TOMs)

ANAF Case C‑201/14, 1 October 2015

Automated Decision-making, Data Sharing, Data Transfers, Public Administrative Body

A Guide to UK GDPR Principles | UK ICO

Accountability, Accuracy, Data minimisation, Integrity and confidentiality, Lawfulness of Processing, Principles, Purpose limitation, Storage limitation, Transparency

Risk Management and Impact Assessment (DPIA) by AEPD

Data Protection Impact Assessment (DPIA)