Filtered (228)
Filters
Search
Type
Country
Categories
Show (228)
Cancel
Personal Data Breach Management and Reporting Toolkit Tracker

Data Breaches

Records Management Toolkit Tracker

Data Retention, Personal Data Collection, Records of processing Activities (ROPA)

Personal Data Breach Management and Reporting Toolkit Tracker – more information about the Toolkit by UK ICO

Data Breaches

Records Management Toolkit Tracker – more information about the Toolkit by UK ICO

Data Retention, Personal Data Collection, Records of processing Activities (ROPA)

Polish National Personal Data Protection Office (UODO)-National Prosecutor’s Office (9/2/2024)

Consent, Controllers and Processors, Data Breaches, Lawfulness of Processing, Principles, Sensitive Data

Dutch Supervisory Authority for Data Protection (AP)-Uber Technologies Inc., Uber B.V. (7/22/2024)

Data Transfers

Spanish Data Protection Authority (aepd)-PILLOW HOTELS, S.L. (5/30/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-Association (4/30/2024)

Controllers and Processors, Data Breaches

Italian Data Protection Authority (Garante)-Azienda sanitaria locale Roma 3 (3/21/2024)

Data Breaches

Polish National Personal Data Protection Office (UODO)-Toyota Bank Polska S.A. (3/12/2024)

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-URQUÍA & BAS, CORREDURÍA DE SEGUROS S.L. (6/22/2022)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-District Court Krakow (12/19/2023)

Data Breaches

Polish National Personal Data Protection Office (UODO)-Insurance company (10/18/2023)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-Santander Bank Polska S.A. (3/12/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Unknown (1/18/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-ENDESA ENERGÍA, S.A.U. (10/25/2023)

Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Hora Credit IFN SA (12/7/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Link4 Towarzystwo Ubezpieczeń S. A. (10/8/2023)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-Company (7/12/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights

Data Protection Authority of Sweden-Tele2 Sverige Aktiebolag (6/30/2023)

Data Transfers

Data Protection Authority of Sweden-CDON AB (6/30/2023)

Data Transfers

Data Protection Authority of Ireland-Meta Platforms Ireland Limited (5/12/2023)

Data Transfers

Italian Data Protection Authority (Garante)-Bolzano municipality (3/23/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-Piraeus Bank (2/2/2023)

Data Breaches, Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Housing cooperative (3/1/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights

Data Protection Authority of Bremen-Company (7/14/1905)

Controllers and Processors, Data Breaches

Norwegian Supervisory Authority (Datatilsynet)-Argon Medical Devices (3/8/2023)

Controllers and Processors, Data Breaches

Data Protection Authority of Sachsen-Anhalt-Magdeburg University Hospital (7/15/1905)

Controllers and Processors, Data Breaches

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Dent Estet Clinic SA (1/31/2023)

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-ADSL HOUSE, S.L. (10/24/2022)

Data Subjects Rights, Data Transfers

Spanish Data Protection Authority (aepd)-BAYARD REVISTAS, S.A. (9/28/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-University Hospital of the Medical University of Warsaw (7/6/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-DKV Seguros y Reaseguros, S.A.E. (7/13/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-Głównego Geodetę Kraju (7/6/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Esselmann Technika Pojazdowa Sp. z o.o. Sp. k. (6/6/2022)

Controllers and Processors, Data Breaches

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Kredyt Inkaso Investments RO S.A (5/18/2022)

Controllers and Processors, Data Breaches, Principles, Representative, Sensitive Data

Spanish Data Protection Authority (aepd)-TIGERS MARKET, S.L. (5/17/2022)

Data Subjects Rights, Data Transfers

Polish National Personal Data Protection Office (UODO)-Santander Bank Polska S. A. (1/19/2022)

Controllers and Processors, Data Breaches

Data Protection Authority of Ireland-Irish Teacher Council (12/2/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles

Hellenic Data Protection Authority (HDPA)-Greek Ministry of Tourism (12/29/2021)

Controllers and Processors, Data Breaches, Data Protection Officer (DPO), Data Subjects Rights

Deputy Data Protection Ombudsman-Psykoterapiakeskus Vastaamo (12/7/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-TIGERS MARKET, S.L. (11/29/2021)

Data Subjects Rights, Data Transfers

Spanish Data Protection Authority (aepd)-INTRODUCTION BUSINESS CAPITAL MEDIA, S.L. (12/1/2021)

Data Subjects Rights, Data Transfers

Polish National Personal Data Protection Office (UODO)-Bank Millennium S.A (10/14/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

National Commission for Data Protection (CNPD)-Insurance company (8/5/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Actamedica SRL (8/24/2021)

Controllers and Processors, Data Breaches, Data Processing Agreement (DPA), Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Fundację Promocji Mediacji i Edukacji Prawnej Lex Nostra (6/30/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. (6/21/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish Data Protection Authority (UODO)-Cyfrowy Polsat S.A. (4/22/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Budapest Főváros Kormányhivatala XI. kerületi Hivatalát (11th District Public Health Department of the Government Office of the Capital City Budapest) (3/24/2021)

Controllers and Processors, Data Breaches, Sensitive Data, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-PVV Overijssel (6/16/2020)

Controllers and Processors, Data Breaches

Czech Data Protection Auhtority (UOOU)-Bank (7/12/1905)

Data Subjects Rights, Data Transfers

Dutch Supervisory Authority for Data Protection (AP)-Booking.com B.V. (12/10/2020)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-Enea S.A. (1/11/2021)

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (3/11/2021)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights, Data Transfers

Spanish Data Protection Authority (aepd)-Avilon Center 2016 S.L. (2/24/2021)

Data Subjects Rights, Data Transfers

Polish National Personal Data Protection Office (UODO)-Unknown (1/5/2021)

Controllers and Processors, Data Breaches

Data Protection Authority of Ireland-University College Dublin (12/17/2020)

Controllers and Processors, Data Breaches, Principles, Sensitive Data, Storage limitation, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Vamavi Phone S.L. (2/11/2021)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights, Data Transfers

Polish National Personal Data Protection Office (UODO)-Śląski Uniwersytet Medyczny (Medical University of Silesia) (1/5/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Towarzystwo Ubezpieczeń i Reasekuracji WARTA S.A. (12/28/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-TUiR Warta S.A. (12/9/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Data Protection Authority of Ireland-Twitter International Company (12/15/2020)

Controllers and Processors, Data Breaches

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Robinson Tours Ltd. (Robinson Tours Idegenforgalmi és Szolgáltató Kft.) (12/16/2020)

Controllers and Processors, Data Breaches, Lawfulness of Processing, Performance of Contract, Principles, Privacy by Design

Spanish Data Protection Authority (aepd)-Iberdrola Clientes, SAU (12/22/2020)

Data Subjects Rights, Data Transfers

Spanish Data Protection Authority (aepd)-Saunier-Tec Mantenimientos de Calor y Frio, SL. (7/2/2020)

Controllers and Processors, Data Breaches

Danish Data Protection Authority (Datatilsynet)-Lejre Municipality (6/30/2020)

Controllers and Processors, Data Breaches, Principles, Representative

Data Protection Authority of Ireland-Tusla Child and Family Agency (6/30/2020)

Controllers and Processors, Data Breaches

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-National Government Service Centre (NGSC) (4/29/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Directorate of Social and Child Welfare Institutions of the Ferencvaros District of Budapest (5/21/2019)

Controllers and Processors, Data Breaches

Data Protection Authority of Hamburg-Hamburger Verkehrsverbund GmbH (HVV GmbH) (7/11/1905)

Controllers and Processors, Data Breaches, Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Hora Credit IFN SA (12/10/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown (6/25/2019)

Controllers and Processors, Data Breaches

Data Protection Authority of Hamburg-Unknown (7/10/1905)

Controllers and Processors, Data Breaches, Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Hungarian political party (4/5/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights

Lithuanian Data Protection Authority (VDAI)-Payment service provider UAB MisterTango (5/16/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles

Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive Version 2.0 by EDPB

New technology

Case C‑21/23 CJEU (full text in german)

Controllers and Processors, Data Breaches, Health Data, Lawfulness of Processing, Principles, Sensitive Data

Press Release No 159/24 on Judgment of the Court in Case C-21/23 CJEU

Controllers and Processors, Data Breaches, Health Data, Lawfulness of Processing, Principles, Sensitive Data

Решение Рег.№ ППН-02-399-2019 КЗЛД – НАП

Controllers and Processors, Data Breaches, Lawfulness of Processing

Наказателно постановление-04-2019-КЗЛД-НАП

Controllers and Processors, Data Breaches, Lawfulness of Processing

EDPS Model Administrative Arrangement

Data Processing by the Government, Data Transfers, Specific processing situations

The Future of European Competitiveness by EU Commission

AI, New technology, Specific processing situations

Genetic Testing Company 23andMe Pays $30M for Data Breach

Data Breaches, Sensitive Data

The IDTA, Addendum and TRA: practical guidance for cross-border transfers by the UK ICO

Access Requests (DSAR), Data Transfers

Opinion 36/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Booking.com Group |EPDB

Data Transfers

Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR) |EPDB

Data Transfers

Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data |Version 2.0 |EPDB

Data Transfers

Recommendations 01/2021 on the adequacy referential under the Law Enforcement Directive |EPDB

Adequacy Decisions, Data Transfers

Opinion 31/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Thalès Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 32/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Thalès Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 33/2023 on the draft decision of the Hesse Supervisory Authority (Germany) regarding the Controller Binding Corporate Rules of the Cerner Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 34/2023 on the draft decision of the Hesse Supervisory Authority (Germany) regarding the Processor Binding Corporate Rules of the Cerner Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 35/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Carlsberg Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 01/2024 on the draft decision of the Dutch Supervisory Authority regarding the Processor Binding Corporate Rules of the Booking.com Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 2/2024 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the TELEFÓNICA Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 3/2024 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Accenture Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 23/2023 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules for customer data of the UPS Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 24/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Nestlé Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 25/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the SHV Holding N.V. Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 26/2023 on the draft decision of the Romanian Supervisory Authority regarding the Processor Binding Corporate Rules of the OSF Global Services Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 27/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Tessi Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 28/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Servier Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 29/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Sodexo Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 30/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Sodexo Group |EPDB

Binding Corporate Rules, Data Transfers

SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES ISSUED BY THE U.S. DEPARTMENT OF COMMERCE

Data Transfers

EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES ISSUED BY THE U.S. DEPARTMENT OF COMMERCE

Data Transfers

THE NEW STANDARD CONTRACTUAL CLAUSES – QUESTIONS AND ANSWERS

Data Transfers, Standard Contractual Clauses (SCC)

CASE STUDIES (2018 – 2023) by the Irish DPC

Access Requests (DSAR), Controllers and Processors, Data Breaches, Data Subjects Rights, Liability and Remedies, Supervisory Authorities

International Data Transfer Agreements – Transitional Provisions

Data Transfers

Transfer Risk Assessment Tool by the UK ICO

Data Transfers

Transfer Impact Assessment (TIA) Template by HSE

Data Transfers

[UK EXTENSION] EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES ISSUED BY THE U.S. DEPARTMENT OF COMMERCE

Data Transfers

[UK] International Data Transfer Addendum to the EU Commission Standard Contractual Clauses

Data Transfers

[UK] Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018

Data Transfers

One-stop-shop case digest on Security of Processing and Data Breach Notification by the EDPB

Controllers and Processors, Data Breaches, Technical and Organisational Measures (TOMs)

Report on the first review of the functioning of the adequacy decisions adopted pursuant to Article 25(6) of Directive 95/46/EC

Adequacy Decisions, Data Transfers

Guide to Binding Corporate Rules by the UK ICO

Data Transfers

[Draft] Transfer Impact Assessment by the CNIL

Data Transfers

International data transfer agreement and guidance by the UK ICO

Data Transfers

[DRAFT] Data Confidentiality – Identifying and Protecting Assets Against Data Breaches by NIST

Controllers and Processors, Data Breaches

TOWARDS A SUSTAINABLE, MULTILATERAL, AND UNIVERSAL SOLUTION FOR INTERNATIONAL DATA TRANSFER by the UK Government

Data Transfers

Data breach preparation and response by the Australian Information Commisioners

Controllers and Processors, Data Breaches

T‑553-23 R

Data Transfers

Data Breach Process Guidance by HSE

Controllers and Processors, Data Breaches

Case C-101/01

Data Transfers, Definitions, Principles, Processing of personal data, Sensitive Data

OPINION 1/15 OF 26. 7. 2017

Data Transfers

Guidelines 01/2023 on Article 37 Law Enforcement Directive

Data Transfers

Noyb Complaint Case: C-082-01 to EU Data protection Supervisor against EU Parliament

Controllers and Processors, Data Breaches, Public Administrative Body

Decision by Dutch Data Protection Authority to impose an administrative fine on Uber |English

Controllers and Processors, Data Breaches, Data Subjects Rights

Noyb Complaint Case: C-082-02 to EU Data protection Supervisor against EU Parliament

Controllers and Processors, Data Breaches, Public Administrative Body

Emerging digital technologies in the public sector report by EU Commission

New technology

NIST Special Publication_1800-29 Data Confidentiality- Detect, Respond to, and Recover from Data Breaches

Controllers and Processors, Data Breaches

EU-U.S. DATA PRIVACY FRAMEWORK F.A.Q. FOR EUROPEAN BUSINESSES BY EDPB

Data Transfers

Global Third Party Cybersecurity Breaches by SecurityScorecard

Controllers and Processors, Data Breaches

EditorsTrends in Data Protection and Encryption Technologies by SpringerProfessional

Definitions, New technology, Processing of personal data

Guidelines 01/2023 on Article 37 Law Enforcement Directive by EDPB

Data Transfers

Information note by EDPB on data transfers under the GDPR to the United States after the adoption of the adequacy decision on 10 July 2023

Adequacy Decisions, Data Transfers

Opinion 18/2021 on the draft Standard Contractual Clauses submitted by the LT SA (Article 28(8) GDPR) |EDPB

Controllers and Processors, Data Transfers, Standard Contractual Clauses (SCC)

Opinion 26/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Controller Binding Corporate Rules of the Internet Initiative Japan Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 27/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Processor Binding Corporate Rules of the Internet Initiative Japan Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 28/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Oregon Tool, Inc (formerly “Blount”) |EDPB

Binding Corporate Rules, Data Transfers

Opinion 29/2021 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of Oregon Tool, Inc (Formerly “Blount”) |EDPB

Binding Corporate Rules, Data Transfers

Opinion 30/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the COLT Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 31/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of the COLT Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 21/2021 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the CGI Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 22/2021 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the CGI Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 14/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the United Kingdom |EPDB

Adequacy Decisions, Data Transfers

Opinion 15/2021 regarding the European Commission Draft Implementing Decision pursuant to Directive (EU) 2016/680 on the adequate protection of personal data in the United Kingdom |EDPB

Adequacy Decisions, Data Transfers

Opinion 32/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the Republic of Korea |EDPB

Adequacy Decisions, Data Transfers

Information Note by EDPB on the redress mechanism for EU/EEA individuals in relation to alleged violations of U.S. law with respect to their data collected by U.S authorities competent for national security

Adequacy Decisions, Data Transfers

EU-US Data Privacy Framework Template Complaint Form for Submitting Commercial Related Complaints to EU DPAs by EDPB

Adequacy Decisions, Data Transfers

Personal data breach report form

Controllers and Processors, Data Breaches

Opinion 03/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the WEBHELP Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 30/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the COLT Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 31/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of the COLT Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 33/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Carrier |EPDB

Binding Corporate Rules, Data Transfers

Opinion 34/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Otis |EPDB

Binding Corporate Rules, Data Transfers

Opinion 08/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Bioclinica Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 06/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Groupon International Limited |EPDB

Binding Corporate Rules, Data Transfers

Opinion 05/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Lundbeck Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 07/2022 on the draft decision of the Hungarian Supervisory Authority regarding the Controller Binding Corporate Rules of MOL Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 04/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Norican Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 32/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the Republic of Korea |EPDB

Adequacy Decisions, Data Transfers

EDPB-EDPS Joint Opinion 2/2022 on the Proposal of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act)

Data Transfers

Opinion 17/2022 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the ANTOLIN Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 18/2022 on the draft decision of the Baden-Württemberg (Germany) Supervisory Authority regarding the Controller Binding Corporate Rules of the Daimler Truck Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 19/2022 on the draft decision of the Baden-Württemberg (Germany) Supervisory Authority regarding the Controller Binding Corporate Rules of the MercedesBenz Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 20/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of the Ellucian Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 21/2022 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Ellucian Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 22/2022 on the draft decision of the Liechtenstein Supervisory Authority regarding the Controller Binding Corporate Rules of Hilti Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 23/2022 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of the Samres Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 24/2022 on the draft decision of the Swedish Supervisory Authority regarding the Processor Binding Corporate Rules of the Samres Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 26/2022 on the draft decision of the Data Protection Authority of Bavaria for the Private Sector regarding the Controller Binding Corporate Rules of the Munich Re Reinsurance Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 09/2022 on the draft decision of the Danish Supervisory Authority regarding the Processor Binding Corporate Rules of Bioclinica Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 10/2022 on the draft decision of the Hesse Supervisory Authority (Germany) regarding the Controller Binding Corporate Rules of Fresenius Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 02/2022 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the WEBHELP Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 31/2022 on the draft decision of the Slovak Supervisory Authority regarding the Processor Binding Corporate Rules of Piano Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 32/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Ramboll Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 14/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Vestas Wind Systems Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 18/2023 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of the Collibra Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 19/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the American Express Global Business Travel Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 20/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Comcast Corporation Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 21/2023 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of the UPS Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 22/2023 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules for employee data of the UPS Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 7/2023 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Autodesk Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 8/2023 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of Autodesk Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 5/2023 on the European Commission Draft Implementing Decision on the adequate protection of personal data under the EU-US Data Privacy Framework |EPDB

Adequacy Decisions, Data Transfers

Opinion 9/2023 on the draft decision of the Italian Supervisory Authority regarding the Controller Binding Corporate Rules of Vertiv |EPDB

Binding Corporate Rules, Data Transfers

Opinion 10/2023 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the PROSEGUR Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 16/2023 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of the Informatica Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 17/2023 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Informatica Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 6/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Royal Greenland Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 27/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of LEYTON Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 29/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the DSV Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 30/2022 on the draft decision of the Slovak Supervisory Authority regarding the Controller Binding Corporate Rules of Piano Group |EPDB

Binding Corporate Rules, Data Transfers

Zapier’s Transfer Impact Assessment

Data Transfers

Transfer Impact Assessment (TIA)

Data Transfers

Personal data breaches in the health sector: how to avoid them (and how to deal with them when they happen) by the UK ICO

Data Breaches, Health Data

Joint statement on data scraping and the protection of privacy

Personal Data Collection

Maximillian Schrems v. Data Protection Commissioner [2015] Case C-362/14, 6 October 2015.

Data Transfers

EU-Canada PNR Agreement of 26 July 2017 (Grand Chamber) (EU:C:2017:592)

Data Transfers

Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Case C-311/18), 16 July 2020.

Data Transfers

Records of Processing Activities under Article 30 GDPR | Irish DPC

Records of processing Activities (ROPA)

Information note on data transfers under the GDPR to the US | EDPB

Data Transfers

WORKING PARTY 29 POSITION PAPER on the derogations from the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR

Records of processing Activities (ROPA)

COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework

Adequacy Decisions, Data Transfers

Joint Guide to ASEAN MCC and EU SCC

Data Transfers, Standard Contractual Clauses (SCC)

Records of processing activities template by the CNIL

Records of processing Activities (ROPA)

Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679

Data Transfers

Guidelines 01/2021 on Examples regarding Personal Data Breach Notification

Data Breaches

Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies

Data Transfers

Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation

Certification

Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)

Certification

Guidelines 9/2022 on personal data breach notification under GDPR [Official EDPB Guidelines] [pdf]

Data Breaches

Guidelines 04/2021 on Codes of Conduct as tools for transfers

Data Transfers

Guidelines 07/2022 on certification as a tool for transfers

Certification

Telegram CEO’s Arrest Sparks Debate on Privacy vs. Regulation

Personal Data Collection, Technical and Organisational Measures (TOMs)

Second Report on the application of the General Data Protection Regulation by EU Commission

Data Subjects Rights, Data Transfers

Rules of Procedure by EDPB on the cooperation and respective roles of national SAs and the EDPB Secretariat regarding the submission of complaints in the redress mechanism available to EU individuals in relation to alleged violations of U.S law with respect to their data collected by U.S. authorities competent for national security

Adequacy Decisions, Data Transfers, Risk Management

Rules of Procedure for the “Informal Panel of EU DPAs”according to the EU-US Data Privacy Framework by EDPB

Adequacy Decisions, Data Transfers

Template Complaint Form to the U.S. Office of the Director of National Intelligence’s Civil Liberties Protection Officer (CLPO) by EDPB

Adequacy Decisions, Data Transfers

[UK] International Data Transfer Addendum to the EU Commission Standard Contractual Clauses

Data Transfers

[UK] International Data Transfer Agreements – Transitional Provisions

Data Transfers

Building a Cybersecurity and Privacy Learning Program | NIST | Initial Public Draft

Data Breaches, Employment, Risk Management, Technical and Organisational Measures (TOMs)

Salvatore Manni Case C 398/15

Data Retention, Legitimate Interest, Storage limitation

ANAF Case C‑201/14, 1 October 2015

Automated Decision-making, Data Sharing, Data Transfers, Public Administrative Body

GDPR Data Incidents – The Step-by-Step Playbook for Effective Response

Data Breaches