Filtered (153)
Filters
Search
Type
Country
Categories
Show (153)
Cancel
Personal Data Breach Management and Reporting Toolkit Tracker

Data Breaches

Personal Data Breach Management and Reporting Toolkit Tracker – more information about the Toolkit by UK ICO

Data Breaches

Polish National Personal Data Protection Office (UODO)-National Prosecutor’s Office (9/2/2024)

Consent, Controllers and Processors, Data Breaches, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-PILLOW HOTELS, S.L. (5/30/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-Association (4/30/2024)

Controllers and Processors, Data Breaches

Italian Data Protection Authority (Garante)-Azienda sanitaria locale Roma 3 (3/21/2024)

Data Breaches

Polish National Personal Data Protection Office (UODO)-Toyota Bank Polska S.A. (3/12/2024)

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-URQUÍA & BAS, CORREDURÍA DE SEGUROS S.L. (6/22/2022)

Controllers and Processors, Data Breaches

Hellenic Data Protection Authority (HDPA)-Greek Ministry of Immigration and Asylum (4/2/2024)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Principles, Privacy by Design

Spanish Data Protection Authority (aepd)-CTC EXTERNALIZACIÓN, S.L (2/12/2024)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-District Court Krakow (12/19/2023)

Data Breaches

Polish National Personal Data Protection Office (UODO)-Insurance company (10/18/2023)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-Santander Bank Polska S.A. (3/12/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Unknown (1/18/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-ENDESA ENERGÍA, S.A.U. (10/25/2023)

Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Dutch Supervisory Authority for Data Protection (AP)-International Card Services B.V. (1/15/2024)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Hora Credit IFN SA (12/7/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Link4 Towarzystwo Ubezpieczeń S. A. (10/8/2023)

Controllers and Processors, Data Breaches

Data Protection Authority of Sweden-Östersund Municipality’s Department for Children and Education (11/28/2023)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Hellenic Data Protection Authority (HDPA)-Athens Urban Transport Organization (9/25/2023)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Principles, Storage limitation

Polish National Personal Data Protection Office (UODO)-Company (7/12/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights

Italian Data Protection Authority (Garante)-Bolzano municipality (3/23/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-GSMA LTD. (5/3/2023)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Spanish Data Protection Authority (aepd)-ALBERO FORTE COMPOSITE, S.L. (4/28/2023)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Hellenic Data Protection Authority (HDPA)-Piraeus Bank (2/2/2023)

Data Breaches, Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Housing cooperative (3/1/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights

Data Protection Authority of Bremen-Company (7/14/1905)

Controllers and Processors, Data Breaches

Norwegian Supervisory Authority (Datatilsynet)-Argon Medical Devices (3/8/2023)

Controllers and Processors, Data Breaches

Data Protection Authority of Sachsen-Anhalt-Magdeburg University Hospital (7/15/1905)

Controllers and Processors, Data Breaches

Italian Data Protection Authority (Garante)-Azienda Universitaria Friuli Occidentale (12/15/2022)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Universitaria Friuli Centrale (12/15/2022)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Universitaria Giuliano Isontina (12/15/2022)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Dent Estet Clinic SA (1/31/2023)

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-BAYARD REVISTAS, S.A. (9/28/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-University Hospital of the Medical University of Warsaw (7/6/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights

Data Protection Authority of Niedersachsen-Volkswagen (7/26/2022)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights

Spanish Data Protection Authority (aepd)-DKV Seguros y Reaseguros, S.A.E. (7/13/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-Głównego Geodetę Kraju (7/6/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Esselmann Technika Pojazdowa Sp. z o.o. Sp. k. (6/6/2022)

Controllers and Processors, Data Breaches

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Kredyt Inkaso Investments RO S.A (5/18/2022)

Controllers and Processors, Data Breaches, Principles, Representative, Sensitive Data

Danish Data Protection Authority (Datatilsynet)-Danish National Genome Center (3/25/2022)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Polish National Personal Data Protection Office (UODO)-Santander Bank Polska S. A. (1/19/2022)

Controllers and Processors, Data Breaches

Italian Data Protection Authority (Garante)-Azienda sanitaria unica regionale Marche (1/13/2022)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Integrity and confidentiality, Principles

Data Protection Authority of Hamburg-Company (7/12/1905)

Definitions, Joint Controllers

Data Protection Authority of Ireland-Irish Teacher Council (12/2/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles

Hellenic Data Protection Authority (HDPA)-Greek Ministry of Tourism (12/29/2021)

Controllers and Processors, Data Breaches, Data Protection Officer (DPO), Data Subjects Rights

Deputy Data Protection Ombudsman-Psykoterapiakeskus Vastaamo (12/7/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-Bank Millennium S.A (10/14/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-SERVICIOS LOGÍSTICOS MARTORELL SIGLO XXI, S.L. (10/26/2021)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

National Commission for Data Protection (CNPD)-Insurance company (8/5/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Actamedica SRL (8/24/2021)

Controllers and Processors, Data Breaches, Data Processing Agreement (DPA), Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Fundację Promocji Mediacji i Edukacji Prawnej Lex Nostra (6/30/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. (6/21/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Lithuanian Data Protection Authority (VDAI)-Unknown (7/12/1905)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Polish Data Protection Authority (UODO)-Cyfrowy Polsat S.A. (4/22/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Budapest Főváros Kormányhivatala XI. kerületi Hivatalát (11th District Public Health Department of the Government Office of the Capital City Budapest) (3/24/2021)

Controllers and Processors, Data Breaches, Sensitive Data, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-PVV Overijssel (6/16/2020)

Controllers and Processors, Data Breaches

Dutch Supervisory Authority for Data Protection (AP)-Booking.com B.V. (12/10/2020)

Controllers and Processors, Data Breaches

Norwegian Supervisory Authority (Datatilsynet)-Ålesund Municipality (3/15/2021)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Lawfulness of Processing, Performance of Contract

Polish National Personal Data Protection Office (UODO)-Enea S.A. (1/11/2021)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-Unknown (1/5/2021)

Controllers and Processors, Data Breaches

Data Protection Authority of Ireland-University College Dublin (12/17/2020)

Controllers and Processors, Data Breaches, Principles, Sensitive Data, Storage limitation, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Śląski Uniwersytet Medyczny (Medical University of Silesia) (1/5/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Towarzystwo Ubezpieczeń i Reasekuracji WARTA S.A. (12/28/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-TUiR Warta S.A. (12/9/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Data Protection Authority of Ireland-Twitter International Company (12/15/2020)

Controllers and Processors, Data Breaches

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Robinson Tours Ltd. (Robinson Tours Idegenforgalmi és Szolgáltató Kft.) (12/16/2020)

Controllers and Processors, Data Breaches, Lawfulness of Processing, Performance of Contract, Principles, Privacy by Design

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-Gnosjö Municipality (11/25/2020)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Principles, Representative

Spanish Data Protection Authority (aepd)-Saunier-Tec Mantenimientos de Calor y Frio, SL. (7/2/2020)

Controllers and Processors, Data Breaches

Danish Data Protection Authority (Datatilsynet)-Lejre Municipality (6/30/2020)

Controllers and Processors, Data Breaches, Principles, Representative

Data Protection Authority of Ireland-Tusla Child and Family Agency (6/30/2020)

Controllers and Processors, Data Breaches

Deputy Data Protection Ombudsman-Taksi Helsinki (5/29/2020)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Principles, Representative

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-National Government Service Centre (NGSC) (4/29/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Deputy Data Protection Ombudsman-Kymen Vesi Oy (5/22/2020)

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Directorate of Social and Child Welfare Institutions of the Ferencvaros District of Budapest (5/21/2019)

Controllers and Processors, Data Breaches

Data Protection Authority of Hamburg-Hamburger Verkehrsverbund GmbH (HVV GmbH) (7/11/1905)

Controllers and Processors, Data Breaches, Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Hora Credit IFN SA (12/10/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown (6/25/2019)

Controllers and Processors, Data Breaches

Data Protection Authority of Sweden-School in Skellefteå (8/20/2019)

Controllers and Processors, Data minimisation, Data Protection Impact Assessment (DPIA), Principles, Sensitive Data

Data Protection Authority of Hamburg-Unknown (7/10/1905)

Controllers and Processors, Data Breaches, Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Hungarian political party (4/5/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights

Lithuanian Data Protection Authority (VDAI)-Payment service provider UAB MisterTango (5/16/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles

Case C‑21/23 CJEU (full text in german)

Controllers and Processors, Data Breaches, Health Data, Lawfulness of Processing, Principles, Sensitive Data

Press Release No 159/24 on Judgment of the Court in Case C-21/23 CJEU

Controllers and Processors, Data Breaches, Health Data, Lawfulness of Processing, Principles, Sensitive Data

Решение Рег.№ ППН-02-399-2019 КЗЛД – НАП

Controllers and Processors, Data Breaches, Lawfulness of Processing

Наказателно постановление-04-2019-КЗЛД-НАП

Controllers and Processors, Data Breaches, Lawfulness of Processing

Belgian DPA General Secretariat Artificial intelligence systems and the RGPD from a data protection perspective

AI, Lawfulness of Processing, Principles, Specific processing situations, Transparency

Genetic Testing Company 23andMe Pays $30M for Data Breach

Data Breaches, Sensitive Data

Privacy Impact Assessment (PIA) Templates by CNIL

Data Protection Impact Assessment (DPIA)

Case C 203/22 on AI and automated decisions, the right of access under the GDPR, and the protection of trade secrets

AI, Automated Decision-making, Controllers and Processors, Specific processing situations

Recommendation 01/2019 on the draft list of the European Data Protection Supervisor regarding the processing operations subject to the requirement of a data protection impact assessment (Article 39.4 of Regulation (EU) 2018/1725) |EPDB

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Case C‑604/22

Joint Controllers, Personal Data

Comparison of U.S. State Privacy Laws. Data Protection Assessments by CIPL

Controllers and Processors, Data Protection Impact Assessment (DPIA)

CASE STUDIES (2018 – 2023) by the Irish DPC

Access Requests (DSAR), Controllers and Processors, Data Breaches, Data Subjects Rights, Liability and Remedies, Supervisory Authorities

Transparency and Consent Framework Policies by IAB Europe

Consent, Cookies, Lawfulness of Processing, Principles, Transparency

Draft Impact Assessment Framework by the UK ICO

Controllers and Processors, Data Protection Impact Assessment (DPIA)

One-stop-shop case digest on Security of Processing and Data Breach Notification by the EDPB

Controllers and Processors, Data Breaches, Technical and Organisational Measures (TOMs)

Case C 683-2021

Data Controller, Data Processors, Joint Controllers

Annex: A summary of the Transparency in Health and Social Care guidance impact assessment by the UK ICO

Controllers and Processors, Data Protection Impact Assessment (DPIA), Principles, Sensitive Data, Transparency

Transparency in health and social care by the UK ICO

Controllers and Processors, Data Protection Impact Assessment (DPIA), Principles, Sensitive Data, Transparency

[DRAFT] Data Confidentiality – Identifying and Protecting Assets Against Data Breaches by NIST

Controllers and Processors, Data Breaches

[Draft] Guidelines on the processing of personal data in regard to recruitment by the UK ICO

Automated Decision-making, Controllers and Processors, Data Protection Impact Assessment (DPIA), Employment, Specific processing situations

Privacy Impact Assessment Tool by the Australian Government

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Press Release No 184-23 by the CJEU

Controllers and Processors, Joint Controllers, Liability and Remedies, Supervisory Authorities

AUTOMATED DECISIONMAKING TECHNOLOGY REGULATIONS (DRAFT) by CPPA

Automated Decision-making, Controllers and Processors

DPIA for AI template

Controllers and Processors, Data Protection Impact Assessment (DPIA)

AI and Data Protection Risk Toolkit by UK ICO

AI, Controllers and Processors, Data Protection Impact Assessment (DPIA), Specific processing situations

Audit Requirements for Personal Data Processing Activities involving AI by AEPD

Controllers and Processors, Data Protection Impact Assessment (DPIA), Technical and Organisational Measures (TOMs)

Automated Decision-Making Under the GDPR by the FPF

AI, Automated Decision-making, Controllers and Processors, Specific processing situations

Data breach preparation and response by the Australian Information Commisioners

Controllers and Processors, Data Breaches

Human rights Impact Assessments for AI

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Data Breach Process Guidance by HSE

Controllers and Processors, Data Breaches

Case C-60/22

Accountability, Controllers and Processors, Joint Controllers, Principles

Noyb Complaint Case: C-082-01 to EU Data protection Supervisor against EU Parliament

Controllers and Processors, Data Breaches, Public Administrative Body

Decision by Dutch Data Protection Authority to impose an administrative fine on Uber |English

Controllers and Processors, Data Breaches, Data Subjects Rights

Noyb Complaint Case: C-082-02 to EU Data protection Supervisor against EU Parliament

Controllers and Processors, Data Breaches, Public Administrative Body

NIST Special Publication_1800-29 Data Confidentiality- Detect, Respond to, and Recover from Data Breaches

Controllers and Processors, Data Breaches

CNIL open source PIA software – data protection impact assessment

Data Protection Impact Assessment (DPIA)

Global Third Party Cybersecurity Breaches by SecurityScorecard

Controllers and Processors, Data Breaches

Data protection impact assessment for AI Solutions by Danish DPA

AI, Controllers and Processors, Data Protection Impact Assessment (DPIA), Specific processing situations

Data protection impact assessment on the processing of personal data on government Facebook Pages

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Guidelines scraping by private organizations and individuals by the Dutch Data Protection Authority

Automated Decision-making, Controllers and Processors

Personal data breach report form

Controllers and Processors, Data Breaches

Personal data breaches in the health sector: how to avoid them (and how to deal with them when they happen) by the UK ICO

Data Breaches, Health Data

Human rights Impact Assessments for AI by Access Now

AI, Data Protection Impact Assessment (DPIA)

Guide to Data Protection Impact Assessments by PDPC Singapore

Data Protection Impact Assessment (DPIA)

Data Protection Impact Assessments (DPIA) Template by UK ICO

Data Protection Impact Assessment (DPIA)

How to manage DPIAs by Data Protection Network (DPN)

Data Protection Impact Assessment (DPIA)

Data Protection Impact Assessment (DPIAs) by APDCAT

Data Protection Impact Assessment (DPIA)

Guide to Data Protection Impact Assessments (DPIAs) by the Irish DPC

Data Protection Impact Assessment (DPIA)

GDPR Risk Assessment by the AEPD

Data Protection Impact Assessment (DPIA)

Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679

Automated Decision-making

Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679

Data Protection Impact Assessment (DPIA)

Privacy Impact Assessment (PIA) Knowledge Bases by CNIL

Data Protection Impact Assessment (DPIA)

Privacy Impact Assessment (PIA) Methodology by CNIL

Data Protection Impact Assessment (DPIA)

Privacy Impact Assessment (PIA) Methodology Mindmap by CNIL

Data Protection Impact Assessment (DPIA)

Privacy Impact Assessment – Internet of Things Devices (CNIL)

Data Protection Impact Assessment (DPIA)

Guidelines on transparency under Regulation 2016/679

Transparency

Guidelines 01/2021 on Examples regarding Personal Data Breach Notification

Data Breaches

Guidelines 9/2022 on personal data breach notification under GDPR [Official EDPB Guidelines] [pdf]

Data Breaches

The NSW AI Assessment Framework

Controllers and Processors, Data Protection Impact Assessment (DPIA)

AI Possible Risks & Mitigations Optical Character Recognition by EDPB

AI, Controllers and Processors, Data Protection Impact Assessment (DPIA), Specific processing situations

AI Possible Risks & Mitigations Named Entity Recognition by EDPB

AI, Controllers and Processors, Data Protection Impact Assessment (DPIA), Specific processing situations

5310-C Privacy Threshold Assessments and Privacy Impact Assessments by Office of Information Security

Controllers and Processors, Data Protection Impact Assessment (DPIA)

Automated Decision-Making in Online Platforms: Protection Against Discrimination and Manipulation of Behavior

Automated Decision-making, Controllers and Processors

AI and Data Protection risk toolkit by the UK ICO

AI, Data Protection Impact Assessment (DPIA)

Building a Cybersecurity and Privacy Learning Program | NIST | Initial Public Draft

Data Breaches, Employment, Risk Management, Technical and Organisational Measures (TOMs)

Bodil Lindqvist [2003] Case C-101/01, 6 November 2003

Automated Decision-making

ANAF Case C‑201/14, 1 October 2015

Automated Decision-making, Data Sharing, Data Transfers, Public Administrative Body

A Guide to UK GDPR Principles | UK ICO

Accountability, Accuracy, Data minimisation, Integrity and confidentiality, Lawfulness of Processing, Principles, Purpose limitation, Storage limitation, Transparency

A Guide to Lawful Basis | UK ICO

Consent, Lawfulness of Processing, Legal Obligation, Legitimate Interest, Performance of Contract, Public Interests, Vital Interests

Risk Management and Impact Assessment (DPIA) by AEPD

Data Protection Impact Assessment (DPIA)

GDPR Data Incidents – The Step-by-Step Playbook for Effective Response

Data Breaches