Skip to main content
European Data Protection Board
en
BG
Български
CS
Čeština
DA
Dansk
DE
Deutsch
EL
Ελληνικά
ES
Español
ET
Eesti
FI
Suomi
FR
Français
GA
Gaeilge
HR
Hrvatski
HU
Magyar
IT
Italiano
LT
Lietuvių
LV
Latviešu
MT
Malti
NL
Nederlands
PL
Polski
PT
Português
RO
Română
SK
Slovenčina
SL
Slovenščina
SV
Svenska
Main navigation
About EDPB
Who we are
EDPB and Chairmanship
Our Members
EDPB Secretariat
Rules of procedure and Memorandum of Understanding
Internal procedural guidance
Article 29 Working Party
What we do
Tasks and duties
Legal Framework
Strategy & Work Programme
Publications
Annual reports
One-Stop-Shop case digests
Legal studies by external providers
Press Kit
Contact us
FAQ
Our Work & Tools
General Guidance
Guidelines, Recommendations, Best Practices
Public Consultations on our guidance
Other guidance and Information notes
Support Cooperation and Enforcement
GDPR Cooperation and Enforcement
Consistency and Cooperation procedures
International Cooperation & Cooperation with Other Authorities
EDPB Website Auditing Tool
Registers
Final One Stop Shop Decisions
Approved Binding Corporate Rules
Codes of Conduct, amendments and extensions
Decisions taken by supervisory authorities and courts on issues handled in the consistency mechanism
Certification mechanisms, seals and marks
Documents addressed to the European Commission or National Authorities
Opinions
Binding Decisions
GDPR or LED evaluations
Other documents addressed to EU legislator or Member States
EDPB Plenary meetings
Agenda
Minutes
Other documents
Letters
Internal documents
View all our documents
News
News
EDPB News
National News
One-Stop-Shop News
CSC
About CSC
Who we are
Members
CSC Secretariat
CSC Meetings
Work Programme
Legal Framework
Our Work & Tools
Biannual reports
IMI Reports
Data Subject Rights
Search
Search on the EDPB web site:
Home
Our Work & Tools
Final One Stop Shop Decisions
Final One Stop Shop Decisions
EDPBI:FR:OSS:D:2021:313
28 December 2021
LSA
FR
CSA
IT
NL
ES
ALL DE
Main legal reference
Article 28 (Processor)
Article 32 (Security of processing)
Article 33 (Notification of a personal data breach to the supervisory authority)
Article 34 (Communication of a personal data breach to the data subject)
Keywords
Personal data breach
Data security
Processor
Clients
Publicly available data
Payment data
Outcome
Administrative fine
Summary
Download
EDPBI:NO:OSS:D:2021:219
12 May 2021
LSA
NO
CSA
AT
BE
CZ
DK
EE
FI
FR
ALL DE
HU
IT
LV
LT
LU
NL
PL
PT
RO
SK
ES
SE
UK
Main legal reference
Article 32 (Security of processing)
Article 33 (Notification of a personal data breach to the supervisory authority)
Keywords
Data security
Personal data breach
Outcome
No violation
Download
EDPBI:DEBE:OSS:D:2020:136
4 September 2020
LSA
DE/BE
CSA
ALL DE
AT
FR
HU
IT
PL
PT
RO
Main legal reference
Article 33 (Notification of a personal data breach to the supervisory authority)
Article 34 (Communication of a personal data breach to the data subject)
Keywords
Personal data breach
Phishing emails
Outcome
No violation
Summary
Download
EDPBI:DEBE:OSS:D:2020:132
5 August 2020
LSA
DE/BE
CSA
ALL DE
AT
BE
DK
ES
FI
FR
HU
IE
IT
LT
LV
NL
NO
PT
SE
SI
SK
UK
Main legal reference
Article 33 (Notification of a personal data breach to the supervisory authority)
Article 34 (Communication of a personal data breach to the data subject)
Keywords
Personal data breach
Outcome
No sanction
Summary
Download
EDPBI:DEBE:OSS:D:2020:125
13 July 2020
LSA
DE/BE
CSA
ALL DE
UK
Main legal reference
Article 33 (Notification of a personal data breach to the supervisory authority)
Article 34 (Communication of a personal data breach to the data subject)
Keywords
Personal data breach
Outcome
No violation
Summary
Download
EDPBI:HU:OSS:D:2020:116
23 June 2020
LSA
HU
CSA
ALL DE
AT
IT
SI
SK
Main legal reference
Article 33 (Notification of a personal data breach to the supervisory authority)
Article 34 (Communication of a personal data breach to the data subject)
Keywords
Electronic communications
Employment
Personal data breach
Outcome
No violation
Summary
Download
EDPBI:UK:OSS:D:2020:100
15 April 2020
LSA
UK
CSA
ALL DE
BE
EE
EL
FI
FR
HU
IE
IT
NL
PL
SI
SK
Main legal reference
Article 5 (Principles relating to processing of personal data)
Article 7 (Conditions for consent)
Article 32 (Security of processing)
Article 33 (Notification of a personal data breach to the supervisory authority)
Keywords
Personal data breach
Outcome
No sanction
Summary