DPO Hub
  • Home
  • Topics
  • Filter
  • EDPB
  • CJEU
  • MM
  • Bookmarks
  • Community ↗️
Sign in Sign up
Sign up Sign in
  • Home
  • Topics
  • Filter
  • EDPB
  • CJEU
  • MM
  • Bookmarks
  • Community ↗️
  • Terms
  • Privacy
  • Archive (all posts)
  • GDPR.Fan ↗️
Unlock full access to see the entire library by subscribing to a paid plan.
Sign up
Bookmarks

breaches

20 posts
EDPB Support Pool of Experts (SPE) projects
EDPB resource AI

EDPB Support Pool of Experts (SPE) projects

members – 4 min read
An overview of SPE projects. Latest: AI Privacy Risks and Mitigations LLMs (Apr) | AI: Complex Algorithms and effective Data Protection Supervision + OSS Case Digest: Right of access (Jan)
Apr 14, 2025
Rie Aleksandra Rie Aleksandra
Personal data breaches
topic resource breaches

Personal data breaches

members – 2 min read
Upcoming topic page for breaches, prompted by EDPB's recent summary document.
Mar 13, 2025
Rie Aleksandra Rie Aleksandra
🇮🇪 DPC fines Meta €91m for failing to safeguard passwords and notify breaches
DPA decision Meta fine

🇮🇪 DPC fines Meta €91m for failing to safeguard passwords and notify breaches

members – 1 min read
UPDATE 1 Jan: Summary + full decision published! The DPC fines Meta for failing to safeguard users' passwords (storing them in plaintext!) and for notifying the breach too late.
Dec 30, 2024
Rie Aleksandra Rie Aleksandra
CJEU C-768/21 Land Hessen (DPA obligation to act) 26 Sep 2024
CJEU breaches procedural

CJEU C-768/21 Land Hessen (DPA obligation to act) 26 Sep 2024

members – 3 min read
⏰ Quickly deal with data breaches and listen to the DPA to reduce the chance of a fine (and keep access logs >3 months). DPAs aren't required to exercise a corrective power, like impose a fine, if not appropriate, necessary or proportionate to remedy the violation and ensure full GDPR compliance.
Dec 28, 2024
Rie Aleksandra Rie Aleksandra
🇮🇪 DPC fines Meta €251m for failing on data protection by design and default and breach handling
DPA decision Meta fine

🇮🇪 DPC fines Meta €251m for failing on data protection by design and default and breach handling

members – 1 min read
Meta failed to properly notify and document a breach affecting 3m EEA Facebook users and to build in data protection requirements throughout the design and development cycle.
Dec 18, 2024
Rie Aleksandra Rie Aleksandra
Norway DPA fines university for insufficient access control in MS Teams
DPA decision fine breaches

Norway DPA fines university for insufficient access control in MS Teams

members – 4 min read
The 🇳🇴 University of Agder was fined €12,500 (NOK 150k) for failing to secure personal data on Teams/SharePoint and insufficient internal controls. Short decision, several takeaways for everyone!
Sep 12, 2024
Rie Aleksandra Rie Aleksandra
Denmark Google Workspace for Education Chromebook case (Helsingørgate)
DPA decision principles data minimisation

Denmark Google Workspace for Education Chromebook case (Helsingørgate)

members – 9 min read
[15 July: Municipalities complies with Jan order + 🚨 DPA asks for EDPB opinion on the scope of a controller's documentation obligations regarding a processor's use of sub-processors] The Danish DPA's landmark decision of 2022 to ban certain use of Google products and US transfers, is still ongoing.
Jul 15, 2024
Rie Aleksandra Rie Aleksandra
breaches data minimisation

France: unemployment breach impacts 43m dating back 20 years

members – 1 min read
🇫🇷 Massive breach and what we can learn immediately from it: data minimisation, deletion, breach response plans - and communication that people actually understand!
Mar 20, 2024
Rie Aleksandra Rie Aleksandra
Sweden MedHelp 1177 case
DPA decision breaches fine

Sweden MedHelp 1177 case

members – 8 min read
This case is not only a goldmine for DPOs in the Swedish healthcare sector (although particularly so), but DPOs in general, for assessing roles, legal bases and processor liability.
Feb 22, 2024
Rie Aleksandra Rie Aleksandra
DPA decision fine breaches

Sweden court upholds ~$1m fine: major health data leak and forwarding calls to 🇹🇭

members – 2 min read
🇸🇪 MedHelp must pay SEK 11,3 million (~$1m) for leaking 2,7 million health-related conversations (of 170 000 hours) online for several years and no legal basis for forwarding call to Thailand.
Feb 18, 2024
Rie Aleksandra Rie Aleksandra
Denmark DPA orders municipalities to ensure Google-sharing compliance
DPA decision principles data minimisation

Denmark DPA orders municipalities to ensure Google-sharing compliance

members – 1 min read
🔥 Danish DPA with new decision in their Helsingørgate/Chromebook case!
Jan 30, 2024
Rie Aleksandra Rie Aleksandra
CJEU C-340/21 Natsionalna agentsia za prihodite (cybercrime) 14 Dec 2023
CJEU principles accountability

CJEU C-340/21 Natsionalna agentsia za prihodite (cybercrime) 14 Dec 2023

members – 7 min read
Unauthorised disclosure or access doesn't equate to inadequate measures, but must be proven to prevent damages claims. National courts must assess your case concretely and cannot systematically rely on expert reports. Mere fear = non-material damages (but must be proven by the data subject).
Jan 8, 2024
Rie Aleksandra Rie Aleksandra
Ready to get started now?
Subscribe to get access to premium content or contact us if you have any questions.
Subscribe Contact us
DPO Hub
☕️ Where GDPR pros come to save time and sanity
Navigation
  • Home
  • Topics
  • Filter
  • EDPB
  • CJEU
  • MM
  • Bookmarks
  • Community ↗️
Quick links
  • Terms
  • Privacy
  • Archive (all posts)
  • GDPR.Fan ↗️
Tags
DPA decision CJEU EDPB fine lawfulness
©2025 DPO Hub - Made with 💛 in 🇳🇴
Great! Next, complete checkout for full access to DPO Hub.
Welcome back! You've successfully signed in.
You've successfully subscribed to DPO Hub.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.