DPO Hub
  • Home
  • Topics
  • Filter
  • EDPB
  • CJEU
  • MM
  • Bookmarks
  • Community ↗️
Sign in Sign up
Sign up Sign in
  • Home
  • Topics
  • Filter
  • EDPB
  • CJEU
  • MM
  • Bookmarks
  • Community ↗️
  • Terms
  • Privacy
  • Archive (all posts)
  • GDPR.Fan ↗️
Unlock full access to see the entire library by subscribing to a paid plan.
Sign up
Bookmarks

TOMs

17 posts
🇮🇪 DPC fines Meta €91m for failing to safeguard passwords and notify breaches
DPA decision Meta fine

🇮🇪 DPC fines Meta €91m for failing to safeguard passwords and notify breaches

members – 1 min read
UPDATE 1 Jan: Summary + full decision published! The DPC fines Meta for failing to safeguard users' passwords (storing them in plaintext!) and for notifying the breach too late.
Dec 30, 2024
Rie Aleksandra Rie Aleksandra
CJEU C-687/21 MediaMarktSaturn 25 Jan 2024
CJEU damages TOMs

CJEU C-687/21 MediaMarktSaturn 25 Jan 2024

members – 3 min read
Accidental disclosure ≠ poor measures. Compensation is purely compensatory, not punitive, and requires proof of harm caused by a violation—though the severity of it doesn't affect the amount. Fear alone isn’t enough if no misuse occurred.
Dec 29, 2024
Rie Aleksandra Rie Aleksandra
Record GDPR fine from Norway (NAV)
DPA decision public sector fine

Record GDPR fine from Norway (NAV)

members – 6 min read
🔥 On 17 Dec, the Privacy Appeals Board overturned substantial parts of the DPA's decision against the Labour and Welfare Administration (NAV), including the record NOK 20 million fine.
Dec 18, 2024
Rie Aleksandra Rie Aleksandra
EDPB Opinion 22/2024: obligations when relying on (sub-)processors
EDPB processor controller

EDPB Opinion 22/2024: obligations when relying on (sub-)processors

members – 8 min read
📚 You must list all (sub-sub-sub-sub...)processors (name, address, contact person, processing activity, roles & responsibilities) and always verify they've provided 'sufficient guarantees'—though the extent might vary based on risk—also for onwards transfers.
Oct 22, 2024
Rie Aleksandra Rie Aleksandra
Norway DPA fines university for insufficient access control in MS Teams
DPA decision fine breaches

Norway DPA fines university for insufficient access control in MS Teams

members – 4 min read
The 🇳🇴 University of Agder was fined €12,500 (NOK 150k) for failing to secure personal data on Teams/SharePoint and insufficient internal controls. Short decision, several takeaways for everyone!
Sep 12, 2024
Rie Aleksandra Rie Aleksandra
Sweden MedHelp 1177 case
DPA decision breaches fine

Sweden MedHelp 1177 case

members – 8 min read
This case is not only a goldmine for DPOs in the Swedish healthcare sector (although particularly so), but DPOs in general, for assessing roles, legal bases and processor liability.
Feb 22, 2024
Rie Aleksandra Rie Aleksandra
CJEU C-340/21 Natsionalna agentsia za prihodite (cybercrime) 14 Dec 2023
CJEU principles accountability

CJEU C-340/21 Natsionalna agentsia za prihodite (cybercrime) 14 Dec 2023

members – 7 min read
Unauthorised disclosure or access doesn't equate to inadequate measures, but must be proven to prevent damages claims. National courts must assess your case concretely and cannot systematically rely on expert reports. Mere fear = non-material damages (but must be proven by the data subject).
Jan 8, 2024
Rie Aleksandra Rie Aleksandra
security resource guidance

Denmark DPA shares useful security measures catalogue

members – 1 min read
Only in Danish but useful with in-browser translate!
Nov 28, 2023
Rie Aleksandra Rie Aleksandra
DPA decision security TOMs

Denmark DPA criticises processor for poor security

members – 2 min read
…
Nov 13, 2023
Rie Aleksandra Rie Aleksandra
Denmark DPA audits 16 banks and municipalities
public sector DPA audit breaches

Denmark DPA audits 16 banks and municipalities

members – 1 min read
…
Sep 30, 2023
Rie Aleksandra Rie Aleksandra
DPA decision fine TOMs

Sweden DPA issues fines and orders controllers to stop using Google Analytics

members – 1 min read
…
Jul 3, 2023
Rie Aleksandra Rie Aleksandra
DPA decision fine employment

Romania DPA fine for insufficient employee training

members – 1 min read
…
Jan 24, 2023
Rie Aleksandra Rie Aleksandra
Ready to get started now?
Subscribe to get access to premium content or contact us if you have any questions.
Subscribe Contact us
DPO Hub
☕️ Where GDPR pros come to save time and sanity
Navigation
  • Home
  • Topics
  • Filter
  • EDPB
  • CJEU
  • MM
  • Bookmarks
  • Community ↗️
Quick links
  • Terms
  • Privacy
  • Archive (all posts)
  • GDPR.Fan ↗️
Tags
DPA decision CJEU EDPB fine lawfulness
©2025 DPO Hub - Made with 💛 in 🇳🇴
Great! Next, complete checkout for full access to DPO Hub.
Welcome back! You've successfully signed in.
You've successfully subscribed to DPO Hub.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.