Search results

hereinafter “the first defendant” (DOS-2020-05649 and DOS-2021-05271); Company Y2, hereinafter “the second defendant” (DOS-2020-05649); Decision on merits

Internal regulations as approved by the Chamber of Representatives on December 20, 2018 and published in the Belgian Official Gazette on January 15, 2019; Considering

internal order, as approved by the Chamber of Representatives on December 20, 2018 and published in the Belgian Official Gazette on January 15, 2019; Having

The Belgian DPA (APD/GBA) imposed a fine of €50,000 and €15,000 on two different data controllers for breaching various principles of the GDPR, such as

Liechtenstein by a Decision of the EEA Joint Committee of 6 July 2018, which entered into force on 20 July 2018. This Decision is of no consequence in the present case

rules of procedure as approved by the Chamber of Representatives on 20 December 2018 and published in the Belgian Official Gazette on 15 January 2019; Having

the time of the personal data breach (in the period between 22/03/2018 and 28/05/2018), the defendant had not concluded a contract with the processor for

The Belgian DPA (APD/GBA) held that sharing a phone number poses a high risk to a data subject and that this must be classified as a critical data breach

Chamber Decision on the merits 72/2020 of November 09th 2020 File No.: DOS-2018-02075 Subject: Complaint against a hospital (processing of membership data)

The Belgian DPA (APD/GBA) held that sending a newsletter to the parents of school children with all email addresses visible in CC was a breach of the Article

original. Please refer to the French original for more details. File No.: DOS-2018-05421 Subject: Complaint against a City about the regularity of the consultation

internal order, as approved by the Chamber of Representatives on December 20, 2018 and published in the Belgian Official Gazette on January 15, 2019; Having

The Belgian DPA (APD/GBA) held that intent is not a criterium to assess processing and that mistakenly sending an e-mail does not necessarily constitute

rule that Mr X's complaint of 20 September 2019 at the GBA was unfounded with regard to the concluding party; to order the GBA to pay the administrative fine

initiate such 35CJEU judgment of 5 June 2018,C-210/16, WirtschaftsakademieSchleswig-Holstein, ECLI:EU:C:2018:388. 20, processing in any way or form. The data

The Belgian DPA (APD/GBA) fined the defendant € 15000 for cookies placed without prior consent. The ADP/GBA conducted investigations into a webpage for

the Data Protection Authority (APD); Considering the decision of February 20, 2020 of the Front Line Service (SPL) of the APD declaring the complaint admissible

The Belgian DPA (APD/GBA) ordered an employer to delete the HR evaluation data on its employees. The decision comes after a complaint filed by an employee

within 3 months. GBA has also issued a reprimand for the violation of Articles 12-14. No fines were issued because the predecessor of GBA had reviewed and

November 2018, the Management Committee of the Data Protection Authority (hereinafter the GBA) decided to refer a case to the Inspectorate of the GBA on the