Changeflow GovPing Data Privacy & Cybersecurity German Data Protection Decisions: EDPB Opinions...
Routine Notice Added Final

German Data Protection Decisions: EDPB Opinions and National Enforcement Actions

Favicon for www.edpb.europa.eu EDPB Decisions
Detected
Email

Summary

The German member-state page on the EDPB website aggregates 10 decisions published by German data protection authorities between September 2024 and July 2025. These include six EDPB Opinions issued under Article 64 GDPR procedure addressing certification criteria and Binding Corporate Rules, alongside four national enforcement actions. The most significant penalties are administrative fines of €15,000,000 and €30,000,000 imposed on Vodafone by the German Federal Supervisory Authority, plus a reprimand, and a €900,000 fine from Hamburg SA for deletion obligation violations in the credit collection sector.

“Opinion 16/2025 regarding the draft decision of the German North Rhine Westphalia Supervisory Authority regarding Trusted Site Data Privacy (TÜV IT) certification criteria”

EDPB , verbatim from source
Published by EDPB on edpb.europa.eu . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors EDPB Decisions for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 4 changes logged to date.

View original document View source feed page

What changed

The EDPB German member-state page compiles six EDPB Opinions issued under Article 64 GDPR between September 2024 and July 2025, covering certification criteria (Trusted Site Data Privacy/TÜV IT and GDPR information privacy standard) and Binding Corporate Rules for the Infosys Group and Viega Group. The page also aggregates four national enforcement actions: the German Federal SA imposed fines of €15,000,000 and €30,000,000 plus a reprimand on Vodafone; Hamburg SA issued a €900,000 fine for deletion obligation violations in credit collection services; and the French SA fined KASPR €240,000 and €200,000 for data scraping violations. Organizations with operations in Germany subject to GDPR obligations should track these authoritative EDPB positions on certification standards and international transfer mechanisms when assessing their compliance posture.

Archived snapshot

Apr 27, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

An official website of the European Union How do you know?

Opinion 16/2025 regarding the draft decision of the German North Rhine Westphalia Supervisory Authority regarding Trusted Site Data Privacy (TÜV IT) certification criteria

14 July 2025
- Opinion of the Board (Art. 64)

10 June 2025 National News
- Germany
Read more

Data scraping: French Supervisory Authority fined KASPR €240 000

23 January 2025 One-Stop-Shop News
- Austria
- Belgium
- Croatia
- Cyprus
- Czech Republic
- Denmark
- Estonia
- Finland
- France
- Germany
- Greece
- Hungary
- Ireland
- Italy
- Latvia
- Lithuania
- Luxembourg
- Malta
- Netherlands
- Poland
- Portugal
- Romania
- Slovakia
- Slovenia
- Spain
- Sweden
- Iceland
- Norway
- Liechtenstein
Read more

Data scraping: French SA fined KASPR €200 000

9 January 2025 One-Stop-Shop News
- France
- Austria
- Belgium
- Bulgaria
- Croatia
- Cyprus
- Czech Republic
- Denmark
- Estonia
- Finland
- Germany
- Greece
- Hungary
- Ireland
- Italy
- Latvia
- Lithuania
- Luxembourg
- Malta
- Netherlands
- Poland
- Portugal
- Romania
- Slovakia
- Slovenia
- Spain
- Sweden
- Iceland
- Liechtenstein
- Norway
Read more

Opinion 26/2024 on the draft decision of the DE Bremen Supervisory Authority regarding the “Catalogue of Criteria for the Certification of IT-supported processing of Personal Data pursuant to art 42 GDPR (‘GDPR – information privacy standard’)” presented

2 December 2024
- Opinion of the Board (Art. 64)

2 December 2024
- Opinion of the Board (Art. 64)

2 December 2024
- Opinion of the Board (Art. 64)

26 November 2024 National News
- Germany
Read more

The French SA fines COSMOSPACE EUR 250,000 and TELEMAQUE EUR 150,000

20 November 2024 One-Stop-Shop News
- Austria
- Belgium
- Denmark
- Cyprus
- Croatia
- Czech Republic
- France
- Germany
- Greece
- Hungary
- Italy
- Latvia
- Luxembourg
- Malta
- Netherlands
- Portugal
- Poland
- Slovenia
- Sweden
- Spain
Read more

Opinion 20/2024 on the draft decision of the North Rhine-Westphalian Supervisory Authority regarding the Controller Binding Corporate Rules of the Viega Group

17 September 2024
- Opinion of the Board (Art. 64)

Mentioned entities

European Data Protection Board

Parties

Vodafone KASPR COSMOSPACE TELEMAQUE Infosys Group Viega Group

Related changes

Favicon for www.edpb.europa.eu 10th Anniversary GDPR Marks European Data Protection Evolution
Routine Apr 27, 2026 EDPB EU News Data Privacy & Cybersecurity
Favicon for edpb.europa.eu Opinion 11/2026 on Belgian Draft Decision on Controller BCRs for Kuwait Petroleum Group
Priority review Apr 27, 2026 EDPB Documents (GDPR) Data Privacy & Cybersecurity
Favicon for edpb.europa.eu Opinion 10/2026 on Dutch Supervisory Authority Draft Decision Regarding Controller Binding Corporate Rules of the SLB Group
Routine Apr 27, 2026 EDPB Documents (GDPR) Data Privacy & Cybersecurity

Get daily alerts for EDPB Decisions

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.edpb.europa.eu
EDPB Decisions edpb.europa.eu/our-work-tools/consistency-findings/register-for-decisions_en
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from EDPB.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
EDPB
Instrument
Notice
Branch
International
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies Telecommunications firms
Industry sector
5170 Telecommunications
Activity scope
Data processing compliance International data transfers Certification Cross-border enforcement
Geographic scope
European Union EU

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Compliance frameworks
GDPR
Topics
Consumer Protection Anti-Money Laundering

Browse Categories

Agriculture & Food Safety 84 Banking & Finance 507 Consumer Protection 142 Courts & Legal 631 Data Privacy & Cybersecurity 153 Defense & National Security 52 Education 63 Energy 135 Environment 170 Government & Legislation 529 Healthcare & Life Sciences 411 Immigration 11 Insurance 90 Labor & Employment 196 Pharma & Drug Safety 14 Real Estate & Housing 76 Securities & Markets 178 Tax 118 Telecom & Technology 58 Trade & Sanctions 167 Transportation 132

Get alerts for this source

We'll email you when EDPB Decisions publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!