Search results

violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR

third parties (article 83.2.k, of the C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 10/11 RGPD in relation to article 76.2.b, of the LOPDGDD)

2019, BVwerG 6 C 2.18 "It follows that the opening clauses of Article 6.2 and 6.3 GDPR for processing operations under Article 6.1(1)(e) GDPR do not cover

of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2. a)

reprimand in accordance with Article 58(2)(b) GDPR for these established violations. The DPA issued an order, as per Article 15(4)(b) of the Greek Law 4624/2019

Decision 22-02-2021 Authority: AZOP (Croatia) Jurisdiction: Croatia Relevant Law: Article 32(1)(b) GDPR Article 32(1)(d) GDPR Article 32(2) GDPR Article 32(4)

violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed

right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that

investigations the CNIL found five breaches of the GDPR: -         Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively

referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding

Finnish DPA found a healthcare provider to have breached Article 32(1) GDPR and Article 32(2) GDPR for not implementing appropriate technical and organisational

reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA also ordered the controller to erase the

section 2, letter b), of this article. The The implementing act shall be adopted in accordance with the examination procedure referred to in re article 93,

protection regulation's article 5, subsection 2, cf. Article 5, subsection 1, letter a, Article 24, cf. Article 28, subsection 1, Article 35, subsection 1, as

the alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement

breach of Article 32 of the GDPR has occurred. B. On the failure to notify the data breach to the CNIL 32. Pursuant to Article 33 (1) of the GDPR, in the

Ordinance Article 6 No. 1 letter f, for failure to assess protests, cf. Article 21, and for lack of information, cf. Article 13. 2. Pursuant to Article 58 (2)

did not react either. GDPR applicable? (Article 3(2) GDPR) The DPA held that the GDPR was applicable pursuant of Article 3(2) GDPR. Because the controller

significant negligent action (Article 83(2)(b) GDPR) and that basic personal identifiers were affected (Article 83(2)(g) GDPR). The economic volume of the

Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG, le règlement s'applique