Search results

September 2021, the Danish DPA found violations of Articles 5(2), 5(1)(a), 32(1), (33)(1) and (35)(1) GDPR. It ordered the Municipality to bring its processing

Protection Agency is of the opinion that Zoo's description, cf. Article 33, subsection Article 33 (3) (d) of the measures taken to deal with the breach was not correct

notified the DPA too late about the data breach in violation of the Article 33 GDPR. The DPA also ordered the controller to communicate the data breach to

obliged to notify the data breach to the AP within 72 hours pursuant to Article 33(1) GDPR. The AP recalled that the main purpose of this obligation is to encourage

in accordance with Art. 33 paragraph. 1 of the Regulation 2016/679, which must contain the information specified in art. 33 paragraph. 3 of Regulation

authority, in accordance with art. 33 sec. 1 Regulation 2016/679, which must contain the information specified in art. 33 sec. 3 of this source of law, but

NOK 100,000. The notified fee of NOK 150,000 was thus reduced by approx. 33.33% with reference to the company's financial situation. The Authority considers

Jurisdiction: Spain Relevant Law: Article 4(12) GDPR Article 32 GDPR Article 33 GDPR Type: Investigation Outcome: No Violation Found Started: Decided: Published:

obligation to document a personal data breach (Article 33 GPDR) The DPA also determined a violation of Article 33 GDPR. The documentation provided by the controller

Article 67 of the Bulgarian Personal Data Protection Act (PDPA), supra Article 33 of the GDPR, and violation of the requirement for communicating the personal

and officially notified the HDPA of the breach in accordance with Article 33 GDPR. Corrective measures to fix the issue were also implemented. Despite

obligation under the articles5 (1) (f), 5 (2), 15, 32 and 33 of the Regulation, as well as article 33 (1) (y) of Law 125 (1) / 2018and she was asked to submit

(hereinafter 'the Code'); HAVING REGARD to Article 5, of Legislative Decree no. 33 of 14 March 2013 on "Reorganization of the rules concerning the right of civic

level of security, as required by article 32, read in conjunction with article 33 GDPR. The Garante examined the notification by the university “la Sapienza”

Authority: AEPD (Spain) Jurisdiction: Spain Relevant Law: Article 32 GDPR Article 33 GDPR Type: Investigation Outcome: No Violation Found Started: Decided: 06

that BroBizz's processing of personal data was in accordance with Article 33 (2) of the Data Protection Regulation. 1 and Article 34 (1). First The following

insufficient took precautions to prevent the data breach b. Articles 33.1 and 33.5 and 34.1 GDPR, given that defendant did not mention it data breach to

Public Health Service of Madrid for violating Articles 5(1)(f), 25(1), 32 and 33 GDPR due to a website failure which resulted in the exposure of personal data

outcome of the survey n ° [...] carried out with the public establishment A 33/33

Jurisdiction: Spain Relevant Law: Article 5(1)(f) GDPR Article 32 GDPR Article 33 GDPR Type: Investigation Outcome: No Violation Found Started: Decided: 06