Search results

of the GDPR: art. 5.1 a, 12.1, 13, 14, 6, 7, 5.1.c in conjunction with 25, 5.2, 28.3, 31, 37 and 38 AVG. 63. With regard to Article 5 (1) (a) GDPR, the defendant

assessment and an additional DPIA under Article 35 GDPR, in order to guarantee the adherence to the principles of Article 5 GDPR. First, the Spanish DPA stated

2019 Pursuant to article 58, second paragraph, opening words and article 83, fifth paragraph, of the GDPR, read in in connection with article 14, third paragraph

Articles 1, 2, 3, 4, 5, 6, 9, 25, 32, 35 and 36 of the GDPR, Articles 1, 2, 3, 4, 8, 9, 10, 27 and 28 of Directive (EU) 2016/680, Articles 1, 2, 3, 4,

processed, despite being prohibited by Article 9(1). This is an infringement of Article (9)(1). • Article 35 of the UK GDPR which states that “where a type of

in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection Act, provides: 1. Each supervisory

processing under Article 9 GDPR. Second, the HDPA also found a violation of the principle of lawfulness under Article 5(1a) of the GDPR. It found that the

inconsistent with Art. 35 section 1 u.s.g. - § 32 of the annex to the resolution, as inconsistent with Art. 35 section 1 and art. 40 section 2 point 1 of the Act on

associations on the basis of Article L. 761-1 of the Code of Administrative Justice can only be rejected. D E C I D E : -------------- Article 1: The interventions

data has infringed Article 5, Article 9, Article 35 and Article 36 of the Data Protection Regulation. These articles are covered by article 83.4 and 83.5 and

this from happening, in violation with Article 24(1), Article 24(2), and Article 25(1) GDPR. According to Article 24(4) of the Finish Data Protection Act

according to To 1): € 1.200,00 To 2): € 300,00 To 3): € 300,00 . . . In total: € 1.800 To 1): 3 days To 2): 1 day To 3): 1 day ... In total: 5 days Ad 1): Art.

on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for

on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for

object to the processing of his personal data under Article 6(1)(e) GDPR and Article 6(1)(f) GDPR. The court stated that if a data subject objects to data

DI-2019-7782 4 (22) infringements of Article 5 (1) (a), Article 6 (1), Article 9 (2), Article 13, Article 35 and Article 36 of the Data Protection Ordinance

demonstrate its respect of Article 5(1)(a) and (c) GDPR and should have conducted an impact assessment under Article 35 GDPR and ordered it to comply with

under Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet

controller had infringed Article 6(1) GDPR, in addition to violating the principle of data minimisation in Article 5(1)(c) GDPR. Concerning the second issue

persons. This includes in accordance with Article 35 (3) b that an impact assessment pursuant to Article 35 (1) shall be required in particular in cases