Search results
From GDPRhub
- Datatilsynet (Norway) - 20/01627 (category Article 4(1) GDPR)the DPA held that the recordings captured personal data pursuant to Article 4(1) GDPR. Since the controller did not use the recordings, they had not assessed45 KB (6,973 words) - 05:12, 15 September 2022
- Commissioner (Cyprus) - Α/Π 68/2017 (category Article 32(4) GDPR)that Cyprus Police was responsible for a violation of Article 32 par.1(b) & (d) and par.(4) GDPR, as a result of the acts and/or omissions of the Police6 KB (649 words) - 16:51, 6 December 2023
- CNIL (France) - SAN-2023-018 (category Article 31 GDPR)DPO and to cooperate with the DPA, therefore violating Article 31 GDPR and Article 37(1)(a) GDPR. On 2 June 2021, the French DPA (“CNIL”) informed a French22 KB (3,384 words) - 13:25, 24 January 2024
- AEPD (Spain) - PS/00491/2020 (category Article 6(1) GDPR)violation of Article 13 GDPR and issued a warning to the controller. The AEPD took into account the following aggravating factors (Article 83 (2) GDPR) to determine19 KB (2,957 words) - 14:45, 13 December 2023
- HDPA (Greece) - 29/2023 (category Article 5(1)(c) GDPR)15(1)(a)-(h) GDPR. For these reasons, under Article 58 GDPR, the HDPA reprimanded the controller for violating Article 5(1)(c) GDPR and Article 15 GDPR. In addition21 KB (3,334 words) - 09:12, 25 October 2023
- NAIH (Hungary) - NAIH-1091-10/2022 (NAIH-6936/2021) (category Article 12(4) GDPR)the GDPR, 16 - Article 5 (2) of the GDPR, - Article 7 (1) of the GDPR, - Paragraphs (1) – (4) of Article 12 of the GDPR and - Article 15 (1) and Article69 KB (11,255 words) - 10:08, 17 November 2023
- DSB (Austria) - 2021-0.347.702 (category Article 6(1)(f) GDPR)or by a third party. The court used Article 9(2)(f) GDPR to interpret legitimate interests under Article 6(1)(f) GDPR as including the establishment, exercise25 KB (3,875 words) - 10:36, 11 January 2024
- Datatilsynet (Denmark) - 2019-441-1581 (category Article 34 GDPR)persons pursuant to Article 34(1) GDPR. The Danish DPA found that Intervare did not go through with a proper assessment pursuant to Article 34(1), as it had24 KB (3,365 words) - 16:37, 6 December 2023
- AEPD (Spain) - PS/00425/2019 (category Article 5(1)(f) GDPR)of an infringement of Article 5 (1) (f) of the GDPR under (74345679) (f) of the GDPR, as set out in Article 83 (5) (a) of the GDPR. SECOND: To notify this14 KB (2,140 words) - 14:39, 13 December 2023
- ANSPDCP (Romania) - Warning issued to Bucharest Municipality (District 4) (category Article 5(1)(a) GDPR)and voice) according to Article 5(1)(a) GDPR and Article 6(1) GDPR? The ANSPDCP found that the staff of the General Directorate of 4th District Local Police7 KB (931 words) - 15:22, 13 December 2023
- Datatilsynet (Norway) - 20/02172 (category Article 6(1)(f) GDPR)under Article 6(1)(f) GDPR. The DPA also requires that the company implement internal controls of their credit rating process as per Article 24 GDPR. The28 KB (4,155 words) - 18:57, 5 March 2022
- Court of Appeal of Brussels - 2021/AR/74 (category Article 6 GDPR)various GDPR violations (including the principles of legality, transparency and fairness, minimisation and security among others). In total, 4 complaints5 KB (518 words) - 15:08, 9 August 2022
- HDPA (Greece) - 38/2022 (category Article 4 GDPR)processing personal data, in line with the definition of Article 4(1) GDPR. In accordance with Article 5(3) GDPR, the controller had an obligation to demonstrate9 KB (974 words) - 15:54, 20 December 2022
- AEPD (Spain) - PS/00114/2019 (category Article 6(1) GDPR)the RGPD must be observed. In turn, pursuant to article 83. 2.k GDPR, the circumstances described in article 76 LOPDGDD may also be taken into consideration60 KB (10,197 words) - 14:01, 13 December 2023
- AEPD (Spain) - PS/00219/2019 (category Article 5(1)(d) GDPR)processing personal data without the accuracy required according to Article 5(1)(d) GDPR. BBVA sent the claimant's personal data to a collection agency. The37 KB (5,785 words) - 14:11, 13 December 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI and article 4 paragraph 1 SUWI106 KB (14,502 words) - 17:09, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8393/161/2019 (category Article 5(1)(c) GDPR)with Article 5 (1) (a) and Article 6 (1) (f) GDPR. Thus, the controller failed to comply with the accountability principle under Article 5 (2) GDPR. Second111 KB (17,604 words) - 13:08, 3 March 2024
- Court of Appeal of Brussels - 2022/AR/953 (category Article 4(11) GDPR)the DPA to issue a referral in order to open an ex officio investigation (Article 63(1) of the Law establishing the Belgian DPA). This referral needs to indicate7 KB (681 words) - 10:43, 15 January 2024
- AEPD (Spain) - EXP202206542 (category Article 5(1) GDPR)NIF ***NIF.1, in accordance with article 58.2.d) of the GDPR, for a violation of article 13 of the GDPR typified in article 83.5.b) of the aforementioned24 KB (3,749 words) - 13:19, 13 December 2023
- AEPD (Spain) - EXP202200399 (category Article 5(1)(f) GDPR)the database of the controller. Therefore, the controller violated Article 5(1)(f) GDPR. The DPA considered several aggravating factors, such as the fact10 KB (1,343 words) - 13:13, 13 December 2023