Search results

administrative fine to be imposed, observe the provisions contained in articles 83.1 and 83.2 of the RGPD, which point out: "1. Each control authority will guarantee

on a large scale. Despite The GDPR does not define what is meant by large-scale processing, both the recital 91 of the GDPR as the Working Party of article

July 2021. 7GDPR, Art. 12. 8 GDPR, Art. 12.2 and 12.3. 9GDPR, Art. 12.3. 1 GDPR, Art. 12.3. 1 GDPR, Art. 12.4. Decision 158/2022 - 6/13 26. Secondly, it

fine to be imposed, it is mandatory refer to the provisions of articles 83.1 and 83.2 of the RGPD, provisions that establish: "Each control authority will

held that a fine was necessary. The DPA held that, with reference to Recital 148 GDPR, the infringement could not be regarded as 'minor'. Having regard to

of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2. a) of the GDPR more precisely);

personal data from Article 9 GDPR. According to the AEPD, even if the controller may had relied on the exemption on Article 9 GDPR(2)(f), since the data were

article 83.5 a) of the GDPR. SAW In order to establish the administrative fine that should be imposed, they must The provisions contained in articles 83.1 and

invitation to comply, breaching Article 12 GDPR, Article 15 GDPR, Article 16 GDPR, Article 17 GDPR and Article 18 GDPR. Thus, due to the aformentioned breaches

review under Article 78 GDPR. The disputed infringement occurred before the GDPR came into legal force according to Article 99 GDPR. Therefore, the data subject's

sec. 1 lit. a) and h), art. 58 sec. 2 lit. i), art. 83 sec. 1 - 3, art. 83 sec. 4 lit. a), art. 83 sec. 5 lit. a) in connection with Art. 5 sec. 1 lit

of the offense typified in the article 83.5.a) of the aforementioned Regulation 2016/679. In this sense, Recital 40 of the RGPD states: "(40) For the treatment

basis under Article 6(1) GDPR and in violation of transparency obligations in the privacy policy under Article 5(1)(a) and 13 GDPR. The DPA in the first instance

alleged violation of articles 32.1 and 5.1.f) of the GDPR, typified in article 83.4.a) and 83.5.a) of the GDPR, with warning. Receipt by the claimant of the agreement

1 lit. c GDPR. It cannot be deduced from Section 256 IO that Insolvency data (at all) also based on other permitted circumstances Art. 6 GDPR may no longer

required by Article 13 GDPR. Furthermore, the AEPD, highlighted that the RFEF did not provide the information required by Article 13(3) GDPR about further processing

controller was in breach of Article 12(2) GDPR. The DPA found that the infringements were minor pursuant to Recital 148, because (1) the infringements found

Article 16 sentence 1 GDPR is the legal basis for a request for rectification, even if the request has been submitted before the GDPR entered into force:

that the firm had violated Articles 33(1) GDPR (notification of data breaches to the DPA) and Article 34(1) GDPR (communication of data breaches to data

in breach of Articles 5(1)(a) and 6 GDPR. Finally, the Italian DPA found a violation of Article 25(1) and (2) GDPR because the controller had not adopted