Search results

agreement on joint responsibility as required under Article 26(1) of the GDPR. Article 33(1) GDPR outlines that controllers (as defined above) have an

the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 16 (available here) referring to Article 1(1)(b) Directive (EU) 2015/1535

systematic monitoring of data subjects on a large scale. Article 37(1)(b) GDPR and Article 37(1)(c) GDPR also extends the requirement to appoint a DPO to controllers

must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller

Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article

difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter

decisions in Category:Article 26 GDPR Petri, in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 26 GDPR, margin number 12 (C.H. Beck 2019).

Datenschutzrecht, Article 61 GDPR, margin number 7 (C.H. Beck 2019, 1st ed.) Polenz, in Simitis, Hornung, Spiecker, Datenschutzrecht, Article 61 GDPR, margin number

with the support of the EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph

this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the

up. Indeed, the wording of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct

consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is

of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and

elements. Infringement of Article 6 and 9 GDPR qualifies for the maximum amount for administrative fines as set out in Article 83(5) GDPR: 20,000,000 € or 4%

Articles 5(1)(a), 12(1) and 13(1)(c) GDPR within three months, to refer not only to information provided on data processed pursuant to Article 6(1)(b) GDPR, but

decision under Article 66 GDPR when the lead SA fails to respond to provide mutual assistance within a month as per Article 61(8) GDPR. The CJEU adopted

infringement of Article 5(1)(c) GDPR. After recalling that each concerned DPA could submit a request for mutual assistance under Article 61 GDPR and thereby

included within the framework of data protection. Therefore, Article 16 GDPR cannot be applied. Article 16 refers to inaccurate personal data, not to the rectification

third-party action (1.). On the complainant's side, his general right of personality (Article 2.1 in conjunction with Article 1.1 of the Basic Law) in

there. The content of article 5.1 letter c) is considered to be allegedly affected. GDPR that provides: “Personal data will be: c) adequate, relevant and