Search results
From GDPRhub
- CNIL (France) - SAN-2022-019 (category Article 3(2) GDPR) (section English Machine Translation of the Decision)data subjects in the EU. (2) Secondly, the DPA held that the processing of the controller was linked to the monitoring of the behaviour of data subjects (Article11 KB (1,452 words) - 17:03, 6 December 2023
- Insolvency Act prohibits the Director of an insolvent company to use the name of that company in the 12 months leading up to the liquidation. The Insolvency Service5 KB (573 words) - 21:38, 21 April 2021
- redacted version of the document in question but sought to withhold the redacted information on the basis of section 40(2) of FOIA. 2. The Commissioner’s24 KB (3,788 words) - 16:22, 7 March 2022
- defined by the Data Protection Act 2018 (‘DPA’). By referring to section 3(2) of the DPA, the ICO stated that the withheld information in the audio record5 KB (673 words) - 16:37, 12 May 2020
- Article 9 GDPR (section (c) Protection of the vital interests of the data subject or of another natural person)high level of protection of natural persons and to remove the obstacles to flows of personal data within the Union, the level of protection of the rights and44 KB (5,905 words) - 14:00, 24 October 2023
- General to the DPA. The current Panel had been elected by the Italian Parliament on the 14 July 2020. The Garante operates under the GDPR and the national7 KB (808 words) - 08:17, 16 February 2023
- consequence, the exporter must verify the state of law and practice in the third country. The analysis should not cover the entire legal system of the third country34 KB (3,646 words) - 08:53, 27 March 2023
- indicates that the processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk. 2. Where the supervisory31 KB (3,646 words) - 08:51, 21 July 2023
- Article 32 GDPR (section (4) Natural persons acting under the authority of the controller or the processor)for ensuring the security of the processing. 2. In assessing the appropriate level of security account shall be taken in particular of the risks that are41 KB (5,197 words) - 12:17, 17 April 2024
- Secretariat, the Director of the Knowledge Center, the Director of the Front Line Service, the Inspector General and the President of the Litigation Chamber9 KB (993 words) - 07:10, 28 July 2022
- aware of the act. The enforcement of a DPA decision shall not be suspended during the deadline for the submission of the cancellation request. The complainant23 KB (2,039 words) - 08:15, 25 April 2024
- Public Authorties and Bodies In the context of the adoption of the Member State law on which the performance of the tasks of the public authority or public52 KB (7,297 words) - 08:05, 18 July 2023
- Article 40 GDPR (section (7-10) Role of the DPAs and the EDPB in the approval of codes with general validity)subjects; (f) the exercise of the rights of data subjects; (g) the information provided to, and the protection of, children, and the manner in which the consent44 KB (5,008 words) - 14:50, 28 July 2023
- Datatilsynet (Norway) (category DPA) (section Department for the enforcement of rules, international cooperation and sanctions)objections, the DPA will reassess the case and can, consequently, change parts of or their whole decision. The DPA will then send the recipient the final decision10 KB (1,078 words) - 06:40, 26 March 2023
- Article 4 GDPR (section (3) Restriction of processing)Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are125 KB (16,328 words) - 16:01, 8 March 2024
- in respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences54 KB (6,536 words) - 08:22, 16 June 2023
- consists of four internal organisational units: (1) the cabinet of the Information Commissioner, (2) the Sector for public information, (3) the Sector for protection10 KB (1,242 words) - 10:51, 6 February 2024
- provide the complainant with information about progress on the complaint, or of the outcome of the complaint, before the end of the period of 3 months beginning18 KB (2,488 words) - 15:22, 14 December 2021
- Article 42 GDPR (section (2) Demonstrating safeguards through data protection certification mechanisms, seals or marks)competent DPA.sIn any case, both must follow the certification criteria which will have previously been approved by the DPA or the EDPB. The fact that a certification27 KB (2,452 words) - 14:26, 28 July 2023
- Article 37 GDPR (section (2) Group of undertakings)excluded from the requirement to have a DPO, the reason for this being the principle that the judiciary is not subject to the authority of the DPA pursuant43 KB (4,904 words) - 12:59, 21 July 2023
- Article 47 GDPR (section (3) Exchange of Information)members; (b) the data transfers or set of transfers, including the categories of personal data, the type of processing and its purposes, the type of data subjects29 KB (2,823 words) - 15:15, 28 April 2022
- considers the decision invalid. However, a national court may not refer a question on the validity of the decision of the Board at the request of a natural30 KB (3,874 words) - 10:46, 7 December 2023
- “accredited” by the competent DPA for the purpose of ensuring compliance with the code of conduct. The criteria for this accreditation is provided in the section30 KB (2,720 words) - 14:02, 28 July 2023
- conflict of interests. 3. The accreditation of certification bodies as referred to in paragraphs 1 and 2 of this Article shall take place on the basis of criteria22 KB (1,634 words) - 14:40, 28 July 2023
- here. The budget of the CNIL is decided by the Parliament as part of the annual finance act. data on the budget since 2000 can be found here. You can help8 KB (824 words) - 22:52, 27 February 2024
- relevant, as to: (a) the purposes of the processing or categories of processing; (b) the categories of personal data; (c) the scope of the restrictions introduced;44 KB (4,896 words) - 06:25, 16 June 2023
- includes general elements of any procedure like the service of documents (Section 106 DPA 2018) or the appeals system (Section 150 DPA 2018) in data protection8 KB (1,034 words) - 14:13, 20 August 2021
- Article 91 GDPR (section (2) DPA supervision)itself, or the general DPA responsible for monitoring the application of the GDPR at the regional or national level. In both cases, all the conditions25 KB (2,482 words) - 10:04, 19 March 2024
- Spanish DPA regarding a controller established in the UK. The Spanish DPA was unable to settle a case after the British DPA, following Brexit, left the Internal17 KB (1,142 words) - 15:41, 28 April 2022
- Article 39 GDPR (section (2) Risk-based approach)and on the demonstration of compliance by the controller or the processor, especially as regards the identification of the risk related to the processing23 KB (2,165 words) - 15:10, 27 July 2023
- Article 55 GDPR (section (2) Exclusive competence regarding processing for compliance with a legal obligation or in the public interest)for the performance of the tasks assigned to and the exercise of the powers conferred on it in accordance with this Regulation on the territory of its35 KB (3,971 words) - 21:34, 1 April 2024
- Article 83 GDPR (section (3) Multiple infringements caused by the same or linked processing operations ("unity of action"))or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher: (a) the obligations55 KB (7,622 words) - 14:04, 7 November 2023
- according to § 2(3) LDSG and § 2(5) LDSG-JB. According to § 25(3) LDSG the LfDI is responsible for complaints against governmental institutions of Baden-Württemberg4 KB (275 words) - 11:13, 8 May 2022
- investigative powers of the competent DPA. The powers in question are provided for in Article 58(e) and (f) GDPR, under which the DPA can “obtain, from the controller18 KB (1,599 words) - 12:26, 29 April 2022
- Article 63 GDPR (section Any Other Matter of General Application or Producing Effects in different Member States)“either between the DPAs over the course of the one-stop-shop mechanism [...], or when a DPA disregards or fails to seek the opinion of the EDPB in those15 KB (851 words) - 06:55, 29 April 2022
- following the expiration of the second month referred to in paragraph 2 by a simple majority of the members of the Board. Where the members of the Board are33 KB (4,185 words) - 16:09, 2 November 2023
- Law, supplementing the GDPR) Regulation n.º 757/2020, of 10 September, on the organisation and functioning of of support services for the CNPD [1]. Regulation5 KB (531 words) - 13:25, 3 May 2023
- 14(1)(1)(6) BDSG the BfDI is responsible for complaints under Article 77 GDPR. The BfDI has to inform the complainant about the ongoing procedure and the results3 KB (297 words) - 14:49, 1 December 2020
- Article 21 GDPR (section Or processing concerns the establishment, excercise or defence of legal claims)reiterates the obligation on the data controller to inform about the existence of the right to object at the time of the first communication with the data subject49 KB (5,993 words) - 06:22, 16 June 2023
- Article 34 GDPR (section (2) Minimal requirements of the controller's communication to the data subject)that the enforcement of Article 34 GDPR is likely to be difficult as the controller is the entity making the assessment of the level of the risk. The reporting37 KB (3,962 words) - 15:20, 16 June 2023
- necessary by the Commissioner for the purposes of the investigation 4. Following the conclusion of the investigation, you will be informed of the outcome.4 KB (483 words) - 08:17, 12 July 2022
- Article 38 GDPR (section (2) Necessary resources)monitoring of the data subjects on a large scale, or where the core activities of the controller or the processor consist of processing on a large scale of special29 KB (2,951 words) - 14:19, 25 July 2023
- helps to clarify the scope of obligations placed on controllers and processors based outside of the EU. Where Article 3(2) GDPR applies, the controller or25 KB (2,418 words) - 14:11, 24 May 2023
- Authority for the German state of North Rhine-Westphalia. It is in charge of enforcing the GDPR in the private sector in the German state of North Rhine-Westphalia4 KB (372 words) - 10:45, 22 September 2021
- referenced in all documents. The individual employee decides on behalf of the Slovak DPA. The head of the Slovak DPA is the President of the Office for Personal9 KB (1,006 words) - 07:13, 7 July 2021
- relevant to this issue is the case-law of the European Court of Human Rights (ECtHR) on the interpretation of the provisions of the European Convention on33 KB (3,748 words) - 14:25, 7 November 2023
- such a manner that the processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject. The controller must72 KB (9,140 words) - 13:12, 2 June 2023
- related to the spelling of the name cannot be considered insignificant because they impact the primary identifier of the data subject in the realm of automated23 KB (2,489 words) - 23:24, 6 March 2024
- Article 49 GDPR (section (b) Necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request)consideration to the nature of the personal data, the purpose and duration of the proposed processing operation or operations, as well as the situation in the country29 KB (3,500 words) - 08:54, 27 March 2023
- Article 57 GDPR (section (m) Encourage the drawing up of codes of conduct and regulate the use of codes of conduct)indicate the supervisory authority which has issued the measure, the date of issue of the measure, bear the signature of the head, or a member of the supervisory60 KB (7,796 words) - 20:12, 1 April 2024
- Article 54 GDPR (section In the course of the performance of their tasks or exercise of their powers)procedures for the appointment of the member or members of each supervisory authority; (d) the duration of the term of the member or members of each supervisory34 KB (3,649 words) - 13:19, 30 October 2023
- relation to the protection of personal data. 3. The Commission, after assessing the adequacy of the level of protection, may decide, by means of implementing43 KB (5,641 words) - 14:58, 28 April 2022
- Article 52 GDPR (section In the context of mutual assistance, cooperation and participation in the EDPB)under Article 8(3) of the Charter of Fundamental Rights of the European Union ("CFR"), Article 16(2) of the Treaty on the Functioning of the European Union47 KB (5,594 words) - 22:45, 1 April 2024
- Data Protection in Germany (section BfDI (Federal DPA))counter the risk of violating the general right of personality. Context According to the provisions of the Census Law, a census in the form of a total18 KB (1,831 words) - 13:49, 3 November 2022
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(3) GDPR) (section English Machine Translation of the Decision)July 2019, the data subject filed a complaint about the controller's answer at the DPA. The DPA continued to review the case. First, the DPA reprimanded26 KB (3,820 words) - 16:22, 6 December 2023
- within the scope of Article 100(3) ZVOP-2 in relation to Article 100(1)(2) ZVOP-2 for infringing general provisions on video surveillance. The DPA noted6 KB (645 words) - 10:59, 31 January 2024
- 2020 the Sanctions Board of the Office imposed fines for the first time. The Board has imposed a total of 21 fines, the total amount of which is €3,5035 KB (492 words) - 18:09, 19 March 2024
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR) (section English Machine Translation of the Decision)fifteen, of which the controller was fully aware, according to the DPA. Fine The DPA imposed a fine of 800,000 euros on the controller. The amount of the fine59 KB (9,566 words) - 17:03, 6 December 2023
- DSB (Austria) (category DPA) (section Relevant Elements under the Austria Data Protection Act and Administrative Procedural Act)possible the controller, the facts of the case, the reasons why the complainant feels his rights are violated, the request to find a violation of the law and11 KB (1,468 words) - 13:27, 14 May 2023
- and the data protection officer; (b) the purposes of the processing; (c) a description of the categories of data subjects and of the categories of personal31 KB (3,327 words) - 15:31, 5 June 2023
- APD/GBA (Belgium) - 161/2022 (category Article 3(2) GDPR) (section English Machine Translation of the Decision)Article 3 of the GDPR assumes of two different cases. In the first case (Article 3.1 of the GDPR), the data processing carried out in the context of the activities19 KB (2,689 words) - 15:30, 23 November 2022
- hereinafter: ZVOP-2), according to point 2 of the first paragraph of Article 103 of ZVOP-2 and according to point 3 of the first paragraph of Article 105 of ZVOP-221 KB (3,272 words) - 08:50, 1 March 2024
- Datatilsynet (Norway) - 20/02136 (category Article 3(2) GDPR) (section (a) the nature, gravity and duration of the infringement taking into account the nature scope or purpose of the processing concerned as well as the number of data subjects affected and the level of damage suffered by them)relevant in the present case. The NO DPA rejects Grindr's argument according to which the interpretation of the article violated was not clear. The NO DPA confirms18 KB (2,375 words) - 16:17, 6 December 2023
- in the text of the Regulation exempts such a category of data from the scope of the law. Finally, the DPA assessed whether the controller had a valid legal25 KB (3,679 words) - 11:30, 2 August 2023
- CJEU - C-230/14 - Weltimmo (section Was the processing carried out 'in the context of [Weltimmo's] activities' in Hungary?)circumstances, of the use of those data for the purpose of the invoicing of the advertisements after a period of one month." It referred to the Lindqvist and13 KB (1,888 words) - 13:07, 1 June 2023
- for the data transfer referred to in item 2.a). 3) The complaint against the respondent to the second complaint on the grounds of a violation of the general108 KB (17,097 words) - 13:52, 12 May 2023
- CNIL (France) - SAN-2022-024 (category Article 3 GDPR) (section English Machine Translation of the Decision)subjects in the EU (Article 3(2)(a) GDPR). The DPA concluded that Article 3(2)(b) GDPR was also not applicable. The DPA mentioned that the online collection30 KB (4,714 words) - 10:34, 4 January 2023
- Article 60 GDPR (section (3) Duty of lead supervisory authority (LSA) to communicate the relevant information and submit a draft decision)Cooperation Where the processing of personal data takes place in the context of the activities of an establishment of a controller or a processor in the Union and35 KB (4,017 words) - 16:04, 18 March 2024
- 2003/98/EC of the European Parliament and of the Council leaves intact and in no way affects the level of protection of natural persons with regard to the processing22 KB (2,177 words) - 10:01, 19 March 2024
- article 3 of the French Data Protection Act because the use of cookies is carried out within the framework of the activities of the company Google France which93 KB (14,936 words) - 17:09, 6 December 2023
- Authority for the Spanish autonomous region of the Basque Country. It is in charge of enforcing the GDPR in the public sector within the Basque Country3 KB (195 words) - 13:21, 15 September 2021
- DI-2020-11373 2(23) Date: 2023-06-30 2.2.1 Applicable regulations, etc. ................................................... .....9 2.2.2 The Privacy Protection113 KB (12,773 words) - 15:20, 6 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(2) GDPR) (section English Machine Translation of the Decision)in line with the GDPR. Furthermore, until the Municipality of Helsingor complies with the GDPR, the DPA suspended transfers of data to the United States75 KB (11,733 words) - 16:33, 21 August 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(2) GDPR) (section English Machine Translation of the Decision)high. . The warning shall be issued in accordance with Article 58 (2) of the Data Protection Regulation. 2, letter a. If the assessments of the risk made48 KB (7,442 words) - 10:24, 12 September 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 58(2)(f) GDPR) (section English Machine Translation of the Decision)Article 36(1), the ban is effective until the DPA has provided such consultation as per Article 36(2) or the DPA otherwise permits the processing until117 KB (18,075 words) - 10:19, 12 September 2022
- informed of outcome of the investigation would compromise the objectives of GDPR. The CJEU added that a DPA assessing a complaint has a margin of discretion15 KB (2,180 words) - 08:23, 13 December 2023
- AKI (Estonia) - EDPBI:ee:OSS:d:2022:343 (category Article 7(2) GDPR) (section English Machine Translation of the Decision)at a German DPA (not clear which German DPA) on 2 January 2020, which transferred the complaint on 7 May 2020 to the Estonian DPA (DPA), the lead supervisory42 KB (5,644 words) - 14:35, 30 November 2022
- decision on the language of the proceedings. Interlocutory decision 01/2021 - 4/6 2. Motivation 10. As part of the analysis of the language of the proceedings19 KB (2,707 words) - 16:50, 12 December 2023
- translation of the final decision to the provide parties. 3. On 4 February 2021, the DPA also provided the parties with the inspection report of 13 July 20208 KB (1,156 words) - 16:56, 12 December 2023
- and means of the collection and subsequent transfer of those personal data. The DPA confirmed that CDON AB is the controller. Thirdly, the DPA investigated121 KB (13,722 words) - 15:16, 5 July 2023
- ...11 2.2.2 The Privacy Protection Authority's assessment...................................13 2.3 Coop is the personal data controller for the processing115 KB (12,842 words) - 08:38, 5 July 2023
- Following the complaint, the DPA investigated the data transfers from the controller to the US through the use of Google Analytics. In its defense, the controller131 KB (14,752 words) - 08:36, 5 July 2023
- Data Protection in Greece (section Age of consent)Articles 2, 3(2)(b), 13(3), 15(1), 18(2) and (3) and 21 which remain in force according to Article 84 L. 4624/2019; 2) L. 4579/2018 on the obligations of air10 KB (1,037 words) - 14:52, 10 July 2020
- CJEU - C‑131/12 - Google Spain (section Responsibility of the operator of a search engine under Directive 95/46)Directive 95/46 … be applied, in the light of Article 8 of the [Charter], in the Member State where the centre of gravity of the conflict is located and more16 KB (2,423 words) - 13:03, 1 June 2023
- deposit in the amount of 110% of the amount enforceable on the basis of the judgment unless the judgment creditor provides security in the amount of 110% of52 KB (8,574 words) - 16:03, 10 March 2022
- BVwG - W258 2217446-1 (category Article 9(2) GDPR) (section Data on the "affinity for a political party" as special categories of personal data?)against the Austrian Postal Service. The DSB investigated i.a the records of processing activities and the data protection impact assessment of the Austrian79 KB (12,652 words) - 09:41, 10 September 2021
- Court of Appeal of Brussels - 2019/AR/1600 (category Court of Appeal of Brussels (Belgium)) (section English Machine Translation of the Decision)Article 82(2) GDPR. Most importantly, the controller challenged two of the three findings of the DPA, which had led to the fine: the absence of a valid legal60 KB (9,144 words) - 16:17, 22 March 2022
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (section English Machine Translation of the Decision)this case, the GDPR" (116). Turning to the facts of the case, the EDPB outlines a number of factors which, in contradiction to the view of the DPC, support53 KB (8,413 words) - 14:10, 30 January 2023
- those of the other persons attending the general meeting. The data subject filed a complaint with the Hungarian DPA asking it to order the controller to9 KB (1,308 words) - 12:54, 28 June 2023
- CNIL (France) - SAN-2019-005 (category Article 32(2) GDPR) (section English Machine Translation of the Decision)principle of article 5(1)(e) GDPR as the purpose of the processing had been reached by awarding the lease to one of the candidates. The DPA sanctioned the company41 KB (6,558 words) - 17:09, 6 December 2023
- HDPA (Greece) - 3/2022 (category Article 58(2)(f) GDPR) (section English Machine Translation of the Decision)A' 137), within the framework of the powers provided for in Articles, 4 para. 3(a) and 10(3)(a) and (10)(a) 4 of the Authority's Rules of Procedure (Government11 KB (1,492 words) - 13:09, 23 November 2022
- Tietosuojavaltuutetun toimisto (Finland) - 4680/182/18 (category Article 9(2)(a) GDPR) (section English Machine Translation of the Decision)process the insurance application and any compensation case. The registrar states that the provision of Section 13, subsection 2 of the Act on the Status49 KB (7,496 words) - 14:44, 24 January 2024
- Personvernnemnda (Norway) - 2021-20 (20/01648) (section English Machine Translation of the Decision)83(2) GDPR, and in which case, how large it should be. The Board agreed with the DPA that the installation of the camera was not discussed with the employees31 KB (5,018 words) - 18:44, 5 March 2022
- rowspan="2" width="3"><img src="http://www.dpa.gr:80/APDPXPortlets/images/menutop_space.jpg" width="3" height="104"></td><!--/*++++++++++++++++++++++++2 Υπο56 KB (7,755 words) - 15:39, 6 December 2023
- HDPA (Greece) - 20/2023 (category Article 12(2) GDPR) (section English Machine Translation of the Decision)such, the DPA ordered the controller to comply with the access request and issued a fine of: a) €60,000 for the violation of Article 21(3) GDPR as the controller6 KB (634 words) - 17:48, 17 July 2023
- BVwG - W211 2222613-2/12E (category Article 15(3) GDPR) (section English Machine Translation of the Decision)Is the term 'copy' in Article 15(3) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals51 KB (8,592 words) - 07:03, 2 November 2021
- Court of Appeal of Brussels - 2020/AR/1160 (First Interim Decision) (category Court of Appeal of Brussels (Belgium)) (section English Machine Translation of the Decision)- 2020/AR/1160 -p. 3 3. Legal framework for the restricted debate. 3.1. Article 108 of the Law of 3 December 2017 establishing the Data Protection Authority25 KB (3,812 words) - 10:03, 20 August 2021
- Court of Appeal of Brussels - 2022/AR/549 (category Court of Appeal of Brussels (Belgium)) (section English Machine Translation of the Decision)legal basis for the processing of data. The DPA therefore considered that the controller had a legitimate interest for the processing of the data subject's37 KB (5,765 words) - 09:53, 14 December 2023
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 9(2)(a) GDPR) (section The relationship to freedom of speach and processing for journalistic purposes)Consequently, the DPA's decision item 8 was removed entirely, as the introduction of the GDPR removed the requirement for a license from the DPA to process144 KB (23,058 words) - 18:48, 5 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (section English Machine Translation of the Decision)correspondence on the matter by e-mail with the representatives of the data controller. Part of the correspondence has been delivered to the Office of the Data Protection41 KB (6,555 words) - 08:37, 4 March 2024