Search results

From GDPRhub
  • not relate to an identifiable person. The GDPR imposes an active duty on the controller to delete data. The controller may not wait for an action by the
    50 KB (6,285 words) - 14:57, 27 March 2024
  • protection of data subjects” as well as “providing an easily workable and accessible mechanism to ensure an unconditional possibility for data subjects to
    108 KB (17,005 words) - 15:39, 18 March 2024
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors
    125 KB (16,328 words) - 16:01, 8 March 2024
  • country or to an international organisation if the third country or international organisation concerned does not or no longer offers an appropriate level
    46 KB (5,825 words) - 11:12, 7 November 2023
  • information directly to them (e.g. in an attachment), linking to the resources on a website, or providing it as an answer to a natural language question
    76 KB (11,304 words) - 08:37, 4 March 2024
  • Adherence to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element
    41 KB (5,187 words) - 12:57, 14 June 2023
  • during the period it takes to respond to an access request. The controller may not delete information to avoid an accurate response. As a matter of transparency
    73 KB (9,896 words) - 15:46, 18 March 2024
  • (abbreviated "AEPD") is the national Data Protection Authority for Spain. The AEPD is an independent public body in charge of enforcing the GDPR in Spain. Its head
    4 KB (386 words) - 15:29, 3 September 2021
  • can be provided in written or electronic form, as an annex to a contract, a hard-copy document or an online multilayered document. To avoid discrepancies
    71 KB (9,532 words) - 13:30, 6 March 2024
  • infringement. Where administrative fines are imposed on an undertaking, an undertaking should be understood to be an undertaking in accordance with Articles 101 and
    55 KB (7,622 words) - 14:04, 7 November 2023
  • the photograph to be stored, as an example. Similarly, if there are no further labour law disputes with an employee, an employer no longer needs to store
    61 KB (8,488 words) - 15:47, 18 March 2024
  • as it is necessary to have an account too in order to access that data. Additionally, the app gives you the option of using an anonymous profile, and the
    44 KB (5,905 words) - 14:00, 24 October 2023
  • intervention to an indefinite number of natural persons. 3. An approved certification mechanism pursuant to Article 42 may be used as an element to demonstrate
    43 KB (4,675 words) - 06:43, 16 June 2023
  • conducted prior to a valid objection remains unaffected (with an ex-nunc effect). In the event of an objection from the data subject, the controller is required
    49 KB (5,993 words) - 06:22, 16 June 2023
  • members who are elected by Parliament for a seven-year term. The authority has an office in Rome with a staff currently numbering about 125 people. The Panel
    7 KB (808 words) - 08:17, 16 February 2023
  • processor to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element
    72 KB (9,140 words) - 13:12, 2 June 2023
  • matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a declaration which constitutes an infringement
    31 KB (3,489 words) - 16:00, 8 March 2024
  • third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred
    47 KB (5,644 words) - 17:49, 5 March 2024
  • breach”, where there is an unlawful or accidental disclosure of, or access to, personal data; an “integrity breach”, where there is an unlawful or accidental
    54 KB (6,536 words) - 08:22, 16 June 2023
  • proportionality plays an important role in determining whether a measure is appropriate. Thus, the cost-effectiveness of a measure can play an important part
    26 KB (2,953 words) - 07:57, 23 May 2023
  • in charge of enforcing GDPR in Belgium. The DPA consists of five bodies and an Executive Committee. The Executive Committee is composed of Director of the
    9 KB (993 words) - 07:10, 28 July 2022
  • the controller; (b) an assessment of the necessity and proportionality of the processing operations in relation to the purposes; (c) an assessment of the
    52 KB (7,297 words) - 08:05, 18 July 2023
  • in Article 4(24) GDPR stipulating that it is an objection to a draft decision as to “whether there is an infringement of this Regulation, or whether envisaged
    35 KB (4,017 words) - 16:04, 18 March 2024
  • not foresee an exception for “minimal violations” and there is no opening clause that would allow national law or case law to create such an exception.
    33 KB (4,215 words) - 09:57, 19 March 2024
  • necessary and appropriate steps with a view to resolving an issue or establishing whether an infringement has been committed and if so under what circumstances
    59 KB (7,678 words) - 15:58, 28 March 2024
  • The first information usually is an acknowledgement of receipt and a notice that the case has been forwarded to an (alleged) lead LSA. Although there
    33 KB (3,641 words) - 09:51, 19 March 2024
  • breach”, where there is an unauthorised or accidental disclosure of, or access to, personal data; an “integrity breach”, where there is an unauthorised or accidental
    37 KB (3,962 words) - 15:20, 16 June 2023
  • the transfer of personal data to a third country or an international organisation in the absence of an adequacy decision and always 'on condition that enforceable
    34 KB (3,646 words) - 08:53, 27 March 2023
  • of the presence of an establishment of the controller or processor in the Member State of which the SA informed it. The existence of an establishment in
    52 KB (7,153 words) - 18:48, 8 January 2024
  • Recital 22: Processing Activities by an Establishment Any processing of personal data in the context of the activities of an establishment of a controller or
    31 KB (3,550 words) - 11:11, 29 November 2023
  • obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing
    31 KB (3,327 words) - 15:31, 5 June 2023
  • officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner. Article
    43 KB (4,904 words) - 12:59, 21 July 2023
  • The Danish Data Protection Authority (Datatilsynet) is the national Data Protection Authority for Denmark. It resides in Copenhagen and is in charge of
    6 KB (605 words) - 14:08, 27 April 2021
  • protection of personal data. It was first established in 1997 and its role as an independent guardian of the protection of personal data in Greece is constitutionally
    24 KB (2,039 words) - 12:17, 29 February 2024
  • The National Supervisory Authority for Personal Data Processing (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal) is the
    3 KB (270 words) - 08:26, 2 April 2021
  • Decisions of the EDPB and Right to an Effective Judicial Remedy Any natural or legal person has the right to bring an action for annulment of decisions
    30 KB (3,874 words) - 10:46, 7 December 2023
  • designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society
    31 KB (4,768 words) - 06:24, 16 June 2023
  • 2018 a party can appeal to the Tribunal for: a) an information notice, b) an assessment notice, c) an enforcement notice, d) a penalty notice and a e)
    18 KB (2,488 words) - 15:22, 14 December 2021
  • of rights may apply, such as the preliminary results of an investigation, a decision opening an inquiry, etc.” Moreover, if special categories of personal
    44 KB (4,896 words) - 06:25, 16 June 2023
  • Article 45 - Transfers on the basis of an adequacy decision 1. A transfer of personal data to a third country or an international organisation may take place
    43 KB (5,641 words) - 14:58, 28 April 2022
  • data can be transferred to a third country or an international organisation without the existence of an adequate level of protection or the implementation
    21 KB (1,831 words) - 08:51, 27 March 2023
  • Recital 22: Processing Activities by an Establishment Any processing of personal data in the context of the activities of an establishment of a controller or
    37 KB (4,635 words) - 13:29, 24 October 2023
  • connection, “an activity cannot be regarded as being purely personal or domestic where its purpose is to make the data collected accessible to an unrestricted
    34 KB (4,652 words) - 12:07, 12 November 2023
  • Commission may not compel an undertaking to provide it with answers which might involve an admission on its part of the existence of an infringement which it
    22 KB (2,042 words) - 14:29, 20 November 2023
  • The Icelandic Data Protection Authority (Persónuvernd) is the national Data Protection Authority for Iceland. It resides in Reykjavík and is in charge
    2 KB (139 words) - 15:11, 1 December 2020
  • officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner. Article
    29 KB (2,951 words) - 14:19, 25 July 2023
  • a third country or an international organisation. Member States should notify such provisions to the Commission. Any transfer to an international humanitarian
    29 KB (3,500 words) - 08:54, 27 March 2023
  • the Commission with an opinion on the certification requirements referred to in Article 43(8); (r) provide the Commission with an opinion on the icons
    27 KB (3,038 words) - 12:19, 11 October 2023
  • particular whether there is an infringement of this Regulation. Recital 143: Action for Annulment of Decisions of the EDPB and Right to an Effective Judicial Remedy
    33 KB (4,185 words) - 16:09, 2 November 2023
  • procedure is whether the "advice" of the DPA is indeed merely an advice, or whether it can be seen as an approval on moving forward with the processing operation
    31 KB (3,646 words) - 08:51, 21 July 2023
  • paragraphs 1 and 2, the Board shall issue an opinion on the matter submitted to it provided that it has not already issued an opinion on the same matter. That opinion
    23 KB (2,079 words) - 16:07, 2 November 2023
  • CNIL was established in 1978 with the law "Informatique et Libertés". It is an independent administrative authority led by a college of 18 members and a
    8 KB (824 words) - 22:52, 27 February 2024
  • they form the Sanctions Board, which imposes the fines set out in the GDPR. An independent Expert Board is also appointed by the government for three-year
    5 KB (492 words) - 18:09, 19 March 2024
  • in particular, the transmission of relevant information on the conduct of an investigation. 3. Requests for assistance shall contain all the necessary
    24 KB (2,181 words) - 11:46, 15 January 2024
  • requires the joint controllers have an arrangement that clearly allocates the roles of each party. This is not an absolute rule. Where the responsibilities
    37 KB (3,915 words) - 12:49, 24 May 2023
  • request an urgent opinion or an urgent binding decision from the EDPB where a CSA has not taken an appropriate measure in a situation where there is an urgent
    20 KB (1,590 words) - 16:11, 2 November 2023
  • activities of an establishment on SA's territory, affects data subjects on its territory, or where processing, by a controller or processor without an establishment
    38 KB (4,589 words) - 16:01, 18 March 2024
  • 'not-for-profit' must be given an autonomous meaning, its interpretation in this context should not be determined by Member State law. Essentially, an NPO must not pursue
    26 KB (2,575 words) - 15:50, 9 November 2023
  • Data Protection Authority (DPA) for Norway, headquartered in Oslo. The DPA is an independent body established in 1980, through the Act No. 48 of 9 June 1978
    10 KB (1,078 words) - 06:40, 26 March 2023
  • is in charge of enforcing GDPR in Slovenia. The Information Commissioner is an autonomous and independent body and it oversees personal data protection and
    10 KB (1,242 words) - 10:51, 6 February 2024
  • of SAs extends to adequacy decisions adopted by the Commission. An SA is not bound by an adequacy decision adopted by the Commission under Article 45 GDPR
    47 KB (5,626 words) - 08:08, 25 October 2023
  • law must be subject to "control by an independent authority." Independent supervisory authorities are also considered an essential component of the right
    27 KB (2,604 words) - 14:24, 16 January 2024
  • the body, including whether it is an internal or external one. For example, an internal body could be in the form of an “ad hoc internal committee”, or another
    30 KB (2,720 words) - 14:02, 28 July 2023
  • this Article which intend to prepare a code of conduct or to amend or extend an existing code shall submit the draft code, amendment or extension to the supervisory
    44 KB (5,008 words) - 14:50, 28 July 2023
  • example, a proportionate exemption will rightfully apply to an artistic photo meant for an exhibition, but not to the data of buyers that the art gallery
    33 KB (3,748 words) - 14:25, 7 November 2023
  • The adherence of the processor to an approved code of conduct or an approved certification mechanism may be used as an element to demonstrate compliance
    13 KB (674 words) - 13:15, 2 June 2023
  • re-organisation of an SA. The provision's aim of establishing an exhaustive list of grounds for the termination of a member's mandate is an attempt to safeguard
    29 KB (2,894 words) - 14:45, 25 October 2023
  • is no need to be represented by a lawyer an the procedure is rather informal and usually does not require an oral hearing. The filing fee is € 35. Applicants
    11 KB (1,468 words) - 13:27, 14 May 2023
  • is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to
    28 KB (3,831 words) - 16:21, 14 March 2024
  • According to Article 6(9) DMA, gatekeepers shall provide an end user and third parties authorised by an end user with effective portability of data provided
    40 KB (5,349 words) - 07:05, 1 June 2023
  • "right to rectification", addresses situations of inaccurate personal data with an additional right of the data subject that has a broader scope, but also requires
    23 KB (2,489 words) - 23:24, 6 March 2024
  • harmonisation, in an attempt to confront a melting pot of legal principles, which are near impossible to fully reconcile. Article 88(1) GDPR acts as an opening clause
    32 KB (3,228 words) - 13:32, 30 November 2023
  • officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner. Article
    23 KB (2,165 words) - 15:10, 27 July 2023
  • personal data relating to him infringes the GDPR, he can submit an application for commencing an administrative procedure for data protection. The application
    7 KB (821 words) - 14:16, 7 March 2024
  • supervisory authority under Articles 57 and 58, certification bodies which have an appropriate level of expertise in relation to data protection shall, after
    22 KB (1,634 words) - 14:40, 28 July 2023
  • Article 71 - Reports 1. The Board shall draw up an annual report regarding the protection of natural persons with regard to processing in the Union and
    15 KB (1,196 words) - 08:15, 19 October 2023
  • or a specified sector within that third country, or an international organisation does not ensure an adequate level of protection, and imperative grounds
    17 KB (1,096 words) - 08:19, 19 October 2023
  • authorised by Union law Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor
    14 KB (716 words) - 15:19, 28 April 2022
  • a controller is processing inaccurate personal data and that this may have an adverse effect on them (e.g. inaccurate bank account details which may lead
    32 KB (3,730 words) - 08:43, 7 March 2024
  • to professional secrecy or an equivalent obligation of confidentiality under Union Law or the Member State Law, or under an obligation issued by the competent
    18 KB (1,599 words) - 12:26, 29 April 2022
  • constitute an appropriate safeguard for international data transfers. BCRs is one of the appropriate safeguards which can be used, in the absence of an adequacy
    29 KB (2,823 words) - 15:15, 28 April 2022
  • The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone
    20 KB (1,854 words) - 16:32, 8 March 2024
  • interpretations include 1) documents generated by an authority in its official capacity and 2) all documents held by an authority. Recital 154 seems to lean towards
    22 KB (2,177 words) - 10:01, 19 March 2024
  • of a misdemeanour procedure, provided that such an application of the rules in those Member States has an equivalent effect to administrative fines imposed
    19 KB (1,477 words) - 14:12, 7 November 2023
  • previously directly engaged with controllers in an "audit" procedure. The DPC now mentions the option to conduct an "inquiry" on their webpage, but highlights
    8 KB (1,034 words) - 14:13, 20 August 2021
  • need for an EU framework to ensure the free flow of personal data within the European common market, the European Commission has proposed an EU Directive
    48 KB (5,978 words) - 15:57, 1 February 2024
  • perform their tasks and exercise their powers with complete independence, is an essential component of the protection of natural persons with regard to the
    34 KB (3,649 words) - 13:19, 30 October 2023
  • in Article 12(8) and Article 43(8) shall be conferred on the Commission for an indeterminate period of time from 24 May 2016. 3.   The delegation of power
    19 KB (1,525 words) - 08:18, 19 October 2023
  • The President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) is the national Data Protection Authority for Poland. It
    3 KB (249 words) - 14:38, 1 December 2020
  • the consistent application of this Regulation, the Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should
    19 KB (1,530 words) - 14:23, 12 October 2023
  • not adopt such rules and is thus subject to the GDPR. As an illustration of this, in June 2020, an administrative court in Slovenia upheld a decision from
    25 KB (2,482 words) - 10:04, 19 March 2024
  • to act under Article 66(1) shall be presumed to be met and require an opinion or an urgent binding decision from the Board pursuant to Article 66(2). Recital
    22 KB (1,915 words) - 13:46, 15 January 2024
  • order to demonstrate compliance with the GDPR. Certification is thus viewed as an accountability framework, promoting both legal compliance and transparency
    27 KB (2,452 words) - 14:26, 28 July 2023
  • is required by the consistency mechanism”. The authority tasked with such an important role is the European Data Protection Board (EDPB). The ultimate
    15 KB (851 words) - 06:55, 29 April 2022
  • 4(25) GDPR, which in turn refers to Article 1(1) of Directive (EU) 2015/1535, an "information society service" (ISS) is any service normally provided for remuneration
    19 KB (1,335 words) - 13:56, 24 October 2023
  • the consistent application of this Regulation, the Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should
    18 KB (1,327 words) - 12:36, 14 December 2023
  • consistency mechanism, the Board should, within a determined period of time, issue an opinion, if a majority of its members so decides or if so requested by any
    22 KB (2,266 words) - 08:26, 17 October 2023
  • in the Union” can be exercised based on a contract concluded with an individual or an organisation, provided that they are established in the Union. The
    25 KB (2,418 words) - 14:11, 24 May 2023
  • third country, a territory or a specified sector within that third country, or an international organisation; standard protection clauses; formats and procedures
    15 KB (810 words) - 16:13, 2 November 2023
  • based on the following factors. Unlike the Commission, the EDPS is itself an independent supervisory authority, has its own financial budget, independent
    20 KB (1,347 words) - 14:21, 17 October 2023
View (previous 100 | ) (20 | 50 | 100 | 250 | 500)