Search results
From GDPRhub
- Data Protection Regulation (GDPR): A Commentary, Article 25 GDPR, p. 577 (Oxford University Press 2020). Although Article 25(1) mentions that the measures43 KB (4,675 words) - 06:43, 16 June 2023
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- HDPA (Greece) - 20/2023 (category Article 25(1) GDPR)registered letter in violation of article 15 (1) cond. 12 par. 2, 3 and 4 GDPR and c) 30,000 euros for violation of Article 25 (1) GDPR because it did not in practice6 KB (634 words) - 17:48, 17 July 2023
- HDPA (Greece) - 25/2023 (category Article 25(1) GDPR)processing of personal data meets the legal requirements, in breach of Article 25(1) GDPR. Finally, the DPA stated that the response to the access request was6 KB (694 words) - 14:25, 20 January 2024
- Garante per la protezione dei dati personali (Italy) - 9485681 (category Article 25(1) GDPR)Vodafone S.p.A in violation of the following GDPR provisions: Article 5(1) and Article 5(2) and Article 25(1): for failing to implement control systems of7 KB (810 words) - 15:52, 6 December 2023
- Helsingin hallinto-oikeus (Finland) - 3620/2023 (category Article 25(1) GDPR)the GDPR. In light of this, the Court agreed with the DPA that the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article22 KB (3,193 words) - 10:34, 29 February 2024
- Tietosuojavaltuutetun toimisto (Finland) - 4356/532/19 (category Article 25(1) GDPR)on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for43 KB (6,671 words) - 08:49, 27 January 2022
- Tietosuojavaltuutetun toimisto (Finland) - 834/532/18 (category Article 25(1) GDPR)on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for43 KB (6,677 words) - 08:47, 27 January 2022
- APD/GBA (Belgium) - 53/2020 (category Article 25(1) GDPR)comply with section 5.1(b) of the MDR, and for failure to comply with section 5.1(a) of the MDR. and 5.1(b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the MDR35 KB (5,853 words) - 16:58, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 25(1) GDPR)the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR. As a result, the DPA issued52 KB (7,936 words) - 22:32, 2 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 8211/161/19 (category Article 25(1) GDPR)this from happening, in violation with Article 24(1), Article 24(2), and Article 25(1) GDPR. According to Article 24(4) of the Finish Data Protection Act42 KB (6,579 words) - 08:46, 27 January 2022
- BlnBDI (Berlin) - C-807/21 - Deutsche Wohnen (category Article 83 GDPR)necessary. For the intentional infringement of Article 25(1) GDPR and Article 5(1)(a), (c), and (e) GDPR, the authority imposed a pecuniary penalty of €147 KB (936 words) - 16:39, 12 December 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 25(1) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- BlnBDI (Berlin) - 711.412.1 (category Article 25(1) GDPR)coming into force of the GDPR, the DPA found that the company still did not comply. How do Article 5(1)(e) and Article 25(1) GDPR apply to archives? The8 KB (965 words) - 16:38, 12 December 2023
- HDPA (Greece) - 64/2022 (category Article 25(1) GDPR)of natural persons who decisions, in accordance with the provisions of the GDPR. The DPA examined the rules for the removal of identification data displayed3 KB (199 words) - 20:46, 13 December 2022
- HDPA (Greece) - 4/2022 (category Article 25(1) GDPR)HDPA held that COSMOTE violated Article 25(1) GDPR, because the processing for statistical purposes under Article 89(1) GDPR should have been done with anonymised11 KB (1,274 words) - 10:37, 23 February 2022
- Commissioner (Cyprus) - 11.17.001.008.029 (category Article 25(1) GDPR)Commissioner held that CYTA violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures3 KB (193 words) - 16:52, 6 December 2023
- HDPA (Greece) - 30/2023 (category Article 25(1) GDPR)violation of article 5 par. 1 item. e' of the GDPR, b) reprimanded the OASA for the violations of the provisions of article 25 par. 1 and article 35 par. 1 of the6 KB (623 words) - 09:08, 25 October 2023
- HDPA (Greece) - 61/2022 (category Article 25(1) GDPR)information provided to data subjects was less than that required by the GDPR, and the information was not provided in an intelligible and easily accessible6 KB (663 words) - 15:31, 6 December 2023
- HDPA (Greece) - 50/2021 (category Article 25(1) GDPR)information in accordance with Article 13 GDPR. In addition, the HDPA found that the Ministry violated the obligation of Article 35(9) GDPR in relation to the expression5 KB (548 words) - 09:23, 12 October 2022
- AZOP (Croatia) - Decision 21-07-2022 (A1 telecommunications) (category Article 25(1) GDPR)€283,000). It held that the controller violated Articles 25(1), 32(1)(b), 32(1)(d) and 32(2) GDPR by not taking appropriate technical and organizational7 KB (855 words) - 15:30, 30 October 2023
- AZOP (Croatia) - Decision 18-05-2023 (category Article 25(1) GDPR)was fined €380,000 for violating Articles 6(1), 13(1) and (2), and 25(1) and (2) and 32(1)(a) and (d) GDPR. A sports betting agency, acting as the controller9 KB (1,276 words) - 15:25, 30 October 2023
- AZOP (Croatia) - Decision 28-08-2019 (category Article 25(1) GDPR)of Article 5, Article 6, and Article 25 GDPR. It ordered the controller to comply with the data subject's erasure request pursuant to Article 17(1)(d)16 KB (2,373 words) - 15:31, 30 October 2023
- CNIL (France) - MED-2019-027 (category Article 25(1) GDPR)design and default. The CNIL ordered the Ministry to comply with Article 24 and 25 GDPR regarding the collection and further processing of personal data21 KB (3,274 words) - 17:08, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3831/161/21 (category Article 25(1) GDPR)Finnish DPA found a retail chain to have breached Article 5(1)(e) GDPR, Article 25(1) GDPR and Article 25(2) GDPR for its lengthy storage of purchase behaviour61 KB (9,477 words) - 13:38, 12 January 2024
- HmbBfDI (Hamburg) - Vermerk: Abdingbarkeit von TOMs (category Article 25(1) GDPR)even though Article 32 GDPR stipulates such a technical measure for certain emails. It is important to note that only Article 6(1)(a) GDPR allows for such30 KB (4,562 words) - 15:27, 6 December 2023
- APD/GBA (Belgium) - 03/2021 (category Article 25(1) GDPR)fulfilled. The school breaches Article 6(1)(b) in combination with Article 6(4) and Article 6(1) Articles 24 and 25 GDPR Furthermore, as the school continued32 KB (4,880 words) - 16:50, 12 December 2023
- UODO (Poland) - DKN.5130.2815.2020 (category Article 25(1) GDPR)and Article 58(2)(b) in connection with Article 5(1)(f), Article 24(1), Article 25(1), Article 32(1) and (2) of 2 of Regulation EU 2016/679 of the European37 KB (5,819 words) - 09:58, 17 November 2023
- APD/GBA (Belgium) - 74/2020 (category Article 25(1) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- AEPD (Spain) - PS/00268/2022 (category Article 25(1) GDPR)According to Article 72.1 LOPDGDD, the violation of data processing principles under Article 5 GDPR was considered very serious. Considering Article 25(1) GDPR63 KB (9,551 words) - 12:33, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/1333 (category Article 25(1) GDPR)5- □ 1-i; -J L ..J Brussels-2020 Court of Appeal / AR / 1333 p. 3 breach of articles 5.1.a} and 5.1.b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the GDPR read51 KB (7,792 words) - 11:43, 24 January 2022
- Tietosuojavaltuutetun toimisto (Finland) - 4282/161/21 (category Article 25(1) GDPR)controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result, the DPA issued56 KB (8,980 words) - 08:47, 4 March 2024
- APD/GBA (Belgium) - 136/2023 (category Article 25(1) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- UODO (Poland) - DKN.5101.25.2020 (category Article 25(1) GDPR)with Art. 5 sec. 1 lit. f, art. 24 sec. 1, art. 25 sec. 1, art. 32 sec. 1 lit. d, art. 32 sec. 2, art. 33 paragraph. 1 and art. 34 sec. 1 of the Regulation63 KB (10,088 words) - 09:52, 17 November 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 25(1) GDPR)(2) § 23, § 25, 25 / G. § (3), (4) and (6), 25 / H. § (2) paragraph 25 / M. § (2), 25 / N. §, 51 / A. § (1), Articles 52-54. §- in Section 55 (1) - (2), Sections60 KB (9,820 words) - 10:08, 17 November 2023
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(1) GDPR)regard to Client 1 that data management - infringed Article 25 (1) to (2) of the General Data Protection Regulation, - infringed Article 32 (1) (b) of the General67 KB (10,492 words) - 10:11, 17 November 2023
- UODO (Poland) - DKN.5130.1354.2020 (category Article 25(1) GDPR)expressed in Article 5 (1 ) (a)) f, and reflected in the obligations set out in Article 24 (1), Article 25 (1), Article 32 (1 ) (b ) and (d) and Article 32 (2)74 KB (11,513 words) - 09:58, 17 November 2023
- UODO (Poland) - DKN.5130.2024.2020 (category Article 25(1) GDPR)sec. 1 lit. a) and art. 58 sec. 2 lit. i) in connection with Art. 5 sec. 1 lit. f), art. 24 sec. 1, art. 25 sec. 1, art. 28 sec. 1 and 3 and article. 3275 KB (12,104 words) - 09:58, 17 November 2023
- APD/GBA (Belgium) - 55/2021 (category Article 25(1) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9685922 (category Article 25(1) GDPR)processing carried out is in violation of Article 5(1)(f) GDPR, Article 25(1) GDPR, Article 32 GDPR and Article 35 GDPR. Especially, the controller cannot exclude119 KB (19,123 words) - 11:29, 16 August 2022
- APD/GBA (Belgium) - 82/2020 (category Article 25(1) GDPR)artikel 100, §1, 2° WOG de buitenvervolgingstelling bevelen, of de klacht seponeren overeenkomstig artikel 95, §1, 1° of artikel 100, §1, 1° WOG (naargelang124 KB (18,772 words) - 17:01, 12 December 2023
- UODO (Poland) - ZSOŚS.421.25.2019 (category Article 25(1) GDPR)5 sec. 1 lit. f, art. 5 sec. 2, art. 25 sec. 1, art. 32 sec. 1 lit. b, art. 32 sec. 1 lit. d, art. 32 sec. 2, art. 38 sec. 1, art. 39 sec. 1 lit. b and156 KB (25,012 words) - 10:01, 17 November 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 25(1) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- DPC (Ireland) - IN-19-7-2 (category Article 25(1) GDPR)violated Article 25(1) GDPR by failing to take measures designed to implement the accuracy principle in the database, and Articles 5(2) and 24(1) GDPR by failing5 KB (620 words) - 13:13, 19 May 2021
- HDPA (Greece) - 20/2022 (category Article 12(3) GDPR)violation of article 17 in combination with article 21 par. 3 and article 12 paragraph 3 of the GDPR and article 25 paragraph 1 of the GDPR. For its judgment16 KB (2,374 words) - 11:46, 18 August 2022
- ANSPDCP (Romania) - Banca Comercială Română SA (category Article 25(1) GDPR)This amounted to a violation of Article 25(1) GDPR, Article 32(1)(b) GDPR, Article 32(1)(d) GDPR, Article 32(2) GDPR. Consequently, the DPA fined the5 KB (558 words) - 08:06, 26 September 2022
- ANSPDCP (Romania) - Raiffeisen Bank SA (category Article 25(1) GDPR)violating Article 32(4) jo Article 32(1) and (2) GDPR (security of processing). In addition, a fine of €5,000 for violating Article 25(1) GDPR (data protection14 KB (1,905 words) - 15:22, 29 November 2022
- ANSPDCP (Romania) - Fine against Bitfactor SRL (category Article 25(1) GDPR)laid down in Article 5(1)(f) GDPR. In this context, the DPA referred to Article 25(1) GDPR (data protection by design) and Recital 78 GDPR. As a result6 KB (708 words) - 08:12, 6 October 2022
- APD/GBA (Belgium) - 29/2023 (category Article 25(1) GDPR)risk analysis. Therefore, the DPC found a violation of Article 25(1), 25(2), 5(1)(b) and 5(1)(f) GDPR, ordered Meta to comply with the provisions and imposed5 KB (536 words) - 14:11, 21 March 2023
- HDPA (Greece) - 41/2022 (category Article 25(1) GDPR)thereby violating Article 13(2) GDPR. The investigated controllers did not comply with the storage limitation principle under Article 5(1) GDPR because the data14 KB (2,046 words) - 19:00, 21 September 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6132/151/19 (category Article 25(1) GDPR)data free of charge in light of the principle of privacy by design (Article 25(1) GDPR). According to this principle, data protection issues should be taken14 KB (2,085 words) - 10:24, 4 November 2021
- HDPA (Greece) - 13/2024 (category Article 25(1) GDPR)processing under Article 9 GDPR. Second, the HDPA also found a violation of the principle of lawfulness under Article 5(1a) of the GDPR. It found that the12 KB (1,511 words) - 16:01, 10 April 2024
- Datatilsynet (Denmark) - 2021-441-10244 (category Article 25(1) GDPR)accordance with Article 32 (1) of the Data Protection Regulation. 1. 3.2. Article 25 of the Data Protection Regulation It follows from Article 25 (1) of the Data19 KB (2,832 words) - 14:47, 27 July 2022
- Garante per la protezione dei dati personali (Italy) - 9817058 (category Article 25(1) GDPR)data constituted a breach of Articles 5(1)(f) and 32 GDPR. Additionally, the controller violated Article 25(1) GDPR because it failed to implement a secure24 KB (3,588 words) - 13:43, 2 November 2022
- HDPA (Greece) - 13/2021 (category Article 25(1) GDPR)that in accordance with Article 1 7 in in conjunction with Article 21 (3) and Article 12 (3) of the GIPA and Article 25 par. 1 of the GCP meet the conditions22 KB (3,167 words) - 07:59, 14 October 2021
- APDCAT (Catalonia) - PS 28/2021 (category Article 25(1) GDPR)city council had violated Article 13 GDPR and Article 25(1) GDPR. However, since the deficiencies regarding Article 13 GDPR were corrected before the end42 KB (6,526 words) - 14:26, 24 November 2022
- APD/GBA (Belgium) - 165/2023 (category Article 25(1) GDPR)violation of: 1. Article 5.1.f) and 5.2 of the GDPR, Article 24.1 of the GDPR, Article 25.1 of the GDPR and Articles 32.1 and 32.2 GDPR; 2. Articles 35.1, 35.267 KB (9,908 words) - 11:09, 10 January 2024
- APD/GBA (Belgium) - 60/2023 (category Article 25(1) GDPR)information obligations under Article 5(1)(a), Article 6(1), Article 12, Article 13, Article 24(1), Article 25(1) and Article 25(2). Share your comments here39 KB (5,541 words) - 08:17, 6 June 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4672/161/2022 (category Article 25(1) GDPR)controllers have violated Article 5(1)(a), Article 6(1), Article 13, paragraphs 1 and 2, Article 25, Article 32, paragraphs 1 and 2, and Articles 44 and44 KB (6,748 words) - 16:10, 21 March 2023
- APD/GBA (Belgium) - 162/2022 (category Article 25(1) GDPR)(2) GDPR; b. a breach of Article 12(1) and (6) GDPR, Article 13(1) and (2) GDPR and Article 14(1) and (2) GDPR, Article 5(2) GDPR, Article 24(1) GDPR and71 KB (10,426 words) - 08:21, 23 November 2022
- UODO (Poland) - DKN.5131.8.2022 (category Article 25(1) GDPR)the laptop theft, in breach of Article 32(1) GDPR. Moreover, the DPA found a violation of Articles 24(1) and 25(1) GDPR because the controller failed to48 KB (7,609 words) - 12:24, 23 November 2022
- Datatilsynet (Norway) - 18/04147 (category Article 25(1) GDPR)violating Article 5(1) GDPR, Article 17(1)(a), Article 17(1)(d) and Article 25(1), cf. Article 5(1)(c), Article 5(1)(d), Article 5(1)(e) and Article 5(1)(f)47 KB (7,575 words) - 11:35, 18 November 2023
- UODO (Poland) - DKN.5130.2559.2020 (category Article 25(1) GDPR)provisions of Article 5(1)(f) GDPR, Article 5(2) GDPR, Article 24(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR by: (a) failing62 KB (9,906 words) - 09:02, 11 October 2022
- UODO (Poland) - DKN.5131.31.2022 (category Article 25(1) GDPR)controller €5,400 for infringements of Articles 5(1)(f) and 5(2) GDPR as well as Article 25(1) and Article 32(1) GDPR. First, the controller did not ensure adequate71 KB (11,306 words) - 10:51, 22 January 2024
- Garante per la protezione dei dati personali (Italy) - 9917728 (category Article 25(1) GDPR)The DPA found violations of Articles 5(1)(a)(c)(f), 9, 25(1)(2) and issued a fine of 25,000 euros under Article 83. An advertising billboard depicted a60 KB (9,523 words) - 08:00, 23 August 2023
- APD/GBA (Belgium) - 24/2021 (category Article 7(1) GDPR)fairness and transparency (Article 5.1 a) GDPR), purpose limitation (Article 5.1 b) GDPR) and minimum data processing (Article 5.1 c) GDPR); 4) the legal basis110 KB (18,238 words) - 16:56, 12 December 2023
- OLG München - 18 U 2822/19 Pre (category Article 25(1) GDPR)violated section 13(6) of the German Telemedia Act (TMG) or Article 4(7) GDPR and Artcicle 25(1) GDPR? The Higher Regional Court Munich dismissed the appeal59 KB (9,846 words) - 14:03, 20 September 2021
- UODO (Poland) - DKN.5131.12.2020 (category Article 25(1) GDPR)comply with the principles under Article 5 GDPR, including the principle of integrity and confidentiality (Article 5(1)(f) GDPR). According to this principle74 KB (11,896 words) - 15:14, 7 March 2023
- APD/GBA (Belgium) - 15/2023 (category Article 25(1) GDPR)regard resources. II.1. Article 5 (1) (a) and (2) of the GDPR and Article 6 (1) of the GDPR II.1.1. Article 5 (1) a) and Article 6 (1) GDPR with regard to legality105 KB (15,883 words) - 15:05, 8 March 2023
- UODO (Poland) - DKN.5131.22.2021 (category Article 25(1) GDPR)that the controller breached Article 5(1)(f), Article 24(1), Article 25(1), Article 32(1)(b) and (d), and Article 32(2) GDPR due to a lack of a reliably68 KB (10,909 words) - 14:47, 25 October 2021
- Garante per la protezione dei dati personali (Italy) - 10007895 (category Article 25(1) GDPR)accountability pursuant to Article 5(1)(a) and (2) GDPR and its responsibility of the controller under Article 24(1) and 25(1) GDPR. In addition to that, the67 KB (10,740 words) - 15:31, 13 May 2024
- APD/GBA (Belgium) - 188/2022 (category Article 25(1) GDPR)of Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) paragraph 2 of the GDPR; and 2. a breach of Article 12 paragraph 1 and paragraph 495 KB (14,325 words) - 14:27, 25 January 2023
- UODO - DKN.5112.1.2020 (category Article 25(1) GDPR)controller under Article 24(1) GDPR, Article 25 (1) GDPR, Article 32(1)(b) GDPR and Article 32(1)(d) GDPR and Article 32 GDPR#2"Article 32(2) GDPR. Share blogs89 KB (14,285 words) - 12:21, 10 September 2021
- UODO (Poland) - DKN.5112.1.2020 (category Article 25(1) GDPR)of the case (Article 107 § 3 of the Code of Administrative Procedure in connection with Article 77 § 1, Article 80, Article 8 § 1 and Article 11 of the Code110 KB (17,607 words) - 15:35, 3 January 2023
- Garante per la protezione dei dati personali (Italy) - 9921112 (category Article 25(1) GDPR)personal data during the promotional phone call. Article 5(1)(a), Article 6(1)(a) and Article 7 GDPR, for having carried out promotional telephone calls87 KB (13,867 words) - 13:11, 28 September 2023
- WSA Warsaw (Poland) - II SA/Wa 2559/19 (category Article 25(1) GDPR)5 sec. 1 lit. f of Regulation 2016/679 (and reflected in the form of obligations set out in Article 24 (1), Article 25 (1) and Article 32 (1) (b) and90 KB (14,642 words) - 11:12, 18 November 2020
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- UODO (Poland) - DKN.5130.2215.2020 (category Article 25(1) GDPR)sec. 1 lit. f), art. 24 sec. 1, art. 25 sec. 1, art. 28 sec. 1 and sec. 3, art. 32 sec. 1 and 2 and article. 34 sec. 1, as well as art. 83 sec. 1-3 and110 KB (17,650 words) - 12:27, 29 April 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6097/161/21 (category Article 25(1) GDPR)(2016/679) Article 12(1), 2, 3, 4 and 6, Article 5(1)(c), Article 15, Article 17, Article 25, Article 58(2)(b) and (d), Article 83 paragraphs 1, 2, 3, 4139 KB (22,397 words) - 21:48, 13 July 2022
- APD/GBA (Belgium) - 57/2023 (category Article 5(1) GDPR)violation of: 1. Article 5 (1) (a) and (2) and Article 6 (1) GDPR; 2. Article 5, Article 24 (1) and 25 (1) and (2) GDPR; 3. Article 12 paragraph 1, paragraph99 KB (15,129 words) - 09:21, 31 May 2023
- Garante per la protezione dei dati personali (Italy) - 9825667 (category Article 25(1) GDPR)violated Articles 5(2), 24 and 25(1) GDPR. At last, the DPA established a violation of Article 5(2), Article 24 and Article 13 GDPR, for failing to provide evidence131 KB (21,176 words) - 12:52, 20 December 2022
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant45 KB (6,780 words) - 16:57, 12 December 2023
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8492/163/20 (category Article 25(1) GDPR)accuracy of Article 5(1)(d) GDPR and data protection by design of Article 25(1) GDPR. In addition, the DPA held that the controller violated Articles 5(1)(a) and149 KB (24,224 words) - 12:20, 2 January 2023
- NAIH (Hungary) - NAIH-85-3/2022 (category Article 25(1) GDPR) (section Fine and order to comply with GDPR)No Article 5 (1) (a) and (b), Article 6 (1), Article 6 (4) Article 12 (1), Article 13, Article 21 (1) and (2), Article 24 (1), Article 25 Article 1 (1)147 KB (23,028 words) - 13:36, 28 February 2023
- Garante per la protezione dei dati personali (Italy) - 9864063 (category Article 25(1) GDPR)justify it, in breach of Articles 5(1)(a) and 6 GDPR. Finally, the Italian DPA found a violation of Article 25(1) and (2) GDPR because the controller had not152 KB (24,743 words) - 14:39, 21 March 2023
- Tietosuojavaltuutetun toimisto (Finland) - 1150/161/2021 (category Article 25(1) GDPR)infringement of Article 33(1) GDPR, a fine of €145,600 for infringement of Article 34(1) GDPR, and a fine of €316,800 for infringement of Article 5(1)(f) GDPR. In153 KB (24,570 words) - 15:11, 26 March 2024
- Articles 4(11), 6(1)(a), 7 and 8 GDPR. For the definition of 'consent', see the more commentary under Article 6(1)(a) GDPR and Article 7 GDPR. For the definition125 KB (16,328 words) - 16:01, 8 March 2024
- ANSPDCP (Romania) - Fine against Automobile Bavaria SRL (category Article 25 GDPR)security of the data, in violation of Article 32(1) and (2) GDPR and warned the controller for a violation of Article 25(1) GDPR. The DPA fined the controller6 KB (788 words) - 08:33, 31 May 2023
- non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the41 KB (5,197 words) - 12:17, 17 April 2024
- DSB (Austria) - D130.1170 (category Article 7(3) GDPR)violation of Article 7(3) GDPR and it also failed to comply with the requirements set out in Article 5(1)(a) GDPR and Article 25(1) GDPR. Accordingly,5 KB (661 words) - 08:56, 27 September 2023
- DPC (Ireland) - IN-21-9-1 (category Article 5(1)(a) GDPR)minimisation (Article 5(1)(c) GDPR), integrity and confidentiality (Article 5(1)(f) GDPR) and privacy by design and by default (Article 25 GDPR). These principles7 KB (858 words) - 12:25, 20 September 2023
- CJEU - C807/21 - Deutsche Wohnen (category Article 83(4) GDPR)fined DW €14,385,000 for intentional infringement of Article 5(1)(a), (c) and (e) and of Article 25(1) GDPR. The DPA found that DW intentionally failed to take10 KB (1,543 words) - 13:53, 8 December 2023
- elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- of the GDPR, Article 6 of the GDPR, Article 9 of the GDPR, Article 12 of the GDPR, Article 35 of the RGPD, Article 13 of the RGPD, Article 25 of the RGPD337 KB (50,591 words) - 15:29, 5 August 2021
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the77 KB (11,604 words) - 08:55, 29 June 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 24 GDPR (category Article 24 GDPR) (section (1) Appropriate technical and organisational measures)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- According to the final paragraph in Article 49(1) GDPR, when none of the derogations described above (Article 49(1)(a-g) GDPR) is applicable, transfers to third29 KB (3,500 words) - 08:54, 27 March 2023