Search results

of the personal data, in particular whether special categories of personal data are processed, pursuant to Article 9, or whether personal data related

special categories of personal data (Article 9 GDPR); personal data relating to criminal convictions and offences (Article 10 GDPR); data knowingly and actively

is no longer possible. Encrypted personal data are pseudonymised personal data and thus still personal data (see Article 4, point 5 of the General Regulation)

Article 13: Information to be provided where personal data are collected from the data subject 1. Where personal data relating to a data subject are collected

of data protection by design and data protection by default. Such measures could consist, inter alia, of minimising the processing of personal data, pseudonymising

the Greek Data Protection Act 2019, the ePrivacy Directive implementation law and other provisions regarding the protection of personal data. It was first

independent data protection supervision and should provide for cooperation mechanisms with the Member States' data protection authorities, and the data subjects

processing the personal data of the data subject's request. Article 17 confers upon the data subject the right to have their personal data erased, however

necessary requirements to ensure the protection of personal data of the data subjects concerned referred to in Article 47; (j) issue guidelines, recommendations

exist before. Article 8 introduces a new fundamental right to data protection, which reads as follows: Article 8 Protection of personal data 1.   Everyone

how the personal data is processed; You have entrusted the processing of personal data to an external organisation to process the personal data on your

Example: The Austrian Data Protection Act ('Datenschutzgesetz') regulates the use of personal data by journalists in § 9 Data Protection Act, as made possible

disclosure of, or access to, personal data transmitted, stored or otherwise processed; 13. ‘genetic data’ means personal data relating to the inherited or

of the controller, return or delete the personal data, unless there is a requirement to store the personal data under Union or Member State law to which

to carry out a data protection impact assessment from Article 35 GDPR or the obligation to designate a data protection officer from Article 37 GDPR. The

related to the protection of personal data in the Union, including advice regarding proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR)

unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/2011

if the SA is 'concerned' by the processing of personal data under Article 4(22)(6) or (c) (i.e. when data subjects are substantially affected or a complaint

General Data Protection Regulation (GDPR), Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection

and in particular their right to the protection of personal data and to ensure the free movement of personal data within the Union, the power to adopt

Austrian Data Protection Act (Datenschutzgesetz - DSG) sets a penalty of €50,000 for, inter alia, (1) intentionally obtaining illegal access to personal data

accordance with Article 42(5); (g) to adopt standard data protection clauses referred to in Article 28(8) and in point (d) of Article 46(2); (h) to authorise

commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The

identify the purpose of personal data processing for scientific research purposes at the time of data collection. Therefore, data subjects should be allowed

if the data subject considers that the processing of personal data relating to them infringes the GDPR. The right to file a complaint under Article 77(1)

mechanisms and data protection seals and marks should be encouraged, allowing data subjects to quickly assess the level of data protection of relevant products

processing, on a large scale, of special categories of personal data or the processing of personal data relating to criminal convictions and offences, and

dispute resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also

persons in relation to the processing of their personal data and to facilitate the free flow of personal data within the internal market. For that purpose

Article 68 - European Data Protection Board 1. The European Data Protection Board (the ‘Board’) is hereby established as a body of the Union and shall

this article. → You can find all related decisions in Category:Article 48 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation

period for which the personal data are processed, the recipients of the personal data, the logic involved in any automatic personal data processing and, at

referred to in Article 64. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2). Recital

should replace the Working Party on the Protection of Individuals with Regard to the Processing of Personal Data established by Directive 95/46/EC. It should

under Article 30(1) GDPR, documenting personal data breaches under Article 33(5) GDPR or performing a data protection impact assessment under Article 35 GDPR)

processing of genetic data, biometric data or data concerning health. Article 9(1) GDPR provides a list of special categories of personal data whose processing

mechanisms and data protection seals and marks should be encouraged, allowing data subjects to quickly assess the level of data protection of relevant products

not affected by Article 11 GDPR. Article 11 GDPR applies when “personal data do not or do no longer require the identification of a data subject”. One could

categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10" on a

restrictions. Article 16 gives data subjects the right to have incomplete personal data completed. Whether data is incomplete within the meaning of Article 16 GDPR

general data protection principles, in particular purpose limitation, data minimisation, limited storage periods, data quality, data protection by design

Fundamental Rights The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it

Article 39 - Tasks of the data protection officer 1. The data protection officer shall have at least the following tasks: (a) to inform and advise the

the personal data of deceased persons. Member States may provide for rules regarding the processing of personal data of deceased persons. Article 2 GDPR

the processing of personal data, such as the legal grounds for processing or data protection principles. The European Data Protection Board established

(iii) has been fined under Article 83 GDPR or (iv) is subject to a penalty under Article 84 GDPR. If a data subject’s personal data is otherwise affected by

Article 34 - Communication of a personal data breach to the data subject 1. When the personal data breach is likely to result in a high risk to the rights

security measures, compliance with data retention requirements, data location, data transfers, data access, recipients of data, use of sub-processors, and other

where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are

under Article 30 GDPR, to carry out a data protection impact assessment under Article 35 GDPR, or to designate a data protection officer under Article 37

need to act under Article 66(1) shall be presumed to be met and require an opinion or an urgent binding decision from the Board pursuant to Article 66(2)

element of a data subject's fundamental right to data protection. Article 51 GDPR is closely connected to Article 4(21) (definition of SA), Article 52 (independence)

Datenschutzrecht, Article 53 GDPR, margin number 11 (Nomos 2019). Hijmans, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR), Article 53 GDPR

European Data Protection Supervisor when they stated that “the Data Protection Officer is fundamental in insuring the respect of data protection principles

protection, such as on special categories of data (Article 9 GDPR) or human resources data (Article 88 GDPR). It is not evident which national law is applicable

General Data Protection Regulation (GDPR), Article 65 GDPR, p. 1023 (Oxford University Press 2020). EDPB, Rules of Procedure, 8 October 2020, Article 21.2

freedoms of data subjects pursuant to this Regulation; (d) where applicable, the contact details of the data protection officer; (e) the data protection impact

consistency” in data protection law. This is particularly relevant given the fact that Member States may give effect to EU data protection law in ways which

proceedings. Article 81 GDPR regulates the suspension of judicial proceedings in multiple Member States in the context of data protection. The Article addresses

compliance for the new data controller. A data portability request only applies to personal data concerning the data subject. Pseudonymous data is within the scope

Article 33 - Notification of a personal data breach to the supervisory authority 1. In the case of a personal data breach, the controller shall without

of independence is also referred to in Article 4(12) GDPR (definition of SA), Article 45(2)(b) GDPR (personal data transfers to a third country or an international

processing of personal data is carried out at that location. The presence and use of technical means and technologies for processing personal data or processing

of personal data in those areas. Under Article 4(5) GDPR, pseudonymisation means the processing of personal data in such a manner that the personal data

(c) the collection of personal data; (d) the pseudonymisation of personal data; (e) the information provided to the public and to data subjects; (f) the exercise

rectification or erasure of personal data or restriction of processing (Article 19 GDPR), data portability (Article 20 GDPR), object (Article 21 GDPR), and refusal

establishment of SAs, please refer to Article 51(1) GDPR and Article 52 GDPR in this Commentary. Article 54(1)(b) GDPR echoes Article 53(2) GDPR, which outlines the

importance of the special categories of personal data within the meaning of Article 9 GDPR. The special protection of Article 10 GDPR should also be taken into

directive establishes a difference between the collection of “personal data” and other data. The Court referenced the earlier opinion of the AG, noting that

agreement), the following types of Personal Data may constitute Customer Personal Data. Processor Services | Types of Personal Data | ------------------------

constitute personal data for both the defendant and Google LLC as data controllers. Dynamic IP addresses constitute personal data if the data controller

legislation. Norway passed the Personal Data Registers Act of 1978, which was in force until the enactment of the Personal Data Act of 2000, which built on Directive

the protection of natural persons in processing of personal data, on the free movement of data and on the repeal of Directive 95/46/EC (General Data Protection

free movement of data). Data Protection), hereinafter DPMR ; Having regard to the law of 3 December 2017 establishing the Data Protection Authority, hereinafter

this section! The Slovenian Constitution of 1991 guarantees the protection of personal data at the constitutional level and within the framework of guaranteed

Recital 4: The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it

period for which the personal data are processed, the recipients of the personal data, the logic involved in any automatic personal data processing and, at

birthday of data protection law in Germany is 30 September 1970, the date on which the Hessian state parliament passed the Data Protection Act. On a federal

on the protection of personal data and on the free movement of such data; Having regard to Law No. 78-17 of 6 January 1978 on Data Processing, Data Files

Articles 44 to 49 GDPR, data transfers from the EU/EEA under the data protection clauses. In addition, give the BF2 EU/EEA personal data to the US government

not base the transfer of data on standardized data protection regulations according to article 46.2 c of the data protection regulation if the recipient

been a breach of personal data security, see Article 4 (12) of the Data Protection Regulation. 4.6 Article 32 of the Data Protection Regulation It follows

December, on the Protection of Personal Data and guarantee of digital rights (hereinafter, LOPDGDD), as follows: “E) The processing of personal data in the categories

German Data Protection Act (DSG) as well as Sec. 78 of the Copyright Act. The published pictures were sensitive data concerning the most personal sphere

5       According to Article 5 of the aforementioned regulation entitled “Principles for the handling of personal data”: “(1)      The personal data: a)        shall

authorities' access to data personal data, as well as the application of said legislation, the rules for the protection of data, professional standards

claim for compensation as referred to in Article 49, first and second paragraphs of the Personal Data Protection Act (Wbp). By decision of 13 March 2018, the

of the Act on the Protection of Personal Data (Journal of Laws of 2010, No. 183, item 659, as amended), the Act on the Protection of Personal Data (Journal

old German Data Protection Act (BDSG a.F.). However, it ceased to apply with the introduction of the GDPR and the new German Data Protection Act (BDSG n.F

considered whether the data processed through Google analytics tool constitutes personal data and found that the data does constitute personal data as cookies containing

violate Article 82 of the Data Protection Act? The DPA explained that Article 82 of the Data Protection Act required the provider to ask consent of data subjects

concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data and which repeals

not base the transfer of data on standardized data protection regulations according to article 46.2 c of the data protection regulation if the recipient

or erase the personal data or to restrict the personal data relating to him/her (c) where processing is based on Article 6(1)(a) or Article 9(2)(a), that

requirements The protection of personal data and privacy are fundamental rights enshrined in Article 8 of the European Convention on Human Rights, Article 102 of

regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (Basic Data Protection Regulation, OJ L 119 of

the requirements set in Article 82 of the Data Protection Act is set out in Article 3, paragraph I, of the Data Protection Act which provides: without

Google processes personal data of the data controller (i.e. 1 regarding the processing of personal data and about the free flow of such data and about the

and the Data Protection Act (1050/2018). When deciding the matter, the Deputy Data Protection Commissioner also takes into account the European Data Protection

unprotected URL address to share documents containing personal data violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant