Search results

possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State

specialized website. AG Bobek is also of the opinion that Article 6(1)(c) GDPR and Article 6(3) GDPR do not preclude national rules from laying down, without

Articles 6(1)(c) and (e), 6(3) and 9(1) GDPR. The preliminary questions concern the issue whether the existence of a legal obligation – Article 6(1)(c) GDPR

proportionality of the measure under Article 6(4) GDPR, in accordance with the objectives referred to in Article 23(1) GDPR. It recalled that these objectives

their health status, without appropriate legal grounds, as required by art. 6 GDPR and art 2-ter and 2-septies of the Italian Privacy Code, and going against

instruction, under Article 28(1) GDPR. Thus, it has not been decided on whether or not MaCom could process information in accordance with Article 6(3)(a), (1)(a)

par. 1, letter a) and c); 6, par. 1, letter c) and e), par. 2 and par. 3, letter b) and Article 2-ter, paragraphs 1 and 3, caused by the conduct of the

Articles 6(1)(c) or 6(1)(e). Therefore, the DPA issued a sanction of €2000 against the Municipality for violating Articles 6(1)(c), (e), 6(2), and 6(3)(b).

with a legal obligation to which the controller is subject, under Article 6 (1) (c) GDPR. In this case, the compliants' personal data remained published

to be heard by the Authority, within 30 days (Article 166, paragraphs 6 and 7, of the Code, and Article 18, paragraph 1, by Law No. 689 of 24/11/1981)

with art. 5 and 6 of the GDPR? The DPA held that Regione Campania violated art 5(1)(a)(c), art. 6(1)(c)(e), art. 6(2) and art. 6(3)(b) GDPR, and concluded

Municipality lawful in accordance with Articles 5(1)(c), 6(1)(c), (e), 6(2), and 6(3)(b) GDPR? The DPA held that the disclosure of the personal data by

Art. 6 para. 1 sentence 1 lit. c, para. 3 sentence 1, Art. 86 GKG § 47 (1), § 52 (2), § 53 (2) no. 2, § 63 (3) sentence 1 no. 2, § 66 (3) sentence 3, § 68

the processing, together with the Privacy Ordinance Article 6 No. 1 letter c or e, cf. Article 6 No. 3, as of Arendal municipality is stated as a basis for

legal basis for processing the data under Article 6(1)(c) GDPR. The Latvian DPA also held that Article 6(1)(e) GDPR could not be relied upon as a legal basis

the present case. Under Article 6.3.b) andof recital 45 of the GDPR, processing based on Article 6.1.e) must fulfill twoconditions:- The data controller

reasons, article 780, 3° of the Judicial Code, article 149 of the Constitution and article 6 of the ECHR - the pleas not explicitly stated. 17.3.3. The Procurement

the basis of article 6.1 e) GDPR read together with articles 5.2 GDPR and 24.1 GDPR. 3) Violation of Articles 12.1, 12.6, 13.1 and 13.2 GDPR: the Inspection

legal obligation within the meaning of Article 6(1)(c) GDPR. The second and third question Since Article 6(1)(f) GDPR is the legal basis for the controller's

communications under Article 14 GDPR were not legally necessary, as in the present case, Article 23 GDPR restrictions were applicable. Article 23 GDPR establishes

the Slovenian National Institute of Public Health? The IP held that Article 6(3) GDPR applies in this context. As such the legal basis for processing is

King under Article 88 of the Belgian Constitution. Lawfulness The DPA examined the existence of a legal basis on the basis of Article 6(1)(e) GDPR, which requires

no legal basis. This was a breach of Article 5(1) GDPR, Article 6(3) GDPR, Article 9(1) GDPR and Article 9(3) GDPR as well as Swedish health care legislation

follows from Article 6 (3) of the GDPR that the legal basis for the processing referred to in Article 6 (1), preamble and under c, of the GDPR must be determined

articles 6(2) and 6(3) GDPR allow the Member States to introduce more specific provisions to adapt the application of the rules of Article 6(1)(e) GDPR, the

under Article 6(1)(e) GDPR, Article 6(3) GDPR, (and the Norwegian Personal Data Act § 8). The Norwegian Privacy Appeals Board noted that under Article 5(1)(b)

processing of personal data on the basis of Article 6(1)(e) GDPR, and the requirement of Article 6(3)(b) GDPR was satisfied, too. Also, the VGH held it to

DPA held that the controller had violated Article 6(1) GDPR and Article 6(3) GDPR, thus also Article 5(1)(a) GDPR, for lack of legal basis for publishing

follows from Article 6(3) of the Basic Regulation that legal obligations in other Member States are not relevant. Furthermore, Article 3(1), first sentence

including the general conditions on the 10Art. 6, 1, (c) of the GDPR. 11 art. 6, 1, (e) of the GDPR 12Art. 6.3 of the AVG. Decision on the merits 124/2021

authority under Article 6(1)(e) GDPR and whether a clear legal obligation prescribing such processing was given as per Article 6(3) GDPR. In this, the DPA

the City wished to rely on Articles 6(1)(e) and 9(1)(g) GDPR. Under Article 6(3) GDPR, reliance on Article 6(1)(e) GDPR as a legal basis for processing must

foreseen in Article 6(3) GDPR and its counterpart of the national law, Article 8 of Ley Orgánica 3/2018. On the other hand, Article 86 of the GDPR foresees

meaning of Article 4 (1) and (2) GDPR, this would be justified under Article 6 (1)(c) and (3). The court also found that the VIG complies with Article 86 GDPR:

recitals of the GDPR and to Article 86 GDPR which concerns public access to official documents, as well as Article 6(2) GDPR and Article 6(3) GDPR which provides

17 (1) (c) GDPR also opens up to provisions of national law via the implicit reference to Art. 6 GDPR; According to Art. 6 Para. 2, 3 GDPR, the national

to events during the Covid-19 pandemic violates Articles 5, 6(3)(b), 9, 13, 14, 25 and 32 GDPR. On the 22nd of April 2021, the Decree Law (decreto legge)

meaning of Article 6 Paragraph 3 in conjunction with Paragraph 1 Letter c) or Letter e) GDPR, whereby according to Article 85 Paragraph 1, 2 GDPR the protection

legislator used the open clause of Article 6(1)(c) and (e) GDPR, in combination with Article 6(2) and Article 6(3) GDPR, to create a legal basis for the

Protection Regulation article 6 no. 1 letters c and e, and that the supplementary legal basis according to article 6 no. 3 was Church Act § 3 no. 10 and provisions

and (1)(e) of Article 6 GDPR. The violation of Article 2-ter of the Code is a direct consequence of the violation of Articles 5 and 6 GDPR. Finally, the

and (2) GDPR; b. a breach of Article 12(1) and (6) GDPR, Article 13(1) and (2) GDPR and Article 14(1) and (2) GDPR, Article 5(2) GDPR, Article 24(1) GDPR

basis of consent, Article 6 (1) (a) GDPR. In particular, Article 6 (1) (c) (legal obligation of the controller and Article 6 (1) (e) GDPR (public interest)

basis as per Article 6(3) GDPR to process the transaction personal data ("bongdata" in Norwegian) as intended, and based on Article 58(2)(f) GDPR imposed a

consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details

materia di protezione dei dati personali”; and of Article 6(1)(c), Article 6(1)(e), Article 6(2) and Article 6(3)(b). The Italian DPA did not impose a fine because

access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data

accordance with Article 6(2) GDPR and Article 6(3) GDPR for adaptation to the application of Article 6(1)(c) GDPR and Article 6(1)(e) GDPR. The court stressed

reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate

safeguards (see Article 32(1)(a) GDPR); Handling of personal data breaches (see Article 34(3)(a) GDPR); Changing purposes of data processing (Article 6(4)(e) GDPR);

provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be

flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision

categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific

on Article 6(1)(c) GDPR. In particular, the appellant argued that pursuant to Article 6(3) GDPR, a public interest task under Article 6(1)(c) GDPR must

are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles

therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 90. In addition, a controller

a "filing system" within the meaning of Article 4(6) GDPR. See also Article 2(1) GDPR on the scope of the GDPR when it comes to non-automated filing systems

DS-GVO BDSG, Article 32 GDPR, margin number 29 (C.H. Beck 2020, 3rd Edition). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number

between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)

affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers

with Article 6(3) GDPR, the national law lays down, 1) the basis for such processing and, 2) the purposes of that processing or, as regards Article 6(1)(e)

Moreover, the texts the airport relied upon did not refer, as required by Article 6(3) GDPR, to the purpose of the processing, to the description of the processing

the meaning of Article 9 of the GDPR must indeed be based on Article 9.2 of the GDPR, read in conjunction with Article 6.1 of the GDPR. 24 This has been

under the material part of the GDPR and the controller-processor agreement pursuant to Article 28 GDPR. Article 82(6) GDPR states that claims for damages

compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor should

resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in

(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)

Regulation (GDPR), Article 7 GDPR, p. 350 (Oxford University Press 2020). Heckmann, Paschke, in Ehmann, Selmayr, Datenschutz-Grundverordnung, Article 7 GDPR, margin

freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria

with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR

respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences

processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency

Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number

and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final

categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation

Kühling/Buchner, DSGVO, Article 2 GDPR, margin number 15 (C.H. Beck 2020, 3rd edition). Bäcker, in Wolff, Brink, BeckOK Datenschutzrecht, Article 2 GDPR, margin number

all related decisions in Category:Article 3 GDPR EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1)

EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph 3, or other information

which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary

commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA

DS-GVO BDSG, Article 78 GDPR, margin number 6 (C.H. Beck 2020, 3rd edition); Körffer in Paal, Pauly, DS-GVO BDSG, Article 78 GDPR, margin numbers 3-5, (C.H

with processing within the scope of the GDPR. Part 2 deals with processing outside of the scope of the GDPR. Part 3 deals with processing by competent authorities

important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal

64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR

requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide

standards of clarity (Article 61(3) GDPR). Requests are imperative and, subject to specific exceptions (Article 61(4) and (5) GDPR), must be fulfilled and

Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 6 (C.H. Beck

and (3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5)

lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the

into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)

controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also

pursuant to Article 6 GDPR; the principles of data processing pursuant to Article 5 GDPR; the data subjects’ rights pursuant to Articles 12-23 GDPR; the obligation

adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate

decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set

compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to

requested certification. 6. The requirements referred to in paragraph 3 of this Article and the criteria referred to in Article 42(5) shall be made public

harmonized by Article 58(1) GDPR, this second type of joint operations only makes sense if the law of the sending State – based on Article 58(6) GDPR – contains

Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p

limit the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally

this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the