Search results

that the action was intentional (Article 83(2)(b) GDPR), and that the personal data are sensitive (Article 83(2)(g) GDPR). Share your comments here! Share

fine on the defendant and stated he has to comply with Article 5(1)(c) and Article 83(2)(a)(b) GDPR. Share your comments here! Share blogs or news articles

action (Article 83.2 b) Basic personal identifiers (name, surname, address) are affected, according to Article 83(2)(g) VII Furthermore, Article 83.7 of the

limitation period, article 72 of the LOPDGDD indicates: Article 72. Infractions considered very serious. "1. Based on the provisions of article 83.5 of Regulation

negligence of the infringement (83 (2) (b) GDPR) and the lack of cooperation with the Spanish Data Protection Agency (83 (2) (f) GDPR). Therefore, in view of the

significant negligent action (Article 83(2)(b) GDPR) and that basic personal identifiers were affected (Article 83(2)(g) GDPR). The economic volume of the

regard to article 83.2 (k) of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k) of

signifies cativa (article 83.2 b)  Basic personal identifiers are affected (name, surname, two, domicile), according to article 83.2 g) Therefore, based

negligent action (Article 83(2)(b) GDPR), and for being data known as basic personal identifiers such as name and address (Article 83(2)(g) GDPR). The AEPD set

data. Hence, it considered Article 32(1)(a), Article 32(1)(b), Article 32(1)(d) GDPR to be breached. Pursuant to Article 82(2) GDPR, the DPA took several aggravating

such processing to be legitimate on the basis of Article 9 (2) (B) GDPR in conjunction with Article 32 GDPR" (see note cited, p. 4) (see footnote cit., p

the infringement - Article 83(2)(b) - and the fact that the infringement involved the “basic identifiers” of the claimant - Article 83(2)(g) - to be aggravating

aggravated by article 83(2)(b) GDPR (intentional or negligent character of the infringement) and article 83(2)(k) GDPR in relation with article 76(f) of Spanish

criteria provided for by Article 83(2) GDPR and ensuring it is effective, proportionate and dissuasive in line with Article 83(1) GDPR. Adopted 117 10 BINDING

with the criteria established in Article 83(2)(b) GDPR: negligent character of the infringement, and Article 83(2)(g) GDPR: categories of personal data affected

negligent action (Article 83(2)(b) GDPR) and that basic identifiers such as name, surname, and address are affected (Article 83(2)(g) GDPR), including also

health data under Article 14 GDPR#15Article 4(15) GDPR, to the municipality. In particular, the controller could not invoke Article 9(2)(f) GDPR ("necessary

limitation of Article 5(1)(b) GDPR and against the provisions of Article 5(1)(a) GDPR and Article 6(1)(f) GDPR in conjunction with Article 6(4) GDPR. Further

significant (Article 83(2)(b) GDPR). - basic personal identifiers were affected (name, identification number, the line identifier) (Article 83(2)(g) GDPR). The

to Article 58 Paragraph 2 Letter i and Article 83 Paragraph 1 to 6 GDPR Article 58 Paragraph 2 Litera i and Article 83 Paragraph One , up to 6 GDPR are

14/19 Regarding section k) of article 83.2 of the GDPR, the LOPDGDD, article 76, “Sanctions and corrective measures” provides: "2. In accordance with the provisions

Category:Article 83 GDPR The wording “infringements of this Regulation” in Article 83(1) GDPR is slightly imprecise. In fact, Article 83(5)(d) GDPR also provides

access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data

committed by the complainant (Article 83(2)(b) GDPR).The violation was intentionally committed by the complainant (Article 83(2)(b) GDPR). The following was taken

consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details

complainant, Article 83(2)(h) GDPR - The existence of a prior complaint. Aggravating factors in accordance with Article 72(2)(a) & (b) LOPDGDD and Article 83(2)(k)

application, see Article 3(2)(b) GDPR, or automated decision making, see Article 22 GDPR. Profiling also triggers information duties under Articles 13(2)(f) and

by Article 83(2)(b) GDPR, and also the link between the company's activity and the processing of personal data, as provided for by Article 76(2)(b) GDPR

Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number

Member States, in Articles 83(1) to (6) of the GDPR. Second, Article 83(2)(b) GDPR, read in conjunction with Article 83(3) GDPR, both describe the intentional

statement of the Debtor [Article 83 (2) (k) GDPR]; - the processing did not affect specific categories of personal data [Article 83 (2) GDPR paragraph (g)]; -

the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision

prescription in article 72.1.b) of the LOPDGDD, a fine of 12,000 euros, of in accordance with articles 83.2 a), b) d) of the RGPD and 76.2.a) of the LOPDGDD

Authority. II.5.2. Established infringement of Article 5(1)(a) j° Article 6(1)(f) and Article 12(2) GDPR in conjunction with Article 17 (1) GDPR. II.5.2.1. Administrative

obligor.[Article 83(2)(b) GDPR] - The obligor has not yet been convicted for violating the General Data Protection Regulation.[Article 83(2)(e) GDPR] - The

(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)

negligence of the infringement (Article 83(2)(b) GDPR) the impact on basic personal identifiers (Article 83(2)(g) GDPR) Share your comments here! Share

contemplated in article 83.2 of the GDPR and the Article 76.2 of the LOPDGDD, with respect to the offense committed by violating the established in article 6.1 of

mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual

contrast to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not

accountability in Article 5(2) GDPR, paragraph (2) specifies further requirements in the general principle of transparency under Article 5(1)(a) GDPR, paragraph

respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences

with the principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of

established by Article 83(1) GDPR and taking into account the criteria of Article 83(2) GDPR. This decision is the first decision of the EDPC under Article 65(1)

issued its Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR with a detailed analysis of Article 6(1)(b) GDPR. General information

access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation

categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific

relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically

reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate

the GDPR: i. Articles 5.1.a) and 5.2, as well as Article 6.1 GDPR; ii. Articles 12.1 and 12.2, Article 15.1, Article 5.2, Article 24.1, and Article 25.1

provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be

commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA

of: 1. Article 5 (1) (a) and (2) and Article 6 (1) GDPR; 2. Article 5, Article 24 (1) and 25 (1) and (2) GDPR; 3. Article 12 paragraph 1, paragraph 2, paragraph

commentary on Article 13(2)(b) GDPR. Given the identical wording, see commentary on Article 13(2)(c) GDPR. Given the identical wording, see commentary on Article

leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward

categories. Similar to the ex-ante information in Article 13(2)(b) and 14(2)(c) GDPR, Article 15(1)(e) GDPR required to inform the data subject about the right

meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines

are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles

applicability of Article 49(1) GDPR, the documentation of suitable safeguards (Article 30(2)(c) GDPR). See commentary under Article 30(1)(e) GDPR. The processor's

access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)

from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities

years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the

elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first

or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both

Regulation (GDPR), Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article

with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article

criteria established in the section 2 of the aforementioned article. 2. In accordance with the provisions of article 83.2.k) of Regulation (EU) 2016/679, also

constitutes a special category of personal data under Article 9(1) GDPR, explicit consent (Article 9(2)(a) GDPR) would have been necessary for part of the processing

liability and jurisdiction provisions (Articles 47(1)(b), 47(2)(d), 47(2)(e), 47(2)(g), 47(2)(i), 47(2)(l) GDPR); a duty for the EU BCR member to accept responsibility

from Articles 13(2)(b) and 14(2)(c) GDPR. However, Article 21(4) GDPR specifies that the right to object under Article 21(1) and 21(2) GDPR (i.e. the right

with the examination procedure referred to in Article 93(2). You can help us fill this section! Article 43 GDPR explains the procedure involved in establishing

similar to the ones laid out by Article 50 GDPR. Article 50 GDPR is divided in two different parts: letters (a) and (b) aim for cooperation with other

Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 6

to in Article 61(6) GDPR. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2) GDPR. → You

proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board

pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A delegated

entering the contract, Article 22(2)(a) GDPR does not mention this additional aspect. In any case, the application of Article 22(2)(a) GDPR is always subjected

a binding dispute resolution procedure in accordance with Article 65 GDPR. Article 64(2) GDPR allows any SA, the EDPB Chair or the Commission to request

Regulation (GDPR): A Commentary, Article 49 GDPR, p. 846 (Oxford University Press 2020). EDPB, ‘Guidelines 2/2018 on derogations of Article 49 under Regulation

clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against

categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation

subject to processing, as described in Article 3(2)(a) and (b) GDPR. Common Misunderstanding: The application of the GDPR does in no way depend on the citizenship

lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the

Chair represents the Board (Article 68(2) GDPR) and is responsible for directing the work of the secretariat (Article 75(2) GDPR). Other specific responsibilities

on Article 36(4), it is still disputed whether the outcome of the procedure rather resembles that of Article 58(3)(a) GDPR or Article 58(3)(b) GDPR. See

must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller

Commentary. Article 54(1)(b) GDPR echoes Article 53(2) GDPR, which outlines the qualificatory and experiential requirements for SA members. However, unlike Article

important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal

unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/2011

with the support of the EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph

for the violation of Article 5(1)(f) GDPR and Article 5(2) GDPR. The AEPD considered that the fine was proportional, since the GDPR establishes that fines

processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency

Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number

Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU

pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is carried

Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article

requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide

occupation. For example, Article 52(2) GDPR requires SA members to remain free from external influence and Article 52(3) GDPR entails a prohibition of

according to Article 58 Paragraph 2 Letter i and Article 83 Paragraph 1 to 6 GDPR Article 58 Paragraph 2 Litera i and Article 83 Paragraph One , to 6 GDPR are to

which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary