Search results
From GDPRhub
- DSB (Austria) - 2020-0.111.488 (category Article 5(1)(a) GDPR)Regulation, hereinafter : "GDPR"), OJ No. L 119 of 04.05.2016 S1, the following administrative offense (s) committed: In any case, from **. February 2020 until8 KB (1,048 words) - 13:50, 12 May 2023
- CNPD (Luxembourg) - Délibération n° 17FR/2021 (category Article 5(1)(c) GDPR)headquarters of [S1] and a second system is operated from the site of [S2]. The video surveillance system installed at the administrative headquarters of [S1] is composed44 KB (6,212 words) - 08:28, 16 June 2021
- ArbG Düsseldorf - 9 Ca 6557/18 (category Article 6(1)(c) GDPR)December 9, 2018 (Annex S1, pages 314 et seq. DA), the attorney-at-law sent the defendant's attorney-at-law to the plaintiff's attorney-at-law, a letter58 KB (9,364 words) - 13:51, 16 December 2021
- Article 6 GDPR (section (1) Legal basis for processing)concept of "explicit consent" in Articles 9(1)(a), 22(2)(c) and 49(1)(a) GDPR. See the commentary on Article 9(1)(a) GDPR for explicit consent. Generally108 KB (17,005 words) - 15:39, 18 March 2024
- Article 5 GDPR (section (1) Principles)Article 5(1)(b) does not foresee a certain form of documentation, but Articles 5(2) or 30(1)(a) GDPR require documentation and Articles 6(1)(a), 13(1)(c) and51 KB (6,355 words) - 08:25, 18 April 2024
- Article 58 GDPR (section (1) Investigative powers)controller’s (or processor’s) premises in accordance with Article 58(1)(f) GDPR. The search is not restricted to the business premises but a judge’s authorization46 KB (5,825 words) - 11:12, 7 November 2023
- Article 15 GDPR (section (1) The Right of Access)further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- Article 4 GDPR (section (1) Personal data)(Nomos 2018). Recital 70 GDPR. Recital 71 sentence 1 GDPR. Recital 71 sentence 1 GDPR. Recital 28 sentence 1 GDPR, such as Hansen, in Simitis, Hornung, Spieker125 KB (16,328 words) - 16:01, 8 March 2024
- alternative means of communication which suit the data subject's specific needs. Under Article 12(1) GDPR, information “shall be provided in writing, or by other76 KB (11,304 words) - 08:37, 4 March 2024
- Article 13 GDPR (section (1) Information the controller shall provide at the time personal data is obtained)GDPR embodies the principle of transparency in Article 5(1)(a) GDPR, outlining the controller's obligation to actively provide clear and comprehensive information71 KB (9,532 words) - 13:30, 6 March 2024
- Article 17 GDPR (section (1) Right to erasure)data subject’s private life, and second, the public’s interest in accessing the information, which may vary depending on the data subject’s role in public61 KB (8,488 words) - 15:47, 18 March 2024
- non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the41 KB (5,197 words) - 12:17, 17 April 2024
- Article 9 GDPR (section (1) General prohibition of processing of special categories of personal data)subsume the corresponding legal basis contained in Article 6(1)(a) GDPR, 6(1)(d) GDPR and 6(1)(e) GDPR respectively, and would require no additional correlation44 KB (5,905 words) - 14:00, 24 October 2023
- Article 83 GDPR (section (1) Administrative fine)identification of sanctionable conduct(s) and infringment(s). For a detailed analysis we refer to paragraph (1). Determination of the starting point of55 KB (7,622 words) - 14:04, 7 November 2023
- public interest in the case of Article 6(1)(e) and the controller's legitimate interest in the case of Article 6(1)(f). In other words, there is a balancing49 KB (5,993 words) - 06:22, 16 June 2023
- Article 14 GDPR (section (1) Information the controller shall provide when personal data has not been obtained from the data subject)Article 13(1)(a) GDPR. Given the identical wording, see commentary on Article 13(1)(b) GDPR. Given the identical wording, see commentary on Article 13(1)(c) GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1) since they30 KB (3,458 words) - 10:31, 25 April 2024
- Article 25 GDPR (section (1) Data protection by design)individual rights. These criteria have the same meaning as in Article 24(1) and Article 32(1). The "nature" of the processing consists of its “the inherent characteristics”43 KB (4,675 words) - 06:43, 16 June 2023
- Article 28 GDPR (section (e) Assisting with the controller's obligation to respond to data subject's requests)possible, for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III; (f) assists72 KB (9,140 words) - 13:12, 2 June 2023
- May 2020 (Version 1.1), pp. 7-8 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), pp. 8-9 (available31 KB (3,489 words) - 16:00, 8 March 2024
- Article 33 GDPR regulates the controller and processor's obligations in case of data breach. Pragraph 1 imposes an obligation on controllers to notify the54 KB (6,536 words) - 08:22, 16 June 2023
- enforcement of the GDPR are SA's main tasks. They summarise the core idea of SA's activities. All other tasks entailed in Article 57(1) GDPR can be understood60 KB (7,796 words) - 20:12, 1 April 2024
- Article 35 GDPR (section (1) Mandatory DPIA)legitimate purpose(s) (Article 5(1)(b)); lawfulness of processing (Article 6); adequate, relevant and limited to what is necessary data (Article 5(1)(c)); limited52 KB (7,297 words) - 08:05, 18 July 2023
- to Article 32(1) GDPR would be an example of such an obligation. It is also important to stress that, without prejudice to the processor's liability under33 KB (4,215 words) - 09:57, 19 March 2024
- ng provision of Article 56(1) GDPR. In such cases, the LSA, i.e. the SA of the place where the controller's or processor's main or sole establishment is35 KB (4,017 words) - 16:04, 18 March 2024
- Article 56 GDPR (section (1) Designation of the Lead Supervisory Authority (LSA) and the Cooperation Mechanism)processor’s lead supervisory authority, version 2.1, Section 2.2, available here. Guidelines 8/2022 on identifying a controller or processor’s lead supervisory55 KB (7,446 words) - 22:28, 1 April 2024
- Article 30(1)(a) states it should contain the name and contact details of the controller and, where applicable, the joint controller(s), the controller's representative31 KB (3,327 words) - 15:31, 5 June 2023
- with Article 33(1) GDPR. Thus, since the supervisory authority should be aware of the data breach, it can also be involved in the controller’s procedure for37 KB (3,962 words) - 15:20, 16 June 2023
- Article 2 GDPR (section (1) Material scope)information onto a form. The form is stored in the hospital's old paper filing system, where each patient's papers are stored according to surname and first name34 KB (4,652 words) - 12:07, 12 November 2023
- guide the reviewer’s decision. Otherwise, it would be completely impossible to express one's own point of view. Pursuant to Article 12(1), which expressly31 KB (4,768 words) - 06:24, 16 June 2023
- to include the DPO's 'contact details', i.e. exactly the same wording used in Article 13(1)(b) GDPR. If one were to follow Apple's suggested reading, after43 KB (4,904 words) - 12:59, 21 July 2023
- Article 23 GDPR (section (1) Restrictions)subject’s rights, but not deny them. The grounds for restrictions are exhaustively listed in Article 23(1) GDPR. These grounds, listed in Article 23(1)(a)-(c)44 KB (4,896 words) - 06:25, 16 June 2023
- subject’s data by the controller triggers a data subject’s right under Article 13 and 14 GDPR. We reject a strict literal interpretation of Article 79(1) GDPR31 KB (3,550 words) - 11:11, 29 November 2023
- CJEU: The CJEU has clarified in C-132/21 that "Article 77(1), Article 78(1) and Article 79(1) of Regulation (EU) 2016/679 [...] must be interpreted as33 KB (3,641 words) - 09:51, 19 March 2024
- exercise of a SA's investigative powers under Articles 58(1)(a), (b), (c), (e) and (f) GDPR; decisions following the exercise of a SA's corrective powers30 KB (3,874 words) - 10:46, 7 December 2023
- independence and expertise in data protection matters. Paragraph 1 ensures the DPO's timely and proper involvement in any data protection issues. Paragraph29 KB (2,951 words) - 14:19, 25 July 2023
- Article 46 GDPR (section (1) Scope)Article 46 - Transfers subject to appropriate safeguards 1. In the absence of a decision pursuant to Article 45(3), a controller or processor may transfer34 KB (3,646 words) - 08:53, 27 March 2023
- objection of a SA (Article 65(1)(a) GDPR), when there are different views on which SA is the lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is33 KB (4,185 words) - 16:09, 2 November 2023
- prior authorization, irrespective of the requirements of paragraph 1. Article 36(1) GDPR establishes an obligation for the controller to consult the DPA31 KB (3,646 words) - 08:51, 21 July 2023
- Article 39 GDPR (section (1) DPO's Tasks)to management or the appropriate authority. Articles 39(1)(d) and (e) GDPR lay down the DPO’s obligations in relation to the Data Protection Authorities23 KB (2,165 words) - 15:10, 27 July 2023
- restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment32 KB (3,730 words) - 08:43, 7 March 2024
- version=1.0 https://www.garanteprivacy.it/documents/10160/0/Bilancio+di+previsione+2019+-+Sintetico.xlsx/700e5df5-f7c3-6510-1bd5-ef90e9824f17?version=1.07 KB (808 words) - 08:17, 16 February 2023
- Act (Zakon o varstvu osebnih podatkov (ZVOP-1)) which stayed in force for more than 4 years after the GDPR’s entrance into force. Responding to requests10 KB (1,242 words) - 10:51, 6 February 2024
- Article 26 GDPR (section (1) Joint controllership)data on another party’s behalf and on this party’s documented instructions (you are a sub-processor). According to Article 26(1) of the GDPR, joint controllers37 KB (3,915 words) - 12:49, 24 May 2023
- Article 3 GDPR (section (1) Establishment in the Union)the Union. Whereas the mere accessibility of the controller's, processor's or an intermediary's website in the Union, of an email address or of other contact37 KB (4,635 words) - 13:29, 24 October 2023
- after IP completion day, the court is not bound (EUWA s 6(1)) but "may have regard" to them (EUWA s 6(2)). (4) The position is different in a "relevant court"18 KB (2,488 words) - 15:22, 14 December 2021
- However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article23 KB (2,489 words) - 23:24, 6 March 2024
- necessary to protect an interest which is essential for the data subject's or another person's vital interests, including physical integrity or life, if the data29 KB (3,500 words) - 08:54, 27 March 2023
- an advisory role. Articles 70(1)(a) and 70(1)(t) GDPR grant the EDPB an important and new role regarding the Regulation’s consistency mechanism. In particular27 KB (3,038 words) - 12:19, 11 October 2023
- the territory of the European Union (in breach of Article 27(1) GDPR). In such situations s SA may ask the competent authorities of the country of the processor35 KB (3,971 words) - 21:34, 1 April 2024
- tie, the President's vote shall prevail. Decisions are published except for cases where there is impediment of a DPA's member. The DPA’s response or decision23 KB (2,039 words) - 08:15, 25 April 2024
- Article 8 GDPR (section (1) Material scope)May 2020 (Version 1.1), p. 28 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), p. 27 (available19 KB (1,335 words) - 13:56, 24 October 2023
- burdened by data protection rules. Article 85(1) GDPR sets out a legal framework to reconcile the data subject’s right to data protection with the performance33 KB (3,748 words) - 14:25, 7 November 2023
- of Article 88(1) GDPR. Therefore, for a comprehensive overview of the term ‘more specific’, please refer to section 2.1 below. Article 88(1) GDPR establishes32 KB (3,228 words) - 13:32, 30 November 2023
- organisation or association referred to in paragraph 1 of this Article, independently of a data subject’s mandate, has the right to lodge, in that Member State26 KB (2,575 words) - 15:50, 9 November 2023
- Article 20 GDPR (section (1) Right to data portability)pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is carried40 KB (5,349 words) - 07:05, 1 June 2023
- referred to in paragraph 1 within the period referred to in paragraph 3. 7. The supervisory authority referred to in paragraph 1 shall take utmost account23 KB (2,079 words) - 16:07, 2 November 2023
- set out in Article 51(1) and 52 GDPR, Article 54(1)(a) GDPR repeats that these should be legislated for through a Member State's domestic law. Under the34 KB (3,649 words) - 13:19, 30 October 2023
- up. Indeed, the wording of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct44 KB (5,008 words) - 14:50, 28 July 2023
- Article 75 GDPR (section (1) The Secretariat)outlines the secretariat's responsibilities, which take on a primarily administrative function. Including the secretariat within the GDPR's legislative rubric20 KB (1,347 words) - 14:21, 17 October 2023
- controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- seconding supervisory authority's authorisation, confer powers, including investigative powers on the seconding supervisory authority's members or staff involved22 KB (1,915 words) - 13:46, 15 January 2024
- Article 41 GDPR (section (1) The monitoring body)the code of conduct. This is clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR30 KB (2,720 words) - 14:02, 28 July 2023
- Article 68 GDPR (section (1) Legal personality)accordance with that Member State’s law, must act as representative to the Board. While the Commission may participate in the EDPB’s meetings and activities, it20 KB (1,632 words) - 10:01, 11 October 2023
- Article 47 GDPR (section (1) Binding Corporate Rules)the company’s internal complaint mechanism, cooperation duties with the DPAs, as well as liability and jurisdiction provisions (Articles 47(1)(b), 47(2)(d)29 KB (2,823 words) - 15:15, 28 April 2022
- (Article 24(1) RoP). This provision ensures the EDPB's flexibility and ability to act. The EDPB also made use of the authorisation in Article 76(1) GDPR and22 KB (2,266 words) - 08:26, 17 October 2023
- following their deliberations. Article 53(1) names four possible appointing bodies. These are a Member State's (i) parliament, (ii) government, (iii) head29 KB (2,894 words) - 23:06, 1 April 2024
- secrecy are laid down in the EDPB's Rules of Procedure (“RoP”). Article 33(1) RoP stipulates that in “accordance with Art 76 (1) GDPR”, discussions of the Board15 KB (787 words) - 08:17, 19 October 2023
- concerning the interpretation of Article 28(1) of Directive 95/46/EC ("DPD"), the Regulation's predecessor. Article 28(1) DPD established the existence of supervisory47 KB (5,594 words) - 22:45, 1 April 2024
- Article 1 GDPR (section (1) Subject-matter)function as guiding principles to interpreting the GDPR. Article 1(1) establishes the GDPR's two main aims. First, it aims at protecting natural persons with28 KB (3,831 words) - 16:21, 14 March 2024
- processing of the data in question by the recipients. Indeed, under Article 5(1)(d) and 17(1) GDPR, each recipient is individually responsible for correcting, deleting19 KB (1,436 words) - 12:35, 12 May 2023
- require the data subject’s identification remain applicable, including, but not limited to, security of processing (Article 32(1) GDPR) and the general principles20 KB (1,854 words) - 16:32, 8 March 2024
- not apparent why the principle laid down in Article 72(1) GDPR should be deviated from. Article 72(1) GDPR stipulates that the Board shall take decisions19 KB (1,530 words) - 14:23, 12 October 2023
- itself does not impose any formal restrictions on the Article's applicability. Article 81(1) GDPR requires that the competent court of a Member State to27 KB (2,619 words) - 14:52, 16 November 2023
- bodies may not interfere in the EDPB's functioning. This arrangement stands in stark contrast to that of the Board's predecessor, the Article 29 Working18 KB (1,327 words) - 12:36, 14 December 2023
- just before the deadline of 1 month. That means that if you want to appeal a decision, you've only one month to do so as there's a delay of 2 month after8 KB (824 words) - 22:52, 27 February 2024
- Article 92 GDPR (section (1) Delegated acts)delegation of power. At first glance, Article 92 GDPR's wording seems to be in conflict with Article 290(1) TFEU, but in actuality it is not. Article 92(2)19 KB (1,525 words) - 08:18, 19 October 2023
- Article 71 - Reports 1. The Board shall draw up an annual report regarding the protection of natural persons with regard to processing in the Union and15 KB (1,196 words) - 08:15, 19 October 2023
- Article 45 GDPR (section (1) Adequacy Decision)take account of obligations arising from the third country's or international organisation's participation in multilateral or regional systems in particular43 KB (5,641 words) - 14:58, 28 April 2022
- Article 97 - Commission reports 1. By 25 May 2020 and every four years thereafter, the Commission shall submit a report on the evaluation and review of16 KB (778 words) - 08:24, 19 October 2023
- 91 - Existing data protection rules of churches and religious associations 1. Where in a Member State, churches and religious associations or communities25 KB (2,482 words) - 10:04, 19 March 2024
- Article 89 GDPR (section (1) Mandatory Appropriate Safeguards for Archiving Purposes in the Public Interest, Scientific or Historical Research Purposes,...)research. In addition, it should take into account the Union's objective under Article 179(1) TFEU of achieving a European Research Area. Scientific research29 KB (3,695 words) - 13:44, 21 March 2024
- supervisory authority’s request is to further the performance of its tasks. Following from this, the content and scope of a supervisory authority’s request is constricted22 KB (2,042 words) - 14:29, 20 November 2023
- Representatives of controllers or processors not established in the Union 1. Where Article 3(2) applies, the controller or the processor shall designate25 KB (2,418 words) - 14:11, 24 May 2023
- this section! You can help us filling this section! There are two options: 1) a "recurso de reposicion" to ask the AEPD to reconsider its decision or 2)4 KB (386 words) - 15:29, 3 September 2021
- Article 99(1) GDPR, which entered the Regulation into force on 25 May 2016, generating a two-year transition period between the Regulation's entry into13 KB (530 words) - 09:40, 3 October 2023
- and the EPD is to be found in Recital 10 and Article 1(2) EPD. Article 1(2) EPD provides that the EPD's provisions serve to "particularise and complement20 KB (1,539 words) - 08:21, 19 October 2023
- Article 74 GDPR (section (1) Tasks of the Chair)Article 74 - Tasks of the Chair 1. The Chair shall have the following tasks: (a) to convene the meetings of the Board and prepare its agenda; (b) to notify15 KB (808 words) - 09:44, 17 October 2023
- Article 99 - Entry into force and application 1. This Regulation shall enter into force on the twentieth day following that of its publication in the Official12 KB (295 words) - 08:25, 19 October 2023
- criminal convictions and offences or related security measures based on Article 6(1) shall be carried out only under the control of official authority or when17 KB (1,768 words) - 15:41, 18 March 2024
- Article 93 GDPR (section (1) Implementing acts)margin number 1 (C.H. Beck 2020, 3rd Edition). Ehmann, in Ehman, Selmayr, Datenschutz-Grundverordnung, Article 93 GDPR, margin number 1 (C. H. Beck 201817 KB (1,096 words) - 08:19, 19 October 2023
- Article 42 - Certification 1. The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level27 KB (2,452 words) - 14:26, 28 July 2023
- secrecy 1. Member States may adopt specific rules to set out the powers of the supervisory authorities laid down in points (e) and (f) of Article 58(1) in18 KB (1,599 words) - 12:26, 29 April 2022
- the adoption of final measures regarding Facebook Ireland Limited, p.42, s. 4.2.1(available here).15 KB (810 words) - 16:13, 2 November 2023
- processing of personal data (see Article 5(1)(a) GDPR), the need to limit the purpose of such processing (see Article 5(1)(b) GDPR), the requirement to have a48 KB (5,978 words) - 15:57, 1 February 2024
- Article 43 GDPR (section (1-5) The certification body)Article 43 - Certification bodies 1. Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, certification22 KB (1,634 words) - 14:40, 28 July 2023
- https://www.dsb.gv.at/dam/jcr:ee7b155a-0a1f-4d00-98e9-902314c7022d/Datenschutzbericht%202022.pdf Report: Europe’s governments are failing the GDPR by Brave11 KB (1,468 words) - 13:27, 14 May 2023
- Article 66 - Urgency procedure 1. In exceptional circumstances, where a supervisory authority concerned considers that there is an urgent need to act in20 KB (1,590 words) - 16:11, 2 November 2023
- engagement working on the DPA's guidance service over the phone. About 58% are women and 42% men. Historical numbers (Datatilsynet's annual report 2021): 2021:10 KB (1,078 words) - 06:40, 26 March 2023
- their work. The President shall exercise the employer’s rights over the public officials and the NAIH's employees. Based on constitutional provision, the Act7 KB (821 words) - 14:16, 7 March 2024