Search results

violation of Article 6(1) GDPR? AEPD considered that the documentation provided offers evidence that Vodafone violated Article 6(1) of the GDPR, by processing

by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit

RESOLVES:FIRST: IMPOSE BBB , with NIF *** NIF.1 , for a violation of the article5.1.d) of the RGPD, typified in article 83.5 of the RGPD, a penalty of € 3,000

constitutes sensitive data within the meaning of Article 9 GDPR. The DPA alluded to Article 9(1) GDPR which prohibits the processing of these special categories

ensure the protection of the interests referred to in Article 23(1). objectives referred to in Article 23(1), the controller shall take into account when assessing

with Art. 2 para. 1, Art. 1 para. 1 GG, Art. 17 para. 1 lit. d) DSGVO, because her personal data is stored according to Art. 6 para. 1 lit. f. DSGVO had

may not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data

regulated in article 6 of the GDPR. The assumptions that allow the processing of personal data to be considered lawful listed in article 6.1 of the GDPR: 1. Treatment

party, breach Article 6(1) GDPR? The Spanish DPA (AEPD) referred to the principle of lawfulness, fairness and transparency (Article 5(1)(a)), as well as

provisions of article 58.2.i) of the GDPR, for the alleged infringement of article 6.1 of the GDPR, typified in article 83.5.b) of the GDPR. SECOND: APPOINT

controller violated Article 5(1)(d) GDPR ("accuracy"), but a more natural conclusion would be to find a violation of Article 32(1)(d) GDPR ("adoption of adequate

been taken up in Article 5(1)(b) of the GDPR under the Principles relating to the processing of personal data (Chapter II). Article 5(1)(b) of the RGPD

supply data, without the consent of the data subject, a breach of Article 6 (1) GDPR? The Spanish DPA held that the processing of data relating to electricity

significant (Article 83(2)(b) GDPR). - basic personal identifiers were affected (name, identification number, the line identifier) (Article 83(2)(g) GDPR). The

violation of Article 5 (1) (f) GDPR? The Spanish DPA held that were clear indications that the defendant infringed Article 5 (1) (f) GDPR, principles relating

the authority ofcontrol pursuant to Article 58 (2), or failure to provide access in breachof article 58, paragraph 1. "Organic Law 3/2018, on the Protection

violation of article 6.1. f) of the RGPD, in relation with article 20.1 c) of the LOPDGDD, typified in article 83.5.a) of the cited GDPR That by writing

the Strijp-S housing complex in Eindhoven. It's agreed 1 Facts 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 that [plaintiff] directly to PME Investment Services

specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "1. Each supervisory authority

loss of control of personal data and a breach of Article 5(1)(f) GDPR, Article 6 GDPR and Article 32(2) GDPR. The first complainant is a company that is engaged

basis for the processing (Article 21(1) GDPR). Finally, the DPA fined the controller €12,000 for a violation of Article 6(1) GDPR due to the lack of a valid

This behaviour was in violation of Article 31 GDPR. Thirdly, Company B was found to be in violation of Article 32(1) GDPR. This provision imposes an obligation

applicable to the controller, including Articles 5(1)(a) and 6 GDPR. As a matter of fact, Articles 5(1)(a) and 6 GDPR set general principles and conditions of processing

obligation according to Article 25(1) of the General Data Protection Regulation, because the controller had failed to implement Article 5(1)(a) of the General

2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the processing

functions assigned to the control authorities in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es

for fraud prevention under Article 6(1)(f) GDPR. Did the company’s policy breach Article 6 or any other articles of the GDPR? The Garante held that the

and GDPR? Is a prediction of a political affiliation a "special category of data" under Article 9(1) GDPR? How much are the damages under Article 82 GDPR

correspond would be for the infringement of article 6.1 of the GDPR, typified in article 83.5 a) of the GDPR, the sanction that would correspond would be

referred to in Article 64(1) or does not follow the opinion of the Committee issued under Article 64". 8. The investigation shows that, on 1 June 2018, the

as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal

in accordance with Article 32 (2) of the Regulation. 2nd 3.3. Article 33 (1) of the Data Protection Regulation 1 and Article 34 (1). 1 The Data Inspectorate

commerce (hereinafter LSSI), as provided in article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, on Administrative Procedure Common of Public

violated Article 6(1)GDPR, for processing personal data without a legal basis. Hence, the AEPD decided to fine Telefónica for the violation of Article 6(1)GDPR

have breached the lawfulness of processing principle as per article 6(1) GDPR, as well as article 20 of the Spanish Law on Personal Data Protection and Guarantee

an alleged violation of article 6 of the GDPR typified as an infringement of basic principles for processing in article 83.5 GDPR. In determining the amount

Vodafone España, S.A.U. (the defendant) for the infringement of Article 6(1) of the GDPR, as the defendant agreed to an early voluntary payment of the corresponding

of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.

commerce (hereinafter LSSI), as provided in the article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, of the Administrative Procedure Common of

assessment pursuant to Article 35 of the GDPR and, depending on the outcome, also have to consult the AP beforehand (Article 36 of the GDPR). In addition, as

in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter GDPR), and C/

concerns the following in this appeal. 3.1.1. [the employee] , born on [date of birth] 1964, was employed on 1 September 1986 joined Trigion's legal predecessor

Articles 6 and 13 GDPR? The AEPD decided to impose, for infringement of Article 6 GDPR, a fine of € 10000 and, for infringement of Article 13 GDPR, a fine of

for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On January 23, 2023, DIGI requests a copy of the

processing was therefore in breach of Article 5(1)(a) and Article 6(1)(c) of the GDPR. The DPA also ruled out Article 6(1)(f) on the grounds of domestic law:

health data, recorded in copies Article 6 (1) of the GDPR and, in the case of health data, Article 9 of the GDPR. Article 1 (1); (3) did not provide clear

her life. Her objection to processing follows from Article 21(1) GDPR. ING argues that Article 21(1) GDPR cannot be relied on in this case because it applies

his/her consent. The DPA first outlined Article 6(1)(a) and (b) GDPR, Articles 4(11) GDPR on consent, as well as Article 6 of the Spanish Data Protection Law

principles are found under Article 5(1)(a) and Article 5(2) GDPR respectively]. The Spanish DPA even made reference to Recital 40 GDPR on the legality of processing

have entered into a breacha / 'article 14.1-2 combined' article 12.3, article 6, article 5.1, c) and articles 5.2 and 24.1-2 of the RGPO. It is therefore

"Principles of Data Protection", article 4.1 of the LOPDGDD determines: "4. Data accuracy. 1. In accordance with article 5.1.d) of Regulation (EU) 2016/679

that this would also be contrary to the AVG. Article 82 of the AVG 12. Article 82 of the AVG reads as follows: 1. Any person who has suffered material or non-material

controller was in breach of Article 38(1) GDPR at the time of the investigation. Regarding the breach of Article 39(1)(b) GDPR, the CNPD concurred with the

rating, breaching Article 6(1) GDPR, and required the company to implement a policy for conducting credit ratings per Article 24 GDPR. A person lodged a

Article 57 (1) (a), Article 58 (2) (e) and (i), Article 83 (1) - (3) and Article 83 (4) (a) in connection with Article 33 (1) and Article 34 (1), (2) and

constitutes personal data according with Article 4(1) GDPR therefore its processing falls within the scope of GDPR. The DPA also analysed whether the controller

patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital

the lack of security routines, thus breaching Article 32(1)(b) cf. Article 5 GDPR, Article 35 and Article 24(1), respectively. Teachers at two junior high

data under the GDPR. The Italian DPA started an investigation concerning potential violations of Articles 5(1)(a), 6, 13, 28(1) and 35 GDPR. The Italian

principle, namely the breaches of articles 5-1-c), 5 -1 e), 13, 32 and 35-1 of the GDPR; no breach of Article 6 of the GDPR and of Directive 2002/58 / EC of the

personal data in that assessment pursuant to Article 15(1) GDPR. However, Article 23(1)(i) GDPR and Article 41 UAVG provide the possibility of a restriction

claimant’s signature constitute a breach under the GDPR? The AEPD held that Vodafone violated Article 6(1) GDPR, as they had processed the claimant’s data without

the DPA held that the controller had violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 6 GDPR and Section 3 of the Finnish Act on the Protection

entity has violated article 6 of the GDPR, for carrying out a processing of personal data without legitimacy. II Article 6.1 of the GDPR establishes the assumptions

be established on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data

pursuant to Article 54 of ZVOP-1, points (a), (d) and (f) of Article 58 (2) of the General Regulation, Articles 29 and 32 of the ZIN and Article 221 ZUP,

engines (see Annex 1 to note of 9 January 2019, p. 1); b) to be "aware of the dispersion of data on 12.12.2018" (see note of 9 January 2019, p. 1) and to have

according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines

under Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet

commercial SMS on your mobile line ***PHONE.1. In this sense, article 21 of the LSSI provides the following: "1. The sending of advertising or promotional

be referred to respectively as '[plaintiff]' and '[the State]'. 1 The proceedings 1.1. The course of the procedure is evidenced by - the summons with productions;

basis under Article 6(1)(c) GDPR, the Court found that the data subject cannot exercise his right to object pursuant to Article 21(1) GDPR. Secondly, the

highly sensitive personal data exposed, thus breaching Article 32(1)(b) GDPR and Article 32(2), cf. Article 24. An employee in a municipal health care center

adequate information under Article 13 GDPR, and for the processing of personal data in a manner contrary to Article 5(1)(a) of the GDPR. A data subject submitted

relation to the requirements prescribed by Article 12.1 of the GDPR (transparency obligation) and by Article 13 of the GDPR (right to information). The Head of

that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines

Articles 6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the

03/31/2020, a written letter is sent to the respondent, *** ADDRESS.1, *** LOCALITY.1 (*** PROVINCE.1), address of the Mer- cantil, giving result "Returned to Origin

provided in article 5.1.f) and 32.1 of the GDPR (LCEur 2016, 605). It should be noted that the GDPR, without prejudice to the provisions of its article 83, contemplates

e7141c720c53441c2483c; has_js=1; _gid=GA1.2.1837808855.1597415922; _gat=1 Upgrade-Insecure-Requests 1 If-None-Match" 1597405902-1" Cache-Control max-age=0”

Act and, subsequently, the GDPR. Request for compensation in case his data is processed unlawfully is also in line with the GDPR. The facts that this may

entity has violated article 6 of the GDPR, for carrying out a processing of personal data without legitimacy. II Article 6.1 of the GDPR establishes the assumptions

personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO,

employee of the entity - infringes Article 32. 2 and 32.4 of the RGPD, an infringement punishable under Article 83.4.a of the GDPR. Assessing the circumstances

section 1, subsection 1, section 14, subsections 1–2, section 15, subsections 1 and 3. and subsection 4, 3 points, section 16, subsection 1, section 18

Service and transferred to the Disputes Chamber pursuant to article 62, § 1 j° article 92, 1° WOG. 10. On 7 February 2020, the Disputes Chamber invites

breach of Article 5(1)(f) GDPR. Was the publication of the census copies a breach of the data integrity and confidentiality principle under Article 5(1)(f) GDPR

derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL

amended: Article 3,, Article 4, number 11,, Article 7,, Article 51, paragraph one,, Article 12, paragraph 3,, Article 17,, Article 19,, Article 57, paragraph

company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose

against the controller. Based on Article 72(1)(b) of the national data protection law, and Articles 83(1) and 83(2) GDPR, the DPA considered aggravating

had been unlawful because Article 6(1)(e) GDPR provided a valid legal basis and there was no violation of Article 6(4) GDPR. The controller is the Minister

title of documents containing sensitive information was a breach of Article 32(1)(b) GDPR, highlighting that the breach was reported to the municipality by

Protection Act) § 22. The provisions of Articles 13(1) to (3), Article 14(1), Article 15 and Article 34 of the Data Protection Regulation shall not apply

(the defendant) for the infringement of Article 6(1) of the GDPR, as the defendant agreed to an early and guilty voluntary payment of the corresponding

Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg

of GDPR Article 5(1)(a) (processing must be fair, lawful and satisfy a condition under Article 6), Article 5(1)(d) (data must be accurate), Article 10

According to the data subject, it follows from Article 47 of the Charter of Fundamental Rights and Article 79 GDPR, that they should not be ordered to pay those

violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading

be answered on 23/04/2019 and also forwarded to the Court of Occupation (Document 26}." r PAGE □1-□□□□ 1429503- □□□4-□□ 15-□2-□1-;i L _J,Court of appeal