Search results
From GDPRhub
- reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- Article 49 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 49 GDPR, p. 846 (Oxford University Press 2020). EDPB, ‘Guidelines 2/2018 on derogations of Article 49 under Regulation29 KB (3,500 words) - 08:54, 27 March 2023
- Article 89 GDPR (category Article 89 GDPR) (section (2) Derogations Possible for Scientific or Historical Research Purposes or Statistical Purposes)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- Article 78 GDPR (category GDPR Articles) (section (2) Right to judicial remedy against DPA inactivity)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- in principle (see hereunder Article 65(2) GDPR) to adopt a decision under Article 65 GDPR is reached, since Article 64 GDPR only requires a simple majority33 KB (4,185 words) - 16:09, 2 November 2023
- the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 6 (available here). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’37 KB (4,635 words) - 13:29, 24 October 2023
- provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller52 KB (7,297 words) - 08:05, 18 July 2023
- in Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 20 GDPR (category GDPR Articles) (section (2) Right to have personal data directly transmitted to another controller)consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- laid down in Article 57 GDPR. The powers of SAs are both investigative and corrective, which are set out in Article 58 GDPR. Article 52(2) GDPR requires two47 KB (5,594 words) - 22:45, 1 April 2024
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- Spain the GDPR is developed by the Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD). Article 7.2 LOPDGDD15 KB (1,875 words) - 16:18, 13 July 2022
- deals with processing within the scope of the GDPR. Part 2 deals with processing outside of the scope of the GDPR. Part 3 deals with processing by competent18 KB (2,488 words) - 15:22, 14 December 2021
- Datatilsynet (Denmark) - 2019-441-1581 (category Article 34 GDPR)persons pursuant to Article 34(1) GDPR. The Danish DPA found that Intervare did not go through with a proper assessment pursuant to Article 34(1), as it had24 KB (3,365 words) - 16:37, 6 December 2023
- BVwG - W211 2222613-2/12E (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- GDPR, Article 9 GDPR, Article 10 GDPR, Article 30 GDPR and Article 34 GDPR, as well as the provision of the PDPA governing processing of personal data10 KB (1,440 words) - 08:54, 17 January 2020
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)processed on the basis of Article 6(1)(c) GDPR does not have the rights to erasure and objection contained in Article 17 and Article 21 GDPR respectively. This29 KB (4,605 words) - 17:00, 15 December 2021
- HDPA (Greece) - 6/2020 (category Article 58(2)(b) GDPR)conferred on it by the provisions of Article 58 of the GDPR and Article 15 of Law 4624/2019. 2. As Article 5 of the GDPR defines the processing principles29 KB (4,557 words) - 15:33, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 918/154/2019 (category Article 58(2)(c) GDPR)longer of importance to society. As a result, and in accordance with Article 58(2)(c) GDPR, the DPA ordered the controller to comply with the data subject's26 KB (4,072 words) - 12:18, 27 March 2024
- HDPA (Greece) - 33/2020 (category Article 4(7) GDPR)presenting the principles of data processing of Article 5(1) GDPR, underlined that, based on Article 5(2) GDPR, it is the data processor's responsibility to20 KB (2,270 words) - 15:37, 6 December 2023
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(a) GDPR)Appeals Board assessed if a fine could be imposed as per Article 83(5) GDPR, cf. Article 83(2) GDPR, and in which case, how large it should be. The Board31 KB (5,018 words) - 18:44, 5 March 2022
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page82 KB (13,250 words) - 16:57, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9344061 (category Article 34 GDPR)under Article 34 GDPR. The Garante had to establish whether the INPS acted lawfully with regard to the communication obligation under Article 34 GDPR. In4 KB (428 words) - 15:48, 6 December 2023
- Datatilsynet (Denmark) - 2019-441-1578 (category Article 34 GDPR)persons pursuant to Article 34(1) GDPR. The Danish DPA found that Nemlig did not go through with a proper assessment pursuant to Article 34(1), as it had not21 KB (2,901 words) - 16:37, 6 December 2023
- NAIH (Hungary) - NAIH/2020/34/3 (category Article 12(2) GDPR)Protection Regulation (Article 83 (2) (e) of the General Data Protection Regulation). circumstances within the meaning of Article 2 (2) (b), (f), (g), (h)48 KB (7,727 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS/00251/2020 (category Article 37(1)(b) GDPR)a data protection officer in violation of Article 37(1)(b) GDPR in conjunction with Articles 34(1)(ñ) and 34(3) LOPDGDD. Conseguridad SL (a private security15 KB (2,245 words) - 14:22, 13 December 2023
- Datatilsynet (Denmark) - 2020-442-8866 (category Article 34(1) GDPR)regulation [2]. Article 32, paragraph 1, and Article 33, para. 1. Below is a more detailed review of the case and a justification for the decision. 2. The competence20 KB (3,045 words) - 16:40, 6 December 2023
- Datatilsynet (Denmark) - 2020-441-4364 (category Article 34 GDPR)not complied with Article 32 (1) of the Data Protection Regulation. 1 and 2, Article 33, para. Article 34 (3) (d) 1 and 2, and Article 5, para. 1, letter33 KB (5,347 words) - 16:39, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.010.007 (category Article 34(1) GDPR)intention to infringe either article 5(1)( c) or article 34(1) of the GDPR. Legal framework 8.1. Pursuant to Article 5(1)(c) of the GDPR “Personal Data shall be:20 KB (3,082 words) - 13:42, 31 January 2024
- AEPD (Spain) - E/06179/2019 (category Article 34 GDPR)for a possible personal data breach affecting confidentiality, as per Article 32 GDPR. The decision is the consequence of the notification of a possible personal6 KB (386 words) - 13:40, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 12(2) GDPR)the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR. As a result, the DPA issued52 KB (7,936 words) - 22:32, 2 March 2024
- AEPD (Spain) - PS/00389/2019 (category Article 34 GDPR)and 34, violations all of which are typified in article 83.4.a). V The violation of articles 32, 33 and 34 of the RGPD are criminalized in Article 83.4(a)31 KB (4,819 words) - 14:34, 13 December 2023
- Helsingin hallinto-oikeus (Finland) - H6072/2021 (category Article 6(1)(f) GDPR)Iltalehti's article (url search result link 2) is "", which in itself tells about the escape of the applicant who is the subject of the article. The writings61 KB (9,876 words) - 21:38, 24 March 2024
- AEPD (Spain) - PS/00187/2020 (category Article 34 GDPR)as indicated in article 25.2 of the RGPD. In this sense, it is meant that the indeterminacy referred to in the article 25.2 of the GDPR refers to the default51 KB (7,770 words) - 14:08, 13 December 2023
- CNIL (France) - SAN-2020-018 (category Article 12 GDPR) (section Violation of the obligation to gather consent as prescribed by Article L. 34-5 of the Postal and Electronic Communication law:)to the criteria laid down by Article 83 paragraph 2 of the GDPR. With regard to the breach of Article L. 34-5 of the GDPR, the restricted committee considers69 KB (11,007 words) - 17:10, 6 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 5(2) GDPR)provisions of Article 5.1 of the AVG, but concerns the entire AVG. 31. The aforementioned follows from the merger of Article 5.2 of the AVG and Article 24.1 of35 KB (5,526 words) - 16:56, 12 December 2023
- UODO (Poland) - DKE.561.11.2020 (category Article 34(4) GDPR)57(1)(a), Article 83(1)-(2) and Article 83(6) in connection with Article 58(2)(e) and (i) of the Regulation of the European Parliament and of the Council46 KB (7,322 words) - 09:51, 17 November 2023
- Tietosuojavaltuutetun toimisto (Finland) - 60/171/2020 (category Article 34 GDPR)to the controller in accordance with Article 58 (2) (b) of the General Data Protection Regulation. The Article 34 notification by the controller did not8 KB (1,064 words) - 09:48, 17 November 2023
- OLG Stuttgart - 9 U 34/21 (category Article 82 GDPR)data breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal60 KB (10,254 words) - 11:22, 22 December 2021
- ICO (UK) - Chief Constable West Midlands Police (category Article 34(3) GDPR)Constable West Midlands Police (WMP), for violating Articles 34(3), 38(1)(3), 40 and 57(1)(2) of the UK Data Protection Act (DPA). ICO also recommended that18 KB (2,476 words) - 09:10, 14 May 2024
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments60 KB (9,713 words) - 13:07, 26 March 2024
- HDPA (Greece) - 36/2022 (category Article 34 GDPR)the Article 33 GDPR. The DPA also ordered the controller to communicate the data breach to the affected data subjects pursuant to Article 34 GDPR. The11 KB (1,522 words) - 09:35, 13 September 2022
- AEPD (Spain) - PS/00417/2019 (category Article 37 GDPR)DPO as per Article 37 GDPR and 34(1) LOPDGDD, as well as in relation to the need of registering such appointment at the AEPD website [Article 34(3) LOPDGDD]16 KB (2,298 words) - 14:36, 13 December 2023
- UODO (Poland) - DKN.5101.25.2020 (category Article 32(2) GDPR)office in G. Article. 5 sec. 1 lit. f, art. 24 sec. 1, art. 25 sec. 1, art. 32 sec. 1 lit. d, art. 32 sec. 2, art. 33 paragraph. 1 and art. 34 sec. 1 Regulation63 KB (10,088 words) - 09:52, 17 November 2023
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(2) GDPR)protection incident by the general under Article 34 of the Data Protection Regulation. According to Article 34 (1) of the General Data Protection Regulation67 KB (10,492 words) - 10:11, 17 November 2023
- APD/GBA (Belgium) - 05/2021 (category Article 5(2) GDPR)of 25,000 euros (Article 83, paragraph 2 GDPR; Article 100, §1, 13 ° WOG and Article 101 WOG). 18 55. Taking into account article 83 GDPR and the case law60 KB (9,281 words) - 16:50, 12 December 2023
- CNIL (France) - SAN-2021-020 (category Article 34 GDPR) (section On the failure to comply with Article 34 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- DSB (Austria) - 2021-0.586.257 (category Article 4(2) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- HDPA (Greece) - 35/2023 (category Article 34(1) GDPR)subject ,2 in order to decide whether notification is also required for this according to article 34 of the GDPR, while par. 5 of article 33 of the GDPR explicitly52 KB (8,460 words) - 10:54, 10 January 2024
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)individuals complies with Article 14 of the GDPR. 2 On breaches in connection with the exercise of rights 28. Under Article 12 of the GDPR: "1. The controller48 KB (7,525 words) - 17:02, 6 December 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)Sections 1004 analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could be39 KB (6,362 words) - 14:01, 22 June 2023
- AEPD (Spain) - EXP202104006 (category Article 34 GDPR)contemplated in article 83.2 of the RGPD and the article 76.2 of the LOPDGDD, with respect to the infraction committed by violating the established in article 5.131 KB (4,578 words) - 12:11, 6 March 2024
- OGH - 6Ob35/21x (category Article 4(1) GDPR)constitute personal data under Article 4(1) GDPR? If so, do they qualify as special categories of personal data under Article 9 GDPR? Is the defendant obliged27 KB (4,090 words) - 09:54, 10 September 2021
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 46(2)(c) GDPR)(VWA ./05, see point II.2), the XXXX (VWA ./06, see point II.2) and a certificate of representation (VWA ./07, see point II.2). I.2. As a result, the BA continued158 KB (26,392 words) - 08:25, 7 June 2023
- UODO (Poland) - DKN.5130.1354.2020 (category Article 32(2) GDPR)expressed in Article 5 (1 ) (a)) f, and reflected in the obligations set out in Article 24 (1), Article 25 (1), Article 32 (1 ) (b ) and (d) and Article 32 (2)74 KB (11,513 words) - 09:58, 17 November 2023
- AEPD (Spain) - PS/00326/2020 (category Article 37(1)(a) GDPR)obligation imposed on public authorities under Article 37(1) GDPR. This obligation is also within Article 34(1) and (3) of the Spanish data protection law14 KB (1,992 words) - 14:29, 13 December 2023
- HDPA (Greece) - 55/2021 (category Article 34 GDPR)measures to security of processing, in accordance with Article 32 GDPR, in connection with Article 24 GDPR, as the controller did not take into account the risks65 KB (10,533 words) - 10:28, 27 January 2022
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)..................... .14 2.2.1 Applicable regulations, etc. ................................................... ...14 2.2.2 The Privacy Protection Authority's131 KB (14,752 words) - 08:36, 5 July 2023
- RvS - 201901006/1/A2 (category Article 79 GDPR)ECLI:NL:HR:2019:376, paragraph 4.2.2, of 28 May 2019, ECLI:NL:HR:2019:793, paragraph 2.4.5, and of 19 July 2019, ECLI:NL:HR:2019:1278, paragraph 2.13.2). 33. The Section34 KB (5,179 words) - 07:10, 7 April 2020
- AP (The Netherlands) - 23.09.2021 (category Article 32(2) GDPR)which led to a (sensitive) data breach, in violation of Article 32(1) and Article 32(2) GDPR In Oktober 2019, a malicious third party gained unauthorized66 KB (8,861 words) - 17:08, 12 December 2023
- LAG Baden-Württemberg - Sa 11/18 (category Article 15 GDPR)freedoms of other persons according to Art. 15 (4) GDPR (Gola GDPR/Franck, 2nd ed. 2018, GDPR Art. 15 Rn. 33, 34). It is argued that this restriction is not only18 KB (2,724 words) - 08:24, 14 March 2022
- Court of Appeal of Brussels - 2022/AR/556 (category Article 9(2)(i) GDPR)protection. /Article 6.1 c) Ju in combination with Article 6.3 of the GDPR. b) Violation of Articles 5.1.a}, 12.1, 13.lc}, 13.2.a}, 13.2.d}, and 13.2.e}, for83 KB (13,694 words) - 09:53, 14 December 2023
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)ECLI:NL:HR:2019:376, paragraph 4.2.2, of 28 May 2019, ECLI:NL:HR:2019:793, paragraph 2.4.5, and of 19 July 2019, ECLI:NL:HR:2019:1278, paragraph 2.13.2). 40. The Section37 KB (5,721 words) - 12:41, 16 September 2021
- AEPD (Spain) - PS/00026/2021 (category Article 21 GDPR)processor, Vamavi Phone SL, had violated Article 48(1) LGT, Article 21 GDPR in link with Article 23 LOPDGDD and Article 28 GDPR by making a commercial call on behalf33 KB (5,185 words) - 13:48, 13 December 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)information in accordance with Art. 15 (1) half-sentence 2 GDPR. According to Art. 4 No. 2 GDPR, processing also includes in particular the collection,32 KB (5,093 words) - 16:07, 11 September 2022
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 12(5) GDPR)respecting the time limits as set out to in Article 12(5) of the GDPR and Article 35(2) of the Dutch GDPR Implementation Act? According to the court, the34 KB (5,811 words) - 09:44, 8 December 2020
- AEPD (Spain) - PS/00257/2020 (category Article 37 GDPR)for more than two years after the entry into force of the GDPR. This breached Article 37 GDPR. Ayuntamiento de Arroyomolinos was found lacking a Data Protection18 KB (2,737 words) - 14:23, 13 December 2023
- UODO (Poland) - DKE.561.2.2020 (category Article 58(1)(e) GDPR)Procedure (Journal of Laws of 2020, item 256) and Article 7(1) and (2), Article 60, Article 101, Article 103 of the Act on the Protection of Personal Data27 KB (4,390 words) - 09:50, 17 November 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- Datatilsynet (Denmark) - 2020-432-0037 (category Article 28(3) GDPR)manual and human processing errors. 5.6. Article 34 of the Data Protection Regulation It follows from Article 34 (1) of the Regulation 1, that when a breach46 KB (7,343 words) - 16:39, 6 December 2023
- APD/GBA (Belgium) - 53/2020 (category Article 25(2) GDPR)been taken up again at Article 5.1(b) of the GDPR under the Principles for the Processing of Personal Data (Chapter II). 16. Article 5.1(b) of the GDMP provides35 KB (5,853 words) - 16:58, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 5(2) GDPR)reasons the Italian DPA, with the power conferred by Article 58(2)(d) and (f) and Article 83(3) and (5) GDPR, imposed to Fastweb multiple corrective measures131 KB (21,014 words) - 15:55, 6 December 2023
- TGI Paris - N° 14/07224 (category Article 5(1)(d) GDPR)clauses n ° 1 and n ° 2 regarding - articles 6/2 ° and 32 / I / 2 ° & 5 ° of the Data Protection Act for all contracts, - Article L.111-2 of the Consumer Code392 KB (67,730 words) - 15:27, 17 March 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(2) GDPR)Protection Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and48 KB (7,442 words) - 10:24, 12 September 2022
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read131 KB (22,429 words) - 16:57, 12 December 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)11, 148, 150, and Article 5, Chapter IV and Article 83. 4 2.8 Chapter IV, Section 2 addresses security of personal data. Article 32 GDPR provides: 1. Taking130 KB (21,195 words) - 13:52, 25 April 2021
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)resulting from Article L. 34-5 of the CPCE and Article 7-1 of the GDPR. B. On the breaches relating to the exercise of rights 27. According to Article 12 of the59 KB (9,623 words) - 17:03, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 13(2)(a) GDPR)mandatory by article 13.2.a) of the GDPR. 2.2 Regarding the exercise of their rights by the persons concerned 67 53. In the context of objective 2, the head82 KB (11,472 words) - 16:58, 6 December 2023
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)breach of Article 13 (2) of the GDPR. 43. Consequently, the restricted panel considers that the company has committed a breach of Article 13 of the GDPR. It56 KB (8,757 words) - 14:12, 28 February 2024
- AEPD (Spain) - PS/00273/2020 (category Article 17 GDPR)DPA (AEPD) imposed a €1000 fine on a beauty salon for breaching Article 17 GDPR and Article 21 LSSI. The salon sent a marketing SMS to a client months after15 KB (2,337 words) - 14:24, 13 December 2023
- AEPD (Spain) - TD/00262/2019 (category Article 17 GDPR)exercised by a complainant pursuant to Article 17 GDPR and analysed the exercise of the rights under Articles 15-22 GDPR. On 15 February 2019, Mrs A.A.A. (hereinafter17 KB (2,751 words) - 14:51, 13 December 2023
- Datatilsynet (Norway) - 20/02291 (category Article 5(2) GDPR)patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital45 KB (6,645 words) - 14:40, 28 March 2022
- BVwG (Austria) - W211 2268942-1 (category Article 55(3) GDPR)interpretation of Article 55(3) GDPR would not cover this as judicial activity. Therefore, the complaint is not admissible in accordance with Article 130 Paragraph75 KB (12,118 words) - 15:46, 14 February 2024
- AEPD (Spain) - PS/00149/2020 (category Article 6 GDPR)unsolicited commercial emails without a legal basis, connected to Article 6 of the GDPR—, as the defendant agreed to an early and guilty voluntary payment19 KB (2,795 words) - 14:06, 13 December 2023
- consent banner violated Article 22.2 of the Spanish Law on Services of the Information Society and Electronic Commerce (Ley 34/2002, de 11 de julio, de45 KB (7,313 words) - 10:32, 13 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))pursuant to Article 17(2) DPA Act. 9. Moreover, as regards the one-stop-shop mechanism, Article 56 GDPR states: "Without prejudice to Article 55, the supervisory429 KB (58,279 words) - 09:12, 2 November 2022
- Recitals GDPR (section Recitals from the GDPR)data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the182 KB (24,065 words) - 13:40, 9 July 2021
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(1) GDPR)Protection Act) § 22. The provisions of Articles 13(1) to (3), Article 14(1), Article 15 and Article 34 of the Data Protection Regulation shall not apply if the26 KB (3,820 words) - 16:22, 6 December 2023
- AEPD (Spain) - PS/00329/2020 (category Article 37 GDPR)having appointed a data protection officer, thus breaching Article 37 GDPR. After the GDPR came into force, the Burgos city Council did not appoint a DPO13 KB (2,002 words) - 14:29, 13 December 2023
- NAIH (Hungary) - NAIH/2020/3479 (category Article 5(1)(d) GDPR)under this Article. Article 11 (2) In the cases referred to in paragraphs 15 to 22, the controller shall exercise their rights under Article may not refuse30 KB (4,563 words) - 10:12, 17 November 2023
- Rb. Rotterdam - C/10/576074/HA RK 19-694 (category Article 15(3) GDPR)the documents or files containing their personal data under Article 15(3) GDPR and Article 12 of the ePrivacy Directive. However, there is a right to a15 KB (2,504 words) - 16:27, 10 March 2022
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)infringement of Article 5.1 c) AVG has been proven. f)Transparent information (Article 5.1(a); Article 12.1. and Article 13.1. and 13.2. AVG) 43.The complainant48 KB (7,926 words) - 16:56, 12 December 2023