Search results
From GDPRhub
- ANSPDCP (Romania) - Fine against Telekom Romania Communications (category Article 58(2)(d) GDPR)according to Article 58(2)(d). Share blogs or news articles here! The decision below is a machine translation of the Romanian original. Please refer to the4 KB (456 words) - 15:18, 13 December 2023
- ANSPDCP (Romania) - Fine against Proleasing Motors SRL (category Article 58(2)(d) GDPR)Romanian DPA (ANSPDCP) fined leasing company €15,000 for violation of Article 32(1) and (2) GDPR after investigating a data breach reported by the company, where6 KB (732 words) - 15:17, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6609/163/19 (category Article 58(2)(d) GDPR)enshrined in Article 5(1)(c) GDPR. The Finish DPA further ordered the controller to bring its processing activities into compliance under Article 58(2)(d) GDPR13 KB (1,873 words) - 13:06, 3 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 3425/157/2019, 3578/157/2019, 3846/157/2019, 3871/157/2019, 3891/152/2019, 3918/157/2019, 4338/157/2019, 4666/154/2019, 5973/157/2019, 6773/157/2019 ja 7022/157/2019 (category Article 58(2)(d) GDPR)subjects had not suffered any financial harm. Furthermore, as per Article 58(2)(c) and (d) GDPR, the DPA ordered the controller to comply with the data subjects’4 KB (359 words) - 13:03, 3 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 1011/161/22 (category Article 58(2)(d) GDPR)reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA also ordered the controller to erase the15 KB (2,137 words) - 20:18, 27 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 8205/154/18 (category Article 58(2)(d) GDPR)processing operations in line with the provisions of the GDPR in accordance with Article 58 (2) (d). Share blogs or news articles here! The decision below12 KB (1,810 words) - 13:07, 3 March 2024
- BAC (Bulgaria) - 2606/2021 (category Article 58(2)(d) GDPR)CPDP issued NRA an order under Article 58(2)(d) supra Article 57(1)(a) and Article 83(2)(a), (c), (d), (f) and (g) of the GDPR for undertaking suitable technical13 KB (1,761 words) - 09:58, 14 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 128/182/19 (category Article 58(2)(d) GDPR)considered appropriate in accordance with Article 31(1)(b) GDPR and Article 32(2) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA ordered the controller to identify17 KB (2,339 words) - 13:39, 12 January 2024
- Tietosuojavaltuutetun toimisto (Finland) - 6629/163/21 (category Article 58(2)(d) GDPR)reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA also ordered the controller to bring its21 KB (3,204 words) - 13:37, 12 January 2024
- Tietosuojavaltuutetun toimisto (Finland) - 9885/157/19 (category Article 58(2)(d) GDPR)subject's rights, such as the right to object according to Article 21 GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA ordered the controller to ensure that data21 KB (3,097 words) - 13:40, 12 January 2024
- DPC (Ireland) - Inquiry into Airbnb Ireland UC - 28 September 2023 (category Article 58(2)(d) GDPR)infringements of Article 5(1)(c), Article 5(1)(e) and Article 6(1)(f) the DPC issued a reprimand to Airbnb pursuant to Article 58(2)(b) of the GDPR. In addition17 KB (2,411 words) - 09:25, 27 November 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/29/2020 (category Article 58(2)(d) GDPR)violated Article 5(1)(c) GDPR, Article 25(2) GDPR and Section 29(4) of the Finnish Data Protection Act. As a result, and in accordance with Article 58(2)(d)25 KB (3,651 words) - 09:37, 3 April 2024
- AEPD (Spain) - PS/00322/2020 (category Article 58(2)(d) GDPR)the GDPR, pursuant to Articles 58(2)(b) and (d) respectively. For the violation of Article 5(1)(f), it issued a fine of €10000, pursuant to Article 58(2)(i)26 KB (3,840 words) - 14:28, 13 December 2023
- NAIH (Hungary) - NAIH/2020/2000/5 (category Article 58(2)(d) GDPR)by the above Registry, (1) and (2) and Article 13.II.The Authority instructs the Obliged Pursuant to Article 58 (2) (d) of the General Data Protection24 KB (3,815 words) - 10:11, 17 November 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 4) (category Article 58(2)(d) GDPR)notified in accordance with the data protection regulation, article 58, subsection 2, letter d. Failure to comply with an order can - unless a higher penalty25 KB (3,660 words) - 08:42, 14 September 2022
- Tietosuojavaltuutetun toimisto (Finland) - TSV/224/2023 (category Article 58(2)(d) GDPR)violated Article 5(1)(c) GDPR, Article 5(1)(e) GDPR, Article 12(2) GDPR, Article 12(6) GDPR and Article 25(2) GDPR. In accordance with Article 58(2)(c) GDPR31 KB (4,693 words) - 11:50, 6 March 2024
- AKI (Estonia) - 2.1.-1/22/1396 (category Article 58(2)(d) GDPR)RESOLUTION Article 56 (1) and (2) point 8, § 58 (1) of the Personal Data Protection Act (hereafter IKS) and Article 58 (1) point d and (2) points d, e and34 KB (5,305 words) - 08:40, 29 June 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8040/163/2019 (category Article 58(2)(d) GDPR)Art 4 (11) GDPR. In accordance with Art 58(2)(d), the Finnish DPA instructs the controller to align its process to obtain consent with the GDPR provisions29 KB (4,610 words) - 13:07, 3 March 2024
- Datatilsynet (Norway) - 21/02873 (category Article 12(2) GDPR)In an Article 60 GDPR procedure, the Norwegian DPA ordered an HR-services provider, pursuant to Article 58(2)(d) GDPR, to provide the data subject with13 KB (1,583 words) - 16:20, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 58(2)(d) GDPR)minimisation, pursuant to Article 58(2)(d). The Garante also fined the company €20000 for its breach of Articles 5(1)(a) and (c) GDPR. In determining the amount33 KB (5,342 words) - 15:52, 6 December 2023
- AEPD (Spain) - EXP202105669 (category Article 58(2)(d) GDPR)regulated in article 32 of the GDPR, which regulates the security of the treatment. IV. Article 5.1.f) of the GDPR Article 5.1.f) of the GDPR establishes45 KB (6,998 words) - 12:58, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9446730 (category Article 58(2)(d) GDPR)circumstances of the specific case (art. 58, par. 2, letter i) Regulation). 4. Order for an injunction. Pursuant to art. 58(2)(i) of the Regulation and art. 166(3)34 KB (5,420 words) - 15:51, 6 December 2023
- DSB (Austria) - D130.206/0006-DSB/2019 (category Article 58(2)(d) GDPR)in line with Article 13 GDPR. On the DSB's request, the controller declared R*** Hotels GmbH as its representative under Article 27 GDPR and sent a reply40 KB (6,007 words) - 13:59, 12 May 2023
- AEPD (Spain) - PS/00029/2020 (category Article 58(2)(d) GDPR)under Article 58(2)(b) GDPR. The Authority ordered the Health Service to carry out a DPIA and bring its processing operations in line with the GDPR within44 KB (6,943 words) - 13:49, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4431/161/21 (category Article 58(2)(d) GDPR)to the controller in accordance with Article 58(2)(b) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA also ordered the controller to comply with the principles54 KB (8,279 words) - 13:53, 21 March 2024
- Personvernnemnda (Norway) - 2022-13 (21/00481) (category Article 58(2)(d) GDPR)controller) about €352,555 (NOK 4,000,000) for violating Article 5(1)(f) GDPR, Article 24 GDPR and Article 32 GDPR after a serious ransomware attack led to highly45 KB (6,913 words) - 12:13, 15 March 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4282/161/21 (category Article 58(2)(d) GDPR)controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result, the DPA issued56 KB (8,980 words) - 08:47, 4 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 3831/161/21 (category Article 58(2)(d) GDPR)reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA also ordered the controller to define61 KB (9,477 words) - 13:38, 12 January 2024
- AEPD (Spain) - PS/00201/2019 (category Article 58(2)(d) GDPR)The AEPD then issued the MCP with a warning under Article 83(5)(b) and pursuant to Article 58(2)(d) ordered the MCP to adapt its information provision54 KB (9,019 words) - 14:10, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9435807 (category Article 58(2)(d) GDPR)constituted a violation of Articles 123(2) and 132-ter of the Italian Privacy Code. Applying Articles 58(2)(d) and (2)(i), the Garante ordered Iliad to adapt58 KB (9,448 words) - 15:50, 6 December 2023
- AEPD (Spain) - PS/00025/2019 (category Article 58(2)(d) GDPR)third parties (article 83.2.k, of the RGPD in relationwith article 76.2.b, of the LOPDGDD)SAWIn accordance with articles 58.2 and 83.2 of the RGPD, previously88 KB (14,301 words) - 13:48, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3021/452/2017 (category Article 58(2) GDPR) (section Application of Articles 12 and 15 GDPR to call records)(2016/679) Article 5 (1) (a), Article 12 (1), (2) and (6) , Article 13, Article 15 (1) (h), (3) and (4), Article 58 (2) (c) and (d) subparagraphs Article 34 (1)41 KB (6,220 words) - 09:48, 17 November 2023
- HDPA (Greece) - 44/2019 (category Article 58(2)(d) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9435753 (category Article 58(2)(d) GDPR)Company itself, pursuant to Article 58, paragraph 2, letter i), of the Regulation, Article 166, paragraph 7, of the Code and Article 18 of Law no. 689/1981129 KB (21,020 words) - 15:49, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 58(2)(d) GDPR)reasons the Italian DPA, with the power conferred by Article 58(2)(d) and (f) and Article 83(3) and (5) GDPR, imposed to Fastweb multiple corrective measures131 KB (21,014 words) - 15:55, 6 December 2023
- Persónuvernd (Island) - 2022020363 (category Article 58(2)(d) GDPR)administrative fine in the amount of 2,000,000 ISK on the controller under Article 83(2)(a) GDPR and Article 83(2)(g) GDPR. This is just one of five decisions142 KB (22,881 words) - 12:42, 16 January 2024
- AEPD (Spain) - EXP202211775 (category Article 6(1) GDPR)homeowner’s association. The DPA fined the controller $300 under Article 58(2)(d) GDPR and ordered that the cameras be removed or reoriented so that they2 KB (174 words) - 12:40, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3846/157/2019 (category Article 17 GDPR)with Article 58 section 2 C, the DPA ordered the controller to delete the data subject’s data in accordance with Article 17 GDPR. Pursuant to Article 58(2)(d)4 KB (424 words) - 13:05, 3 March 2024
- ANSPDCP (Romania) - 24.04.2023 (category Article 12(3) GDPR)violated Article 12(3) and Article 21 GDPR by not respecting the data subject's objection. Based on its powers pursuant to Article 58(2)(i) GDPR, the DPA6 KB (707 words) - 15:15, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9518890 (category Article 5(1)(a) GDPR)context of employment as per Article 88 GDPR. For these reasons, the Garante: - With the power conferred by Article 58(2)(i) GDPR, imposed a fine of €20,0004 KB (460 words) - 15:53, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 1198/161/2022 (category Article 9(2)(a) GDPR)within the meaning of Article 4(15) GDPR and Article 9(1) GDPR. Processing of sensitive data requires a legal basis under Article 9(2) GDPR. In the present case13 KB (1,847 words) - 15:52, 11 December 2023
- IDPC (Malta) - EDPBI:MT:OSS:D:2022:341 (category Article 58(2)(d) GDPR)access request (Article 15 GDPR). Therefore, the controller violated Article 12(2) GDPR. The DPA reprimanded the controller (Article 58(2)(b) GDPR) and ordered8 KB (958 words) - 13:00, 9 November 2022
- AZOP (Croatia) - Decision 04-07-2022 (category Article 58(1) GDPR)space. The DPA found a violation of Article 6(1) GDPR and ordered the controller, pursuant to Article 58(2)(d) GDPR, to adjust the location of the cameras14 KB (2,038 words) - 15:20, 30 October 2023
- ANSPDCP (Romania) - Fine against LORIS FUEL SHOP SRL (category Article 58(2)(d) GDPR)instruction to ensure compliance with the GDPR, the ANSPDCP did not explicitly refer to Article 58(2)(d) GDPR but it can be assumed that the instruction5 KB (572 words) - 14:37, 18 May 2022
- ANSPDCP (Romania) - 31.01.2024 (category Article 58(2)(d) GDPR)investigation, in accordance with Article 58(2)(d) GDPR, the DPA also imposed on the controller the corrective measure to provide and communicate all the7 KB (830 words) - 16:14, 14 February 2024
- ANSPDCP (Romania) - Compania Națională Poșta Română SA (category Article 58(2)(d) GDPR)provisions of Article 32(1)(b) GDPR and Article 32(2) GDPR. The DPA fined the processor €2,000 for this data breach. Under the Article 58(2)(d) GDPR it was decided8 KB (948 words) - 16:44, 15 November 2022
- DPC - Tusla Child and Family Agency (category Article 58(2)(d) GDPR)compliance with Article 32(1) and issued reprimands in respect of the infringements, pursuant to Articles 58(2)(b), (d), and (i) GDPR respectively. Procedure6 KB (761 words) - 21:06, 24 February 2021
- AEPD (Spain) - PS-00563-2022 (category Article 58(2)(d) GDPR)that a fine of €2,000 be set for the infringement of Article 13 GDPR as defined in Article 83(5) GDPR. Pursuant to Article 58(2)(d) GDPR the Spanish DPA8 KB (1,017 words) - 09:54, 18 January 2024
- ANSPDCP (Romania) - Asociația de Proprietari Aviației Park (category Article 58(2)(d) GDPR)which the data are processed. At the same time, pursuant to art. 58 para. (2) lit. d) from the RGPD, the following corrective measures were ordered against9 KB (1,206 words) - 13:59, 4 September 2022
- CNIL (France) - 2c1s196162814 (category Article 58(2)(d) GDPR)personal data. The DPA also issued a formal notice pursuant of Article 58(2)(d) GDPR and Article 20.II of the French Data Protection Act to limit the retention13 KB (1,877 words) - 12:06, 4 January 2023
- Datatilsynet (Denmark) - 2021-432-0056 (category Article 58(2)(d) GDPR)freedoms that could not be mitigated, and referred to Article 36(1) GDPR and Article 36(2) GDPR. The DPA ordered the municipality to: Change the data processing16 KB (2,135 words) - 16:52, 14 September 2022
- ВАС - 6307/27.06.2022 (category Article 58(2)(d) GDPR)violation of Article 32 GDPR since the controller did not implement the measures necessary to prevent such disclosure. Under Article 58 (2)(d) GDPR, Speedy19 KB (2,875 words) - 10:08, 22 November 2022
- Datatilsynet (Denmark) - 2020-442-8862 (category Article 58(2)(d) GDPR)to Article 58(2)(a) and ordered the controller to bring its processing operations into compliance with the GDPR, pursuant to Article 58(2)(d) GDPR. Share24 KB (3,735 words) - 17:29, 23 February 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6745/163/18 (category Article 58(2)(d) GDPR)Finnish DPA therefore instructed the controller in accordance with Article 58(2)(d) GDPR to bring the processing operations in line with the rules on the26 KB (4,068 words) - 14:27, 24 February 2022
- Datatilsynet (Denmark) - 2021-31-4871 (category Article 58(2)(d) GDPR)6(1)(a) GDPR and 4(11) GDPR. Therefore, the controller violated Articles 5(2) and 5(1)(a) GDPR. The DPA ordered the controller, pursuant to Article 58(2)(d)29 KB (4,447 words) - 16:32, 3 November 2023
- IDPC (Malta) - CDP/IMI/LSA/17/2022 (category Article 12(1) GDPR)In an Article 60 GDPR procedure, the DPA of Malta reprimanded a controller (Article 58(2)(b) GDPR) for requesting the data subject to sign an agreement7 KB (825 words) - 13:19, 9 November 2022
- Datatilsynet (Denmark) - 2021-31-5553 (category Article 58(2)(d) GDPR)6(1)(a) GDPR and 4(11) GDPR and did therefore violate Articles 5(2) and 5(1)(a) GDPR. The DPA ordered the controller pursuant to Article 58(2)(d) GDPR to ensure32 KB (4,997 words) - 14:09, 22 February 2023
- Datatilsynet (Norway) - 20/02144 (category Article 58(2)(d) GDPR)32(2) GDPR for insufficient risk assessment of security measures in the MyPostNord service, and ordered the controller, pursuant to Article 58(2)(d) GDPR38 KB (5,449 words) - 14:08, 18 January 2023
- IMY (Sweden) - DI-2020-10696 (category Article 58(2)(d) GDPR)erasure request pursuant of Article 58(2)(d) GDPR. Also, the DPA ordered the controller pursuant of Article 58(2)(d) GDPR to provide the data subject information57 KB (6,743 words) - 13:54, 1 February 2023
- Datatilsynet (Denmark) - 2021-432-0063 (category Article 58(2)(d) GDPR)cf. Article 35 of the Data Protection Regulation. The order is announced in accordance with the data protection regulation, article 58, subsection 2, letter35 KB (5,141 words) - 14:34, 28 September 2022
- Datatilsynet (Norway) - 21/02293 (category Article 58(2)(d) GDPR)data protection regulation article 6 no. 1 letter f. 2. Pursuant to the Personal Protection Regulation article 58 no. 2 letter d, Recover AS is ordered to39 KB (5,691 words) - 08:12, 14 September 2022
- Garante per la protezione dei dati personali (Italy) - 9880317 (category Article 58(2)(d) GDPR)6(1)(a) GDPR. The Italian DPA ordered the controller to erase personal data and stop the processing pursuant to Article 58(2)(d) and (f) GDPR. The DPA40 KB (6,513 words) - 13:47, 3 May 2023
- AEPD (Spain) - PS-00371-2021 (category Article 58(2)(d) GDPR)according to Article 83(4)(a) GDPR. However, the AEPD imposed no fines in either of the two violations. Instead, according to Article 58(2)(d) GDPR, the AEPD46 KB (7,141 words) - 13:00, 18 January 2024
- Garante per la protezione dei dati personali (Italy) - 9592011 (category Article 58(2)(d) GDPR)Pursuant to Article 58(2)(d) of the GDPR, the DPA ordered Associazione Rousseau to comply with the provisions of Article 28(3)(g) of the GDPR by ensuring40 KB (6,510 words) - 16:53, 26 May 2022
- Garante per la protezione dei dati personali (Italy) - 9838992 (category Article 58(2)(d) GDPR)to Articles 114 and 157 of the Privacy Code. Pursuant to Article 58(2)(i) GDPR and 83 GDPR, the DPA imposed an administrative fine of €6,000.00, and an order41 KB (6,437 words) - 12:47, 8 February 2023
- NAIH (Hungary) - NAIH-3734-15/2023 (category Article 58(2)(d) GDPR)violated Article 6 (1) point f) of the GDPR. (61) The Authority grants the Requester's request and, based on Article 58 (2) point d) of the GDPR, instructs48 KB (7,721 words) - 11:09, 10 January 2024
- DPC (Ireland) - Meta Platforms Ireland Limited (Facebook) - IN-18-5-5 (category Article 58 GDPR)of fairness pursuant to Article 5(1)(a) GDPR.” Summary of Envisaged Action The DPC made an order pursuant to Article 58(2)(d) GDPR, requiring Meta IE to21 KB (3,005 words) - 14:16, 1 February 2023
- Garante per la protezione dei dati personali (Italy) - 9668051 (category Article 58(2)(d) GDPR)third parties. In addition, through the authority identified in Article 58(2)(d) GDPR, the Italian DPA orders PagoPA S.p.A to adopt the appropriate technical54 KB (8,704 words) - 13:10, 23 June 2021
- DPC (Ireland) - Meta Platforms Ireland Limited (Instagram) - IN-18-5-7 (category Article 58 GDPR)of fairness pursuant to Article 5(1)(a) GDPR”. Summary of Envisaged Action The DPC made an order pursuant to Article 58(2)(d) GDPR, requiring Meta IE to21 KB (3,069 words) - 14:17, 1 February 2023
- Datatilsynet (Norway) - 23/00708 (category Article 58(2)(d) GDPR)per Article 57(1)(a) GDPR, Article 57(1)(h) GDPR, cf. Article 58(1)(a) GDPR, Article 58(1)(b) GDPR, Article 58(1)(e) GDPR and Article 58(1)(f) GDPR. The59 KB (8,718 words) - 14:50, 20 December 2023
- NAIH (Hungary) - NAIH-924-10/2021 (category Article 58(2)(d) GDPR)Applicant concerned infringes Article 12 (2) of the General Data Protection Regulation and Article 25 (2) and Article 58 (2) (d) of the General Data Protection56 KB (8,760 words) - 13:16, 25 August 2021
- NAIH (Hungary) - NAIH-2857-20/2021 (category Article 58(2)(d) GDPR)Union Article 58 of the General Data Protection Regulation in particular by alerting the controller or processor. In accordance with Article 58 (2) (d) of79 KB (12,495 words) - 11:03, 21 January 2022
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Garante per la protezione dei dati personali (Italy) - 9828901 (category Article 58(2)(d) GDPR)controller, pursuant to Article 58(2)(d) GDPR, ordering the controller to bring its processing activities in line with the GDPR. The DPA also imposed an91 KB (14,709 words) - 13:02, 14 December 2022
- BVwG - W214 2219800-3 (category Article 58(2)(d) GDPR)of the data subject ('storage limitation');'. Article 58(2)(d) of the GDPR reads: "Article 58 Powers (2) Each supervisory authority shall have all of the83 KB (13,846 words) - 09:39, 10 September 2021
- WSA Warsaw - II SA/Wa 2378/20 (category Article 58(2)(d) GDPR)found that the company violated Article 7 (3) GDPR, Article 12 (2) GDPR, Article 17 (1)(b)GDPR and Article 24 (1) GDPR, by failing to implement appropriate92 KB (15,312 words) - 09:57, 10 September 2021
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page82 KB (13,250 words) - 16:57, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9269629 (category Article 5(1)(f) GDPR)measures, as per Article 58(2)(d) GDPR, have been adopted, obliging the controller to complete implementation of relevant technical and organizational measures38 KB (5,724 words) - 15:47, 6 December 2023
- VG Köln - 13 L 1707/21 (category Article 58(2) GDPR)enforceable order against the Job Centre under Article 58(2)(d) GDPR to bring its processing into compliance with the GDPR and re-designate the dismissed DPO. The15 KB (2,273 words) - 15:58, 18 March 2022
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8492/163/20 (category Article 58(2)(d) GDPR)administrative penalty fee: 1) Article 5, Paragraph 1, subparagraphs d and a; 2) Article 13; 3) paragraph 3 of Article 12; and 4) Article 15(1). Viking Line Oy149 KB (24,224 words) - 12:20, 2 January 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- DVI (Latvia) - Nacionālajam veselības dienestam (category Article 24(1) GDPR)based on Article 3, paragraph 2, Article 5, paragraph 1 a), f) of GDPR subsection, Article 6(1), Article 9(2), Article 58(2)(d), GDPR Article 23 and Article22 KB (3,276 words) - 11:46, 26 July 2023
- AEPD (Spain) - PS/00003/2020 (category Article 5(1)(c) GDPR)to the complaint (Article 83 (2) (f) GDPR), not linking the activity of the offender to the processing of personal data (Article 76 (2) (b) LOPDGD), the50 KB (7,524 words) - 13:44, 13 December 2023
- Datatilsynet (Denmark) - 2023-431-0001 (category Article 58(2)(d) GDPR)breached Article 6(1)(e) GDPR and ordered all 53 municipalities to bring their processing in line with Article 5(1)(a) GDPR, Article 6(1) GDPR, by ensuring158 KB (25,068 words) - 12:28, 14 February 2024
- Datatilsynet (Denmark) - 2023-432-0016 (category Article 9(2)(a) GDPR)with Article 9(2)(a) GDPR and Article 6(1)(a) GDPR. Thus, the Danish DPA held that the processing was also not following the principles of Article 5(1)46 KB (7,192 words) - 12:37, 19 December 2023
- ANSPDCP (Romania) - Fine to Farmacia Ardealul SRL (category Article 32(1)(d) GDPR)of RON 12,424 (approximately €2,500). At the same time, the DPA imposed a corrective measure based on Article 58(2)(d) GDPR and ordered the controller to5 KB (572 words) - 09:37, 6 July 2023
- IP (Slovenia) - 07141-9/2023/10 (category Article 58(2) GDPR)deletion request of the data in question, breaching Article 17(1) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA ordered the controller to remedy the irregularities6 KB (553 words) - 14:57, 6 December 2023
- ANSPDCP (Romania) - Sanction against Tensa Art Design SA (category Article 21(3) GDPR)basis of Article 6(1)(e) GDPR - public interest - or the legal basis of Article 6(1)(f) GDPR - legitimate interest. Moreover, Article 21(3) GDPR specifically5 KB (621 words) - 13:51, 21 February 2023
- ANSPDCP (Romania) - Fine against Glove Technology SRL (category Article 58(1)(a) GDPR)GDPR. As result, the controller was fined approximately €5,000 (RON 24,745). Furthermore, using their powers laid down in Article 58(2)(d) GDPR , the DPA5 KB (668 words) - 09:34, 26 November 2021
- ANSPDCP (Romania) - 13.03.2023 (category Article 12 GDPR)9871 (approximately €2000) for these violations. In accordance with Article 58(2)(d) GDPR, the DPA also imposed corrective measures. First, the DPA ordered6 KB (786 words) - 12:38, 21 March 2023
- ANSPDCP (Romania) - Comunicat Presa 09 12 2022 (category Article 25 GDPR)data transmitted, stored or otherwise processed." As such, under Article 58(2)(d) GDPR, the controller was ordered to take into account the risk assessment7 KB (866 words) - 14:23, 21 December 2022
- DSB (Austria) - D130.1178 2023-0.631.894 (category Article 7(3) GDPR)the wording of Article 77(1) GDPR and from Article 58(2)(d) GDPR that national DPAs only have competence to take action with respect to GDPR violations that6 KB (787 words) - 16:19, 16 February 2024
- DPC (Ireland) - IN-20-8-1 (category Article 45 GDPR)with Chapter V of the GDPR. Therefore, it requested the Irish DPA to adopt against Meta an order pursuant to Article 58(2)(d) GDPR. The EDPB also established7 KB (952 words) - 10:22, 24 May 2023
- ANSPDCP (Romania) - 23.03.2023 (category Article 5(2) GDPR)9,798.6 (approximately €2000). In accordance with Article 58(2)(d) GDPR, the DPA also imposed corrective measures. First, it ordered the data controller8 KB (1,015 words) - 07:23, 5 April 2023
- APD/GBA (Belgium) - 24/2021 (category Article 35(2) GDPR)the basis of article 6.1 e) GDPR read together with articles 5.2 GDPR and 24.1 GDPR. 3) Violation of Articles 12.1, 12.6, 13.1 and 13.2 GDPR: the Inspection110 KB (18,238 words) - 16:56, 12 December 2023
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)before May 25, 2018. 2.2. Consent and the lawfulness of the processing (Article 4, point 11, Article 6 (1) in conjunction with Article 7 GDPR) 121. With regard113 KB (18,732 words) - 16:50, 12 December 2023
- ANSPDCP (Romania) - Fine against Asociația de Proprietari Aviației Park (category Article 5(2) GDPR)the DPA ordered the controller under Article 58(2)(d) GDPR to bring is processing into compliance with the GDPR by: reviewing and updating the technical9 KB (1,228 words) - 14:38, 22 June 2022