Search results

From GDPRhub
  • not relate to an identifiable person. The GDPR imposes an active duty on the controller to delete data. The controller may not wait for an action by the
    50 KB (6,285 words) - 14:57, 27 March 2024
  • protection of data subjects” as well as “providing an easily workable and accessible mechanism to ensure an unconditional possibility for data subjects to
    108 KB (17,005 words) - 15:39, 18 March 2024
  • country or to an international organisation if the third country or international organisation concerned does not or no longer offers an appropriate level
    46 KB (5,825 words) - 11:12, 7 November 2023
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors
    125 KB (16,328 words) - 16:01, 8 March 2024
  • Adherence to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element
    41 KB (5,187 words) - 12:57, 14 June 2023
  • information directly to them (e.g. in an attachment), linking to the resources on a website, or providing it as an answer to a natural language question
    76 KB (11,304 words) - 08:37, 4 March 2024
  • (abbreviated "AEPD") is the national Data Protection Authority for Spain. The AEPD is an independent public body in charge of enforcing the GDPR in Spain. Its head
    4 KB (386 words) - 15:29, 3 September 2021
  • during the period it takes to respond to an access request. The controller may not delete information to avoid an accurate response. As a matter of transparency
    73 KB (9,896 words) - 15:46, 18 March 2024
  • infringement. Where administrative fines are imposed on an undertaking, an undertaking should be understood to be an undertaking in accordance with Articles 101 and
    55 KB (7,622 words) - 14:04, 7 November 2023
  • can be provided in written or electronic form, as an annex to a contract, a hard-copy document or an online multilayered document. To avoid discrepancies
    71 KB (9,532 words) - 13:30, 6 March 2024
  • the photograph to be stored, as an example. Similarly, if there are no further labour law disputes with an employee, an employer no longer needs to store
    61 KB (8,488 words) - 15:47, 18 March 2024
  • as it is necessary to have an account too in order to access that data. Additionally, the app gives you the option of using an anonymous profile, and the
    44 KB (5,905 words) - 14:00, 24 October 2023
  • intervention to an indefinite number of natural persons. 3. An approved certification mechanism pursuant to Article 42 may be used as an element to demonstrate
    43 KB (4,675 words) - 06:43, 16 June 2023
  • conducted prior to a valid objection remains unaffected (with an ex-nunc effect). In the event of an objection from the data subject, the controller is required
    49 KB (5,993 words) - 06:22, 16 June 2023
  • members who are elected by Parliament for a seven-year term. The authority has an office in Rome with a staff currently numbering about 125 people. The Panel
    7 KB (808 words) - 08:17, 16 February 2023
  • processor to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element
    72 KB (9,140 words) - 13:12, 2 June 2023
  • matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a declaration which constitutes an infringement
    31 KB (3,489 words) - 16:00, 8 March 2024
  • breach”, where there is an unlawful or accidental disclosure of, or access to, personal data; an “integrity breach”, where there is an unlawful or accidental
    54 KB (6,536 words) - 08:22, 16 June 2023
  • in charge of enforcing GDPR in Belgium. The DPA consists of five bodies and an Executive Committee. The Executive Committee is composed of Director of the
    9 KB (993 words) - 07:10, 28 July 2022
  • third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred
    47 KB (5,644 words) - 17:49, 5 March 2024
  • proportionality plays an important role in determining whether a measure is appropriate. Thus, the cost-effectiveness of a measure can play an important part
    26 KB (2,953 words) - 07:57, 23 May 2023
  • in Article 4(24) GDPR stipulating that it is an objection to a draft decision as to “whether there is an infringement of this Regulation, or whether envisaged
    35 KB (4,017 words) - 16:04, 18 March 2024
  • the controller; (b) an assessment of the necessity and proportionality of the processing operations in relation to the purposes; (c) an assessment of the
    52 KB (7,297 words) - 08:05, 18 July 2023
  • not foresee an exception for “minimal violations” and there is no opening clause that would allow national law or case law to create such an exception.
    33 KB (4,215 words) - 09:57, 19 March 2024
  • regulations, guarantees and rights of the individual is therefore an important task of the SAs and also an effective means of raising the level of data protection
    58 KB (7,491 words) - 14:23, 21 December 2023
  • The first information usually is an acknowledgement of receipt and a notice that the case has been forwarded to an (alleged) lead LSA. Although there
    33 KB (3,641 words) - 09:51, 19 March 2024
  • the transfer of personal data to a third country or an international organisation in the absence of an adequacy decision and always 'on condition that enforceable
    34 KB (3,646 words) - 08:53, 27 March 2023
  • breach”, where there is an unauthorised or accidental disclosure of, or access to, personal data; an “integrity breach”, where there is an unauthorised or accidental
    37 KB (3,962 words) - 15:20, 16 June 2023
  • Recital 22: Processing Activities by an Establishment Any processing of personal data in the context of the activities of an establishment of a controller or
    31 KB (3,550 words) - 11:11, 29 November 2023
  • Decisions of the EDPB and Right to an Effective Judicial Remedy Any natural or legal person has the right to bring an action for annulment of decisions
    30 KB (3,874 words) - 10:46, 7 December 2023
  • obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing
    31 KB (3,327 words) - 15:31, 5 June 2023
  • The National Supervisory Authority for Personal Data Processing (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal) is the
    3 KB (270 words) - 08:26, 2 April 2021
  • protection of personal data. It was first established in 1997 and its role as an independent guardian of the protection of personal data in Greece is constitutionally
    24 KB (2,039 words) - 12:17, 29 February 2024
  • The Danish Data Protection Authority (Datatilsynet) is the national Data Protection Authority for Denmark. It resides in Copenhagen and is in charge of
    6 KB (605 words) - 14:08, 27 April 2021
  • of the presence of an establishment of the controller or processor in the Member State of which the SA informed it. The existence of an establishment in
    52 KB (7,153 words) - 18:48, 8 January 2024
  • officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner. Article
    43 KB (4,904 words) - 12:59, 21 July 2023
  • 2018 a party can appeal to the Tribunal for: a) an information notice, b) an assessment notice, c) an enforcement notice, d) a penalty notice and a e)
    18 KB (2,488 words) - 15:22, 14 December 2021
  • Article 45 - Transfers on the basis of an adequacy decision 1. A transfer of personal data to a third country or an international organisation may take place
    43 KB (5,641 words) - 14:58, 28 April 2022
  • designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society
    31 KB (4,768 words) - 06:24, 16 June 2023
  • data can be transferred to a third country or an international organisation without the existence of an adequate level of protection or the implementation
    21 KB (1,831 words) - 08:51, 27 March 2023
  • Recital 22: Processing Activities by an Establishment Any processing of personal data in the context of the activities of an establishment of a controller or
    37 KB (4,635 words) - 13:29, 24 October 2023
  • The Icelandic Data Protection Authority (Persónuvernd) is the national Data Protection Authority for Iceland. It resides in Reykjavík and is in charge
    2 KB (139 words) - 15:11, 1 December 2020
  • Commission may not compel an undertaking to provide it with answers which might involve an admission on its part of the existence of an infringement which it
    22 KB (2,042 words) - 14:29, 20 November 2023
  • of rights may apply, such as the preliminary results of an investigation, a decision opening an inquiry, etc.” Moreover, if special categories of personal
    44 KB (4,896 words) - 06:25, 16 June 2023
  • a third country or an international organisation. Member States should notify such provisions to the Commission. Any transfer to an international humanitarian
    29 KB (3,500 words) - 08:54, 27 March 2023
  • the Commission with an opinion on the certification requirements referred to in Article 43(8); (r) provide the Commission with an opinion on the icons
    27 KB (3,038 words) - 12:19, 11 October 2023
  • paragraphs 1 and 2, the Board shall issue an opinion on the matter submitted to it provided that it has not already issued an opinion on the same matter. That opinion
    23 KB (2,079 words) - 16:07, 2 November 2023
  • officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner. Article
    29 KB (2,951 words) - 14:19, 25 July 2023
  • particular whether there is an infringement of this Regulation. Recital 143: Action for Annulment of Decisions of the EDPB and Right to an Effective Judicial Remedy
    33 KB (4,185 words) - 16:09, 2 November 2023
  • CNIL was established in 1978 with the law "Informatique et Libertés". It is an independent administrative authority led by a college of 18 members and a
    8 KB (824 words) - 22:52, 27 February 2024
  • in particular, the transmission of relevant information on the conduct of an investigation. 3. Requests for assistance shall contain all the necessary
    24 KB (2,181 words) - 11:46, 15 January 2024
  • request an urgent opinion or an urgent binding decision from the EDPB where a CSA has not taken an appropriate measure in a situation where there is an urgent
    20 KB (1,590 words) - 16:11, 2 November 2023
  • they form the Sanctions Board, which imposes the fines set out in the GDPR. An independent Expert Board is also appointed by the government for three-year
    5 KB (492 words) - 18:09, 19 March 2024
  • procedure is whether the "advice" of the DPA is indeed merely an advice, or whether it can be seen as an approval on moving forward with the processing operation
    31 KB (3,646 words) - 08:51, 21 July 2023
  • connection, “an activity cannot be regarded as being purely personal or domestic where its purpose is to make the data collected accessible to an unrestricted
    34 KB (4,652 words) - 12:07, 12 November 2023
  • 'not-for-profit' must be given an autonomous meaning, its interpretation in this context should not be determined by Member State law. Essentially, an NPO must not pursue
    26 KB (2,575 words) - 15:50, 9 November 2023
  • of SAs extends to adequacy decisions adopted by the Commission. An SA is not bound by an adequacy decision adopted by the Commission under Article 45 GDPR
    47 KB (5,626 words) - 08:08, 25 October 2023
  • requires the joint controllers have an arrangement that clearly allocates the roles of each party. This is not an absolute rule. Where the responsibilities
    37 KB (3,915 words) - 12:49, 24 May 2023
  • Data Protection Authority (DPA) for Norway, headquartered in Oslo. The DPA is an independent body established in 1980, through the Act No. 48 of 9 June 1978
    10 KB (1,078 words) - 06:40, 26 March 2023
  • is in charge of enforcing GDPR in Slovenia. The Information Commissioner is an autonomous and independent body and it oversees personal data protection and
    10 KB (1,242 words) - 10:51, 6 February 2024
  • law must be subject to "control by an independent authority." Independent supervisory authorities are also considered an essential component of the right
    27 KB (2,604 words) - 14:24, 16 January 2024
  • the body, including whether it is an internal or external one. For example, an internal body could be in the form of an “ad hoc internal committee”, or another
    30 KB (2,720 words) - 14:02, 28 July 2023
  • activities of an establishment on SA's territory, affects data subjects on its territory, or where processing, by a controller or processor without an establishment
    38 KB (4,589 words) - 16:01, 18 March 2024
  • re-organisation of an SA. The provision's aim of establishing an exhaustive list of grounds for the termination of a member's mandate is an attempt to safeguard
    29 KB (2,894 words) - 14:45, 25 October 2023
  • The adherence of the processor to an approved code of conduct or an approved certification mechanism may be used as an element to demonstrate compliance
    13 KB (674 words) - 13:15, 2 June 2023
  • is no need to be represented by a lawyer an the procedure is rather informal and usually does not require an oral hearing. The filing fee is € 35. Applicants
    11 KB (1,468 words) - 13:27, 14 May 2023
  • personal data relating to him infringes the GDPR, he can submit an application for commencing an administrative procedure for data protection. The application
    7 KB (821 words) - 14:16, 7 March 2024
  • is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to
    28 KB (3,831 words) - 16:21, 14 March 2024
  • this Article which intend to prepare a code of conduct or to amend or extend an existing code shall submit the draft code, amendment or extension to the supervisory
    44 KB (5,008 words) - 14:50, 28 July 2023
  • example, a proportionate exemption will rightfully apply to an artistic photo meant for an exhibition, but not to the data of buyers that the art gallery
    33 KB (3,748 words) - 14:25, 7 November 2023
  • harmonisation, in an attempt to confront a melting pot of legal principles, which are near impossible to fully reconcile. Article 88(1) GDPR acts as an opening clause
    32 KB (3,228 words) - 13:32, 30 November 2023
  • According to Article 6(9) DMA, gatekeepers shall provide an end user and third parties authorised by an end user with effective portability of data provided
    40 KB (5,349 words) - 07:05, 1 June 2023
  • Article 71 - Reports 1. The Board shall draw up an annual report regarding the protection of natural persons with regard to processing in the Union and
    15 KB (1,196 words) - 08:15, 19 October 2023
  • or a specified sector within that third country, or an international organisation does not ensure an adequate level of protection, and imperative grounds
    17 KB (1,096 words) - 08:19, 19 October 2023
  • officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner. Article
    23 KB (2,165 words) - 15:10, 27 July 2023
  • authorised by Union law Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor
    14 KB (716 words) - 15:19, 28 April 2022
  • supervisory authority under Articles 57 and 58, certification bodies which have an appropriate level of expertise in relation to data protection shall, after
    22 KB (1,634 words) - 14:40, 28 July 2023
  • "right to rectification", addresses situations of inaccurate personal data with an additional right of the data subject that has a broader scope, but also requires
    23 KB (2,489 words) - 23:24, 6 March 2024
  • previously directly engaged with controllers in an "audit" procedure. The DPC now mentions the option to conduct an "inquiry" on their webpage, but highlights
    8 KB (1,034 words) - 14:13, 20 August 2021
  • to professional secrecy or an equivalent obligation of confidentiality under Union Law or the Member State Law, or under an obligation issued by the competent
    18 KB (1,599 words) - 12:26, 29 April 2022
  • The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone
    20 KB (1,854 words) - 16:32, 8 March 2024
  • of a misdemeanour procedure, provided that such an application of the rules in those Member States has an equivalent effect to administrative fines imposed
    19 KB (1,477 words) - 14:12, 7 November 2023
  • interpretations include 1) documents generated by an authority in its official capacity and 2) all documents held by an authority. Recital 154 seems to lean towards
    22 KB (2,177 words) - 10:01, 19 March 2024
  • The President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) is the national Data Protection Authority for Poland. It
    3 KB (249 words) - 14:38, 1 December 2020
  • constitute an appropriate safeguard for international data transfers. BCRs is one of the appropriate safeguards which can be used, in the absence of an adequacy
    29 KB (2,823 words) - 15:15, 28 April 2022
  • a controller is processing inaccurate personal data and that this may have an adverse effect on them (e.g. inaccurate bank account details which may lead
    32 KB (3,730 words) - 08:43, 7 March 2024
  • need for an EU framework to ensure the free flow of personal data within the European common market, the European Commission has proposed an EU Directive
    48 KB (5,978 words) - 15:57, 1 February 2024
  • in Article 12(8) and Article 43(8) shall be conferred on the Commission for an indeterminate period of time from 24 May 2016. 3.   The delegation of power
    19 KB (1,525 words) - 08:18, 19 October 2023
  • the consistent application of this Regulation, the Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should
    19 KB (1,530 words) - 14:23, 12 October 2023
  • not adopt such rules and is thus subject to the GDPR. As an illustration of this, in June 2020, an administrative court in Slovenia upheld a decision from
    25 KB (2,482 words) - 10:04, 19 March 2024
  • is required by the consistency mechanism”. The authority tasked with such an important role is the European Data Protection Board (EDPB). The ultimate
    15 KB (851 words) - 06:55, 29 April 2022
  • perform their tasks and exercise their powers with complete independence, is an essential component of the protection of natural persons with regard to the
    34 KB (3,649 words) - 13:19, 30 October 2023
  • to act under Article 66(1) shall be presumed to be met and require an opinion or an urgent binding decision from the Board pursuant to Article 66(2). Recital
    22 KB (1,915 words) - 13:46, 15 January 2024
  • the consistent application of this Regulation, the Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should
    18 KB (1,327 words) - 12:36, 14 December 2023
  • order to demonstrate compliance with the GDPR. Certification is thus viewed as an accountability framework, promoting both legal compliance and transparency
    27 KB (2,452 words) - 14:26, 28 July 2023
  • consistency mechanism, the Board should, within a determined period of time, issue an opinion, if a majority of its members so decides or if so requested by any
    22 KB (2,266 words) - 08:26, 17 October 2023
  • third country, a territory or a specified sector within that third country, or an international organisation; standard protection clauses; formats and procedures
    15 KB (810 words) - 16:13, 2 November 2023
  • 4(25) GDPR, which in turn refers to Article 1(1) of Directive (EU) 2015/1535, an "information society service" (ISS) is any service normally provided for remuneration
    19 KB (1,335 words) - 13:56, 24 October 2023
  • as necessary to reconcile the right to the protection of personal data with an obligation of professional secrecy. This is without prejudice to existing
    15 KB (787 words) - 08:17, 19 October 2023
  • based on the following factors. Unlike the Commission, the EDPS is itself an independent supervisory authority, has its own financial budget, independent
    20 KB (1,347 words) - 14:21, 17 October 2023
  • in the Union” can be exercised based on a contract concluded with an individual or an organisation, provided that they are established in the Union. The
    25 KB (2,418 words) - 14:11, 24 May 2023
  • not affect this Regulation or any other provisions of Union law and include an appropriate level of protection for the fundamental rights of the data subjects
    13 KB (450 words) - 08:22, 19 October 2023
  • service.’ The CJEU had previously ruled that a service may only be classified as an electronic communication service where it is responsible for the transmission
    20 KB (1,539 words) - 08:21, 19 October 2023
  • The Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka) is the national Data Protection Authority for Croatia. It resides in
    2 KB (158 words) - 17:18, 22 October 2023
  • Article 59 - Activity reports Each supervisory authority shall draw up an annual report on its activities, which may include a list of types of infringement
    15 KB (718 words) - 15:31, 19 October 2023
  • the consistent application of this Regulation, the Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should
    20 KB (1,632 words) - 10:01, 11 October 2023
  • disproportionate effort. It must therefore be concluded that the controller has an absolute obligation to record the recipients of personal data, in view of
    19 KB (1,436 words) - 12:35, 12 May 2023
  • The Commissioner for Personal Data Protection (Επίτροπος Δεδομένων Προσωπικού Χαρακτήρα) is the national Data Protection Authority for Cyprus. It resides
    2 KB (144 words) - 15:13, 1 December 2020
  • The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) is the national Data Protection Authority for Netherlands. It resides in The Hague and
    4 KB (380 words) - 12:08, 1 July 2023
  • The Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) is the national Data Protection Authority for Estonia. It resides in Tallinn and is
    2 KB (154 words) - 14:37, 1 December 2020
  • use of these identifiers can nevertheless be significant. If processed in an unsecured manner, they can notably lead to identity theft. The complexity
    15 KB (660 words) - 09:37, 1 December 2023
  • natural persons with regard to processing of their personal data. The CNPD is an independent public institution, financially and administratively autonomous
    10 KB (1,199 words) - 10:14, 19 October 2022
  • supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against
    12 KB (295 words) - 08:25, 19 October 2023
  • the other supervisory authorities, the Chair has also the right to request an opinion of the EDPB on any matter of general application or producing effects
    15 KB (808 words) - 09:44, 17 October 2023
  • You shall have the right to an effective judicial remedy against a Commissioner s decision. More information on how to file an appeal may be found at the
    4 KB (483 words) - 08:17, 12 July 2022
  • Section 24 of the Personal Data Processing Law, an administrative act issued by or actual action of an official of the DVI, may be contested in accordance
    6 KB (544 words) - 04:39, 11 October 2022
  • not affect this Regulation or any other provisions of Union law and include an appropriate level of protection for the fundamental rights of the data subjects
    17 KB (1,142 words) - 15:41, 28 April 2022
  • The Berlin DPA (Berliner Beauftragte für Datenschutz und Informationsfreiheit) is the state Data Protection Authority for the German state of Berlin. It
    2 KB (164 words) - 09:53, 18 May 2022
  • specific law. The DPA follows a two-fold approch in their cases. First, they have an administrative procedure where they investigate the case, including assessing
    5 KB (465 words) - 08:57, 9 January 2024
  • supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against
    13 KB (530 words) - 09:40, 3 October 2023
  • electronic form according to § 14(3) BDSG at bfdi.bund.de (in German). In case of an obviously unjustified complaint or excessive complaints from one complainant
    3 KB (297 words) - 14:49, 1 December 2020
  • Hamburg. The Hamburg DPA is divided into different departments. It offers an organigram here. There is a Data Protection Act of Hamburg (Hamburgisches
    4 KB (363 words) - 22:01, 7 December 2020
  • supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against
    16 KB (778 words) - 08:24, 19 October 2023
  • The Data Protection Office (Valstybinė duomenų apsaugos inspekcija) is the national Data Protection Authority for Lithuania. It resides in Vilnius and
    2 KB (155 words) - 08:58, 17 November 2023
  • the Head of the DPA. This decision can then only be challenged by an action before an administrative court (judicial review - on a question of law). In
    5 KB (441 words) - 09:34, 17 September 2022
  • supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against
    17 KB (1,768 words) - 15:41, 18 March 2024
  • the Slovak DPA has issued penalties in an amount of 132 600 €. The highest penalty imposed on the controller was an amount of 50 000 € for breaching obligations
    9 KB (1,006 words) - 07:13, 7 July 2021
  • The Catalonian DPA (Autoritat Catalana de Protecció de Dades, in Catalan, or Autoridad Catalana de Protección de Datos, in Spanish) is the regional Data
    3 KB (182 words) - 13:19, 15 September 2021
  • The Portuguese Data Protection Authority (Comissão Nacional de Protecção de Dados) is the national Data Protection Authority for Portugal. It resides in
    5 KB (531 words) - 13:25, 3 May 2023
  • The Bulgarian Data Protection Authority (Комисия за защита на личните данни) is the national Data Protection Authority for Bulgaria. It resides in Sofia
    2 KB (158 words) - 14:35, 1 December 2020
  • The Baden-Württemberg DPA (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg) is the state Data Protection Authority
    4 KB (275 words) - 11:13, 8 May 2022
  • The Hesse DPA (Hessischer Beauftragter für Datenschutz und Informationsfreiheit) is the state Data Protection Authority for the German state of Hesse.
    2 KB (164 words) - 13:59, 28 June 2022
  • The Rhineland-Palatinate DPA (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz) is the state Data Protection Authority
    2 KB (170 words) - 22:26, 7 December 2020
  • The Bavaria public sector DPA (Bayerischer Landesbeauftragter für den Datenschutz) is the state Data Protection Authority for the public sector for the
    2 KB (169 words) - 15:54, 21 September 2021
  • The Saarland DPA (Unabhängiges Datenschutzzentrum Saarland) is the state Data Protection Authority for the German state of Saarland. It is charge of enforcing
    2 KB (160 words) - 14:50, 1 December 2020
  • The Saxony DPA (Sächsische Datenschutzbeauftragte) is the state Data Protection Authority for the German state of Saxony. It is in charge of enforcing
    2 KB (160 words) - 22:28, 7 December 2020
  • The Bremen DPA (Landesbeauftragte für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen) is the state Data Protection Authority for the
    2 KB (167 words) - 22:24, 7 December 2020
  • The Saxony-Anhalt DPA (Landesbeauftragter für den Datenschutz Sachsen-Anhalt) is the state Data Protection Authority for the German state of Saxony-Anhalt
    2 KB (167 words) - 22:23, 7 December 2020
  • The State Data Protection Inspectorate (Datenschutzstelle) is the national Data Protection Authority for Liechtenstein. It resides in Vaduz and is in charge
    2 KB (153 words) - 10:31, 10 December 2020
  • district administration court (Verwaltungsgericht) in Düsseldorf. Regularly an appeal against the courts decision is possible at the Superior Administrative
    4 KB (372 words) - 10:45, 22 September 2021
  • supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against
    15 KB (943 words) - 09:58, 8 November 2023
  • The Mecklenburg-Vorpommern DPA (Landesbeauftragte für den Datenschutz Mecklenburg-Vorpommern) is the state Data Protection Authority for the German state
    2 KB (167 words) - 22:25, 7 December 2020
  • The Bavaria DPA (Bayerisches Landesamt für Datenschutzaufsicht) is the state Data Protection Authority for the German state of Bavaria. It is in charge
    2 KB (174 words) - 13:49, 23 December 2021
  • The Brandenburg DPA (Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht) is the state Data Protection Authority for the German state
    2 KB (168 words) - 22:22, 7 December 2020
  • The Schleswig-Holstein DPA (Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein) is the state Data Protection Authority for the German state
    2 KB (167 words) - 22:29, 7 December 2020
  • The Thuringia DPA (Thüringer Landesbeauftragte für den Datenschutz und die Informationsfreiheit) is the state Data Protection Authority for the German
    2 KB (165 words) - 14:54, 1 December 2020
  • The Basque DPA (DBEB, Datuak Babesteko Euskal Bulegoa, in Basque or AVPD, Agencia Vasca de Protección de Datos, in Spanish) is the regional Data Protection
    3 KB (195 words) - 13:21, 15 September 2021
  • The Andalusian DPA (Consejo de Transparencia y Protección de Datos de Andalucía) is the regional Data Protection Authority for the Spanish autonomous region
    3 KB (211 words) - 09:58, 18 June 2021
  • The Ålandic DPA (Datainspektionen på Åland, in Swedish) is the regional Data Protection Authority for Finland's autonomous region of Åland. It is in charge
    3 KB (209 words) - 14:42, 30 November 2021
  • Verlag 2017). Generally, when terms are not defined in Union law, they take on an autonomous meaning, any definitions drawn from national law cannot be relied
    27 KB (2,619 words) - 14:52, 16 November 2023
  • own motion. They provide an overview of their policy to ex officio supervision on their webpage. In addition they provide an overview over which sectors
    4 KB (356 words) - 11:51, 20 October 2022
  • supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against
    29 KB (3,695 words) - 13:44, 21 March 2024
  • regards to assessing safeguards whether the presence of an ombudsperson can ensure that the US provides an effective remedy to data subjects whether the SCCs
    12 KB (1,780 words) - 17:22, 10 March 2022
  • The adherence of the processor to an approved code of conduct or an approved certification mechanism may be used as an element to demonstrate compliance
    182 KB (24,065 words) - 13:40, 9 July 2021
  • advising the Commission. Article 71 GDPR states that the EDPB must draw up an annual report regarding the protection of natural persons with regard to data
    2 KB (207 words) - 14:56, 7 December 2023
  • on European Union, where an interpretation of the Treaties is not comprehensible and must thus be considered arbitrary from an objective perspective. If
    18 KB (1,831 words) - 13:49, 3 November 2022
  • Planet49 organized an online lottery hosted on their webpage. In order to participate in the lottery the participant had to enter a name and an address. Underneath
    6 KB (893 words) - 15:22, 24 March 2022
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors
    108 KB (17,097 words) - 13:52, 12 May 2023
  • The CJEU held that an Internet search engine operator is considered the controller (Article 2(d) Directive 95/46) in respect of the processing (within
    16 KB (2,423 words) - 13:03, 1 June 2023
  • 28 February 2022, the data subject filed an access request. Example: Not On 28.02.2022, the data subject filed an access request. Example: Not On February
    17 KB (2,510 words) - 13:56, 24 April 2023
  • submitted by a candidate at a professional examination and any comments made by an examiner with respect to those answers constitute personal data. The claimant
    6 KB (766 words) - 21:17, 5 March 2024
  • activities of an establishment of the controller on the territory of the Member State. It stated this notion of 'in the context of the activities of an establishment'
    13 KB (1,888 words) - 13:07, 1 June 2023
  • Directive 96/45 is defined as information relating to an identified or an identifiable natural person. Also, an identifiable person is one who can be identified
    9 KB (1,113 words) - 13:10, 1 June 2023
  • of such assumed political opinions of him. Therefore, the claimant brought an action for non-material damages before the Regional Court for Civil Law Matters
    5 KB (683 words) - 12:50, 28 June 2023
  • Compliance with an approved code of conduct referred to in Article 40 or an approved certification mechanism referred to in Article 42 may be used as an element
    48 KB (7,442 words) - 10:24, 12 September 2022
  • further considers that a company, an autonomous legal person, of the same group as the controller, can constitute an establishment of the controller within
    93 KB (14,936 words) - 17:09, 6 December 2023
  • concept of an undertaking, as defined in Articles 101 and 102 TFEU, and the principle of an economic entity, with the result that proceedings for an administrative
    7 KB (936 words) - 16:39, 12 December 2023
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors
    51 KB (8,592 words) - 07:03, 2 November 2021
  • from a job applicant what data an employer requests from an employee under which conditions it is permissible to process an employee's personal data on the
    9 KB (1,215 words) - 16:58, 18 May 2021
  • complying with an Instruction; (b) an Instruction does not comply with European Data Protection Law; or (c) Google is otherwise unable to comply with an Instruction
    117 KB (18,075 words) - 10:19, 12 September 2022
  • Was this an appeal? Choose yes, if this case was an appeal from a lower court or from any other decision. Original Decision Details: If this was an appeal
    17 KB (2,638 words) - 11:18, 19 February 2024
  • consuming compared to accepting. An “opt-out” solution would not meet the requirements for a valid consent, as it would not be an “unambiguous indication of
    18 KB (2,375 words) - 16:17, 6 December 2023
  • too high, an impact assessment. Additionally, the DPA issued a warning that the use of G Suite’s supplementary programs without carrying out an impact assessment
    75 KB (11,733 words) - 16:33, 21 August 2022
  • Ch D165). However, the Minors’ Contracts Act 1987 states that an 18 year old can ratify an unenforceable contract entered into when they were under 18 years
    14 KB (2,011 words) - 15:42, 25 November 2020
  • in itself sufficient to achieve an acceptable level of protection in the context of data transfers to the US and that an analysis of the national provisions
    113 KB (12,773 words) - 15:20, 6 December 2023
  • administrative procedure, but can be appealed to the courts. Personvernnemnda is an independent administrative body subordinated to the Norwegian Ministry of
    5 KB (427 words) - 15:48, 24 January 2022
  • of the data subject's age that a refusal to disclose to an injured party personal data is not an appropriate measure when these data are necessary to initiate
    5 KB (749 words) - 12:58, 1 June 2023
  • Protection Authority handles complaints filed with them. An appeal can be brought to Personvernnemda, an independent administrative body following § 15 of the
    8 KB (1,064 words) - 12:53, 23 June 2023
  • Information relating to legal proceedings brought against an individual and information relating to an ensuing conviction are data relating to ‘offences’ and
    4 KB (438 words) - 14:23, 11 August 2022
  • the controller relies on an overall bundled consent to anything contained in the terms and the privacy policy. This represents an “all-or nothing” approach
    53 KB (8,413 words) - 14:10, 30 January 2023
  • already an unlawful transfer of personal data to the USA and thus to a third country. Irrespective of the geographical storage of the data, there is an accessibility
    62 KB (10,113 words) - 12:48, 17 August 2022
  • carried out an initial phase of analysis of the security flaw, which led to an action plan to be implemented from June 2018. She also indicated that an initial
    41 KB (6,558 words) - 17:09, 6 December 2023
  • concerns a complaint from an X AS against the Data Inspectorate's decision of 14 July 2021, where the inspectorate charged the company an infringement fee of
    31 KB (5,018 words) - 18:44, 5 March 2022
  • stated by the CJEU that in the context of the examination of an abuse of a dominant position by an undertaking on a particular market, it may be necessary for
    8 KB (1,231 words) - 08:22, 6 July 2023
  • citizen through his electronic identity card in the context of an IT application, must also an alternative that the use of the electronic identity card does
    60 KB (9,144 words) - 16:17, 22 March 2022
  • consumer in an alternative relationship to the button "Accept all". Thus, the wording "Change settings" does not contain an unambiguous reference to an alternative
    66 KB (9,990 words) - 12:30, 29 January 2024
  • October 2020 (Annex K11, file, p. 421), the plaintiff received an answer from a landlord to an enquiry about a flat, stating that they could not rent him a
    51 KB (8,215 words) - 09:55, 13 May 2022
  • assessments on the website provide an e-mail address to the Medical List. This is not sensitive personal information. An email address in itself is not sensitive
    144 KB (23,058 words) - 18:48, 5 March 2022
  • in itself sufficient to achieve an acceptable level of protection in the context of data transfers to the US and that an analysis of the national provisions
    131 KB (14,752 words) - 08:36, 5 July 2023
  • personal information, for example as a customer to a supplier or as an employee or jobseeker to an employer. In a case like this, the criterion provides less guidance
    46 KB (7,024 words) - 06:18, 6 March 2022
  • GDPR constitutes an instrument for the exercise of public rights, whereas the legal action provided for in Article 79 GDPR constitutes an instrument for
    9 KB (1,308 words) - 12:54, 28 June 2023
  • identification of an interested party that is published in an official newspaper with the information that is recorded in the FIJ, constitutes in turn an infringement
    602 KB (102,229 words) - 14:21, 13 December 2023
  • July 29, 2022, an explanation of what measures the data protection officer has taken as a result of the decision, unless it applies for an amendment to this
    49 KB (7,496 words) - 14:44, 24 January 2024
  • indirectly, in particular by reference to an identifier such as a name, an identification number, a location data, an on-line identification or one or more
    79 KB (12,652 words) - 09:41, 10 September 2021
  • directly or indirectly specifically identified referring to an identifier such as a name, an identification number, a location data or online identifiers
    121 KB (13,722 words) - 15:16, 5 July 2023
  • in itself sufficient to achieve an acceptable level of protection in the context of data transfers to the US and that an analysis of the national provisions
    115 KB (12,842 words) - 08:38, 5 July 2023
  • a general provision opening up for processing personal data that represent an important public interest based on a balancing of interest with the fundamental
    7 KB (793 words) - 14:08, 1 October 2021
  • not limited by recital 63 GDPR. Article 12(5), 15(1) and 15(3) GDPR impose an obligation on a controller to provide the data subject, free of charge, with
    10 KB (1,478 words) - 11:17, 2 November 2023
  • the City of Helsinki's Social services and healthcare division. As a part of an application process to volunteer as a support person for children and youth
    41 KB (6,555 words) - 08:37, 4 March 2024
  • information about categories of recipients is sufficient. A data subject sent an access request to the Austrian Post (the controller) to obtain information
    8 KB (992 words) - 17:03, 4 February 2023
  • investigation. As this is an international issue with complainants residing in various Member States, the Belgian DPA provides an interlocutory decision on
    19 KB (2,707 words) - 16:50, 12 December 2023
  • assessed by national courts. Such an interpretation is capable of ensuring the protection of personal data and the right to an effective judicial remedy against
    13 KB (1,963 words) - 11:04, 5 January 2024
  • Court pointed out there is no docuiment showing that the applicant submitted an inspection request of the procedural files at stake. Then, the Court clarified
    14 KB (2,154 words) - 16:27, 10 March 2022
  • 24th February 2023 (Numero protocollo: 0033835) opened an investigation concerning ChatGPT, an AI service offered by the American company OpenAI. The investigation
    14 KB (2,049 words) - 07:46, 1 August 2023
  • The data subject made an access request (DSAR) to Wise Payments Limited ("Wise"), a financial institution with which he had an account. Wise declined
    9 KB (1,191 words) - 08:44, 23 January 2024
  • interface of the website. On the 23 September 2019, the controller learned that an ethical hacker managed to get access to the test database which contained
    49 KB (7,800 words) - 09:22, 5 January 2024
  • 95/46 which is defined as any information relating to an identified or identifiable natural person, an identified person being one who can be identified directly
    6 KB (580 words) - 13:05, 1 June 2023
  • Administrative Court (BVwG): "This does not include provisions totalling EUR 18m for an administrative fine imposed on Austrian Post by the Austrian Data Protection
    8 KB (611 words) - 16:12, 6 December 2023
  • Constitutional Court, in Judgements 292/2000 and 254/1993, confirmed it as an autonomous right, independent of the rights to intimacy [privacy], honour
    15 KB (1,875 words) - 16:18, 13 July 2022
  • determining the conclusion of an employment agreement or for the execution of that agreement. There are provisions about the validity of an employee's consent, the
    10 KB (1,037 words) - 14:52, 10 July 2020
  • Anna Nichols Legal Trainee at noyb.eu n/a Please be aware that noyb employees, trainees, and members often act in their function as administrators of this
    477 bytes (68 words) - 17:03, 11 August 2020
  • translation of the documents provided by the parties. On the 4th of February, an inspection report (of 13th July, 2020) was provided to the parties in French
    8 KB (1,156 words) - 16:56, 12 December 2023
  • data, and repealing Directive 95/46/EC (General Data Protection Regulation). An English translation is available here. There are no provisions in the national
    16 KB (2,260 words) - 19:26, 30 November 2021
  • subjects UF and AB underwent insolvency proceeding in Germany and were granted an early discharge from remaining debts by court decisions of 17 December 2020
    15 KB (2,180 words) - 08:23, 13 December 2023
  • committed an infringement of Article 83(4)-(6) GDPR. On 24 March 2020, the Lithuanian Minister of Health approved the development and implementation of an IT
    9 KB (1,234 words) - 12:48, 25 January 2024
  • The APD/GBA (the Belgian DPA) found that a hospital that requested an audit by an external expert was the controller for the audit-related processing activity
    7 KB (890 words) - 16:58, 12 December 2023
  • Asked whether an assessment of the health status of the BF had taken place, the MP stated that when an insurance contract was taken out, an assessment of
    48 KB (7,816 words) - 11:04, 29 July 2022
  • Administration Act states: When it is stipulated in law that an administrative sanction may be imposed on an enterprise, the sanction can be imposed even if no individual
    40 KB (5,943 words) - 18:54, 5 March 2022
  • the vicarious liability of an employer for misuse of private information by an employee and for breach of confidence by an employee has not been excluded
    87 KB (14,773 words) - 09:28, 1 March 2022
  • representatives do so for it. An administrative offence, however, is an unlawful and reproachable act that constitutes an offence under a law that allows
    36 KB (5,810 words) - 13:09, 21 January 2022
  • learned this (following an access request under Article 15 GDPR), he filed a lawsuit against the defendant. He requested (i) an injunction that the defendant
    27 KB (4,090 words) - 09:54, 10 September 2021
  • was an "isolated incident", which took place relatively shortly after "a new and very complex law was introduced" and that the rules concerning an employer's
    7 KB (802 words) - 18:53, 17 May 2022
  • complaint about the Data Inspectorate's imposition of an infringement fee of NOK 400,000 for having monitored an employee's e-mail box without a legal basis, cf
    25 KB (4,046 words) - 18:37, 5 March 2022
  • National Tax Number (NIF) of an alleged neighbour, in order to contact this third party for purposes of checking the boundaries of an allegedly adjacent land
    6 KB (657 words) - 10:02, 6 October 2021
  • principle i Article 108 § 1 of the Act requires be maintained where an applicant brings an action before the Market Court which, as a result rights (may) have
    25 KB (3,812 words) - 10:03, 20 August 2021
  • indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special
    32 KB (5,093 words) - 16:07, 11 September 2022
  • for reporting on persons shifts from an interest that focuses on the crime and the perpetrator to an interest in an analysis of the prerequisites and consequences
    133 KB (21,944 words) - 15:59, 22 March 2022
  • which are not obvious to an average visitor to the evaluation portal. In particular, the defendant does not establish such an obviousness by identifying
    121 KB (20,412 words) - 15:58, 10 March 2022
  • used for the imposition of an administrative fine. AP disagrees. The two reported data breaches only prompted the AP to launch an investigation into OLVG's
    67 KB (11,415 words) - 17:15, 12 December 2023
  • as joint controllers.-The complainant provides an overview of the provisions on which, according to him, an infringement has been committed. He also requests:1
    48 KB (7,926 words) - 16:56, 12 December 2023
  • (basic customers) were used on the site as an advertising platform for paying doctors (premium customers) in an inadmissible manner, partly due to functions
    143 KB (24,273 words) - 15:59, 10 March 2022
  • service, I sent an election advertisement for the defendant, in order to to avoid using his professional messaging in his capacity as an MPP. [...] And
    35 KB (5,853 words) - 16:58, 12 December 2023
  • in the form of [...]. On [...] November 2018. The Company received an e-mail from an unknown person informing about the theft of the Company's customer
    71 KB (11,304 words) - 10:01, 17 November 2023
  • (simple administrative appeal, otherwise known as an application for judicial review). remedy). This is an 'informal' administrative remedy as opposed to
    14 KB (2,181 words) - 11:27, 13 September 2023
  • access is understood to be an independent claim. In LAG Hessen 9 Sa 1431/19, the Court stated that "Nor is the applicant's action an abuse of rights. The right
    17 KB (2,758 words) - 14:10, 15 December 2021
  • dismissed. 32 a) With an undated letter from February 2017 and an attached addendum to the insurance certificate, the defendant had declared an increase in the
    24 KB (3,847 words) - 15:19, 11 September 2022
  • strictly necessary for the provision of an online communication service at the express request of the data subject. If an identifier had more than one purpose
    82 KB (13,463 words) - 17:03, 6 December 2023
  • The parent's request was rejected and they had to provide the school with an additional form underlining the fact that their son was not Orthodox Christian
    12 KB (1,464 words) - 15:37, 6 December 2023
  • the service (for example through a website, an application, an account with identifier, the interface of an IoT device or by email), it is obvious that
    113 KB (17,325 words) - 08:50, 19 March 2024
  • the Data Protection Commissioner has requested an explanation from Verkkokauppa.com Oyj in the case with an explanation request dated 13 April 2021. The
    77 KB (12,352 words) - 11:37, 27 March 2024
  • systematic is not such as to guarantee an appropriate involvement of the DPO, nor to establish his position in as an interlocutor within the organization
    66 KB (9,458 words) - 19:42, 4 September 2021
  • Office of the Data Protection Commissioner has requested an explanation from the clinic with an explanation request dated August 25, 2020. The deadline
    52 KB (7,936 words) - 22:32, 2 March 2024
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors
    29 KB (4,557 words) - 15:33, 6 December 2023
  • that it should have, the plaintiff filed an appeal with the court on February 21, 2020. The plaintiff also wants an assessment of the decision in which the
    25 KB (3,954 words) - 13:39, 16 November 2020
  • The Spanish DPA fined an individual 10,000€ for publishing personal data of a third person without their consent on an online blog. A data subject filed
    22 KB (3,319 words) - 13:00, 13 December 2023
  • the CNPD received several complaints and immediately started an investigation and issued an order to suspend the sending of personal data from the census
    163 KB (27,222 words) - 16:54, 6 December 2023
  • appear when creating an account under each of the privacy settings. In addition, an email message is sent to users when they create an account stating that:
    90 KB (14,556 words) - 17:08, 6 December 2023
  • as to the reliability of the AOD in the case - who, after all, is an entity with an interest in not disclosing the fact of the breach committed by its
    66 KB (10,785 words) - 10:00, 17 November 2023
  • Article 83 of the RGPD that an administrative fine of EUR 500 000, an injunction accompanied by a periodic penalty payment and an additional publication penalty
    62 KB (10,001 words) - 17:09, 6 December 2023
  • com/abstract=3319284. 10, i. An end user requests a web page; ii. The publisher's ad server on the web page selects an SSP; iii. The SSP then selects an Ad exchange; iv
    429 KB (58,279 words) - 09:12, 2 November 2022
View (previous 250 | ) (20 | 50 | 100 | 250 | 500)