Search results
From GDPRhub
- CJEU - C‑634/21 - SCHUFA (category Article 22(2)(b) GDPR)meaning of Article 22(1) of that regulation.’ Moreover, the Court addressed the relationship between Article 22(2)(b) GDPR and national law. Article 22(2)(b)6 KB (783 words) - 16:05, 12 December 2023
- VG Wiesbaden - 6 K 788/20.WI (category Article 22 GDPR)decision within the meaning of Article 22(1) and Article 22(2) GDPR - then the opening clause of Article 22(2)(b) GDPR does not apply to national rules52 KB (8,534 words) - 12:58, 15 December 2021
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))as referred to in Article 22(1) GDPR. For further details on the definition of automated decision-making see Article 22 GDPR and Article 4. In short, automated71 KB (9,532 words) - 13:30, 6 March 2024
- Article 12 GDPR (category GDPR Articles) (section (2) Facilitation of the exercise of rights and identification)are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- application, see Article 3(2)(b) GDPR, or automated decision making, see Article 22 GDPR. Profiling also triggers information duties under Articles 13(2)(f) and125 KB (16,328 words) - 16:01, 8 March 2024
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))categories. Similar to the ex-ante information in Article 13(2)(b) and 14(2)(c) GDPR, Article 15(1)(e) GDPR required to inform the data subject about the right73 KB (9,896 words) - 15:46, 18 March 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- entering the contract, Article 22(2)(a) GDPR does not mention this additional aspect. In any case, the application of Article 22(2)(a) GDPR is always subjected31 KB (4,768 words) - 06:24, 16 June 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)issued its Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR with a detailed analysis of Article 6(1)(b) GDPR. General information108 KB (17,005 words) - 15:39, 18 March 2024
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 34 GDPR (category GDPR Articles) (section (2) Minimal requirements of the controller's communication to the data subject)meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Article 23 GDPR (category GDPR Articles) (section (a) National security, (b) Defense and (c) Public security)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- commentary on Article 13(2)(b) GDPR. Given the identical wording, see commentary on Article 13(2)(c) GDPR. Given the identical wording, see commentary on Article47 KB (5,644 words) - 17:49, 5 March 2024
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 32 GDPR (category GDPR Articles) (section (b) Ongoing confidentiality, integrity, availability and resilience of processing systems and services)Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- subject to processing, as described in Article 3(2)(a) and (b) GDPR. Common Misunderstanding: The application of the GDPR does in no way depend on the citizenship37 KB (4,635 words) - 13:29, 24 October 2023
- from Articles 13(2)(b) and 14(2)(c) GDPR. However, Article 21(4) GDPR specifies that the right to object under Article 21(1) and 21(2) GDPR (i.e. the right49 KB (5,993 words) - 06:22, 16 June 2023
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Article 41 GDPR (category GDPR Articles) (section (2) Criteria for accreditation from the competent supervisory authority)clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- Article 17 GDPR (category GDPR Articles) (section (ii) Erasure following objection under Article 21(2))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- Article 7 GDPR (category GDPR Articles) (section (2) Consent request in the context of a written declaration concerning other matters)accountability in Article 5(2) GDPR, paragraph (2) specifies further requirements in the general principle of transparency under Article 5(1)(a) GDPR, paragraph31 KB (3,489 words) - 16:00, 8 March 2024
- liability and jurisdiction provisions (Articles 47(1)(b), 47(2)(d), 47(2)(e), 47(2)(g), 47(2)(i), 47(2)(l) GDPR); a duty for the EU BCR member to accept responsibility29 KB (2,823 words) - 15:15, 28 April 2022
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)contrast to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not32 KB (3,730 words) - 08:43, 7 March 2024
- must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller52 KB (7,297 words) - 08:05, 18 July 2023
- Article 65 GDPR (category GDPR Articles) (section (b) Conflict of views on the lead supervisory authority (LSA))lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- on Article 36(4), it is still disputed whether the outcome of the procedure rather resembles that of Article 58(3)(a) GDPR or Article 58(3)(b) GDPR. See31 KB (3,646 words) - 08:51, 21 July 2023
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- applicability of Article 49(1) GDPR, the documentation of suitable safeguards (Article 30(2)(c) GDPR). See commentary under Article 30(1)(e) GDPR. The processor's31 KB (3,327 words) - 15:31, 5 June 2023
- with the support of the EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph43 KB (5,641 words) - 14:58, 28 April 2022
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- Article 33 GDPR (category GDPR Articles) (section (2) Processor's notification in the event of a personal data breach)respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences54 KB (6,536 words) - 08:22, 16 June 2023
- Article 97 GDPR (category Article 97 GDPR)years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the16 KB (778 words) - 08:24, 19 October 2023
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 49 GDPR (category GDPR Articles) (section (b) Necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request)Regulation (GDPR): A Commentary, Article 49 GDPR, p. 846 (Oxford University Press 2020). EDPB, ‘Guidelines 2/2018 on derogations of Article 49 under Regulation29 KB (3,500 words) - 08:54, 27 March 2023
- Article 43 GDPR (category GDPR Articles)with the examination procedure referred to in Article 93(2). You can help us fill this section! Article 43 GDPR explains the procedure involved in establishing22 KB (1,634 words) - 14:40, 28 July 2023
- Regulation (GDPR), Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article15 KB (787 words) - 08:17, 19 October 2023
- to in Article 61(6) GDPR. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2) GDPR. → You24 KB (2,181 words) - 11:46, 15 January 2024
- Article 50 GDPR (category GDPR Articles)similar to the ones laid out by Article 50 GDPR. Article 50 GDPR is divided in two different parts: letters (a) and (b) aim for cooperation with other17 KB (1,142 words) - 15:41, 28 April 2022
- a binding dispute resolution procedure in accordance with Article 65 GDPR. Article 64(2) GDPR allows any SA, the EDPB Chair or the Commission to request23 KB (2,079 words) - 16:07, 2 November 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A delegated19 KB (1,525 words) - 08:18, 19 October 2023
- Article 75 GDPR (category Article 75 GDPR) (section (2) Exclusive Performance of Tasks under the Instructions of the Chair)Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 69 GDPR (category Article 69 GDPR) (section (2) The Board shall neither seek nor take instructions from any body)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- Article 54 GDPR (category GDPR Articles) (section (b) Qualifications and eligibility conditions for SA members)Commentary. Article 54(1)(b) GDPR echoes Article 53(2) GDPR, which outlines the qualificatory and experiential requirements for SA members. However, unlike Article34 KB (3,649 words) - 13:19, 30 October 2023
- pursuant to Article 40(7) GDPR. These DPAs will then confirm whether they are “supervisory authorities concerned” (see Article 4(22)(a)(b) GDPR). Finally44 KB (5,008 words) - 14:50, 28 July 2023
- Chair represents the Board (Article 68(2) GDPR) and is responsible for directing the work of the secretariat (Article 75(2) GDPR). Other specific responsibilities15 KB (808 words) - 09:44, 17 October 2023
- Article 55 GDPR (category GDPR Articles) (section (2) Exclusive competence regarding processing for compliance with a legal obligation or in the public interest)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Article 78 GDPR (category GDPR Articles) (section (2) Right to judicial remedy against DPA inactivity)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- Article 20 GDPR (category GDPR Articles) (section (2) Right to have personal data directly transmitted to another controller)pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is carried40 KB (5,349 words) - 07:05, 1 June 2023
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- laid down in Article 57 GDPR. The powers of SAs are both investigative and corrective, which are set out in Article 58 GDPR. Article 52(2) GDPR requires two47 KB (5,594 words) - 22:45, 1 April 2024
- Article 53 GDPR (category GDPR Articles) (section (2) Qualification, experience and skills of the member(s))occupation. For example, Article 52(2) GDPR requires SA members to remain free from external influence and Article 52(3) GDPR entails a prohibition of29 KB (2,894 words) - 23:06, 1 April 2024
- be read jointly with the Decree n° 2019-536 of May 29. According to Article 8(I)(2)(d) of the loi "Informatique et Liberté", a data subject or their representative(s)8 KB (824 words) - 22:52, 27 February 2024
- DSB (Austria) - 2021-0.586.257 (category Article 4(2) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- CJEU - Joined Cases C‑26/22 and C‑64/22 - SCHUFA (category Article 6(1) GDPR)interests under Article 6(1)(f) GDPR. On the erasure obligations under Article 17 GDPR, the CJEU held that under Article 17(1)(d) GDPR SCHUFA will be under15 KB (2,180 words) - 08:23, 13 December 2023
- LG Köln - 33 O 376/22 (category Article 6(1)(b) GDPR)conjunction with § 307 para. 1 sentence 2 BGB. The plaintiff bases claim 1.c. on § 2 para. 1, para. 2 p. 1 no. 11 b) UKlaG in conjunction with. § 25 para66 KB (9,990 words) - 12:30, 29 January 2024
- BVwG - W211 2222613-2/12E (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- CJEU - C‑307/22 - Copies of Medical Records (category Article 12(5) GDPR)the first sentence of recital 63 GDPR. Neither the wording of Article 12(5) GDPR nor that of Article 15(1) and (3) GDPR condition the provision (to access10 KB (1,478 words) - 11:17, 2 November 2023
- BVwG - W258 2217446-1 (category Article 9(2) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO,79 KB (12,652 words) - 09:41, 10 September 2021
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)DI-2020-11373 2(23) Date: 2023-06-30 2.2.1 Applicable regulations, etc. ................................................... .....9 2.2.2 The Privacy Protection113 KB (12,773 words) - 15:20, 6 December 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the AEPD602 KB (102,229 words) - 14:21, 13 December 2023
- AEPD (Spain) - EXP202209511 (category Article 6(1) GDPR)IMPOSE B.B.B., with NIF ***NIF.1, for a violation of Article 6.1 and another of article 13 of the RGPD, typified in Article 83.5 letters a) and b) of the22 KB (3,257 words) - 13:28, 13 December 2023
- AEPD (Spain) - EXP202209001 (category Article 83(5)(b) GDPR)SECOND: NOTIFY this resolution to B.B.B.. THIRD: ORDER to B.B.B., with NIF ***NIF.1, which by virtue of article 58.2.d) of the RGPD, within a period of22 KB (3,303 words) - 13:28, 13 December 2023
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- AEPD (Spain) - PS/00451/2019 (category Article 6(1)(f) GDPR)regard to article 83.2 (k) of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k) of26 KB (4,231 words) - 14:44, 13 December 2023
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)by the EDPB pursuant to Article 66(2) GDPR. Temporary ban on processing (order) Pursuant to Article 66(1) GDPR and 58(2)(f) GDPR the Norwegian DPA consequently99 KB (14,431 words) - 16:20, 6 December 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)Sections 1004 analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could be39 KB (6,362 words) - 14:01, 22 June 2023
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)RESOLVES: FIRST: IMPOSE B.B.B., with NIF ***NIF.1, for a violation of Article 6 of the GDPR, typified in Article 83.5.a) of the GDPR, and classified as very74 KB (11,726 words) - 13:02, 13 December 2023
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.121 KB (13,722 words) - 15:16, 5 July 2023
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)the OCE informs that on 2 April 2019 the mandatory copy of the Electoral Census had been delivered to its representative, Mr. B.B.B, for the purposes provided26 KB (4,032 words) - 14:31, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 39(1)(b) GDPR)analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches66 KB (9,458 words) - 19:42, 4 September 2021
- AEPD (Spain) - EXP202105680 (category Article 83(5)(b) GDPR)very serious in article 72.1. e) from the LOPDGDD, with 10,000 euros. -article 13 of the GDPR, in accordance with article 83.5 b) of the GDPR, and for the66 KB (10,558 words) - 13:14, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 7285/183/18 (category Article 5(1)(b) GDPR)General Data Protection Regulation Article 5(1)(a), (b) and (c). Article 7 Article 9 Article 25 paragraph 2 Article 58 Article 83 Data Protection Act Section73 KB (11,237 words) - 05:34, 21 July 2022
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(b) GDPR)taken up again at Article 5.1(b) of the GDPR under the Principles for the Processing of Personal Data (Chapter II). 16. Article 5.1(b) of the GDMP provides35 KB (5,853 words) - 16:58, 12 December 2023
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)of personal data of clients or third parties (article 83.2.k, of the GDPR in relation to article 76.2.b, of the LOPDGDD). The Judgment of the National26 KB (4,147 words) - 13:27, 13 December 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(b) GDPR) (section Article 17(1)(d) GDPR)cites Articles 5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing31 KB (4,648 words) - 13:56, 12 May 2023
- AEPD (Spain) - EXP202206626 (category Article 5(1)(c) GDPR)300 euros (THREE HUNDRED euros). SECOND: ORDER D. B.B.B. that, pursuant to article 58.2 d) of the GDPR, in the Within ten business days, take the following35 KB (5,475 words) - 13:21, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 58(2)(b) GDPR)the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR. As a result, the DPA issued52 KB (7,936 words) - 22:32, 2 March 2024
- within the meaning of Art. 83(2)(b) GDPR. 69 In the opinion of the Senate, the review and deletion periods under section II.2.b) of the Rules of Conduct regarding51 KB (8,215 words) - 09:55, 13 May 2022
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)§ 8 clause 2 of the GTC agreed between the parties (according to § 8 b paragraph 2 MB/KK). 52 § 8 b para. 2 MB/KK violates §203 sentence 2 VVG and is therefore40 KB (6,325 words) - 16:12, 18 May 2022
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 46(2)(c) GDPR)II.2) at. I.4. At the request of the bB of January 22, 2021 (VWA ./25, see point II.2), the BF1 in the Follow an opinion (VWA ./26, see point II.2). In158 KB (26,392 words) - 08:25, 7 June 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)infringement of Article 5.1 c) AVG has been proven. f)Transparent information (Article 5.1(a); Article 12.1. and Article 13.1. and 13.2. AVG) 43.The complainant48 KB (7,926 words) - 16:56, 12 December 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 18(2) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)***EMAIL.1 and the tenants are Mr. B.B.B. and Ms. C.C.C., with an e-mail address for notification purposes ***EMAIL.2 FOURTH: On 07/02/19, the Subdirectorate39 KB (6,623 words) - 14:08, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 58(2)(b) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)with the principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of61 KB (10,257 words) - 10:15, 1 November 2023
- AEPD (Spain) - EXP202301529 (category Article 17 GDPR)violated the provisions of Article 17 of the GDPR and Article 21 of the GDPR and urge GLOBAL CAPITAL GROUP SPAIN, S.L. with NIF B87258091, so that, within20 KB (3,078 words) - 13:05, 13 December 2023
- BVwG - W176 2244407-1/18E (category Article 15(4) GDPR)standardized in Articles 12-22 through the opening clause in Article 23 GDPR. Restrictions on the right to information under Art. 15 GDPR result in particular48 KB (7,816 words) - 11:04, 29 July 2022
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines75 KB (12,421 words) - 13:23, 13 December 2023
- Datatilsynet (Norway) - 20/02375 (category Article 6(1)(f) GDPR)rating, breaching Article 6(1) GDPR, and required the company to implement a policy for conducting credit ratings per Article 24 GDPR. A person lodged a40 KB (5,943 words) - 18:54, 5 March 2022
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 35(2) GDPR)of paragraphs 1 and 2 and paragraph b) of paragraph 3, all of article 35, and paragraph a) of paragraph 4 of article 83, all GDPR, with a fine of up to163 KB (27,222 words) - 16:54, 6 December 2023
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines22 KB (3,427 words) - 13:26, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9524194 (category Article 58(2)(f) GDPR)informed of this provision. Pursuant to Article 78 of the Regulation, as well as to Article 152 of the Code and Article 10 of Legislative Decree no. 150 of9 KB (1,280 words) - 15:53, 6 December 2023
- HDPA (Greece) - 18/2020 (category Article 5(2) GDPR)compliance and accountability with the principles of Article 5(1) and par.2 in conjunction with Article 6(1) GDPR. B. imposes on NEW YORK COLLEGE S.A. the effective12 KB (1,733 words) - 15:34, 6 December 2023
- CJEU - C-439/19 - B v. Latvijas Republikas Saeima (category Article 2(2)(b) GDPR)the GDPR, and no exception is applicable. Article 2(2)(a) and (b) of the GDPR represents partly a continuation of the first indent of Article 3(2) of Directive12 KB (1,792 words) - 18:13, 1 February 2023
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)that the letter in question referred to Article 58(1)(a) of the GDPR and Article 5:16 in conjunction with Article 5:17 of the Awb does not make this any67 KB (11,415 words) - 17:15, 12 December 2023
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing49 KB (7,800 words) - 09:22, 5 January 2024
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)AEPD fined in €2,000 a website for non-GDPR compliant privacy policy, violating Article 13 GDPR. On January 16, 2022 the data subject complaint against29 KB (4,482 words) - 14:06, 5 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 3216/452/17 (category Article 9(2)(a) GDPR)violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR. As a result, and in accordance with Article 58(2)(d) GDPR, the60 KB (9,117 words) - 14:46, 24 January 2024
- APD/GBA (Belgium) - 149/2023 (category Article 13(2) GDPR)of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2. a)113 KB (17,325 words) - 08:50, 19 March 2024
- BVwG - W211 2210458-1/10 (category Article 2(1) GDPR)2019, BVwerG 6 C 2.18 "It follows that the opening clauses of Article 6.2 and 6.3 GDPR for processing operations under Article 6.1(1)(e) GDPR do not cover92 KB (15,435 words) - 16:00, 22 March 2022
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)..................... .14 2.2.1 Applicable regulations, etc. ................................................... ...14 2.2.2 The Privacy Protection Authority's131 KB (14,752 words) - 08:36, 5 July 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))..............69 B.2.2. - Determining the purposes ofthe processingofpersonal datawithin the TCF...............................71 B.2.3. - Determiningthe429 KB (58,279 words) - 09:12, 2 November 2022
- AZOP (Croatia) - Decision 22-02-2021 (category Article 32(1)(b) GDPR)Decision 22-02-2021 Authority: AZOP (Croatia) Jurisdiction: Croatia Relevant Law: Article 32(1)(b) GDPR Article 32(1)(d) GDPR Article 32(2) GDPR Article 32(4)2 KB (197 words) - 15:52, 30 October 2023
- HDPA (Greece) - 22/2023 (category Article 58(2)(b) GDPR)reprimand in accordance with Article 58(2)(b) GDPR for these established violations. The DPA issued an order, as per Article 15(4)(b) of the Greek Law 4624/20195 KB (616 words) - 09:37, 24 October 2023
- Garante per la protezione dei dati personali (Italy) - 9574709 (category Article 58(2)(d) GDPR)Moreover, the information provided as per Article 13 GDPR were not compliant with the requirements of Article 12 GDPR in light of the fact that TikTok services17 KB (2,519 words) - 15:55, 6 December 2023
- AEPD (Spain) - PS/00070/2019 (category Article 5(1)(b) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- CNIL (France) - SAN-2019-010 (category Article 21(2) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4022/171/22 (category Article 58(2)(b) GDPR)Finnish DPA found a healthcare provider to have breached Article 32(1) GDPR and Article 32(2) GDPR for not implementing appropriate technical and organisational14 KB (1,978 words) - 16:09, 21 February 2024
- AEPD (Spain) - EXP202205932 (category Article 6(1) GDPR)third parties (article 83.2.k, of the C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 10/11 RGPD in relation to article 76.2.b, of the LOPDGDD)32 KB (4,952 words) - 13:11, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 1011/161/22 (category Article 58(2)(b) GDPR)reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA also ordered the controller to erase the15 KB (2,137 words) - 20:18, 27 March 2024
- CNIL (France) - SAN-2019-005 (category Article 32(2) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG, le règlement s'applique96 KB (15,396 words) - 16:50, 12 December 2023
- AEPD (Spain) - PS/00220/2020 (category Article 83(2)(b) GDPR)significant negligent action (Article 83(2)(b) GDPR) and that basic personal identifiers were affected (Article 83(2)(g) GDPR). The economic volume of the28 KB (4,295 words) - 14:11, 13 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read131 KB (22,429 words) - 16:57, 12 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)breach of Article 32 of the GDPR has occurred. B. On the failure to notify the data breach to the CNIL 32. Pursuant to Article 33 (1) of the GDPR, in the26 KB (4,050 words) - 17:10, 6 December 2023
- Personvernnemnda (Norway) - 2021-03 (category Article 5(2) GDPR)Ordinance Article 6 No. 1 letter f, for failure to assess protests, cf. Article 21, and for lack of information, cf. Article 13. 2. Pursuant to Article 58 (2)25 KB (4,046 words) - 18:37, 5 March 2022
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)section 2, letter b), of this article. The The implementing act shall be adopted in accordance with the examination procedure referred to in re article 93,44 KB (6,642 words) - 10:34, 13 December 2023
- AEPD (Spain) - PS/00116/2020 (category Article 13 GDPR)cookies, as per Article 22(2) Spanish Law on Information Society Services (LSSI). This law regulates cookies, connected to Article 13 GDPR. The decision16 KB (2,380 words) - 14:01, 13 December 2023
- AEPD (Spain) - EXP202201721 (category Article 6(1) GDPR)violated Article 6 and Article 32 GDPR. The DPA seems to consider the authentication procedure itself as "processing" and therefore Article 32 GDPR applies79 KB (12,408 words) - 13:24, 13 December 2023
- specified in Article 83 of the GDPR. 92. 92. Firstly, the restricted formation emphasises that, in this case, the criterion provided for in Article 83(2)(a) of73 KB (11,864 words) - 17:03, 6 December 2023
- AEPD (Spain) - PS/00132/2022 (category Article 6(1) GDPR)A.A.A., herein the data controller, violated Article 6 GDPR and Article 13 GDPR, as well as Article 22.2 LSSI (Spanish national law). The data subject52 KB (8,416 words) - 12:59, 13 December 2023
- AEPD (Spain) - EXP202209175 (category Article 13 GDPR)Data Protection Agency sanction B.B.B., with NIF ***NIF.1, for a violation of Article 13 of the RGPD, typified in the Article 83.5 of the RGPD, with a fine17 KB (2,368 words) - 13:28, 13 December 2023
- AEPD (Spain) - EXP202104460 (category Article 7 GDPR)service in the terms required by article 22.2.”, and may be sanctioned with a fine of up to €30,000, in accordance with article 39 of the aforementioned LSSI31 KB (4,923 words) - 12:39, 13 December 2023
- AEPD (Spain) - EXP202202088 (category Article 5(1)(c) GDPR)Agency RESOLVES: FIRST: IMPOSE B.B.B., with NIF ***NIF.1, for an infraction of Article 5.1.c) of the RGPD, typified in Article 83.5 of the RGPD, a fine of22 KB (3,380 words) - 13:02, 13 December 2023
- AEPD (Spain) - PS/00141/2020 (category Article 6(1)(a) GDPR)Judiciales (JAVA). JAVA infringed Article 6(1)(a) GDPR by publishing illegal recordings on its website and also infringed Article 22(2) LSSI due to its cookie policy26 KB (4,150 words) - 14:05, 13 December 2023
- AEPD (Spain) - PS/00100/2020 (category Article 13 GDPR)contrary to the legal provisions established in article 22.2 LSSI. This Infraction is classified as "minor" in Article 38.4 g) of the aforementioned Law, and may27 KB (4,296 words) - 13:59, 13 December 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose52 KB (7,520 words) - 13:13, 20 July 2021
- HDPA (Greece) - 4/2020 (category Article 5(2) GDPR)parent's request, thus violating Article 15(1) and (4) GDPR as well as the principle of accountability pursuant to Article 5(2) GDPR. The complainant requested18 KB (2,865 words) - 15:33, 6 December 2023
- AEPD (Spain) - EXP202103746 (category Article 58(2) GDPR)violation of data minimisation, Article 5(1)(c) GDPR. No fines can be imposed against the controller and Article 83(5) GDPR can therefore not be imposed.16 KB (2,041 words) - 13:34, 13 December 2023
- AEPD (Spain) - PS/00268/2020 (category Article 13 GDPR)Policy on their website (Article 13 GDPR) and for the absence of a reject button on the second layer of their Cookie Policy (Article 22(2) LSSI). The claimant17 KB (2,700 words) - 14:23, 13 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 5(2) GDPR)provisions of Article 5.1 of the AVG, but concerns the entire AVG. 31. The aforementioned follows from the merger of Article 5.2 of the AVG and Article 24.1 of35 KB (5,526 words) - 16:56, 12 December 2023
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)data Article 9.2.a: Explicit consent Article 9.2.b: Execution of labor law obligations etc. Article 9.2.c: Protection of vital interests Article 9.2.d: Edit9 KB (1,168 words) - 15:30, 6 December 2023
- AEPD (Spain) - TD/00182/2019 (category Article 15 GDPR)resolution to Mr. A.A.A., on behalf of Ms. B.B.B. and to KUTXABANK, S.A.. In accordance with the provisions of Article 50 of the LOPDGDD, this Resolution will18 KB (2,922 words) - 14:51, 13 December 2023
- AEPD (Spain) - EXP202205353 (category Article 5(1)(f) GDPR)the alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement22 KB (3,386 words) - 16:05, 13 December 2023
- AEPD (Spain) - PS/00234/2020 (category Article 7 GDPR)AEPD concluded that the defendant could have breached Article 13 GDPR, Article 7 GDPR and Article 22(2) LSSI: there was no identification of the data controller47 KB (7,368 words) - 14:21, 13 December 2023
- CNIL (France) - Google Analytics (no case number) (category Article 4(22) GDPR)be personal data per Article 4 GDPR. The CNIL then assessed whether the transfers of the data to the US comply with Article 44 GDPR. It considered whether40 KB (5,904 words) - 16:51, 24 February 2022
- AEPD (Spain) - PS/00076/2021 (category Article 6(1) GDPR)this year, it made, in summary, the following allegations: a) “D. B.B.B. On January 22, 2019, he signed a Contract for the Assignment of Rights to Image15 KB (2,292 words) - 13:56, 13 December 2023
- AEPD (Spain) - PS/00092/2020 (category Article 58(2) GDPR)infringement of article 13) of the RGPD, regarding its Privacy Policy. b- 3,000 euros (three thousand euros), for the infringement of article 22.2) of the LSSI22 KB (3,514 words) - 13:58, 13 December 2023
- AEPD (Spain) - EXP202102088 (category Article 83(5)(b) GDPR)accordance with the provisions of article 22 of Regulation (EU) 2016/679.” IV By virtue of the provisions of article 58.2 of the RGPD, the Spanish Agency26 KB (3,881 words) - 13:35, 13 December 2023
- AEPD (Spain) - TD/00248/2020 (category Article 12 GDPR)COUNCIL OF EDUCATION, *** IES B.B.B .. SECOND: NOTIFY this resolution to Ms. A.A.A. and to the COUNCIL OF EDUCATION, *** IES B.B.B .. In accordance with the25 KB (3,972 words) - 14:47, 13 December 2023
- AEPD (Spain) - PS/00446/2021 (category Article 5(1)(c) GDPR)ADDRESS B.B.B., with NIF ***NIF.1, for a violation of article 13 of the GDPR, typified in article 83.5.b) of the GDPR, a warning. SECOND: TO ORDER B.B.B., with24 KB (3,717 words) - 13:04, 13 December 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(2) GDPR)for the violation of Article 5(1)(f) GDPR and Article 5(2) GDPR. The AEPD considered that the fine was proportional, since the GDPR establishes that fines270 KB (43,335 words) - 12:39, 13 December 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- Protection Agency san- tion to D. B.B.B.. with NIF ***NIF.1, owner of the website ***URL.1, for an infringement tion of Article 22.2 of the LSSI regarding the52 KB (7,564 words) - 12:41, 13 December 2023
- AEPD (Spain) - PS/00180/2020 (category Article 13 GDPR)as per Article 22(2) of the Spanish Law on Information Society Services (LSSI) — amongst others, the Spanish law regulating cookies — and Article 13 of38 KB (5,879 words) - 14:07, 13 December 2023
- CNIL (France) - SAN-2022-019 (category Article 3(2) GDPR)did not react either. GDPR applicable? (Article 3(2) GDPR) The DPA held that the GDPR was applicable pursuant of Article 3(2) GDPR. Because the controller11 KB (1,452 words) - 17:03, 6 December 2023
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)the Personal Data Act and the Privacy Ordinance, cf. section 2 and Article 2 of the Ordinance 2. The Personal Data Act and the Privacy Ordinance are coming49 KB (7,646 words) - 07:56, 7 March 2022
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)...................... .11 2.2.1 Applicable regulations, etc. ................................................ ...11 2.2.2 The Privacy Protection Authority's115 KB (12,842 words) - 08:38, 5 July 2023
- NAIH (Hungary) - NAIH/2020/3479 (category Article 5(1)(d) GDPR)Infotv. Pursuant to Section 60 (2): “For the initiation of data protection authority proceedings Article 77 (1) and Article 22 (b) of the General Data Protection30 KB (4,563 words) - 10:12, 17 November 2023
- AEPD (Spain) - PS/00385/2020 (category Article 58(2)(b) GDPR)their privacy policy in line with Article 6(1)(a) GDPR within a month. The AEPD also held that URLs 1-4 breached Article 22(2) of the Law 34/2002 (LSSI), the55 KB (8,967 words) - 14:33, 13 December 2023
- AEPD (Spain) - EXP202103039 (category Article 13 GDPR)pursuant to Article 13 GDPR. In the present case, the controller omitted this obligation. The DPA therefore held that the controller violated Article 13 GDPR22 KB (3,385 words) - 13:35, 13 December 2023
- BVwG - W101 2132183-1 and W101 2132039-1 (category Article 12(2) GDPR) (section Use of online tools to provide access in line with Article 12 GDPR)personal data and information under Article 15 GDPR in his Google account, Google has not violated Article 15 GDPR concerning this data/information. As107 KB (17,615 words) - 09:42, 10 September 2021
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled27 KB (4,216 words) - 13:26, 8 January 2024
- AEPD (Spain) - PS/00317/2020 (category Article 13 GDPR)the lack of a privacy and cookie policy on a website infringe Article 13 GDPR and Article 22(2) LSSI? The AEPD decided to impose a fine to the clinic: € 200031 KB (4,862 words) - 14:28, 13 December 2023
- AEPD (Spain) - PS/00057/2020 (category Article 7 GDPR)ESLORA PROJECTOS,SL, with CIF: B95608196 owner of the web pages: *** URL.1 , *** URL.2 and *** URL.3 ,for violation of article 22.2) of the LSSI, punishable31 KB (4,757 words) - 13:52, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 13(2)(b) GDPR)mandatory by article 13.2.a) of the GDPR. 2.2 Regarding the exercise of their rights by the persons concerned 67 53. In the context of objective 2, the head82 KB (11,472 words) - 16:58, 6 December 2023
- HDPA (Greece) - 47/2022 (category Article 28(3) GDPR)data subject (Article 26 GDPR). The processing by the processor must, in accordance with the provisions of article 28 paragraph 3 of the GDPR, be governed25 KB (3,943 words) - 14:32, 28 September 2022
- AEPD (Spain) - PS/00436/2021 (category Article 13(2) GDPR)that, in cases of video surveillance, Article 22.4 LOPDGDD provides that the duty of disclosure in Article 12 GDPR may be fulfilled by placing a sign near20 KB (3,085 words) - 12:24, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.009.232 (category Article 58(2) GDPR)breaching Article 12(3) GDPR, since it failed to notify the data subject that her erasure request was satisfied, as well as Article 24(1) GDPR, given that17 KB (2,515 words) - 11:17, 6 February 2024
- Personvernnemnda (Norway) - PVN-2023-03 (category Article 55 GDPR)under section 2, second paragraph, letter b, meaning that the DPA did not have any authority on the process, pursuant to Article 55 GDPR and section 2019 KB (2,858 words) - 10:06, 17 November 2023
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 13(2)(a) GDPR)violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed60 KB (9,144 words) - 16:17, 22 March 2022
- AEPD (Spain) - PS/00388/2020 (category Article 7 GDPR)regards to a violation of Article 7 GDPR, for gathering consent in a generic way. To fine the controller €3000 for infringing Article 22(2) LSSI, for installing52 KB (8,471 words) - 14:33, 13 December 2023
- AEPD (Spain) - PS/00135/2020 (category Article 58(2) GDPR)sedeagpd.gob.es 12/22 The Director of the Spanish Data Protection Agency is competent to settle this complaint in accordance with Article 12.2, sections i) and47 KB (7,756 words) - 14:04, 13 December 2023
- AEPD (Spain) - PS/00410/2019 (category Article 7 GDPR)as per Article 22(2) of the Spanish Law on Information Society Services (LSSI) —this is the Spanish law regulating cookies, connected to Article 13 of the15 KB (2,192 words) - 14:36, 13 December 2023
- AEPD (Spain) - PS/00054/2020 (category Article 5(1)(c) GDPR)have ordered me. 2º- On January 2, 2021, I proceed to sue the company […], whose legal representatives or administrators are A.A.A. and B.B.B .. The reason37 KB (6,022 words) - 13:52, 13 December 2023
- AEPD (Spain) - PS/00185/2020 (category Article 13 GDPR)of processing (Article 32 GDPR), the transparency principle (Article 13 GDPR) and its information duties related to cookies (Article 22(2) of the Spanish20 KB (3,162 words) - 14:08, 13 December 2023
- AEPD (Spain) - EXP202200999 (category Article 6(1) GDPR)processing is based on consent under Article 6(1)(a) GDPR, the consent must meet the requirements of, among others, Article 7 GDPR. The DPA observed deficiencies51 KB (7,867 words) - 13:10, 13 December 2023
- AEPD (Spain) - PS/00357/2020 (category Article 13 GDPR)accordance with provided for in article 58.2.b) of the RGPD, for an infringement of article 13 of the RGPD, typified in article 83.5 of the RGPD, a warning20 KB (3,075 words) - 14:32, 13 December 2023
- AEPD (Spain) - PS/00006/2022 (category Article 12 GDPR)violation of the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned54 KB (8,870 words) - 10:43, 13 December 2023
- AEPD (Spain) - PS/00386/2019 (category Article 7 GDPR)as per Article 22(2) of the Spanish Law on Information Society Services (LSSI) —this is the Spanish law regulating cookies, connected to Article 13 of the16 KB (2,335 words) - 14:33, 13 December 2023
- AEPD (Spain) - PS/00036/2020 (category Article 58(2) GDPR)according to ***URL.2 - gads, expiring on November 2, 2021 and for advertising purposes according to ***URL.2 - _ga, expiring on 2 November 2021 and for16 KB (2,587 words) - 13:50, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)investigation regarding the violation of Article 15(1)(b) and (c). In accordance with Article 58(2) and Article 83(2), the DPA fined Company A €1,500. Since76 KB (11,147 words) - 16:58, 6 December 2023
- AEPD (Spain) - PS/00010/2020 (category Article 83(2)(b) GDPR)regard to article 83.2 (k) of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k) of22 KB (3,523 words) - 13:45, 13 December 2023
- AEPD (Spain) - PS/00003/2020 (category Article 5(1)(c) GDPR)the complaint (Article 83 (2) (f) GDPR), not linking the activity of the offender to the processing of personal data (Article 76 (2) (b) LOPDGD), the non-existence50 KB (7,524 words) - 13:44, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 9209/157/2019 (category Article 58(2)(b) GDPR)Protection Regulation (2016/679) Article 12 (4), Article 17 (3), Article 21 (2) and (3), Article 25 (2), Article 58 (2) (b) Section 2 of the Health Care Professional20 KB (3,108 words) - 13:02, 3 March 2024
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph28 KB (4,527 words) - 15:58, 26 April 2022
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)imposition of measures, according to article 58.2 d) of the GDPR. Along with it and In accordance with article 58.2 of the GDPR, it was also indicated that the195 KB (30,495 words) - 12:40, 13 December 2023
- AEPD (Spain) - TD/00109/2020 (category Article 15 GDPR)other means. 2. The data controller shall facilitate the exercise of his rights under Articles 15 to 22. In the cases referred to in Article 11(2), the person19 KB (3,100 words) - 14:50, 13 December 2023
- NAIH (Hungary) - NAIH/2020/6484 (category Article 15(1)(a) GDPR)under this Article. Article 11 (2) In the cases referred to in paragraphs 15 to 22, the controller shall exercise their rights under Article may not refuse27 KB (4,159 words) - 10:13, 17 November 2023
- Datatilsynet (Denmark) - 2019-441-1581 (category Article 34 GDPR)which also refers to Article 34 (1) of the Data Protection Regulation. 3 (b). The Data Inspectorate should note that Article 34 (2) does. 3, points to the24 KB (3,365 words) - 16:37, 6 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)of a link to this information. This was a violation of Article 12. Based on Article 13(2)(a) GDPR and WP29 guidelines on transparency, the CNIL noted that48 KB (7,404 words) - 17:09, 6 December 2023
- AEPD (Spain) - PS/00266/2019 (category Article 83(2)(e) GDPR)ONLINE S.L. with NIF B87298923, in accordance with the provisions of article 58.2.b) of the RGPD, for the alleged infringement of article 13 of the RGPD, typified28 KB (4,459 words) - 14:23, 13 December 2023
- AEPD (Spain) - EXP202100639 (category Article 5(1)(c) GDPR)alleged infringement of article 5.1.c) of the RGPD and article 13 of the RGPD, typified in Article 83.5 a) and b) of the GDPR. FIFTH: On 12/17/2021 the32 KB (4,945 words) - 13:25, 13 December 2023
- AEPD (Spain) - EXP202211953 (category Article 5(1)(a) GDPR)of measures, according to the aforementioned article 58.2 d) of the RGPD. c).- Violation of article 22.2 of the LSSI, due to the deficiencies detected85 KB (13,042 words) - 12:42, 13 December 2023
- AEPD (Spain) - PS/00268/2019 (category Article 13 GDPR)TODOTECNICOS24H S.L. with NIF B86558533, in accordance with the provisions of article 58.2.b) of the RGPD, for the alleged infringement of article 13 of the RGPD, typified28 KB (4,435 words) - 14:23, 13 December 2023
- AEPD (Spain) - TD/00262/2019 (category Article 17 GDPR)exercised by a complainant pursuant to Article 17 GDPR and analysed the exercise of the rights under Articles 15-22 GDPR. On 15 February 2019, Mrs A.A.A. (hereinafter17 KB (2,751 words) - 14:51, 13 December 2023
- AEPD (Spain) - PS/00299/2019 (category Article 7 GDPR)as per Article 22(2) of the Spanish Law on Information Society Services (LSSI) —this is the Spanish law regulating cookies, connected to Article 13 GDPR21 KB (3,202 words) - 14:54, 13 December 2023
- AEPD (Spain) - EXP202200429 (category Article 5(1)(c) GDPR)infringement of article 5.1.c) of the GDPR, in accordance with article 83.5.a) of the GDPR and 72.1.a) of the LOPDGDD. 2-That in application of article 58.2.c) of56 KB (9,356 words) - 10:43, 13 December 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page82 KB (13,250 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00291/2020 (category Article 5(1)(f) GDPR)the commission of the infraction of article 22.2 of the LSSI. This offense is classified as "slight" in article 38.4 g), of the aforementioned Law, which15 KB (2,246 words) - 14:26, 13 December 2023
- HDPA (Greece) - 25/2022 (category Article 5(2) GDPR)prove the lawfulness of processing according to Article 6(1)(b) GDPR and for violating Article 12(2) GDPR by creating undue barriers to the exercise of the48 KB (7,803 words) - 13:29, 11 October 2022
- AZOP (Croatia) - Decision 17-05-2022 (redirect from AZOP (Croatia) - Usž-27/22-4) (category Article 6 GDPR)consent, in line with Article 6(1)(a) GDPR. The Court recalled that Article 31 of the Croatian Law on the Implementation of the GDPR stipulates that the15 KB (2,261 words) - 15:55, 30 October 2023
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- infraction of the article 22.2 of the LSSI, due to the deficiencies detected on its website regarding the "Cookies policy". APPOINT: Mr. B.B.B. as Instructor45 KB (7,313 words) - 10:32, 13 December 2023
- AEPD (Spain) - TD/00261/2020 (category Article 12 GDPR)in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European23 KB (3,523 words) - 14:46, 13 December 2023
- accordance with article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 The GDPR defines17 KB (2,461 words) - 13:22, 13 December 2023
- Datatilsynet (Norway) - 20/01516 (category Article 32(1)(b) GDPR)2000 and the Personal Data Regulations 2000 applied. Regulations §§ 2-6, 2-11, 2-13 and 2-14 regulated such matters as the case concerns. The relevant conditions26 KB (3,885 words) - 08:43, 7 May 2022
- AEPD (Spain) - EXP202100764 (category Article 5(1)(f) GDPR)IMPOSE COMMUNITY OWNERS B.B.B., with NIF ***NIF.1, for a violation of Article 5.1.f) of the GDPR, typified in Article 83.5 of the GDPR, a fine of ONE THOUSAND34 KB (5,184 words) - 13:22, 13 December 2023
- AEPD (Spain) - TD/00164/2020 (category Article 12 GDPR)otherwise treated; b) the interested party withdraws the consent on which the treatment of in accordance with Article 6 (1) point (a) or Article 9 (2) point a)17 KB (2,571 words) - 14:51, 13 December 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)has engaged another real estate agent for the sale. 2 Process flow First instance 2.1 2.2 2.3 2.4 2.5 PME summoned [plaintiff] on May 9, 2018 (see also103 KB (17,620 words) - 10:13, 29 November 2023
- AEPD (Spain) - TD/00034/2020 (category Article 9(2)(h) GDPR)processed; b) the data subject withdraws the consent on the basis of which the processing was carried out in accordance with Article 6(1)(a) or Article 9(2)(a)17 KB (2,730 words) - 14:50, 13 December 2023
- AEPD (Spain) - PS/00278/2020 (category Article 5(1)(a) GDPR)conversation and the phone number -E.E.E.-Can you prove that you are B.B.B. , answer Well look for B.B.B. that I am I. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid28 KB (4,592 words) - 14:25, 13 December 2023
- AEPD (Spain) - PS/00151/2020 (category Article 5(1)(c) GDPR)specified period - article 58. 2 d) -. According to the provisions of article 83.2 of the RGPD, the measure provided for in article 58.2 d) of the aforementioned28 KB (4,525 words) - 14:06, 13 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "182 KB (13,463 words) - 17:03, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.008.222 (category Article 12(3) GDPR)trained in GDPR matters. With GDPR in force for over a year, the controller should have had at least measures in place concerning the Articles 15-22 GDPR and16 KB (2,438 words) - 09:07, 9 June 2023
- IMY (Sweden) - DI-2020-10561 (category Article 12(3) GDPR)intervention Article 58 (2) (i) and Article 83 (2) state that the IMY has the power to impose administrative penalty fees in accordance with Article 83. the17 KB (1,940 words) - 15:23, 6 December 2023
- AEPD (Spain) - PS/00473/2019 (category Article 5 GDPR)service in the terms required by article 22.2. ", and may be sanctioned with a fine of up to € 30,000, in accordance with article 39 of the aforementioned LSSI35 KB (5,635 words) - 14:41, 13 December 2023
- BVwG (Austria) - W211 2268942-1 (category Article 55(3) GDPR)standard B-VG Art 130 Paragraph 2a B-VG Art 133 Paragraph 4 B-VG Art87 Paragraph 2 BVwGG §24a BVwGG §3 GDPR Art55 Paragraph 3 GOG §84 GOG §85 B-VG Art.75 KB (12,118 words) - 15:46, 14 February 2024
- APD/GBA (Belgium) - 81/2020 (category Article 5(2) GDPR)period allotted to it to do so (Article 15.1 combined with Article 12.3. of GDPR as well as Article 12.2. of the GDPR (obligation to facilitate the exercise127 KB (21,484 words) - 17:01, 12 December 2023
- AEPD (Spain) - PS/00023/2020 (category Article 58(2)(b) GDPR)sanction that should be imposed is warning, in accordance with Article 58(2)(b) of the GDPR, in connection with the above-mentioned Recital 148. Therefore21 KB (3,298 words) - 13:46, 13 December 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)11, 148, 150, and Article 5, Chapter IV and Article 83. 4 2.8 Chapter IV, Section 2 addresses security of personal data. Article 32 GDPR provides: 1. Taking130 KB (21,195 words) - 13:52, 25 April 2021
- BVwG - W214 2233132-1/27E (category Article 15 GDPR)2023 standard B-VG Art 133 Paragraph 4 DSG §24 DSG §4 GDPR Art 12 GDPR Art 15 GDPR Art 15 Paragraph 1 litc GDPR Art77 UWG §26b paragraph 1 B-VG Art. 13387 KB (14,194 words) - 10:07, 15 February 2024
- AEPD (Spain) - PS/00112/2020 (category Article 13 GDPR)infringement of article 13 of the RGPD, typified in article 83.5.b) of theRGPD, a warning sanction in accordance with article 58.2.b) of theRGPD.SECOND: REQUEST29 KB (4,402 words) - 14:00, 13 December 2023
- AEPD (Spain) - EXP202203996 (category Article 15 GDPR)Resolution regarding the right to access (art. 15 GDPR) and its formalities art. 12(2) GDPR. The Health service of the Balearic Islands (Controller) didn’t26 KB (4,017 words) - 12:37, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public bodies (the96 KB (13,984 words) - 16:57, 6 December 2023
- Datatilsynet (Norway) - 20/02291 (category Article 5(2) GDPR)patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital45 KB (6,645 words) - 14:40, 28 March 2022
- Personvernnemnda (Norway) - 2021-07 (category Article 77(2) GDPR)receive information on the outcome of the complaint under Article 77(2) GDPR and Article 57(1)(f) GDPR. The case was therefore returned to the DPA for an assessment18 KB (2,791 words) - 18:36, 5 March 2022
- APD/GBA (Belgium) - 03/2021 (category Article 5(1)(b) GDPR)policies regulating this, they failed to comply to Article 24(1) and (2) GDPR and Article 25(1) and (2) GDPR. No fine was imposed, but a reprimand and clear32 KB (4,880 words) - 16:50, 12 December 2023
- DSB (Austria) - D130.206/0006-DSB/2019 (category Article 3(2)(a) GDPR)in line with Article 13 GDPR. On the DSB's request, the controller declared R*** Hotels GmbH as its representative under Article 27 GDPR and sent a reply40 KB (6,007 words) - 13:59, 12 May 2023
- AEPD (Spain) - PS/00279/2020 (category Article 6 GDPR)for the violation of Article 6 GDPR and € 4 000 for the violation of article 13, under the power conferred by Article 83(5) GDPR. Share your comments here21 KB (3,123 words) - 14:25, 13 December 2023
- AEPD (Spain) - EXP202202837 (category Article 83(2) GDPR)(Considering 40 GDPR), Article 6.1 of the GDPR is therefore applicable and not RD 1720/2007 used by the defendant. Thus, the aforementioned article 6.1 GDPR establishes58 KB (8,995 words) - 13:00, 13 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)only with regard to the applications under 2 a), 2 b) and 2 c) and partially with regard to the application under 2 d), so that the remainder of the regional143 KB (24,273 words) - 15:59, 10 March 2022
- AEPD (Spain) - EXP202206302 (category Article 6 GDPR)event of a violation of the precepts of the RGPD. Article 58.2 of the GDPR provides the following: “2 Each supervisory authority will have all of the following28 KB (4,608 words) - 13:27, 13 December 2023
- AEPD (Spain) - PS/00044/2020 (category Article 13 GDPR)(hereinafter, “the person claimed ”), by virtue of the complaint presented by B.B.B., (hereinafter,“ the claimant ”), and based on the following, BACKGROUND39 KB (6,270 words) - 13:51, 13 December 2023
- AEPD (Spain) - PS/00368/2020 (category Article 21 GDPR)company, Iberdrola Clientes, S.A.U for infringing Article 21 GDPR, Article 48(1)(b) LGT, and Article 23(4) LOPDGDD. The initial proposed fine was €1000021 KB (3,137 words) - 14:33, 13 December 2023
- APD/GBA (Belgium) - 05/2021 (category Article 5(2) GDPR)of 25,000 euros (Article 83, paragraph 2 GDPR; Article 100, §1, 13 ° WOG and Article 101 WOG). 18 55. Taking into account article 83 GDPR and the case law60 KB (9,281 words) - 16:50, 12 December 2023
- GHAL - 200.186.790/01 (category Article 6(1)(b) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- AEPD (Spain) - EXP202204461 (category Article 5(1)(f) GDPR)into account and issued a fine of €2,000 for the violation of Article 5(1)(f) GDPR as classified under Article 83(5) GDPR. Share your comments here! Share24 KB (3,631 words) - 13:20, 13 December 2023
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)material scope of application of the AVG (Article 2.1. AVG). None of the 4 grounds for exception under article 2.2. AVG apply here. As the Defendant does39 KB (6,247 words) - 09:14, 15 November 2023
- AEPD (Spain) - PS/00324/2019 (category Article 13 GDPR)COM) with NIF B87043691 is exempt from liability which could constitute a breach of Article 13 of the GPRS, a breach of Article 83.5 (b) of the GPRS SECOND:22 KB (3,480 words) - 14:28, 13 December 2023
- APD/GBA (Belgium) - 55/2021 (category Article 13(1)(b) GDPR)application of Article 17.3.b, the complainant cannot invokea reason provided for in article 17.1 or 17.2 for requesting the erasure of data concerning him.b) The81 KB (13,211 words) - 16:59, 12 December 2023