Search results
From GDPRhub
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- breach to affected data subjects as required under Article 34(1) GDPR. Accordingly, Article 34(4) GDPR suggests that the SA can play a determinative role37 KB (3,962 words) - 15:20, 16 June 2023
- UODO (Poland) - DKN.5131.6.2020 (category Article 34(4) GDPR)as Article 57 (1) (a), Article 58 (2) (e) and (i), Article 83 (1) - (3) and Article 83 (4) (a) in connection with Article 33 (1) and Article 34 (1), (2)66 KB (10,785 words) - 10:00, 17 November 2023
- Commissioner (Cyprus) - 12.10.001.011.001 (category Article 34(4) GDPR)the under General Data Protection Regulation 2016/679. According to Article 33 of GDPR, in the case of a personal data breach, the Data Controller shall7 KB (861 words) - 16:53, 6 December 2023
- UODO (Poland) - DKE.561.11.2020 (category Article 34(4) GDPR)(2), Article 60, Article 101, Article 101a and Article 103 of the Act of 10 May 2018 on personal data protection (Journal of Laws of 2019, item 1781) and46 KB (7,322 words) - 09:51, 17 November 2023
- ANSPDCP (Romania) - 27.12.2022 (category Article 32(4) GDPR)would have been required by Article 29 GDPR. Moreover, in violation of Article 32(1)(b), Article 32(2), and Article 34(4) GDPR, the controller had not implemented6 KB (790 words) - 15:13, 13 December 2023
- UODO (Poland) - DKN.5131.11.2020 (category Article 34(4) GDPR)the Foundation. The DPA held that the Foundation violated Article 33(1), Article 34(1) GDPR by failing to notify the DPA of a personal data protection51 KB (8,179 words) - 12:07, 11 August 2021
- UODO (Poland) - DKN.5131.33.2021 (category Article 34(4) GDPR)the breach, pursuant to the obligation expressed in Article 34 GDPR, in conjunction with Article 12 GDPR. Based on this assessment, the DPA issued an administrative81 KB (13,351 words) - 14:48, 2 March 2022
- UODO (Poland) - DKN.5131.16.2021 (category Article 34(4) GDPR)violated Article 33(1) GDPR. Moreover, it violated Article 34(1) GDPR since it did not provide the data subjects with the information listed in Article 33(3)(b)88 KB (14,432 words) - 10:31, 24 November 2021
- UODO (Poland) - DKN.5131.3.2021 (category Article 34(4) GDPR)supervisory authority (i.e. Article 33 (1 ) of the GDPR) and to notify the data subjects of breach of (Article 34 (1-2) of the GDPR), it would be necessary129 KB (20,850 words) - 12:13, 7 July 2021
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 5 GDPR (category GDPR Articles)consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 32 GDPR (category GDPR Articles) (section (4) Natural persons acting under the authority of the controller or the processor)evaluating the effectiveness of security measures (Article 32(1)(d) GDPR). According to Article 4(5) GDPR, "pseudonymisation" means the processing of personal41 KB (5,197 words) - 12:17, 17 April 2024
- such as profiling (see also Article 4(4) GDPR); Restriction (marking for limited further processing, see also Article 4(3) GDPR), such as deactivation of125 KB (16,328 words) - 16:01, 8 March 2024
- Article 88 GDPR (category Article 88 GDPR)opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- performance. Article 7 GDPR regulates the "conditions for consent". It specifies the definition of consent set out in Article 4(11) GDPR and, by integrating31 KB (3,489 words) - 16:00, 8 March 2024
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- burdens. This reading of Article 31 GDPR is supported by the language of Article 83(4)(a) GDPR which categorises Article 31 GDPR as an 'obligation' of the22 KB (2,042 words) - 14:29, 20 November 2023
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))subject (Article 12(2) GDPR), respond and communicate the measures taken (Article 12(3) and (4) GDPR), the principle of freedom from costs (Article 12(5)61 KB (8,488 words) - 15:47, 18 March 2024
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))a "filing system" within the meaning of Article 4(6) GDPR. See also Article 2(1) GDPR on the scope of the GDPR when it comes to non-automated filing systems73 KB (9,896 words) - 15:46, 18 March 2024
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- further discussed, in Article 4(1) GDPR. Any information that relates to an identified or identifiable natural person falls under the GDPR, this also includes34 KB (4,652 words) - 12:07, 12 November 2023
- leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- can carry out a notification in phases under Article 33(4) GDPR (see below). Under Article 33(3)(b) GDPR, the supervisory authority must be given the contact54 KB (6,536 words) - 08:22, 16 June 2023
- Article 22 GDPR (category GDPR Articles) (section (4) Qualified prohibition of using special categories of data)and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)and (3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5) GDPR)32 KB (3,730 words) - 08:43, 7 March 2024
- Article 55 GDPR (category GDPR Articles)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 37 GDPR (category GDPR Articles) (section (4) Other circumstances in which to designate a data protection officer)categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- Article 1 GDPR (category GDPR Articles)about the scope of the term 'personal data' under Article 4(1) GDPR. Non-EU citizens can rely on the GDPR as its application is generally independent of nationality28 KB (3,831 words) - 16:21, 14 March 2024
- Article 26 GDPR (category GDPR Articles)provisions such as Article 30(4) for the record of processing or Article 40(11) for the register of approved codes of conduct, Article 26 does not explicitly37 KB (3,915 words) - 12:49, 24 May 2023
- GDPR are Article 4(7) GDPR (definition of controller), Article 4(8) GDPR (definition of processor), Article 4(16) GDPR (definition of main establishment)55 KB (7,446 words) - 22:28, 1 April 2024
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 97 GDPR (category Article 97 GDPR)recitals for Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out16 KB (778 words) - 08:24, 19 October 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 59 GDPR (category GDPR Articles)Marsch, DS-GVO/BDSG, Article 59 GDPR, margin numbers 4 and 5 (Nomos 2022). Ziebarth, in Sydow, Marsch, DS-GVO/BDSG, Article 59 GDPR, margin number 8 (Nomos15 KB (718 words) - 15:31, 19 October 2023
- Article 8 GDPR (category GDPR Articles)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- Article 67 GDPR (category Article 67 GDPR)Category:Article 67 GDPR See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available here). See EDPB, 2019 Annual Report, Section 4.3.1 (available15 KB (810 words) - 16:13, 2 November 2023
- Article 76 GDPR (category Article 76 GDPR)Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p.15 KB (787 words) - 08:17, 19 October 2023
- Article 25 GDPR (category GDPR Articles)Protection Regulation (GDPR): A Commentary, Article 25 GDPR, p. 577 (Oxford University Press 2020). EDPB, 'Guidelines 4/2019 on Article 25 Data Protection43 KB (4,675 words) - 06:43, 16 June 2023
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 74 GDPR (category Article 74 GDPR)decisions in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C15 KB (808 words) - 09:44, 17 October 2023
- Article 19 GDPR (category GDPR Articles)disclosed to per Article 4(9) GDPR. Article 19 does not establish any specific time requirement for notification. However, since the purpose of Article 19 is to19 KB (1,436 words) - 12:35, 12 May 2023
- Article 69 GDPR (category Article 69 GDPR)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- 62(7) GDPR, the reference to the EDPB is mandatory. The authority addressed under Article 66(1)-(2) GDPR is the CSA within the meaning of Article 4(22) GDPR20 KB (1,590 words) - 16:11, 2 November 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 43 GDPR (category GDPR Articles)Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- meaning of Article 4(7) and (8) GDPR can be liable for compensation. A claim for damages first requires an infringement of the GDPR. Article 82 GDPR does not33 KB (4,215 words) - 09:57, 19 March 2024
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 16 GDPR (category GDPR Articles)please refer to Article 19 GDPR. If the controller declines to rectify the data, they must provide reasons for their decision (Article 12(4) GDPR). The data23 KB (2,489 words) - 23:24, 6 March 2024
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A19 KB (1,525 words) - 08:18, 19 October 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- 64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- Article 73 GDPR (category Article 73 GDPR)simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 60 GDPR (category GDPR Articles) (section (4) Objection by supervisory authority concerned (CSA) and procedure where it is not followed)resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- Article 61 GDPR (category Article 61 GDPR) (section (4) Conditions for a refusal to comply with an assistance request)standards of clarity (Article 61(3) GDPR). Requests are imperative and, subject to specific exceptions (Article 61(4) and (5) GDPR), must be fulfilled and24 KB (2,181 words) - 11:46, 15 January 2024
- Member State in relation to damage referred to in Article 62(4) GDPR. According to Article 62(7) GDPR, if the lead SA does not invite the SA to take part22 KB (1,915 words) - 13:46, 15 January 2024
- right to data protection. Article 51 GDPR is closely connected to Article 4(21) (definition of SA), Article 52 (independence), Article 53 (General conditions27 KB (2,604 words) - 14:24, 16 January 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)listed in Article 83(4), (5) and (6) GDPR. This specifically refers to violations of Articles 8, 11, 25 to 39, 41(4), 42, 43 of the GDPR (paragraph 4), Articles55 KB (7,622 words) - 14:04, 7 November 2023
- Article 30 GDPR (category GDPR Articles) (section (4) Provision of the ROPA to supervisory authority)requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Category:Article 11 GDPR Georgieva, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 11 GDPR, p. 39520 KB (1,854 words) - 16:32, 8 March 2024
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Article 72 GDPR (category Article 72 GDPR)dispute resolution under Article 65(3)(1) GDPR and for consistency decisions in the urgency procedure under Article 66(4) GDPR is necessary, as these are22 KB (2,266 words) - 08:26, 17 October 2023
- Article 42 GDPR (category GDPR Articles) (section (3-4) Certification as a voluntary act that does not reduce compliance obligations)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- Article 90 GDPR (category Article 90 GDPR)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- on Article 36(4), it is still disputed whether the outcome of the procedure rather resembles that of Article 58(3)(a) GDPR or Article 58(3)(b) GDPR. See31 KB (3,646 words) - 08:51, 21 July 2023
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- Article 47 GDPR (category GDPR Articles)other DPAs concerned. The BCR Lead the submits, following Article 64(1) GDPR and Article 64(4) GDPR, a draft decision to the EDPB. The EDPB, in turn, issues29 KB (2,823 words) - 15:15, 28 April 2022
- complaint under Article 77(1) GDPR on behalf of the data subject and to represent the them before all supervisory authorities (“SA”) (Article 4(21) GDPR). Secondly26 KB (2,575 words) - 15:50, 9 November 2023
- Regulation (GDPR): A Commentary, Article 53 GDPR, p. 888 (Oxford University Press 2020). Boehm, in Kühling, Buchner, DS-GVO BDSG, Article 54 GDPR, margin numbers29 KB (2,894 words) - 23:06, 1 April 2024
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)controller (as defined under Article 4(7) GDPR) and a processor (as defined under Article 4(8) GDPR). As noted above, Article 79 GDPR imposes a two-stage cumulative31 KB (3,550 words) - 11:11, 29 November 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 89 GDPR (category Article 89 GDPR) (section (4) Derogations do not Extend to Other Purposes that Require the Same Processing)that purpose. Article 89(4) GDPR makes it clear that the derogations to the GDPR are only available for processing specified in Article 89 GDPR, and not for29 KB (3,695 words) - 13:44, 21 March 2024
- Article 65 GDPR (category GDPR Articles) (section (4) Supervisory authorities (SAs) prohibited to adopt any measure during the procedure)lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- Article 78 GDPR (category GDPR Articles) (section (4) Information on preceding EDPB opinion or decision)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- Article 49 GDPR (category GDPR Articles)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- Article 54 GDPR (category GDPR Articles)provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- in Category:Article 3 GDPR EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 4 (available here)37 KB (4,635 words) - 13:29, 24 October 2023
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- in Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- refusal to take action on a data subject’s request (Article 12(4)). The first sentence of Article 20(3) GDPR clarifies that the exercise of the right to data40 KB (5,349 words) - 07:05, 1 June 2023
- incompatible with the office. Article 52(4) GDPR and Article 52(6) GDPR establish the framework for SAs financial governance. Article 52(4) GDPR stipulates that SAs47 KB (5,594 words) - 22:45, 1 April 2024
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- Spain the GDPR is developed by the Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD). Article 7.2 LOPDGDD15 KB (1,875 words) - 16:18, 13 July 2022
- deals with processing within the scope of the GDPR. Part 2 deals with processing outside of the scope of the GDPR. Part 3 deals with processing by competent18 KB (2,488 words) - 15:22, 14 December 2021
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)of a copy, that "Article 15(1) of the GDPR restricts the right of access to personal data within the meaning of Article 4(1) of the GDPR and additional information51 KB (8,592 words) - 07:03, 2 November 2021
- GDPR, Article 9 GDPR, Article 10 GDPR, Article 30 GDPR and Article 34 GDPR, as well as the provision of the PDPA governing processing of personal data10 KB (1,440 words) - 08:54, 17 January 2020
- Datatilsynet (Denmark) - 2019-441-1581 (category Article 34 GDPR)persons pursuant to Article 34(1) GDPR. The Danish DPA found that Intervare did not go through with a proper assessment pursuant to Article 34(1), as it had24 KB (3,365 words) - 16:37, 6 December 2023
- officers conforms to the exception contained in the second part of n. 4 of article 34 of the CRP, which allows access to data of this nature in the cases3 KB (332 words) - 13:31, 3 May 2023
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)assessed whether the processing could be based on Article 6(1)(c) GDPR, because Articles 4:32 and 4:34 Wft oblige credit providers to participate in, and29 KB (4,605 words) - 17:00, 15 December 2021
- HDPA (Greece) - 6/2020 (category Article 5 GDPR)compliance with the principles of Article 5 (1) GDPR. 4. As, in accordance with the provisions of Article 4 (c) (d).1 GDPR is personal data “any information29 KB (4,557 words) - 15:33, 6 December 2023
- HDPA (Greece) - 33/2020 (category Article 4(7) GDPR)access, according to Article 15(1)g GDPR. Thus, the HDPA held that the College as a data controller, according to Article 4(7) GDPR, fulfilled the right20 KB (2,270 words) - 15:37, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 918/154/2019 (category Article 17(1) GDPR)was outdated and was no longer of importance to society. Pursuant to Article 17(1) GDPR, the data subject had requested Google LLC (the controller) to remove26 KB (4,072 words) - 12:18, 27 March 2024
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(a) GDPR)Appeals Board assessed if a fine could be imposed as per Article 83(5) GDPR, cf. Article 83(2) GDPR, and in which case, how large it should be. The Board31 KB (5,018 words) - 18:44, 5 March 2022
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)assessment against the GDPR A. Identification of the controllers involved (Article 4.7 GDPR) 24. In accordance with Article 4.7 GDPR, it must be the controller82 KB (13,250 words) - 16:57, 12 December 2023
- Datatilsynet (Denmark) - 2020-442-8866 (category Article 4(1) GDPR)security are reported in a timely manner in future. 4.3. Article 34 of the Data Protection Regulation Article 34 (1) of the Data Protection Regulation 1, it appears20 KB (3,045 words) - 16:40, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 12(4) GDPR)the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR. As a result, the DPA issued52 KB (7,936 words) - 22:32, 2 March 2024
- AEPD (Spain) - PS/00251/2020 (category Article 37(1)(b) GDPR)alleged infringement of Article 37.1 b) of the RGPD, in relation to Article 34.1 ñ) of the LOPDGDD, typified in accordance with article 83.4 of the RGPD. FIFTH:15 KB (2,245 words) - 14:22, 13 December 2023
- CNIL (France) - SAN-2020-018 (category Article 12(4) GDPR) (section Violation of the obligation to gather consent as prescribed by Article L. 34-5 of the Postal and Electronic Communication law:)to the criteria laid down by Article 83 paragraph 2 of the GDPR. With regard to the breach of Article L. 34-5 of the GDPR, the restricted committee considers69 KB (11,007 words) - 17:10, 6 December 2023
- AEPD (Spain) - PS/00187/2020 (category Article 34 GDPR)relation to the article 5.1.f) of the RGPD, typified in article 83.4.a) of the RGPD with sanction of awareness. 3. Violation of article 34 of the RGPD in51 KB (7,770 words) - 14:08, 13 December 2023
- UODO (Poland) - DKN.5131.5.2020 (category Article 34(1) GDPR)subjects, according to Article 33(1) GDPR and Article 34(1) GDPR? The PUODO held that the insurance company infringed the GDPR provisions, failing to notify47 KB (7,608 words) - 10:00, 17 November 2023
- Commissioner (Cyprus) - 11.17.001.010.007 (category Article 34(1) GDPR)intention to infringe either article 5(1)( c) or article 34(1) of the GDPR. Legal framework 8.1. Pursuant to Article 5(1)(c) of the GDPR “Personal Data shall be:20 KB (3,082 words) - 13:42, 31 January 2024
- AEPD (Spain) - PS/00389/2019 (category Article 34 GDPR)and 34, violations all of which are typified in article 83.4.a). V The violation of articles 32, 33 and 34 of the RGPD are criminalized in Article 83.4(a)31 KB (4,819 words) - 14:34, 13 December 2023
- Helsingin hallinto-oikeus (Finland) - H6072/2021 (category Article 6(1)(f) GDPR)can find Yle's news article with the title . Behind the URL search result link 4, on the other hand, you can find Alibi's news article with the title . Such61 KB (9,876 words) - 21:38, 24 March 2024
- APD/GBA (Belgium) - 22/2020 (category Article 34 GDPR)submitted its observations, which, in accordance with Article 54(1)(b), (3) and (4), (4) and (4), (5) and (5), (5) and (5), (5) and (5), (5) and (6). 235 KB (5,526 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00417/2019 (category Article 83(4) GDPR)DPO as per Article 37 GDPR and 34(1) LOPDGDD, as well as in relation to the need of registering such appointment at the AEPD website [Article 34(3) LOPDGDD]16 KB (2,298 words) - 14:36, 13 December 2023
- Datatilsynet (Denmark) - 2019-441-3399 (category Article 34(1) GDPR)processed in accordance with Article 32 (2) of the Regulation. 2nd 3.3. Article 33 (1) of the Data Protection Regulation 1 and Article 34 (1). 1 The Data Inspectorate27 KB (4,231 words) - 16:38, 6 December 2023
- NAIH (Hungary) - NAIH/2020/34/3 (category Article 12(2) GDPR)right of access under Article 15 GDPR? By denying the complainant access, did the respondent infringe Articles 12(1) or 12(2) GDPR? The NAIH that the complainant's48 KB (7,727 words) - 10:11, 17 November 2023
- CNIL (France) - SAN-2021-020 (category Article 28(4) GDPR) (section On the failure to comply with Article 34 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- AEPD (Spain) - E/06179/2019 (category Article 34 GDPR)for a possible personal data breach affecting confidentiality, as per Article 32 GDPR. The decision is the consequence of the notification of a possible personal6 KB (386 words) - 13:40, 13 December 2023
- UODO (Poland) - DKN.5131.31.2021 (category Article 34(1) GDPR)controller violated Article 33(1) GDPR by failing to inform the DPA of the data breach. Second, the DPA held that the controller violated Article 28(1), (3) and105 KB (17,237 words) - 09:22, 10 May 2023
- Datatilsynet (Denmark) - 2019-441-1578 (category Article 34 GDPR)persons pursuant to Article 34(1) GDPR. The Danish DPA found that Nemlig did not go through with a proper assessment pursuant to Article 34(1), as it had not21 KB (2,901 words) - 16:37, 6 December 2023
- OGH - 6Ob35/21x (category Article 4(1) GDPR)constitute personal data under Article 4(1) GDPR? If so, do they qualify as special categories of personal data under Article 9 GDPR? Is the defendant obliged27 KB (4,090 words) - 09:54, 10 September 2021
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 34(1) GDPR)postponement did not comply with Article 34 (1) of the General Data Protection Regulation, therefore a With regard to Article 34 (4), Client 1 called on the parties67 KB (10,492 words) - 10:11, 17 November 2023
- UODO (Poland) - DKN.5101.25.2020 (category Article 34(1) GDPR)office in G. Article. 5 sec. 1 lit. f, art. 24 sec. 1, art. 25 sec. 1, art. 32 sec. 1 lit. d, art. 32 sec. 2, art. 33 paragraph. 1 and art. 34 sec. 1 Regulation63 KB (10,088 words) - 09:52, 17 November 2023
- HDPA (Greece) - 35/2023 (category Article 4(12) GDPR)according to Article 34 of the GDPR, given that he had informed the Bank about the incident, nor to the Authority, according to Article 33 of the GDPR, because52 KB (8,460 words) - 10:54, 10 January 2024
- ICO (UK) - Chief Constable West Midlands Police (category Article 34(3) GDPR)Articles 34(3), 38(1)(3), 40 and 57(1)(2) of UK GDPR. ICO also recommended that WMP should take certain steps to ensure its compliance with the UK GDPR. Share18 KB (2,470 words) - 08:01, 10 May 2024
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments60 KB (9,713 words) - 13:07, 26 March 2024
- Datatilsynet (Denmark) - 2020-441-4364 (category Article 34 GDPR)thus failed to comply with Article 33 (3) of the GDPR. The DPA assessed that the Zoo did not comply with Article 34(1) of the GDPR by failing to carry out33 KB (5,347 words) - 16:39, 6 December 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the131 KB (14,752 words) - 08:36, 5 July 2023
- OLG Stuttgart - 9 U 34/21 (category Article 82 GDPR)data breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal60 KB (10,254 words) - 11:22, 22 December 2021
- AEPD (Spain) - EXP202104006 (category Article 4(12) GDPR)ends and means of such activity, by virtue of article 4.7 of the GDPR. Article 4 section 12 of the GDPR broadly defines “violations of security of personal31 KB (4,578 words) - 12:11, 6 March 2024
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)32(1) and (2), Article 34(1), Article 35(1) and Article 35(3). or Art. 37 Para. 1 lit. b and lit. c GDPR), however, this circumstance does not mean that158 KB (26,392 words) - 08:25, 7 June 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could be asserted by way39 KB (6,362 words) - 14:01, 22 June 2023
- APD/GBA (Belgium) - 05/2021 (category Article 34(1) GDPR)of 25,000 euros (Article 83, paragraph 2 GDPR; Article 100, §1, 13 ° WOG and Article 101 WOG). 18 55. Taking into account article 83 GDPR and the case law60 KB (9,281 words) - 16:50, 12 December 2023
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)breach of the obligations of Article L. 34-5 of the Postal and Electronic Communications Code 11. According to article L. 34-5 of the CPCE: " Direct prospecting48 KB (7,525 words) - 17:02, 6 December 2023
- AEPD (Spain) - PS/00326/2020 (category Article 37(1)(a) GDPR)obligation imposed on public authorities under Article 37(1) GDPR. This obligation is also within Article 34(1) and (3) of the Spanish data protection law14 KB (1,992 words) - 14:29, 13 December 2023
- UODO (Poland) - DKN.5130.1354.2020 (category Article 34(1) GDPR)expressed in Article 5 (1 ) (a)) f, and reflected in the obligations set out in Article 24 (1), Article 25 (1), Article 32 (1 ) (b ) and (d) and Article 32 (2)74 KB (11,513 words) - 09:58, 17 November 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)the meaning of Art. 4 No. 1 GDPR has a right to information from the person responsible within the meaning of Art. 4 No. 7 GDPR with regard to the processed32 KB (5,093 words) - 16:07, 11 September 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(1)(c) GDPR)Protection Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and48 KB (7,442 words) - 10:24, 12 September 2022
- LAG Baden-Württemberg - Sa 11/18 (category Article 15 GDPR)information pursuant to Article 15 (1) of the GDPR relates to "personal data relating to an individual" pursuant to Article 4 No. 1 of the GDPR. In addition, the18 KB (2,724 words) - 08:24, 14 March 2022
- RvS - 201901006/1/A2 (category Article 79 GDPR)paragraph 3.3. Legal Protection' of the AVG Implementation Act, Article 34 reads as follows: Article 34. Applicability of the General Administrative Law Act by34 KB (5,179 words) - 07:10, 7 April 2020
- AP (The Netherlands) - 23.09.2021 (category Article 34 GDPR)increase or decrease. 4.4 Conclusion The AP sets the total fine at €400,000. 8For the justification, see paragraphs 4.3.1 and 4.3.2. 24/25Date Unidentified66 KB (8,861 words) - 17:08, 12 December 2023
- HDPA (Greece) - 55/2021 (category Article 34 GDPR)measures to security of processing, in accordance with Article 32 GDPR, in connection with Article 24 GDPR, as the controller did not take into account the risks65 KB (10,533 words) - 10:28, 27 January 2022
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 12(5) GDPR)the same search results on the basis of Article 12 (4) GDPR has been rejected by Google . Article 21 (1) of the GDPR provides that a data subject has the34 KB (5,811 words) - 09:44, 8 December 2020
- AEPD (Spain) - PS/00026/2021 (category Article 21 GDPR)processor, Vamavi Phone SL, had violated Article 48(1) LGT, Article 21 GDPR in link with Article 23 LOPDGDD and Article 28 GDPR by making a commercial call on behalf33 KB (5,185 words) - 13:48, 13 December 2023
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)paragraph 3.3. Legal Protection' of the AVG Implementation Act, Article 34 reads as follows: Article 34. Applicability of the General Administrative Law Act by37 KB (5,721 words) - 12:41, 16 September 2021
- Court of Appeal of Brussels - 2022/AR/556 (category Article 5(1)(b) GDPR)provisions of the GDPR relating to the principles of data protection (article 5 of the GDPR) and the lawfulness of processing (article 6 of the GDPR). An infringement83 KB (13,694 words) - 09:53, 14 December 2023
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(a) GDPR)compatible by virtue of a legal provision (see Article 6.4. of the RGPD). Based on the criteria in section 6.4 of the EDR: there is no link between the two35 KB (5,853 words) - 16:58, 12 December 2023
- AEPD (Spain) - PS/00257/2020 (category Article 37 GDPR)handed down under this article." III Article 73 of the LOPDDG states Infringements considered serious: "In accordance with Article 83(4) of Regulation (EU)18 KB (2,737 words) - 14:23, 13 December 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read in131 KB (22,429 words) - 16:57, 12 December 2023
- LG Essen - 6 O 190/21 (category Article 33 GDPR)violated Article 34(2) GDPR, because he only informed the data subject of the alleged data loss. However, the information obligations of Article 34 GDPR provide28 KB (4,596 words) - 18:30, 18 November 2021
- TGI Paris - N° 14/07224 (category Article 5(1)(d) GDPR)* clause n ° 12 regarding - of article 6 and article 32 / II of the Data Protection Act for all contracts, - of article L.132-1 of the Consumer Code in392 KB (67,730 words) - 15:27, 17 March 2022
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 34 GDPR)power conferred by Article 58(2)(d) and (f) and Article 83(3) and (5) GDPR, imposed to Fastweb multiple corrective measures and a fine of € 4.501.868. Share131 KB (21,014 words) - 15:55, 6 December 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- AEPD (Spain) - PS/00273/2020 (category Article 17 GDPR)DPA (AEPD) imposed a €1000 fine on a beauty salon for breaching Article 17 GDPR and Article 21 LSSI. The salon sent a marketing SMS to a client months after15 KB (2,337 words) - 14:24, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)page 34 et seq. 23Investigation report, page 34, point 4.4.8.1. 24Investigation report, page 34, point 4.4.8.2.1.1 25Investigation report, page 34, point82 KB (11,472 words) - 16:58, 6 December 2023
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)requests for information according to Article 15(1) GDPR. The ‘Business secrecy’ exception only applied to Article 15(4) GDPR, where a data subject would request59 KB (9,623 words) - 17:03, 6 December 2023
- Datatilsynet (Denmark) - 2020-432-0037 (category Article 28(3) GDPR)manual and human processing errors. 5.6. Article 34 of the Data Protection Regulation It follows from Article 34 (1) of the Regulation 1, that when a breach46 KB (7,343 words) - 16:39, 6 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))default (Art. 25 GDPR), integrity and confidentiality (Art. 5.1.f GDPR), as well as security ofprocessing(Art. 32GDPR)......101 B.4.4. - Additional alleged429 KB (58,279 words) - 09:12, 2 November 2022
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.121 KB (13,722 words) - 15:16, 5 July 2023
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- Datatilsynet (Norway) - 20/02291 (category Article 5(1)(f) GDPR)patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital45 KB (6,645 words) - 14:40, 28 March 2022
- BVwG (Austria) - W211 2268942-1 (category Article 55(3) GDPR)permissible in accordance with Article 133, Paragraph 4, B-VG.The revision is permitted in accordance with Article 133, Paragraph 4, B-VG. text Reasons for the75 KB (12,118 words) - 15:46, 14 February 2024
- Recitals GDPR (section Recitals from the GDPR)monitor the functioning of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC. In its adequacy decisions, the Commission182 KB (24,065 words) - 13:40, 9 July 2021
- UODO (Poland) - DKE.561.2.2020 (category Article 58(1)(e) GDPR)connection with Article 31, Article 58(1)(e) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament and of27 KB (4,390 words) - 09:50, 17 November 2023
- Rb. Rotterdam - C/10/576074/HA RK 19-694 (category Article 15(3) GDPR)assessment framework 4.4. The right of access previously laid down in Article 12 of the Privacy Directive 95/46 has now been included in Article 15 of the AVG15 KB (2,504 words) - 16:27, 10 March 2022
- AEPD (Spain) - TD/00262/2019 (category Article 17 GDPR)exercised by a complainant pursuant to Article 17 GDPR and analysed the exercise of the rights under Articles 15-22 GDPR. On 15 February 2019, Mrs A.A.A. (hereinafter17 KB (2,751 words) - 14:51, 13 December 2023
- AEPD (Spain) - PS/00149/2020 (category Article 6 GDPR)unsolicited commercial emails without a legal basis, connected to Article 6 of the GDPR—, as the defendant agreed to an early and guilty voluntary payment19 KB (2,795 words) - 14:06, 13 December 2023
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(4) GDPR)the right of access under Article 15(4) of the GDPR or section 22 of the DDPA can be invoked. It follows from Article 15 (4), that the right to obtain26 KB (3,820 words) - 16:22, 6 December 2023
- consent banner violated Article 22.2 of the Spanish Law on Services of the Information Society and Electronic Commerce (Ley 34/2002, de 11 de julio, de45 KB (7,313 words) - 10:32, 13 December 2023
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)purpose constituted a breach of Article 5(1)(e) GDPR. Secondly, the CNIL indicated that the controller breached Article 13 GDPR by failing to include the right56 KB (8,757 words) - 14:12, 28 February 2024
- AEPD (Spain) - PS/00329/2020 (category Article 37 GDPR)issued under this article. " III Article 73 of the LOPDDG indicates: Violations considered serious "Based on what is established in article 83.4 of Regulation13 KB (2,002 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- LG München - 31 O 16606/20 (category Article 82(4) GDPR)subject pursuant to Article 82(1) GDPR, for a theft of their personal identity and financial data, because it violated Article 32(1) GDPR which led to a data25 KB (4,028 words) - 07:10, 8 February 2022
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)this case under Article 6(1)(a) or 6(1)(c)? If Article 6(1)(a) applies, do the requirements for parental consent under Article 8 GDPR also apply? Did the48 KB (7,926 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- NAIH (Hungary) - NAIH/2020/3479 (category Article 5(1)(d) GDPR)proceedings Article 77 (1) and Article 22 (b) of the General Data Protection Regulation. may be submitted in the case provided for in Under Article 77 (1) of30 KB (4,563 words) - 10:12, 17 November 2023
- AEPD (Spain) - TD/00164/2020 (category Article 12 GDPR)the Regulation (EU) 2016/679 and in sections 3 and 4 of article 13 of this organic law. " FIFTH: Article 17 of the RGPD provides that: "one. The interested17 KB (2,571 words) - 14:51, 13 December 2023
- BVwG - W211 2210458-1/10 (category Article 4(7) GDPR)lit. a GDPR and Article 62.1 no. 4 DPA and Article 52.2 nos. 4 and 7 DPA 2000. The defendant's general assertions, in particular regarding the coverage92 KB (15,435 words) - 16:00, 22 March 2022
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 1885 KB (13,724 words) - 16:52, 12 December 2023
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)infringement of article 32.1 of the GDPR (LCEur 2016, 605), typified in the Article 83.4.a) of the GDPR, a warning sanction, in accordance with article 77 of the195 KB (30,495 words) - 12:40, 13 December 2023
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)and Article 57(1)(a), Article 58(2)(d) and (i) in connection with Article 5(1)(a), (e) and (f) and (2), Article 24(1) and (2), Article 28, Article 30(1)(d)58 KB (9,357 words) - 10:02, 17 November 2023
- AEPD (Spain) - PS/00057/2020 (category Article 7 GDPR)Page 4 4/14Taking into account the above, ESLORA PROYECTOS is not subsumed innone of the cases of compulsory designation included (i) in article 37.1RGPD31 KB (4,757 words) - 13:52, 13 December 2023
- AEPD (Spain) - TD/00133/2020 (category Article 12 GDPR)has been received. Does the GDPR allow the data controller to ignore a request for erasure? The AEPD found that Article 12 GDPR does not allow the data controller18 KB (2,721 words) - 14:51, 13 December 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- AEPD (Spain) - PS/00317/2020 (category Article 13 GDPR)the lack of a privacy and cookie policy on a website infringe Article 13 GDPR and Article 22(2) LSSI? The AEPD decided to impose a fine to the clinic: €31 KB (4,862 words) - 14:28, 13 December 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)Court found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw32 KB (5,236 words) - 16:00, 10 March 2022
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- Norges Høyesterett - 2021-2403-A (category Article 4(11) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 9209/157/2019 (category Article 12(4) GDPR)Data Protection Regulation (2016/679) Article 12 (4), Article 17 (3), Article 21 (2) and (3), Article 25 (2), Article 58 (2) (b) Section 2 of the Health Care20 KB (3,108 words) - 13:02, 3 March 2024
- AEPD (Spain) - TD/00318/2019 (category Article 12 GDPR)considered a violation pursuant to Article 72(1)(m) of the LOPDGDD, which would be sanctioned according to Article 58(2) GDPR. Share your comments here! Share20 KB (2,999 words) - 14:52, 13 December 2023
- AEPD (Spain) - PS/00439/2019 (category Article 5(1)(c) GDPR)Spanish City Council with a warning of an infringement of Article 5(1)(c) pursuant to Article 83(5) over installed surveillance cameras in the City Hall21 KB (2,946 words) - 14:40, 13 December 2023
- AEPD (Spain) - TD/00034/2020 (category Article 9(2)(h) GDPR)Regulation (EU)2016/679 and in the paragraphs 3 and 4 of article 13 of this organic law " FIFTH: Article 17 of the RGPD states that: "1. The data subject17 KB (2,730 words) - 14:50, 13 December 2023
- AEPD (Spain) - TD/00085/2020 (category Article 12 GDPR)access and provide information when a citizen demands it in line with Article 15 GDPR. The complainant asked a company to exercise his/her right to obtain17 KB (2,654 words) - 14:50, 13 December 2023
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- AEPD (Spain) - TD/00182/2019 (category Article 15 GDPR)the controller must comply with the request of access, as required by Article 15 GDPR. Share your comments here! Share blogs or news articles here! The decision18 KB (2,922 words) - 14:51, 13 December 2023
- AEPD (Spain) - TD/00109/2020 (category Article 15 GDPR)and 15(3) of the EU Regulation 2016/679 and in Article 13(3) and (4) of this Organic Law". FIFTH: Article 15 of the RGPD provides that "1. The data subject19 KB (3,100 words) - 14:50, 13 December 2023
- AEPD (Spain) - TD/00129/2020 (category Article 4(1) GDPR)recording is "processing" of "personal data" within the meaning of Article 4(1) and 4(2) GDPR. Therefore, the data subject has the right to request access to22 KB (3,422 words) - 14:50, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- AEPD (Spain) - EXP202204515 (category Article 6(1)(a) GDPR)copy of 4 commercial SMS received on 12/10/2021, 12/17/2021 and 03/15/2021. The issuer is identified as YOIGO. SECOND: In accordance with article 65.4 of Organic20 KB (3,159 words) - 13:20, 13 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)obligation of the controller (Article 6 (1) (c)) or to perform a public interest task or exercise public authority paragraph (e)). Article 6 (3) of the Data Protection41 KB (6,555 words) - 08:37, 4 March 2024
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)meaning of this section. (p. 524) Article 4:34 In addition to the obligation to provide information as laid down in Article 4:20, the provider has an obligation91 KB (15,371 words) - 15:11, 5 October 2021
- AEPD (Spain) - TD/00010/2020 (category Article 12 GDPR)AEPD pursuant to Article 72(1)(m). The AEPD does not specify the provision of Article 21 on which it bases its decision. Article 21 GDPR states that the16 KB (2,571 words) - 14:49, 13 December 2023
- AEPD (Spain) - TD/00325/2019 (category Article 12 GDPR)to take a decision in accordance with the provisions of Article 56(2) in conjunction with Article 57(1)(f) both of Regulation (EU) 2016/679 of the European17 KB (2,691 words) - 14:52, 13 December 2023
- AEPD (Spain) - PS/00299/2019 (category Article 7 GDPR)established in article 43.1 of Law 34/2002, of July 11,Information Society Services and Electronic Commerce (LSSI), for infractionstion of article 22.2. of the21 KB (3,202 words) - 14:54, 13 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)completely determined by it. This already follows from Article 1.3, Article 20.3 and Article 93.1 No. 4a of the Basic Law. According to these, the commitment133 KB (21,944 words) - 15:59, 22 March 2022
- AEPD (Spain) - PS/00473/2019 (category Article 5 GDPR)ePrivacy Directive (Ley 34/2002, Servicios de la Sociedad de la Información y ComercioElectrónico - LSSI). In particular if, under Article 22 LSSI, the controller35 KB (5,635 words) - 14:41, 13 December 2023
- APD/GBA (Belgium) - 18/2020 (category Article 5 GDPR)therefore of the opinion that no breach of Article 5.2 of the GDPR, Article 24.1 of the GDPR and Article 33 of the GDPR can be established. - As regards the55 KB (8,810 words) - 16:55, 12 December 2023
- CJEU - C-77/21 - Digi (category Article 6(4) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing49 KB (7,800 words) - 09:22, 5 January 2024
- AEPD (Spain) - TD/00261/2020 (category Article 12 GDPR)Regulation (EU) 2016/679 and in the sections 3 and 4 of article 13 of this organic law. " FIFTH: Article 15 of the RGPD provides that: "one. The interested23 KB (3,523 words) - 14:46, 13 December 2023
- informative to the claimed entity, in accordance with the provisions of article 65.4 of Organic Law 3/2018, of December 5, on the protection of personal data34 KB (5,222 words) - 12:58, 13 December 2023
- AKI (Estonia) - 2.1.-1/21/129 (category Article 6 GDPR)reply. The AKI reminded the defendant of its obligation under Article 13 GDPR and Article 14 GDPR to inform the data subject in a concise, clear, comprehensible22 KB (3,237 words) - 12:25, 17 June 2022
- Tietosuojavaltuutetun toimisto (Finland) - 3021/452/2017 (category Article 15(4) GDPR) (section Application of Articles 12 and 15 GDPR to call records)(2016/679) Article 5 (1) (a), Article 12 (1), (2) and (6) , Article 13, Article 15 (1) (h), (3) and (4), Article 58 (2) (c) and (d) subparagraphs Article 34 (1)41 KB (6,220 words) - 09:48, 17 November 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- VDAI (Lithuania) - VDAI vs UAB Prime Leasing (category Article 32(1)(a) GDPR)data. Hence, it considered Article 32(1)(a), Article 32(1)(b), Article 32(1)(d) GDPR to be breached. Pursuant to Article 82(2) GDPR, the DPA took several aggravating37 KB (4,319 words) - 09:20, 17 November 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- OGH - 6Ob159/20f (category Article 12(1) GDPR)under Article 15 GDPR to the defendant and requested i.a. information on concrete recipients of their personal data under Article 15(1)(c) GDPR. The defendant22 KB (3,310 words) - 07:44, 5 October 2021
- AEPD (Spain) - TD/00054/2020 (category Article 12 GDPR)disclose further details. Whether the complainant's right to access under Article 15 GDPR has been violated. The AEPD confirmed that CaixaBank's response was22 KB (3,500 words) - 14:50, 13 December 2023
- HDPA (Greece) - 20/2020 (category Article 4(15) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the113 KB (12,773 words) - 15:20, 6 December 2023
- AEPD (Spain) - TD/00248/2020 (category Article 12 GDPR)request data were not personal data and were therefore not included in Article 15 GDPR. They claimed that such data (educational data) were regulated by different25 KB (3,972 words) - 14:47, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)provided for in Article 12.3 of the GDPR, nor informed the claimants of a possible reason for its inaction as required by article 12.4 of the GDPR. It also considers76 KB (11,147 words) - 16:58, 6 December 2023
- AEPD (Spain) - TD/00254/2020 (category Article 15 GDPR)blocked and retained the data according to Article 32 of the Spanish Data Protection Act (LOPD). This Article obliges controllers to block and retain personal25 KB (3,791 words) - 14:47, 13 December 2023
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant84 KB (12,933 words) - 16:46, 12 December 2023
- AEPD (Spain) - PS/00092/2020 (category Article 13 GDPR)reprimand to the company for not complying with Article 13 GDPR, since it failed to even mention the GDPR in its Privacy Policy. Share your comments here22 KB (3,514 words) - 13:58, 13 December 2023
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)(definition) Article 4.1: Data subject (definition) Article 4.2: Processing (definition) Article 4.3: Restriction of processing (definition) Article 4.4 : Profiling9 KB (1,251 words) - 12:15, 8 May 2023
- OGH - 6Ob35/21x (request for preliminary ruling under Article 267 TFEU) (category Article 82 GDPR)ruling under Article 267 TFEU on the requirements of awarding damages for GDPR violations and the assessment of such damage under Article 82 GDPR. For the23 KB (3,551 words) - 09:54, 10 September 2021