Search results
From GDPRhub
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 651 KB (8,215 words) - 09:55, 13 May 2022
- HDPA (Greece) - 6/2020 (category Article 40(5) GDPR)conferred on it by the provisions of Article 58 of the GDPR and Article 15 of Law 4624/2019. 2. As Article 5 of the GDPR defines the processing principles29 KB (4,557 words) - 15:33, 6 December 2023
- DSB (Austria) - 2020-0.605.768 (category Article 40 GDPR)conducts under Article 41 GDPR (redacted as "code S***", code M*** and code U***"). These codes had been approved by the DSB under Article 40(5) GDPR. Inverstigations19 KB (2,799 words) - 13:52, 12 May 2023
- Article 32 GDPR (category GDPR Articles)non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the41 KB (5,197 words) - 12:17, 17 April 2024
- OGH - 6Ob19/23x (category Article 15(1)(c) GDPR)owed on the basis of Article 15 (4) GDPR. Objected that the information provided to the plaintiff met the requirements of Article 15 GDPR. The marketing classifications33 KB (4,912 words) - 13:56, 10 May 2023
- Article 46 GDPR (category GDPR Articles) (section (e) Approved code of conduct pursuant to Article 40)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- legitimate purpose(s) (Article 5(1)(b)); lawfulness of processing (Article 6); adequate, relevant and limited to what is necessary data (Article 5(1)(c)); limited52 KB (7,297 words) - 08:05, 18 July 2023
- Article 70 GDPR (category Article 70 GDPR)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- LG Köln - 28 O 221/21 (category Article 6(1)(f) GDPR)meaning of Article 17 (1) (a) GDPR. The storage period of three years is also appropriate and transparent within the meaning of Article 5(1)(e) GDPR. The Code30 KB (4,765 words) - 14:30, 29 June 2022
- Article 25 GDPR (category GDPR Articles)affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)Category:Article 83 GDPR The wording “infringements of this Regulation” in Article 83(1) GDPR is slightly imprecise. In fact, Article 83(5)(d) GDPR also provides55 KB (7,622 words) - 14:04, 7 November 2023
- Article 5 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 5 GDPR, p. 315 (Oxford University Press 2020). Frenzel, in Paal, Pauly, DS-GVO BDSG, Article 5 GDPR, margin numbers51 KB (6,355 words) - 08:25, 18 April 2024
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Article 26 GDPR (category GDPR Articles)protection principles (Article 5), determination of the legal basis for processing (Article 6), implementation of security measures (Article 32), notification37 KB (3,915 words) - 12:49, 24 May 2023
- (see Article 52 GDPR) and shall be provided with various competencies (Articles 55, 56 GDPR), tasks (Article 57 GDPR) and powers (Article 58 GDPR). For125 KB (16,328 words) - 16:01, 8 March 2024
- 64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- Article 12 GDPR (category GDPR Articles) (section (5) Free of charge and manifestly unfounded or excessive requests)are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Article 1 GDPR (category GDPR Articles)limit the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- Article 88 GDPR (category Article 88 GDPR)opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)protection law as enshrined in Article 5 GDPR must be complied with, and that the rights of the data subjects as found in the GDPR must also be available under25 KB (2,482 words) - 10:04, 19 March 2024
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 97 GDPR (category Article 97 GDPR)recitals for Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out16 KB (778 words) - 08:24, 19 October 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 59 GDPR (category GDPR Articles)Marsch, DS-GVO/BDSG, Article 59 GDPR, margin numbers 4 and 5 (Nomos 2022). Ziebarth, in Sydow, Marsch, DS-GVO/BDSG, Article 59 GDPR, margin number 8 (Nomos15 KB (718 words) - 15:31, 19 October 2023
- Article 74 GDPR (category Article 74 GDPR)Articles 64(5), 65(5), 64(7) and 64(8) GDPR. Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 74 GDPR, p. 1099 (Oxford15 KB (808 words) - 09:44, 17 October 2023
- Article 76 GDPR (category Article 76 GDPR)Regulation (GDPR), Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article15 KB (787 words) - 08:17, 19 October 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- organisation-fined-for-gdpr-rule-breach-1.4255692?mode=amp https://www.irishlegal.com/article/tusla-fined-40-000-in-second-gdpr-breach https://www.dataprotection8 KB (1,034 words) - 14:13, 20 August 2021
- Article 7 GDPR (category GDPR Articles)accountability in Article 5(2) GDPR, paragraph (2) specifies further requirements in the general principle of transparency under Article 5(1)(a) GDPR, paragraph31 KB (3,489 words) - 16:00, 8 March 2024
- Article 67 GDPR (category Article 67 GDPR)Commission (covering Articles 64 to 66 GDPR). For the purposes of the pilot project, the SAs referred to in Article 51 GDPR and the EDPB shall be considered15 KB (810 words) - 16:13, 2 November 2023
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- to in Article 42(5) and approved by the supervisory authority which is competent pursuant to Article 55 or 56 or by the Board pursuant to Article 63; (c)22 KB (1,634 words) - 14:40, 28 July 2023
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- Article 19 GDPR (category GDPR Articles)States. → See Article 23 GDPR. → You can find all related decisions in Category:Article 19 GDPR. The obligation to notify under Article 19 should not be19 KB (1,436 words) - 12:35, 12 May 2023
- this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- Article 16 GDPR (category GDPR Articles)However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article23 KB (2,489 words) - 23:24, 6 March 2024
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Regulation (GDPR) is in Slovenia directly applicable, as well as in other EU member states. There are however problems in the practical use of the GDPR which10 KB (1,242 words) - 10:51, 6 February 2024
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 69 GDPR (category Article 69 GDPR)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- Article 8 GDPR (category GDPR Articles)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- Article 73 GDPR (category Article 73 GDPR)simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- accountability obligation enshrined in Article 5(2) GDPR. This theory is not totally convincing. In light of Article 5(2) GDPR, a reversal of burden of proof for33 KB (4,215 words) - 09:57, 19 March 2024
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A19 KB (1,525 words) - 08:18, 19 October 2023
- Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number 20 (C.H. Beck29 KB (2,951 words) - 14:19, 25 July 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 61 GDPR (category Article 61 GDPR) (section (5) Response by the requested supervisory authority (SA))standards of clarity (Article 61(3) GDPR). Requests are imperative and, subject to specific exceptions (Article 61(4) and (5) GDPR), must be fulfilled and24 KB (2,181 words) - 11:46, 15 January 2024
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)limited to, security of processing (Article 32(1) GDPR) and the general principles of processing set out in Article 5 GDPR. In confirming the above interpretation20 KB (1,854 words) - 16:32, 8 March 2024
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- Article 66 GDPR (category Article 66 GDPR)month to a request for mutual assistance (Article 61(8) GDPR) or to a request of joint operations (Article 62(7) GDPR). On 12 July 2021, the EDPB adopted an20 KB (1,590 words) - 16:11, 2 November 2023
- ng, Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters22 KB (1,915 words) - 13:46, 15 January 2024
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 72 GDPR (category Article 72 GDPR)from the fact that, according to Article 68(3) GDPR, the Commission is not a member of the EDPB. Secondly, Article 68(5) GDPR explicitly states that the Commission22 KB (2,266 words) - 08:26, 17 October 2023
- Article 90 GDPR (category Article 90 GDPR)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- Article 42 GDPR (category GDPR Articles) (section (5-6) Certification can be cssued through a certification body or by the competent supervisory authority)(Articles 42(7) GDPR, 43(5), and 58(2)(h) GDPR). According to the EDPB, where a DPA is to conduct certification pursuant to Article 42(5) GDPR, it will have27 KB (2,452 words) - 14:26, 28 July 2023
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))rights under the GDPR, when relevant information is provided. Article 13 GDPR embodies the principle of transparency in Article 5(1)(a) GDPR, outlining the71 KB (9,532 words) - 13:30, 6 March 2024
- Article 36 GDPR (category GDPR Articles) (section (5) Member state law may provide for stricter requirements)BDSG, Article 36 GDPR, margin number 5 (C.H. Beck 2020, 3rd Edition). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 36 GDPR, margin number 5 (C.H. Beck31 KB (3,646 words) - 08:51, 21 July 2023
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))subject (Article 12(2) GDPR), respond and communicate the measures taken (Article 12(3) and (4) GDPR), the principle of freedom from costs (Article 12(5) GDPR)61 KB (8,488 words) - 15:47, 18 March 2024
- pursuant to Article 77 GDPR. Lastly, the NPO may file a legal remedy under Article 79 GDPR against a controller or processor regarding a GDPR infringement26 KB (2,575 words) - 15:50, 9 November 2023
- administrative order acting in their judicial capacities. The GDPR was adopted pursuant to article 40 of the Act of 1 August 2018 on the organisation of the National10 KB (1,199 words) - 10:14, 19 October 2022
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)(3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5) GDPR)32 KB (3,730 words) - 08:43, 7 March 2024
- Article 47 GDPR (category GDPR Articles)Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p29 KB (2,823 words) - 15:15, 28 April 2022
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- Article 49 GDPR (category GDPR Articles) (section (5) Limitation of Transfers Based on Important Reasons of Public Interest)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)under Article 79 GDPR – or both. This flexibility allows for parallel proceedings under both Article 77 GDPR and under Article 79 GDPR. As the GDPR foresees31 KB (3,550 words) - 11:11, 29 November 2023
- Article 53 GDPR (category GDPR Articles)DS-GVO BDSG, Article 53 GDPR, margin number 5 (C.H. Beck 2020, 3rd Edition). Polenz, in Simitis, Hornung, Spiecker, Datenschutzrecht, Article 53 GDPR, margin29 KB (2,894 words) - 23:06, 1 April 2024
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 34 GDPR (category GDPR Articles)meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Regulation (GDPR): A Commentary, Article 33 GDPR, p. 642-643 (Oxford University Press 2020). According to Bensoussan, the drafting of Article 33 GDPR drew inspiration54 KB (6,536 words) - 08:22, 16 June 2023
- Article 65 GDPR (category GDPR Articles) (section (5) Notification and publication of the decision of the EDPB)lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 78 GDPR (category GDPR Articles)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- Article 55 GDPR (category GDPR Articles)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 2 GDPR (category GDPR Articles)elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- Article 89 GDPR (category Article 89 GDPR)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- Article 54 GDPR (category GDPR Articles)enforcement of the GDPR. For more information regarding the establishment of SAs, please refer to Article 51(1) GDPR and Article 52 GDPR in this Commentary34 KB (3,649 words) - 13:19, 30 October 2023
- Article 22 GDPR (category GDPR Articles)and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 6 (available here). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’37 KB (4,635 words) - 13:29, 24 October 2023
- with the support of the EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph43 KB (5,641 words) - 14:58, 28 April 2022
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Article 20 GDPR (category GDPR Articles)consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- CJEU - Joined Cases C‑26/22 and C‑64/22 - SCHUFA (category Article 40 GDPR)interests under Article 6(1)(f) GDPR. On the erasure obligations under Article 17 GDPR, the CJEU held that under Article 17(1)(d) GDPR SCHUFA will be under15 KB (2,180 words) - 08:23, 13 December 2023
- Datatilsynet (Norway) - 20/02136 (category Article 3(2) GDPR) (section (j) adherence to approved codes of conduct pursuant to Article 40 or approved certification mechanisms pursuant to Article 42)elements. Infringement of Article 6 and 9 GDPR qualifies for the maximum amount for administrative fines as set out in Article 83(5) GDPR: 20,000,000 € or 4%18 KB (2,375 words) - 16:17, 6 December 2023
- CJEU - C-40/17 - Fashion ID (category Article 80 GDPR)arguing that it wasn’t a controller within the definition set out under Article 2(d) Directive 95/46 and that NRW did not have legal standing to bring a6 KB (492 words) - 13:09, 1 June 2023
- exemption is based on Article 85(2) GDPR. According to Article 26(3) of the 2018 Act, certain GDPR provisions (listed in Article 26(9)) will not apply14 KB (2,011 words) - 15:42, 25 November 2020
- artistic or literary purposes, only Article 24, Article 26, Article 28, Article 29, Article 32, and Article 40- Article 43 applies, following § 3. Special8 KB (1,064 words) - 12:53, 23 June 2023
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)with the principle of fair and transparent processing contained in Article 5(1)(a) GDPR? Is the information relating to personal data processing operations48 KB (7,404 words) - 17:09, 6 December 2023
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 5(1)(a) GDPR) (section 5. Justification for Datatilsynet's decision)heading of Article 6(1) and the wording “has given” in Article 6(1)(a) support this interpretation. It follows logically from Article 6 and Recital 40 that a65 KB (9,767 words) - 16:22, 6 December 2023
- Protection Act 2019 sets exceptions in Article 9(1) GDPR, Article 15 GDPR, Article 16 GDPR, Article 18 GDPR and Article 21 GDPR for scientific or historical research10 KB (1,037 words) - 14:52, 10 July 2020
- AEPD (Spain) - EXP202203969 (category Article 83(5)(a) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SEVENTH: Notification of the aforementioned45 KB (7,135 words) - 13:08, 13 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- AEPD (Spain) - EXP202102430 (category Article 32 GDPR)by article 32.1 of the Regulation (EU) 2016/679. (…) V Without prejudice to the provisions of article 83.5 of the RGPD, the aforementioned article provides33 KB (4,835 words) - 13:26, 13 December 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- Norges Høyesterett - 2021-2403-A (category Article 5(1)(a) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: Notification of the aforementioned start-up22 KB (3,319 words) - 13:00, 13 December 2023
- ICO - FS50819531 (category Article 5(1)(a) GDPR)Section 3(2) of the Data Protection Act (DPA) and Article 4(1) GDPR. Pursuant to the FOIA and the GDPR, the ICO balanced the right to information and the3 KB (212 words) - 16:21, 7 March 2022
- Garante per la protezione dei dati personali (Italy) - 9525315 (category Article 5(1)(a) GDPR)lawfulness, in violation of article 5(a), 6 and 9 GDPR definition of the data retention period, in violation of Article 5(1)(e) GDPR adequate definition of3 KB (297 words) - 15:54, 6 December 2023
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notification of the Commencement Agreement26 KB (4,147 words) - 13:27, 13 December 2023
- ICO (UK) - Chief Constable West Midlands Police (category Article 40 GDPR)34(3), 38(1)(3), 40 and 57(1)(2) of UK GDPR. ICO also recommended that WMP should take certain steps to ensure its compliance with the UK GDPR. Share your comments18 KB (2,470 words) - 08:01, 10 May 2024
- AEPD (Spain) - EXP202105644 (category Article 5(1)(f) GDPR)controller €80,000: €50,000 for the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. The original fine of €80,000 was reduced27 KB (4,121 words) - 15:06, 13 December 2023
- AKI (Estonia) - 2.1-3/20/347 (category Article 15(1) GDPR)of the recognition for internal use is 5 + 5 + 5 years. The normal term is 5 years, which can be extended once by 5 years . Ten years may be too short to26 KB (4,193 words) - 10:30, 13 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "182 KB (13,463 words) - 17:03, 6 December 2023
- AEPD (Spain) - EXP202205932 (category Article 83(5) GDPR)basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful32 KB (4,952 words) - 13:11, 13 December 2023
- personal data in the deeds, based on Article 40(2)(c) of the Dutch Civil-law notaries act (Wet op het notarisambt) and Article 18(1)(3) of the Land registry act16 KB (2,099 words) - 12:30, 4 October 2021
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(1)(c) GDPR)Protection Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and48 KB (7,442 words) - 10:24, 12 September 2022
- AEPD (Spain) - EXP202201721 (category Article 83(5)(a) GDPR)the violation of the GDPR: violation of article 6.1, violation typified in its article 83.5.a). IV Secondly, article 32 of the GDPR “Security of processing”79 KB (12,408 words) - 13:24, 13 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)same article 83. 40. Article 83 of the GDPR provides: 1. Each supervisory authority shall ensure that administrative fines imposed under this Article for26 KB (4,050 words) - 17:10, 6 December 2023
- AEPD (Spain) - PS/00149/2020 (category Article 6 GDPR)criteria for theirgraduation in article 40 of the same standard, the literal wording of which is as follows:“Article 40. Graduation of the amount of the19 KB (2,795 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00129/2022 (category Article 83(5) GDPR)violation of article 5.1.f) of Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter RGPD), typified in the article 83.5 of the RGPD22 KB (3,420 words) - 12:59, 13 December 2023
- AEPD (Spain) - PS/00341/2020 (category Article 5 GDPR)principles are found under Article 5(1)(a) and Article 5(2) GDPR respectively]. The Spanish DPA even made reference to Recital 40 GDPR on the legality of processing32 KB (4,831 words) - 14:31, 13 December 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the AEPD602 KB (102,229 words) - 14:21, 13 December 2023
- AEPD (Spain) - EXP202204515 (category Article 6(1)(a) GDPR)issuer is identified as YOIGO. SECOND: In accordance with article 65.4 of Organic Law 3/2018, of 5 December, Protection of Personal Data and guarantee of20 KB (3,159 words) - 13:20, 13 December 2023
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)sentence 3, § 68 (1) sentence 5 LFGB § 40 paragraph 1a Basic Law Article 5(1), first sentence VIG § 1, § 2, § 3, § 4 para. 4, § 5 para. 1, para. 4 p. 1, § 640 KB (6,397 words) - 08:03, 21 March 2022
- AEPD (Spain) - PS/00308/2020 (category Article 5(1)(a) GDPR)third party, breach Article 6(1) GDPR? The Spanish DPA (AEPD) referred to the principle of lawfulness, fairness and transparency (Article 5(1)(a)), as well25 KB (4,016 words) - 14:27, 13 December 2023
- AEPD (Spain) - PS/00273/2020 (category Article 17 GDPR)establishing the criteria for its graduation in article 40 of the same norm, whose literal tenor is the following: "Article 40. Grading of the amount of sanctions15 KB (2,337 words) - 14:24, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6465/182/2018 (category Article 5(1)(c) GDPR)practices to guarantee the right to object in accordance with the GDPR. The DPA received 40 complaints against the cinema company Finnkino regarding its direct6 KB (744 words) - 13:05, 3 March 2024
- AEPD (Spain) - EXP202203914 (category Article 6(1) GDPR)correspond would be for the infringement of article 6.1 of the GDPR, typified in article 83.5 a) of the GDPR, the sanction that would correspond would be37 KB (5,914 words) - 10:42, 13 December 2023
- AEPD (Spain) - PS/00112/2020 (category Article 13 GDPR)"For its part, article 40 of the LSSI, in relation to the "Graduation of theamount of sanctions ”, determines the following:"Article 40. Grading of the29 KB (4,402 words) - 14:00, 13 December 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)organization (definition) Article 5.1 : Principles of data processing Article 5.1.a : Principle of legality, objectivity and transparency Article 5.1.b : Principle9 KB (1,251 words) - 12:15, 8 May 2023
- AEPD (Spain) - PS/00100/2020 (category Article 13 GDPR)fine of up to EUR 30,000 , in accordance with Article 39 of the LSSI. Two criteria (established in Article 40 of the LSSI) were applied to graduate the sanction:27 KB (4,296 words) - 13:59, 13 December 2023
- Recitals GDPR (section Recitals from the GDPR)set out in Article 5 of the Treaty on European Union (TEU). In accordance with the principle of proportionality as set out in that Article, this Regulation182 KB (24,065 words) - 13:40, 9 July 2021
- AEPD (Spain) - PS/00104/2020 (category Article 5(1)(f) GDPR)violation of articles 5.1.f, of the RGPD -as set out in Article 83(5)(a) of the said regulation and 5(1)(f) in relation to Article 32(1)(b) and (c) - specified36 KB (6,022 words) - 13:59, 13 December 2023
- Rb. Gelderland - AWB - 18 3073 (category Article 6 GDPR)Baan Centre. (hereinafter: SPC) a claim for compensation as referred to in Article 49, first and second paragraphs of the Personal Data Protection Act (Wbp)10 KB (1,424 words) - 12:09, 9 May 2022
- AEPD (Spain) - PS/00385/2020 (category Article 6(1)(a) GDPR)their privacy policy in line with Article 6(1)(a) GDPR within a month. The AEPD also held that URLs 1-4 breached Article 22(2) of the Law 34/2002 (LSSI)55 KB (8,967 words) - 14:33, 13 December 2023
- GHSHE (Netherlands) - 200.274.447 01 (category Article 5 GDPR)compensation/amount, pursuant to Article 7:683(4) in conjunction with Article 7:682(6) of the Dutch Civil Code, equal to the gross salary of €3,694.40 per four weeks and60 KB (10,118 words) - 15:12, 5 October 2021
- AKI (Estonia) - 2.1.-3/20/4479 (category Article 5(1)(c) GDPR)representation does not replace Article 9 (2) (a) and (c) consent of the data subject in accordance with Article 7. Article 7 (1) of the ECHR provides that28 KB (4,474 words) - 10:31, 13 December 2023
- AEPD (Spain) - EXP202205353 (category Article 5(1)(f) GDPR)the alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement22 KB (3,386 words) - 16:05, 13 December 2023
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)claimed party, for the alleged infringement of article 6 of the GDPR, typified in article 83.5 of the GDPR. FOURTH: On January 16, 2023, the aforementioned22 KB (3,427 words) - 13:26, 13 December 2023
- AEPD (Spain) - PS/00180/2020 (category Article 13 GDPR)as per Article 22(2) of the Spanish Law on Information Society Services (LSSI) — amongst others, the Spanish law regulating cookies — and Article 13 of38 KB (5,879 words) - 14:07, 13 December 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the131 KB (14,752 words) - 08:36, 5 July 2023
- violated Article 22(2) of the Act on Information Society Services and Electronic Commerce and fined the controller €2000, that were reduced by 40% to €120034 KB (5,222 words) - 12:58, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches66 KB (9,458 words) - 19:42, 4 September 2021
- AEPD (Spain) - EXP202204631 (category Article 5(1)(f) GDPR)comes regulated in article 32 of the GDPR. II Article 5.1.f) of the GDPR Article 5.1.f) of the GDPR establishes the following: "Article 5 Principles relating36 KB (5,485 words) - 13:19, 13 December 2023
- DSB (Austria) - 2020-0.743.659 (category Article 5(1)(a) GDPR)requirements of Article 9 GDPR. In the DSB held that the processing violated Articles 5, 6 and 9 GDPR: Consent under Articles 6(1)(a), 7 and 9(2)(a) GDPR cannot50 KB (8,015 words) - 13:52, 12 May 2023
- AEPD (Spain) - EXP202104875 (category Article 5(1)(f) GDPR)of the article 5.1.f) of the RGPD, infringement typified in its article 83.5.a) of the aforementioned regulation. IV. Article 83.5 a) of the GDPR, considers54 KB (8,451 words) - 13:35, 13 December 2023
- AEPD (Spain) - PS/00410/2019 (category Article 7 GDPR)Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 5 5/5set forth in article 25 and section 5 of the fourth additional provision of the Law29/1998,15 KB (2,192 words) - 14:36, 13 December 2023
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)required by article 6 of the RGPD. The data processing carried out violates article 6 of the RGPD conduct that is subsumed in article 83.5 of the RGPD47 KB (7,616 words) - 14:35, 13 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA429 KB (58,279 words) - 09:12, 2 November 2022
- AEPD (Spain) - PS/00332/2020 (category Article 7 GDPR)The Spanish DPA (AEPD) fined Borjamotor, S.A. for infringing Article 7 GDPR and Article Article 21(1) of the Spanish Law on Information Society Services (LSSI)45 KB (6,853 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00317/2020 (category Article 13 GDPR)the lack of a privacy and cookie policy on a website infringe Article 13 GDPR and Article 22(2) LSSI? The AEPD decided to impose a fine to the clinic: €31 KB (4,862 words) - 14:28, 13 December 2023
- AEPD (Spain) - PS/00473/2019 (category Article 5 GDPR)following way: C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es Page 5 12/5 - The different user profiles in which authorization is authorized have35 KB (5,635 words) - 14:41, 13 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)the GDPR sees in Individual provisions stipulate a risk-based approach (e.g. Art. 24 Para. 1 and Para. 2, Art. Article 25(1), Article 30(5), Article 32(1)158 KB (26,392 words) - 08:25, 7 June 2023
- TGI Paris - N° 14/07224 (category Article 5(1)(d) GDPR)all contracts; * clause n ° 5 regarding - of article 6/1 °, 2 ° & 3 ° of the Data Protection Act for all contracts, - Article 32 / I of the Data Protection392 KB (67,730 words) - 15:27, 17 March 2022
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- HmbBfDI (Hamburg) - Vermerk: Abdingbarkeit von TOMs (category Article 6(1)(a) GDPR)not necessarily meet the requirements of Article 32 GDPR. To what extent are the provisions in Article 32 GDPR obligatory and thus, not subject to the preferences30 KB (4,562 words) - 15:27, 6 December 2023
- AEPD (Spain) - PS/00386/2019 (category Article 7 GDPR)939/2005,C / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 5 5/5of July 29, in relation to art. 62 of Law 58/2003, of December 17, me-by entering16 KB (2,335 words) - 14:33, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)obligation of the controller (Article 6 (1) (c)) or to perform a public interest task or exercise public authority paragraph (e)). Article 6 (3) of the Data Protection41 KB (6,555 words) - 08:37, 4 March 2024
- AEPD (Spain) - PS/00057/2020 (category Article 7 GDPR)as per Article 22(2) of the Spanish Law on Information Society Services (LSSI) —this is the Spanish law regulating cookies, connected to Article 13 of the31 KB (4,757 words) - 13:52, 13 December 2023
- AEPD (Spain) - E/07796/2020 (category Article 32(1) GDPR)control authority, and according to the provisions of article 47 of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee18 KB (2,698 words) - 13:41, 13 December 2023
- HDPA (Greece) - 39/2020 (category Article 4(7) GDPR)under the GDPR and needs to establish a valid legal basis to process personal data. Unsolicited political communication is regulated with Article 11 L. 3471/200656 KB (7,755 words) - 15:39, 6 December 2023
- AEPD (Spain) - PS/00275/2019 (category Article 5(1)(f) GDPR)LPACAP), for the alleged infringement of Article 5.1(f) of the GDPR, as defined in Article 83.5(a) of the GDPR. FOURTH: Having been notified of the above-mentioned21 KB (3,335 words) - 14:25, 13 December 2023
- AEPD (Spain) - PS/00036/2020 (category Article 13 GDPR)based comply with Article 13 of the GDPR? The Spanish DPA found that the facts constituted an infringement for violation of Article 13 of the RGPD, and16 KB (2,587 words) - 13:50, 13 December 2023
- HDPA (Greece) - 36/2021 (category Article 5(2) GDPR)positively to the request of the Complainant in accordance with Article 12(2) GDPR and Article 15 GDPR. The HDPA imposed an administrative fine of EUR 20,000 on3 KB (324 words) - 14:59, 22 November 2021
- AEPD (Spain) - PS/00436/2021 (category Article 13(1) GDPR)forseen in Articles 15 to 22 GDPR. Failure to provide this information constitutes a "serious infraction" per Article 83.5 GDPR. However, the DPA held that20 KB (3,085 words) - 12:24, 13 December 2023
- AEPD (Spain) - EXP202204881 (category Article 6(1) GDPR)the LPACAP, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On January 23, 2023, DIGI requests a55 KB (9,017 words) - 10:46, 13 December 2023
- the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European25 KB (3,812 words) - 10:03, 20 August 2021
- ANSPDCP (Romania) - Sanatatea Press Group S.R.L. (category Article 5(1)(f) GDPR)art. 5 para. (1) lit. f) of the General Regulation on Data Protection. The operator Sanatatea Press Group SRL was sanctioned with a fine of 9,671.40 lei4 KB (422 words) - 15:20, 13 December 2023
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)with NIF ***NIF.1, for the alleged violation of Article 13 of the RGPD, typified in Article 83.5 of the GDPR. SECOND: APPOINT R.R.R. as instructor. and, as29 KB (4,482 words) - 14:06, 5 March 2024
- AEPD (Spain) - PS/00092/2020 (category Article 83(5)(b) GDPR)reprimand to the company for not complying with Article 13 GDPR, since it failed to even mention the GDPR in its Privacy Policy. Share your comments here22 KB (3,514 words) - 13:58, 13 December 2023
- DSB (Austria) - 2021-0.586.257 (category Article 5 GDPR)question if Google LLC violated Articles 5 et seqq. GDPR in connection with Article 28(3)(a) and Article 29 GDPR. The DSB fully upheld the complaint with108 KB (17,097 words) - 13:52, 12 May 2023
- AEPD (Spain) - PS/00168/2020 (category Article 6(1) GDPR)violation of Article 6(1) GDPR? AEPD considered that the documentation provided offers evidence that Vodafone violated Article 6(1) of the GDPR, by processing22 KB (3,568 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00322/2020 (category Article 5(1)(f) GDPR)data integrity, security and confidentiality under Article 5(1)(f) GDPR. For the violation of Article 32, the AEPD issued the law firm with a reprimand26 KB (3,840 words) - 14:28, 13 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)conjunction with Article 56(5), read in conjunction with Article 56(6), read in conjunction with Article 56(7), read in conjunction with Article 56(8). in conjunction131 KB (22,429 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00188/2020 (category Article 5(1)(f) GDPR)violation of Article 5 (1) (f) GDPR? The Spanish DPA held that were clear indications that the defendant infringed Article 5 (1) (f) GDPR, principles relating24 KB (3,907 words) - 14:08, 13 December 2023
- AEPD (Spain) - EXP202105923 (category Article 5(1)(d) GDPR)controller violated Article 5(1)(d) GDPR ("accuracy"), but a more natural conclusion would be to find a violation of Article 32(1)(d) GDPR ("adoption of adequate26 KB (3,846 words) - 12:42, 13 December 2023
- AEPD (Spain) - PS/00278/2019 (category Article 83(5) GDPR)lack of valid consent under Article 6(1)(a) GDPR. Thus, it imposed VODAFONE a fine of EUR 75,000 under Article 83(5) GDPR, being indecisive whether there23 KB (3,672 words) - 14:25, 13 December 2023
- AEPD (Spain) - EXP202204530 (category Article 83(5)(b) GDPR)of €10,000.00. claimed, for the violation of article 6.1 of the RGPD, typified in article 83.5.a) of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid26 KB (3,971 words) - 13:26, 13 December 2023
- AEPD (Spain) - PS/00422/2018 (category Article 5(1)(f) GDPR)RETAIL S.L. for alleged infringement of Article 5.1 f) of the GDPR, in accordance with Article 83.5.a) of the GDPR- Initiate sanctioning procedure against25 KB (3,933 words) - 14:37, 13 December 2023
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- intentionality was taken into account (Article 40(a) LSSI). The AEPD fined the controller €2000 for failing to comply with Article 21 LSSI. The Director of the Spanish14 KB (2,070 words) - 13:43, 13 December 2023
- AEPD (Spain) - PS/00060/2020 (category Article 83(5)(e) GDPR)personal data under Article 15 GDPR? The Spanish DPA held that the airline company had not complied with the right to access in Article 15 GDPR when it refused23 KB (3,695 words) - 13:53, 13 December 2023
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further49 KB (7,800 words) - 09:22, 5 January 2024
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)Schantz, in: BeckOK Datenschutzrecht, 37th Ed., As of May 1st, 2020, Article 5 GDPR, Rn. 5) .27 The collection and processing of the date of birth in the ordering41 KB (6,779 words) - 12:35, 24 November 2021
- CNIL (France) - SAN-2020-008 (category Article 5(1)(e) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- AEPD (Spain) - PS/00451/2019 (category Article 6(1)(f) GDPR)referred to as LPACAP), for the alleged infringement of Article 6.1(f) of the RGPD, as defined in Article 83.5 of the RGPD. FOURTH: Having been notified of the26 KB (4,231 words) - 14:44, 13 December 2023
- AEPD (Spain) - EXP202100282 (category Article 6(1) GDPR)A.U. with NIF A-65559296, for the alleged violation of article 6.1. GDPR typified in article 83.5.a) of the aforementioned RGPD. C / Jorge Juan, 6 www.aepd27 KB (4,108 words) - 13:32, 13 December 2023
- AEPD (Spain) - PS/00356/2020 (category Article 6(1) GDPR)pre-contractual; (…) " The offense is typified in Article 83.5 of the RGPD, which considers as such: "5. Violations of the following provisions will be sanctioned26 KB (3,848 words) - 14:31, 13 December 2023
- AEPD (Spain) - PS/00405/2019 (category Article 6(1) GDPR)significant (Article 83(2)(b) GDPR). - basic personal identifiers were affected (name, identification number, the line identifier) (Article 83(2)(g) GDPR). The24 KB (3,887 words) - 14:34, 13 December 2023
- AEPD (Spain) - PS/00198/2020 (category Article 6(1) GDPR)measurespre-contractual;(…) "The offense is typified in Article 83.5 of the RGPD, which considers as such:"5 . Violations of the following provisions will be24 KB (3,769 words) - 14:10, 13 December 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 5(1)(f) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- AEPD (Spain) - EXP202204492 (category Article 6(1) GDPR)provisions of article 58.2.i) of the GDPR, for the alleged infringement of article 6.1 of the GDPR, typified in article 83.5.b) of the GDPR. SECOND: APPOINT26 KB (3,867 words) - 10:44, 13 December 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- AEPD (Spain) - PS/00433/2020 (category Article 58(2)(c) GDPR)(LOPDGDD) in its article 72.1 m), under the heading “ Infractionsconsidered very serious ” provides:"one. Based on what is established in article 83.5 of the Regulation23 KB (3,592 words) - 14:40, 13 December 2023
- CNIL (France) - SAN-2023-018 (category Article 31 GDPR)municipality €5,000 for failing to designate a DPO and to cooperate with the DPA, therefore violating Article 31 GDPR and Article 37(1)(a) GDPR. On 2 June22 KB (3,384 words) - 13:25, 24 January 2024
- AEPD (Spain) - PS/00448/2020 (category Article 5(1)(f) GDPR)€150,000 on Xfera Móviles S.A. (defendant) for infringing Article 17, 32, 5(1)(f) GDPR and Article 21 LSSI. The fine was imposed after investigating two complaints45 KB (7,217 words) - 14:40, 13 December 2023
- AEPD (Spain) - PS/00278/2020 (category Article 5(1)(a) GDPR)images, in violation of Article 5(1)(a) GDPR? The Spanish DPA (AEPD) found that the defendant's conduct violated Article 5(1)(a) GDPR, as a broader principle28 KB (4,592 words) - 14:25, 13 December 2023
- AN - 578/2021 (category Article 5(1)(d) GDPR)infraction of art. 5.1.d) of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, typified in art. 83.5 of the aforementioned26 KB (4,277 words) - 09:18, 26 July 2021
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 5(1)(f) GDPR)accuracy of the data processed (Article 5, paragraph 1, letter d) of the Regulation), nor in terms of safety and integrity (Article 5, paragraph 1, letter f) of50 KB (8,001 words) - 15:52, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- AEPD (Spain) - PS/00484/2020 (category Article 6(1)(a) GDPR)messages. Is this a violation of Article 6(1)(a) GDPR? The AEPD held that this behaviour was a violation of Article 6(1)(a) GDPR and fined Vodafone €100,00027 KB (4,189 words) - 14:44, 13 December 2023
- AEPD (Spain) - PS/00135/2021 (category Article 6(1) GDPR)violated Article 6(1)GDPR, for processing personal data without a legal basis. Hence, the AEPD decided to fine Telefónica for the violation of Article 6(1)GDPR30 KB (4,631 words) - 13:00, 13 December 2023
- AEPD (Spain) - PS/00068/2020 (category Article 6(1) GDPR)violation of the article6.1. of the RGPD, in relation to article 20 e) of the LOPDGDD, typifiedin article 83.5.a) of the aforementioned GDPR.2. TO appoint27 KB (4,106 words) - 13:55, 13 December 2023
- AEPD (Spain) - PS/00054/2021 (category Article 32(1) GDPR)code of conduct approved in accordance with article 40 or to a certification mechanism approved under article 42 may serve as an element to demonstrate compliance27 KB (3,993 words) - 13:52, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)relation to the requirements prescribed by Article 12.1 of the GDPR (transparency obligation) and by Article 13 of the GDPR (right to information). The Head of82 KB (11,472 words) - 16:58, 6 December 2023
- AEPD (Spain) - PS/00085/2021 (category Article 6(1)(a) GDPR)A.U., with NIF A80907397, for the alleged violation of article 6.1. GDPR typified in article 83.5.a) of the aforementioned RGPD. 1. APPOINT Mr. D.D.D. as28 KB (4,350 words) - 13:57, 13 December 2023
- AEPD (Spain) - PS/00247/2019 (category Article 32(2) GDPR)employee of the entity - infringes Article 32. 2 and 32.4 of the RGPD, an infringement punishable under Article 83.4.a of the GDPR. Assessing the circumstances39 KB (6,720 words) - 14:22, 13 December 2023
- AEPD (Spain) - PS/00266/2019 (category Article 13 GDPR)with the provisions of article 58.2.b) of the RGPD, for the alleged infringement of article 13 of the RGPD, typified in article 83.5.b) of the RGPD SECOND:28 KB (4,459 words) - 14:23, 13 December 2023
- AEPD (Spain) - PS/00234/2020 (category Article 7 GDPR)AEPD concluded that the defendant could have breached Article 13 GDPR, Article 7 GDPR and Article 22(2) LSSI: there was no identification of the data controller47 KB (7,368 words) - 14:21, 13 December 2023
- AEPD (Spain) - PS/00379/2019 (category Article 6 GDPR)an alleged violation of article 6 of the GDPR typified as an infringement of basic principles for processing in article 83.5 GDPR. In determining the amount26 KB (4,235 words) - 14:33, 13 December 2023
- AEPD (Spain) - PS/00008/2020 (category Article 6(1) GDPR)www.aepd.es 28001 - Madrid sedeagpd.gob.es Page 5 5/14 particular (…) ” III The RGPD deals in its article 5 with the principles that must govern the treatment27 KB (4,408 words) - 13:45, 13 December 2023
- AEPD (Spain) - PS/00303/2020 (category Article 6(1) GDPR)adherence to codes of conduct under Article 40 or to mechanisms certification approved in accordance with Article 42, and k) any other aggravating or mitigating29 KB (4,480 words) - 14:27, 13 December 2023
- AEPD (Spain) - PS/00205/2021 (category Article 6(1) GDPR)constitutes personal data according with Article 4(1) GDPR therefore its processing falls within the scope of GDPR. The DPA also analysed whether the controller28 KB (4,527 words) - 12:35, 13 December 2023
- AEPD (Spain) - PS/00268/2019 (category Article 13 GDPR)specific enough and did not comply with Article 13 GDPR. Does the lack of precision enough to infrige Article 13 GDPR? The AEPD found that the information28 KB (4,435 words) - 14:23, 13 December 2023
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled27 KB (4,216 words) - 13:26, 8 January 2024
- AEPD (Spain) - EXP202104006 (category Article 5(1)(f) GDPR)interested party, respectively. III Article 5.1.f) of the GDPR Article 5.1.f) “Principles relating to processing” of the GDPR establishes: "1. The personal data31 KB (4,578 words) - 12:11, 6 March 2024
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller gives120 KB (19,650 words) - 09:00, 6 April 2022
- GHDHA - C/09/574422 / HA RK 19-368 (category Article 1 GDPR)obligation (Article 4:32 § 1 Wft). Therefore, Article 6(1)(c) GDPR was relevant. However, the Court highlighted that the phrase "at least on" in Article 6(1)43 KB (7,297 words) - 12:26, 4 October 2021
- AEPD (Spain) - PS/00075/2020 (category Article 83(5)(a) GDPR)respondent: a) for the alleged infringement of Article 6.1.a) of the GDPR, sanctioned in accordance with the Article 83.5.a) of the aforementioned RGPD and, b)31 KB (4,909 words) - 13:56, 13 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(1)(a) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On October 13, 2022, DIGI requests the49 KB (7,973 words) - 13:25, 13 December 2023
- AEPD (Spain) - PS/00141/2020 (category Article 6(1)(a) GDPR)Judiciales (JAVA). JAVA infringed Article 6(1)(a) GDPR by publishing illegal recordings on its website and also infringed Article 22(2) LSSI due to its cookie26 KB (4,150 words) - 14:05, 13 December 2023
- AEPD (Spain) - PS/00287/2020 (category Article 5(1)(f) GDPR)established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there32 KB (4,837 words) - 14:26, 13 December 2023
- AEPD (Spain) - PS/00483/2020 (category Article 5(1)(f) GDPR)established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there32 KB (4,834 words) - 14:43, 13 December 2023
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- DSB (Austria) - 2020-0.111.488 (category Article 5(1)(a) GDPR)(Datenschutzbehörde - DSB) held that the doctor had violated Article 5(1)(a) GDPR and Article 9(1) and (2) GDPR as the patients had not given their ecplicit consent8 KB (1,048 words) - 13:50, 12 May 2023
- AEPD (Spain) - EXP202206825 (category Article 6(1) GDPR)party was charged with claimed a violation of article 5.1.c) of the RGPD, typified in article 83.5.a) of the GDPR; considering that capturing images of shared31 KB (4,864 words) - 13:27, 13 December 2023
- AEPD (Spain) - EXP202100764 (category Article 5(1)(f) GDPR)alleged violation of Article 5.1.f) of the RGPD and Article 32 of the RGPD, typified in Article 83.4 of the RGPD and Article 83.5 of the RGPD. The initiation34 KB (5,184 words) - 13:22, 13 December 2023
- AEPD (Spain) - EXP202206626 (category Article 5(1)(c) GDPR)provisions of the article 5.1.c) of the RGPD, so they involve the commission of an infraction classified in Article 83.5.a) of the GDPR, which provides the35 KB (5,475 words) - 13:21, 13 December 2023
- AEPD (Spain) - PS/00430/2020 (category Article 4(11) GDPR)his/her consent. The DPA first outlined Article 6(1)(a) and (b) GDPR, Articles 4(11) GDPR on consent, as well as Article 6 of the Spanish Data Protection Law31 KB (4,738 words) - 14:39, 13 December 2023