Search results
From GDPRhub
- in Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- Article 2 GDPR (category GDPR Articles)elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Article 97 GDPR (category Article 97 GDPR)years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the16 KB (778 words) - 08:24, 19 October 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- Articles 4(11), 6(1)(a), 7 and 8 GDPR. For the definition of 'consent', see the more commentary under Article 6(1)(a) GDPR and Article 7 GDPR. For the definition125 KB (16,328 words) - 16:01, 8 March 2024
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 32 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 49 GDPR (category GDPR Articles)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)organisation), Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats17 KB (1,096 words) - 08:19, 19 October 2023
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))consent under Article 7(3), object under Article 21 GDPR or if the processing is in fact compliant with the principles of Article 5(1) GDPR. Simply listing71 KB (9,532 words) - 13:30, 6 March 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 59 GDPR (category GDPR Articles)DS-GVO BDSG, Article 59 GDPR, margin number 7 (C.H. Beck 2020, 3rd Edition). See Ziebarth, in Sydow, Marsch, DS-GVO/BDSG, Article 59 GDPR, margin numbers15 KB (718 words) - 15:31, 19 October 2023
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)proportionate (Article 7 and 8 EU Charter of Fundamental Rights) and in compliance with Article 6(2) and (3) GDPR. According to Article 6(3) GDPR, the legal108 KB (17,005 words) - 15:39, 18 March 2024
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 75 GDPR (category Article 75 GDPR)Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 38 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 70 GDPR (category Article 70 GDPR)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 52 GDPR (category GDPR Articles)this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- Article 5 GDPR (category GDPR Articles)consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 47 GDPR (category GDPR Articles)Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p29 KB (2,823 words) - 15:15, 28 April 2022
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- Article 26 GDPR (category GDPR Articles)related decisions in Category:Article 26 GDPR Petri, in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 26 GDPR, margin number 12 (C.H. Beck37 KB (3,915 words) - 12:49, 24 May 2023
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- Article 7 GDPR (category GDPR Articles)Regulation (GDPR), Article 7 GDPR, p. 350 (Oxford University Press 2020). Heckmann, Paschke, in Ehmann, Selmayr, Datenschutz-Grundverordnung, Article 7 GDPR, margin31 KB (3,489 words) - 16:00, 8 March 2024
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 74 GDPR (category Article 74 GDPR)Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C.H. Beck15 KB (808 words) - 09:44, 17 October 2023
- Article 54 GDPR (category GDPR Articles)enforcement of the GDPR. For more information regarding the establishment of SAs, please refer to Article 51(1) GDPR and Article 52 GDPR in this Commentary34 KB (3,649 words) - 13:19, 30 October 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 43 GDPR (category GDPR Articles) (section (6-7) Criteria for certification to be made public)Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- Article 76 GDPR (category Article 76 GDPR)Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p.15 KB (787 words) - 08:17, 19 October 2023
- Article 8 GDPR (category GDPR Articles)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 67 GDPR (category Article 67 GDPR)Commission (covering Articles 64 to 66 GDPR). For the purposes of the pilot project, the SAs referred to in Article 51 GDPR and the EDPB shall be considered15 KB (810 words) - 16:13, 2 November 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 19 GDPR (category GDPR Articles)States. → See Article 23 GDPR. → You can find all related decisions in Category:Article 19 GDPR. The obligation to notify under Article 19 should not be19 KB (1,436 words) - 12:35, 12 May 2023
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- Article 66 GDPR (category Article 66 GDPR)month to a request for mutual assistance (Article 61(8) GDPR) or to a request of joint operations (Article 62(7) GDPR). On 12 July 2021, the EDPB adopted an20 KB (1,590 words) - 16:11, 2 November 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Article 64 GDPR (category Article 64 GDPR)64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- Article 25 GDPR (category GDPR Articles)affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- meaning of Article 4(7) and (8) GDPR can be liable for compensation. A claim for damages first requires an infringement of the GDPR. Article 82 GDPR does not33 KB (4,215 words) - 09:57, 19 March 2024
- and, as a rule, acknowledged electronically (Article 61(7) GDPR) and free of charge (Article 61(7) GDPR). Finally, where the requested activity is not24 KB (2,181 words) - 11:46, 15 January 2024
- Article 69 GDPR (category Article 69 GDPR)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Member State in relation to damage referred to in Article 62(4) GDPR. According to Article 62(7) GDPR, if the lead SA does not invite the SA to take part22 KB (1,915 words) - 13:46, 15 January 2024
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Category:Article 11 GDPR Georgieva, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 11 GDPR, p. 39520 KB (1,854 words) - 16:32, 8 March 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- Article 68 GDPR (category Article 68 GDPR)decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 16 GDPR (category GDPR Articles)requirements of Article 5(1)(d) GDPR are not complied with. In such cases, there is no need to exercise the rights under Article 16 GDPR - but also no harm23 KB (2,489 words) - 23:24, 6 March 2024
- Article 90 GDPR (category Article 90 GDPR)Belisario, GDPR e normativa privacy – Commentario, Article 90 GDPR, p. 662 (Wolters Kluwer 2018). Piltz in Gola DS-GVO, Article 90 GDPR, margin numbers 6-7 (C18 KB (1,599 words) - 12:26, 29 April 2022
- Article 73 GDPR (category Article 73 GDPR)simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- Article 42 GDPR (category GDPR Articles) (section (7-8) What processing operations can be certified under the GDPR)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- CJEU - C-311/18 - Schrems II (category Article 45 GDPR)under Article 57(1)(f) of the GDPR, each supervisory authority is required on its territory to handle complaints which, in accordance with Article 77(1)12 KB (1,780 words) - 17:22, 10 March 2022
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A19 KB (1,525 words) - 08:18, 19 October 2023
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- Article 72 GDPR (category Article 72 GDPR)within the meaning of Article 72(1) GDPR. The GDPR does not contain detailed content requirements for the RoP. Article 74(2) GDPR only stipulates that the22 KB (2,266 words) - 08:26, 17 October 2023
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- Article 36 GDPR (category GDPR Articles)processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e)31 KB (3,646 words) - 08:51, 21 July 2023
- Article 34 GDPR (category GDPR Articles)meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- pursuant to Article 77 GDPR. Lastly, the NPO may file a legal remedy under Article 79 GDPR against a controller or processor regarding a GDPR infringement26 KB (2,575 words) - 15:50, 9 November 2023
- Article 1 GDPR (category GDPR Articles)limit the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- in Article 63 GDPR. Article 35(7) GDPR sets out a list of minimum requirements which shall be dealt with in the DPIA. To begin with, under Article 35(7)(a)52 KB (7,297 words) - 08:05, 18 July 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)controller (as defined under Article 4(7) GDPR) and a processor (as defined under Article 4(8) GDPR). As noted above, Article 79 GDPR imposes a two-stage cumulative31 KB (3,550 words) - 11:11, 29 November 2023
- Article 30 GDPR (category GDPR Articles)requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 78 GDPR (category GDPR Articles)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- Article 22 GDPR (category GDPR Articles)and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- Article 33 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 33 GDPR, p. 642-643 (Oxford University Press 2020). According to Bensoussan, the drafting of Article 33 GDPR drew inspiration54 KB (6,536 words) - 08:22, 16 June 2023
- Article 65 GDPR (category GDPR Articles)lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 6 (available here). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’37 KB (4,635 words) - 13:29, 24 October 2023
- Article 55 GDPR (category GDPR Articles)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)of conduct complies with the GDPR, as per Article 40(7) GDPR. According to the terminology of Articles 40(7) and 40(8) GDPR, the EDPB’s opinion should identify44 KB (5,008 words) - 14:50, 28 July 2023
- Article 41 GDPR (category GDPR Articles)clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)contrast to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not32 KB (3,730 words) - 08:43, 7 March 2024
- Article 53 GDPR (category GDPR Articles)the SAs' tasks, please refer to Article 57 GDPR and for their powers please refer to Article 58 GDPR. See Recital 122 GDPR. In this respect, reference should29 KB (2,894 words) - 23:06, 1 April 2024
- Article 88 GDPR (category Article 88 GDPR)opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- Article 89 GDPR (category Article 89 GDPR)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Overview of GDPR (section Article 7 CFR)of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- Article 20 GDPR (category GDPR Articles)consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- Recitals GDPR (section Recitals from the GDPR)Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and delivered an opinion on 7 March 2012 (17). Recital 173: This Regulation182 KB (24,065 words) - 13:40, 9 July 2021
- DSB (Austria) - 2021-0.586.257 (category Article 4(7) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- one of the 'other administrative or non-judicial' remedies, which Article 78(2) GDPR refers to. If the DPA decides to uphold their decision, they will10 KB (1,078 words) - 06:40, 26 March 2023
- LG Köln - 33 O 376/22 (category Article 45 GDPR)protection within the meaning of Article 45 of the GDPR and without appropriate safeguards within the meaning of Article 46 of the GDPR. Furthermore, the plaintiff66 KB (9,990 words) - 12:30, 29 January 2024
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data113 KB (12,773 words) - 15:20, 6 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)(Articles 12 and 14 of the GDPR) - a breach of her right of access (article 15 of the GDPR) - a breach of Article 28 of the GDPR with regard to the quality127 KB (21,484 words) - 17:01, 12 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)data, as provided for in Article 5 of the Regulation, is characterized. III. on sanctions and publicity 53. Article 45-III 7° of the law of January 6,41 KB (6,558 words) - 17:09, 6 December 2023
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)that the controller had not violated Article 45 GDPR nor any of the subsequent Articles from Chapter V of the GDPR. The AEPD took into account that the44 KB (6,642 words) - 10:34, 13 December 2023
- HDPA (Greece) - 20/2020 (category Article 45 GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data121 KB (13,722 words) - 15:16, 5 July 2023
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data115 KB (12,842 words) - 08:38, 5 July 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)be established on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data131 KB (14,752 words) - 08:36, 5 July 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)data according to Art. 45 GDPR does not exist. Since there is no adequacy decision according to Art. 45 Para. 3 GDPR, Art. 46 GDPR further admissibility158 KB (26,392 words) - 08:25, 7 June 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(1)(a) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- 2018-1125 of 12 December 2018. The age of consent is 15 years following Article 45 of the Law "Informatique et Libertés". The interplay between the right10 KB (1,108 words) - 09:37, 29 September 2021
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)compliant with Articles 5 and 6 GDPR. According to Article 6 GDPR, when a controller did not rely on consent (Article 6(1)(a) GDPR), its processing should be49 KB (7,800 words) - 09:22, 5 January 2024
- OLG Koln - 15 U 45/23 (category Article 16 GDPR)database. The request for erasure under Article 17(1) GDPR is not applicable, because under Article 17(3)(e) GDPR, the processing was necessary for the defence26 KB (4,187 words) - 14:46, 8 May 2024
- CNIL (France) - Google Analytics (no case number) (category Article 4(7) GDPR)be personal data per Article 4 GDPR. The CNIL then assessed whether the transfers of the data to the US comply with Article 44 GDPR. It considered whether40 KB (5,904 words) - 16:51, 24 February 2022
- CJEU - C-601/20 - SOVIM (category Article 45 GDPR)guaranteed by Article 7 of the Charter and the right to protection of personal data guaranteed by Article 8 of the Charter? Question 3 1. Is Article 5(1)(a)9 KB (1,176 words) - 13:29, 5 January 2024
- entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 651 KB (8,215 words) - 09:55, 13 May 2022
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- Council of State - 251.378 (category Article 45 GDPR)ruling and the GDPR; breach of Article 28 GDPR (the choice of a the processor does not provide sufficient guarantees); breach of Article 32 GDPR (lack of appropriate40 KB (6,324 words) - 15:34, 1 September 2021
- CNIL (France) - SAN-2019-001 (category Article 7 GDPR)comprehensible character, within the meaning of Article 12 of the GDPR, of the information provided for in Article 13 of the Regulation must be assessed. The90 KB (14,556 words) - 17:08, 6 December 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing of data relating31 KB (4,648 words) - 13:56, 12 May 2023
- BVwG - W258 2227269-1/14E (category Article 4(7) GDPR)violating Article 5(1) GDPR Article 6 (1) GDPR Article 6(4) GDPR Article 9 GDPR Article 14 GDPR Article 30 GDPR Article 35 GDPR and Article 36 GDPR. The fine47 KB (7,345 words) - 09:41, 10 September 2021
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- AEPD (Spain) - PS/00050/2020 (category Article 5(1)(a) GDPR)restaurant owner lawful in line of Article 5(1)(a) GDPR? The Spanish DPA concluded that there has been a breach of Article 5(1)(a) GDPR because the uploading of31 KB (5,083 words) - 13:51, 13 December 2023
- AEPD (Spain) - PS/00024/2019 (category Article 5(1)(f) GDPR)the principle of confidentiality, namely Article 5(1)(f) GDPR, and thus, it did not comply with Article 5(2) GDPR referred as the principle of "proactive53 KB (8,593 words) - 13:47, 13 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)conjunction with Article 56(5), read in conjunction with Article 56(6), read in conjunction with Article 56(7), read in conjunction with Article 56(8). in conjunction131 KB (22,429 words) - 16:57, 12 December 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- Norges Høyesterett - 2021-2403-A (category Article 7 GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- AEPD (Spain) - PS/00257/2020 (category Article 37 GDPR)for more than two years after the entry into force of the GDPR. This breached Article 37 GDPR. Ayuntamiento de Arroyomolinos was found lacking a Data Protection18 KB (2,737 words) - 14:23, 13 December 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- CE - N° 433311 (category Article 5(1)(e) GDPR)company for faulty website security (article 32 GDPR) and violation of the storage limitation principle (article 5(1)(e) GDPR). After a complaint in 2018, the18 KB (2,677 words) - 09:50, 10 September 2021
- AEPD (Spain) - TD/00071/2020 (category Article 17 GDPR)6www.aepd.es28001 - Madridsedeagpd.gob.es Page 4 4/7with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and this is notbased on19 KB (2,948 words) - 14:50, 13 December 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)subject’ (recital 45 of the preamble to the GDPR). (P. 85) (…) The basis of processing data, referred to in Article 6(1)(c) of the GDPR, is the processing91 KB (15,371 words) - 15:11, 5 October 2021
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 4(11) GDPR)like this: 123.45.67.89 - 25/Mar/2003 10:15:32 - http://www.google.com/search?q=cars - Firefox 1.0.7; Windows NT 5.1 - 740674ce2123e969 123.45.67.89 is the65 KB (9,767 words) - 16:22, 6 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- Datatilsynet (Norway) - 20/01949 (category Article 5 GDPR)transparency, cf. Article 5(1)(a), and accuracy, cf. Article (5)(1)(d), they hadn't recorded the processing activity as required in Article 30, hadn't conducted49 KB (7,572 words) - 16:14, 6 December 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)(definition) Article 4.5 : Pseudonymization (definition) Article 4.6 : Filing system (definition) Article 4.7 : Controller (definition) Article 4.8 : Processor9 KB (1,251 words) - 12:15, 8 May 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)enshrined in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not270 KB (43,335 words) - 12:39, 13 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)not completely determined by it. This already follows from Article 1.3, Article 20.3 and Article 93.1 No. 4a of the Basic Law. According to these, the commitment133 KB (21,944 words) - 15:59, 22 March 2022
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 7 GDPR)administrative fine for the infringement of Article 6(1) or Article 6(1)(b) GDPR meet the requirements of Article 4(24) GDPR. 504. The EDPB decides that the relevant53 KB (8,413 words) - 14:10, 30 January 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- APD/GBA (Belgium) - 36/2021 (category Article 83(7) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)processed on the basis of Article 6(1)(c) GDPR does not have the rights to erasure and objection contained in Article 17 and Article 21 GDPR respectively. This29 KB (4,605 words) - 17:00, 15 December 2021
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)the data protection claims from the GDPR is passively legitimate (Art. 15 Para. 1 GDPR). According to Art. 4 No. 7 GDPR, this is the natural or legal person97 KB (16,519 words) - 09:57, 22 February 2023
- APD/GBA (Belgium) - 24/2021 (category Article 7(1) GDPR)especially: 1) Violation of article 4.11 GDPR read in conjunction with article 6.1 a) GDPR as well Articles 7.1 and 7.3 GDPR: the Inspection Service determines110 KB (18,238 words) - 16:56, 12 December 2023
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)Profileing (definition) Article 4.5: Aliasing (definition) Article 4.6: Archiving system (definition) Article 4.7: Processor (definition) Article 4.8: Executor (definition)9 KB (1,168 words) - 15:30, 6 December 2023
- AZOP (Croatia) - Decision 05-07-2021 (category Article 32(1)(b) GDPR)activities further violated Article 32(1)(b) and (d) GDPR. Accordingly, the DPA, in accordance with its powers under Article 58 (2) GDPR, imposed an administrative5 KB (599 words) - 15:38, 30 October 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 7 GDPR)imposed pursuant toArticle83 GDPR 55. 45. The FR SA notes that reversing the findings concerning the infringements of Article 6(1) GDPR also affects the468 KB (51,340 words) - 14:10, 30 January 2023
- DSB (Austria) - 2022-0.332.606 (category Article 2(2)(c) GDPR)case fell under the household exception found in Article 2(2)(c) GDPR. According to this provision, the GDPR does not apply to the processing of personal data21 KB (3,166 words) - 13:43, 12 May 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)Court found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw32 KB (5,236 words) - 16:00, 10 March 2022
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)force of the GDPR, the controller also sent him a separate revocation letter referring to the operational reasons under Article 38(3) GDPR, second sentence40 KB (6,019 words) - 14:13, 28 November 2023
- AEPD (Spain) - PS/00291/2019 (category Article 6(1)(a) GDPR)unlawful processing data from a public registry without a legal basis under Article 6 GDPR. A citizen filled a complaint with the AEPD regarding the unlawful processing33 KB (5,396 words) - 14:26, 13 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)that a controller is allowed to reject a request to access under Article 12(5)(b) GDPR as "excessive" if the request's sole purpose is to verify the validity40 KB (6,325 words) - 16:12, 18 May 2022
- Tietosuojavaltuutetun toimisto (Finland) - 1198/161/2022 (category Article 9(2)(a) GDPR)within the meaning of Article 4(15) GDPR and Article 9(1) GDPR. Processing of sensitive data requires a legal basis under Article 9(2) GDPR. In the present case13 KB (1,847 words) - 15:52, 11 December 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)out in Article 6 (1) of the GDPR In addition, there is a circumstance within the meaning of Article 9 (2) of the GDPR. (45) Article 9 (2) of the GDPR does72 KB (11,159 words) - 10:09, 17 November 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 28(7) GDPR)conjunction with article 3.º, n.º 2 of article 4.º, and line b) of n.º 1 of article 6.º, all of Law n.º 58/2019, of August 8 (LERGPD). 7. It should also163 KB (27,222 words) - 16:54, 6 December 2023
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 90. In addition, a controller102 KB (15,787 words) - 07:39, 6 September 2023
- HDPA (Greece) - 57/2021 (category Article 13 GDPR)2016/679 and article 11toun.3471 / 2006, according to article 58par.2 of the GCP in in combination with article 83 par. 5 of the GCC, and with article 21 par45 KB (7,165 words) - 15:22, 22 February 2022
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- AEPD (Spain) - PS/00405/2020 (category Article 6(1)(a) GDPR)complained party, by the alleged infringement of article 6.1.a) of the RGPD, typified in article 83.5 of the GDPR. EIGHTH: The agreement to initiate this sanctioning20 KB (3,047 words) - 14:35, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 35(7) GDPR)provisions of the GDPR relating to the principles of data protection (article 5 of the GDPR) and the lawfulness of processing (article 6 of the GDPR). An infringement83 KB (13,694 words) - 09:53, 14 December 2023
- AEPD (Spain) - PS/00269/2019 (category Article 5(1)(f) GDPR)infringement of article 5.1.f), in relation to article 6.1, of the RGPD. The infringement of article 5.1.f) of the RGPD is typified in article 83.5.a) of the30 KB (4,761 words) - 14:24, 13 December 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- Gerechtshof Amsterdam - 200.251.466/01 (category Article 21 GDPR)request under Article 21 GDPR can be made at any time and several times. It also found that a provisional measure can be granted under Article 21 GDPR if an urgent19 KB (3,021 words) - 15:48, 15 March 2022
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)this case under Article 6(1)(a) or 6(1)(c)? If Article 6(1)(a) applies, do the requirements for parental consent under Article 8 GDPR also apply? Did the48 KB (7,926 words) - 16:56, 12 December 2023
- RvS - 201906880/1/A3 (category Article 5 GDPR)on Article 6(1)(c) GDPR. In particular, the appellant argued that pursuant to Article 6(3) GDPR, a public interest task under Article 6(1)(c) GDPR must40 KB (6,464 words) - 09:58, 7 July 2021
- APD/GBA (Belgium) - 12/2019 (category Article 7 GDPR)the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a decision107 KB (17,697 words) - 16:52, 12 December 2023
- AEPD (Spain) - TD/00262/2019 (category Article 17 GDPR)exercised by a complainant pursuant to Article 17 GDPR and analysed the exercise of the rights under Articles 15-22 GDPR. On 15 February 2019, Mrs A.A.A. (hereinafter17 KB (2,751 words) - 14:51, 13 December 2023
- AEPD (Spain) - PS/00025/2019 (category Article 6(1) GDPR)infringement of article 6.1 of the RGPD, typified in article 83.5 of the RGPD, afine of 75,000 euros (seventy-five thousand euros).SECOND: Under article 58.2.d)88 KB (14,301 words) - 13:48, 13 December 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)subject relied on the GDPR to anonymise and redact deeds which were key to the proceedings, on the basis of Article 5(1)(c) GDPR (data minimisation). In103 KB (17,620 words) - 10:13, 29 November 2023
- Persónuvernd - 2020010678 (category Article 5(1) GDPR)violation of the GDPR? The Persónuvernd held that the processing was lawful for several reasons. Regarding the GDPR, it held that Article 6(1)(f) applied26 KB (4,135 words) - 09:59, 6 May 2021
- APD/GBA (Belgium) - 33/2020 (category Article 5 GDPR)by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit39 KB (6,551 words) - 16:56, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 7 GDPR)of Articles 6, 7 and 12 of the GDPR. In the contested decision, the Belgian DPA found the infringement of Article 6, 7, 12, 13 and 24 GDPR sufficiently proven67 KB (10,544 words) - 09:24, 10 September 2021
- AEPD (Spain) - EXP202202000 (category Article 17 GDPR)information correctly published at the time. The DPA noted that under Article 17(3)(b) GDPR, personal data shall not be erased if their processing is necessary20 KB (3,107 words) - 10:49, 13 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)and 13 GDPR? Is the information provided to data subjects throughout the subscription process in compliance with the provisions of Article 13 GDPR? Does48 KB (7,404 words) - 17:09, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches66 KB (9,458 words) - 19:42, 4 September 2021
- NAIH (Hungary) - NAIH-3561-4/2022 (category Article 4(7) GDPR)controller’s status as “data controller” was correct under Article 4(7) GDPR. Article 44 GDPR requires that the transfer of personal data to a third country13 KB (1,677 words) - 09:39, 14 November 2022
- DSB (Austria) - 2021-0.347.702 (category Article 6(1)(f) GDPR)or by a third party. The court used Article 9(2)(f) GDPR to interpret legitimate interests under Article 6(1)(f) GDPR as including the establishment, exercise25 KB (3,875 words) - 10:36, 11 January 2024
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR. The complainants are clients52 KB (8,603 words) - 16:55, 12 December 2023
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)violation of article 5.1.f) of the GDPR (LCEur 2016, 605) , typified in article 83.5.a) of the GDPR, a penalty of warning, of in accordance with article 77 of195 KB (30,495 words) - 12:40, 13 December 2023
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)purpose constituted a breach of Article 5(1)(e) GDPR. Secondly, the CNIL indicated that the controller breached Article 13 GDPR by failing to include the right56 KB (8,757 words) - 14:12, 28 February 2024
- APD/GBA (Belgium) - 45/2023 (category Article 6(1)(a) GDPR)the data subject (Article 6(1)(a) GDPR and Article 9(2)(a) GDPR) or must be part of the performance of a contract (Article 6( 1)(b) GDPR) 2. According to22 KB (2,983 words) - 08:20, 16 May 2023
- Grünanger/Goricnik, Arbeitnehmer-Datenschutz und Mitarbeiterkontrolle2 Kap 7 Rz 7.87 and 7.93). In doing so, the defendant encroached on the plaintiff's privacy24 KB (3,763 words) - 09:49, 14 December 2023
- AKI (Estonia) - 2.1-3/20/347 (category Article 15(1) GDPR)protection of such information. ________________________________________ Page 7 7 (7) Due to the above, because the Public Information Act does not provide an26 KB (4,193 words) - 10:30, 13 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA429 KB (58,279 words) - 09:12, 2 November 2022
- AEPD (Spain) - PS/00306/2019 (category Article 5(1)(c) GDPR)6 6/8the power to impose an administrative fine pursuant to article 83 of the GDPR-article 58.2 i) -, or the power to order the controller or data controllerthat22 KB (3,421 words) - 14:27, 13 December 2023
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the77 KB (11,604 words) - 08:55, 29 June 2023
- Rb. Noord-Nederland - C/ 18/189406/HA ZA 19-6 (category Article 5(1)(f) GDPR)loss of control of personal data and a breach of Article 5(1)(f) GDPR, Article 6 GDPR and Article 32(2) GDPR. The first complainant is a company that is engaged105 KB (18,002 words) - 16:24, 10 March 2022
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 7 GDPR)operations . 45 35. Although according to Guidelines 2/2019 on Article 6(1)(b) GDPR , processing cannot be rendered lawful by Article 6(1)(b) GDPR “simply because289 KB (33,568 words) - 15:00, 1 February 2023
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA206 KB (30,485 words) - 09:54, 14 December 2023
- AEPD (Spain) - EXP202100897 (category Article 6(1) GDPR)RGPD, given the almost total identity between its article 7.f) and article 6.1.f) of the RGPD Article 7, letter f) of said Directive indicated: “Member States72 KB (11,671 words) - 13:34, 13 December 2023
- NAIH (Hungary) - NAIH/2020/2000/5 (category Article 5(1)(a) GDPR)of a Commission decision on adequacy , or in Article 46, Article 47 or the second subparagraph of Article 49 (1) (a) the period for which the personal24 KB (3,815 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS/00198/2020 (category Article 6(1) GDPR)Madridsedeagpd.gob.es Page 7 7/11j) adherence to codes of conduct under article 40 or to mechanismscertification approved in accordance with Article 42, andk) any other24 KB (3,769 words) - 14:10, 13 December 2023
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)be erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement27 KB (4,363 words) - 16:56, 12 December 2023
- AP (The Netherlands) - 25.11.2021 (category Article 5(1)(a) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 37(7) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- NAIH (Hungary) - NAIH/2020/6484 (category Article 15(1)(a) GDPR)the general rule of Article 15 (1) (a), c) and d) of the GDPR by not giving substantive, specific answers to the request under Article 15 and by sharing27 KB (4,159 words) - 10:13, 17 November 2023
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)that the letter in question referred to Article 58(1)(a) of the GDPR and Article 5:16 in conjunction with Article 5:17 of the Awb does not make this any67 KB (11,415 words) - 17:15, 12 December 2023
- relation to contraventions of the UK-GDPR, section 168 DPA 2018 provides that "non-material damage" in Article 82 GDPR includes distress. In relation to breaches61 KB (8,986 words) - 08:40, 22 February 2022
- CE - 450163 (category Article 45(3) GDPR)protection (...)". According to Article 46 of the Regulation: "1. In the absence of a decision pursuant to Article 45(3), the controller or processor may26 KB (3,744 words) - 16:36, 10 August 2021
- UODO (Poland) - ZSZZS.440.768.2018 (category Article 83(7) GDPR)amended), and Article 7 (1) and (2), Article 60, Article 102 of the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2010, No. 153, item32 KB (5,139 words) - 10:02, 17 November 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 7(1) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- AEPD (Spain) - A/00291/2017 (category Article 7 GDPR)the concurrence of several criteria of those set forth in article 45.4 of the LOPD (article 45.5.a LOPD), specifically: The volume of treatments carried33 KB (5,107 words) - 14:56, 25 October 2022
- CNIL (France) - SAN-2020-015 (category Article 32(1) GDPR)private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA29 KB (4,374 words) - 16:03, 19 January 2024
- NAIH (Hungary) - NAIH/2020/3479 (category Article 5(1)(d) GDPR)proceedings Article 77 (1) and Article 22 (b) of the General Data Protection Regulation. may be submitted in the case provided for in Under Article 77 (1) of30 KB (4,563 words) - 10:12, 17 November 2023
- DSB (Austria) - 2023-0.637.760 (category Article 31 GDPR)powers (Article 58, paragraphs 1 and 2 of the GDPR). The DSB is a supervisory authority within the meaning of Article 51 GDPR Article 51, GDPR (see also82 KB (13,593 words) - 11:03, 24 January 2024
- APD/GBA (Belgium) - 72/2020 (category Article 7(3) GDPR)juncto 7.3 of the RGPD; - that it is not necessary to pronounce one of the measures provided for in Article 100, §1 of the ACL. Pursuant to Article 108,34 KB (5,677 words) - 17:00, 12 December 2023
- AP (The Netherlands) - z2018-02009 (category Article 32 GDPR)(hereinafter: the GDPR) applies on 25 May 2018 become. The GDPR imposes the same obligation in Article 32, paragraph 1, as it applied under Article 13 6. The UWV33 KB (5,112 words) - 17:10, 12 December 2023
- UOOU (Slovakia) - Opinion of 24 August 2021 - FATCA (category Article 45 GDPR)transfers to the US, there is no adequacy decision within the meaning of Article 45 GDPR since the Court of Justice of the EU invalidated the Privacy Shield18 KB (2,319 words) - 12:51, 28 September 2022
- Persónuvernd (Island) - 2022020363 (category Article 35(7) GDPR)and thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing142 KB (22,881 words) - 12:42, 16 January 2024
- |GDPR_Article_Link_4= |GDPR_Article_5= |GDPR_Article_Link_5= |GDPR_Article_6= |GDPR_Article_Link_6= |GDPR_Article_7= |GDPR_Article_Link_7= |GDPR_Article_8= |GDPR_Article_Link_8=32 KB (6,006 words) - 16:33, 7 July 2021
- |GDPR_Article_Link_4= |GDPR_Article_5= |GDPR_Article_Link_5= |GDPR_Article_6= |GDPR_Article_Link_6= |GDPR_Article_7= |GDPR_Article_Link_7= |GDPR_Article_8= |GDPR_Article_Link_8=34 KB (5,924 words) - 18:14, 20 April 2021
- CE - N° 444937 (category Article 45 GDPR)CJEU held that the Privacy Shield adequacy decision (adopted as per Article 45(3) GDPR) was invalid. It was deemed invalid as it did not provide an adequate51 KB (7,830 words) - 09:50, 29 October 2020
- indication that art. 30 GDPR has not been complied with. There are serious indications that article 12.1 GDPR has not been complied with. 7. On December 16, 201935 KB (5,303 words) - 17:01, 12 December 2023
- DVI (Latvia) - SIA “Lursoft IT” (category Article 5(1)(a) GDPR)Liability Law, 9 Article 156, the second and third paragraphs of Article 157, the first paragraph of Article 166, Article 168, Article 262, Article 269, 1. to90 KB (14,351 words) - 16:10, 6 December 2023
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 7 GDPR)addresses that the Medical List does today, cf. GDPR Article 4, No. 11, Article 6 No. 1 letter a, Article 7 and Article 9 No. 2 letter a If current practice is144 KB (23,058 words) - 18:48, 5 March 2022
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)assessment against the GDPR A. Identification of the controllers involved (Article 4.7 GDPR) 24. In accordance with Article 4.7 GDPR, it must be the controller82 KB (13,250 words) - 16:57, 12 December 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)violation of article 32, paragraph 1, GDPR and article 13, paragraph 1, sub, GDPR BZ should end these violations as soon as possible. article58, paragraph2179 KB (22,957 words) - 17:07, 12 December 2023
- NAIH (Hungary) - NAIH/2020/2555 (category Article 4(1) GDPR)out in Article 12 (3) of the General Data Protection Regulation, the Debtor informed by electronic means on 7 March 2019, in accordance with Article 15 (1)33 KB (5,033 words) - 10:12, 17 November 2023
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph28 KB (4,527 words) - 15:58, 26 April 2022
- NAIH (Hungary) - NAIH/2020/5553 (category Article 12(3) GDPR)request under Article 15 and with the one month deadline under Article 12(3). Was Google Ireland Ltd in breach of its obligations under GDPR Article 15(1) and27 KB (4,279 words) - 10:12, 17 November 2023
- AEPD (Spain) - EXP202205791 (category Article 17 GDPR)observations. Firstly, the right to be forgotten can be found in Article 17 GDPR and Article 93 of the LOPDGDD, the Spanish data protection law. It establishes29 KB (4,648 words) - 12:38, 13 December 2023
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant84 KB (12,933 words) - 16:46, 12 December 2023
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(a) GDPR)accountability obligation in article 5, paragraph 2 of the GDPR in conjunction with Article 24, paragraph 1 of the GDPR. 46. Based on Article 7, §2, fifth paragraph43 KB (6,274 words) - 08:57, 29 June 2023
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 1885 KB (13,724 words) - 16:52, 12 December 2023
- LG Rostock - 3 O 762/19 (category Article 7 GDPR)unlawful under Article 6(1) GDPR: A user's consent under Article 6(1)(a) GDPR could not be considered valid under Articles 4(11) and 7 GDPR, especially since103 KB (16,959 words) - 13:58, 20 September 2021
- Datatilsynet (Norway) - 20/03771-17 (category Article 45 GDPR)provided for in the EEA and required by Article 44 GDPR. Relevant tools for transfers: Adequacy decisions, Article 45(1) GDPR: “A transfer of personal data to69 KB (10,520 words) - 07:55, 10 August 2023
- Court of Appeal of Brussels - 2020/AR/1111 (category Article 3(1) GDPR)ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of37 KB (5,919 words) - 08:54, 20 August 2021
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)of the four component parts of Article 35(7) is set out in turn below, ie Articles 35(7)(a), 35(7)(b), 35(7)(c) and 35(7)(d). 89. Before identifying the129 KB (17,281 words) - 14:57, 10 April 2024
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)Failure to ensure data protection by default (Article 25(2) GDPR) The DPA also found a violation of Article 25(2) GDPR regarding the controllers “X” icon at the59 KB (9,566 words) - 17:03, 6 December 2023
- NSS - 10 As 190/2020 - 39 (category Article 83(7) GDPR)body within the meaning of Article 83(7) GDPR. In interpreting what amounts to a public authority or body under Article 83(7) GDPR, the NSS held that such34 KB (5,374 words) - 04:32, 28 April 2022
- OGH - 6Ob127/20z (category Article 4(1) GDPR)held that a lawsuit under Article 79 GDPR regarding the alleged violation of Article 15 GDPR is indeed feasible. Article 79 GDPR is not limited to certain34 KB (5,408 words) - 13:57, 20 September 2021
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)(1) lit. d GDPR. The procedure was also compatible with the principle of purpose limitation within the meaning of Article 5 para. 1 lit. b GDPR. In September31 KB (5,184 words) - 17:19, 15 April 2023
- personal data, which has been replaced by the RGPD. 44. According to Article 4(7) of the GDPR, the controller is "the natural or legal person, public authority73 KB (11,864 words) - 17:03, 6 December 2023
- APD/GBA (Belgium) - 149/2023 (category Article 7(3) GDPR)to in Article 5(1) LRN, under which the controller did not fall in. Therefore, the controller breached Article 5(1)(a) GDPR and Article 6(1) GDPR, in conjunction113 KB (17,325 words) - 08:50, 19 March 2024