Search results

under Article 66(2) GDPR, which could not be done in the present case. When the SA that has adopted the provisional measure under Article 66(1) GDPR considers

Commission (covering Articles 64 to 66 GDPR). For the purposes of the pilot project, the SAs referred to in Article 51 GDPR and the EDPB shall be considered

ng, Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters

standard procedure set forth by Article 66 GDPR. First, the SA does not have to prove the urgency required by Article 66(1) GDPR for "normal" urgency cases

the exceptions to the one stop shop mechanism applies (Article 55(2), Article 56(2), or Article 66). It interesting to note that the Court confirms that

by the EDPB pursuant to Article 66(2) GDPR. Temporary ban on processing (order) Pursuant to Article 66(1) GDPR and 58(2)(f) GDPR the Norwegian DPA consequently

EDPB. 2 COMPETENCE OF THE EDPB TO ADOPT AN URGENT BINDING DECISION UNDER ARTICLE 66(2) GDPR 2.1 Existence of a request pursuant to Article 66(2) GDPR coming

under Article 66(2) GDPR.......... 15 2.1 The SA has taken provisional measures under Article 66(1) GDPR....................................... 15 2.2 Existence

the mutual assistance procedure (Article 61 GDPR), The Italian DPA initiated the urgency mechanism in Article 66 GDPR to prohibit Meta’s processing of

provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be

consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details

commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA

Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number

access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data

resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in

one of the 'other administrative or non-judicial' remedies, which Article 78(2) GDPR refers to. If the DPA decides to uphold their decision, they will

leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward

to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR

consistency mechanism under Article 65(2)(1) GDPR and the adoption of the EDPS’s rules of procedure under Article 72(2) GDPR. Notably, each EDPB member

(see Article 52 GDPR) and shall be provided with various competencies (Articles 55, 56 GDPR), tasks (Article 57 GDPR) and powers (Article 58 GDPR). For

Journal of the European Union. 2. It shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the

administrative fines referred to in Article 66. It may cancel, reduce or increase those fines within the limits of Article 66. The EDPS, as an independent institution

in principle (see hereunder Article 65(2) GDPR) to adopt a decision under Article 65 GDPR is reached, since Article 64 GDPR only requires a simple majority

relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically

date of effect under Article 94 GDPR. In order to ensure a sense of continuity within the regulatory framework, Article 94(2) GDPR provides that any reference

protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows

years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the

process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and

Chair represents the Board (Article 68(2) GDPR) and is responsible for directing the work of the secretariat (Article 75(2) GDPR). Other specific responsibilities

Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p.

accordance with Article 58(2) [GDPR]”. These is a reference to the information that SAs must keep in internal records according to Article 57(1)(u) GDPR. The report

mechanism), Article 64 GDPR (opinion of the board), Article 66 GDPR (urgency procedure) and Article 67 GDPR (exchange of information). Article 55 GDPR confirms

subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to

from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions

(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)

mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual

directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing

Regulation. Noting that a broader reading of Article 98 GDPR is supported by the wording of Article 2(3) GDPR, which provides that: 'For the processing of

unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/2011

definition for "processing" in Article 4(2) GDPR). If data is been made public, the applicable provision is Article 17(2) GDPR, provided that all requirements

important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal

proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board

practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public

Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 6

exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs

exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written

laid down in Article 57 GDPR. The powers of SAs are both investigative and corrective, which are set out in Article 58 GDPR. Article 52(2) GDPR requires two

conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear

accountability in Article 5(2) GDPR, paragraph (2) specifies further requirements in the general principle of transparency under Article 5(1)(a) GDPR, paragraph

falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting

with the examination procedure referred to in Article 93(2). You can help us fill this section! Article 43 GDPR explains the procedure involved in establishing

situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference

Datenschutzrecht, Article 73 GDPR, margin number 3 (C.H. Beck 2019, 1st edition). Nguyen, in Gola, DS-GVO, Article 73 GDPR, margin number 2 (C.H. Beck 2018, 2nd edition);

related decisions in Category:Article 16 GDPR Meents, Hinzpeter in Taeger, Gabel, DSGVO – BDSG, Article 16 GDPR, margin number 2 (Deutscher Fachverlag, 4th

from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities

decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set

objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A delegated

affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers

accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand

processing (Article 32(1) GDPR) and the general principles of processing set out in Article 5 GDPR. In confirming the above interpretation, Paragraph 2 sets out

a binding dispute resolution procedure in accordance with Article 65 GDPR. Article 64(2) GDPR allows any SA, the EDPB Chair or the Commission to request

categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific

Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number

accountability obligation enshrined in Article 5(2) GDPR. This theory is not totally convincing. In light of Article 5(2) GDPR, a reversal of burden of proof for

compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to

with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article

controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also

Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU

applicability of Article 49(1) GDPR, the documentation of suitable safeguards (Article 30(2)(c) GDPR). See commentary under Article 30(1)(e) GDPR. The processor's

access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)

and jurisdiction provisions (Articles 47(1)(b), 47(2)(d), 47(2)(e), 47(2)(g), 47(2)(i), 47(2)(l) GDPR); a duty for the EU BCR member to accept responsibility

Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article

difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter

According to Article 80(2) GDPR, where legislated for by Member States, this right extends to Articles 77, 78 and 79 GDPR, but not Article 82 GDPR. This exclusion

meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines

clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against

explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the

elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first

processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e)

under Article 79 GDPR – or both. This flexibility allows for parallel proceedings under both Article 77 GDPR and under Article 79 GDPR. As the GDPR foresees

Beck, 2018, 2nd edition). We refer, in that respect, to the Commentary on Article 2(2)(c) GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023)

contrast to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not

functions, a permissive function (Article 88(1) GDPR) and a conditional function (Article 88(2) GDPR). While Article 88(2) GDPR determines the scope of the opening

occupation. For example, Article 52(2) GDPR requires SA members to remain free from external influence and Article 52(3) GDPR entails a prohibition of

from Articles 13(2)(b) and 14(2)(c) GDPR. However, Article 21(4) GDPR specifies that the right to object under Article 21(1) and 21(2) GDPR (i.e. the right

information as outlined in Articles 13 and 14 of the GDPR (see above). Article 26(2) of the GDPR emphasizes the significance of these specific obligations

Regulation (GDPR): A Commentary, Article 49 GDPR, p. 846 (Oxford University Press 2020). EDPB, ‘Guidelines 2/2018 on derogations of Article 49 under Regulation

flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision

which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary

entering the contract, Article 22(2)(a) GDPR does not mention this additional aspect. In any case, the application of Article 22(2)(a) GDPR is always subjected

Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides

with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR

the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally

or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both

reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate

the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 6 (available here). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’

access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation

respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences

categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation

decision". Similar to the ex-ante information in Article 13(2)(f) and 14(2)(f) GDPR, Article 15(2) GDPR requires that in case the controller transfers data

provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)

requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide

are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles

must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller

in Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford

consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is

possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State

of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and

accordance with the provisions of the aforementioned Article 66 of the Regulation. Pursuant to Section 66(1) of the Regulation, the supervisory authorities

Moreover, the information provided as per Article 13 GDPR were not compliant with the requirements of Article 12 GDPR in light of the fact that TikTok services

the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European

Authority has verified the above links and NAIH / 2020/66/2., NAIH / 2020/66/3. and NAIH / 2020/66/5. in its file number notes, it found that the links were

Wednesday 10 November 2021. The reference to Article 66 GDPR by the Court seems irrelevant, since Article 66 is a derogation to the one stop shop principle

"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller

to work. 1 2See, among other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI and

the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection

for more details. Article 2: Material scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal data

instance, the controller sought to rely upon Article 6(1)(e) GDPR and Article 9(2)(j) GDPR. Article 6(1)(e) GDPR establishes a lawful basis for the processing

more details. Article 2: Substantive scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal

processing involved special categories of data under Article 9 GDPR and whether an exception under Article 9(2) applied; • targeted advertising by the controller

this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was

pre-existing form of Article 11 of Law 3471/2006). However, with the provisions of article 16 par. 1 and 2 of law 3917/2011, par. 1 and 2 of article 11 of law 3471/2006

CPDP issued NRA an order under Article 58(2)(d) supra Article 57(1)(a) and Article 83(2)(a), (c), (d), (f) and (g) of the GDPR for undertaking suitable technical

provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read

databases made available by the CNAM. 2.2.2. Nature of personal data 2.2.2.1. Pursuant to Article 5(1)(c) of the GDPR, the data processed must be relevant

the public interest, per Article 6(1)(e) GDPR, and was also necessary for scientific research purposes under Article 9(2)(j) GDPR. Thirdly, that the data

GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page

data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the

therefore of the opinion that no breach of Article 5.2 of the GDPR, Article 24.1 of the GDPR and Article 33 of the GDPR can be established. - As regards the

and Article of 11Law No. 3471/2006, in accordance with Article 13(58i2) of the GDPR in conjunction with Article 83(1)(a) of the GDPR. 5 of the GDPR, and

1, No. 2, Art. 6 para. 1 sentence 1 lit. c, para. 3 sentence 1, Art. 86 GKG § 47 (1), § 52 (2), § 53 (2) no. 2, § 63 (3) sentence 1 no. 2, § 66 (3) sentence

defendant 2. Also here is there therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a)

of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant

right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that

DPA under Article 31 GDPR and Article 66 Greek Law 4624/2019, as well as the obligation to designate the DPO under Article 37 GDPR and Article 6 Greek Law

mandatory by article 13.2.a) of the GDPR. 2.2 Regarding the exercise of their rights by the persons concerned 67 53. In the context of objective 2, the head

" Regarding section k) of article 83.2 of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions

meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph

that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled

was contrary to Article 5(1)(a) GDPR (principle of lawfulness), Article 5(1)(b) GDPR (principle of purpose limitation) and Article 6 GDPR (absence of valid

time tracking system, due to a lack of compatibility with Article 7(4) and Article 35(9) of GDPR. KEO PLC decided to upgrade its ERP system, whose upgrade

other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of

there is no explicit consent by the customers as requested under Article 9(2)(a) GDPR and an implied consent cannot fulfill the provision’s requirement

processed on the basis of Article 6(1)(c) GDPR does not have the rights to erasure and objection contained in Article 17 and Article 21 GDPR respectively. This

in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 2/12 2016/679

information in accordance with Art. 15 (1) half-sentence 2 GDPR. According to Art. 4 No. 2 GDPR, processing also includes in particular the collection,

specified in Article 83 of the GDPR. 92. 92. Firstly, the restricted formation emphasises that, in this case, the criterion provided for in Article 83(2)(a) of

statement of the Debtor [Article 83 (2) (k) GDPR]; - the processing did not affect specific categories of personal data [Article 83 (2) GDPR paragraph (g)]; -

compliant with Articles 5 and 6 GDPR. According to Article 6 GDPR, when a controller did not rely on consent (Article 6(1)(a) GDPR), its processing should be

entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 6

violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account

Pursuant to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not

the GDPR does not apply established by the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR

integrality of the indictments. 2.2. Identification of the controller (Article 4.7 GDPR) 71. In accordance with Article 4.7 of the GDPR, the controller should be

data carried out through Yango app was contrary to Article 44 GDPR, Article 46 GDPR and Chapter V GDPR. Moreover, it found that the conditions set for the

Federation pursuant to Article 58(2)(f) of the General Data Protection Regulation. Pursuant to Article 58(2)(j) and Article 66(1) of the General Data Protection

publicly available on the Internet. However, it follows from Article 28(1) GDPR and Article 28(3)(f) GDPR that the data processor (in this instance Kombit A/S)

under Article 36 GDPR) regarding the compliance of the envisaged processing with the GDPR. According to the Commission, the legal basis was Article 6(1)(e)

around the processing of personal data subject to Article 10 GDPR. Pursuant to Article 6(1)(f) GDPR, the Privacy Appeals Board conducted a balancing test

dossier werden toegevoegd. 2. Motivering 2.1. De bevoegdheid van de Inspectiedienst en de Geschillenkamer en de omvang van het dossier 2.1.1. Het verzoek van

employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public bodies (the

approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved

lies', the conditions in Article 66 (1) GDPR for taking urgent measures are met. Since the conditions for Article 66(1) GDPR were met, the court did not

[The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or

to or instead of the measures referred to in Article 58(2)(a) to (h) and (j) [..)', Article 83(2) of the GDPR recognizes the power of the national supervisory

Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments

under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting

Section 1 Paragraph 1 and 2 DSG, Article 5 Letters a and c GDPR as well as Article 6 Paragraph 1 Letters c and f GDPR, as well as Article 1 Paragraph 3 Z 1 ZaDiG

the alert on the SIS system under Article 17(1)(d) GDPR. The reason for the data subject invoking the GDPR is that Article 53(1) Regulation (EU) 2018/1861

of a link to this information. This was a violation of Article 12. Based on Article 13(2)(a) GDPR and WP29 guidelines on transparency, the CNIL noted that

violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article

obtained from them, as required under Article 14(1)(a) AVG and Article 14(2)(c)(e) and point (f) AVG; c. article 12 j° article 14 AVG, in view of the defendant

the lack of security routines, thus breaching Article 32(1)(b) cf. Article 5 GDPR, Article 35 and Article 24(1), respectively. Teachers at two junior high

has a wider scope of applicability than Article 8 GRC (the latter only protects natural persons). As Article 16(2) TFEU leaves it to member states to grant

reasoned in accordance with Article 4(24) GDPR and, after conducting its own assessment of the factors under Article 83(2) GDPR, found that the proposed fine

the basis of article 6.1 e) GDPR read together with articles 5.2 GDPR and 24.1 GDPR. 3) Violation of Articles 12.1, 12.6, 13.1 and 13.2 GDPR: the Inspection

conferred by article 79(2) of the GDPR. This is the relevant provision for the purposes of para 3.1(20) of CPR Practice Direction 3B. Article 79(2) provides:

analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches

the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the

Human Rights. According to settled case-law, it follows from Article 1.2 and Article 59.2 of the Basic Law that there is an obligation to use the Human

of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision on the

Buchner, GDPR BDSG, 2nd edition 2018, Art. 5 GDPR marginal 8). Even if the data is “only” incorrect, the requirements of Article 17 (1) (d) GDPR can be met

The heading of Article 6(1) and the wording “has given” in Article 6(1)(a) support this interpretation. It follows logically from Article 6 and Recital

for more details. Article 2: Material scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal data

provided for in Article 2, h) of Directive 95/46/EC. In particular, under these new requirements, article 4, paragraph 11 of the GDPR requires that the

Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the

experience data under Article 17 GDPR. The credit reference agency refused, arguing a legitimate interest under Article 6(1)(f) GDPR. After the erasure request

60 of the GDPR does not apply the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR and 13 para

right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention

Decision Source: standards: Article 17(1) TEU 2016/679, Article 17(1)(a) TEU 2016/679, Article 17(1)(d) TEU 2016/679, Article 16 S 1 TEU 2016/679, § 4(1)

that the letter in question referred to Article 58(1)(a) of the GDPR and Article 5:16 in conjunction with Article 5:17 of the Awb does not make this any

an infringement of Article 5 (1) a), b) and c) and (2) of the GDPR and Article 24 (1) of the GDPR; and - an infringement of article 8 of the law of 21

this regard within the meaning of Article 2 (2) point d) GDPR. Whichcertain officials of the defendant under Article 5, §2 of the Second Ordinanceare appointed

After considering the objections in light of Article 4(24) GDPR and the factors outlined in Article 83(2) GDPR the EDPB instructed the DPC to impose an administrative

databases made available by the CNAM. 2.2.2. Nature of personal data 2.2.2.1. Pursuant to Article 5(1)(c) of the GDPR, the data processed must be relevant

reasoning of the Court of Appeal. Article 15 GDPR and the GDPR as such are applicable, even if the processing occurred before the GDPR came into force in 2018.

violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant

(VWA ./05, see point II.2), the XXXX (VWA ./06, see point II.2) and a certificate of representation (VWA ./07, see point II.2). I.2. As a result, the BA continued

condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant

(EU) 2016/679, p. 41. 2.2.2 Obligations relating to consent ('opt-in') (Articles 5, 6(1)(a) and 4(11) in conjunction with Article 7 of the Data Protection

information in accordance with Article 85(2) GDPR. The Court held that the provisions on the security of processing in Article 32 GDPR are not intended to limit

issued a reprimand (Article 58(2)(b) GDPR) to the controller for breach of those provisions and instructed (Article 58(2)(c) of the GDPR) it to satisfy the

invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium

pursuant to Article 17(2) DPA Act. 9. Moreover, as regards the one-stop-shop mechanism, Article 56 GDPR states: "Without prejudice to Article 55, the supervisory

by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit

is based on Article 9(2)(i) of the GDPR as mentioned above. 34. However, certain data referred to in the PIA are not mentioned in Article 2 of the draft

2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.

individuals complies with Article 14 of the GDPR. 2 On breaches in connection with the exercise of rights 28. Under Article 12 of the GDPR: "1. The controller

offence against privacy included in Article 197(1) of the Spanish Criminal Code, with the aggravating circumstance from Article 197(5) of being data related to

argue about the value in dispute of a request for information under Article 15 GDPR. The ArbG Düsseldorf (Düsseldorf Labour Court) had set the amount in

requirements of Article 9 GDPR. In the DSB held that the processing violated Articles 5, 6 and 9 GDPR: Consent under Articles 6(1)(a), 7 and 9(2)(a) GDPR cannot

data within the meaning of Article 4(2) in the course of proceedings under both Articles 77 and 78 of the GDPR. Article 4(2) refers to disclosure as a

fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "1

legal basis for their processing in article 6(1)(f) GDPR. However, according to article 17(1)(c) and article 21(1) GDPR, upon receiving an erasure request

listed in Article 2(3) of that directive and Article 2(2) of that regulation, apply. 62 In particular, it should be noted that Article 9 of the GDPR and Article

a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR.   The complainants are clients

the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep

security under Article 2(2)(a) GDPR. The GDPR will not apply if the activity of the controller falls outside the scope of Union Law under Article 2(2)(a). The

applied Article 9(2)(a) GDPR, according to which the data subject could have voluntarily disclosed their health data defined in Article 4(15) GDPR to the

out in Article 14(5)(a) and Article 14(5)(c) GDPR. The DPA rejected the controller's views as it argued that the exceptions in Article 14(5) GDPR should

meaning of Article 5(3) and Article 2(f) of Directive 2002/58/EC, as amended by Article 2(5) of Directive 2009/136/EC, in conjunction with Article 2(h) of Directive

street. The DPA was allowed to issue a reprimand, Art. 58(2)(b) GDPR. On the basis of Art. 58(2)(f) GDPR, the DPA was not entitled to order the removal of camera

publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA

11, 148, 150, and Article 5, Chapter IV and Article 83. 4 2.8 Chapter IV, Section 2 addresses security of personal data. Article 32 GDPR provides: 1. Taking

the type of data) are: Article 9(2)(h) GDPR (necessary for the purposes of preventive or occupational medicine); Article 9(2)(i) GDPR (for reasons of public

requirements of the GDPR; Because from Recital 171 Sentence 2 GDPR, from Art. 4 No. 2 GDPR and Art. 24 Para. 1, in particular Sentence 2 GDPR, the obligation

analyse the criteria set out in Article 83.2 of the GDPR. 61. As regards the nature and seriousness of the breach (Article 83(2)(a) of the RGPD), it points

requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data

data subject argued that Article 5,13 and 14 LED (the roughly equivalent GDPR articles would be Article 5(1)(e), 13 and 15 GDPR) do not permit the police

Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG, le règlement s'applique

relation to contraventions of the UK-GDPR, section 168 DPA 2018 provides that "non-material damage" in Article 82 GDPR includes distress. In relation to breaches

breach of Article 13 (2) of the GDPR. 43. Consequently, the restricted panel considers that the company has committed a breach of Article 13 of the GDPR. It

breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the

the Austrian DPA pursuant to Article 55(1) GDPR. However, the DPA further considered the exception of Article 55(2) GDPR which states that local DPA's

of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2. a)

of the GDPR? Does unintenional disclosure (via a breach) to a third party constitute unlawful further processing as per Article 2(1), 5(1)(f), 6(2) and Article

and the lack of control by Vodafone on that; - A € 2 000 000 fine for the infringement of Article 44 GDPR: due to the carrying out of international transfers

Failure to ensure data protection by default (Article 25(2) GDPR) The DPA also found a violation of Article 25(2) GDPR regarding the controllers “X” icon at the

data 9 2.1.1 Factual findings 9 2.1.2Legal assessment 9 2.2 Controller and processor(s) 10 2.2.1 Factual findings 10 2.2.2Legal assessment 12 2.3Security

based on Article 17 GDPR and/or Article 21 GDPR. In this case this does not apply. Applicant bases his request on Article 10 GDPR. The goal of article 10 was

requests for information according to Article 15(1) GDPR. The ‘Business secrecy’ exception only applied to Article 15(4) GDPR, where a data subject would request

disregarded the provisions of Article 5-1 e) of the GDPR. C. On the breach of the obligation to inform people 65. Article 13 of the GDPR requires the data controller

compelling reasons within the meaning of Article 9 of the protocol on monitoring systems. That article reads as follows: "Article 9 Articles 05 to 08 do not affect

the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision

infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been

proceedings. 3.2.2 art. 79(1) GDPR provides that any data subject has the right to an effective remedy if they consider that their rights under the GDPR have been

in accordance to Article 4(23) GDPR. According to the AEPD, there are other concerned DPAs in this case, as defined in Article 4(22) GDPR: Spain, Belgium

Authority. II.5.2. Established infringement of Article 5(1)(a) j° Article 6(1)(f) and Article 12(2) GDPR in conjunction with Article 17 (1) GDPR. II.5.2.1. Administrative

out in Article 6 (1) of the GDPR In addition, there is a circumstance within the meaning of Article 9 (2) of the GDPR. (45) Article 9 (2) of the GDPR does

processing (Article 18 GDPR), right to data portability (Article 20 GDPR) and right to object (Article 21 GDPR). The right to information under Art. 15 GDPR cannot