Search results
From GDPRhub
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)out pursuant to Article 83(1) GDPR. This part of Article 83 concerns the principle of "unity of action" (see above). With Article 83(3) GDPR, the legislator55 KB (7,622 words) - 14:04, 7 November 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- VDAI - VDAI vs VĮ Registrų centras (category Article 83(2)(a) GDPR)measures to ensure a level of security commensurate with the risks, in breach of Article 32 (1) (b) and (c) BDAR and Article 83 (2) (a), (d) and The factors8 KB (999 words) - 09:16, 17 November 2023
- HDPA (Greece) - 20/2022 (category Article 83(2)(a) GDPR)object (Article 21 GDPR) and the right to erasure (Article 17 GDPR) of data subjects. Therefore the controller was not found in breach of Article 25(2) GDPR16 KB (2,374 words) - 11:46, 18 August 2022
- AEPD (Spain) - PS/00461/2019 (category Article 83(2)(a) GDPR)the Spanish DPA imposed a €3000 fine on the defendant and stated he has to comply with Article 5(1)(c) and Article 83(2)(a)(b) GDPR. Share your comments here15 KB (2,366 words) - 14:41, 13 December 2023
- AEPD (Spain) - PS/00192/2022 (category Article 83(2)(a) GDPR)fact that Article 4(2) GDPR includes "transmission" and "dissemination" in the definition of processing means that publishing a recording of a person's15 KB (2,257 words) - 13:02, 13 December 2023
- VDAI (Lithuania) - VDAI vs UAB Prime Leasing (category Article 83(2)(a) GDPR)data. Hence, it considered Article 32(1)(a), Article 32(1)(b), Article 32(1)(d) GDPR to be breached. Pursuant to Article 82(2) GDPR, the DPA took several aggravating37 KB (4,319 words) - 09:20, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 83(2)(a) GDPR)such processing to be legitimate on the basis of Article 9 (2) (B) GDPR in conjunction with Article 32 GDPR" (see note cited, p. 4) (see footnote cit., p33 KB (5,342 words) - 15:52, 6 December 2023
- NAIH (Hungary) - NAIH/2020/34/3 (category Article 83(2)(a) GDPR)complainant's Article 15 entitlements were aggravating factors in deciding the amount of the fine issued to the respondent, on the basis of GDPR Articles 83(2)(a)48 KB (7,727 words) - 10:11, 17 November 2023
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 83 GDPR)reasoned in accordance with Article 4(24) GDPR and, after conducting its own assessment of the factors under Article 83(2) GDPR, found that the proposed fine53 KB (8,413 words) - 14:10, 30 January 2023
- HDPA (Greece) - 18/2020 (category Article 83(2) GDPR)accountability by article.5 par.2 GDPR, i.e. it violated fundamental principles of the GDPR on the protection of personal data. 8. As a consequence of the12 KB (1,733 words) - 15:34, 6 December 2023
- AEPD (Spain) - EXP202203969 (category Article 83(5)(a) GDPR)sanctions HOLALUZ-CLIDOM, S.A. with NIF A65445033, for a violation of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR, a fine of 70,000 euros (seventy45 KB (7,135 words) - 13:08, 13 December 2023
- APD/GBA (Belgium) - 75/2023 (category Article 12(2) GDPR)violation of Article 5 (1) (a) and (2) and Article 6 (1) GDPR; and that 2. there is a violation of article 12, paragraph 1, paragraph 2 and paragraph 3, article77 KB (11,604 words) - 08:55, 29 June 2023
- AEPD (Spain) - PS/00080/2022 (category Article 83(2)(a) GDPR)circumstances in relation to Article 5 and Articles 32 and 33 GDPR. First, there was the duration of the infringement under Article 83(2)(a) GDPR; second, there was47 KB (7,265 words) - 10:05, 21 July 2022
- BVwG - W211 2210458-1/10 (category Article 83(2)(f) GDPR)para. 1 lit. a and c as well as Art. 6 para. 1 of the GDPR. To 2): c) Article 50b (2) DSG 2000 (for the period prior to 25 May 2018) (d) Article 13(3) DSG92 KB (15,435 words) - 16:00, 22 March 2022
- AEPD (Spain) - PS/00312/2023 (category Article 83(2)(a) GDPR)14/19 Regarding section k) of article 83.2 of the GDPR, the LOPDGDD, article 76, “Sanctions and corrective measures” provides: "2. In accordance with the provisions55 KB (8,605 words) - 17:18, 30 August 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)of the legal bases in Article 6 (1) and an additional criterion under Article 9 (2) of the GDPR apply. Article 9 (2) of the GDPR does not contain an exception72 KB (11,159 words) - 10:09, 17 November 2023
- AEPD (Spain) - PS/00069/2020 (category Article 83(2)(k) GDPR)the processing of personal data (83 (2) (k) GDPR); the fact that basic personal identifiers are affected (83 (2) (g) GDPR); the intentionality or negligence20 KB (3,066 words) - 13:55, 13 December 2023
- AEPD (Spain) - PS/00292/2019 (category Article 83(2)(b) GDPR)that the action was intentional (Article 83(2)(b) GDPR), and that the personal data are sensitive (Article 83(2)(g) GDPR). Share your comments here! Share4 KB (355 words) - 14:26, 13 December 2023
- AEPD (Spain) - PS/00060/2020 (category Article 83(2)(e) GDPR)respect to section 83.2 (k) of the RGPD, the LOPDGDD, section 76, "Sanctions and corrective measures," he says: "In accordance with Article 83(2)(k) of the Regulation23 KB (3,695 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00449/2019 (category Article 83(2)(b) GDPR)action (Article 83.2 b) Basic personal identifiers (name, surname, address) are affected, according to Article 83(2)(g) VII Furthermore, Article 83.7 of the19 KB (2,862 words) - 14:43, 13 December 2023
- AEPD (Spain) - PS/00320/2020 (category Article 83(2)(f) GDPR)and mitigate its effects (article 83.2.f, of the RGPD) -Basic personal identifiers (name, surname, address, D.N.I.) (article 83.2 g). Therefore, in accordance18 KB (2,736 words) - 14:28, 13 December 2023
- AEPD (Spain) - PS/00010/2020 (category Article 83(2)(b) GDPR)regard to article 83.2 (k) of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k) of22 KB (3,523 words) - 13:45, 13 December 2023
- AEPD (Spain) - PS/00220/2020 (category Article 83(2)(b) GDPR)significant negligent action (Article 83(2)(b) GDPR) and that basic personal identifiers were affected (Article 83(2)(g) GDPR). The economic volume of the28 KB (4,295 words) - 14:11, 13 December 2023
- AEPD (Spain) - PS/00322/2020 (category Article 83(2)(b) GDPR)signifies cativa (article 83.2 b) Basic personal identifiers are affected (name, surname, two, domicile), according to article 83.2 g) Therefore, based26 KB (3,840 words) - 14:28, 13 December 2023
- AEPD (Spain) - PS/00200/2020 (category Article 83(2)(b) GDPR)punishable under Article 83(4)(a) GDPR. Assessing the circumstances that modify the responsibility contemplated in Article 83(2) GDPR, in this case, the30 KB (4,833 words) - 14:10, 13 December 2023
- AEPD (Spain) - PS/00348/2020 (category Article 83(2)(b) GDPR)the infringement - Article 83(2)(b) - and the fact that the infringement involved the “basic identifiers” of the claimant - Article 83(2)(g) - to be aggravating38 KB (5,648 words) - 14:31, 13 December 2023
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)with the principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of61 KB (10,257 words) - 10:15, 1 November 2023
- AEPD (Spain) - PS/00266/2019 (category Article 83(2)(e) GDPR)infractions (83.2 e) RGPD). - She has not obtained direct benefits (83.2 k) RGPD and 76.2.c) LOPDGDD). - The Respondent is not considered a large company28 KB (4,459 words) - 14:23, 13 December 2023
- Datatilsynet (Denmark) - 2022-63-0003 (category Article 83(2) GDPR)DPA assessed the appropriate sanctions in accordance with Article 83(2) GDPR and suggested a fine of approximately €67,000 (DKK 500,000). The DPA in Denmark6 KB (769 words) - 08:12, 3 August 2022
- HDPA (Greece) - 43/2019 (category Article 83(2) GDPR)the GDPR within 1 month starting from the receipt of this decision; c)ordered the company comply with the Article 5(1)(a) GDPR and Article 5(2) GDPR, as5 KB (459 words) - 15:39, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445550 (category Article 83(2) GDPR)amount of the fine under Article 83(2) GDPR. The data subjects complains about the violation of its right of access (Article 15 GDPR) by the Istituto Nazionale22 KB (3,478 words) - 15:51, 6 December 2023
- AP (The Netherlands) - 09.04.2021 (category Article 83(2) GDPR)an infringement of Article 12(1) of the GDPR, pursuant to Article 58(2)(i) and Article 83(5) GDPR, read in conjunction with Article 14(3) of the Dutch12 KB (1,616 words) - 17:08, 12 December 2023
- LfDI (Baden-Württemberg) - O 1018/115 (category Article 83(2) GDPR)framework for fines can be found in Art. 83 (4) DSGVO, which provides for a fine of up to 10 million euros or 2% of the turnover of the previous fiscal13 KB (1,926 words) - 10:22, 17 November 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 83(2) GDPR)Under the conditions set out in Article 15 (1) and (3) of the GDPR, thereby infringing the GDPR Article 25 (1). III.3.2. Designed to handle requests to60 KB (9,820 words) - 10:08, 17 November 2023
- AEPD (Spain) - PS/00273/2019 (category Article 83(2) GDPR)the RGPD, when proceed, in a certain manner and within a specified period - Article 58. 2 d)-. In accordance with Article 83(2) of the RGPD, the measure16 KB (2,359 words) - 14:24, 13 December 2023
- BAC (Bulgaria) - 2606/2021 (category Article 83(2) GDPR)CPDP issued NRA an order under Article 58(2)(d) supra Article 57(1)(a) and Article 83(2)(a), (c), (d), (f) and (g) of the GDPR for undertaking suitable technical13 KB (1,761 words) - 09:58, 14 December 2023
- AEPD (Spain) - EXP202205353 (category Article 5(1)(f) GDPR)the alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement22 KB (3,386 words) - 16:05, 13 December 2023
- AEPD (Spain) - PS/00090/2020 (category Article 83(2) GDPR)by Article 83.2 of the RGPD, and with the provisions of Article 76 of the LOPDGDD, with respect to paragraph k) of the aforementioned Article 83.2 RGPD16 KB (2,462 words) - 13:58, 13 December 2023
- AEPD (Spain) - PS/00278/2019 (category Article 83(2) GDPR)contemplated in article 83.2 of the GDPR, with respect to the infraction committed by violating that established in article 6.1 of the GDPR allows for a sanction23 KB (3,672 words) - 14:25, 13 December 2023
- AEPD (Spain) - PS/00369/2019 (category Article 83(2) GDPR)are established in Article 58.2 of the RGPD.2(b), the power to impose an administrative fine under Article 83 of the GDPR - Article 58(2)(i), or the power28 KB (4,371 words) - 14:33, 13 December 2023
- AEPD (Spain) - PS/00324/2020 (category Article 83(2) GDPR)initiate a sanctioning procedure in accordance with Article 83(5)(a) GDPR against the defendant for alleged infringement of Article 5(1)(f) GDPR. Does the25 KB (3,670 words) - 14:28, 13 December 2023
- AEPD (Spain) - PS/00139/2020 (category Article 83(2) GDPR)unintentional but significant negligent action (article 83.2 b) Basic personal identifiers are affected, according to 83.2g) C/ Jorge Juan, 6 www.aepd.es 28001 -20 KB (3,086 words) - 14:04, 13 December 2023
- AEPD (Spain) - PS/00209/2019 (category Article 83(2) GDPR)imposed, taking into account the¬ relevant circumstances set out in Article 83.2 of the GDPR:(a) processing of the complainant’s data has been carried out locally;(b)26 KB (4,212 words) - 14:10, 13 December 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 65(1)(a) GDPR)infringements of Article 5(1)(f), Article 24, and Article 32 GDPR, and to the objection of the IT SA on the possible infringement of Article 5(2) GDPR, the EDPB183 KB (30,819 words) - 09:50, 20 January 2023
- AEPD (Spain) - PS/00448/2020 (category Article 5(1)(f) GDPR)complainant, Article 83(2)(h) GDPR - The existence of a prior complaint. Aggravating factors in accordance with Article 72(2)(a) & (b) LOPDGDD and Article 83(2)(k)45 KB (7,217 words) - 14:40, 13 December 2023
- AEPD (Spain) - PS/00117/2022 (category Article 83(2) GDPR)” Regarding section k) of article 83.2 of the RGPD, the LOPDGDD, article 76, “Sanctions and corrective measures” provides: "2. In accordance with the provisions30 KB (4,623 words) - 12:58, 13 December 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 83 GDPR)reasoned in accordance with Article 4(24) GDPR and, after conducting its own assessment of the factors under Article 83(2) GDPR, found that the proposed fine468 KB (51,340 words) - 14:10, 30 January 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 24(2) GDPR)for the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft276 KB (38,206 words) - 09:46, 20 January 2023
- Datatilsynet (Norway) - 20/02191 (category Article 83(2) GDPR)categories of data, cf. Article 32(1)(b) GDPR, Article 32(1)(d), Article 24 and Article 35, cf. Article 5. In May 2019, a municipality reported a personal data breach38 KB (5,967 words) - 11:48, 7 May 2022
- UODO (Poland) - ZSZZS.440.768.2018 (category Article 83(2) GDPR)connection with Article 5 paragraph 1 point c, Article 9 paragraph 1, Article 58 paragraph 2 point f, point g and point i and with Article 83 paragraph 2 and 3,32 KB (5,139 words) - 10:02, 17 November 2023
- AEPD (Spain) - PS/00438/2019 (category Article 6(1)(a) GDPR)imposed a fine of €10000 aggravated by article 83(2)(b) GDPR (intentional or negligent character of the infringement) and article 83(2)(k) GDPR in relation3 KB (335 words) - 14:40, 13 December 2023
- AEPD (Spain) - EXP202100897 (category Article 83(2) GDPR)the processing (Article 21(1) GDPR). Finally, the DPA fined the controller €12,000 for a violation of Article 6(1) GDPR due to the lack of a valid legal basis72 KB (11,671 words) - 13:34, 13 December 2023
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- UODO (Poland) - DKE.561.11.2020 (category Article 83(2) GDPR)of Laws of 2019, item 1781) and Article 57(1)(a), Article 83(1)-(2) and Article 83(6) in connection with Article 58(2)(e) and (i) of the Regulation of46 KB (7,322 words) - 09:51, 17 November 2023
- AEPD (Spain) - EXP202105693 (category Article 83(2) GDPR)against the controller. Based on Article 72(1)(b) of the national data protection law, and Articles 83(1) and 83(2) GDPR, the DPA considered aggravating49 KB (7,579 words) - 13:15, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 83(2) GDPR)regarding the violation of Article 15(1)(b) and (c). In accordance with Article 58(2) and Article 83(2), the DPA fined Company A €1,500. Since the company76 KB (11,147 words) - 16:58, 6 December 2023
- AEPD (Spain) - EXP202202837 (category Article 83(2) GDPR)relation to Article 6(1)(a) GDPR since the consent could not be considered valid. Finally, the DPA applied two aggravating circumstances of Article 83(2) GDPR:58 KB (8,995 words) - 13:00, 13 December 2023
- UODO (Poland) - DKN.5131.5.2020 (category Article 83(2) GDPR)1 lit. a), art. 58 sec. 2 lit. i), art. 83 sec. 1-3 and art. 83 sec. 4 lit. a) in connection with art. 33 paragraph. 1 and art. 34 sec. 1 and 2 of the47 KB (7,608 words) - 10:00, 17 November 2023
- AEPD (Spain) - EXP202204492 (category Article 6(1) GDPR)2 of the GDPR, and with the provisions of article 76 of the LOPDGDD, with respect to section k) of the aforementioned article 83.2 GDPR. Article 83.2 of26 KB (3,867 words) - 10:44, 13 December 2023
- LG Bonn - 29 OWi 1/20 (category Article 83(2) GDPR)states that the party concerned violated Article 83(4)(a) GDPR in conjunction with [Article 32(1) GDPR. Article 32 (1) GDPRby failing, at least with gross58 KB (9,577 words) - 08:06, 16 September 2021
- required under the GDPR (e.g. from a security perspective under Article 32 GDPR or as a means of data minimisation under Article 5(1)(c) GDPR) can get confused125 KB (16,328 words) - 16:01, 8 March 2024
- AEPD (Spain) - PS/00135/2020 (category Article 83(2) GDPR)referred to in Article 83(2) of the RGPD, with with regard to the infringement committed in breach of the provisions of Article 13 thereof allows set a penalty47 KB (7,756 words) - 14:04, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9529527 (category Article 83(2) GDPR)health of a large number of data subjects, i.e. all the patients of the Company itself (Article 4(1), no. 15 of the Regulation and Article 83(2)(a) and (g)55 KB (8,833 words) - 15:54, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 39(1)(a) GDPR)analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches66 KB (9,458 words) - 19:42, 4 September 2021
- NAIH (Hungary) - NAIH-175-12/2022 (category Article 9(2)(a) GDPR)of personal data under Article 9(1) GDPR, explicit consent (Article 9(2)(a) GDPR) would have been necessary for part of the processing operations. In addition112 KB (17,918 words) - 08:55, 24 March 2022
- Garante per la protezione dei dati personali (Italy) - 9779057 (category Article 83(2) GDPR)for detecting information on the health of a few hundred data subjects (Article 83, paragraph 2, letters a) and g) of the Regulation); from the point of63 KB (9,916 words) - 11:28, 16 August 2022
- AEPD (Spain) - PS/00249/2020 (category Article 83(5)(a) GDPR)negligent action (Article 83(2)(b) GDPR) and that basic identifiers such as name, surname, and address are affected (Article 83(2)(g) GDPR), including also20 KB (3,097 words) - 14:22, 13 December 2023
- AEPD (Spain) - EXP202104873 (category Article 83(5) GDPR)for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned24 KB (3,512 words) - 10:43, 13 December 2023
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)SOLUCIONES ENERGÉTICAS, S.A., with NIF A85818797, for a violation of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR, a fine of 50,000 euros (fifty26 KB (4,147 words) - 13:27, 13 December 2023
- AEPD (Spain) - PS/00405/2019 (category Article 6(1) GDPR)significant (Article 83(2)(b) GDPR). - basic personal identifiers were affected (name, identification number, the line identifier) (Article 83(2)(g) GDPR). The24 KB (3,887 words) - 14:34, 13 December 2023
- UODO (Poland) - DKN.5130.1354.2020 (category Article 83(2) GDPR)expressed in Article 5 (1 ) (a)) f, and reflected in the obligations set out in Article 24 (1), Article 25 (1), Article 32 (1 ) (b ) and (d) and Article 32 (2)74 KB (11,513 words) - 09:58, 17 November 2023
- AEPD (Spain) - EXP202204881 (category Article 6(1) GDPR)section 2 of said article. 2. In accordance with the provisions of article 83.2.k) of Regulation (EU) 2016/679 may also be taken into account: a) The continuing55 KB (9,017 words) - 10:46, 13 December 2023
- Article 32 GDPR (category GDPR Articles) (section (2) Certain risks must always be taken into account)Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)information”, article 83.2 f) of the GDPR. (IV) "The non-existence of benefits obtained through the infringement", article 83.2 k) of the GDPR and 76.2 c) of the49 KB (7,973 words) - 13:25, 13 December 2023
- Personvernnemnda (Norway) - PVN-2022-22 (category Article 83(2) GDPR)elements in Article 83 The Norwegian Data Protection Authority has not sufficiently taken into account all relevant factors in Article 83 No. 2. The infringement91 KB (14,440 words) - 10:06, 17 November 2023
- NAIH (Hungary) - NAIH/2020/32/4 (category Article 5(1) GDPR)According to Article 83(2) GDPR, administrative fines should be imposed in addition to or instead of the measures referred to in Article 58(2)(a) to (h) and75 KB (12,586 words) - 10:10, 17 November 2023
- BVwG - W298 2269087-1 (category Article 83 GDPR)penalty, are as follows: Article 83 paragraph 1, 2 and 5 lit. a GDPR:Article 83, paragraph ,, 2 and 5 lit. a, GDPR: "Article 83 General conditions for imposing52 KB (8,464 words) - 11:50, 26 July 2023
- AEPD (Spain) - PS/00275/2019 (category Article 83(5) GDPR)contemplated in Article 83.2 of the GDPR, with respect to the infringement committed by violating the provisions of Article 5.1.f) of the GDPR, allows for a sanction21 KB (3,335 words) - 14:25, 13 December 2023
- suggest the existence of a penalty for conduct under Article 83 GDPR should not be seen to preclude a further penalty under Article 84 GDPR. For example, in19 KB (1,477 words) - 14:12, 7 November 2023
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)elements provided for in Article 83.2 of the GDPR: As to the nature and seriousness of the violation (article 83.2.a) of the GDPR), the Restricted Training52 KB (7,520 words) - 13:13, 20 July 2021
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- AEPD (Spain) - PS/00001/2021 (category Article 5(2) GDPR)for the violation of Article 5(1)(f) GDPR and Article 5(2) GDPR. The AEPD considered that the fine was proportional, since the GDPR establishes that fines270 KB (43,335 words) - 12:39, 13 December 2023
- Persónuvernd (Island) - 2022020363 (category Article 83(2) GDPR)administrative fine in the amount of 2,000,000 ISK on the controller under Article 83(2)(a) GDPR and Article 83(2)(g) GDPR. This is just one of five decisions142 KB (22,881 words) - 12:42, 16 January 2024
- Article 7 GDPR (category GDPR Articles) (section (2) Consent request in the context of a written declaration concerning other matters)accountability in Article 5(2) GDPR, paragraph (2) specifies further requirements in the general principle of transparency under Article 5(1)(a) GDPR, paragraph31 KB (3,489 words) - 16:00, 8 March 2024
- AEPD (Spain) - EXP202200471 (category Article 5(1)(f) GDPR)contemplated in article 83.2 of the GDPR and the Article 76.2 of the LOPDGDD, with respect to the offense committed by violating the established in article 5.1.f)40 KB (6,014 words) - 13:21, 13 December 2023
- AEPD (Spain) - PS/00003/2020 (category Article 83(5) GDPR)to the complaint (Article 83 (2) (f) GDPR), not linking the activity of the offender to the processing of personal data (Article 76 (2) (b) LOPDGD), the50 KB (7,524 words) - 13:44, 13 December 2023
- carries out a Data Protection Impact Assessment (Article 35 GDPR) or if a prior consultation before a DPA is needed under Article 36 GDPR. As a result, "the72 KB (9,140 words) - 13:12, 2 June 2023
- Regulation’s sanctions framework through Article 83(4) GDPR. Article 83(4) GDPR provides that the infringement of Article 31 GDPR may be subject to administrative22 KB (2,042 words) - 14:29, 20 November 2023
- AEPD (Spain) - EXP202205820 (category Article 6 GDPR)section 2 of said article. 2. In accordance with the provisions of article 83.2.k) of Regulation (EU) 2016/679 may also be taken into account: a) The continuing61 KB (9,700 words) - 13:21, 13 December 2023
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)particular case". According to the provisions of article 83.2 of the GDPR, the measure provided for in article 58.2.d) of the aforementioned Regulation is compatible74 KB (11,726 words) - 13:02, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9435753 (category Article 83(2) GDPR)Wind Tre had violated the following articles of the GDPR: Articles 5(1), 5(2), 6(1)(a), 7, 12(1), 12(2), 24 and 25. It subsequently fined Wind Tre 16,729129 KB (21,020 words) - 15:49, 6 December 2023
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)particular". According to the provisions of article 83.2 of the GDPR, the measure provided for in article 58.2.d) of the aforementioned Regulation is compatible75 KB (12,421 words) - 13:23, 13 December 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)However, a controller may incur a fine if it wrongfully relies on that exception, in accordance with Article 83(5) GDPR. A controller subject to a restriction32 KB (3,730 words) - 08:43, 7 March 2024
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 58(2) GDPR)analyzes the criteria set by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches56 KB (8,326 words) - 16:57, 6 December 2023
- AEPD (Spain) - EXP202305050 (category Article 58(1) GDPR)QUALITY-PROVIDER S.A., with NIF A87407243, for a infringement of Article 58.1 of the GDPR, typified in Article 83.5 of the GDPR, a fine of 20,000.00 euros57 KB (9,217 words) - 10:44, 13 December 2023
- Article 33 GDPR (category GDPR Articles) (section (2) Processor's notification in the event of a personal data breach)Regulation (GDPR): A Commentary, Article 33 GDPR, p. 642-643 (Oxford University Press 2020). According to Bensoussan, the drafting of Article 33 GDPR drew inspiration54 KB (6,536 words) - 08:22, 16 June 2023
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(a) GDPR)The Privacy Appeals Board assessed if a fine could be imposed as per Article 83(5) GDPR, cf. Article 83(2) GDPR, and in which case, how large it should31 KB (5,018 words) - 18:44, 5 March 2022
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(a) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))pursuant to Article 17(2) DPA Act. 9. Moreover, as regards the one-stop-shop mechanism, Article 56 GDPR states: "Without prejudice to Article 55, the supervisory429 KB (58,279 words) - 09:12, 2 November 2022
- AEPD (Spain) - PS/00209/2021 (category Article 83(2)(b) GDPR)with the criteria established in Article 83(2)(b) GDPR: negligent character of the infringement, and Article 83(2)(g) GDPR: categories of personal data affected19 KB (2,809 words) - 09:21, 1 September 2021
- AEPD (Spain) - PS/00239/2022 (category Article 15 GDPR)of the article 15 of the GDPR, typified in article 83.5 of the GDPR, with a fine of €10,000 (ten thousand euros), and for a violation of article 17 of the60 KB (9,630 words) - 12:34, 13 December 2023
- AEPD (Spain) - EXP202206542 (category Article 5(1) GDPR)***NIF.1, in accordance with article 58.2.d) of the GDPR, for a violation of article 13 of the GDPR typified in article 83.5.b) of the aforementioned Regulation24 KB (3,749 words) - 13:19, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public bodies (the joint controllers)96 KB (13,984 words) - 16:57, 6 December 2023
- AEPD (Spain) - EXP202206805 (category Article 83(2)(c) GDPR)criteria established in section 2 of the aforementioned article. 2. In accordance with the provisions of article 83.2.k) of Regulation (EU) 2016/679 may37 KB (5,879 words) - 07:09, 4 October 2023
- UODO (Poland) - ZSOŚS.421.25.2019 (category Article 83(2) GDPR)32 sec. 2, art. 38 sec. 1, art. 39 sec. 1 lit. b and art. 39 sec. 2, art. 30 sec. 1 lit. d, as well as art. 83 sec. 1 - 3, art. 83 sec. 4 letter a and art156 KB (25,012 words) - 10:01, 17 November 2023
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)RESOLVES: FIRST: IMPOSE A.A.A., with NIF ***NIF.1, for a violation of article 6 of the GDPR, typified in article 83.5 of the GDPR, a fine of €10,000 (ten22 KB (3,427 words) - 13:26, 13 December 2023
- different functions, a permissive function (Article 88(1) GDPR) and a conditional function (Article 88(2) GDPR). While Article 88(2) GDPR determines the scope32 KB (3,228 words) - 13:32, 30 November 2023
- APD/GBA (Belgium) - 81/2020 (category Article 5(2) GDPR)do so (Article 15.1 combined with Article 12.3. of GDPR as well as Article 12.2. of the GDPR (obligation to facilitate the exercise of rights) - a breach127 KB (21,484 words) - 17:01, 12 December 2023
- AEPD (Spain) - PS-00563-2022 (category Article 83(2) GDPR)concluded that a fine of €2,000 be set for the infringement of Article 13 GDPR as defined in Article 83(5) GDPR. Pursuant to Article 58(2)(d) GDPR the Spanish8 KB (1,017 words) - 09:54, 18 January 2024
- ВАС - № 6759 (category Article 83(2) GDPR)had been no violation of Article 32(4) GDPR, and in the alternative, that: in accordance with the provisions of Article 83(2) GDPR, the BGN 1500 fine should7 KB (822 words) - 10:09, 16 August 2021
- HDPA (Greece) - 30/2020 (category Article 2(2)(c) GDPR)(Articles 58(2)(i) GDPR) & 83 GDPR) and, after having taken into consideration Article 83(2) GDPR's fine measuring principles and ARTICLE 29 Data Protection20 KB (2,519 words) - 15:36, 6 December 2023
- DSB (Austria) - 2021-0.518.795 (category Article 83(2)(b) GDPR)Administrative offense (s) after: Article 5 (1) (a), Article 9 (1) and (2) in conjunction with Article 83 (1) and (5) (a) GDPR, OJ L 2016/119, 1 as amended29 KB (4,581 words) - 10:13, 10 March 2022
- Persónuvernd - 2020010382 (category Article 83(2)(c) GDPR)the principles found in Article 5 GDPR, in this case Article 5(1)(f) GDPR. In addition, Persónuvernd highlighted Article 32 GDPR as operationalising the26 KB (4,190 words) - 13:08, 11 March 2020
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 13(2)(a) GDPR)Training refers to it in point 64, as well as in Chapter II.2, Section 2.2 of this decision. 2.2 Regarding the requirement to provide information in an "easily82 KB (11,472 words) - 16:58, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 36FR/2021 (category Article 83(2) GDPR)course of the audit proceeding to remedy the breaches of Article 38(1) GDPR and Article 39(1)(b) GDPR. The CNPD noted however that these measures were taken8 KB (868 words) - 07:39, 12 November 2021
- Garante per la protezione dei dati personali (Italy) - 9994882 (category Article 83(2)(e) GDPR)elements according to Article 83 GDPR, the DPA imposed a fine in the amount of €18,000 for a violation of Article 5, 9, 32 GPDR and Article 157 of the Italian44 KB (6,958 words) - 13:31, 23 April 2024
- DSB (Austria) - DSB 2023-0.404.421 (category Article 83(2)(b) GDPR)limitation of Article 5(1)(b) GDPR and against the provisions of Article 5(1)(a) GDPR and Article 6(1)(f) GDPR in conjunction with Article 6(4) GDPR. Further40 KB (6,348 words) - 09:05, 16 November 2023
- APD/GBA (Belgium) - 07/2024 (category Article 5(1)(c) GDPR)the GDPR: i. Articles 5.1.a) and 5.2, as well as Article 6.1 GDPR; ii. Articles 12.1 and 12.2, Article 15.1, Article 5.2, Article 24.1, and Article 25.1350 KB (51,369 words) - 09:25, 31 January 2024
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)analyse the criteria set out in Article 83.2 of the GDPR. 61. As regards the nature and seriousness of the breach (Article 83(2)(a) of the RGPD), it points out55 KB (9,079 words) - 16:57, 6 December 2023
- DSB (Austria) - 2023-0.789.858 (category Article 83(2)(b) GDPR)accordance with Article 83 of the GDPR: Due to this administrative violation, the following penalty is imposed in accordance with Article 83 of the GDPR: Fine of57 KB (9,442 words) - 08:55, 17 January 2024
- leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- DPC (Ireland) - Inquiry into Airbnb Ireland UC - 28 September 2023 (category Article 58(2)(d) GDPR)infringements of Article 5(1)(c), Article 5(1)(e) and Article 6(1)(f) the DPC issued a reprimand to Airbnb pursuant to Article 58(2)(b) of the GDPR. In addition17 KB (2,411 words) - 09:25, 27 November 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 38(2) GDPR)Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg public entity81 KB (11,895 words) - 16:58, 6 December 2023
- HDPA (Greece) - 12/2021 (category Article 83(2) GDPR)the processing of personal data in accordance with art. 4 item 2 of the GCC. 2. Article 5 of the GPA sets out the processing principles governing processing18 KB (2,578 words) - 09:51, 12 May 2021
- DVI (Latvia) - SIA "Fitsypro" (category Article 83(2) GDPR)on FPDAL Article 5, Part One, Clause 2, Article 23, GDPR Article 58, Clause 2, subparagraph i), AAL, Article 115, Part One, Clause 4, Article 151 Paragraph29 KB (4,404 words) - 07:53, 23 August 2023
- AEPD (Spain) - PS/00235/2019 (category Article 6(1)(a) GDPR)infringed Articles 6.1 (a) and 5.1 (a) of the GDPR, in breach of Articles (a) and (a) of the GDPR¬, in accordance with Article 71 (1) (a) and (b) respectively24 KB (4,074 words) - 14:21, 13 December 2023
- ВАС - 6307/27.06.2022 (category Article 83(2) GDPR)Articles 24 and 25 GDPR. The Bulgarian Data Protection Authority (CPDP) found a breach of Article 5(1)(a) GDPR and Article 5(1)(f) GDPR since the personal19 KB (2,875 words) - 10:08, 22 November 2022
- Tietosuojavaltuutetun toimisto (Finland) - 10587/161/21 (category Article 83(2) GDPR)provide an explanation, or raise issues under Article 83(2) GDPR that the DPA would assess when imposing a fine. On 31 January 2022, the controller replied24 KB (3,719 words) - 15:57, 1 June 2022
- AEPD (Spain) - EXP202202898 (category Article 6(1) GDPR)S.L., with NIF B67421867, for a infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR, with a a fine of 30,000 euros (thirty thousand34 KB (5,358 words) - 13:16, 13 December 2023
- AG Hamburg-Bergedorf - 410d C 197/20 (category Article 83(2) GDPR)violated Article 6(1) GDPR. However, this violation alone was not sufficient to justify a claim for damages. Pursuant to Article 82(1) GDPR, a claim for19 KB (3,009 words) - 12:26, 2 February 2022
- AEPD (Spain) - PS/00043/2021 (category Article 83(2) GDPR)***ADDRESS.1, with CIF ***CIF.1, for a infringement of Article 5.1.f) of the RGPD, typified in Article 83.5 of the RGPD, with a fine of FIVE HUNDRED € (500 euros)23 KB (3,505 words) - 13:40, 27 April 2022
- AEPD (Spain) - EXP202102778 (category Article 6(1)(f) GDPR)purposes of the GDPR and that the sanction to be imposed should be graduated with the aggravation of negligence Article 83(2)(b) GDPR, since the controller84 KB (13,036 words) - 13:26, 13 December 2023
- AZOP (Croatia) - Decision 14-09-2023 (category Article 13(2) GDPR)violating Article 13(1) GDPR and Article 13(2) GDPR. Accordingly, the AZOP decided to impose an administrative fine on each company in line with Article 83(2)7 KB (783 words) - 08:51, 2 November 2023
- AEPD (Spain) - PS-00507-2022 (category Article 83(2) GDPR)as a grave infringement (Article 72(1) LOPDGDD). Due to these violations the AEPD issued a fine of €70,000 based on Article 83(2) GDPR and Article 76(2)(b)49 KB (7,832 words) - 10:54, 22 January 2024
- UODO (Poland) - DKE.561.25.2020 (category Article 83(2) GDPR)art. 58 sec. 1 lit. a) and lit. e) and art. 58 sec. 2 lit. i) in connection with Art. 83 sec. 1-3 and art. 83 sec. 4 lit. a) and art. 83 sec. 5 lit. e) Regulation28 KB (4,344 words) - 11:02, 22 June 2021
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)11, 148, 150, and Article 5, Chapter IV and Article 83. 4 2.8 Chapter IV, Section 2 addresses security of personal data. Article 32 GDPR provides: 1. Taking130 KB (21,195 words) - 13:52, 25 April 2021
- Article 23 GDPR (category GDPR Articles) (section Non-observation of Article 23 requirements by a Member State)and 14 GDPR), access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification44 KB (4,896 words) - 06:25, 16 June 2023
- Article 78 GDPR (category GDPR Articles) (section (2) Right to judicial remedy against DPA inactivity)by the SA, (iii) has been fined under Article 83 GDPR or (iv) is subject to a penalty under Article 84 GDPR. If a data subject’s personal data is otherwise30 KB (3,874 words) - 10:46, 7 December 2023
- AEPD (Spain) - PS/00390/2019 (category Article 83(4) GDPR)that permit the identification of a person (Article 83.2(b)) • Basic personal identifiers are affected (Article 83.2 g) Therefore, in accordance with the12 KB (1,838 words) - 14:34, 13 December 2023
- Rb. Amsterdam - AMS 22/5458 (category Article 83(2) GDPR)defendant must take a number of factors into account. These factors are listed in Article 83, second paragraph, of the GDPR and Article 7 of the Fining Policy27 KB (4,200 words) - 11:57, 13 September 2023
- AEPD (Spain) - PS/00443/2021 (category Article 83(2) GDPR)EDREAMS, S.L., with NIF B61965778, for a infringement of article 12 of the GDPR, typified in article 83.5 of the GDPR, a warning. SECOND: NOTIFY this resolution40 KB (6,231 words) - 08:51, 16 March 2023
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 83 GDPR)After considering the objections in light of Article 4(24) GDPR and the factors outlined in Article 83(2) GDPR the EDPB instructed the DPC to impose an administrative289 KB (33,568 words) - 15:00, 1 February 2023
- UODO (Poland) - DKE.561.23.2020 (category Article 83(2) GDPR)of 2019, item 1781), as well as Art. 58 sec. 2 lit. i), art. 83 sec. 1-3, art. 83 sec. 4 lit. a) and art. 83 sec. 5 lit. e) in connection with Art. 31 and33 KB (5,262 words) - 13:02, 16 June 2021
- Article 99 GDPR (category Article 99 GDPR)Journal of the European Union. 2. It shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the12 KB (295 words) - 08:25, 19 October 2023
- AEPD (Spain) - PS/00214/2022 (category Article 9(2) GDPR)that the controller had breached Article 9 GDPR. The DPA imposed a sanction according to Article 83(5)(a) GDPR and Article 72(1)(e) of the Spanish Data Protection131 KB (20,916 words) - 12:38, 13 December 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- AEPD (Spain) - EXP202207521 (category Article 6(1) GDPR)DIGITAL, S.L.U., with NIF B11514445, -for a violation of article 6.1 of the GDPR, typified in article 83.5 of the GDPR, with an administrative fine of 20,00054 KB (8,747 words) - 08:36, 30 August 2023
- EDPB - Binding Decision 1/2021 - 'WhatsApp' (category Article 83 GDPR) (section Additional infringement of Article 13(2)(e) GDPR)paragraphs of Article 83 of the GDPR, as further summarised below. Fining of the ‘gravest infringement’. Article 83(3) GDPR provides that “[i]f a controller29 KB (4,384 words) - 16:00, 6 December 2023
- AEPD (Spain) - EXP202206626 (category Article 83(5) GDPR)particular case". According to the provisions of article 83.2 of the GDPR, the measure provided for in article 58.2 d) of the aforementioned Regulation is compatible35 KB (5,475 words) - 13:21, 13 December 2023
- Article 94 GDPR (category Article 94 GDPR)date of effect under Article 94 GDPR. In order to ensure a sense of continuity within the regulatory framework, Article 94(2) GDPR provides that any reference13 KB (530 words) - 09:40, 3 October 2023
- APD/GBA (Belgium) - 57/2023 (category Article 13(2)(a) GDPR)of: 1. Article 5 (1) (a) and (2) and Article 6 (1) GDPR; 2. Article 5, Article 24 (1) and 25 (1) and (2) GDPR; 3. Article 12 paragraph 1, paragraph 2, paragraph99 KB (15,129 words) - 09:21, 31 May 2023
- with a supervisory authority (Article 77 of the GDPR), the procedural rules of Personal Data Protection Act (Zakon o varstvu osebnih podatkov (ZVOP-2)) apply10 KB (1,242 words) - 10:51, 6 February 2024
- Article 97 GDPR (category Article 97 GDPR)years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the16 KB (778 words) - 08:24, 19 October 2023
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)contractual clauses); Article 36(2) GDPR (prior consultation); Article 40 GDPR (codes of conduct); Article 42 GDPR (certification); Article 46 GDPR (standard data60 KB (7,796 words) - 20:12, 1 April 2024
- AEPD (Spain) - PS-00371-2021 (category Article 83(2) GDPR)according to Article 83(4)(a) GDPR. However, the AEPD imposed no fines in either of the two violations. Instead, according to Article 58(2)(d) GDPR, the AEPD46 KB (7,141 words) - 13:00, 18 January 2024
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Chair represents the Board (Article 68(2) GDPR) and is responsible for directing the work of the secretariat (Article 75(2) GDPR). Other specific responsibilities15 KB (808 words) - 09:44, 17 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p.15 KB (787 words) - 08:17, 19 October 2023
- AEPD (Spain) - PS/00425/2019 (category Article 5(2) GDPR)down in Article 83 (2) GDPR: As aggravating factors: • In this case, negligent action is not intentional, but it is significant (Article 83 (¬2) (b)). •14 KB (2,140 words) - 14:39, 13 December 2023
- Article 59 GDPR (category GDPR Articles)accordance with Article 58(2) [GDPR]”. These is a reference to the information that SAs must keep in internal records according to Article 57(1)(u) GDPR. The report15 KB (718 words) - 15:31, 19 October 2023
- AEPD (Spain) - PS/00095/2020 (category Article 83(5) GDPR)by the alleged violation of Article 5.1(f) of the GDPR, Article 5.1(b) of the GDPR, as set out in Article 83.5 of the GDPR. FOURTH: On 10 June 2020, the15 KB (2,317 words) - 13:59, 13 December 2023
- Article 67 GDPR (category Article 67 GDPR)referred to in Article 64. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2). Recital 167:15 KB (810 words) - 16:13, 2 November 2023
- Article 10 GDPR (category GDPR Articles)processing still needs to rely on a legal basis from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing17 KB (1,768 words) - 15:41, 18 March 2024
- AEPD (Spain) - PS/00178/2022 (category Article 83(5)(a) GDPR)pursuent to Article 6 GDPR. In determining the amount of the fine, the DPA considered aggravating factors, as stipulated in Article 83(2)(a) GDPR, and mitigating59 KB (9,122 words) - 14:48, 22 September 2022
- Article 8 GDPR (category GDPR Articles) (section (2) Verification of parental consent by the controller)use of trusted third party verification services. Article 8(3) GDPR makes it clear that Article 8(1) GDPR only refers to consent, not to the object of the19 KB (1,335 words) - 13:56, 24 October 2023
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)accordance with the general principles referred to a / 'article 83 of Regulation 2016/679 ”. 3. Article 83 of the GDPR is read as follows: "1. Each supervisory authority72 KB (11,389 words) - 08:59, 20 August 2021
- UODO (Poland) - DKN.5131.11.2020 (category Article 83(2) GDPR)as well as Art. 57 sec. 1 lit. a) and h), art. 58 sec. 2 lit. e) and lit. i), art. 83 sec. 1-2 and art. 83 sec. 4 lit. a) in connection with Art. 33 paragraph51 KB (8,179 words) - 12:07, 11 August 2021
- Article 98 GDPR (category Article 98 GDPR)Europol Regulation. Noting that a broader reading of Article 98 GDPR is supported by the wording of Article 2(3) GDPR, which provides that: 'For the processing15 KB (943 words) - 09:58, 8 November 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 48 GDPR (category GDPR Articles) (section Judgment of a Court, Tribunal, or Administrative Authority of a Third Country)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- AEPD (Spain) - PS/00016/2022 (category Article 83(2) GDPR)of article 15 of the GDPR. V Classification of the infringement of article 15 of the GDPR The aforementioned infringement of article 15 of the GDPR supposes62 KB (9,829 words) - 14:09, 14 March 2023
- Article 19 GDPR (category GDPR Articles)definition for "processing" in Article 4(2) GDPR). If data is been made public, the applicable provision is Article 17(2) GDPR, provided that all requirements19 KB (1,436 words) - 12:35, 12 May 2023
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Article 63 GDPR (category Article 63 GDPR) (section A Supervisory Authority Plans to Adopt a Measure which has Effects in Different Member States)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 69 GDPR (category Article 69 GDPR) (section (2) The Board shall neither seek nor take instructions from any body)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- Article 75 GDPR (category Article 75 GDPR) (section (2) Exclusive Performance of Tasks under the Instructions of the Chair)Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Pauly, DS-GVO BDSG, Article 71 GDPR, margin number 2 (C.H. Beck 2021, 3rd edition). Dix in Kühling, Buchner, GDPR BDSG, Article 71 GDPR, margin number 6 (C15 KB (1,196 words) - 08:15, 19 October 2023
- AEPD (Spain) - PS/00351/2019 (category Article 58(2)(c) GDPR)regard to Article 83 (2) (k) of the GDPR, Article 76 of the GDPR, ‘Sanctions and remedial measures’, provides: ‘2. In accordance with Article 83 (2) (k) of17 KB (2,739 words) - 14:31, 13 December 2023
- AEPD (Spain) - EXP202203956 (category Article 6(1) GDPR)SEGUROS Y REASEGUROS, S.A., with NIF A28141935, for a violation of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR, with a fine of 30,000 euros52 KB (8,323 words) - 13:17, 13 December 2023
- WSA Warsaw (Poland) - II SA/Wa 310/20 (category Article 83(2) GDPR)surveillance, (2) breach of Article 5(1)(a), Article 5(1)(f), Article 5(2), Article 28(1), (3) and (10), Article 29, Article 83(1), (2), (3) and (5) in56 KB (8,906 words) - 14:16, 20 September 2021
- data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific legal basis44 KB (5,905 words) - 14:00, 24 October 2023
- affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- Article 66 GDPR (category Article 66 GDPR) (section (2) Adoption of a final decision after provisional measures)The authority addressed under Article 66(1)-(2) GDPR is the CSA within the meaning of Article 4(22) GDPR. In contrast, Article 66(3) refers to “any supervisory20 KB (1,590 words) - 16:11, 2 November 2023
- AEPD (Spain) - PS/00491/2020 (category Article 6(1) GDPR)was a violation of Article 13 GDPR and issued a warning to the controller. The AEPD took into account the following aggravating factors (Article 83 (2)19 KB (2,957 words) - 14:45, 13 December 2023
- Article 43 GDPR (category GDPR Articles)with the examination procedure referred to in Article 93(2). You can help us fill this section! Article 43 GDPR explains the procedure involved in establishing22 KB (1,634 words) - 14:40, 28 July 2023
- principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple majority19 KB (1,530 words) - 14:23, 12 October 2023
- Article 50 GDPR (category GDPR Articles)establishes a series of objectives that are similar to the ones laid out by Article 50 GDPR. Article 50 GDPR is divided in two different parts: letters (a) and17 KB (1,142 words) - 15:41, 28 April 2022
- Article 95 GDPR (category Article 95 GDPR)such a situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits20 KB (1,539 words) - 08:21, 19 October 2023
- Regulation (GDPR): A Commentary, Article 39 GDPR, p. 714 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 39 GDPR, margin number23 KB (2,165 words) - 15:10, 27 July 2023
- Article 16 GDPR (category GDPR Articles)through Article 15 GDPR. See, Kamann, Braun, in Ehmann, Selmayr, Datenschutz-Grundverordnung, Article 16 GDPR, margin number 6 (C.H. Beck 2018, 2nd Edition)23 KB (2,489 words) - 23:24, 6 March 2024
- AEPD (Spain) - PS/00267/2021 (category Article 83(2)(e) GDPR)aggravating factor according to Article 83(2)(e) GDPR. The decision of the DPA could be seen as a confirmation that Article 15 generally prevails over specific193 KB (32,580 words) - 11:16, 15 June 2022
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A delegated19 KB (1,525 words) - 08:18, 19 October 2023
- accountability obligation enshrined in Article 5(2) GDPR. This theory is not totally convincing. In light of Article 5(2) GDPR, a reversal of burden of proof for33 KB (4,215 words) - 09:57, 19 March 2024
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled27 KB (4,216 words) - 13:26, 8 January 2024
- order to ensure a possibility to trigger a binding dispute resolution procedure in accordance with Article 65 GDPR. Article 64(2) GDPR allows any SA, the23 KB (2,079 words) - 16:07, 2 November 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)requirement of a proper demonstration under the fairness and transparency principle (Article 5(1)(a) GDPR). Article 11(2) GDPR provides for a peculiar informative20 KB (1,854 words) - 16:32, 8 March 2024
- with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to a broad33 KB (3,641 words) - 09:51, 19 March 2024
- Article 90 GDPR (category Article 90 GDPR) (section (2) Notification of national implementation to the Commission)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- to in Article 61(6) GDPR. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2) GDPR. → You24 KB (2,181 words) - 11:46, 15 January 2024
- AEPD (Spain) - PS/00132/2020 (category Article 83(5) GDPR)paragraph k) of Article 83.2 of the RGPD, the LOPDGDD, Article 76, "Sanctions and corrective measures", it provides: "In accordance with Article 83(2)(k) of Regulation24 KB (3,939 words) - 14:03, 13 December 2023
- Article 62 GDPR (category Article 62 GDPR) (section (2) Right to participate in joint operations and the obligation to invite other supervisory authorities)ng, Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters22 KB (1,915 words) - 13:46, 15 January 2024
- expression under Article 85(2) GDPR, some German states have established separate SAs for broadcasting companies. Furthermore, Article 91(2) GDPR allows for27 KB (2,604 words) - 14:24, 16 January 2024
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- senate of 15. Dezember 1983 - 1 BvR 209/83, 1 BvR 269/83, 1 BvR 362/83, 1 BvR 420/83, 1 BvR 440/83, 1 BvR 484/83 (in DE) (Abstract in EN) - ECLI:DE:BVerfG:1983:rs1983121518 KB (1,831 words) - 13:49, 3 November 2022
- AEPD (Spain) - PS/00126/2021 (category Article 6(1) GDPR)negligence of the infringement (Article 83(2)(b) GDPR) the impact on basic personal identifiers (Article 83(2)(g) GDPR) Share your comments here! Share26 KB (3,922 words) - 13:10, 9 June 2021
- UODO (Poland) - DKN.5131.33.2021 (category Article 83(2) GDPR)sec. 1 lit. a) and h), art. 58 sec. 2 lit. e) and i), art. 83 sec. 1 and sec. 2, art. 83 sec. 4 lit. a) in connection with Art. 34 sec. 1, 2 and 4 of Regulation81 KB (13,351 words) - 14:48, 2 March 2022
- Garante per la protezione dei dati personali (Italy) - 9920578 (category Article 83(2) GDPR)The DPA fined the controller €45,000 under Article 83(2) GDPR, Article 83(3) GDPR and Article 83(5)(a) GDPR. Share your comments here! Share blogs or news92 KB (14,784 words) - 08:49, 27 September 2023
- NAIH (Hungary) - NAIH-2857-20/2021 (category Article 83(2) GDPR)portability; (i) Article 6 (1) (a) or Article 9 (2) of the General Data Protection Regulation; In the case of data processing based on paragraph 1 (a), the consent79 KB (12,495 words) - 11:03, 21 January 2022
- Article 30 GDPR (category GDPR Articles) (section (2) Record of processing activities by the processor)minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller provides a "general31 KB (3,327 words) - 15:31, 5 June 2023
- consistency mechanism under Article 65(2)(1) GDPR and the adoption of the EDPS’s rules of procedure under Article 72(2) GDPR. Notably, each EDPB member22 KB (2,266 words) - 08:26, 17 October 2023
- Garante per la protezione dei dati personali (Italy) - 9827446 (category Article 5(1)(a) GDPR)the health of a significant number of data subjects (150,000/200,000 outpatient accesses) (Article 83(2)(a) GDPR and Article 83(2)(g) GDPR). It also considered70 KB (11,425 words) - 13:47, 7 December 2022
- AEPD (Spain) - PS/00028/2022 (category Article 5(1)(f) GDPR)SEGUROS Y REASEGUROS, S.A., with NIF A28141935, for a violation of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR, with a fine of 30,000 euros58 KB (9,301 words) - 12:39, 13 December 2023
- Article 46 GDPR (category GDPR Articles) (section (c) Standard data protection clauses adopted by the Commission under Article 93(2))access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Article 34 GDPR (category GDPR Articles) (section (2) Minimal requirements of the controller's communication to the data subject)at which a controller has a duty to notify the competent supervisory authority of such a breach. Article 34(1) GDPR differs from Article 33 GDPR. Instead37 KB (3,962 words) - 15:20, 16 June 2023
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- Article 17 GDPR (category GDPR Articles) (section (ii) Erasure following objection under Article 21(2))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- AEPD (Spain) - PS/00247/2020 (category Article 7 GDPR)Articles 13 GDPR and 7 GDPR respectively? To determine the amount of the penalty, the AEPD took into account three criteria in Article 83(2) GDPR: unintentional24 KB (3,893 words) - 14:22, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 17FR/2021 (category Article 5(1)(c) GDPR)elements provided for in Article 83.2 of the GDPR: As to the nature and seriousness of the violation (article 83.2.a) of the GDPR), the Restricted Training44 KB (6,212 words) - 08:28, 16 June 2021
- and jurisdiction provisions (Articles 47(1)(b), 47(2)(d), 47(2)(e), 47(2)(g), 47(2)(i), 47(2)(l) GDPR); a duty for the EU BCR member to accept responsibility29 KB (2,823 words) - 15:15, 28 April 2022
- AEPD (Spain) - EXP202204530 (category Article 83(5)(b) GDPR)accordance with the article 83.1 of the GDPR. In order to determine the administrative fine to be imposed, to observe the provisions of article 83.2 of the RGPD26 KB (3,971 words) - 13:26, 13 December 2023
- AEPD (Spain) - PS/00006/2022 (category Article 12 GDPR)In an Article 60 GDPR procedure, the Spanish DPA reprimanded a controller for the failure to meet a data deletion request under Article 17 GDPR in a timely54 KB (8,870 words) - 10:43, 13 December 2023
- from Articles 13(2)(b) and 14(2)(c) GDPR. However, Article 21(4) GDPR specifies that the right to object under Article 21(1) and 21(2) GDPR (i.e. the right49 KB (5,993 words) - 06:22, 16 June 2023
- elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- Article 42 GDPR (category GDPR Articles) (section (2) Demonstrating safeguards through data protection certification mechanisms, seals or marks)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- Article 80 GDPR (category GDPR Articles) (section Representation of a data subject under Article 82 GDPR, where provided for by Member State law)According to Article 80(2) GDPR, where legislated for by Member States, this right extends to Articles 77, 78 and 79 GDPR, but not Article 82 GDPR. This exclusion26 KB (2,575 words) - 15:50, 9 November 2023
- AEPD (Spain) - PS/00114/2019 (category Article 6(1) GDPR)of articles 83.1 and 83.2 of the RGPD must be observed. In turn, pursuant to article 83. 2.k GDPR, the circumstances described in article 76 LOPDGDD may60 KB (10,197 words) - 14:01, 13 December 2023
- AEPD (Spain) - PS/00446/2021 (category Article 5(1)(c) GDPR)the GDPR, where applicable, in a certain way and within a specified period (art. 58.2 d)). According to the provisions of article 83.2 of the GDPR, the24 KB (3,717 words) - 13:04, 13 December 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)be true also under Article 91 GDPR”. See, Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University25 KB (2,482 words) - 10:04, 19 March 2024
- UODO (Poland) - DKN.5131.16.2021 (category Article 83(2) GDPR)subjects with the information listed in Article 33(3)(b), Article 33(3)(c), and Article 33(3)(d), as Article 34(2) GDPR prescribes. Therefore, the DPA decided88 KB (14,432 words) - 10:31, 24 November 2021
- reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- Article 41 GDPR (category GDPR Articles) (section (2) Criteria for accreditation from the competent supervisory authority)wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against which a supervisory30 KB (2,720 words) - 14:02, 28 July 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)against a controller (as defined under Article 4(7) GDPR) and a processor (as defined under Article 4(8) GDPR). As noted above, Article 79 GDPR imposes31 KB (3,550 words) - 11:11, 29 November 2023
- Beck, 2018, 2nd edition). We refer, in that respect, to the Commentary on Article 2(2)(c) GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e)31 KB (3,646 words) - 08:51, 21 July 2023
- defined by Article 4(2) GDPR), because Article 81(1) GDPR explicitly refers to 'processing by the same controller or processor'. As a result, the Article does27 KB (2,619 words) - 14:52, 16 November 2023
- IMY (Sweden) - DI-2021-4355 (category Article 58(2)(b) GDPR)DI-2021-4355 5(6) Date:2023-01-19 Choice of intervention Article 58(2) and Article 83(2) of the GDPR give IMY the authority to impose an administrative fine28 KB (3,101 words) - 09:49, 7 June 2023
- CNPD (Luxembourg) - Délibération n°16FR/2021 (category Article 5(1)(c) GDPR)elements provided for in Article 83.2 of the GDPR: As to the nature and seriousness of the violation (article 83.2.a) of the GDPR), the Restricted Training51 KB (7,338 words) - 11:33, 16 June 2021
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)processing is based on Article 6(1)(a) or on Article 9, (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the right69 KB (11,315 words) - 13:30, 19 January 2022
- with other controllers or where a processing operation is carried out on behalf of a controller. Article 26 GDPR goes a substantial way towards empowering37 KB (3,915 words) - 12:49, 24 May 2023
- Article 53 GDPR (category GDPR Articles) (section (2) Qualification, experience and skills of the member(s))occupation. For example, Article 52(2) GDPR requires SA members to remain free from external influence and Article 52(3) GDPR entails a prohibition of incompatible29 KB (2,894 words) - 23:06, 1 April 2024
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))subject only made a "request for a copy" not a "request under Article 15 GDPR". The controller clearly violated Article 5(1)(a) and 12(1) GDPR. The addressee73 KB (9,896 words) - 15:46, 18 March 2024
- CJEU - C807/21 - Deutsche Wohnen (category Article 83(4) GDPR)Member States, in Articles 83(1) to (6) of the GDPR. Second, Article 83(2)(b) GDPR, read in conjunction with Article 83(3) GDPR, both describe the intentional10 KB (1,543 words) - 13:53, 8 December 2023
- Regulation (GDPR): A Commentary, Article 49 GDPR, p. 846 (Oxford University Press 2020). EDPB, ‘Guidelines 2/2018 on derogations of Article 49 under Regulation29 KB (3,500 words) - 08:54, 27 March 2023
- Article 55 GDPR (category GDPR Articles) (section (2) Exclusive competence regarding processing for compliance with a legal obligation or in the public interest)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- UODO (Poland) - DKN.5130.3114.2020 (category Article 83(2) GDPR)Articles 57(1)(a), 58(2)(i) in conjunction with Articles 24(1), 31, 32(1) and (2), 34(1), and 83(1) and (2) and 83(4)(a) of Regulation EU 2016/679 of the105 KB (16,833 words) - 13:48, 15 November 2021