Search results
From GDPRhub
- Article 5 GDPR (section (1) Principles)documentation, but Articles 5(2) or 30(1)(a) GDPR require documentation and Articles 6(1)(a), 13(1)(c) and 14(1)(c) GDPR require the disclosure of the specific51 KB (6,355 words) - 08:25, 18 April 2024
- Article 6 GDPR (section (1) Legal basis for processing)in Articles 9(1)(a), 22(2)(c) and 49(1)(a) GDPR. See the commentary on Article 9(1)(a) GDPR for explicit consent. Generally, consent must be given directly108 KB (17,005 words) - 15:39, 18 March 2024
- Article 15 GDPR (section (1) The Right of Access)further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- Article 13 should not be too long. Article 12 GDPR may be limited by Union or national Law in accordance with Article 23 GDPR. Article 12(1) GDPR requires controllers76 KB (11,304 words) - 08:37, 4 March 2024
- Article 58 GDPR (section (1) Investigative powers)it can be assumed that the SAs may be given additional powers, but that the existing powers may not be restricted. A contrary view cannot be derived from46 KB (5,825 words) - 11:12, 7 November 2023
- Article 4 GDPR (section (1) Personal data)(Nomos 2018). Recital 70 GDPR. Recital 71 sentence 1 GDPR. Recital 71 sentence 1 GDPR. Recital 28 sentence 1 GDPR, such as Hansen, in Simitis, Hornung, Spieker125 KB (16,328 words) - 16:01, 8 March 2024
- Article 13 GDPR (section (1) Information the controller shall provide at the time personal data is obtained)See the commentary on Article 5(1)(b) GDPR for more details. The legal basis must necessarily be found either in Article 6(1) GDPR or, where special categories71 KB (9,532 words) - 13:30, 6 March 2024
- non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the41 KB (5,197 words) - 12:17, 17 April 2024
- Article 17 GDPR (section (1) Right to erasure)of Article 21(1) GDPR. Therefore, for a claim for deletion to be admissible, all and only the conditions listed in Article 21(1) must be met. In particular61 KB (8,488 words) - 15:47, 18 March 2024
- Article 83 GDPR (section (1) Administrative fine)83(5) Var. 1 or (6) GDPR, as otherwise there could be a violation of ne bis in idem. First, it follows from this criterion that a fine may also be imposed55 KB (7,622 words) - 14:04, 7 November 2023
- Article 9 GDPR (section (1) General prohibition of processing of special categories of personal data)subsume the corresponding legal basis contained in Article 6(1)(a) GDPR, 6(1)(d) GDPR and 6(1)(e) GDPR respectively, and would require no additional correlation44 KB (5,905 words) - 14:00, 24 October 2023
- Article 6(1)(e) or (f) GDPR are clearly covered by Article 21(1) GDPR, mentioning profiling specifically is somewhat legally redundant. However, it can be seen49 KB (5,993 words) - 06:22, 16 June 2023
- Article 14 GDPR (section (1) Information the controller shall provide when personal data has not been obtained from the data subject)additional benefit of Article 14(1)(d) GDPR may be questionable, if one agrees that Article 14(1)(c) (see commentary on Article 13(1)(c) GDPR) already requires47 KB (5,644 words) - 17:49, 5 March 2024
- Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1) since they30 KB (3,458 words) - 10:31, 25 April 2024
- Article 25 GDPR (section (1) Data protection by design)paragraph (1). Although the measures should be implemented to ensure compliance with every data protection principle, and are therefore to be understood43 KB (4,675 words) - 06:43, 16 June 2023
- May 2020 (Version 1.1), pp. 7-8 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), pp. 8-9 (available31 KB (3,489 words) - 16:00, 8 March 2024
- Article 28 GDPR (section (1) Processor)their agreement must be the same as those of the SCCs. The SCCs will often leave some blank spaces to be filled in or options to be selected by the parties72 KB (9,140 words) - 13:12, 2 June 2023
- agreement on joint responsibility as required under Article 26(1) of the GDPR. Article 33(1) GDPR outlines that controllers (as defined above) have an obligation54 KB (6,536 words) - 08:22, 16 June 2023
- result of an infringement of the GDPR. Article 82(1) contains the conditions for such a claim, which are to be interpreted in accordance with EU law. Such conditions33 KB (4,215 words) - 09:57, 19 March 2024
- Article 35 GDPR (section (1) Mandatory DPIA)(DPO) must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the52 KB (7,297 words) - 08:05, 18 July 2023
- Article 57(1)(h) GDPR can also be initiated based on information that the SA obtained from another SA (e.g. in accordance with Article 60(1) GDPR and Article60 KB (7,796 words) - 20:12, 1 April 2024
- clarified in C-132/21 that "Article 77(1), Article 78(1) and Article 79(1) of Regulation (EU) 2016/679 [...] must be interpreted as permitting the remedies33 KB (3,641 words) - 09:51, 19 March 2024
- the supervisory authorities concerned shall be deemed to be in agreement with that draft decision and shall be bound by it. 7. The lead supervisory authority35 KB (4,017 words) - 16:04, 18 March 2024
- version=1.0 https://www.garanteprivacy.it/documents/10160/0/Bilancio+di+previsione+2019+-+Sintetico.xlsx/700e5df5-f7c3-6510-1bd5-ef90e9824f17?version=1.07 KB (808 words) - 08:17, 16 February 2023
- Article 56 GDPR (section (1) Designation of the Lead Supervisory Authority (LSA) and the Cooperation Mechanism)(Article 65(1)(b) GDPR). It seems that the decision on a conflicting view can only be taken within a specific procedure under Article 65(1)(b) GDPR and55 KB (7,446 words) - 22:28, 1 April 2024
- Article 2 GDPR (section (1) Material scope)scope requires the data in question to be 'personal data'. This term is defined, and further discussed, in Article 4(1) GDPR. Any information that relates34 KB (4,652 words) - 12:07, 12 November 2023
- Article 34(1) is not triggered, as the authorised party will not be able to make use of the data obtained. “Subsequent” measures should be interpreted37 KB (3,962 words) - 15:20, 16 June 2023
- requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 23 GDPR (section (1) Restrictions)make contact with him' (BVerwG, NJW 2006, 3367ff.)”. Article 1(1) in conjunction with Article 2(1) Directive (EU) 2016/680 of the European Parliament and of44 KB (4,896 words) - 06:25, 16 June 2023
- categories of data listed under Article 9(1) GDPR. There have been conflicting arguments as to whether Article 22(1) GDPR lays down a right or a general prohibition31 KB (4,768 words) - 06:24, 16 June 2023
- surveillance cameras, it was therefore in breach of Article 37(1)(b) GDPR by not having a DPO. Article 37(1) GDPR specifies three conditions in which the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 46 GDPR (section (1) Scope)that they will be considered to be ad hoc clauses that require the authorisation of the competent DPA" under Article 46(3)(a) GDPR.Article 46(1) allows the34 KB (3,646 words) - 08:53, 27 March 2023
- However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article23 KB (2,489 words) - 23:24, 6 March 2024
- prior authorization, irrespective of the requirements of paragraph 1. Article 36(1) GDPR establishes an obligation for the controller to consult the DPA31 KB (3,646 words) - 08:51, 21 July 2023
- Article 3 GDPR (section (1) Establishment in the Union)the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 16 (available here) referring to Article 1(1)(b) Directive (EU) 2015/1535 of the European Parliament37 KB (4,635 words) - 13:29, 24 October 2023
- processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent32 KB (3,730 words) - 08:43, 7 March 2024
- proceedings under Article 79(1) GDPR in limited circumstances of substantive violations. Instead, Article 79(1) GDPR should be read as excluding proceedings31 KB (3,550 words) - 11:11, 29 November 2023
- Article 55 - Competence 1. Each supervisory authority shall be competent for the performance of the tasks assigned to and the exercise of the powers conferred35 KB (3,971 words) - 21:34, 1 April 2024
- concerning potential conflicts of interest. According to Article 38(1) GDPR, the DPO must be involved in a timely manner in all issues which relate to the protection29 KB (2,951 words) - 14:19, 25 July 2023
- an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the cases where a consensus could not be reached within the consistency mechanism33 KB (4,185 words) - 16:09, 2 November 2023
- Article 26 GDPR (section (1) Joint controllership)(Version 2.1), p. 19 (available here). EDPB, ‘Guidelines 07/2020 on the concepts of controller and processor in the GDPR’, 07 July 2021 (Version 2.1), p. 1937 KB (3,915 words) - 12:49, 24 May 2023
- under Articles 58(1)(d) or 58(3)(a) and 58(3)(b) GDPR do not qualify as decisions and cannot be subject to legal actions under Article 78(1) GDPR. A data subject30 KB (3,874 words) - 10:46, 7 December 2023
- derogation shall not be applied, and the derogation from Article 49(1)(a) GDPR will be applicable instead. The incapacity may be physical, mental or legal29 KB (3,500 words) - 08:54, 27 March 2023
- implementation requirements for 85(1) to be fulfilled. While not outlined, the academic commentary agrees that Article 85(1) should not be read as requiring member33 KB (3,748 words) - 14:25, 7 November 2023
- of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct must be tailored to “specific44 KB (5,008 words) - 14:50, 28 July 2023
- public hearing. Under specific conditions the hearing may be secret. For an administrative fine to be issued, a prior invitation of the defendant (or his representative23 KB (2,039 words) - 08:15, 25 April 2024
- Article 39 GDPR (section (1) DPO's Tasks)processing. Paragraph 1 provides a comprehensive list of tasks that the DPO must perform according to the GDPR, and these tasks cannot be restricted by national23 KB (2,165 words) - 15:10, 27 July 2023
- Article 8 GDPR (section (1) Material scope)May 2020 (Version 1.1), p. 28 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), p. 27 (available19 KB (1,335 words) - 13:56, 24 October 2023
- in Articles 70(1)(e) and 70(1)(f) GDPR was an editorial error. This obligation applies to all guidance issued by the Board. Articles 70(1)(n) to (q) GDPR27 KB (3,038 words) - 12:19, 11 October 2023
- designation must be done in written form. The GDPR does not specify any particular requirements for the representative. However, under Article 1(17) GDPR, the25 KB (2,418 words) - 14:11, 24 May 2023
- Article 1 GDPR (section (1) Subject-matter)not' (cf. Art. 3(1)). Hornung and Spiecker in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 1 GDPR, margin number 1 (Beck 2019) (accessed28 KB (3,831 words) - 16:21, 14 March 2024
- responsible in writing and wait a period of 1 month (if you have no response) before filling a complaint. There seems to be no legal basis for this requirement18 KB (2,488 words) - 15:22, 14 December 2021
- Article 43 GDPR (section (1-5) The certification body)to Article 55 or 56. 2. Certification bodies referred to in paragraph 1 shall be accredited in accordance with that paragraph only where they have: (a)22 KB (1,634 words) - 14:40, 28 July 2023
- Article 20 GDPR (section (1) Right to data portability)pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is carried40 KB (5,349 words) - 07:05, 1 June 2023
- conditions for entities to qualify as NPOs. For the purposes of Article 80(1) GDPR must be (i) a not-for-profit body, organisation or association, (ii) properly26 KB (2,575 words) - 15:50, 9 November 2023
- referred to in paragraph 1 within the period referred to in paragraph 3. 7. The supervisory authority referred to in paragraph 1 shall take utmost account23 KB (2,079 words) - 16:07, 2 November 2023
- Article 89 GDPR (section (1) Mandatory Appropriate Safeguards for Archiving Purposes in the Public Interest, Scientific or Historical Research Purposes,...)anonymisation would therefore neither be possible, nor required under Article 89(1) GDPR. All in all, it can be concluded that anonymisation only becomes29 KB (3,695 words) - 13:44, 21 March 2024
- State in accordance with Article 55(1). In that case, the urgent need to act under Article 66(1) shall be presumed to be met and require an urgent binding24 KB (2,181 words) - 11:46, 15 January 2024
- Article 41 GDPR (section (1) The monitoring body)operation. These three requirements must be satisfied before a monitoring body can be accredited according to Article 41(1)(b) GDPR. Although this provision only30 KB (2,720 words) - 14:02, 28 July 2023
- the purposes of Article 5(1)(e) GDPR when determining the duration for which data must be stored. Any such laws would also be relevant for determining whether27 KB (2,604 words) - 14:24, 16 January 2024
- authority has taken a measure pursuant to paragraph 1 and considers that final measures need urgently be adopted, it may request an urgent opinion or an urgent20 KB (1,590 words) - 16:11, 2 November 2023
- Article 47 GDPR (section (1) Binding Corporate Rules)draft” to the BCR Lead , which may be commented by other DPAs concerned. The BCR Lead the submits, following Article 64(1) GDPR and Article 64(4) GDPR, a29 KB (2,823 words) - 15:15, 28 April 2022
- that point, it is important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference21 KB (1,831 words) - 08:51, 27 March 2023
- establishment of SAs are set out in Article 51(1) and 52 GDPR, Article 54(1)(a) GDPR repeats that these should be legislated for through a Member State's domestic34 KB (3,649 words) - 13:19, 30 October 2023
- will be subject to continuous change, since an EU-wide mechanism will need to be adaptable to take into account national regulations that may be sector-specific27 KB (2,452 words) - 14:26, 28 July 2023
- of Article 88(1) GDPR. Therefore, for a comprehensive overview of the term ‘more specific’, please refer to section 2.1 below. Article 88(1) GDPR establishes32 KB (3,228 words) - 13:32, 30 November 2023
- processing under Articles 13 or 14 GDPR. This can be drawn from the final sentence of Article 11(1) GDPR. It must be assessed with the utmost attention whether20 KB (1,854 words) - 16:32, 8 March 2024
- Article 55. In that case, the urgent need to act under Article 66(1) shall be presumed to be met and require an opinion or an urgent binding decision from22 KB (1,915 words) - 13:46, 15 January 2024
- under Articles 16, 17(1), and 18 vis-à-vis other recipients of the data, the notification should be done immediately. Recipients shall be notified either “in19 KB (1,436 words) - 12:35, 12 May 2023
- Article 83 GDPR, Article 84(1) GDPR dispenses with complete harmonisation. It does, however, provide that any sanctions chosen must be ‘effective, proportionate19 KB (1,477 words) - 14:12, 7 November 2023
- convictions and offences or related security measures based on Article 6(1) shall be carried out only under the control of official authority or when the processing17 KB (1,768 words) - 15:41, 18 March 2024
- Article 45 GDPR (section (1) Adequacy Decision)pursued need to be demonstrated; (iii) the processing has to be subject to independent oversight; and (iv) effective remedies need to be available to the43 KB (5,641 words) - 14:58, 28 April 2022
- Article 92 GDPR (section (1) Delegated acts)92 GDPR's wording seems to be in conflict with Article 290(1) TFEU, but in actuality it is not. Article 92(2) GDPR must be read in line with Article 92(3)19 KB (1,525 words) - 08:18, 19 October 2023
- Article 75 GDPR (section (1) The Secretariat)Whether Article 75(1) GDPR can truly ensure the secretariat's freedom from the EDPS' influence, remains to be seen. However, it must be acknowledged that20 KB (1,347 words) - 14:21, 17 October 2023
- not apparent why the principle laid down in Article 72(1) GDPR should be deviated from. Article 72(1) GDPR stipulates that the Board shall take decisions19 KB (1,530 words) - 14:23, 12 October 2023
- version can be found here. The current RoP are divided into eight sections: 1. Legal nature, tasks and guiding principles of the EDPB (Articles 1 to 3 RoP)22 KB (2,266 words) - 08:26, 17 October 2023
- national administration, can be prescribed for members. Competence requirements must be provided by law pursuant to Article 54(1)(b) GDPR. These competence29 KB (2,894 words) - 23:06, 1 April 2024
- concerning the interpretation of Article 28(1) of Directive 95/46/EC ("DPD"), the Regulation's predecessor. Article 28(1) DPD established the existence of supervisory47 KB (5,594 words) - 22:45, 1 April 2024
- Buchner, DS-GVO BDSG, Article 31 GDPR, margin numbers 1-4 (Beck 2020, 3rd edition). For instance, Article 58(1)(f) GDPR, which grants a supervisory authority22 KB (2,042 words) - 14:29, 20 November 2023
- "Informatique et Libertés". Under Article R311-1(4) of the French code of administrative justice, acts taken by the CNIL can be appealed directly before the highest8 KB (824 words) - 22:52, 27 February 2024
- nnees.be/introduire-une-requete-une-plainte In Dutch: https://www.gegevensbeschermingsautoriteit.be/verzoek-klacht-indienen The complaint can be sent by9 KB (993 words) - 07:10, 28 July 2022
- Article 68 GDPR (section (1) Legal personality)shall have legal personality. 2. The Board shall be represented by its Chair. 3. The Board shall be composed of the head of one supervisory authority of each20 KB (1,632 words) - 10:01, 11 October 2023
- (“RoP”). Article 33(1) RoP stipulates that in “accordance with Art 76 (1) GDPR”, discussions of the Board and of expert subgroups shall be confidential when:15 KB (787 words) - 08:17, 19 October 2023
- accordance with paragraph 1 of this Article shall be subject to the supervision of an independent supervisory authority, which may be specific, provided that25 KB (2,482 words) - 10:04, 19 March 2024
- relationship between the GDPR and the EPD is to be found in Recital 10 and Article 1(2) EPD. Article 1(2) EPD provides that the EPD's provisions serve20 KB (1,539 words) - 08:21, 19 October 2023
- third countries and international organisations. The report shall be made public and be transmitted to the European Parliament, to the Council and to the15 KB (1,196 words) - 08:15, 19 October 2023
- but not that the same data subject(s) must be party to the proceedings. If the requirements of Article 81(1) GDPR are fulfilled (meaning, “same subject27 KB (2,619 words) - 14:52, 16 November 2023
- Article 93 GDPR (section (1) Implementing acts)Article 93 - Committee procedure 1. The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation17 KB (1,096 words) - 08:19, 19 October 2023
- the Council. The reports shall be made public. 2. In the context of the evaluations and reviews referred to in paragraph 1, the Commission shall examine16 KB (778 words) - 08:24, 19 October 2023
- official documents to be taken into account when applying this Regulation. Public access to official documents may be considered to be in the public interest22 KB (2,177 words) - 10:01, 19 March 2024
- processing of personal data (see Article 5(1)(a) GDPR), the need to limit the purpose of such processing (see Article 5(1)(b) GDPR), the requirement to have a48 KB (5,978 words) - 15:57, 1 February 2024
- Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should have legal personality. The Board should be represented18 KB (1,327 words) - 12:36, 14 December 2023
- this section! You can help us filling this section! There are two options: 1) a "recurso de reposicion" to ask the AEPD to reconsider its decision or 2)4 KB (386 words) - 15:29, 3 September 2021
- secrecy 1. Member States may adopt specific rules to set out the powers of the supervisory authorities laid down in points (e) and (f) of Article 58(1) in18 KB (1,599 words) - 12:26, 29 April 2022
- Directive 95/46/EC 1. Directive 95/46/EC is repealed with effect from 25 May 2018. 2. References to the repealed Directive shall be construed as references13 KB (530 words) - 09:40, 3 October 2023
- records according to Article 57(1)(u) GDPR. The report may include that information but if it does not, it is unlikely to be invalid. However, the report15 KB (718 words) - 15:31, 19 October 2023
- Article 74 GDPR (section (1) Tasks of the Chair)Article 74 - Tasks of the Chair 1. The Chair shall have the following tasks: (a) to convene the meetings of the Board and prepare its agenda; (b) to notify15 KB (808 words) - 09:44, 17 October 2023
- Regulation, implementing powers should be conferred on the Commission when provided for by this Regulation. Those powers should be exercised in accordance with Regulation15 KB (810 words) - 16:13, 2 November 2023
- of those articles of ZVOP-1 that are still valid or for controllers to whom ZVOP-1 fully applies. 2019 Annual Report can be found on ip-rs.si.10 KB (1,242 words) - 10:51, 6 February 2024
- (like the correspondence with the controller) need to be attached. Under § 24(4) DSG complaints need to be filed one year from the time the complainant has11 KB (1,468 words) - 13:27, 14 May 2023
- Article 99 - Entry into force and application 1. This Regulation shall enter into force on the twentieth day following that of its publication in the Official12 KB (295 words) - 08:25, 19 October 2023
- may be used as an element to demonstrate compliance with the obligations of the controller. The carrying-out of processing by a processor should be governed13 KB (674 words) - 13:15, 2 June 2023
- Commission requests that such matter should be handled in the consistency mechanism. That mechanism should be without prejudice to any measures that the15 KB (851 words) - 06:55, 29 April 2022
- GDPR will be of special importance in light of Brexit, as undoubtedly new mechanisms for cooperation between the British DPA and UE DPAs will be needed.17 KB (1,142 words) - 15:41, 28 April 2022
- final under the administrative procedure, but can be appealed to the courts. Decisions can, however, be appealed to the national courts, starting in the10 KB (1,078 words) - 06:40, 26 March 2023
- identification number or any other identifier of general application shall be used only under appropriate safeguards for the rights and freedoms of the15 KB (660 words) - 09:37, 1 December 2023
- may not be instructed in its functions and shall operate independently of other bodies and of undue influence. The tasks of the NAIH may only be determined7 KB (821 words) - 14:16, 7 March 2024
- Transfers should only be allowed where the conditions of this Regulation for a transfer to third countries are met. This may be the case, inter alia, where14 KB (716 words) - 15:19, 28 April 2022
- Of the 1,046 complaints that were resolved from 1. 1. 2018 to 24. 5. 2018 the DPC has only made 12 formal decisions, which is equivalent to 1,1% of the8 KB (1,034 words) - 14:13, 20 August 2021
- Balaiti). The Organisational Chart can be found here. Reference to procedural law ant the procedure of the ANSPDCP can be found here (in RO). You can help us3 KB (270 words) - 08:26, 2 April 2021
- 2002/58/EC, that Directive should be amended accordingly. Once this Regulation is adopted, Directive 2002/58/EC should be reviewed in particular in order15 KB (943 words) - 09:58, 8 November 2023
- agreement is replaced or revoked, it will then no longer be protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can13 KB (450 words) - 08:22, 19 October 2023
- the Act of 1 August 2018 on the organisation of the National Data Protection Commission and the general data protection framework; the Act of 1 August 201810 KB (1,199 words) - 10:14, 19 October 2022
- Corresponding § 1(1) NVwVfG the German Administrative Procedures Law (Verwaltungsverfahrensgesetz - VwVfG) is applicable except for some provisions (§§ 1, 2, 61(2)5 KB (465 words) - 08:57, 9 January 2024
- another MS, this will be considered as a cross-border case and will be forwarded to the competent supervisory authority which will be responsible for the4 KB (483 words) - 08:17, 12 July 2022
- since 2020 can be found on this page (unfortunately only in Latvian). The DVI is financed by the Latvian government. The funding for 2022 is €1,486,803. Historical6 KB (544 words) - 04:39, 11 October 2022
- the decision be appealed by the data subject, this will then go to the Court of Justice (CJEU) for a final decision. Article 64 states: 1. The Court8 KB (1,078 words) - 12:58, 10 May 2024
- filling this section! You can help us filling this section! According to § 14(1)(1)(6) BDSG the BfDI is responsible for complaints under Article 77 GDPR. The3 KB (297 words) - 14:49, 1 December 2020
- and according to § 25(1)(2) LDSG and § 40(1) BDSG for complaints in the private sector within Baden-Württemberg. Complaints can be filed online on the LfDI's4 KB (275 words) - 11:13, 8 May 2022
- actividad del consejo de transparencia y protección de datos de Andalucía 1/2020, page 24 - https://www.ctpdandalucia.es/sites/default/files/Informe%23 KB (211 words) - 09:58, 18 June 2021
- 1983 - 1 BvR 209/83, 1 BvR 269/83, 1 BvR 362/83, 1 BvR 420/83, 1 BvR 440/83, 1 BvR 484/83 (in DE) (Abstract in EN) - ECLI:DE:BVerfG:1983:rs19831215.1bvr02098318 KB (1,831 words) - 13:49, 3 November 2022
- provide an overview over which sectors and issues will be prioritized. For 2019-2020 this overview can be found here (in SE). You can help us filling this section4 KB (356 words) - 11:51, 20 October 2022
- request, while without his or her active participation the complaint cannot be resolved; d) more than three years have passed from the event that is subject9 KB (1,006 words) - 07:13, 7 July 2021
- Act of Hamburg (Hamburgisches Datenschutzgesetz - HmbDSG). Corresponding § 1 HmbDSG it makes complementary arrangements to the GDPR and regulates specific4 KB (363 words) - 22:01, 7 December 2020
- section! You can help us by filling in this section! The decision database can be found here. You can help us by filling in this section! You can help us by3 KB (195 words) - 13:21, 15 September 2021
- Article 57(1)(f) of the GDPR, each supervisory authority is required on its territory to handle complaints which, in accordance with Article 77(1) of that12 KB (1,780 words) - 17:22, 10 March 2022
- practice. Recital 1: The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter182 KB (24,065 words) - 13:40, 9 July 2021
- such information should not be known to internet users when he considers that it might be prejudicial to him or he wishes it to be consigned to oblivion, even16 KB (2,423 words) - 13:03, 1 June 2023
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)basis: Art. 4 (1), (2), (7) and (8), Art. 5, Art. 44, Art. 46 (1) and (2) (c), Art. 51 (1), Art. 57 (1) (d) and (f), Art. 77 (1), Art. 80 (1) and Art. 93108 KB (17,097 words) - 13:52, 12 May 2023
- CJEU - C-230/14 - Weltimmo (section Questions 1-6)Can Article 4(1)(a) of [Directive 95/46], read in conjunction with recitals 18 to 20 of its preamble and Articles 1(2) and 28(1) thereof, be interpreted13 KB (1,888 words) - 13:07, 1 June 2023
- between that infringement and that damage. The CJEU held that Article 82(1) GDPR must be interpreted as meaning that a mere ‘infringement’ of the GDPR itself5 KB (683 words) - 12:50, 28 June 2023
- possible here. Subparagraph (1)(b) therefore has to be written as #1b! Example: [[Article 6 GDPR#1b|Article 6(1)(b)]] becomes Article 6(1)(b) and links to Article17 KB (2,510 words) - 13:56, 24 April 2023
- can be brought directly against a controller. The civil procedure is mainly regulated in the Law 1/2000, of 7 January, on Civil Proceedings (Ley 1/200015 KB (1,875 words) - 16:18, 13 July 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(1)(c) GDPR)paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and 35, para. 1. Below is a more detailed48 KB (7,442 words) - 10:24, 12 September 2022
- CJEU - C-154/21 - RW v Österreichische Post (category Article 5(1)(a) GDPR)Court asked the following preliminary question: 'Is Article 15(1)(c) of the GDPR to be interpreted as meaning that the claim is limited to information8 KB (992 words) - 17:03, 4 February 2023
- CJEU - C-13/16 - Rīgas satiksme (category Article 6(1)(f) GDPR)question that should be answered only by the Data Controller. The same criterion should be answered by any party to whom the data are asked to be disclosed. Secondly5 KB (749 words) - 12:58, 1 June 2023
- under Article 2(1)(a) Directive 95/46 where a third party has additional knowledge required to identify a data subject. b) Whether Article 7(1)(f) prevents9 KB (1,113 words) - 13:10, 1 June 2023
- CNIL (France) - SAN-2020-012 (category Article 26(1) GDPR)the European Union (hereinafter ECJ) in its decision Planet49 1 st October 2019 (CJEU, 1 st October 2019, C-673/17, pt. 42). 29. In this regard, the Restricted93 KB (14,936 words) - 17:09, 6 December 2023
- Datatilsynet (Norway) - 20/02136 (category Article 6(1) GDPR)Article 6(1)(b) GDPR where only consent should be the relevant legal basis. The NO DPA also considers that data cannot be a commodity and it should not be possible18 KB (2,375 words) - 16:17, 6 December 2023
- reproduction of the personal data to be provided pursuant to Article 15(1) of the GDPR, Article 15(3) sentence 1 of the GDPR must be interpreted as meaning that51 KB (8,592 words) - 07:03, 2 November 2021
- CJEU - Joined Cases C‑26/22 and C‑64/22 - SCHUFA (category Article 6(1) GDPR)the CJEU under Article 267 TFEU: (1) Is Article 77(1) of [the GDPR], read in conjunction with Article 78(1) thereof, to be understood as meaning that the15 KB (2,180 words) - 08:23, 13 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(1)(a) GDPR)subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1, and Article 32, subsection 1, Article 33, subsection 1, and75 KB (11,733 words) - 16:33, 21 August 2022
- ........2 1 Description of the supervisory matter ............................................... .....................................3 1.1 The processing113 KB (12,773 words) - 15:20, 6 December 2023
- Article 13(1) to (3), Article 14(1) to (4) and Article 15(1) to (3) do not apply to personal data consisting of a reference given (or to be given) in confidence14 KB (2,011 words) - 15:42, 25 November 2020
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 35(1) GDPR)regulation[1] article 5, subsection 2, cf. Article 5, subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1, and117 KB (18,075 words) - 10:19, 12 September 2022
- longer necessary. For the intentional infringement of Article 25(1) GDPR and Article 5(1)(a), (c), and (e) GDPR, the authority imposed a pecuniary penalty7 KB (936 words) - 16:39, 12 December 2023
- Article 6(1)(a) and 4(11) GDPR in a case concerning the requirements of consent). Always use the most specific sub-paragraph (e.g. Article 6(1)(a) GDPR17 KB (2,638 words) - 11:18, 19 February 2024
- Data Protection in Romania (section Level 1)national law, meaning the age of consent under GDPR is kept, namely 16 (art. 8.1 GDPR). See Article 7 of the national implementing law. See Article 5 of the16 KB (2,260 words) - 19:26, 30 November 2021
- processing by the defendant can only be Article 6 (1) sentence 1 lit e) DSGVO (see b) or Article 6 (1) sentence 1 lit f) DSGVO (see c), the requirements51 KB (8,215 words) - 09:55, 13 May 2022
- BVwG - W258 2217446-1 (category Article 4(1) GDPR)in paragraph 1. (3) The traders referred to in paragraph 1 shall be entitled to obtain personal data for their activities under paragraphs 1 and 2 from publicly79 KB (12,652 words) - 09:41, 10 September 2021
- et seq. GDPR, which is why the invitee's bid should be excluded, is admissible and well-founded. 1. (1) The application for review is partially admissible62 KB (10,113 words) - 12:48, 17 August 2022
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)Court of Justice of the European Union (CJEU). 1) Should the purpose limitation (Article 5(1)(b) GDPR) be interpreted in such a way that it allows a controller49 KB (7,800 words) - 09:22, 5 January 2024
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)with the violation of article/and 5.1. c); 6.1.; 13.1. (c);13.1(e) and13.2(a)AVG: r PAGE 01-00001582885-0002-0033-01- □1-� r L _JCourt of Appeal Brussels60 KB (9,144 words) - 16:17, 22 March 2022
- LG Köln - 33 O 376/22 (category Article 6(1)(b) GDPR)application 1.b., from §§ 1, 3 para. 1 no. 1, 4 UKlag in conjunction with §§ 307 para. 1, para. 2 no.1 in conjunction with Art. 5 para. 1 lit. a), Art66 KB (9,990 words) - 12:30, 29 January 2024
- Norges Høyesterett - 2021-2403-A (category Article 5(1)(a) GDPR)order for there to be a basis for treatment under Article 6 (1) (f) of the GDPR, three conditions must be met: First, there must be legitimate interests46 KB (7,024 words) - 06:18, 6 March 2022
- taken. The measures must be completed no later than month after this decision became final. 1 Description of the supervisory matter 1.1 The processing The Swedish131 KB (14,752 words) - 08:36, 5 July 2023
- ........3 1 Description of the supervisory matter ............................................... .....................................3 1.1 The processing121 KB (13,722 words) - 15:16, 5 July 2023
- CJEU - C-132/21 - Nemzeti Adatvédelmi és Információszabadság Hatóság (category Article 77(1) GDPR)The CJEU held that the remdies in Articles 77(1), 78(1) and 79(1) GDPR can be exercised concurrently with and independently of each other, even when referring9 KB (1,308 words) - 12:54, 28 June 2023
- The measures must be completed no later than one month after this decision gained legal force. 1 Description of the supervisory matter 1.1 The processing115 KB (12,842 words) - 08:38, 5 July 2023
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(a) GDPR)cf. Article 6 no. 1, the principle of legality in Article 5 no. 1 letter a and the principle of data minimization in Article 5 no. 1 letter c. Transparency31 KB (5,018 words) - 18:44, 5 March 2022
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 5(1)(a) GDPR)at least in part on services that will not be directly affected by decision point 1. The medical list will be able to continue its operations, but within144 KB (23,058 words) - 18:48, 5 March 2022
- Articles 5(1)(a), 12(1) and 13(1)(c) GDPR within three months, to refer not only to information provided on data processed pursuant to Article 6(1)(b) GDPR53 KB (8,413 words) - 14:10, 30 January 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the AEPD considers602 KB (102,229 words) - 14:21, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4680/182/18 (category Article 9(1) GDPR)subsection 1 point 1 of the Data Protection Act. According to Section 6, Subsection 1, Clause 1 of the Data Protection Act, Article 9, Section 1 of the Data49 KB (7,496 words) - 14:44, 24 January 2024
- meaning of Directive 95/46? If the answer to Question 1 is that all or some of such information may be personal data within the meaning of the Directive,6 KB (766 words) - 21:17, 5 March 2024
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)a proportionate period of time 45 Section 5-1-e) of the Regulation provides that : 1. Personal data must be : (e) kept in a form which permits identification41 KB (6,558 words) - 17:09, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)under section 7 (1) (2) of the Data Protection Act, as the data are processed directly due to the statutory tasks referred to in section 6 (1). Personal data41 KB (6,555 words) - 08:37, 4 March 2024
- Delo, R (On the Application Of) v The Information Commissioner - 2023 EWCA Civ 1141 (category Article 57(1)(f) GDPR)resolve a complaint, or that complaints must be "upheld" or not upheld by the Commissioner. This same argument can be extended to to Articles 77 and 78. Recital9 KB (1,191 words) - 08:44, 23 January 2024
- Article 5(1)(f) , 24 and 32 GDPR. Her non-material damage was the fear that her personal data, might be misused in the future and that she could be threatened13 KB (1,963 words) - 11:04, 5 January 2024
- courts for privacy matters. Complaints can be filed directly with the lower instance court pursuant to § 1-3 of the Dispute Act. If the filing concerns8 KB (1,064 words) - 12:53, 23 June 2023
- CJEU - C‑307/22 - Copies of Medical Records (category Article 15(1) GDPR)Article 15(1) GDPR. The court used Article 15(4) to read Article 15(3) as conferring a 'right' to the data free of charge. Payment can therefore be required10 KB (1,478 words) - 11:17, 2 November 2023
- will hereinafter be referred to as [applicant] and the State. 1 The procedure 1.1. An application dated 30 January 2019, with productions 1 to 10, was received14 KB (2,154 words) - 16:27, 10 March 2022
- secured in Chapter 2 § 1 in the Instrument of Government and Chapter 2 § 1 of The Fundamental Law on Freedom of Expression, and Chapter 1 § 1 in the Fundamental7 KB (793 words) - 14:08, 1 October 2021
- Meta pursuant to Article 6(1)(f) GDPR. Lastly, the CJEU noted that the fact that Article 6(1)(a) and Article 9(2)(a) GDPR must be interpreted as meaning that8 KB (1,231 words) - 08:22, 6 July 2023
- Justice, The motion has to be sent jointly with the disputed decision according to R 412-1 and R 412-2 of the same code, it has to be filed with the Registry10 KB (1,108 words) - 09:37, 29 September 2021
- Freedom - La Ligue des Droits de l'Homme - the defendant: IAB Europe 1. Justification 2 1. Pursuant to the agreement concluded between the parties, as ratified8 KB (1,156 words) - 16:56, 12 December 2023
- defendant: IAB Europe Interlocutory decision 01/2021 - 3/6 1. Facts and procedural history 1. Several complaints have been lodged against Interactive Advertising19 KB (2,707 words) - 16:50, 12 December 2023
- Protection in § 1 DSG, the Rights to Privacy and Data Protection in Article 7 and 8 CFR and the Right to Privacy in Article 8 ECHR. Applications can be made direly8 KB (721 words) - 09:32, 24 April 2024
- exceptions in Article 9(1) GDPR, Article 15 GDPR, Article 16 GDPR, Article 18(1)(a) GDPR, Article 18(1)(b) GDPR, Article 18(1)(d) GDPR, Article 20 GDPR10 KB (1,037 words) - 14:52, 10 July 2020
- data as enumerated under Article 3(1) Directive 95/46. The court looked at the term personal data under Article 3(1) Directive 95/46 and Article 2(a) Directive6 KB (580 words) - 13:05, 1 June 2023
- Article 22(1), with the exception of personal data referred to in Article 10 GDPR. This means that data concerning criminal records may be processed only9 KB (1,215 words) - 16:58, 18 May 2021
- защита на личните данни), promulgated with State Gazette No. 1/ 4.01.2002 and entered into force 1.01.2002). Bulgarian law does not define legal entities as10 KB (1,440 words) - 08:54, 17 January 2020
- of the Code and 10 of Legislative Decree lg. 1 September 2011, no. 150, opposition to this provision may be lodged with the ordinary judicial authority14 KB (2,049 words) - 07:46, 1 August 2023
- DSB (Austria) - Austrian Postal Service (category Article 6(1)(f) GDPR)business. The penalty imposed for the identified violations of Articles 5(1), 6(1) and (4) and 9 of the GDPR is not final, as the defendant has appealed against8 KB (611 words) - 16:12, 6 December 2023
- CJEU - C-136/17 - GC and Others (category Article 9(1) GDPR)of preference, must be classified as "processing of personal data" and that the operator of the search engine therefore needs to be considered a 'controller'4 KB (438 words) - 14:23, 11 August 2022
- not be used to take decisions or measures relating to the data subject, nor for other purposes. Statistical and scientific research purposes must be clearly6 KB (757 words) - 13:53, 16 August 2022
- Act (“Zakon o elektronskih komunikacijah, ZEKom-1). Cookies are regulated in Art. 157 ZEKom-1. It should be noted, cookies are not one of the priorities of4 KB (391 words) - 09:57, 17 May 2021
- BVwG - W211 2210458-1/10 (category Article 2(1) GDPR)300,00 To 3): € 300,00 . . . In total: € 1.800 To 1): 3 days To 2): 1 day To 3): 1 day ... In total: 5 days Ad 1): Art. 83, para. 5, lit. a Previous search92 KB (15,435 words) - 16:00, 22 March 2022
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)the relevant court act and are undisputed. 3. Legal Assessment 3.1. To I to A) 3.1.1. Legal situation: Art. 12 of Regulation (EU) 2016/679 of the European47 KB (7,519 words) - 09:28, 13 February 2024
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)infringement of Articles 5.1. a), 5.1. c), 6.1, 8, 12.1 and 13 of the AVG has been proven and it is appropriate to order that the processing be brought into conformity48 KB (7,926 words) - 16:56, 12 December 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)treaties (1) or the national provisions of § 173 sentence 1 VwGO in conjunction with § 173 sentence 1 VwGO. § 328 ZPO or §§ 108 f. FamFG (2). 53 (1) The judgment112 KB (19,310 words) - 08:08, 23 June 2022
- violating Article 5(1)(c) and Article 5(1)(e) GDPR. The DPA of Berlin fined Deutsche Wohnen SE for violating Article 5(1)(c) and Article 5(1)(e) GDPR, because36 KB (5,810 words) - 13:09, 21 January 2022
- Helsingin hallinto-oikeus (Finland) - 116/2024 (category Article 5(1)(a) GDPR)Section 6 subsection 1 point 1 of the Data Protection Act must be interpreted in the light of this general principle. In addition, it should be noted that Section41 KB (6,133 words) - 10:29, 25 March 2024
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)basis must be identified at the outset of the processing among the ones exhaustively listed in Article 6(1) GDPR. Article 6(1) GDPR reads: 1. Processing99 KB (14,431 words) - 16:20, 6 December 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)to prevent damage from criminal offenses (cf. § 34 Para. 1 No. 1 in conjunction Section 33 (1) no. 2 letters a, b, d, f, g BDSG) is not provided for. c)32 KB (5,093 words) - 16:07, 11 September 2022
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)Facts and procedure I.1. As for the complaint of complainant no. 1 (DOS-2020-05649) 1. On December 4, 2020, complainant no. 1 filed a complaint with the113 KB (17,325 words) - 08:50, 19 March 2024
- the transmitted data (see point II.1.3 or II.1.3.1) at least in combination, personal data according to Art. 4 Z 1 DSGVO. For the lack of an appropriate158 KB (26,392 words) - 08:25, 7 June 2023
- VG Wiesbaden - 6 K 788/20.WI (category Article 15(1)(h) GDPR)Articles 21 (1) sentence 1, 22 (1) and 4 no. 4 of the GDPR as well as recitals 71 p. 1, 2 and 72 can be interpreted as follows. 1, 2 and 72 can be understood52 KB (8,534 words) - 12:58, 15 December 2021
- CJEU - C-667/21 - Krankenversicherung Nordrhein (category Article 5(1)(f) GDPR)Article 6(1) GDPR? On the topic of non-material damages 4) Does Article 82(1) GDPR have a specific or general preventive character, and must that be taken14 KB (1,916 words) - 16:03, 2 February 2024
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)Article 12.2. of the GDPR. 8.1.3. As for the breach of the principle of minimization (article 5.1 c) of the GDPR) 8.1.3.1. In view of the consultation127 KB (21,484 words) - 17:01, 12 December 2023
- third-party action (1.). On the complainant's side, his general right of personality (Article 2.1 in conjunction with Article 1.1 of the Basic Law) in133 KB (21,944 words) - 15:59, 22 March 2022
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)complainant. Specifically, the DSB cites Articles 5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article31 KB (4,648 words) - 13:56, 12 May 2023
- EDPB - Binding Decision 1/2021 - 'WhatsApp' (category Article 5(1)(a) GDPR) (section Deadline and actions to be taken by WhatsApp under the compliance order)2020). Factors to be taken into account when deciding on the amount of a fine. Article 83(1) and 83(2) GDPR provide that any fine should be “effective, proportionate29 KB (4,384 words) - 16:00, 6 December 2023
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)provided for in Article 5(1)(a), (e) and (f), Article 5(2), Article 24(1) and (2), Article 28(3), Article 30(1)(d) and (f) and Article 32(1) of the General Data58 KB (9,357 words) - 10:02, 17 November 2023
- BVwG - W214 2228164-1 (category Article 4(1) GDPR) (section Lawfulness According to Article 6(1)(f) GDPR)credit scoring purposes in light of Articles 5(1)(c), 5(1)(e) and 6(1)(f) GDPR and held that financial data may be stored for more than 5 years. This also applies8 KB (987 words) - 10:01, 12 May 2022
- pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore be opposed to a data use that39 KB (6,244 words) - 09:40, 10 September 2021
- Tietosuojavaltuutetun toimisto (Finland) - 8211/161/19 (category Article 5(1)(d) GDPR)prevent this from happening, in violation with Article 24(1), Article 24(2), and Article 25(1) GDPR. According to Article 24(4) of the Finish Data Protection42 KB (6,579 words) - 08:46, 27 January 2022
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 5(1)(a) GDPR)it acts as a data controller (5(1)(a), 12(1), 13(1) of the General Data Protection Regulation, Articles 13(2) and 25(1)) Decision of the Deputy Data Protection52 KB (7,936 words) - 22:32, 2 March 2024
- Helsingin hallinto-oikeus (Finland) - 117/2024 (category Article 9(1) GDPR)Section 6 subsection 1 point 1 of the Data Protection Act must be interpreted in the light of this general principle. In addition, it should be noted that Section22 KB (3,290 words) - 10:29, 25 March 2024
- or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);65 KB (9,767 words) - 16:22, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3216/452/17 (category Article 5(1)(a) GDPR)subsection 1, point 1 of the Data Protection Act. According to Section 6, Subsection 1, Clause 1 of the Data Protection Act, Article 9, Section 1 of the Data60 KB (9,117 words) - 14:46, 24 January 2024
- Personvernnemnda (Norway) - 2021-18 (20/02059) (category Article 5(1)(d) GDPR)specific categories of information in Article 8 (1) and (5) of Directive 95/46 or in Article 9 (1), Article 10 (1) and Article 10 of Regulation 2016/679, the36 KB (5,859 words) - 06:40, 6 July 2022
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)2020, §§ 291, 288 Paragraph 1, 187 Paragraph 1 BGB in conjunction with §§ 253 Paragraph 1, 261 Paragraph 1, 222 para. 1 ZPO. II.62 II. 63 The decision27 KB (4,216 words) - 13:26, 8 January 2024
- Administrative Court. 3. Legal Assessment 3.1. To dismiss the complaint 3.1.1. In accordance with Art. 15 Para. 1 GDPR, the data subject has the right to request48 KB (7,816 words) - 11:04, 29 July 2022
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)with the provisions of Article 6(1)(c), Article 6(1)(f) GDPR, or both provisions? 2. Does the answer to Question 1 mean: a) that the person whose29 KB (4,605 words) - 17:00, 15 December 2021
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)with article 5.1 of the RGPD, the processing of personal data must be governed by the following principles: "1. The personal data will be: a) treated in29 KB (4,482 words) - 14:06, 5 March 2024
- AEPD (Spain) - EXP202206626 (category Article 5(1)(c) GDPR)***NIF.1 (hereinafter, the part claimed), for the installation of a video surveillance system located in URBANIZATION ***URBANIZATION.1, ***LOCALITY.1, LLEIDA35 KB (5,475 words) - 13:21, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 834/532/18 (category Article 5(1)(a) GDPR)of the individual would be that a judgment given in a disputed case cannot be followed by a default notice, but could only be entered if the enforcement43 KB (6,677 words) - 08:47, 27 January 2022
- Tietosuojavaltuutetun toimisto (Finland) - 4356/532/19 (category Article 5(1)(a) GDPR)of the individual would be that a judgment given in a disputed case cannot be followed by a default notice, but could only be entered if the enforcement43 KB (6,671 words) - 08:49, 27 January 2022
- OGH - 6Ob35/21x (category Article 4(1) GDPR)listed by way of example, are not to be equated with the non-material damage as such to be compensated under Article 82(1) of the GDPR; they can only "lead27 KB (4,090 words) - 09:54, 10 September 2021
- Tietosuojavaltuutetun toimisto (Finland) - 7285/183/18 (category Article 5(1)(a) GDPR)met. In accordance with Section 6, Subsection 1, Section 1 of the Data Protection Act, Article 9, Section 1 of the Data Protection Regulation does not apply73 KB (11,237 words) - 05:34, 21 July 2022
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)sold to anyone. It may be transferred to third parties under the conditions established in art. 39. 1 of said Royal Decree 1434/2002: 1. The holder of the39 KB (6,623 words) - 14:08, 13 December 2023
- information society services the age of consent is 16 years following Article 8(1) GDPR. There is no specific age of consent for other support and advisory services7 KB (764 words) - 07:50, 6 May 2024
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)the public: 0117 OSLO Offl §13 cf. Fvl §13 no. 1 Their reference Our reference Date 9135764/1 20 / 01790-1 (19/01267) / EHN 22.12.2020 Decision on the imposition49 KB (7,646 words) - 07:56, 7 March 2022
- OLG Dresden - 4 U 1905/21 (category Article 15(1) GDPR)on April 1, 2017 in the amount of €39.96, 14 Tariff B... increase on April 1, 2020 in the amount of €74.26, 15Tarif T... increase on April 1, 2017 in the40 KB (6,325 words) - 16:12, 18 May 2022
- OLG Nürnberg - 8 U 2907/21 (category Article 15(1) GDPR)served on the defendant until January 15, 2021 (Section 204 (1) No. 1 BGB, Section 253 (1) ZPO). Insofar as the district court has determined that the24 KB (3,847 words) - 15:19, 11 September 2022
- UODO (Poland) - ZSPR.421.2.2019 (category Article 5(1)(f) GDPR)Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and Article 32(1)(d). d71 KB (11,304 words) - 10:01, 17 November 2023
- Datatilsynet (Norway) - 20/02375 (category Article 6(1)(f) GDPR)Ordinance Article 5 No. 1 letter a and the requirement for legal basis in Article 6 (1) is among the basic requirements to be met when a business processes40 KB (5,943 words) - 18:54, 5 March 2022
- HDPA (Greece) - 30/2020 (category Article 4(1) GDPR)been able to be accomplished via a more mild measure - the area of surveillance must be limited only to that needed for the purpose to be met and not to20 KB (2,519 words) - 15:36, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)violation of articles 38.1, 38.3, 39.1 a) and 39.1 b) of the GDPR; - to issue an injunction against Company A to comply with Article 38.1 of the GDPR, within66 KB (9,458 words) - 19:42, 4 September 2021
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)Chapter 5 contains the operative part and the legal remedies clause. 1. Introduction 1.1 Legal entities involved and reason for investigation OLVG is a foundation67 KB (11,415 words) - 17:15, 12 December 2023
- APD/GBA (Belgium) - 06/2019 (category Article 5(1)(c) GDPR)concerning the violation of Articles 5.1. c); 6.1. ; 13.1. c); 13.1. e) and 13.2. a) of the GDR:- pursuant to Article 100, § 1, 9° of the ICA, to order the respondent20 KB (3,137 words) - 16:51, 12 December 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)would have had to be issued, Art. 33 Para. 1 M 158/10 -, resolution of September 14, 2012 - 1 M 94/12 - and resolution of October 25, 2012 - 1 M 103/12 -, each14 KB (1,999 words) - 14:20, 18 July 2023
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(a) GDPR)comply with section 5.1(b) of the MDR, and for failure to comply with section 5.1(a) of the MDR. and 5.1(b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the MDR35 KB (5,853 words) - 16:58, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)Article 5(1)(e) of the General Data Protection Regulation requires that personal data be stored in a form from which the data subject can be identified77 KB (12,352 words) - 07:20, 23 April 2024
- AEPD (Spain) - EXP202201721 (category Article 6(1) GDPR)that should be imposed, they must The provisions contained in articles 83.1 and 83.2 of the RGPD must be observed, which they point out: "1. Each supervisory79 KB (12,408 words) - 13:24, 13 December 2023
- UODO (Poland) - DKN.5131.6.2020 (category Article 33(1) GDPR)Article 102 (1) (1) and (3) of the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2019. item 1781), as well as Article 57 (1) (a),66 KB (10,785 words) - 10:00, 17 November 2023
- AEPD (Spain) - EXP202209511 (category Article 6(1) GDPR)***NIF.1, for a violation of Article 6.1 and another of article 13 of the RGPD, typified in Article 83.5 letters a) and b) of the RGPD, a fine of €1,500 (€122 KB (3,257 words) - 13:28, 13 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Lawfulness and fairness of processing - Article 5(1)(a) and 6 GDPR)▪ Articles 5.1.a and 5.2 (principles of fairness, transparency and accountability) ▪ Article 6.1 (lawfulness of processing); ▪ Article 9.1 and 9.2 (processing429 KB (58,279 words) - 09:12, 2 November 2022
- AEPD (Spain) - EXP202105644 (category Article 5(1)(f) GDPR)controller will be responsible for compliance with the provisions of section 1 and able to demonstrate it (“proactive responsibility”).” Article 72.1 a) of the27 KB (4,121 words) - 15:06, 13 December 2023
- contents Nos. 1, 3, 4, 5 and 83, as well as content No. 64. 1 SPMT-ARISTA is an external service for prevention and protection at work, which since 1 January131 KB (22,429 words) - 16:57, 12 December 2023
- sanctions not be imposed on the basis that the infractions would be statute-barred. SIXTH: The following are declared accredited PROVEN FACTS 1) The claimant66 KB (10,558 words) - 13:14, 13 December 2023
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)processing", details in its section 1 the cases in which data processing is considered lawful: "1. Processing will only be lawful if it meets at least one26 KB (4,147 words) - 13:27, 13 December 2023
- AEPD (Spain) - EXP202205932 (category Article 6(1) GDPR)fine that should be imposed, the following must be observed: provisions contained in articles 83.1 and 83.2 of the RGPD, which indicate: "1. Each supervisory32 KB (4,952 words) - 13:11, 13 December 2023
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)article 72.1.b) of the LOPDGDD, with a fine of 6,000 euros (six a thousand euros). 2. That the claimed party be imposed, within the term to be determined74 KB (11,726 words) - 13:02, 13 December 2023
- for compensation must be dismissed and, therefore, the action must be dismissed in its entirety. Costs125 Under Article 134(1) of the Rules of Procedure61 KB (9,971 words) - 14:28, 4 January 2024
- AEPD (Spain) - EXP202100764 (category Article 5(1)(f) GDPR)III Article 5.1.f) of the GDPR Article 5.1.f) “Principles relating to processing” of the GDPR establishes: "1. The personal data will be: (…) f) treated34 KB (5,184 words) - 13:22, 13 December 2023
- LG Krefeld - 2 O 448/20 (category Article 15(1) GDPR)91 Paragraph 1, 709 S. 1, S. 2 ZPO. 44 The amount in dispute is set at a total of 16,000.00 EUR. The determination is based on §§ 48 Abs. 1 GKG, 3 ZPO.17 KB (2,758 words) - 14:10, 15 December 2021
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)to injunctive relief from § 29 para. 1 sentence 1 no. 2 BDSG old version, but from § 29 para. 1 sentence 1 no. 1 BDSG old version, although the "basic121 KB (20,412 words) - 15:58, 10 March 2022
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)associated with the complaining party the email ***USER.1@gmail.com and the phone number ***PHONE.1. - That within the framework of the contracting, the conditions45 KB (7,135 words) - 13:08, 13 December 2023