Search results
From GDPRhub
- CJEU - C-33/22 - Österreichische Datenschutzbehörde (category Article 2(2)(a) GDPR)committee fall under national security as defined by Recital 16 GDPR, therefore, making Article 2(2)(a) GDPR applicable? 3) If question 2 is answered in the8 KB (1,127 words) - 08:53, 30 January 2024
- GDPR. Recital 71 sentence 1 GDPR. Recital 71 sentence 1 GDPR. Recital 28 sentence 1 GDPR, such as Hansen, in Simitis, Hornung, Spieker, Datenschutzrecht125 KB (16,328 words) - 16:01, 8 March 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)BDSG, Article 6 GDPR, margin number 20 (C.H. Beck 2020). Recital 32 sentence 1 GDPR. Recital 32 sentence 2 GDPR. Recital 32 sentence 3 GDPR. CJEU, C‑673/17108 KB (17,005 words) - 15:39, 18 March 2024
- under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details on the51 KB (6,355 words) - 08:25, 18 April 2024
- HDPA (Greece) - 20/2020 (category Article 2(2)(a) GDPR)complaint does not relate to the national issue. 2. According to recital 16 of the GDPR, this Regulation does not apply to issues of protection of fundamental29 KB (4,578 words) - 15:35, 6 December 2023
- (Article 12(1) GDPR), facilitate the data subject (Article 12(2) GDPR), respond and communicate the measures taken (Article 12(3) and (4) GDPR), the principle61 KB (8,488 words) - 15:47, 18 March 2024
- Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Articles 16 to 22 GDPR) but also allows to check if the controller has complied with the ex-ante information provided under Articles 13 or 14 GDPR. EDPB:73 KB (9,896 words) - 15:46, 18 March 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)Article 83(8) GDPR corresponds in this respect to Recital 148 sentence 4 GDPR. Nemitz, in Ehmann,Selmayr, Datenschutz-Grundverordnung, Article 83 GDPR, margin55 KB (7,622 words) - 14:04, 7 November 2023
- 14(2)(g) and 15(1)(h) GDPR. Recital 50 GDPR. Dix, in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 13 GDPR, margin number 20 (C.H71 KB (9,532 words) - 13:30, 6 March 2024
- Article 4(7) GDPR (definition of controller), Article 4(8) GDPR (definition of processor), Article 4(16) GDPR (definition of main establishment), Article55 KB (7,446 words) - 22:28, 1 April 2024
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)(Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data portability46 KB (5,825 words) - 11:12, 7 November 2023
- specific criteria should not fall within the scope of this Regulation. Recital 16: Not Applicable to National Security and Common Foreign and Security Policy34 KB (4,652 words) - 12:07, 12 November 2023
- of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific legal44 KB (5,905 words) - 14:00, 24 October 2023
- of the most innovative elements in the GDPR related to the accountability principle (see Articles 5(2) and 24 GDPR). This provision regulates the cases in52 KB (7,297 words) - 08:05, 18 July 2023
- natural persons”. The GDPR does not define what constitutes a “risk to the rights and freedoms of natural persons”. Recital 75 GDPR only outlines potential54 KB (6,536 words) - 08:22, 16 June 2023
- sanctions for infringements in the Member States. Recital 12: Article 16(2) TFEU Mandate Article 16(2) TFEU mandates the European Parliament and the Council28 KB (3,831 words) - 16:21, 14 March 2024
- out data relating to deceased persons, this Recital confirms Recital 27 GDPR, according to which the GDPR “does not apply to the personal data of deceased29 KB (3,695 words) - 13:44, 21 March 2024
- the meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)Article 25 GDPR or Article 32 GDPR. This provision assigns a proactive role to the controller who has to ensure compliance with the GDPR at all stages30 KB (3,458 words) - 10:31, 25 April 2024
- important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Regulation (GDPR), Article 7 GDPR, p. 350 (Oxford University Press 2020). Heckmann, Paschke, in Ehmann, Selmayr, Datenschutz-Grundverordnung, Article 7 GDPR, margin31 KB (3,489 words) - 16:00, 8 March 2024
- Berlin. If their behaviour is monitored by an app, the GDPR applies. In light of Recital 14 GDPR and the EDPB guidelines, the targeting criterion covers37 KB (4,635 words) - 13:29, 24 October 2023
- Data Protection Regulation (GDPR): A Commentary, Article 55 GDPR, page 909 (Oxford University Press 2020). See Recital 20 GDPR and CJEU, in C-245/20 - Autoriteit35 KB (3,971 words) - 21:34, 1 April 2024
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))(Article 12 GDPR), information (Articles 13 and 14 GDPR), access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction44 KB (4,896 words) - 06:25, 16 June 2023
- Article 82 GDPR – like almost all provisions of the GDPR – is directly applicable in all Member States without any act of implementation. Article 82 GDPR leaves33 KB (4,215 words) - 09:57, 19 March 2024
- subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also required27 KB (2,604 words) - 14:24, 16 January 2024
- in other parts of the GDPR. To begin with, Recital 141 GDPR clarifies that an SA must “act on a complaint”. Article 57(1)(f) GDPR, in turns, establishes30 KB (3,874 words) - 10:46, 7 December 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)Article 79 GDPR, margin number 14 (rdb.at 2018). Jahnel in Jahnel, DSGVO, Article 79 GDPR, margin number 29 (Jan Sramek 2021). See Recital 141 GDPR. Moos,31 KB (3,550 words) - 11:11, 29 November 2023
- differences between portability and access under Article 15(3) GDPR. According to Recital 68, the data should be available in an "interoperable format"40 KB (5,349 words) - 07:05, 1 June 2023
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA is also60 KB (7,796 words) - 20:12, 1 April 2024
- large-scale, or involve processing of data under Article 9 GDPR or Article 10 GDPR. Recital 97 GDPR clarifies that the core activities of a controller are43 KB (4,904 words) - 12:59, 21 July 2023
- personal data as well (see Recital 163 GDPR). Tosoni in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 98 GDPR, p. 1315 (Oxford University15 KB (943 words) - 09:58, 8 November 2023
- 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article 16 GDPR, titled23 KB (2,489 words) - 23:24, 6 March 2024
- (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR) and the34 KB (3,646 words) - 08:53, 27 March 2023
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- purposes outlined in Article 23(1)(a) to (j) GDPR (e.g. national and public security) as well as Recital 73 GDPR (e.g. protection of human life). In any case49 KB (5,993 words) - 06:22, 16 June 2023
- catalogue of penalties in Article 83 GDPR. National legislators may add provisions to fill these gaps. Under Recital 152 GDPR, these provisions may either be19 KB (1,477 words) - 14:12, 7 November 2023
- 22(2)(c) GDPR. Finally, decisions based on explicit consent are also subjected to the safeguards laid down in Article 22(3) GDPR. Article 22(3) GDPR lays down31 KB (4,768 words) - 06:24, 16 June 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)Protection Regulation (GDPR): A Commentary, Article 27 GDPR, pp. 595-596 (Oxford University Press 2020). Recital 80 sentence 5 GDPR. Ziebarth, in Sydow,25 KB (2,418 words) - 14:11, 24 May 2023
- interpreted Recital 144 GDPR to have limited the scope of Article 81 GDPR, as applying only to proceedings instigated under Article 78 GDPR. The first sentence27 KB (2,619 words) - 14:52, 16 November 2023
- 88(1) GDPR) and a conditional function (Article 88(2) GDPR). While Article 88(2) GDPR determines the scope of the opening clause, Article 88(1) GDPR establishes32 KB (3,228 words) - 13:32, 30 November 2023
- checks. The 16-year age limit is not absolute. Under Article 8(1) GDPR, Member States can adjust this age requirement to anywhere between 13 and 16 years. Thus19 KB (1,335 words) - 13:56, 24 October 2023
- 25 May 2018, pp. 15-16 (available here). Kuner, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 49 GDPR, p. 854 f. (Oxford University29 KB (3,500 words) - 08:54, 27 March 2023
- since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR. While Article47 KB (5,644 words) - 17:49, 5 March 2024
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)transfers), they may simultaneously invoke Article 16 GDPR (right to rectification) and Article 18 GDPR (right to restriction) in order to request the controller32 KB (3,730 words) - 08:43, 7 March 2024
- purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the Case of47 KB (5,594 words) - 22:45, 1 April 2024
- exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward its27 KB (3,038 words) - 12:19, 11 October 2023
- You can find all related decisions in Category:Article 36 GDPR Recital 89 GDPR. Article 36 GDPR must therefore be read as one element within a wider framework31 KB (3,646 words) - 08:51, 21 July 2023
- application of Article 65(1)(a) GDPR, (13 April 2021), margin number 57 (available here). See also Recital 143 GDPR. See Article 78(2) GDPR. Hijmans, in Kuner et33 KB (4,185 words) - 16:09, 2 November 2023
- incorrect data on a regular basis could not be addressed under Article 16 GDPR as Article 16 GDPR can only be invoked to rectify existing inaccurate data but not33 KB (3,641 words) - 09:51, 19 March 2024
- situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in cross-border35 KB (4,017 words) - 16:04, 18 March 2024
- Article 93 GDPR (category Article 93 GDPR) (section GDPR cases where the examination procedure is referred to)Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats and17 KB (1,096 words) - 08:19, 19 October 2023
- provisions of the GDPR. This decision refers to the Administrative cooperation between SAs (covering cooperation under Articles 56, 60, 61 and 62 GDPR) and the15 KB (810 words) - 16:13, 2 November 2023
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide concrete44 KB (5,008 words) - 14:50, 28 July 2023
- compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor should72 KB (9,140 words) - 13:12, 2 June 2023
- 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting provision to Article 58 GDPR. In22 KB (2,042 words) - 14:29, 20 November 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Articles 13 or 14 GDPR. This can be drawn from the final sentence of Article 11(1) GDPR. It must be assessed with the utmost attention whether GDPR provisions20 KB (1,854 words) - 16:32, 8 March 2024
- Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)prevention (Article 23(1)(a-j) GDPR) allow for far fewer GDPR restrictions than those granted by freedom of expression. Article 85(2) GDPR poses one condition for33 KB (3,748 words) - 14:25, 7 November 2023
- proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public is15 KB (1,196 words) - 08:15, 19 October 2023
- Category:Article 86 GDPR At para. 120 Kranenborg, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 86 GDPR, p. 1216 (Oxford University22 KB (2,177 words) - 10:01, 19 March 2024
- outlined under other Articles of the GDPR, namely in Articles 51, 52 and 53 GDPR. The second objective, under Article 54(2) GDPR, seeks to regulate the confidentiality34 KB (3,649 words) - 13:19, 30 October 2023
- Article 72 GDPR regulates the Board's voting procedure. Generally, the GDPR grants the EDPB a high degree of autonomy. In particular, Article 72(2) GDPR entitles22 KB (2,266 words) - 08:26, 17 October 2023
- the scope of the LED from the scope of the GDPR. Article 10 GDPR is intended to extend the protection of the GDPR to the processing of certain criminal data17 KB (1,768 words) - 15:41, 18 March 2024
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)true also under Article 91 GDPR”. See, Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University25 KB (2,482 words) - 10:04, 19 March 2024
- subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- authority. Article 61(1) GDPR regulates how independent authorities are to cooperate to enable the uniform application of the GDPR. Supervisory authorities24 KB (2,181 words) - 11:46, 15 January 2024
- provisions of the GDPR require the controller to keep track of individual recipients. For example, Article 15(1)(c) GDPR and Article 19 GDPR require the disclosure31 KB (3,327 words) - 15:31, 5 June 2023
- Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR. In these cases15 KB (851 words) - 06:55, 29 April 2022
- sors_en Recital 121 GDPR. Hijmans, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 53 GDPR, p. 88829 KB (2,894 words) - 23:06, 1 April 2024
- of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs, across17 KB (1,142 words) - 15:41, 28 April 2022
- provisions under Article 75(3) GDPR. The employees of the Board's secretariat only report to the Chair (Recital 140 GDPR). In this respect, they are therefore20 KB (1,347 words) - 14:21, 17 October 2023
- exclusion of Article 82 GDPR is confirmed by the last sentence of Recital 142 GDPR. In addition, Article 80(2) GDPR does not permit Member States to allow NPOs26 KB (2,575 words) - 15:50, 9 November 2023
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- 60, 63, 64 and 65 GDPR) immediately adopt provisional measures intended to produce legal effects on its own territory. Article 66 GDPR creates strict conditions20 KB (1,590 words) - 16:11, 2 November 2023
- Article 19 GDPR therefore requires controllers, subject to certain exceptions, to communicate their exercise to recipients under Article 4(9) GDPR. The first19 KB (1,436 words) - 12:35, 12 May 2023
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set forth20 KB (1,632 words) - 10:01, 11 October 2023
- with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand, and18 KB (1,599 words) - 12:26, 29 April 2022
- It shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force12 KB (295 words) - 08:25, 19 October 2023
- Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters Kluwer22 KB (1,915 words) - 13:46, 15 January 2024
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 42 GDPR (category GDPR Articles) (section (7-8) What processing operations can be certified under the GDPR)between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter, the applicant27 KB (2,452 words) - 14:26, 28 July 2023
- in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C.H. Beck15 KB (808 words) - 09:44, 17 October 2023
- 76 GDPR, margin number 1 (C.H. Beck 2020, 3rd edition). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p15 KB (787 words) - 08:17, 19 October 2023
- encompasses other obligations of controllers under the GDPR. EDPB: This extends to various obligations under the GDPR, including but not limited to the implementation37 KB (3,915 words) - 12:49, 24 May 2023
- mentioned in Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple majority19 KB (1,530 words) - 14:23, 12 October 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)of the European Union ("TFEU"), within the scope of the GDPR. The function of Article 92 GDPR is to lay down conditions for the delegation of power as19 KB (1,525 words) - 08:18, 19 October 2023
- of the GDPR enforcement across the Member States. → You can find all related decisions in Category:Article 64 GDPR Caspar in Kühling, Buchner, GDPR Article23 KB (2,079 words) - 16:07, 2 November 2023
- when passing the GDPR. In fact, all but one EU Member State (who has sought higher protections) have voted in favor the GDPR. The GDPR is not just consisting48 KB (5,978 words) - 15:57, 1 February 2024
- Recitals GDPR (section Recitals from the GDPR)progress. Fill in the name used for the recital if you use it so we can ensure a somewhat streamlined practice. Recital 1: The protection of natural persons182 KB (24,065 words) - 13:40, 9 July 2021
- Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p. 194 (Oxford29 KB (2,823 words) - 15:15, 28 April 2022
- per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the Commission16 KB (778 words) - 08:24, 19 October 2023
- enforcement of the GDPR. → You can find all related decisions in Category:Article 59 GDPR Selmayr, in Ehmann, Selmayr, DS-GVO Kommentar, Article 59 GDPR, margin number15 KB (718 words) - 15:31, 19 October 2023
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)data under Article 4(1) GDPR, especially because they allow to single out a data subject within the meaning of recital 26 of the GDPR. It is sufficient that108 KB (17,097 words) - 13:52, 12 May 2023
- undefined in the GDPR. “Expertise” is only referred to again under Article 41(2)(a) GDPR, although briefly. Additionally, Article 41(1) GDPR specifies that30 KB (2,720 words) - 14:02, 28 July 2023
- CJEU - C-154/21 - RW v Österreichische Post (category Article 5(1)(a) GDPR)that the data subject has under Articles 16, 17(1) and 18 GDPR. The Court also made reference to Recital 10 GDPR and Article 8 of the Charter of Fundamental8 KB (992 words) - 17:03, 4 February 2023
- BVwG - W211 2222613-2/12E (category Article 15(3) GDPR)same applies to the right to erasure under Article 17 of the GDPR. Recital 63 of the GDPR also supports this view. It shows that the legislator wants to51 KB (8,592 words) - 07:03, 2 November 2021
- GDPRhub style guide (section GDPR)6(1)(a) GDPR Example: Not Art. 6 Abs 1 Lit a GDPR or Article 6 GDPR or GDPR Article 6, Sec 1(a) Recitals are also not shortened. Example: Recital 47 Example:17 KB (2,510 words) - 13:56, 24 April 2023
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the113 KB (12,773 words) - 15:20, 6 December 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the131 KB (14,752 words) - 08:36, 5 July 2023
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)understood as made to the GDPR, in accordance with article 94 of the last. Likewise, it is apparent from recital 173 of the GDPR that this text explicitly93 KB (14,936 words) - 17:09, 6 December 2023
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)Article 46 GDPR. In 2020, noyb lodged a complaint with the Austrian DPA alleging that the controller breached the provisions of Chapter V GDPR. The complaint121 KB (13,722 words) - 15:16, 5 July 2023
- Rb. Midden-Nederland - UTR- 20 817 en UTR 20 3081 (category Article 77 GDPR)complaint in accordance with Article 78, second paragraph, of the GDPR and recital 141 of the GDPR. Has the defendant observed the reasonable period in handling25 KB (3,954 words) - 13:39, 16 November 2020
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the115 KB (12,842 words) - 08:38, 5 July 2023
- OGH - 6Ob35/21x (category Article 4(1) GDPR)laid down in the GDPR, so that the general conditions for claims were decisive, unless the GDPR contained special rules; even under the GDPR, only non-material27 KB (4,090 words) - 09:54, 10 September 2021
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not only to36 KB (5,810 words) - 13:09, 21 January 2022
- Datatilsynet (Norway) - 21/03530 (redirect from Datatilsynet (Norway) - 21/03530-16) (category Article 6(1)(b) GDPR)situation is warranted. In this respect, Recital 137 GDPR states 65 66See Article 77 GDPR. See Recital 137 GDPR. 28that an urgent need to act in order to99 KB (14,431 words) - 16:20, 6 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)norm addressee of Chapter V GDPR. The bB be directly responsible for BF2, which violated Art. 44 ff GDPR. Regarding The GDPR is applicable to the processing158 KB (26,392 words) - 08:25, 7 June 2023
- CJEU - C-439/19 - B v. Latvijas Republikas Saeima (category Article 2(2)(a) GDPR)should be well-known to everyone that the GDPR provides enhanced protection to sensitive data. Article 10 of the GDPR refers to these data collections which12 KB (1,792 words) - 18:13, 1 February 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)information to be communicated must be based on recital 63 of the GDPR. According to recital 63 sentence 1 of the GDPR, the data subject’s right to information32 KB (5,093 words) - 16:07, 11 September 2022
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that this24 KB (3,847 words) - 15:19, 11 September 2022
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)violations of the provisions of the GDPR. It should be borne in mind here that recital 146 sentence 3 of the GDPR requires a broad interpretation in order28 KB (4,527 words) - 15:58, 26 April 2022
- LG Krefeld - 2 O 448/20 (category Article 15(1) GDPR)an access request under Article 15(1) GDPR. According to Recital 63 GDPR, the right of access under Article 15 GDPR serves data subjects to be informed about17 KB (2,758 words) - 14:10, 15 December 2021
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)gas distribution company €12,000 for a violation of Article 5(1)(f) of the GDPR. A customer of a gas distribution company (Madrileña Red De Gas, S.A.U) complained39 KB (6,623 words) - 14:08, 13 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR. The customer41 KB (6,558 words) - 17:09, 6 December 2023
- CJEU - C‑479/22 - OC v Commission (category Article 4(1) GDPR)‘means reasonably likely’ to be used to identify a data subject (recital 26 GDPR and recital 16 EUDPR) was limited. Rather, the court should have looked at6 KB (893 words) - 09:33, 19 April 2024
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR) read in conjunction121 KB (20,412 words) - 15:58, 10 March 2022
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)e) of the GDPR). 8.1.4. As for breaches of Articles 5.2. and 24 of the GDPR 88. Article 24.1 of the GDPR which covers Chapter IV of the GDPR devoted to127 KB (21,484 words) - 17:01, 12 December 2023
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 4(11) GDPR)reprimand concerning the requirements for consent as required by Article 6(1)(a) GDPR. Datatilsynet examined a complaint regarding the processing of personal data65 KB (9,767 words) - 16:22, 6 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)(according to the Federal Court of Justice, Judgment of December 16, 2020 - IV ZR 294/16 - para. 26). At the same time it follows from the wording "relevant"40 KB (6,325 words) - 16:12, 18 May 2022
- Digitaliseringsstyrelsen - Decision against Google of 30 October 2023 (category Article 4(11) GDPR)(Google Spain and Google), paragraph 60. Page 8 of 16 The EU Court subsequently clarified in C-210/16 (Wirtschaftsakademie Schleswig-Holstein), that the52 KB (8,025 words) - 05:01, 23 November 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)possible principal place of business (within the meaning of Article 4 (16) of the GDPR)14. 26. Google Belgium SA acknowledged that Google Ireland Ltd was Google's131 KB (22,429 words) - 16:57, 12 December 2023
- APD/GBA (Belgium) - 03/2021 (category Article 5(1)(b) GDPR)operations, it is necessary to fall back on article 6.1. AVG and recital 50 GDPR. Recital 50 of the GDPR states that this is a separate legal basis required for32 KB (4,880 words) - 16:50, 12 December 2023
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing49 KB (7,800 words) - 09:22, 5 January 2024
- OGH - 6Ob35/21x (request for preliminary ruling under Article 267 TFEU) (category Article 82 GDPR)laid down in the GDPR, so that the general conditions for claims were decisive, unless the GDPR contained special rules; even under the GDPR, only non-material23 KB (3,551 words) - 09:54, 10 September 2021
- AEPD (Spain) - EXP202105680 (category Article 9 GDPR)justification or basis for the processing, violating Article 9 GDPR. AEPD highlighted that Recital 46 GDPR already recognizes that, in exceptional situations, such66 KB (10,558 words) - 13:14, 13 December 2023
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)1 lit. f GDPR (for the protection of the processor's legitimate interests)? Right to erasure (Art. 17 GDPR); right to object (Art. 21 GDPR)? Locations29 KB (4,605 words) - 17:00, 15 December 2021
- APD/GBA (Belgium) - 42/2020 (category Article 2(1) GDPR)regard on that article 2.1) GDPR read in conjunction with recital 15 of the GDPR, although an exclusion from the scope of the GDPR provides for files or a30 KB (4,871 words) - 16:58, 12 December 2023
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a decision107 KB (17,697 words) - 16:52, 12 December 2023
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SEVENTH: Notification of the aforementioned initiation45 KB (7,135 words) - 13:08, 13 December 2023
- BVerfG - 1 BvR 2853/19 (category Article 82 GDPR)asserted here and based on Article 82 of the GDPR, appears questionable in view of sentence 3 of recital 146 of the GDPR. In the case in dispute, however, no damage19 KB (3,209 words) - 13:08, 15 September 2021
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)deliberations. In its deliberations. 16. On 14 December 2021 the Litigation Chamber receives the defendant's response to the proposal to 16. On 14 December 2021 the90 KB (14,937 words) - 12:35, 3 August 2022
- LG München - 31 O 16606/20 (category Article 5(1)(f) GDPR)causality between the "GDPR breach" and the "damage". Article 82(1) GDPR requires that the damage occurs as a result of a specific GDPR breach. Although it25 KB (4,028 words) - 07:10, 8 February 2022
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)view to vigorous enforcement of the rules of the GDPR. After all, as is clear from Recital 148 GDPR, the GDPR puts first and foremost that with every serious62 KB (9,417 words) - 16:57, 12 December 2023
- APD/GBA (Belgium) - 07/2021 (category Article 5(1) GDPR)ones processing. Decision on the merits 07/2021 - 14/25 10 recital 50 GDPR. Recital 50 of the GDPR states that this is a separate legal basis required for72 KB (11,208 words) - 16:51, 12 December 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing of data relating31 KB (4,648 words) - 13:56, 12 May 2023
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)of the GDPR according to Art. 99 Para. 2 GDPR as of May 25, 2018 follows from Art. 79 Para. 2 Sentence 1 GDPR in conjunction with recital 22 GDPR as well130 KB (21,874 words) - 09:43, 15 February 2024
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its compliance127 KB (21,184 words) - 15:39, 6 December 2023
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)as “anonymisation”. Recital 26 of the GDPR clarifies that anonymous information does not fall within the scope of the GDPR. The GDPR does not explicitly59 KB (8,242 words) - 10:47, 17 March 2021
- Garante per la protezione dei dati personali (Italy) - 9524194 (category Article 58(2)(f) GDPR)may be considered a principal establishment within the meaning of Article 4(16) of the Regulation; CONSIDERED that recent press articles have reported the9 KB (1,280 words) - 15:53, 6 December 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)is subject’ (recital 45 of the preamble to the GDPR). (P. 85) (…) The basis of processing data, referred to in Article 6(1)(c) of the GDPR, is the processing91 KB (15,371 words) - 15:11, 5 October 2021
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)2017, C ‑ 434/16, ECLI: EU: C: 2017: 994) and Breyer (CJEU 19 October 2016, C-582/14, ECLI: EU: C: 2016: 779) 16 Recital 26 of the GDPR: The principles79 KB (12,260 words) - 17:00, 12 December 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)principle enclosed in Article 5(1)(b) GDPR. On this matter, the AEPD argued that, according to Article 5(1)(a) GDPR, Recital 39 and Article 6(1)(f), an interest602 KB (102,229 words) - 14:21, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.010.201 (category Article 5(1)(a) GDPR)with the principles of the GDPR, in particular that of lawfulness, by violating the provisions of Articles 6 and 5(1)(a) GDPR. Share your comments here23 KB (3,737 words) - 10:30, 7 June 2023
- AEPD (Spain) - EXP202201721 (category Article 6(1) GDPR)the sanctioning regime imposed by the GDPR. And this is because the GDPR is a closed and complete system. The GDPR is a European standard directly applicable79 KB (12,408 words) - 13:24, 13 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))243. In order to strengthen the enforcement of the rules of the GDPR, recital 148 GDPR clarifies that penalties, including administrative fines, should429 KB (58,279 words) - 09:12, 2 November 2022
- LG Gießen - 2 O 186/22 (category Article 15 GDPR)unrelated to the purpose of Article 15 GDPR. According to recital 63 of the GDPR, the right of access under Article 15 GDPR serves the data subject to be aware16 KB (2,369 words) - 10:26, 7 December 2022
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)member states is superimposed (see Recital 146 S 4 and 5 on the GDPR; cf. also Frenzel in Paal / Pauly, GDPR-BDSG3 Art 82 GDPR margin no.1; Wybitul / Haß / Albrecht122 KB (20,253 words) - 08:17, 19 August 2021
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 5(1)(a) GDPR)28(3) GDPR. Verizon replied that the obligation to conclude a written agreement between controller and processor is not clearly stated in the GDPR. Such49 KB (7,758 words) - 15:44, 6 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR. They argued143 KB (24,273 words) - 15:59, 10 March 2022
- APD/GBA (Belgium) - 24/2021 (category Article 6 GDPR)Article 6.1 GDPR, read in conjunction with Articles 5.2 GDPR and 24.1 GDPR; 5) the performance of a data protection impact assessment (Article 35 GDPR) the framework110 KB (18,238 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00070/2019 (category Article 4(11) GDPR)transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding GDPR recitals (32, 39, 42, 47, 58, 60, 61, and 72), as well are Articles422 KB (70,184 words) - 13:56, 13 December 2023
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)all the persona data mentioned by virtue of Article 15(1) GDPR, in the lights of Recital (63) GDPR. Thus, the authority ruled that the lack of a complete52 KB (8,603 words) - 16:55, 12 December 2023
- DSB (Austria) - 2021-0.101.211 (category Article 4(15) GDPR)according to the first sentence of recital 41 of the GDPR, a legal basis, on which (the here relevant) Art. 9(2)(i) of the GDPR is based, does not necessarily37 KB (5,745 words) - 13:53, 12 May 2023
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)Rights of the European Union (Charter) and Article 16 (1) TFEU (compare recitals to the GDPR [recital] 1, 2). It is intended to “contribute to the completion97 KB (16,519 words) - 09:57, 22 February 2023
- UODO (Poland) - DKN.5131.6.2020 (category Article 33(1) GDPR)subjects? The Polish DPA found that the University violated Article 33(1) GDPR and Article 34, because it had notified neither the supervisory authority66 KB (10,785 words) - 10:00, 17 November 2023
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)AEPD fined in €2,000 a website for non-GDPR compliant privacy policy, violating Article 13 GDPR. On January 16, 2022 the data subject complaint against29 KB (4,482 words) - 14:06, 5 March 2024
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)opening clause in Article 86 GDPR if the disclosure involves personal data? The court held that the VIG complies with Article 86 GDPR: The provisions of this40 KB (6,397 words) - 08:03, 21 March 2022
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)for the year, thus violating Article 39(1)(b) GDPR regarding the DPO's duties to monitor compliance with GDPR. In view of those violations, the CNPD: imposed66 KB (9,458 words) - 19:42, 4 September 2021
- HmbBfDI (Hamburg) - Vermerk: Abdingbarkeit von TOMs (category Article 6(1)(a) GDPR)omission of TOMs (Art. 32 GDPR) The requirements of the European fundamental rights, which the GDPR in accordance with Art. 1 Para. 2 GDPR therefore suggest that30 KB (4,562 words) - 15:27, 6 December 2023
- AEPD (Spain) - EXP202201746 (category Article 5(1)(f) GDPR)infringement of Article 32 GDPR. Therefore, the Spanish DPA issued a warning sanction for each violation of Article 5(1)(f) and Article 32 GDPR. AEPD highlighted62 KB (9,703 words) - 13:05, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)proceedings”, that “Recital 65 of the GDPR also includes the exception of the legal defense as provided for in article 17.3.e of the GDPR to the right to erasure"37 KB (5,765 words) - 09:53, 14 December 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)such data. 2 Recital 3. 3 Recital 5. 3 b. the rapid technological developments which have occurred during a period of globalisation.4 As Recital (6) explains:130 KB (21,195 words) - 13:52, 25 April 2021
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not demand270 KB (43,335 words) - 12:39, 13 December 2023
- OGH - 6Ob159/20f (category Article 12(1) GDPR)to information under Article 15 of the GDPR, especially since it can be deduced from recitals 9 and 10 of the GDPR that the European legislator did not intend22 KB (3,310 words) - 07:44, 5 October 2021
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)5(1)(a) GDPR? Is the information relating to personal data processing operations easily accessible within the meaning of Articles 12 and 13 GDPR? Is the48 KB (7,404 words) - 17:09, 6 December 2023
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)meaning of the GDPR, and such processing of personal data did not fall within the scope of the "household exemption". Therefore, the GDPR applied in full84 KB (14,035 words) - 16:56, 12 December 2023
- Rb. Amsterdam - C/13/692003/HA RK 20-302 (category Article 15(1) GDPR)accurate and lawfully processed (see recital 63 GDPR). Automated decision-making and profiling 4.8. Pursuant to Article 22 GDPR, [applicants] have the right,30 KB (4,797 words) - 10:03, 19 May 2021
- BVwG - W101 2132183-1 and W101 2132039-1 (category Article 4(1) GDPR) (section Use of online tools to provide access in line with Article 12 GDPR)via letter as well. According to the BVwG, this is in line with recital 63 of the GDPR ("Where possible, the controller should be able to provide remote107 KB (17,615 words) - 09:42, 10 September 2021
- Decision No. 01/2019 of 16 January 2020. Available at: https://gegevensbeschermingsautoriteit.be/publications/beslissing-nr.-01-2019-van-16-januari-2019.pdf 59206 KB (30,485 words) - 09:54, 14 December 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 16 GDPR)that Article 16 sentence 1 GDPR is the legal basis for a request for rectification, even if the request has been submitted before the GDPR entered into112 KB (19,310 words) - 08:08, 23 June 2022
- BVwG - W258 2217446-1 (category Article 16 GDPR)as personal data under Article 4(1) GDPR. The argument, that these data could not be rectified under Article 16 GDPR was waived as incorrect (and could79 KB (12,652 words) - 09:41, 10 September 2021
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)from its database. The litigation chamber concluded to a violation of the GDPR considering that: - the controller did not stop the sending of direct marketing27 KB (4,363 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2019-001 (category Article 4(11) GDPR)no consent in the event of silence, default boxes or inactivity. Recital 43 of the GDPR states that: Consent is presumed not to have been freely given if90 KB (14,556 words) - 17:08, 6 December 2023
- BVwG - W211 2230221-1 (category Article 15(1)(c) GDPR)right to information according to Art 15 GDPR, especially since it can be derived from recitals 9 and 10 of the GDPR that the European legislator is reducing19 KB (2,825 words) - 09:42, 26 November 2021
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)the provisions of the GDPR, in particular Article 5 (1) GDPR, article 24 and article 28 GDPR, all this based on article 58.2, d) GDPR and article 100, §1113 KB (18,732 words) - 16:50, 12 December 2023
- Rb. Gelderland - AWB 19/2901 (category Article 5 GDPR)performance of this purchase contract (Article 6(1)(b) GDPR). Therefore, the processing is compatible with the GDPR. In the Netherlands, as of 1 July 2018 a passenger17 KB (2,610 words) - 16:18, 10 March 2022
- AEPD (Spain) - PS/00006/2019 (category Article 6(1)(a) GDPR)violated the GDPR. A citizen submitted a complaint before the AEPD stating that privacy policy of www.banderacatalana.cat did not comply with the GDPR. GRUP BC27 KB (4,517 words) - 13:44, 13 December 2023
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)article 12, second paragraph, of the GDPR. 78. Recital 59 of the GDPR further clarifies the standard in Article 12 of the GDPR: “There should be arrangements77 KB (11,604 words) - 08:55, 29 June 2023
- AEPD (Spain) - EXP202200999 (category Article 6(1) GDPR)regarding the consent request and referred to Article 7 GDPR and Recital 32 GDPR. Specifically, the use of pre-ticked boxes rendered consent invalid, resulting51 KB (7,867 words) - 13:10, 13 December 2023
- OLG Frankfurt am Main - 13 U 206/20 (category Article 17(1) GDPR)plaintiff pursuant to Article 82(1) GDPR, since there have been violations of Article 6(1)(a) GDPR and Article 34 GDPR. The defendant also breached the obligation44 KB (7,334 words) - 09:02, 17 March 2022
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)understood as made to the GDPR , in accordance with Article 94 of the latter. Similarly, it appears from recital 173 of the GDPR that this text explicitly120 KB (19,650 words) - 09:00, 6 April 2022
- HDPA (Greece) - 2/2023 (category Article 4(7) GDPR)item a) GDPR, in conjunction with Article 13 GDPR. 12. Because, since a lack of compliance with the provisions of article 5 par. 1 item a) GDPR principles31 KB (5,021 words) - 16:15, 18 July 2023
- IMY (Sweden) - DI-2020-10561 (category Article 12(3) GDPR)AB for violating Article 17 GDPR by not deleting personal data of the complainant without undue delay and Article 23 GDPR by providing incorrect information17 KB (1,940 words) - 15:23, 6 December 2023
- RvS - 202000948/1/A3 (category Article 12(6) GDPR)provide sufficient information to verify the data subject's identity? Recital 64 of the GDPR states that the data controller should take all reasonable steps12 KB (1,870 words) - 12:37, 16 September 2021
- HDPA (Greece) - 29/2023 (category Article 5(1)(c) GDPR)violated Article 5(1)(c) GDPR and Article 15 GDPR. Firstly, the HDPA found that the controller violated Article 5(1)(c) GDPR because its transmission of21 KB (3,334 words) - 09:12, 25 October 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)controller, to correct its data processing practice in accordance with the GDPR. This decision does not assess the activities of the police in relation to41 KB (6,555 words) - 08:37, 4 March 2024
- AEPD (Spain) - PS/00023/2020 (category Article 5(1)(c) GDPR)warning, in accordance with Article 58(2)(b) of the GDPR, in connection with the above-mentioned Recital 148. Therefore, in accordance with the applicable21 KB (3,298 words) - 13:46, 13 December 2023
- AEPD (Spain) - TD/00183/2021 (category Article 15 GDPR)blur or pixel images of third parties concerned. The AEPD brought forward Recital 59, emphasizing the controller to facilitate data subjects the access of20 KB (3,087 words) - 13:30, 13 December 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 9(1) GDPR)therefore violated Articles 9(1) GDPR out of negligence. The DPA fined the controller €1,600,000 pursuant of Article 83(5)(a) GDPR and considered this a high163 KB (27,222 words) - 16:54, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 5(1)(f) GDPR)data breach should be reported to the DPA, according to article 33 of the GDPR as it is likely to cause risk to the rights and freedoms of the data subject61 KB (9,412 words) - 16:52, 6 December 2023
- ANSPDCP (Romania) - 04.03.2021 (category Article 5(1)(f) GDPR)of Article 32 GDPR in conjunction with Article 5(1)(f) GDPR? The Romanian DPA (ANSPDCP) found that the controller violated Article 32 GDPR as they had not7 KB (1,035 words) - 15:19, 13 December 2023
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)affected by this limitation. Page 16 Decision on the Merits 15/2021 - 16/32freedoms of others ”. Recital 63 of the GDPR explains in this regard that “this85 KB (13,724 words) - 16:52, 12 December 2023
- of the GDPR. 92. 92. Firstly, the restricted formation emphasises that, in this case, the criterion provided for in Article 83(2)(a) of the GDPR relating73 KB (11,864 words) - 17:03, 6 December 2023
- AP (The Netherlands) - 14.01.2022 (category Article 5(1)(c) GDPR)17 of the AVG) are included below. Recital 59 of the GDPR further clarifies the standard in Article 12 of the GDPR: Arrangements should be made available50 KB (7,656 words) - 17:05, 12 December 2023
- GHAL - 200.256.387 (category Article 6(1)(c) GDPR)data to be delete. It brought a legal action based on Article 17 GDPR and Article 21 GDPR, read in conjunction with the Dutch Data Protection Act (Wet bescherming27 KB (4,289 words) - 07:57, 7 March 2022
- AEPD (Spain) - EXP202204631 (category Article 5(1)(f) GDPR)violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in articles 83.5 and 83.4 of the GDPR, respectively The initiation agreement36 KB (5,485 words) - 13:19, 13 December 2023
- NAIH (Hungary) - NAIH/2020/2555 (category Article 4(1) GDPR)applicant to the e-mail address [..] on 16 February 2019, enclosing the pdf form containing his / her related request, - 02/16/2019 a power of attorney issued33 KB (5,033 words) - 10:12, 17 November 2023
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)made without legitimizing cause of those included in article 6 of the GDPR. The GDPR applies to personal data. Said regulation defines as «data personal”22 KB (3,319 words) - 13:00, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9547248 (category Article 17(1)(a) GDPR)corrective measures as per Article 58(2) GDPR, and that, although there was a violation of Articles 5(1)(a) and (e) GDPR, “the circumstances referred to above22 KB (3,235 words) - 15:55, 6 December 2023
- AEPD (Spain) - PS/00043/2020 (category Article 13 GDPR)individual for failing to comply with the right to information (Article 13 GDPR) when collecting personal data on its website. A citizen brought to the attention24 KB (3,838 words) - 13:51, 13 December 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)second purpose that follows12 GDPR, recital 45.13 Conclusions of the defendant, p. 5.14 Ibidem, p. 7. Page 16 Decision 55/2021 - 16/34directly from the latter81 KB (13,211 words) - 16:59, 12 December 2023
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)understood as references to the GDPR, in accordance with Article 94 of the latter. 34. Similarly, it follows from recital 173 of the GDPR that this text explicitly82 KB (13,428 words) - 17:02, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4359/163/2018 (category Article 5(1)(e) GDPR)modified following the decision of the Data Protection Supervisor, 1710/523/16 (issued on 6/11/2018). As far as disclosure of information is concerned, it15 KB (2,249 words) - 13:05, 3 March 2024
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 5(1) GDPR)para. of the GDPR, the law or regulation that constitutes the legal basis referred to in letters c) and e) of co. 1 of art. 6 of the GDPR, could contain57 KB (9,144 words) - 15:55, 6 December 2023
- AEPD (Spain) - EXP202104875 (category Article 5(1)(f) GDPR)and equipment used in treatment. This principle is reinforced in recital 49 of the GDPR, stating that the processing of personal data will be carried out54 KB (8,451 words) - 13:35, 13 December 2023
- CNIL (France) - Google Analytics (no case number) (category Article 4(7) GDPR)the Google Analytics framework constituted personal data. It cited Recital 30 GDPR to establish that online identifiers (e.g. IP addresses, information40 KB (5,904 words) - 16:51, 24 February 2022
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for37 KB (5,721 words) - 12:41, 16 September 2021
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)Data, https://wetten.overheid.nl/BWBR0033572/2013-03-01. 47See also recital 75 of the GDPR. 12/41Date Unidentified May 31, 2021 [CONFIDENTIAL] processing infringes106 KB (14,502 words) - 17:09, 12 December 2023
- OLG Stuttgart - 9 U 34/21 (category Article 82 GDPR)breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal60 KB (10,254 words) - 11:22, 22 December 2021
- Rb. Limburg - C/03/278775 / HA RK 20-119 (category Article 35 GDPR)21(1) of the GDPR, persons such as [the claimant] can object to the processing of their personal data on the basis of Article 6(1)(e) or (f) GDPR due to their16 KB (2,580 words) - 10:43, 23 September 2020
- CE - N° 430810 (category Article 6(1)(a) GDPR)brief, two reply briefs, additional observations and a new brief, filed on 16 May, 1 August and 19 December 2019 and on 11 February, 18 May and 10 June42 KB (6,800 words) - 09:50, 10 September 2021
- Garante per la protezione dei dati personali (Italy) - 9446730 (category Article 5(1)(e) GDPR)to the GDPR, imposed a fine in the amount of € 10.000 and ordered Cavauto srl. to communicate the proposed changes in view of compliance with GDPR. The Italian34 KB (5,420 words) - 15:51, 6 December 2023
- AEPD (Spain) - PS/00093/2019 (category Article 5(1)(f) GDPR)Vodaphone violated Article 5(1)(f) GDPR, as interpreted in the light of the last sentence of the recital 39 GDPR. Share your comments here! Share blogs37 KB (5,995 words) - 13:58, 13 December 2023
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)with article 24 GDPR. They are contained in article 25 of the AVG mentioned above and are explained in more detail in recital 78 GDPR. The defendant therefore45 KB (6,780 words) - 16:57, 12 December 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw conclusions32 KB (5,236 words) - 16:00, 10 March 2022
- Article 9(2)(j) GDPR could be a legal basis for scientific research purporses or statistical purposes. Lastly, Recital 46 of the GDPR specifically mentions25 KB (3,096 words) - 17:48, 25 November 2021
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does the26 KB (4,050 words) - 17:10, 6 December 2023
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)party, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notification of the Commencement Agreement, through26 KB (4,147 words) - 13:27, 13 December 2023
- AEPD (Spain) - PS/00172/2020 (category Article 6(1) GDPR)is charged with committing an offense for violation of article 6.1 of the GDPR, which states that: "one. The treatment will only be lawful if it complies38 KB (6,160 words) - 14:06, 13 December 2023
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)in public, publicly available records that is accessible to anyone. Page 16 16- Infotv. Pursuant to Section 26 (2), public personal data in the public interest192 KB (30,170 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)administrative sanction to be imposed, we should read certain recitals of the RGPD, among others, recital 148, which indicates the following: 'In order to strengthen26 KB (4,032 words) - 14:31, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 7(4) GDPR)Company claimed that under the GDPR, there is no right that a trade union can exercise. They thought that the justiciability of GDPR is limited only to the natural56 KB (8,913 words) - 16:52, 6 December 2023
- held itself competent to enforce the Directive. The DPA referenced Recital 173 GDPR and EDPB Opinion 05/2020 on this point. The DPA held that the controller’s57 KB (9,084 words) - 15:11, 13 July 2022
- APD/GBA (Belgium) - 73/2020 (category Article 5 GDPR)processing of personal data is carried out in accordance with the GDPR. In doing so, the GDPR requires, among other things, that the nature and scope of the93 KB (14,040 words) - 17:00, 12 December 2023
- BAC (Bulgaria) - 2606/2021 (category Article 4(12) GDPR)competent supervisory authority in accordance with Article 55 of the GDPR, on 16 July 2019 and to the Prosecutor's Office of Sofia City on 17 July 201913 KB (1,761 words) - 09:58, 14 December 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)consent under Article 8 GDPR also apply? Did the defendant, as the controller, fail to adhere to the data transparency (Article 5(1)(a) GDPR) and the data minimisation48 KB (7,926 words) - 16:56, 12 December 2023
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)edition 2018, Article 6 DSGVO, marginal 16). The GDPR does not explicitly define the concept of necessity. However, recital 39 provides a clue. Here it says:41 KB (6,779 words) - 12:35, 24 November 2021
- AEPD (Spain) - PS/00070/2020 (category Article 5(1)(a) GDPR)the publication of the judgment breach the GDPR? The AEPD held that the respondent’s actions violated the GDPR Article 5(1)(a) requirement that processing43 KB (7,001 words) - 13:56, 13 December 2023
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)2.1.2. The scope of the GDPR and the jurisdiction of the Disputes Chamber34. In principle, the defendant argues that the GDPR would not apply in thisfile41 KB (6,354 words) - 16:59, 12 December 2023
- CNIL (France) - SAN-2020-008 (category Article 5(1)(e) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading the104 KB (16,646 words) - 17:09, 6 December 2023
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)Charter. 61 First, it should be noted that, in the light of recital 19 of the GDPR and recitals 9 to 12 of Directive 2016/680 and by virtue of Article 2(1)110 KB (18,000 words) - 08:01, 5 June 2023
- AEPD (Spain) - EXP202202837 (category Article 6(1) GDPR)(Considering 40 GDPR), Article 6.1 of the GDPR is therefore applicable and not RD 1720/2007 used by the defendant. Thus, the aforementioned article 6.1 GDPR establishes58 KB (8,995 words) - 13:00, 13 December 2023
- AEPD (Spain) - PS/00065/2020 (category Article 13 GDPR)Article 13 of the GDPR GDPR. The form used violated Article 13 of the GDPR conduct that is subsumi- ble under Article 83(5) of the GDPR, which provides:61 KB (9,973 words) - 13:55, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)such a request must be made in accordance with Article 16 GDPR (for (improvements) or Article 17 GDPR (for deletions) can be addressed to étLgyerwerkinesverantwoordeliike67 KB (10,544 words) - 09:24, 10 September 2021
- DSB (Austria) - 2022-0.332.606 (category Article 2(2)(c) GDPR)relationship between the GDPR and the DSG with regard to the exceptions mentioned in Art. 2 Para. 2 GDPR. According to Art. 16 (2) TFEU, there is a Union21 KB (3,166 words) - 13:43, 12 May 2023
- AEPD (Spain) - PS/00127/2020 (category Article 13 GDPR)of the general information duty included in Article 13 GDPR. Is this a violation of Article 13 GDPR? The AEPD held that there had been a violation of Article35 KB (5,363 words) - 14:02, 13 December 2023
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled to compensation27 KB (4,216 words) - 13:26, 8 January 2024
- AEPD (Spain) - EXP202103039 (category Article 13 GDPR)Article 13 GDPR. In the present case, the controller omitted this obligation. The DPA therefore held that the controller violated Article 13 GDPR by neither22 KB (3,385 words) - 13:35, 13 December 2023
- AEPD (Spain) - EXP202206542 (category Article 5(1) GDPR)information.” Recitals 39 and 60 of the GDPR help to specify the scope of the right of information that is given to the interested parties. Recital 39 establishes:24 KB (3,749 words) - 13:19, 13 December 2023