Search results

Regulation, hereinafter : "GDPR"), OJ No. L 119 of 04.05.2016 S1, the following administrative offense (s) committed: In any case, from **. February 2020 until

headquarters of [S1] and a second system is operated from the site of [S2]. The video surveillance system installed at the administrative headquarters of [S1] is composed

December 9, 2018 (Annex S1, pages 314 et seq. DA), the attorney-at-law sent the defendant's attorney-at-law to the plaintiff's attorney-at-law, a letter

concept of "explicit consent" in Articles 9(1)(a), 22(2)(c) and 49(1)(a) GDPR. See the commentary on Article 9(1)(a) GDPR for explicit consent. Generally

Article 5(1)(b) does not foresee a certain form of documentation, but Articles 5(2) or 30(1)(a) GDPR require documentation and Articles 6(1)(a), 13(1)(c) and

controller’s (or processor’s) premises in accordance with Article 58(1)(f) GDPR. The search is not restricted to the business premises but a judge’s authorization

further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller

(Nomos 2018). Recital 70 GDPR. Recital 71 sentence 1 GDPR. Recital 71 sentence 1 GDPR. Recital 28 sentence 1 GDPR, such as Hansen, in Simitis, Hornung, Spieker

alternative means of communication which suit the data subject's specific needs. Under Article 12(1) GDPR, information “shall be provided in writing, or by other

GDPR embodies the principle of transparency in Article 5(1)(a) GDPR, outlining the controller's obligation to actively provide clear and comprehensive information

data subject’s private life, and second, the public’s interest in accessing the information, which may vary depending on the data subject’s role in public

non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the

subsume the corresponding legal basis contained in Article 6(1)(a) GDPR, 6(1)(d) GDPR and 6(1)(e) GDPR respectively, and would require no additional correlation

identification of sanctionable conduct(s) and infringment(s). For a detailed analysis we refer to paragraph (1). Determination of the starting point of

public interest in the case of Article 6(1)(e) and the controller's legitimate interest in the case of Article 6(1)(f). In other words, there is a balancing

Article 13(1)(a) GDPR. Given the identical wording, see commentary on Article 13(1)(b) GDPR. Given the identical wording, see commentary on Article 13(1)(c) GDPR

Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1) since they

individual rights. These criteria have the same meaning as in Article 24(1) and Article 32(1). The "nature" of the processing consists of its “the inherent characteristics”

possible, for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III; (f) assists

May 2020 (Version 1.1), pp. 7-8 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), pp. 8-9 (available

Article 33 GDPR regulates the controller and processor's obligations in case of data breach. Pragraph 1 imposes an obligation on controllers to notify the

enforcement of the GDPR are SA's main tasks. They summarise the core idea of SA's activities. All other tasks entailed in Article 57(1) GDPR can be understood

legitimate purpose(s) (Article 5(1)(b)); lawfulness of processing (Article 6); adequate, relevant and limited to what is necessary data (Article 5(1)(c)); limited

to Article 32(1) GDPR would be an example of such an obligation. It is also important to stress that, without prejudice to the processor's liability under

ng provision of Article 56(1) GDPR. In such cases, the LSA, i.e. the SA of the place where the controller's or processor's main or sole establishment is

processor’s lead supervisory authority, version 2.1, Section 2.2, available here. Guidelines 8/2022 on identifying a controller or processor’s lead supervisory

Article 30(1)(a) states it should contain the name and contact details of the controller and, where applicable, the joint controller(s), the controller's representative

with Article 33(1) GDPR. Thus, since the supervisory authority should be aware of the data breach, it can also be involved in the controller’s procedure for

information onto a form. The form is stored in the hospital's old paper filing system, where each patient's papers are stored according to surname and first name

guide the reviewer’s decision. Otherwise, it would be completely impossible to express one's own point of view. Pursuant to Article 12(1), which expressly

to include the DPO's 'contact details', i.e. exactly the same wording used in Article 13(1)(b) GDPR. If one were to follow Apple's suggested reading, after

subject’s rights, but not deny them. The grounds for restrictions are exhaustively listed in Article 23(1) GDPR. These grounds, listed in Article 23(1)(a)-(c)

subject’s data by the controller triggers a data subject’s right under Article 13 and 14 GDPR. We reject a strict literal interpretation of Article 79(1) GDPR

CJEU: The CJEU has clarified in C-132/21 that "Article 77(1), Article 78(1) and Article 79(1) of Regulation (EU) 2016/679 [...] must be interpreted as

exercise of a SA's investigative powers under Articles 58(1)(a), (b), (c), (e) and (f) GDPR; decisions following the exercise of a SA's corrective powers

independence and expertise in data protection matters. Paragraph 1 ensures the DPO's timely and proper involvement in any data protection issues. Paragraph

Article 46 - Transfers subject to appropriate safeguards 1. In the absence of a decision pursuant to Article 45(3), a controller or processor may transfer

objection of a SA (Article 65(1)(a) GDPR), when there are different views on which SA is the lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is

prior authorization, irrespective of the requirements of paragraph 1. Article 36(1) GDPR  establishes an obligation for the controller to consult the DPA

to management or the appropriate authority. Articles 39(1)(d) and (e) GDPR lay down the DPO’s obligations in relation to the Data Protection Authorities

restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment

version=1.0 https://www.garanteprivacy.it/documents/10160/0/Bilancio+di+previsione+2019+-+Sintetico.xlsx/700e5df5-f7c3-6510-1bd5-ef90e9824f17?version=1.0

Act (Zakon o varstvu osebnih podatkov (ZVOP-1)) which stayed in force for more than 4 years after the GDPR’s entrance into force. Responding to requests

data on another party’s behalf and on this party’s documented instructions (you are a sub-processor). According to Article 26(1) of the GDPR, joint controllers

the Union. Whereas the mere accessibility of the controller's, processor's or an intermediary's website in the Union, of an email address or of other contact

after IP completion day, the court is not bound (EUWA s 6(1)) but "may have regard" to them (EUWA s 6(2)). (4) The position is different in a "relevant court"

However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article

necessary to protect an interest which is essential for the data subject's or another person's vital interests, including physical integrity or life, if the data

an advisory role. Articles 70(1)(a) and 70(1)(t) GDPR grant the EDPB an important and new role regarding the Regulation’s consistency mechanism. In particular

 the territory of the European Union (in breach of Article 27(1) GDPR). In such situations s SA may ask the competent authorities of the country of the processor

tie, the President's vote shall prevail. Decisions are published except for cases where there is impediment of a DPA's member. The DPA’s response or decision

May 2020 (Version 1.1), p. 28 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), p. 27 (available

burdened by data protection rules. Article 85(1) GDPR sets out a legal framework to reconcile the data subject’s right to data protection with the performance

of Article 88(1) GDPR. Therefore, for a comprehensive overview of the term ‘more specific’, please refer to section 2.1 below. Article 88(1) GDPR establishes

organisation or association referred to in paragraph 1 of this Article, independently of a data subject’s mandate, has the right to lodge, in that Member State

pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is carried

referred to in paragraph 1 within the period referred to in paragraph 3. 7. The supervisory authority referred to in paragraph 1 shall take utmost account

set out in Article 51(1) and 52 GDPR, Article 54(1)(a) GDPR repeats that these should be legislated for through a Member State's domestic law. Under the

up. Indeed, the wording of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct

outlines the secretariat's responsibilities, which take on a primarily administrative function. Including the secretariat within the GDPR's legislative rubric

controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also

seconding supervisory authority's authorisation, confer powers, including investigative powers on the seconding supervisory authority's members or staff involved

the code of conduct. This is clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR

accordance with that Member State’s law, must act as representative to the Board. While the Commission may participate in the EDPB’s meetings and activities, it

the company’s internal complaint mechanism, cooperation duties with the DPAs, as well as liability and jurisdiction provisions (Articles 47(1)(b), 47(2)(d)

(Article 24(1) RoP). This provision ensures the EDPB's flexibility and ability to act. The EDPB also made use of the authorisation in Article 76(1) GDPR and

following their deliberations. Article 53(1) names four possible appointing bodies. These are a Member State's (i) parliament, (ii) government, (iii) head

secrecy are laid down in the EDPB's Rules of Procedure (“RoP”). Article 33(1) RoP stipulates that in “accordance with Art 76 (1) GDPR”, discussions of the Board

function as guiding principles to interpreting the GDPR. Article 1(1) establishes the GDPR's two main aims. First, it aims at protecting natural persons with

concerning the interpretation of Article 28(1) of Directive 95/46/EC ("DPD"), the Regulation's predecessor. Article 28(1) DPD established the existence of supervisory

processing of the data in question by the recipients. Indeed, under Article 5(1)(d) and 17(1) GDPR, each recipient is individually responsible for correcting, deleting

require the data subject’s identification remain applicable, including, but not limited to, security of processing (Article 32(1) GDPR) and the general principles

not apparent why the principle laid down in Article 72(1) GDPR should be deviated from. Article 72(1) GDPR stipulates that the Board shall take decisions

itself does not impose any formal restrictions on the Article's applicability. Article 81(1) GDPR requires that the competent court of a Member State to

bodies may not interfere in the EDPB's functioning. This arrangement stands in stark contrast to that of the Board's predecessor, the Article 29 Working

just before the deadline of 1 month. That means that if you want to appeal a decision, you've only one month to do so as there's a delay of 2 month after

delegation of power. At first glance, Article 92 GDPR's wording seems to be in conflict with Article 290(1) TFEU, but in actuality it is not. Article 92(2)

Article 71 - Reports 1. The Board shall draw up an annual report regarding the protection of natural persons with regard to processing in the Union and

take account of obligations arising from the third country's or international organisation's participation in multilateral or regional systems in particular

Article 97 - Commission reports 1. By 25 May 2020 and every four years thereafter, the Commission shall submit a report on the evaluation and review of

91 - Existing data protection rules of churches and religious associations 1. Where in a Member State, churches and religious associations or communities

research. In addition, it should take into account the Union's objective under Article 179(1) TFEU of achieving a European Research Area. Scientific research

supervisory authority’s request is to further the performance of its tasks. Following from this, the content and scope of a supervisory authority’s request is constricted

Representatives of controllers or processors not established in the Union 1. Where Article 3(2) applies, the controller or the processor shall designate

this section! You can help us filling this section! There are two options: 1) a "recurso de reposicion" to ask the AEPD to reconsider its decision or 2)

and the EPD is to be found in Recital 10 and Article 1(2) EPD. Article 1(2) EPD provides that the EPD's provisions serve to "particularise and complement

Article 99(1) GDPR, which entered the Regulation into force on 25 May 2016, generating a two-year transition period between the Regulation's entry into

Article 74 - Tasks of the Chair 1. The Chair shall have the following tasks: (a) to convene the meetings of the Board and prepare its agenda; (b) to notify

Article 99 - Entry into force and application 1. This Regulation shall enter into force on the twentieth day following that of its publication in the Official

criminal convictions and offences or related security measures based on Article 6(1) shall be carried out only under the control of official authority or when

margin number 1 (C.H. Beck 2020, 3rd Edition). Ehmann, in Ehman, Selmayr, Datenschutz-Grundverordnung, Article 93 GDPR, margin number 1 (C. H. Beck 2018

Article 42 - Certification 1. The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level

secrecy 1. Member States may adopt specific rules to set out the powers of the supervisory authorities laid down in points (e) and (f) of Article 58(1) in

the adoption of final measures regarding Facebook Ireland Limited, p.42, s. 4.2.1(available here).

processing of personal data (see Article 5(1)(a) GDPR), the need to limit the purpose of such processing (see Article 5(1)(b) GDPR), the requirement to have a

Article 43 - Certification bodies 1. Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, certification

https://www.dsb.gv.at/dam/jcr:ee7b155a-0a1f-4d00-98e9-902314c7022d/Datenschutzbericht%202022.pdf Report: Europe’s governments are failing the GDPR by Brave

Article 66 - Urgency procedure 1. In exceptional circumstances, where a supervisory authority concerned considers that there is an urgent need to act in

their work. The President shall exercise the employer’s rights over the public officials and the NAIH's employees. Based on constitutional provision, the Act

engagement working on the DPA's guidance service over the phone. About 58% are women and 42% men. Historical numbers (Datatilsynet's annual report 2021): 2021:

its Member State in accordance with Article 55(1). In that case, the urgent need to act under Article 66(1) shall be presumed to be met and require an urgent

Article 84 - Penalties 1. Member States shall lay down the rules on other penalties applicable to infringements of this Regulation in particular for infringements

provision is aimed at reinforcing the processor’s obligations to only act in line with the controller’s instructions, as well as at clarifying that these

that point, it is important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference

Article 6(1)(c) GDPR (i.e. processing is necessary for compliance with a legal obligation to which the controller is subject) or Article 6(1)(e) GDPR (i

in the same sector, it may be a good idea to check the proccessing in one's own organisation in this regard as well. The activity reports usually also

Saxony's procedural law, "Lower Saxony Administrative Procedure Act", is Niedersächsisches Verwaltungsverfahrensgesetz - NVwVfG. Corresponding § 1(1) NVwVfG

Of the 1,046 complaints that were resolved from 1. 1. 2018 to 24. 5. 2018 the DPC has only made 12 formal decisions, which is equivalent to 1,1% of the

for the companies in their compliance work. On 1 October 2020, it publishes a small report helping the SME's to implement correctly GDPR: Report in French

the Act of 1 August 2018 on the organisation of the National Data Protection Commission and the general data protection framework; the Act of 1 August 2018

Acts relating to data protection in a manner which corresponds with the GDPR's regulatory framework. Given that data protection affects several different

between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs, across borders. This provision

on the organisation and functioning of of support services for the CNPD [1]. Regulation n.º 301/2020, of March 31, on the value of fees to provide GDPR

in three distinct circumstances, as outlined below. First, under Article 64(1) GDPR, the consistency mechanism is triggered when a supervisory authority

The funding for 2022 is €1,486,803. Historical numbers: 2021: €1,226,404 2020: €1,053,392 The DVI has 33 employees as per 1st October 2022 out of totally

Relationship with previously concluded Agreements → Chapter 1: General provisions Article 1: Subject-matter and objectives Article 2: Material scope Article

Processing of the national identification number → Chapter 1: General provisions Article 1: Subject-matter and objectives Article 2: Material scope Article

Transfers or disclosures not authorised by Union law → Chapter 1: General provisions Article 1: Subject-matter and objectives Article 2: Material scope Article

for example, the Commission's legal service. It therefore, has its own legal service who goes to Court in the institutions's behalf. The Supervision and

to § 25(1)(2) LDSG and § 40(1) BDSG for complaints in the private sector within Baden-Württemberg. Complaints can be filed online on the LfDI's website

209/83, 1 BvR 269/83, 1 BvR 362/83, 1 BvR 420/83, 1 BvR 440/83, 1 BvR 484/83 (in DE) (Abstract in EN) - ECLI:DE:BVerfG:1983:rs19831215.1bvr020983 Translated:

https://www.uoou.cz/organizacni-struktura/ds-1063/archiv=0&p1=1059 Information about the law governing the DPA's activity can be found here. Complaints are governed

your complaint which is being herewith attached for your record. Next Steps: 1. A preliminary assessment of your complaint will be conducted to determine

to approve the Government's candidate for the position of the President. The Structure of the Slovak DPA: President President´s office Vice-President DPO

help us by filling in this section! Annual reports are published on BayLDA's website.

resides in Stockholm and is in charge of enforcing the GDPR in Sweden. On 1 January 2021, the Swedish data protection authority changed their name from

01008 Vitoria, Álava, Spain Webpage: https://www.avpd.euskadi.eus/s04-5213/es/ Email: [1] Phone: +34 945 016 230 Twitter: https://twitter.com/avpd_dbeb Official

Article 57(1)(f) of the GDPR, each supervisory authority is required on its territory to handle complaints which, in accordance with Article 77(1) of that

list of results displayed following a search made on the basis of a person’s name. In March 2010, Mario Costeja Gonzalez, a Spanish national, lodged a complaint

the Union. Whereas the mere accessibility of the controller's, processor's or an intermediary's website in the Union, of an email address or of other contact

basis: Art. 4 (1), (2), (7) and (8), Art. 5, Art. 44, Art. 46 (1) and (2) (c), Art. 51 (1), Art. 57 (1) (d) and (f), Art. 77 (1), Art. 80 (1) and Art. 93

State? Can Article 4(1)(a) of [Directive 95/46], read in conjunction with recitals 18 to 20 of its preamble and Articles 1(2) and 28(1) thereof, be interpreted

possible here. Subparagraph (1)(b) therefore has to be written as #1b! Example: [[Article 6 GDPR#1b|Article 6(1)(b)]] becomes Article 6(1)(b) and links to Article

and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and 35, para. 1. Below is a more detailed review of the case and a justification

The civil procedure is mainly regulated in the Law 1/2000, of 7 January, on Civil Proceedings (Ley 1/2000, de 7 de enero, de Enjuiciamiento Civil). Spanish

of the controller's obligation to inform all recipients of the exercise of the rights that the data subject has under Articles 16, 17(1) and 18 GDPR. The

information stored in the user's terminal equipment or the recording of information in the user's terminal equipment: 1 ° Either, for the sole purpose

balance of the controller’s interest and the fundamental rights and freedoms of users which call for protection under Article 1(1) Directive 95/46. Share

of its users. Also note the Spanish DPA's decision for Grindr, which contradicts several of the Norwegian DPA's findings. Share blogs or news articles here

subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1, and Article 32, subsection 1, Article 33, subsection 1, and

subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1, and Article 32, subsection 1, Article 33, subsection 1, and

accordance with clause 5.1.1 b of the terms of Google's processing of personal data for Google's advertising products and also Google's terms and conditions

Wiesbaden doubted the HBDI’s line of argument and referred the following questions to the CJEU under Article 267 TFEU: (1) Is Article 77(1) of [the GDPR], read

15 (3) sentence 1 of the GDPR (question 1). Is this also a specification or modification of the general right of access under Article 15(1) of the GDPR and

defined in paragraph 39 of Part 4 Schedule 1. In particular, the policy document must (1) explain the controller's procedures for ensuring compliance with

A minor passenger had suddenly opened the cab's door, which scraped the side of a tram. The taxi driver's insurer refused to pay out on the basis that the

List of results List of results by case List of documents Search result: 1 case(s) 1 documents analysed Deutsche WohnenCase C-807/21 Reports of Cases Information

Matters (1) Prosecutor’s offices Courts of appeal (15) Prosecutor’s offices High Court of Cassation and Justice Prosecutor’s Office Romania's judicial

with the violation of article/and 5.1. c); 6.1.; 13.1. (c);13.1(e) and13.2(a)AVG: r PAGE 01-00001582885-0002-0033-01- □1-� r L _JCourt of Appeal Brussels

violated the applicant's rights, 8&168Abs. 1S.1GWB. The invitee is to be excluded from the award procedure pursuant to section 57(1) no. 4 VgV because the

application 1.b., from §§ 1, 3 para. 1 no. 1, 4 UKlag in conjunction with §§ 307 para. 1, para. 2 no.1 in conjunction with Art. 5 para. 1 lit. a), Art

Ordinance Article 5 No. 1 letter a and c, 6, 12 Nos. 1 and 13. " The reason for the reduction in the size of the fee was the company's difficult financial

(2018) §1, GDPR A4, GDPR A5 (1) Judge Thyness: Questions and background of the case (2) The case concerns the validity of the Privacy Board's decision

to Article 22(1) of the Labour Code, the employer requires from a person applying for employment to provide personal data including: name(s) and surname;

accordance with clause 5.1.1 b of the terms of Google's processing of personal data for Google's advertising products and also Google's terms and conditions

Article 6(1)(a) and 4(11) GDPR in a case concerning the requirements of consent). Always use the most specific sub-paragraph (e.g. Article 6(1)(a) GDPR

accordance with clause 5.1.1 b of the terms of Google's processing of personal data for Google's advertising products and also Google's terms and conditions

basis of Article 6(1)(b): “...there is a risk that the Draft Decision’s failure to establish Meta IE's infringement of Article 6(1)(b) GDPR, pursuant to

processing by the defendant can only be Article 6 (1) sentence 1 lit e) DSGVO (see b) or Article 6 (1) sentence 1 lit f) DSGVO (see c), the requirements of which

used. 30EDPB's Recommendations 01/2020, point 128; IMY's translation. 31 EDPB's Recommendations 01/2020, point 77; IMY's translation. 32EDPB's Recommendations

subsection 1 point 1 of the Data Protection Act. According to Section 6, Subsection 1, Clause 1 of the Data Protection Act, Article 9, Section 1 of the Data

from the following assessment of the evidence: 2.1 The finding under 1.1 is based on the complainant's unobjectionable submissions and a consistent view

that the website's legitimate interest is based on the public's interests in the choice of health personnel. The doctor's interest must be regarded as purely

require the practitioner to provide a free copy of the patient's personal data when the patient's request is for a purpose other than those mentioned in the

Commissioner is not obliged to reach a decision on every complaint in light of Art 57(1)(f) UK GDPR. The data subject made an access request (DSAR) to Wise Payments

Finnish Data Protection Ombudsman's opinion on the lawfulness of the processing of their personal data by the City of Helsinki's Social services and healthcare

The CJEU answered preliminary questions regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors

referred to as [applicant] and the State. 1 The procedure 1.1. An application dated 30 January 2019, with productions 1 to 10, was received at the Registry of

prohibited those companies from 1) making – in the general terms of use – the use of Facebook subject to the processing the user’s ‘off-Facebook data’ and 2)

exceptions in Article 9(1) GDPR, Article 15 GDPR, Article 16 GDPR, Article 18(1)(a) GDPR, Article 18(1)(b) GDPR, Article 18(1)(d) GDPR, Article 20 GDPR

The CJEU held that the remdies in Articles 77(1), 78(1) and 79(1) GDPR can be exercised concurrently with and independently of each other, even when referring

Éric PÉRÈS on February 1, 2019 as rapporteur on the basis of Article 47 of the Law of January 6, 1978. By letter dated February 1, 2019, the President of

secured in Chapter 2 § 1 in the Instrument of Government and Chapter 2 § 1 of The Fundamental Law on Freedom of Expression, and Chapter 1 § 1 in the Fundamental

before which the CNIL's decisions are challenged, pursuant to Article R 311-1, par. 4 of the Code of Administrative Justice. Any CNIL's decision can be challenged

GDPR was caused by third parties outside of the controller's control? 5) Does Article 82(1) and (2) GDPR allow the anxiety caused by a hacking attack to

fined Equifax, a credit ranking agency, €1,000,000 for failing to comply with Article 5(1)(a), 5(1)(b), 5(1)(c), 5(1)(d) and with Article 14 GDPR. The authority

when it’s necessary for duties or rights under labour law following § 6. Personal data can be processed on the basis of Article 6(1)(e) if it’s needed for

Act, ZDR-1) and in “Zakon o evidencah na področju dela in socialne varnosti (Labour and Social Security Registers Act, ZEPDSV). The employee's consent to

The DSG 1978 introduced the Constitutional Right to Data Protection in § 1 DSG. Austria also gave the ECHR constitutional status, whereby the Right to

защита на личните данни), promulgated with State Gazette No. 1/ 4.01.2002 and entered into force 1.01.2002). Bulgarian law does not define legal entities as

processed by a social network through transmission from the company’s or individual’s website. Share blogs or news articles here!

defendant: IAB Europe Interlocutory decision 01/2021 - 3/6 1. Facts and procedural history 1. Several complaints have been lodged against Interactive Advertising

business. The penalty imposed for the identified violations of Articles 5(1), 6(1) and (4) and 9 of the GDPR is not final, as the defendant has appealed against

application of art. 5, paragraph 8, of Regulation no. 1/2000 on the organization and functioning of the Guarantor's office, which provides that «In cases of particular

personal data, within the meaning of Directive 95/46? If the answer to Question 1 is that all or some of such information may be personal data within the meaning

Freedom - La Ligue des Droits de l'Homme - the defendant: IAB Europe 1. Justification 2 1. Pursuant to the agreement concluded between the parties, as ratified

us fill this section! In Luxembourg the GDPR is implemented by the Loi du 1er août 2018. You can help us fill this section! You can help us fill this section

Section 6(1)(1) of the Finnish Data Protection Act, according to which insurance institutions may, despite the general prohibition in Article 9(1) GDPR, process

commissioner's office has responded to the doctor's clinic's message on the same day and pointed out that the data protection commissioner's office has not

treaties (1) or the national provisions of § 173 sentence 1 VwGO in conjunction with § 173 sentence 1 VwGO. § 328 ZPO or §§ 108 f. FamFG (2). 53 (1) The judgment

subsection 1, point 1 of the Data Protection Act. According to Section 6, Subsection 1, Clause 1 of the Data Protection Act, Article 9, Section 1 of the Data

Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and Article 32(1)(d). d

consequence, Meta’s assessment of the elements of Article 6(1)(f) has been skewed correspondingly. 7.2.1.3. Necessity We find Meta’s assertion of necessity

violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR by not implementing the data subject's access request

8 (1) and (5) of Directive 95/46 or in Article 9 (1), Article 10 (1) and Article 10 of Regulation 2016/679, the infringement of the data subject's fundamental

that the respondent's installed and operational video surveillance system (that includes two cameras, one at the entrance of the latter's property and one

power of attorney to exercise the data subject's right of access. Next, the DPA held that Article 6(1)(1) of the Finnish Data Protection Act (Tietosuojalaki)

protected by articles 10 (general right to privacy), 11 (inviolability of one's body), and 13 (secrecy of correspondence) of the constitution. Provisions of

data subject's personal data in violation of Article 5(1)(c) GDPR and Article 15(1) GDPR. Firstly, the DPA found a violation of Article 5(1)(c) GDPR, as

these facts, Italy’s DPA found Vodafone S.p.A in violation of the following GDPR provisions: Article 5(1) and Article 5(2) and Article 25(1): for failing to

comply with section 5.1(b) of the MDR, and for failure to comply with section 5.1(a) of the MDR. and 5.1(b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the MDR

companies use that information to determine the debtor’s creditworthiness, by assessing the debtor’s ability and/or willingness to pay, after which they can

6 Para. 1 S.1 f) GDPR are not met. Legally, the Authorization to transmit data from debtors to credit agencies, according to Art. 6 Para. 1 S. 1 f and Para

Audiovisual Media and Communication S.A. [NCAM S.A.]. The HEDNO S.A. denied the issuing of such a certificate. The company's response to the application focused

Section 6(1)(1) of the Finnish Data Protection Act, according to which insurance institutions may, despite the general prohibition in Article 9(1) GDPR, process

Authority (APO below}, what it does on June 17, 2020 » 1• 1 Impugned Decision, Exhibit 36, §§ 1 - 24. 1 PAGE 01-00003026497-0006-0025-02-01-� L_JCourt of Appeal

complainant prior to DMI's change of the institute's procedure for obtaining consent has been justified, as well as whether the institute's current processing

processing the claimant's data. Do data on the "affinity for a political party" qualify constitute personal data under Article 4(1) GDPR? If so, do they

000 only because of the DPA's long case processing time. In 2019, a company enabled automatic forwarding of an employee's emails during a sick leave, because

controller TELEKOM ROMANIA MOBILE COMMUNICATIONS S.A. and found a violation of the provisions of art. 32 para. (1) and para. (2) of the General Regulation on

according to To 1): € 1.200,00 To 2): € 300,00 To 3): € 300,00 . . . In total: € 1.800 To 1): 3 days To 2): 1 day To 3): 1 day ... In total: 5 days Ad 1): Art.

employed by the defendant from February 1, 2015 under an oral employment contract for a net amount of EUR 1,100.00 (EUR 1,475.00 gross) with a working time of

complainant. Specifically, the DSB cites Articles 5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article

information from the data subject's doctor in the form of a medical report, which was then distributed to the data subject's coworkers. The data subject believed

paragraph 1 sentence 1, 818 paragraph 1 and 2 BGB and the defendant owes neither the surrender of uses nor the reimbursement of pre-court attorney's fees.

controller's credit register because of three cases, requested the DPA to order controller to delete their personal data from the controller’s credit information

controller's credit register because of four cases, requested the DPA to order controller to delete their personal data from the controller’s credit information

pertaining to human dignity (Article 2(1) Greek Constitution) and to the right to freely form one's personality (Article 5(1) Greek Constitution). The HDPA focused

Administrative Court. 3. Legal Assessment 3.1. To dismiss the complaint 3.1.1. In accordance with Art. 15 Para. 1 GDPR, the data subject has the right to request

The controller also ignored HDPA's previous order to comply with the parent's request, thus violating Article 15(1) and (4) GDPR as well as the principle

ESPAÑA, S.A.U. 02/08/2023 DEUTSCHE requirement to DEUTSCHE BANK, S.A.E. 02/08/2023 Request TELEFÓNICA MOVILES to TELEFÓNICA MÓVILES ESPA- ÑA, S.A.U. 02/09/2023

legal grounds for this in Article 6(1)(f) GDPR, pursuing a third party's legitimate interest. After receiving the DPA's notification of a fine, the company

subject has objected to its processing pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore

Article 5(1) GDPR. 5. In the present case, New York College S.A. is the controller since it is proven that it has processed the complainant’s personal data

Article 15(1) GDPR. For the above reasons, the Hellenic DPA issued a total fine of €210.000 and instruct (the controller) to satisfy the complainant's right

close A's external access to the employer's server, as well as initiated forwarding of all incoming e-mails from A's e-mail box to the department head's e-mail

the transmitted data (see point II.1.3 or II.1.3.1) at least in combination, personal data according to Art. 4 Z 1 DSGVO. For the lack of an appropriate

DEYA X violated GDPR's data minimization principle Article 5(1)(c) by sharing an employee's personal and health data with multiple recipients without proper

the public: 0117 OSLO Offl §13 cf. Fvl §13 no. 1 Their reference Our reference Date 9135764/1 20 / 01790-1 (19/01267) / EHN 22.12.2020 Decision on the imposition

Chapter 5 contains the operative part and the legal remedies clause. 1. Introduction 1.1 Legal entities involved and reason for investigation OLVG is a foundation

infringement of Article 5.1 c) AVG has been proven. f)Transparent information (Article 5.1(a); Article 12.1. and Article 13.1. and 13.2. AVG) 43.The complainant

third-party action (1.). On the complainant's side, his general right of personality (Article 2.1 in conjunction with Article 1.1 of the Basic Law) in

April 1st, 2017 to March 1st, 2020, a total of €1,438.56 28 - in the statutory contribution surcharge G...: 36 monthly payments of €4.00 from April 1st, 2017

Article 57(1)(a), Article 58(2)(d) and (i) in connection with Article 5(1)(a), (e) and (f) and (2), Article 24(1) and (2), Article 28, Article 30(1)(d) and

the relevant court act and are undisputed. 3. Legal Assessment 3.1. To I to A) 3.1.1. Legal situation: Art. 12 of Regulation (EU) 2016/679 of the European

offer of services of the Information Society. Without prejudice to Article 8(1) GDPR, for child under the age of fourteen, consent is only valid if provided

concerning the violation of Articles 5.1. c); 6.1. ; 13.1. c); 13.1. e) and 13.2. a) of the GDR:- pursuant to Article 100, § 1, 9° of the ICA, to order the respondent

June 2017, Satakunnan M a r k k i n a p ö r s s i O y k a i S a t a m e d i a O y k a t a F i n l a n d i a s § 165). Also, in the same recent decision,

respondent dated January 3, 2019. On April 1, 2019, the Director of the Spanish Data Protection Agency, granted the claimant's appeal for reconsideration. SECOND:

be issued, Art. 33 Para. 1 M 158/10 -, resolution of September 14, 2012 - 1 M 94/12 - and resolution of October 25, 2012 - 1 M 103/12 -, each juris). The

against the company COMERCIALIZADORA REGULADA GAS & POWER, S.A., belonging to NATURGY ENERGY GROUP, S.A. with NIF A08015497 (hereinafter, the claimed party)

com Oyj's customers can actually be considerably long. 14. According to the controller's view, it is good customer service and in the customer's interest

(Datatilsynet) held that the controller had breached Articles 5(1)(a) and (c), 6, 12(1) and 13 GDPR and for this fined the controller NOK 100,000 (approximately

the defendant's office located in the ***ADDRESS.1, in ***LOCALITY.2 (***LOCALITY.1) requesting the withdrawal of funds from the claimant's account, failing

contents Nos. 1, 3, 4, 5 and 83, as well as content No. 64. 1 SPMT-ARISTA is an external service for prevention and protection at work, which since 1 January

wording of Articles 21 (1) sentence 1, 22 (1) and 4 no. 4 of the GDPR as well as recitals 71 p. 1, 2 and 72 can be interpreted as follows. 1, 2 and 72 can be

of the GDPR. SECOND: APPOINT R.R.R. as instructor. and, as secretary, to S.S.S. indicating that any of them may be challenged, if applicable, in accordance

***NIF.1, for a violation of Article 6.1 and another of article 13 of the RGPD, typified in Article 83.5 letters a) and b) of the RGPD, a fine of €1,500 (€1

for 1: 1,000 euros 74 Application for 2: 1,000 euros 75 application for 3a: 3,000 euros 76 Application for 3b: 1,000 euros 77 Application for 4: 1,000

focused beyond the private property of the controller's, violating Article 5(1)(c) and 13 GDPR. On 1st of August 2022, the data subject submitted a complaint