Search results
From GDPRhub
- with the obligations under Article 6, §2, al. 5 and Article 9 of the Camera Act 1 2. there is a serious indication that article 6, § 2, al. 4 of the aforementioned35 KB (5,303 words) - 17:01, 12 December 2023
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)required by article 6 of the RGPD. The data processing carried out violates article 6 of the RGPD conduct that is subsumed in article 83.5 of the RGPD47 KB (7,616 words) - 14:35, 13 December 2023
- AEPD (Spain) - PS/00235/2019 (category Article 6(1)(a) GDPR)twenty thousand euros), under¬ Article 6.1 (a) and Article 5.1 (a) of the GDPR, under consideration as ‘very serious’, in¬ Article 71 (1) (a) and (b), respectively24 KB (4,074 words) - 14:21, 13 December 2023
- APD/GBA (Belgium) - 51/2023 (category Article 5(1)(b) GDPR)Articles 5.1.b) and 5.1.c) of the GDPR pursuant to Article 95, §1, 3° of the LCA; - pursuant to Article 58.2.c) of the GDPR and Article 95, § 1, 5° of the18 KB (2,611 words) - 12:45, 16 June 2023
- Garante per la protezione dei dati personali (Italy) - 9509558 (category Article 5(1)(a) GDPR)(provision no. 508 of 30 December 2011, provision no. 364 of 10 July 2014 and provision no. 28 of February 6, 2020 cited; Court of Rome March 5, 2019, no. 5071);24 KB (3,667 words) - 15:53, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 5(1) GDPR)para. of the GDPR, the law or regulation that constitutes the legal basis referred to in letters c) and e) of co. 1 of art. 6 of the GDPR, could contain57 KB (9,144 words) - 15:55, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4282/161/21 (category Article 5(1)(f) GDPR)controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result, the DPA issued56 KB (8,980 words) - 08:47, 4 March 2024
- Garante per la protezione dei dati personali (Italy) - 9698724 (category Article 5(1)(a) GDPR)data collected and (5) without having adopted appropriate security measures, in violation of Articles 5, 12, 13, 25, 28 and 32 GDPR. The GPDP held that83 KB (13,648 words) - 11:30, 16 August 2022
- BlnBDI (Berlin) - 711.412.1 (category Article 5 GDPR)real estate company Deutsche Wohnen SE € 14.5 million for violation of Article 5(1)(e) and Article 25(1) GDPR as the company's archive system was structurally8 KB (965 words) - 16:38, 12 December 2023
- accordance with Article 38.3 of the AVG 5. On 5 October 2021, the Disputes Chamber decided on the basis of article 95, §1, 1°and article 98 of the CPC that206 KB (30,485 words) - 09:54, 14 December 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- APD/GBA (Belgium) - 42/2020 (category Article 2(1) GDPR)of minimum data processing (Article 5.1. c) GDPR). 33. In order to check whether the third condition of Article 6.1 f) GDPR - the so-called "Balancing test"30 KB (4,871 words) - 16:58, 12 December 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page82 KB (13,250 words) - 16:57, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 5(1)(f) GDPR)accuracy of the data processed (Article 5, paragraph 1, letter d) of the Regulation), nor in terms of safety and integrity (Article 5, paragraph 1, letter f) of50 KB (8,001 words) - 15:52, 6 December 2023
- AN - 578/2021 (category Article 5(1)(d) GDPR)infraction of art. 5.1.d) of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, typified in art. 83.5 of the aforementioned26 KB (4,277 words) - 09:18, 26 July 2021
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)is established in article 6 of the GDPR, for which they suppose the commission of an offense classified in article 83.5 of the GDPR, which gives rise to75 KB (12,421 words) - 13:23, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)processing operations should not be disproportionate.5 disproportionate.5 16. Article 5(1)(b) of the GDPR provides that personal data must be be "collected69 KB (11,315 words) - 13:30, 19 January 2022
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)the GDPR sees in Individual provisions stipulate a risk-based approach (e.g. Art. 24 Para. 1 and Para. 2, Art. Article 25(1), Article 30(5), Article 32(1)158 KB (26,392 words) - 08:25, 7 June 2023
- Datatilsynet (Denmark) - 2018-7320-0166 (category Article 5(1)(c) GDPR)accordance with Article 12 (2) of the Data Protection Regulation. 6 and Article 5 (2). 1 (c). The Data Inspectorate has hereby emphasized that Article 12 (2) of18 KB (2,773 words) - 16:22, 6 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- Gerechtshof Amsterdam - 200.258.736/01 (category Article 15 GDPR)be given. 1.5 Further documents from [appellants] were received at the Registry of the Court on 18 December 2019, 23 December 2019 and 30 December 201941 KB (7,150 words) - 12:30, 4 October 2021
- Garante per la protezione dei dati personali (Italy) - 9440075 (category Article 5(1)(a) GDPR)with art. 5 and 6 of the GDPR? The DPA held that Regione Campania violated art 5(1)(a)(c), art. 6(1)(c)(e), art. 6(2) and art. 6(3)(b) GDPR, and concluded27 KB (4,339 words) - 15:50, 6 December 2023
- AEPD (Spain) - PS/00315/2020 (category Article 28 GDPR)contemplates in its article 76, entitled “San- corrective measures and actions ”: "1. The sanctions provided for in sections 4, 5 and 6 of article 83 of the Regulation62 KB (10,401 words) - 14:35, 21 November 2023
- APD/GBA (Belgium) - 46/2024 (category Article 5(1)(b) GDPR)complied with the obligation of transparency (Article 5.1 a) GDPR in conjunction with Article 12.1 GDPR) because not only the privacy statement was updated51 KB (8,174 words) - 14:08, 28 May 2024
- KamR Göteborg - 2232-21 (category Article 5(1)(a) GDPR)was contrary to Article 5(1)(a) GDPR (principle of lawfulness), Article 5(1)(b) GDPR (principle of purpose limitation) and Article 6 GDPR (absence of valid8 KB (1,119 words) - 11:52, 9 December 2021
- AEPD (Spain) - PS/00365/2019 (category Article 31 GDPR)violation of article 6.1. RGPD, typified in article 83.5.a), and article 31, in relation to article 58.1.e), both of the RGPD, typified in article 83.5.e) of86 KB (14,295 words) - 14:32, 13 December 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)organization (definition) Article 5.1 : Principles of data processing Article 5.1.a : Principle of legality, objectivity and transparency Article 5.1.b : Principle9 KB (1,251 words) - 12:15, 8 May 2023
- Garante per la protezione dei dati personali (Italy) - 9861827 (category Article 5(1)(a) GDPR)violated Article 12 GDPR, as it did not facilitate the data subject´s exercise of their rights, especially the right to erasure under Article 17 GDPR. In view87 KB (14,525 words) - 15:45, 6 December 2023
- AEPD (Spain) - EXP202210237 (category Article 6(1) GDPR)fact that the processing of the controller relied on Article (6)(1)(b) GDPR and Article 6(1)(c) GDPR as legal basis affects the holding of the DPA since32 KB (4,780 words) - 10:44, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445324 (category Article 5(1)(a) GDPR)for in Article 83, paragraph 5, of the Regulation applicable, pursuant to Article 58, paragraph 2, letter i), of the Regulation itself and Article 166, paragraph19 KB (2,989 words) - 15:51, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9860461 (category Article 9 GDPR)privacy. Health data are special categories of data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,409 words) - 15:44, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9860487 (category Article 9 GDPR)right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,352 words) - 15:44, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9860513 (category Article 9 GDPR)right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,324 words) - 15:45, 6 December 2023
- Datatilsynet (Denmark) - 2019-31-1713 (category Article 23 GDPR)the processing is thus in accordance with Article 5 (1) of the Data Protection Regulation. 1 (c) and Article 5 (1). Paragraph 1 (e), where processing and33 KB (5,177 words) - 16:23, 6 December 2023
- APD/GBA (Belgium) - 05/2021 (category Article 5(1)(f) GDPR)arises from Article 5.2 and Article 24 GDPR where it is up to the defendant to demonstrate that they also acts in accordance with article 5.1. f GDPR namely:60 KB (9,281 words) - 16:50, 12 December 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)agreements Article 12 (1) of the GDPR 17 IV.5. Legal consequences (72) The Authority finds that the Client has infringed Article 5 (1) (c) GDPR, Article 6 Article72 KB (11,159 words) - 10:09, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9778094 (category Article 5(1)(a) GDPR)the processing of personal data of the data subject (Article 5(1)(a) GDPR; Article 6 and Article 8 of the Italian Legislative Decree No. 101 of August66 KB (10,708 words) - 11:29, 16 August 2022
- AEPD (Spain) - PS/00200/2020 (category Article 6(1) GDPR)complaint - infringes Article 6(1) GDPR, by unlawfully processing the complainant's personal data, in relation to Article 5(1)(f) GDPR, which governs the30 KB (4,833 words) - 14:10, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9524175 (category Article 5(1)(a) GDPR)the proceedings, pursuant to Article 166, paragraph 5, of the Code, for the adoption of the measures referred to in Article 58, paragraph 2, of the Regulation20 KB (3,133 words) - 15:53, 6 December 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)finding under article 15 of the GDR instead of the provisions of article 15 of the GDR. 36, § 4 and § 5 as well as Article 38, § 1 of the Law of 30 July 201852 KB (8,603 words) - 16:55, 12 December 2023
- APD/GBA (Belgium) - 54/2021 (category Article 5 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)breach of Article 6 GDPR, in that the processing was not necessary for its legal obligation. In addition, the chamber found a breach of Article 5 GDPR, in that73 KB (11,238 words) - 16:59, 12 December 2023
- BVwG - W274 2232028-1/3E (category Article 5 GDPR)is only determined by Article 5 et seqq. GDPR. A violation of Article 13 or 14 GDPR can be fined under Article 83(5) GDPR but it does not affect the lawfulness32 KB (5,232 words) - 09:40, 10 September 2021
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 5 GDPR)accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently144 KB (23,155 words) - 15:46, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9524194 (category Article 58(2)(f) GDPR)the criminal sanction referred to in Article 170 of the Code and the administrative fine provided for in Article 83(5)(e) of the Regulation shall apply;9 KB (1,280 words) - 15:53, 6 December 2023
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- Garante per la protezione dei dati personali (Italy) - 9542096 (category Article 83(5) GDPR)a violation of Article 12(3) in relation to Article 15 GDPR. The Garante hence applied an administrative fine as per Article 83(5) GDPR. The amount of21 KB (3,092 words) - 15:54, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 5(1)(a) GDPR)legitimate on the basis of Article 9 (2) (B) GDPR in conjunction with Article 32 GDPR" (see note cited, p. 4) (see footnote cit., p. 5-8). 1.6. On 4.8.2020,33 KB (5,342 words) - 15:52, 6 December 2023
- Rb. Limburg - C/03/278775 / HA RK 20-119 (category Article 35 GDPR)Pursuant to Article 21(1) of the GDPR, persons such as [the claimant] can object to the processing of their personal data on the basis of Article 6(1)(e) or16 KB (2,580 words) - 10:43, 23 September 2020
- AEPD (Spain) - PS/00239/2022 (category Article 15 GDPR)violation of Article 15 of the GDPR, typified in Article 83.5 of the GDPR, as well as for the alleged infringement of Article 17 of the GDPR, typified in60 KB (9,630 words) - 12:34, 13 December 2023
- AEPD (Spain) - PS/00062/2020 (category Article 13 GDPR)B02547164, for an infringement of article 13 of the RGPD, typified in article 83.5 GDPR, a fine of FIVE THOUSAND EUROS (€ 5,000.00). SECOND: NOTIFY this resolution44 KB (7,162 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00025/2019 (category Article 6(1) GDPR)management of the signed contract ”.On 11/30/2018, in accordance with the provisions of article 9.5 of the RealDecree-Law 5/2018, the acceptance agreement for88 KB (14,301 words) - 13:48, 13 December 2023
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)obligation of the controller (Article 6 (1) (c)) or to perform a public interest task or exercise public authority paragraph (e)). Article 6 (3) of the Data Protection41 KB (6,555 words) - 08:37, 4 March 2024
- Garante per la protezione dei dati personali (Italy) - 9538748 (category Article 5(1)(f) GDPR)pursuant to Article 58, paragraph 2, of the Regulation, with this measure. Pursuant to Article 78 of the Regulation, Article 152 of the Code and Article 10 of24 KB (3,672 words) - 15:54, 6 December 2023
- AEPD (Spain) - PS/00245/2019 (category Article 5(1)(a) GDPR)Articles 5(1)(a) GDPR and 13 GDPR. On the other hand, they disagreed with the infringement of Article 5(1)(a) GDPR in relation to Article 9(1) GDPR with regard116 KB (18,941 words) - 14:21, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9779057 (category Article 5(1)(f) GDPR)therefore held that the controller violated Article 5(f) (principles of integrity and confidentiality) and Article 9 by communicating personal data, including63 KB (9,916 words) - 11:28, 16 August 2022
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)pursuant to Article 100, §1, 5° WOG, to order a disqualification for the violation of Article 5.1, a), Article 5.2, Article 6, Article 12.1, Article 14.1 a)102 KB (15,787 words) - 07:39, 6 September 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.00085 KB (12,340 words) - 15:30, 19 August 2022
- Garante per la protezione dei dati personali (Italy) - 9446730 (category Article 5(1)(e) GDPR)controls, has a date (21.5.2018) subsequent to the date on which the complainant's computer was accessed (16.5.2018) (note 1.3.2019, p. 4-5). 1.4. On 17 May 201934 KB (5,420 words) - 15:51, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9685922 (category Article 5(1)(f) GDPR)processing carried out is in violation of Article 5(1)(f) GDPR, Article 25(1) GDPR, Article 32 GDPR and Article 35 GDPR. Especially, the controller cannot exclude119 KB (19,123 words) - 11:29, 16 August 2022
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)controller for the purposes of Article 4(7) GDPR, and Company A was the processor for the purposes of Article 4(8) GDPR. The DPA found that both Companies55 KB (9,079 words) - 16:57, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9451734 (category Article 5(1)(c) GDPR)to ask to be heard by the Authority, within 30 days (Article 166, paragraphs 6 and 7, of the Code, and Article 18, paragraph 1, by Law No. 689 of 24/11/1981)24 KB (3,697 words) - 15:52, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9446659 (category Article 5(1)(a) GDPR)purpose thus breaching the principles of data minimization under article 5 (1) (c) GDPR. Share your comments here! Share blogs or news articles here! The25 KB (3,911 words) - 15:51, 6 December 2023
- Datatilsynet (Denmark) - 2018-32-0232 (category Article 5(1)(c) GDPR)in the plublic interest, under the data minimisation principle and Article 6(1)(e) GDPR. A citizen requested the deletion of their personal data into the13 KB (1,990 words) - 16:22, 6 December 2023
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further49 KB (7,800 words) - 09:22, 5 January 2024
- Garante per la protezione dei dati personali (Italy) - 9440000 (category Article 5(1)(c) GDPR)administrative sanction provided for in Article 83, paragraph 5, of the Regulation applicable, pursuant to Article 58, paragraph 2, letter i), of the Regulation24 KB (3,852 words) - 15:50, 6 December 2023
- of the Italian Privacy Code (d. lgs. 30 giugno 2003, n. 196). Article 122 is a direct transposition of Article 5(3) of the Directive. The violation of57 KB (9,084 words) - 15:11, 13 July 2022
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- Norges Høyesterett - 2021-2403-A (category Article 5(1)(a) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- Garante per la protezione dei dati personali (Italy) - 9435807 (category Article 5(1)(a) GDPR)the Company, pursuant to Article 58, paragraph 2, letter i), of the Regulation, Article 166, paragraph 7, of the Code and Article 18 of Law no. 689/198158 KB (9,448 words) - 15:50, 6 December 2023
- AKI (Estonia) - 2.1.-3/20/4479 (category Article 5(1)(c) GDPR)representation does not replace Article 9 (2) (a) and (c) consent of the data subject in accordance with Article 7. Article 7 (1) of the ECHR provides that28 KB (4,474 words) - 10:31, 13 December 2023
- AEPD (Spain) - EXP202201987 (category Article 15 GDPR)under Article 15 GDPR, in a timely manner as well as in clear and transparent form. Second, the DPA looked at the right to erasure under Article 17 GDPR21 KB (3,290 words) - 10:50, 13 December 2023
- NAIH (Hungary) - NAIH/2020/2729/15 (category Article 5(1)(b) GDPR)captures activities of employees without their knowledge compliant with Article 5 GDPR? The DPA concluded that the video surveillance system introduced by58 KB (9,071 words) - 10:12, 17 November 2023
- AEPD (Spain) - E/08501/2019 (category Article 33 GDPR)authority, and in accordance with the provisions of Article 47 of Organic Law 3/2018, of December 5, on Personal Data Protection and Guarantee of Digital20 KB (3,029 words) - 13:42, 13 December 2023
- HDPA (Greece) - 56/2021 (category Article 13 GDPR)accordance with Article 13(58i2) of the GDPR in conjunction with Article 83(1)(a) of the GDPR. 5 of the GDPR, and with Article 21(5) of the GDPR, and with Article54 KB (8,916 words) - 15:22, 22 February 2022
- Helsingin hallinto-oikeus (Finland) - 117/2024 (category Article 9 GDPR)company. In this case, it is not the consent referred to in Article 6(1)(a), Article 7 or Article 9(2)(a) of the Data Protection Regulation, but a separate22 KB (3,290 words) - 10:29, 25 March 2024
- AEPD (Spain) - PS/00117/2022 (category Article 83(5) GDPR)LPACAP), for the alleged violation of article 6 of the RGPD, typified in article 83.5 of the GDPR. SIXTH: On June 30, 2022, the claimed party presented a30 KB (4,623 words) - 12:58, 13 December 2023
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision on the79 KB (12,260 words) - 17:00, 12 December 2023
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- UODO (Poland) - DKE.561.2.2020 (category Article 58(1)(e) GDPR)connection with Article 31, Article 58(1)(e) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament and of27 KB (4,390 words) - 09:50, 17 November 2023
- Datatilsynet (Denmark) - 2020-32-1733 (category Article 5(1)(d) GDPR)pursuant to the Article 17(3)(b) of the GDPR. However, Statistics Denmark has been criticised for not complying with the Article 5(1)(d) of the GDPR, namely,16 KB (2,377 words) - 16:39, 6 December 2023
- AEPD (Spain) - PS/00502/2020 (category Article 21 GDPR)registered on the Robinson List in breach of Article 48(1)(b) LGT and Article 21 GDPR in conjunction with Article 23(4) LOPDGDD. Avilon Center SL made an voluntary23 KB (3,590 words) - 14:45, 13 December 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI and article 4 paragraph 1106 KB (14,502 words) - 17:09, 12 December 2023
- APD/GBA (Belgium) - 140/2022 (category Article 16 GDPR)of his right to rectification, as referred to in Article 16 of the GDPR. 5. Pursuant to Article 12.3 GDPR, the controller must inform the data subject without17 KB (2,477 words) - 08:51, 29 June 2023
- complainant's property. On 30 March 2021, the complaint was dismissed by the Front-line Service of the DPA, on the basis of Article 58 and 60 of the Act of12 KB (1,431 words) - 16:45, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445567 (category Article 5(1)(a) GDPR)paragraph 5, of the Code, the notification to the company of the alleged violations of the Regulation found, with reference to Articles 5, par. 1, lett16 KB (2,471 words) - 15:51, 6 December 2023
- UODO (Poland) - DKE.561.16.2020 (category Article 31 GDPR)1781) in connection with Article 31, Article 58(1)(a) in connection with Article 83(1)-(3) and Article 83(5)(e) of Regulation EU 2016/679 of the European28 KB (4,490 words) - 09:51, 17 November 2023
- AEPD (Spain) - PS/00141/2020 (category Article 6(1)(a) GDPR)Judiciales (JAVA). JAVA infringed Article 6(1)(a) GDPR by publishing illegal recordings on its website and also infringed Article 22(2) LSSI due to its cookie26 KB (4,150 words) - 14:05, 13 December 2023
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)electoral rolls. In accordance with Article 14(5)(c) AVG, information must be provided in Article 14, paragraph 1 and Article 14(2) AVG are not mentioned when62 KB (10,509 words) - 16:58, 12 December 2023
- AEPD (Spain) - PS/00148/2019 (category Article 6 GDPR)against privacy included in Article 197(1) of the Spanish Criminal Code, with the aggravating circumstance from Article 197(5) of being data related to the48 KB (7,550 words) - 14:05, 13 December 2023
- AEPD (Spain) - PS/00215/2020 (category Article 5(1)(c) GDPR)processed (data minimization), would that be an infringement of the Article 5.(1)(c) GDPR? The AEPD held, that it is responsibility of the demandant to make18 KB (2,721 words) - 14:11, 13 December 2023
- LfDI (Baden-Württemberg) - 2019 (category Article 5(1)(f) GDPR)and violated Article 5(1)(f) GDPR. It also did not process personal data with an appropriate level of security, as required by Article 32 GDPR. The company3 KB (190 words) - 10:17, 17 November 2023
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)processing of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case84 KB (12,933 words) - 16:46, 12 December 2023
- AEPD (Spain) - PS/00116/2020 (category Article 13 GDPR)cookies, as per Article 22(2) Spanish Law on Information Society Services (LSSI). This law regulates cookies, connected to Article 13 GDPR. The decision16 KB (2,380 words) - 14:01, 13 December 2023
- AP (The Netherlands) - z2018-02009 (category Article 32 GDPR)DPA 5. The General Data Protection Regulation (hereinafter: the GDPR) applies on 25 May 2018 become. The GDPR imposes the same obligation in Article 3233 KB (5,112 words) - 17:10, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445180 (category Article 5(1)(a) GDPR)Articles 5, paragraph 1, letter a), c) and e), 12, 13, 15 of the Regulation, the outcome of the proceedings referred to in Article 166, paragraph 5 conducted34 KB (5,414 words) - 15:50, 6 December 2023
- AEPD (Spain) - PS/00351/2019 (category Article 58(2)(c) GDPR)A78923125, for an infringement of Article 58 (2) of the GDPR, as set out in Article 83 (5) (e) of the GDPR, a fine of EUR 30.000,00 (thirty thousand euros)17 KB (2,739 words) - 14:31, 13 December 2023
- AKI (Estonia) - 18.02.2022 (category Article 5(1) GDPR)issues a reprimand under Article 58(2)(b) GDPR. After this, the DPA draws attention to the fact that pursuant of Article 5(1)(a) GDPR, data must be processed42 KB (5,838 words) - 10:27, 13 December 2023
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- LFDI - Hospital in Rhineland-Palatinate (category Article 5 GDPR)in the management of patients’ personal data and severe violations of the GDPR. The DPA recognised the efforts that the hospital is planning to put to improve3 KB (318 words) - 17:38, 3 March 2022
- AEPD (Spain) - TD/00317/2019 (category Article 12 GDPR)Madridsedeagpd.gob.es Page 2 2/6THIRD: On October 30, 2019, in accordance with article 65.4 ofOrganic Law 3/2018, of December 5, on the Protection of Personal Data andguarantee18 KB (2,591 words) - 14:47, 13 December 2023
- AEPD (Spain) - PS/00385/2020 (category Article 6(1)(a) GDPR)their privacy policy in line with Article 6(1)(a) GDPR within a month. The AEPD also held that URLs 1-4 breached Article 22(2) of the Law 34/2002 (LSSI)55 KB (8,967 words) - 14:33, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/1111 (category Article 3(1) GDPR)ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of37 KB (5,919 words) - 08:54, 20 August 2021
- AEPD (Spain) - EXP202202898 (category Article 6(1) GDPR)NIF B67421867, for a infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR, with a a fine of 30,000 euros (thirty thousand euros)34 KB (5,358 words) - 13:16, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861249 (category Article 5(1)(a) GDPR)Giessegi violated Articles 5(1)(a) and 13 GDPR, as it did not provide the data subject with a proper privacy policy. Article 28 GDPR was also infringed, as87 KB (14,104 words) - 15:45, 6 December 2023
- Rb. Overijssel - AK 20 1535 (category Article 17(1)(a) GDPR)inviolable. Article 17, paragraph 1, preamble and under d, of the GDPR therefore does not give the claimant a right to erasure. Article 21 of the GDPR 7. On23 KB (3,225 words) - 11:52, 4 October 2021
- AEPD (Spain) - PS/00123/2020 (category Article 5(1)(f) GDPR)for the alleged violation of Article 5.1.f) of the RGPD, in relation to article 5 of the LOPDGDD, as indicated in article 83.5 a) of the RGPD. The telematic21 KB (3,254 words) - 14:02, 13 December 2023
- UODO (Poland) - ZSPR.421.19.2019 (category Article 31 GDPR)connection with Article 31, Article 58(1)(e) and (f) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament29 KB (4,698 words) - 10:02, 17 November 2023
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(a) GDPR)an infringement of Article 5 (1) a), b) and c) and (2) of the GDPR and Article 24 (1) of the GDPR; and - an infringement of article 8 of the law of 2143 KB (6,274 words) - 08:57, 29 June 2023
- GHSHE (Netherlands) - 200.274.447 01 (category Article 5 GDPR)compelling reasons within the meaning of Article 9 of the protocol on monitoring systems. That article reads as follows: "Article 9 Articles 05 to 08 do not affect60 KB (10,118 words) - 15:12, 5 October 2021
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg56 KB (8,326 words) - 16:57, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)relation to the requirements prescribed by Article 12.1 of the GDPR (transparency obligation) and by Article 13 of the GDPR (right to information). The Head of82 KB (11,472 words) - 16:58, 6 December 2023
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 5(1)(b) GDPR)according to Article 4, point 11, as well as the Restrictions according to Article 7 GDPR. (149) According to Article 5 (1) point b) of the GDPR, personal140 KB (23,189 words) - 08:25, 20 February 2024
- UODO (Poland) - ZSPR.421.2.2019 (category Article 5(1)(f) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- Court of Appeal of Brussels - 2019/AR/1006 (category Article 16 GDPR)refuse is insufficient. 5.5. The merits of the appeal to the extent directed against the GBA - the violation of article 12.3 GDPR. 5.5.1. The Bank X further59 KB (9,290 words) - 09:10, 5 May 2024
- APD/GBA (Belgium) - 19/2020 (category Article 5(1)(b) GDPR)f) GDPR) (and the obligations arising from it – Article 32 GDPR) and the principle of purpose (Article 5 § 1 b) GDPR) which the principle of security guarantees39 KB (6,246 words) - 16:55, 12 December 2023
- Personvernnemnda (Norway) - PVN-2023-03 (category Article 55 GDPR)controller's disclosure to the private expert resulted in a breach of the GDPR. However, on 5 September 2022, the DPA dismissed the complaint because it concerned19 KB (2,858 words) - 10:06, 17 November 2023
- AP (The Netherlands) - 25.11.2021 (category Article 5(1)(a) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- HDPA (Greece) - 20/2020 (category Article 2(2)(a) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- HDPA (Greece) - 5/2023 (category Article 5(1)(a) GDPR)fairness and transparency established in Article 5(1)(a) GDPR. Moreover, the DPA found a violation of Article 13 GDPR, since the controller did not correctly5 KB (578 words) - 05:32, 26 April 2023
- Commissioner (Cyprus) - 11.17.001.010.045 (category Article 5(1)(c) GDPR)that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines74 KB (12,375 words) - 10:07, 4 October 2023
- Datatilsynet (Denmark) - 2020-432-0034 (category Article 5 GDPR)has taken place in accordance with Article 5 (1) of the Data Protection Regulation. Article 32 (1) (f) and Article 35. Below is a more detailed review40 KB (6,369 words) - 16:39, 6 December 2023
- AEPD (Spain) - EXP202315744 (category Article 17 GDPR)provisions of article 55 of the RGPD, the Spanish Agency for Data Protection is competent to perform the functions assigned to it in its article 57, among20 KB (3,052 words) - 08:17, 16 April 2024
- HDPA (Greece) - 20/2022 (category Article 12(3) GDPR)violation of article 17 in combination with article 21 par. 3 and article 12 paragraph 3 of the GDPR and article 25 paragraph 1 of the GDPR. For its judgment16 KB (2,374 words) - 11:46, 18 August 2022
- HDPA (Greece) - 20/2021 (category Article 17(1) GDPR)five thousand euros (5,000.00) euros, for the above violations of article 17 in combination with article 21 par. 3 of the GCP and article 25 par. 1 of the20 KB (2,936 words) - 14:58, 22 November 2021
- NAIH (Hungary) - NAIH/2020/2000/5 (category Article 5(1)(a) GDPR)of a Commission decision on adequacy , or in Article 46, Article 47 or the second subparagraph of Article 49 (1) (a) the period for which the personal24 KB (3,815 words) - 10:11, 17 November 2023
- NAIH (Hungary) - NAIH/2020/5911/7 (category Article 12 GDPR)on the basis of the notification, Article 57 (1) f) of the General Data Protection Regulation and Article 38. § Article 1Regulation (EU) 2016/679 of the9 KB (1,337 words) - 10:13, 17 November 2023
- Datatilsynet (Norway) - 20/01984 (category Article 5 GDPR)cf. Article 5, and that they didn't have any legal grounds for this processing as per Article 6, cf. Article 5 (the latter because the information was confidential6 KB (653 words) - 18:55, 5 March 2022
- Garante per la protezione dei dati personali (Italy) - 9685947 (category Article 28 GDPR)therefore lack the implementation of such adequate safeguards and violate Article 32 GDPR. In this regard, the controller has not received any communications115 KB (18,595 words) - 11:30, 16 August 2022
- AEPD (Spain) - EXP202105923 (category Article 5(1)(d) GDPR)controller violated Article 5(1)(d) GDPR ("accuracy"), but a more natural conclusion would be to find a violation of Article 32(1)(d) GDPR ("adoption of adequate26 KB (3,846 words) - 12:42, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 7(4) GDPR)time tracking system, due to a lack of compatibility with Article 7(4) and Article 35(9) of GDPR. KEO PLC decided to upgrade its ERP system, whose upgrade56 KB (8,913 words) - 16:52, 6 December 2023
- AEPD (Spain) - EXP202206542 (category Article 5(1) GDPR)***NIF.1, in accordance with article 58.2.d) of the GDPR, for a violation of article 13 of the GDPR typified in article 83.5.b) of the aforementioned Regulation24 KB (3,749 words) - 13:19, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9468523 (category Article 5(1) GDPR)identity "(Article 4, par. 1, 1, of the GDPR). The processing of personal data must also take place in compliance with the principles indicated in art. 5 of the22 KB (3,488 words) - 15:52, 6 December 2023
- AP (The Netherlands) - 04.11.2019 (category Article 32 GDPR)companies Menzis and VGZ € 50.000 for insufficient security measures under Article 32 GDPR. Translated summary by the AP (The Netherlands): In 2018, the Authority36 KB (5,914 words) - 17:13, 12 December 2023
- NAIH (Hungary) - NAIH/2020/34/3 (category Article 12(2) GDPR)right of access under Article 15 GDPR? By denying the complainant access, did the respondent infringe Articles 12(1) or 12(2) GDPR? The NAIH that the complainant's48 KB (7,727 words) - 10:11, 17 November 2023
- APD/GBA (Belgium) - 48/2021 (category Article 5(1)(a) GDPR)defendant on the basis of Article 100.1, 5 ° LCA given the breach noted in Article 6 of the GDPR combined with Article 5.1.a) of GDPR; - To dismiss the remainder43 KB (6,670 words) - 16:58, 12 December 2023
- AEPD (Spain) - PS/00422/2018 (category Article 5(1)(f) GDPR)RETAIL S.L. for alleged infringement of Article 5.1 f) of the GDPR, in accordance with Article 83.5.a) of the GDPR- Initiate sanctioning procedure against25 KB (3,933 words) - 14:37, 13 December 2023
- AEPD (Spain) - EXP202201721 (category Article 83(5)(a) GDPR)the violation of the GDPR: violation of article 6.1, violation typified in its article 83.5.a). IV Secondly, article 32 of the GDPR “Security of processing”79 KB (12,408 words) - 13:24, 13 December 2023
- RvS - 201905319/1/A3 (category Article 12(6) GDPR)appeal is brief, it contains a ground as referred to in Article 6: 5, read in conjunction with Article 6:24 of the General Administrative Law Act. The appeal21 KB (3,337 words) - 10:08, 16 December 2020
- Garante per la protezione dei dati personali (Italy) - 9445550 (category Article 83(5) GDPR)amount of the fine under Article 83(2) GDPR. The data subjects complains about the violation of its right of access (Article 15 GDPR) by the Istituto Nazionale22 KB (3,478 words) - 15:51, 6 December 2023
- AEPD (Spain) - PS/00214/2022 (category Article 6(1) GDPR)provisions of article 9 of the GDPR, which implies the commission of an infringement classified in section 5.a) of the Article 83 of the GDPR. Article 83.5.a) of131 KB (20,916 words) - 12:38, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9547248 (category Article 17(1)(a) GDPR)held, in its communications with the complainants, that Article 6(5) of Attachment 5, and not Article 6(2) – providing for a shorter retention period of 2422 KB (3,235 words) - 15:55, 6 December 2023
- AEPD (Spain) - EXP202103039 (category Article 13 GDPR)pursuant to Article 13 GDPR. In the present case, the controller omitted this obligation. The DPA therefore held that the controller violated Article 13 GDPR22 KB (3,385 words) - 13:35, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3021/452/2017 (category Article 5(1)(a) GDPR) (section Application of Articles 12 and 15 GDPR to call records)(2016/679) Article 5 (1) (a), Article 12 (1), (2) and (6) , Article 13, Article 15 (1) (h), (3) and (4), Article 58 (2) (c) and (d) subparagraphs Article 34 (1)41 KB (6,220 words) - 09:48, 17 November 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)cites Articles 5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing31 KB (4,648 words) - 13:56, 12 May 2023
- AEPD (Spain) - E/03003/2020 (category Article 32(1) GDPR)this data breach a violation of Article 32(1) GDPR? The AEPD concluded that there was no violation of Article 32(1) GDPR, because the company had implemented21 KB (3,039 words) - 13:39, 13 December 2023
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- Datatilsynet (Norway) - 20/02058 (category Article 5(1)(a) GDPR)subject’s right to access under Article 15 GDPR, and thus also a breach of the principle of openness pursuant to Article 5(1)(a) GDPR. Datatilsynet stressed that6 KB (843 words) - 18:55, 5 March 2022
- AP (The Netherlands) - AWB-20 2533/20 2938 (category Article 12(5) GDPR)Netherlands Relevant Law: Article 12(2) GDPR Article 12(5) GDPR Article 15 GDPR Type: Investigation Outcome: Violation Found Started: Decided: 30.07.2019 Published:4 KB (387 words) - 17:11, 12 December 2023
- AEPD (Spain) - EXP202100282 (category Article 6(1) GDPR)A.U. with NIF A-65559296, for the alleged violation of article 6.1. GDPR typified in article 83.5.a) of the aforementioned RGPD. C / Jorge Juan, 6 www.aepd27 KB (4,108 words) - 13:32, 13 December 2023
- decision stated: - Pursuant to Article 100, §1, 9 WOG, to order processing in accordance with with Articles 5.1.f, 5.2, 24 and 32 GDPR, in which in particular24 KB (3,393 words) - 09:25, 10 September 2021
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- CNIL (France) - SAN-2021-003 (category Article 4(1) GDPR)drones equipped with cameras a personal personal data in the sense of Article 4 GDPR ? Did the Ministry of Interior comply with the French Data Protection39 KB (6,015 words) - 17:11, 6 December 2023
- AEPD (Spain) - PS/00448/2020 (category Article 5(1)(f) GDPR)€150,000 on Xfera Móviles S.A. (defendant) for infringing Article 17, 32, 5(1)(f) GDPR and Article 21 LSSI. The fine was imposed after investigating two complaints45 KB (7,217 words) - 14:40, 13 December 2023
- ANSPDCP (Romania) - ING Bank N.V. Amsterdam – Bucharest Branch (category Article 5(1)(a) GDPR)controller processed personal data in violation with the provisions of Article 5(1)(a-d)GDPR (the principles of: lawfulness, fairness and transparency; purpose5 KB (653 words) - 15:18, 13 December 2023
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled27 KB (4,216 words) - 13:26, 8 January 2024
- OLG Stuttgart - 9 U 34/21 (category Article 82 GDPR)data breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal60 KB (10,254 words) - 11:22, 22 December 2021
- AEPD (Spain) - PS/00299/2019 (category Article 7 GDPR)in the terms required by article 22.2. ”, and may be sanctionednothing with a fine of up to € 30,000, in accordance with article 39 of the aforementioned21 KB (3,202 words) - 14:54, 13 December 2023
- CNIL (France) - SAN-2023-016 (category Article 5(1)(b) GDPR)breached Article 5(1)(b) GDPR. Therefore, the DPA handed down a 'call to order' against the joint controllers for breaching Article 5(1)(b) GDPR, and no27 KB (4,166 words) - 17:06, 6 December 2023
- AEPD (Spain) - PS/00070/2019 (category Article 5 GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- Personvernnemnda (Norway) - PVN-2022-19 (category Article 17(1)(a) GDPR)public interest in accordance with national law. It follows from Article 5(1)(b) GDPR that further processing for archival purposes in the public interest23 KB (3,547 words) - 10:05, 17 November 2023
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)breach of the obligations of Article L. 34-5 of the Postal and Electronic Communications Code 11. According to article L. 34-5 of the CPCE: " Direct prospecting48 KB (7,525 words) - 17:02, 6 December 2023
- GHAL - 200.186.790/01 (category Article 6(1)(b) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- Helsingin hallinto-oikeus (Finland) - H5259/2022 (category Article 6 GDPR)the social and health authority of a city to had breached Article 6 GDPR and Article 10 GDPR by requesting data subjects to provide it with personal data43 KB (6,678 words) - 08:41, 4 March 2024
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)resulting from Article L. 34-5 of the CPCE and Article 7-1 of the GDPR. B. On the breaches relating to the exercise of rights 27. According to Article 12 of the59 KB (9,623 words) - 17:03, 6 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)(infringement of Article 24 and 5.2 GDPR)Second vemreermiddel: the request of the complainant 's request for erasure in themeaning of Article 17 GDPR; third party67 KB (10,544 words) - 09:24, 10 September 2021
- HDPA (Greece) - 24/2022 (category Article 5(1)(a) GDPR)principles of legality, transparency and security under Article 5(1)(a) and (f) GDPR, and Article 32(1)(2) GDPR, as well as failure to satisfy the right of access8 KB (1,087 words) - 16:32, 15 November 2022
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- CNIL (France) - MED-2019-027 (category Article 24(1) GDPR)design and default. The CNIL ordered the Ministry to comply with Article 24 and 25 GDPR regarding the collection and further processing of personal data21 KB (3,274 words) - 17:08, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9574709 (category Article 12 GDPR)Moreover, the information provided as per Article 13 GDPR were not compliant with the requirements of Article 12 GDPR in light of the fact that TikTok services17 KB (2,519 words) - 15:55, 6 December 2023
- HDPA (Greece) - 2/2023 (category Article 5(1) GDPR)protected by article 5 par. 1 item a) GDPR, in conjunction with Article 13 GDPR. 12. Because, since a lack of compliance with the provisions of article 5 par.31 KB (5,021 words) - 16:15, 18 July 2023
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)found violations of Articles 5(1)(c) and 6 GDPR and Article 29(1) of Law 125(I)/2018. Concerning the violation of Article 29(1) of Law 125(I)/2018, the31 KB (4,973 words) - 16:50, 6 December 2023
- AEPD (Spain) - E/09353/2019 (category Article 5(1)(f) GDPR)integrity and confidentiality when processing personal data according to Article 5(1)(f) GDPR. The AEPD confirmed that there was no Facebook profile with the name8 KB (1,152 words) - 13:42, 13 December 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)purpose limitation in accordance with Article 5 Paragraph 1 Letter b GDPR (Paal/Pauly/Paal, 3rd edition 2021, GDPR Article 15 Rn. 24). The plaintiff has a right32 KB (5,093 words) - 16:07, 11 September 2022
- HDPA (Greece) - 35/2022 (category Article 5(1)(a) GDPR)lawfulness and transparency (Article 5(1)(a), 6 and 9 GDPR) as well as its obligations under Article 12, 14, 15 and 27 GDPR. The DPA fined the controller8 KB (1,122 words) - 12:31, 20 July 2022
- AEPD (Spain) - PS/00483/2020 (category Article 5(1)(f) GDPR)established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there32 KB (4,834 words) - 14:43, 13 December 2023
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)more personal data than strictly necessary within the meaning of Article 5(1)(c) of the GDPR. The FPS Finance therefore does not comply with the data minimization124 KB (18,772 words) - 17:01, 12 December 2023
- Persónuvernd (Island) - 2022020363 (category Article 5 GDPR)and thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing142 KB (22,881 words) - 12:42, 16 January 2024
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)BKR is covered by Article 6, clause 1 (c) of the AVG and not by Article 6, clause 6 (f) of the AVG. The BKR itself refers to Article 6, clause 1 (f) of91 KB (15,371 words) - 15:11, 5 October 2021
- AEPD (Spain) - PS/00389/2019 (category Article 5 GDPR)conferred on each individual by Article 58(2) of the GPRS, the authority, and in accordance with Article 47 of Organic Law 3/2018, of 5 December, Protection of31 KB (4,819 words) - 14:34, 13 December 2023
- AEPD (Spain) - PS/00430/2020 (category Article 4(11) GDPR)his/her consent. The DPA first outlined Article 6(1)(a) and (b) GDPR, Articles 4(11) GDPR on consent, as well as Article 6 of the Spanish Data Protection Law31 KB (4,738 words) - 14:39, 13 December 2023
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)organization (definition) Article 5.1: Data processing principles Article 5.1.a: Principle of legality, objectivity and transparency Article 5.1. b: Principle of9 KB (1,168 words) - 15:30, 6 December 2023
- NAIH (Hungary) - NAIH/2020/32/4 (category Article 5(1) GDPR)right of access under Article 15 of the GDPR and the right to erasure (‘forgotten’) under Article 17 of the GDPR, Article 12 of the GDPR on measures to exercise75 KB (12,586 words) - 10:10, 17 November 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 5(1)(f) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)lawfulness, the Litigation Chamber concludes that Article 5.1.a. of the GDPR in conjunction with Article 6 of the GDPR have not been complied with with regard to37 KB (5,765 words) - 09:53, 14 December 2023
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)accountability pursuant to Article 5(2) UK GDPR because it failed to demonstrate compliance with Article 5(1)(a) and (c) UK GDPR principles of lawfulness129 KB (17,281 words) - 14:57, 10 April 2024
- UODO (Poland) - DKE.561.13.2020 (category Article 31 GDPR)(1)-(3), Article 83 (5)(e) in connection with Article 31, Article 58 (1)(e), Article 58 (2)(i) of Regulation EU 2016/679 of the European Parliament and27 KB (4,446 words) - 09:51, 17 November 2023
- BVwG - W214 2233132-1/27E (category Article 15 GDPR)under the GDPR and the controller could not comply with its obligation under Article 19 GDPR. For this reason, the court held that the GDPR violation did87 KB (14,194 words) - 10:07, 15 February 2024
- AEPD (Spain) - E/00113/2019 (category Article 4(11) GDPR)timetable" "B.- In accordance with Article 67 of the GDPR, the Inspectorate of the AEPD, in accordance with Article E/0113/2019, carried out the following27 KB (4,497 words) - 13:38, 13 December 2023
- ANSPDCP (Romania) - S.C. Viva Credit IFN S.A. (category Article 12(3) GDPR)frame necessary about the outcome of a request to have data erased under GDPR Article 17. The National Supervisory Authority conducted an investigation into4 KB (565 words) - 15:20, 13 December 2023
- AEPD (Spain) - PS/00209/2019 (category Article 57(1) GDPR)time limit for payment is until 5 of the second next or immediate working month. Pursuant to Article 82 of Law 62/2003 of 30 December on¬ tax, administrative26 KB (4,212 words) - 14:10, 13 December 2023
- AEPD (Spain) - PS/00120/2020 (category Article 13 GDPR)to the claimed, by thealleged violation of Article 5.1.c), 5.1 f) and 13 of the RGPD, typified in Article83.5 of the RGPD.FIFTH. On 07/29/20, a Proposal31 KB (4,808 words) - 14:01, 13 December 2023
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- OGH - 6Ob159/20f (category Article 12(1) GDPR)under Article 15 GDPR to the defendant and requested i.a. information on concrete recipients of their personal data under Article 15(1)(c) GDPR. The defendant22 KB (3,310 words) - 07:44, 5 October 2021
- Rb. Amsterdam - C/13/692003/HA RK 20-302 (category Article 15(1) GDPR)the GDPR, [applicants] suffered immaterial damage estimated at € 750 per applicant. Uber must compensate for that damage under Article 82 GDPR. 3.5. Uber30 KB (4,797 words) - 10:03, 19 May 2021
- UODO (Poland) - ZSZZS.440.768.2018 (category Article 5(1)(c) GDPR)connection with Article 5 paragraph 1 point c, Article 9 paragraph 1, Article 58 paragraph 2 point f, point g and point i and with Article 83 paragraph 232 KB (5,139 words) - 10:02, 17 November 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)subject relied on the GDPR to anonymise and redact deeds which were key to the proceedings, on the basis of Article 5(1)(c) GDPR (data minimisation). In103 KB (17,620 words) - 10:13, 29 November 2023
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph28 KB (4,527 words) - 15:58, 26 April 2022
- NAIH (Hungary) - NAIH/2020/193/8 (category Article 5(1)(d) GDPR)been deleted by the employer upon request pursuant to Article 16, Article 17 and Article 5(1)(d) GDPR (inaccuracy of personal data). Therefore, the employer58 KB (9,413 words) - 10:11, 17 November 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)that a controller is allowed to reject a request to access under Article 12(5)(b) GDPR as "excessive" if the request's sole purpose is to verify the validity40 KB (6,325 words) - 16:12, 18 May 2022
- EWHC (UK) - Johnson v Eastlight Community Homes Ltd (category Article 82 GDPR)principles to the GDPR; (b) The effect (if any) of the remaining claims Article 5(1)(f) GDPR (the data security principle), the Article 8 claim and46 KB (7,676 words) - 10:45, 7 December 2021
- GHDHA - 200.274.807 / 01 (category Article 6(1)(f) GDPR)her life. Her objection to processing follows from Article 21(1) GDPR. ING argues that Article 21(1) GDPR cannot be relied on in this case because it applies29 KB (4,710 words) - 12:25, 4 October 2021
- CNIL (France) - MED-2020-015 (category Article 5(1)(a) GDPR)with the terms of the decree of 29 May 2020, pursuant to Article 5-1-a) of the RGPD. Article 5(1)(a) of the Regulation stipulates that: personal data must33 KB (5,322 words) - 17:08, 6 December 2023
- AEPD (Spain) - EXP202211953 (category Article 5(1)(a) GDPR)adequate information under Article 13 GDPR, and for the processing of personal data in a manner contrary to Article 5(1)(a) of the GDPR. A data subject submitted85 KB (13,042 words) - 12:42, 13 December 2023
- AEPD (Spain) - PS/00254/2019 (category Article 4(12) GDPR)infringement of Article 32.1 of the GDPR typified as a serious infringement in Article 73 f) of the LOPDGDD and in Article 83.4 of the GDPR. For its part39 KB (6,341 words) - 14:23, 13 December 2023
- BVwG - W211 2210458-1/10 (category Article 5(1)(a) GDPR)for in Article 13, paragraph 5 of the DSG and Article 50d, paragraph 1 of the DSG 2000 violates Article 13, paragraph 5 in conjunction with Article 62, paragraph92 KB (15,435 words) - 16:00, 22 March 2022
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)Paal in Paal/Pauly, DSGVO/BDSG , Article 15 paragraph 33; Schaffland/Holthaus in Schaffland/Wiltfang, GDPR, Article 15 GDPR paragraph 44; loc. A. Härting97 KB (16,519 words) - 09:57, 22 February 2023
- VG Potsdam - VG 3 K 1458/19 (category Article 17 GDPR)the alert on the SIS system under Article 17(1)(d) GDPR. The reason for the data subject invoking the GDPR is that Article 53(1) Regulation (EU) 2018/186123 KB (3,560 words) - 14:17, 21 February 2024
- AEPD (Spain) - EXP202200436 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: Notification of the aforementioned start-up8 KB (1,143 words) - 13:02, 13 December 2023
- AN - SAN 3073/2022 (category Article 5(1)(c) GDPR)the company would have breach the data minimisation principle from Article 5(1)(c) GDPR. With regard to the union's demand to provide a list of the workers'34 KB (5,374 words) - 14:21, 24 November 2022
- AEPD (Spain) - PS/00005/2020 (category Article 5(1)(c) GDPR)against the defendant, for the alleged infringement of Article 5.1.c) of the RGPD, typified in Article 83.5 of the RGPD. FOURTH: On 06/02/20, this Agency received13 KB (1,795 words) - 13:47, 13 December 2023
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)principle, namely the breaches of articles 5-1-c), 5 -1 e), 13, 32 and 35-1 of the GDPR; no breach of Article 6 of the GDPR and of Directive 2002/58 / EC of the61 KB (10,028 words) - 17:09, 6 December 2023
- AEPD (Spain) - PS/00054/2020 (category Article 5(1)(c) GDPR)violation of article 5.1.c), typified in article 83.5 of the aforementioned rule, a sanction of APPEARANCE. SECOND: ORDER, under the provisions of article 58.237 KB (6,022 words) - 13:52, 13 December 2023
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)purposes in Article 73, sections j), k) and p) of the LOPDGDD, for violation of article 44 of the RGPD typified in accordance with article 83.5.c) of the287 KB (48,336 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00128/2020 (category Article 83(5)(b) GDPR)for an infringement of article 13 of the RGPD, typified in article 83.5.b) of the RGPD, a warning sanction in accordance with article 77.2 of the LOPDGDD39 KB (5,912 words) - 14:02, 13 December 2023
- UODO (Poland) - DKN.5130.2815.2020 (category Article 5(1)(f) GDPR)57(1)(a) and Article 58(2)(b) in connection with Article 5(1)(f), Article 24(1), Article 25(1), Article 32(1) and (2) of 2 of Regulation EU 2016/679 of the European37 KB (5,819 words) - 09:58, 17 November 2023
- HDPA (Greece) - 11/2024 (category Article 17 GDPR)information [...]". 5. Because according to the above article 17 of the GDPR, as it has been interpreted according to the content of the Guidelines 5/2019 of the36 KB (5,761 words) - 17:19, 22 April 2024
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(1) GDPR)banned from the game. On 30 May 2019, the data subject filed an access request at the controller pursuant to Article 15 GDPR. It is not clear from the26 KB (3,820 words) - 16:22, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9795350 (category Article 5(1)(a) GDPR)required by Article 12 GDPR. The DPA clarified that the right of information and the right of access are distinct. An access request under Article 15 GDPR is not90 KB (14,651 words) - 08:07, 5 September 2022
- CE - 437808 (category Article 83 GDPR)Secondly, under Article 83 of the GDPR: "1. Each supervisory authority shall ensure that administrative fines imposed under this article for violations13 KB (1,928 words) - 09:51, 10 September 2021
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)this regard within the meaning of Article 2 (2) point d) GDPR. Whichcertain officials of the defendant under Article 5, §2 of the Second Ordinanceare appointed41 KB (6,354 words) - 16:59, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6609/163/19 (category Article 5(1)(c) GDPR)processed" (Article 5(1)(c) GDPR). The Finish DPA ruled that the controller did not comply with the principle of data minimization set out in Article 5(1)(c)13 KB (1,873 words) - 13:06, 3 March 2024
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)violated the general data protectionArticle 5 (1) (a), Article 5 (2), Article 12 (1) and (4) ofArticle 14, Article 15 and Article 21 (4).1.3. The Authority condemns192 KB (30,170 words) - 10:11, 17 November 2023
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- BVwG (Austria) - W211 2268942-1 (category Article 55(3) GDPR)interpretation of Article 55(3) GDPR would not cover this as judicial activity. Therefore, the complaint is not admissible in accordance with Article 130 Paragraph75 KB (12,118 words) - 15:46, 14 February 2024
- Tietosuojavaltuutetun toimisto (Finland) - 6652/154/19 (category Article 17(3)(b) GDPR)request because the processing was necessary according to Article 17(3)(b) GDPR and Article 17(3)(e) GDPR. The controller stated that, according to Chapter 819 KB (2,951 words) - 12:30, 23 April 2024
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- AEPD (Spain) - PS/00172/2020 (category Article 6(1) GDPR)infringements of article 6.1 and 7 of Regulation (EU) 2016/679 (Regulation General Data Protection, hereinafter RGPD) typified in article 83.5 of the aforementioned38 KB (6,160 words) - 14:06, 13 December 2023
- Datatilsynet (Norway) - 21/02873 (category Article 12(5) GDPR)in Article 12(5) GDPR, Article 15(4) GDPR or Article 16 of the Norwegian Personal Data Act were applicable. The DPA ordered the controller (Article 58(2)(d)13 KB (1,583 words) - 16:20, 6 December 2023
- 3.2.3. To an objection by the BF according to Art 21 GDPR According to Article 21 Paragraph 1 GDPR, every person concerned has the right to object at any30 KB (4,834 words) - 13:14, 10 November 2021
- HDPA (Greece) - 2/2022 (category Article 5(1)(c) GDPR)National Defense violated the principle of dataminimisation under Article 5(1)(c) GDPR. It reasoned that the Type A Certificate's general purpose is to14 KB (2,093 words) - 17:06, 10 February 2022
- AEPD (Spain) - PS/00326/2020 (category Article 37(1)(a) GDPR)accordance with the provisions of article 25 and section 5 of C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 5/5 the fourth additional provision14 KB (1,992 words) - 14:29, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)processing was therefore in breach of Article 5(1)(a) and Article 6(1)(c) of the GDPR. The DPA also ruled out Article 6(1)(f) on the grounds of domestic law:76 KB (11,147 words) - 16:58, 6 December 2023
- UODO (Poland) - DKN.5131.6.2020 (category Article 33(1) GDPR)as Article 57 (1) (a), Article 58 (2) (e) and (i), Article 83 (1) - (3) and Article 83 (4) (a) in connection with Article 33 (1) and Article 34 (1), (2)66 KB (10,785 words) - 10:00, 17 November 2023
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)information obligation provided for a / 'article 14, §5, (c) of the GDPR. (...) Pursuant to article 14, §5, (c) of the GDPR, the responsibility for processing72 KB (11,389 words) - 08:59, 20 August 2021
- AEPD (Spain) - PS/00190/2020 (category Article 5(1)(f) GDPR)violation of article 5.1.f) of the RGPD, typified in article 83.5 of the GDPR. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 2/5 FOURTH: On14 KB (2,143 words) - 14:09, 13 December 2023
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)opening clause in Article 86 GDPR if the disclosure involves personal data? The court held that the VIG complies with Article 86 GDPR: The provisions of40 KB (6,397 words) - 08:03, 21 March 2022
- AEPD (Spain) - EXP202105669 (category Article 5(1)(f) GDPR)violation of article 5.1.f) of the GDPR, typified in article 83.5 of the GDPR, a warning sanction and for a violation of article 32 of the GDPR, typified45 KB (6,998 words) - 12:58, 13 December 2023
- UODO (Poland) - DKE.561.1.2020 (category Article 31 GDPR)and the Council in the context of Article 31, Article 58(1)(e) in conjunction with Article 83(1) to (3) and Article 83(5)(e) of Regulation 2016/679 of the31 KB (5,101 words) - 09:52, 17 November 2023
- IMY (Sweden) - DI-2020-10518 (category Article 12(3) GDPR)Klarna violate Article 15 of the GDPR? The DPA considered that Klarna failed to process the request within the timeframe required by Article 12(3) and without18 KB (2,003 words) - 15:22, 6 December 2023
- AEPD (Spain) - PS/00430/2018 (category Article 4(7) GDPR)( *** POSITION 1) for an infraction of Article 6.1.f) of the GDPR, in accordance with Article 83.5 of the GDPR ”. In the face of it, no allegations have40 KB (6,508 words) - 14:39, 13 December 2023
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)meaning of Article 5.1.c. AVG). 13. The transcript of the hearing is subsequently transmitted to the parties on 28 June 2023; in accordance with Article 54 of39 KB (6,247 words) - 09:14, 15 November 2023
- Garante per la protezione dei dati personali (Italy) - 9304448 (category Article 5(1)(b) GDPR)principles of purpose limitation and data minimization under Article 5(1)(b) and (c) GDPR. A request of civic access was presented to the Udine City Council13 KB (2,045 words) - 15:48, 6 December 2023
- HDPA (Greece) - 12/2024 (category Article 17 GDPR)according to which data subjects may request delisting as under Article 17.1 GDPR. 30. The GDPR therefore changes the burden of proof, providing a presumption37 KB (5,933 words) - 16:53, 19 April 2024
- AEPD (Spain) - PS/00143/2020 (category Article 5(1)(f) GDPR)breach of Article 5(1)(f) GDPR ("integrity and confidentiality"). Therefore, the Spanish DPA held that there was an infringement of the GDPR. It imposed17 KB (2,578 words) - 14:05, 13 December 2023
- HDPA (Greece) - 9/2024 (category Article 5(1)(a) GDPR)fine of €6,000 imposed for violation of Article 32 GDPR and a fine of €5,000 for the violation of Article 5(1)(a) GDPR. Additionally instructed the erasure102 KB (17,186 words) - 13:46, 26 April 2024
- DSB (Austria) - 2020-0.083.190 (category Article 82(6) GDPR)amended; Article 82 para 6 of Regulation (EU) 2016/679 (Basic Data Protection Regulation - DSGVO), OJ L 207, 30.12.2009, p. 1. No. L 119 of 4.5.2016, p8 KB (961 words) - 13:48, 12 May 2023
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)including Article 129 WEC which implements Article 5.3 of Directive 2002/5815 (hereinafter, "ePrivacy Directive"), in accordance with Article 14 § 1 of107 KB (17,697 words) - 16:52, 12 December 2023