Search results
From GDPRhub
- data can be transferred to a third country or an international organisation without the existence of an adequate level of protection or the implementation21 KB (1,831 words) - 08:51, 27 March 2023
- Persónuvernd (Iceland) (section Filing an Appeal)The Icelandic Data Protection Authority (Persónuvernd) is the national Data Protection Authority for Iceland. It resides in Reykjavík and is in charge2 KB (139 words) - 15:11, 1 December 2020
- Commission may not compel an undertaking to provide it with answers which might involve an admission on its part of the existence of an infringement which it22 KB (2,042 words) - 14:29, 20 November 2023
- of rights may apply, such as the preliminary results of an investigation, a decision opening an inquiry, etc.” Moreover, if special categories of personal44 KB (4,896 words) - 06:25, 16 June 2023
- officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner. Article29 KB (2,951 words) - 14:19, 25 July 2023
- a third country or an international organisation. Member States should notify such provisions to the Commission. Any transfer to an international humanitarian29 KB (3,500 words) - 08:54, 27 March 2023
- the Commission with an opinion on the certification requirements referred to in Article 43(8); (r) provide the Commission with an opinion on the icons27 KB (3,038 words) - 12:19, 11 October 2023
- Article 65 GDPR (section (c) Decision after an opinion of the EDPB not requested or followed by supervisory authority (SA))particular whether there is an infringement of this Regulation. Recital 143: Action for Annulment of Decisions of the EDPB and Right to an Effective Judicial Remedy33 KB (4,185 words) - 16:09, 2 November 2023
- paragraphs 1 and 2, the Board shall issue an opinion on the matter submitted to it provided that it has not already issued an opinion on the same matter. That opinion23 KB (2,079 words) - 16:07, 2 November 2023
- CNIL (France) (section Filing an Appeal)CNIL was established in 1978 with the law "Informatique et Libertés". It is an independent administrative authority led by a college of 18 members and a8 KB (824 words) - 22:52, 27 February 2024
- they form the Sanctions Board, which imposes the fines set out in the GDPR. An independent Expert Board is also appointed by the government for three-year5 KB (492 words) - 18:09, 19 March 2024
- connection, “an activity cannot be regarded as being purely personal or domestic where its purpose is to make the data collected accessible to an unrestricted34 KB (4,652 words) - 12:07, 12 November 2023
- in particular, the transmission of relevant information on the conduct of an investigation. 3. Requests for assistance shall contain all the necessary24 KB (2,181 words) - 11:46, 15 January 2024
- request an urgent opinion or an urgent binding decision from the EDPB where a CSA has not taken an appropriate measure in a situation where there is an urgent20 KB (1,590 words) - 16:11, 2 November 2023
- procedure is whether the "advice" of the DPA is indeed merely an advice, or whether it can be seen as an approval on moving forward with the processing operation31 KB (3,646 words) - 08:51, 21 July 2023
- 'not-for-profit' must be given an autonomous meaning, its interpretation in this context should not be determined by Member State law. Essentially, an NPO must not pursue26 KB (2,575 words) - 15:50, 9 November 2023
- IP (Slovenia) (section Filing an Appeal)is in charge of enforcing GDPR in Slovenia. The Information Commissioner is an autonomous and independent body and it oversees personal data protection and10 KB (1,242 words) - 10:51, 6 February 2024
- Data Protection Authority (DPA) for Norway, headquartered in Oslo. The DPA is an independent body established in 1980, through the Act No. 48 of 9 June 197810 KB (1,078 words) - 06:40, 26 March 2023
- Article 26 GDPR (section By means of an arrangement)requires the joint controllers have an arrangement that clearly allocates the roles of each party. This is not an absolute rule. Where the responsibilities37 KB (3,915 words) - 12:49, 24 May 2023
- of SAs extends to adequacy decisions adopted by the Commission. An SA is not bound by an adequacy decision adopted by the Commission under Article 45 GDPR47 KB (5,594 words) - 22:45, 1 April 2024
- law must be subject to "control by an independent authority." Independent supervisory authorities are also considered an essential component of the right27 KB (2,604 words) - 14:24, 16 January 2024
- DSB (Austria) (section Filing an Appeal)is no need to be represented by a lawyer an the procedure is rather informal and usually does not require an oral hearing. The filing fee is € 35. Applicants11 KB (1,468 words) - 13:27, 14 May 2023
- the body, including whether it is an internal or external one. For example, an internal body could be in the form of an “ad hoc internal committee”, or another30 KB (2,720 words) - 14:02, 28 July 2023
- activities of an establishment on SA's territory, affects data subjects on its territory, or where processing, by a controller or processor without an establishment35 KB (3,971 words) - 21:34, 1 April 2024
- re-organisation of an SA. The provision's aim of establishing an exhaustive list of grounds for the termination of a member's mandate is an attempt to safeguard29 KB (2,894 words) - 23:06, 1 April 2024
- The adherence of the processor to an approved code of conduct or an approved certification mechanism may be used as an element to demonstrate compliance13 KB (674 words) - 13:15, 2 June 2023
- is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to28 KB (3,831 words) - 16:21, 14 March 2024
- NAIH (Hungary) (section Filing an Appeal)personal data relating to him infringes the GDPR, he can submit an application for commencing an administrative procedure for data protection. The application7 KB (821 words) - 14:16, 7 March 2024
- example, a proportionate exemption will rightfully apply to an artistic photo meant for an exhibition, but not to the data of buyers that the art gallery33 KB (3,748 words) - 14:25, 7 November 2023
- According to Article 6(9) DMA, gatekeepers shall provide an end user and third parties authorised by an end user with effective portability of data provided40 KB (5,349 words) - 07:05, 1 June 2023
- this Article which intend to prepare a code of conduct or to amend or extend an existing code shall submit the draft code, amendment or extension to the supervisory44 KB (5,008 words) - 14:50, 28 July 2023
- harmonisation, in an attempt to confront a melting pot of legal principles, which are near impossible to fully reconcile. Article 88(1) GDPR acts as an opening clause32 KB (3,228 words) - 13:32, 30 November 2023
- Article 71 - Reports 1. The Board shall draw up an annual report regarding the protection of natural persons with regard to processing in the Union and15 KB (1,196 words) - 08:15, 19 October 2023
- or a specified sector within that third country, or an international organisation does not ensure an adequate level of protection, and imperative grounds17 KB (1,096 words) - 08:19, 19 October 2023
- officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner. Article23 KB (2,165 words) - 15:10, 27 July 2023
- authorised by Union law Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor14 KB (716 words) - 15:19, 28 April 2022
- supervisory authority under Articles 57 and 58, certification bodies which have an appropriate level of expertise in relation to data protection shall, after22 KB (1,634 words) - 14:40, 28 July 2023
- DPC (Ireland) (section Filing an Appeal)previously directly engaged with controllers in an "audit" procedure. The DPC now mentions the option to conduct an "inquiry" on their webpage, but highlights8 KB (1,034 words) - 14:13, 20 August 2021
- "right to rectification", addresses situations of inaccurate personal data with an additional right of the data subject that has a broader scope, but also requires23 KB (2,489 words) - 23:24, 6 March 2024
- to professional secrecy or an equivalent obligation of confidentiality under Union Law or the Member State Law, or under an obligation issued by the competent18 KB (1,599 words) - 12:26, 29 April 2022
- The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone20 KB (1,854 words) - 16:32, 8 March 2024
- of a misdemeanour procedure, provided that such an application of the rules in those Member States has an equivalent effect to administrative fines imposed19 KB (1,477 words) - 14:12, 7 November 2023
- interpretations include 1) documents generated by an authority in its official capacity and 2) all documents held by an authority. Recital 154 seems to lean towards22 KB (2,177 words) - 10:01, 19 March 2024
- UODO (Poland) (section Filing an Appeal)The President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) is the national Data Protection Authority for Poland. It3 KB (249 words) - 14:38, 1 December 2020
- constitute an appropriate safeguard for international data transfers. BCRs is one of the appropriate safeguards which can be used, in the absence of an adequacy29 KB (2,823 words) - 15:15, 28 April 2022
- a controller is processing inaccurate personal data and that this may have an adverse effect on them (e.g. inaccurate bank account details which may lead32 KB (3,730 words) - 08:43, 7 March 2024
- need for an EU framework to ensure the free flow of personal data within the European common market, the European Commission has proposed an EU Directive48 KB (5,978 words) - 15:57, 1 February 2024
- in Article 12(8) and Article 43(8) shall be conferred on the Commission for an indeterminate period of time from 24 May 2016. 3. The delegation of power19 KB (1,525 words) - 08:18, 19 October 2023
- the consistent application of this Regulation, the Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should19 KB (1,530 words) - 14:23, 12 October 2023
- not adopt such rules and is thus subject to the GDPR. As an illustration of this, in June 2020, an administrative court in Slovenia upheld a decision from25 KB (2,482 words) - 10:04, 19 March 2024
- is required by the consistency mechanism”. The authority tasked with such an important role is the European Data Protection Board (EDPB). The ultimate15 KB (851 words) - 06:55, 29 April 2022
- perform their tasks and exercise their powers with complete independence, is an essential component of the protection of natural persons with regard to the34 KB (3,649 words) - 13:19, 30 October 2023
- to act under Article 66(1) shall be presumed to be met and require an opinion or an urgent binding decision from the Board pursuant to Article 66(2). Recital22 KB (1,915 words) - 13:46, 15 January 2024
- order to demonstrate compliance with the GDPR. Certification is thus viewed as an accountability framework, promoting both legal compliance and transparency27 KB (2,452 words) - 14:26, 28 July 2023
- the consistent application of this Regulation, the Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should18 KB (1,327 words) - 12:36, 14 December 2023
- 4(25) GDPR, which in turn refers to Article 1(1) of Directive (EU) 2015/1535, an "information society service" (ISS) is any service normally provided for remuneration19 KB (1,335 words) - 13:56, 24 October 2023
- consistency mechanism, the Board should, within a determined period of time, issue an opinion, if a majority of its members so decides or if so requested by any22 KB (2,266 words) - 08:26, 17 October 2023
- third country, a territory or a specified sector within that third country, or an international organisation; standard protection clauses; formats and procedures15 KB (810 words) - 16:13, 2 November 2023
- as necessary to reconcile the right to the protection of personal data with an obligation of professional secrecy. This is without prejudice to existing15 KB (787 words) - 08:17, 19 October 2023
- in the Union” can be exercised based on a contract concluded with an individual or an organisation, provided that they are established in the Union. The25 KB (2,418 words) - 14:11, 24 May 2023
- based on the following factors. Unlike the Commission, the EDPS is itself an independent supervisory authority, has its own financial budget, independent20 KB (1,347 words) - 14:21, 17 October 2023
- not affect this Regulation or any other provisions of Union law and include an appropriate level of protection for the fundamental rights of the data subjects13 KB (450 words) - 08:22, 19 October 2023
- AZOP (Croatia) (section Filing an Appeal)The Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka) is the national Data Protection Authority for Croatia. It resides in2 KB (158 words) - 17:18, 22 October 2023
- service.’ The CJEU had previously ruled that a service may only be classified as an electronic communication service where it is responsible for the transmission20 KB (1,539 words) - 08:21, 19 October 2023
- Article 59 - Activity reports Each supervisory authority shall draw up an annual report on its activities, which may include a list of types of infringement15 KB (718 words) - 15:31, 19 October 2023
- the consistent application of this Regulation, the Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should20 KB (1,632 words) - 10:01, 11 October 2023
- disproportionate effort. It must therefore be concluded that the controller has an absolute obligation to record the recipients of personal data, in view of19 KB (1,436 words) - 12:35, 12 May 2023
- Commissioner (Cyprus) (section Filing an Appeal)The Commissioner for Personal Data Protection (Επίτροπος Δεδομένων Προσωπικού Χαρακτήρα) is the national Data Protection Authority for Cyprus. It resides2 KB (144 words) - 15:13, 1 December 2020
- AP (The Netherlands) (section Filing an Appeal)The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) is the national Data Protection Authority for Netherlands. It resides in The Hague and4 KB (380 words) - 12:08, 1 July 2023
- use of these identifiers can nevertheless be significant. If processed in an unsecured manner, they can notably lead to identity theft. The complexity15 KB (660 words) - 09:37, 1 December 2023
- AKI (Estonia) (section Filing an Appeal)The Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) is the national Data Protection Authority for Estonia. It resides in Tallinn and is2 KB (154 words) - 14:37, 1 December 2020
- IDPC (Malta) (section Filing an Appeal)You shall have the right to an effective judicial remedy against a Commissioner s decision. More information on how to file an appeal may be found at the4 KB (483 words) - 08:17, 12 July 2022
- CNPD (Luxembourg) (section Filing an Appeal)natural persons with regard to processing of their personal data. The CNPD is an independent public institution, financially and administratively autonomous10 KB (1,199 words) - 10:14, 19 October 2022
- the other supervisory authorities, the Chair has also the right to request an opinion of the EDPB on any matter of general application or producing effects15 KB (808 words) - 09:44, 17 October 2023
- supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against12 KB (295 words) - 08:25, 19 October 2023
- DVI (Latvia) (section Filing an Appeal)Section 24 of the Personal Data Processing Law, an administrative act issued by or actual action of an official of the DVI, may be contested in accordance6 KB (544 words) - 04:39, 11 October 2022
- not affect this Regulation or any other provisions of Union law and include an appropriate level of protection for the fundamental rights of the data subjects17 KB (1,142 words) - 15:41, 28 April 2022
- BlnBDI (Berlin) (section Filing an Appeal)The Berlin DPA (Berliner Beauftragte für Datenschutz und Informationsfreiheit) is the state Data Protection Authority for the German state of Berlin. It2 KB (164 words) - 09:53, 18 May 2022
- LfD (Lower Saxony) (section Filing an Appeal)specific law. The DPA follows a two-fold approch in their cases. First, they have an administrative procedure where they investigate the case, including assessing5 KB (465 words) - 08:57, 9 January 2024
- supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against13 KB (530 words) - 09:40, 3 October 2023
- UOOU (Czech Republic) (section Filing an Appeal)the Head of the DPA. This decision can then only be challenged by an action before an administrative court (judicial review - on a question of law). In5 KB (441 words) - 09:34, 17 September 2022
- BfDI (Germany) (section Filing an Appeal)electronic form according to § 14(3) BDSG at bfdi.bund.de (in German). In case of an obviously unjustified complaint or excessive complaints from one complainant3 KB (297 words) - 14:49, 1 December 2020
- HmbBfDI (Hamburg) (section Filing an Appeal)Hamburg. The Hamburg DPA is divided into different departments. It offers an organigram here. There is a Data Protection Act of Hamburg (Hamburgisches4 KB (363 words) - 22:01, 7 December 2020
- supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against16 KB (778 words) - 08:24, 19 October 2023
- APDCAT (Catalonia) (section Filing an Appeal)The Catalonian DPA (Autoritat Catalana de Protecció de Dades, in Catalan, or Autoridad Catalana de Protección de Datos, in Spanish) is the regional Data3 KB (182 words) - 13:19, 15 September 2021
- supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against17 KB (1,768 words) - 15:41, 18 March 2024
- VDAI (Lithuania) (section Filing an Appeal)The Data Protection Office (Valstybinė duomenų apsaugos inspekcija) is the national Data Protection Authority for Lithuania. It resides in Vilnius and2 KB (155 words) - 08:58, 17 November 2023
- CPDP (Bulgaria) (section Filing an Appeal)The Bulgarian Data Protection Authority (Комисия за защита на личните данни) is the national Data Protection Authority for Bulgaria. It resides in Sofia2 KB (158 words) - 14:35, 1 December 2020
- CNPD (Portugal) (section Filing an Appeal)The Portuguese Data Protection Authority (Comissão Nacional de Protecção de Dados) is the national Data Protection Authority for Portugal. It resides in5 KB (531 words) - 13:25, 3 May 2023
- UOOU (Slovakia) (section Filing an Appeal)the Slovak DPA has issued penalties in an amount of 132 600 €. The highest penalty imposed on the controller was an amount of 50 000 € for breaching obligations9 KB (1,006 words) - 07:13, 7 July 2021
- LfDI (Baden-Württemberg) (section Filing an Appeal)The Baden-Württemberg DPA (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg) is the state Data Protection Authority4 KB (275 words) - 11:13, 8 May 2022
- HBDI (Hesse) (section Filing an Appeal)The Hesse DPA (Hessischer Beauftragter für Datenschutz und Informationsfreiheit) is the state Data Protection Authority for the German state of Hesse.2 KB (164 words) - 13:59, 28 June 2022
- LFDI (Rhineland-Palatinate) (section Filing an Appeal)The Rhineland-Palatinate DPA (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz) is the state Data Protection Authority2 KB (170 words) - 22:26, 7 December 2020
- The Bavaria public sector DPA (Bayerischer Landesbeauftragter für den Datenschutz) is the state Data Protection Authority for the public sector for the2 KB (169 words) - 15:54, 21 September 2021
- The Saarland DPA (Unabhängiges Datenschutzzentrum Saarland) is the state Data Protection Authority for the German state of Saarland. It is charge of enforcing2 KB (160 words) - 14:50, 1 December 2020
- DSB (Saxony) (section Filing an Appeal)The Saxony DPA (Sächsische Datenschutzbeauftragte) is the state Data Protection Authority for the German state of Saxony. It is in charge of enforcing2 KB (160 words) - 22:28, 7 December 2020
- BayLDA (Bavaria) (section Filing an Appeal)The Bavaria DPA (Bayerisches Landesamt für Datenschutzaufsicht) is the state Data Protection Authority for the German state of Bavaria. It is in charge2 KB (174 words) - 13:49, 23 December 2021
- LfDI (Bremen) (section Filing an Appeal)The Bremen DPA (Landesbeauftragte für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen) is the state Data Protection Authority for the2 KB (167 words) - 22:24, 7 December 2020
- LfD (Saxony-Anhalt) (section Filing an Appeal)The Saxony-Anhalt DPA (Landesbeauftragter für den Datenschutz Sachsen-Anhalt) is the state Data Protection Authority for the German state of Saxony-Anhalt2 KB (167 words) - 22:23, 7 December 2020
- supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against15 KB (943 words) - 09:58, 8 November 2023
- LDI (North Rhine-Westphalia) (section Filing an Appeal)district administration court (Verwaltungsgericht) in Düsseldorf. Regularly an appeal against the courts decision is possible at the Superior Administrative4 KB (372 words) - 10:45, 22 September 2021
- The State Data Protection Inspectorate (Datenschutzstelle) is the national Data Protection Authority for Liechtenstein. It resides in Vaduz and is in charge2 KB (153 words) - 09:41, 30 April 2024
- The Mecklenburg-Vorpommern DPA (Landesbeauftragte für den Datenschutz Mecklenburg-Vorpommern) is the state Data Protection Authority for the German state2 KB (167 words) - 22:25, 7 December 2020
- LDA (Brandenburg) (section Filing an Appeal)The Brandenburg DPA (Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht) is the state Data Protection Authority for the German state2 KB (168 words) - 22:22, 7 December 2020
- ULD (Schleswig-Holstein) (section Filing an Appeal)The Schleswig-Holstein DPA (Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein) is the state Data Protection Authority for the German state2 KB (167 words) - 22:29, 7 December 2020
- TLfDI (Thuringia) (section Filing an Appeal)The Thuringia DPA (Thüringer Landesbeauftragte für den Datenschutz und die Informationsfreiheit) is the state Data Protection Authority for the German2 KB (165 words) - 14:54, 1 December 2020
- DBEB/AVPD (Basque Country) (section Filing an Appeal)The Basque DPA (DBEB, Datuak Babesteko Euskal Bulegoa, in Basque or AVPD, Agencia Vasca de Protección de Datos, in Spanish) is the regional Data Protection3 KB (195 words) - 13:21, 15 September 2021
- CTPDA (Andalusia) (section Filing an Appeal)The Andalusian DPA (Consejo de Transparencia y Protección de Datos de Andalucía) is the regional Data Protection Authority for the Spanish autonomous region3 KB (211 words) - 09:58, 18 June 2021
- Datainspektionen (Åland) (section Filing an Appeal)The Ålandic DPA (Datainspektionen på Åland, in Swedish) is the regional Data Protection Authority for Finland's autonomous region of Åland. It is in charge3 KB (209 words) - 14:42, 30 November 2021
- IMY (Sweden) (section Filing an Appeal)own motion. They provide an overview of their policy to ex officio supervision on their webpage. In addition they provide an overview over which sectors4 KB (356 words) - 11:51, 20 October 2022
- Verlag 2017). Generally, when terms are not defined in Union law, they take on an autonomous meaning, any definitions drawn from national law cannot be relied27 KB (2,619 words) - 14:52, 16 November 2023
- EDPS reaches 100 employees. In 2019, the EDPS starts supervising Eurojust - an EU agency in charge of combating serious forms of crime - in its processing8 KB (1,078 words) - 12:58, 10 May 2024
- supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against29 KB (3,695 words) - 13:44, 21 March 2024
- regards to assessing safeguards whether the presence of an ombudsperson can ensure that the US provides an effective remedy to data subjects whether the SCCs12 KB (1,780 words) - 17:22, 10 March 2022
- The adherence of the processor to an approved code of conduct or an approved certification mechanism may be used as an element to demonstrate compliance182 KB (24,065 words) - 13:40, 9 July 2021
- advising the Commission. Article 71 GDPR states that the EDPB must draw up an annual report regarding the protection of natural persons with regard to data2 KB (207 words) - 14:56, 7 December 2023
- on European Union, where an interpretation of the Treaties is not comprehensible and must thus be considered arbitrary from an objective perspective. If18 KB (1,831 words) - 13:49, 3 November 2022
- The CJEU held that an Internet search engine operator is considered the controller (Article 2(d) Directive 95/46) in respect of the processing (within16 KB (2,423 words) - 13:03, 1 June 2023
- Planet49 organized an online lottery hosted on their webpage. In order to participate in the lottery the participant had to enter a name and an address. Underneath6 KB (893 words) - 15:22, 24 March 2022
- indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors108 KB (17,097 words) - 13:52, 12 May 2023
- 28 February 2022, the data subject filed an access request. Example: Not On 28.02.2022, the data subject filed an access request. Example: Not On February17 KB (2,510 words) - 13:56, 24 April 2023
- submitted by a candidate at a professional examination and any comments made by an examiner with respect to those answers constitute personal data. The claimant6 KB (766 words) - 21:17, 5 March 2024
- activities of an establishment of the controller on the territory of the Member State. It stated this notion of 'in the context of the activities of an establishment'13 KB (1,888 words) - 13:07, 1 June 2023
- Directive 96/45 is defined as information relating to an identified or an identifiable natural person. Also, an identifiable person is one who can be identified9 KB (1,113 words) - 13:10, 1 June 2023
- of such assumed political opinions of him. Therefore, the claimant brought an action for non-material damages before the Regional Court for Civil Law Matters5 KB (683 words) - 12:50, 28 June 2023
- Compliance with an approved code of conduct referred to in Article 40 or an approved certification mechanism referred to in Article 42 may be used as an element48 KB (7,442 words) - 10:24, 12 September 2022
- further considers that a company, an autonomous legal person, of the same group as the controller, can constitute an establishment of the controller within93 KB (14,936 words) - 17:09, 6 December 2023
- concept of an undertaking, as defined in Articles 101 and 102 TFEU, and the principle of an economic entity, with the result that proceedings for an administrative7 KB (936 words) - 16:39, 12 December 2023
- indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors51 KB (8,592 words) - 07:03, 2 November 2021
- from a job applicant what data an employer requests from an employee under which conditions it is permissible to process an employee's personal data on the9 KB (1,215 words) - 16:58, 18 May 2021
- complying with an Instruction; (b) an Instruction does not comply with European Data Protection Law; or (c) Google is otherwise unable to comply with an Instruction117 KB (18,075 words) - 10:19, 12 September 2022
- Was this an appeal? Choose yes, if this case was an appeal from a lower court or from any other decision. Original Decision Details: If this was an appeal17 KB (2,638 words) - 11:18, 19 February 2024
- consuming compared to accepting. An “opt-out” solution would not meet the requirements for a valid consent, as it would not be an “unambiguous indication of18 KB (2,375 words) - 16:17, 6 December 2023
- too high, an impact assessment. Additionally, the DPA issued a warning that the use of G Suite’s supplementary programs without carrying out an impact assessment75 KB (11,733 words) - 16:33, 21 August 2022
- Ch D165). However, the Minors’ Contracts Act 1987 states that an 18 year old can ratify an unenforceable contract entered into when they were under 18 years14 KB (2,011 words) - 15:42, 25 November 2020
- in itself sufficient to achieve an acceptable level of protection in the context of data transfers to the US and that an analysis of the national provisions113 KB (12,773 words) - 15:20, 6 December 2023
- Personvernnemnda (Norway) (section Filing an appeal)administrative procedure, but can be appealed to the courts. Personvernnemnda is an independent administrative body subordinated to the Norwegian Ministry of5 KB (427 words) - 15:48, 24 January 2022
- of the data subject's age that a refusal to disclose to an injured party personal data is not an appropriate measure when these data are necessary to initiate5 KB (749 words) - 12:58, 1 June 2023
- Protection Authority handles complaints filed with them. An appeal can be brought to Personvernnemda, an independent administrative body following § 15 of the8 KB (1,064 words) - 12:53, 23 June 2023
- Information relating to legal proceedings brought against an individual and information relating to an ensuing conviction are data relating to ‘offences’ and4 KB (438 words) - 14:23, 11 August 2022
- the controller relies on an overall bundled consent to anything contained in the terms and the privacy policy. This represents an “all-or nothing” approach53 KB (8,413 words) - 14:10, 30 January 2023
- already an unlawful transfer of personal data to the USA and thus to a third country. Irrespective of the geographical storage of the data, there is an accessibility62 KB (10,113 words) - 12:48, 17 August 2022
- carried out an initial phase of analysis of the security flaw, which led to an action plan to be implemented from June 2018. She also indicated that an initial41 KB (6,558 words) - 17:09, 6 December 2023
- concerns a complaint from an X AS against the Data Inspectorate's decision of 14 July 2021, where the inspectorate charged the company an infringement fee of31 KB (5,018 words) - 18:44, 5 March 2022
- stated by the CJEU that in the context of the examination of an abuse of a dominant position by an undertaking on a particular market, it may be necessary for8 KB (1,231 words) - 08:22, 6 July 2023
- citizen through his electronic identity card in the context of an IT application, must also an alternative that the use of the electronic identity card does60 KB (9,144 words) - 16:17, 22 March 2022
- consumer in an alternative relationship to the button "Accept all". Thus, the wording "Change settings" does not contain an unambiguous reference to an alternative66 KB (9,990 words) - 12:30, 29 January 2024
- October 2020 (Annex K11, file, p. 421), the plaintiff received an answer from a landlord to an enquiry about a flat, stating that they could not rent him a51 KB (8,215 words) - 09:55, 13 May 2022
- assessments on the website provide an e-mail address to the Medical List. This is not sensitive personal information. An email address in itself is not sensitive144 KB (23,058 words) - 18:48, 5 March 2022
- subjects UF and AB underwent insolvency proceeding in Germany and were granted an early discharge from remaining debts by court decisions of 17 December 202015 KB (2,180 words) - 08:23, 13 December 2023
- in itself sufficient to achieve an acceptable level of protection in the context of data transfers to the US and that an analysis of the national provisions131 KB (14,752 words) - 08:36, 5 July 2023
- personal information, for example as a customer to a supplier or as an employee or jobseeker to an employer. In a case like this, the criterion provides less guidance46 KB (7,024 words) - 06:18, 6 March 2022
- GDPR constitutes an instrument for the exercise of public rights, whereas the legal action provided for in Article 79 GDPR constitutes an instrument for9 KB (1,308 words) - 12:54, 28 June 2023
- because of an unresolved data breach, which allowed unauthorised users to access citizens' personal data via URL manipulation. On 20 June 2023, an individual9 KB (1,211 words) - 20:32, 8 January 2024
- identification of an interested party that is published in an official newspaper with the information that is recorded in the FIJ, constitutes in turn an infringement602 KB (102,229 words) - 14:21, 13 December 2023
- July 29, 2022, an explanation of what measures the data protection officer has taken as a result of the decision, unless it applies for an amendment to this49 KB (7,496 words) - 14:44, 24 January 2024
- indirectly, in particular by reference to an identifier such as a name, an identification number, a location data, an on-line identification or one or more79 KB (12,652 words) - 09:41, 10 September 2021
- directly or indirectly specifically identified referring to an identifier such as a name, an identification number, a location data or online identifiers121 KB (13,722 words) - 15:16, 5 July 2023
- in itself sufficient to achieve an acceptable level of protection in the context of data transfers to the US and that an analysis of the national provisions115 KB (12,842 words) - 08:38, 5 July 2023
- a general provision opening up for processing personal data that represent an important public interest based on a balancing of interest with the fundamental7 KB (793 words) - 14:08, 1 October 2021
- not limited by recital 63 GDPR. Article 12(5), 15(1) and 15(3) GDPR impose an obligation on a controller to provide the data subject, free of charge, with10 KB (1,478 words) - 11:17, 2 November 2023
- the City of Helsinki's Social services and healthcare division. As a part of an application process to volunteer as a support person for children and youth41 KB (6,555 words) - 08:37, 4 March 2024
- information about categories of recipients is sufficient. A data subject sent an access request to the Austrian Post (the controller) to obtain information8 KB (992 words) - 17:03, 4 February 2023
- investigation. As this is an international issue with complainants residing in various Member States, the Belgian DPA provides an interlocutory decision on19 KB (2,707 words) - 16:50, 12 December 2023
- assessed by national courts. Such an interpretation is capable of ensuring the protection of personal data and the right to an effective judicial remedy against13 KB (1,963 words) - 11:04, 5 January 2024
- Court pointed out there is no docuiment showing that the applicant submitted an inspection request of the procedural files at stake. Then, the Court clarified14 KB (2,154 words) - 16:27, 10 March 2022
- 24th February 2023 (Numero protocollo: 0033835) opened an investigation concerning ChatGPT, an AI service offered by the American company OpenAI. The investigation14 KB (2,049 words) - 07:46, 1 August 2023
- The data subject made an access request (DSAR) to Wise Payments Limited ("Wise"), a financial institution with which he had an account. Wise declined9 KB (1,191 words) - 08:44, 23 January 2024
- interface of the website. On the 23 September 2019, the controller learned that an ethical hacker managed to get access to the test database which contained49 KB (7,800 words) - 09:22, 5 January 2024
- 95/46 which is defined as any information relating to an identified or identifiable natural person, an identified person being one who can be identified directly6 KB (580 words) - 13:05, 1 June 2023
- Administrative Court (BVwG): "This does not include provisions totalling EUR 18m for an administrative fine imposed on Austrian Post by the Austrian Data Protection8 KB (611 words) - 16:12, 6 December 2023
- Anna Nichols Legal Trainee at noyb.eu n/a Please be aware that noyb employees, trainees, and members often act in their function as administrators of this477 bytes (68 words) - 17:03, 11 August 2020
- Constitutional Court, in Judgements 292/2000 and 254/1993, confirmed it as an autonomous right, independent of the rights to intimacy [privacy], honour15 KB (1,875 words) - 16:18, 13 July 2022
- determining the conclusion of an employment agreement or for the execution of that agreement. There are provisions about the validity of an employee's consent, the10 KB (1,037 words) - 14:52, 10 July 2020
- translation of the documents provided by the parties. On the 4th of February, an inspection report (of 13th July, 2020) was provided to the parties in French8 KB (1,156 words) - 16:56, 12 December 2023
- data, and repealing Directive 95/46/EC (General Data Protection Regulation). An English translation is available here. There are no provisions in the national16 KB (2,260 words) - 19:26, 30 November 2021
- committed an infringement of Article 83(4)-(6) GDPR. On 24 March 2020, the Lithuanian Minister of Health approved the development and implementation of an IT9 KB (1,234 words) - 12:48, 25 January 2024
- The APD/GBA (the Belgian DPA) found that a hospital that requested an audit by an external expert was the controller for the audit-related processing activity7 KB (890 words) - 16:58, 12 December 2023
- Asked whether an assessment of the health status of the BF had taken place, the MP stated that when an insurance contract was taken out, an assessment of48 KB (7,816 words) - 11:04, 29 July 2022
- Administration Act states: When it is stipulated in law that an administrative sanction may be imposed on an enterprise, the sanction can be imposed even if no individual40 KB (5,943 words) - 18:54, 5 March 2022
- the vicarious liability of an employer for misuse of private information by an employee and for breach of confidence by an employee has not been excluded87 KB (14,773 words) - 09:28, 1 March 2022
- representatives do so for it. An administrative offence, however, is an unlawful and reproachable act that constitutes an offence under a law that allows36 KB (5,810 words) - 13:09, 21 January 2022
- learned this (following an access request under Article 15 GDPR), he filed a lawsuit against the defendant. He requested (i) an injunction that the defendant27 KB (4,090 words) - 09:54, 10 September 2021
- was an "isolated incident", which took place relatively shortly after "a new and very complex law was introduced" and that the rules concerning an employer's7 KB (802 words) - 18:53, 17 May 2022
- complaint about the Data Inspectorate's imposition of an infringement fee of NOK 400,000 for having monitored an employee's e-mail box without a legal basis, cf25 KB (4,046 words) - 18:37, 5 March 2022
- principle i Article 108 § 1 of the Act requires be maintained where an applicant brings an action before the Market Court which, as a result rights (may) have25 KB (3,812 words) - 10:03, 20 August 2021
- National Tax Number (NIF) of an alleged neighbour, in order to contact this third party for purposes of checking the boundaries of an allegedly adjacent land6 KB (657 words) - 10:02, 6 October 2021
- indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special32 KB (5,093 words) - 16:07, 11 September 2022
- for reporting on persons shifts from an interest that focuses on the crime and the perpetrator to an interest in an analysis of the prerequisites and consequences133 KB (21,944 words) - 15:59, 22 March 2022
- which are not obvious to an average visitor to the evaluation portal. In particular, the defendant does not establish such an obviousness by identifying121 KB (20,412 words) - 15:58, 10 March 2022
- Hellenic DPA imposed an administrative fine of €20,000 on a leasing company. They fined them €10,000 for violating Article 5(1)(c) GDPR, and an additional €106 KB (695 words) - 16:39, 9 January 2024
- used for the imposition of an administrative fine. AP disagrees. The two reported data breaches only prompted the AP to launch an investigation into OLVG's67 KB (11,415 words) - 17:15, 12 December 2023
- as joint controllers.-The complainant provides an overview of the provisions on which, according to him, an infringement has been committed. He also requests:148 KB (7,926 words) - 16:56, 12 December 2023
- (basic customers) were used on the site as an advertising platform for paying doctors (premium customers) in an inadmissible manner, partly due to functions143 KB (24,273 words) - 15:59, 10 March 2022
- service, I sent an election advertisement for the defendant, in order to to avoid using his professional messaging in his capacity as an MPP. [...] And35 KB (5,853 words) - 16:58, 12 December 2023
- in the form of [...]. On [...] November 2018. The Company received an e-mail from an unknown person informing about the theft of the Company's customer71 KB (11,304 words) - 10:01, 17 November 2023
- (simple administrative appeal, otherwise known as an application for judicial review). remedy). This is an 'informal' administrative remedy as opposed to14 KB (2,181 words) - 11:27, 13 September 2023
- access is understood to be an independent claim. In LAG Hessen 9 Sa 1431/19, the Court stated that "Nor is the applicant's action an abuse of rights. The right17 KB (2,758 words) - 14:10, 15 December 2021
- strictly necessary for the provision of an online communication service at the express request of the data subject. If an identifier had more than one purpose82 KB (13,463 words) - 17:03, 6 December 2023
- dismissed. 32 a) With an undated letter from February 2017 and an attached addendum to the insurance certificate, the defendant had declared an increase in the24 KB (3,847 words) - 15:19, 11 September 2022
- The parent's request was rejected and they had to provide the school with an additional form underlining the fact that their son was not Orthodox Christian12 KB (1,464 words) - 15:37, 6 December 2023
- the service (for example through a website, an application, an account with identifier, the interface of an IoT device or by email), it is obvious that113 KB (17,325 words) - 08:50, 19 March 2024
- the Data Protection Commissioner has requested an explanation from Verkkokauppa.com Oyj in the case with an explanation request dated 13 April 2021. The77 KB (12,352 words) - 07:20, 23 April 2024
- systematic is not such as to guarantee an appropriate involvement of the DPO, nor to establish his position in as an interlocutor within the organization66 KB (9,458 words) - 19:42, 4 September 2021
- Office of the Data Protection Commissioner has requested an explanation from the clinic with an explanation request dated August 25, 2020. The deadline52 KB (7,936 words) - 22:32, 2 March 2024
- indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors29 KB (4,557 words) - 15:33, 6 December 2023
- that it should have, the plaintiff filed an appeal with the court on February 21, 2020. The plaintiff also wants an assessment of the decision in which the25 KB (3,954 words) - 13:39, 16 November 2020
- the CNPD received several complaints and immediately started an investigation and issued an order to suspend the sending of personal data from the census163 KB (27,222 words) - 16:54, 6 December 2023
- The Spanish DPA fined an individual 10,000€ for publishing personal data of a third person without their consent on an online blog. A data subject filed22 KB (3,319 words) - 13:00, 13 December 2023
- appear when creating an account under each of the privacy settings. In addition, an email message is sent to users when they create an account stating that:90 KB (14,556 words) - 17:08, 6 December 2023
- as to the reliability of the AOD in the case - who, after all, is an entity with an interest in not disclosing the fact of the breach committed by its66 KB (10,785 words) - 10:00, 17 November 2023
- Article 83 of the RGPD that an administrative fine of EUR 500 000, an injunction accompanied by a periodic penalty payment and an additional publication penalty62 KB (10,001 words) - 17:09, 6 December 2023
- com/abstract=3319284. 10, i. An end user requests a web page; ii. The publisher's ad server on the web page selects an SSP; iii. The SSP then selects an Ad exchange; iv429 KB (58,279 words) - 09:12, 2 November 2022
- Chamber emphasises that the purpose of imposing an administrative fine is not to only to put an end to an offence committed but, above all, to ensure effective131 KB (22,429 words) - 16:57, 12 December 2023
- are monitored by an independent body. Art. 47 Charter of Fundamental Rights of the European Union – Right to an effective remedy and an impartial court158 KB (26,392 words) - 08:25, 7 June 2023
- therein do not allow an individual to challenge in court the election procedure of the head of a DPA. This judgement stemmed from an appeal against a decision14 KB (1,999 words) - 14:20, 18 July 2023
- its usual meaning, indicates a “faithful reproduction or transcription of an original” in opposition to a “purely general description” of data. The true3 KB (417 words) - 15:20, 8 May 2023
- necessarily understand that they are seeing an ad or how an ad has been targeted towards them. • There is also an assessment of the impact on human rights99 KB (14,431 words) - 16:20, 6 December 2023
- storage of the ID. Consent is also not valid if data subjects must complete an additional form setting out that refusal. Orange România SA is a provider8 KB (1,074 words) - 13:50, 11 August 2022
- 2021, it appears that «[…]». The company is now planning an IPO in 2022. The audit points out that an IPO of a company means that the public has a clear interest36 KB (5,859 words) - 06:40, 6 July 2022
- its holder. When an advantage or service is offered to a citizen by means of his identity card as part of a computer application, an alternative that does20 KB (3,137 words) - 16:51, 12 December 2023
- luz Energía (SIE) to via an SMS. 2nd. There is certification of the digital signature of the supply contract by sending of an SMS with SIE, on July 1432 KB (4,952 words) - 13:11, 13 December 2023
- The HDPA of Greece examined the complaint of an employee of the Hellenic Electricity Distribution Network Operator S.A. against the latter regarding a9 KB (1,089 words) - 15:35, 6 December 2023
- Regulation as follows: "Any information about an identified or identifiable natural person (" the data subject "); an identifiable natural person is a person26 KB (4,150 words) - 16:14, 6 December 2023
- Article 22(1) GDPR. In particular, it asked whether an automated creation of a credit score value constitutes an automated decision within the meaning of this52 KB (8,534 words) - 12:58, 15 December 2021
- about the health of an employee of such service, when those data are required for determining that employee's working capacity. Allowing an exception to the14 KB (1,916 words) - 16:03, 2 February 2024
- Article 83(5) GDPR provides that an infringer may be subject to an “administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of29 KB (4,384 words) - 16:00, 6 December 2023
- a delivery address is an absolute necessity for the delivery of goods to the customers. Thus, Intervare does not detect whether an address is secret, as24 KB (3,365 words) - 16:37, 6 December 2023
- An employee had submitted a complaint to the Greek Data Protection Authority about the video surveillance in the store in which she had worked. The Greek6 KB (719 words) - 15:36, 6 December 2023
- personal data passed on to an uninvolved and unauthorized third party. This will make the Plaintiff exposed and there is also an indirect threat of potential27 KB (4,216 words) - 13:26, 8 January 2024
- to process sensitive personal data When you leave an assessment on Legelisten.no, you must provide an e-mail address. For many, the email address contains16 KB (2,111 words) - 06:21, 6 March 2022
- The Rotterdam Court of First Instance rejected an access request to procedural files before the State of the Netherlands as inadmissible. The Court ruled15 KB (2,504 words) - 16:27, 10 March 2022
- property is Ms. A.A.A. with an e-mail address for notification purposes ***EMAIL.1 and the tenants are Mr. B.B.B. and Ms. C.C.C., with an e-mail address for notification39 KB (6,623 words) - 14:08, 13 December 2023
- section 25 of the Data Protection Act (1050/2018), an appeal against this decision may be lodged with an administrative court in accordance with the provisions43 KB (6,677 words) - 08:47, 27 January 2022
- resolution may be considered as an infraction. administrative action in accordance with the provisions of the RGPD, classified as an infraction in its article22 KB (3,303 words) - 13:28, 13 December 2023
- Authority first.C/ES/3409/13-05-2019 complaint by A concerning receipt of an unclaimed communication policy (e-mail message) to promote the candidacy of14 KB (2,070 words) - 15:38, 6 December 2023
- breach is an objective fact that does not coincide with the controller’s lack of appropriate security measures – i.e. the mere GDPR infringement. An annoyance39 KB (6,362 words) - 14:01, 22 June 2023
- Supervisory Authority, “an agreement whereby a minor user consents to the processing of his or her personal data in connection with the use of an information society17 KB (2,519 words) - 15:55, 6 December 2023
- ordered CARREFOUR BANQUE to pay an administrative fine of €800000. Insofar as the company took the necessary measures to put an end to the breaches of which48 KB (7,404 words) - 17:09, 6 December 2023
- complaint under Article 77 GDPR. A data subject made an access request with an address publisher and direct marketing company, the controller, asking it specifically47 KB (7,519 words) - 09:28, 13 February 2024
- restricted committee of the Commission impose an administrative fine on the two companies, as well as an injunction to bring into compliance the processing120 KB (19,650 words) - 09:00, 6 April 2022
- recipient, and revoked), by the exporter or by an entity trusted by the exporter under a jurisdiction offering an essentially equivalent level of protection30 KB (4,708 words) - 16:56, 6 December 2023
- Oy, a company that keeps a credit information register. This register gives an overview of the creditworthiness of debtors, whose debts are shown in the43 KB (6,671 words) - 08:49, 27 January 2022
- person, to an indeterminate number of individuals sicas 3. An approved certification mechanism may be used in accordance with article 42 as an element that270 KB (43,335 words) - 12:39, 13 December 2023
- not support as an interpretation that the legislator intended to extend the concept of "insured party" to apply also to the applicant an insurance before41 KB (6,133 words) - 10:29, 25 March 2024
- construction of an office building. During the project, workers who carried out activities at the construction site registered their presence through an electronic9 KB (1,372 words) - 10:12, 7 June 2023
- the claimant). The claimant states that, on January 3, 2019, he submitted an e-mail requesting the cancellation of the inclusion of his data in the Asnef26 KB (4,231 words) - 14:44, 13 December 2023
- by default (Article 25(2) GDPR). The DPA suggested that if an insurance company requests an individual's health information from healthcare services, the73 KB (11,237 words) - 05:34, 21 July 2022
- indirectly, in particular by means of an identifier, such as example a name, an identification number, location data, an online identifier or one or more elements66 KB (10,558 words) - 13:14, 13 December 2023
- validation for an email that did not belong to the data subject. The AEPD pointed out a violation of Article 6(1) GDPR by processing data without an adequate45 KB (7,135 words) - 13:08, 13 December 2023