Search results
From GDPRhub
- CNIL (France) - SAN-2022-019 (category Article 3(2) GDPR) (section English Machine Translation of the Decision)data subjects in the EU. (2) Secondly, the DPA held that the processing of the controller was linked to the monitoring of the behaviour of data subjects (Article11 KB (1,452 words) - 17:03, 6 December 2023
- Insolvency Act prohibits the Director of an insolvent company to use the name of that company in the 12 months leading up to the liquidation. The Insolvency Service5 KB (573 words) - 21:38, 21 April 2021
- redacted version of the document in question but sought to withhold the redacted information on the basis of section 40(2) of FOIA. 2. The Commissioner’s24 KB (3,788 words) - 16:22, 7 March 2022
- defined by the Data Protection Act 2018 (‘DPA’). By referring to section 3(2) of the DPA, the ICO stated that the withheld information in the audio record5 KB (673 words) - 16:37, 12 May 2020
- Article 9 GDPR (section (c) Protection of the vital interests of the data subject or of another natural person)high level of protection of natural persons and to remove the obstacles to flows of personal data within the Union, the level of protection of the rights and44 KB (5,905 words) - 14:00, 24 October 2023
- General to the DPA. The current Panel had been elected by the Italian Parliament on the 14 July 2020. The Garante operates under the GDPR and the national7 KB (808 words) - 08:17, 16 February 2023
- consequence, the exporter must verify the state of law and practice in the third country. The analysis should not cover the entire legal system of the third country34 KB (3,646 words) - 08:53, 27 March 2023
- indicates that the processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk. 2. Where the supervisory31 KB (3,646 words) - 08:51, 21 July 2023
- Article 32 GDPR (section (4) Natural persons acting under the authority of the controller or the processor)for ensuring the security of the processing. 2. In assessing the appropriate level of security account shall be taken in particular of the risks that are41 KB (5,197 words) - 12:17, 17 April 2024
- Secretariat, the Director of the Knowledge Center, the Director of the Front Line Service, the Inspector General and the President of the Litigation Chamber9 KB (993 words) - 07:10, 28 July 2022
- aware of the act. The enforcement of a DPA decision shall not be suspended during the deadline for the submission of the cancellation request. The complainant23 KB (2,039 words) - 08:15, 25 April 2024
- Public Authorties and Bodies In the context of the adoption of the Member State law on which the performance of the tasks of the public authority or public52 KB (7,297 words) - 08:05, 18 July 2023
- Article 40 GDPR (section (7-10) Role of the DPAs and the EDPB in the approval of codes with general validity)subjects; (f) the exercise of the rights of data subjects; (g) the information provided to, and the protection of, children, and the manner in which the consent44 KB (5,008 words) - 14:50, 28 July 2023
- Datatilsynet (Norway) (category DPA) (section Department for the enforcement of rules, international cooperation and sanctions)objections, the DPA will reassess the case and can, consequently, change parts of or their whole decision. The DPA will then send the recipient the final decision10 KB (1,078 words) - 06:40, 26 March 2023
- Article 4 GDPR (section (3) Restriction of processing)Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are125 KB (16,328 words) - 16:01, 8 March 2024
- in respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences54 KB (6,536 words) - 08:22, 16 June 2023
- consists of four internal organisational units: (1) the cabinet of the Information Commissioner, (2) the Sector for public information, (3) the Sector for protection10 KB (1,242 words) - 10:51, 6 February 2024
- provide the complainant with information about progress on the complaint, or of the outcome of the complaint, before the end of the period of 3 months beginning18 KB (2,488 words) - 15:22, 14 December 2021
- Article 42 GDPR (section (2) Demonstrating safeguards through data protection certification mechanisms, seals or marks)competent DPA.sIn any case, both must follow the certification criteria which will have previously been approved by the DPA or the EDPB. The fact that a certification27 KB (2,452 words) - 14:26, 28 July 2023
- Article 37 GDPR (section (2) Group of undertakings)excluded from the requirement to have a DPO, the reason for this being the principle that the judiciary is not subject to the authority of the DPA pursuant43 KB (4,904 words) - 12:59, 21 July 2023
- Article 47 GDPR (section (3) Exchange of Information)members; (b) the data transfers or set of transfers, including the categories of personal data, the type of processing and its purposes, the type of data subjects29 KB (2,823 words) - 15:15, 28 April 2022
- considers the decision invalid. However, a national court may not refer a question on the validity of the decision of the Board at the request of a natural30 KB (3,874 words) - 10:46, 7 December 2023
- “accredited” by the competent DPA for the purpose of ensuring compliance with the code of conduct. The criteria for this accreditation is provided in the section30 KB (2,720 words) - 14:02, 28 July 2023
- conflict of interests. 3. The accreditation of certification bodies as referred to in paragraphs 1 and 2 of this Article shall take place on the basis of criteria22 KB (1,634 words) - 14:40, 28 July 2023
- here. The budget of the CNIL is decided by the Parliament as part of the annual finance act. data on the budget since 2000 can be found here. You can help8 KB (824 words) - 22:52, 27 February 2024
- relevant, as to: (a) the purposes of the processing or categories of processing; (b) the categories of personal data; (c) the scope of the restrictions introduced;44 KB (4,896 words) - 06:25, 16 June 2023
- includes general elements of any procedure like the service of documents (Section 106 DPA 2018) or the appeals system (Section 150 DPA 2018) in data protection8 KB (1,034 words) - 14:13, 20 August 2021
- Article 91 GDPR (section (2) DPA supervision)itself, or the general DPA responsible for monitoring the application of the GDPR at the regional or national level. In both cases, all the conditions25 KB (2,482 words) - 10:04, 19 March 2024
- Spanish DPA regarding a controller established in the UK. The Spanish DPA was unable to settle a case after the British DPA, following Brexit, left the Internal17 KB (1,142 words) - 15:41, 28 April 2022
- Article 39 GDPR (section (2) Risk-based approach)and on the demonstration of compliance by the controller or the processor, especially as regards the identification of the risk related to the processing23 KB (2,165 words) - 15:10, 27 July 2023
- Article 55 GDPR (section (2) Exclusive competence regarding processing for compliance with a legal obligation or in the public interest)for the performance of the tasks assigned to and the exercise of the powers conferred on it in accordance with this Regulation on the territory of its35 KB (3,971 words) - 21:34, 1 April 2024
- Article 83 GDPR (section (3) Multiple infringements caused by the same or linked processing operations ("unity of action"))or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher: (a) the obligations55 KB (7,622 words) - 14:04, 7 November 2023
- according to § 2(3) LDSG and § 2(5) LDSG-JB. According to § 25(3) LDSG the LfDI is responsible for complaints against governmental institutions of Baden-Württemberg4 KB (275 words) - 11:13, 8 May 2022
- investigative powers of the competent DPA. The powers in question are provided for in Article 58(e) and (f) GDPR, under which the DPA can “obtain, from the controller18 KB (1,599 words) - 12:26, 29 April 2022
- Article 63 GDPR (section Any Other Matter of General Application or Producing Effects in different Member States)“either between the DPAs over the course of the one-stop-shop mechanism [...], or when a DPA disregards or fails to seek the opinion of the EDPB in those15 KB (851 words) - 06:55, 29 April 2022
- following the expiration of the second month referred to in paragraph 2 by a simple majority of the members of the Board. Where the members of the Board are33 KB (4,185 words) - 16:09, 2 November 2023
- Law, supplementing the GDPR) Regulation n.º 757/2020, of 10 September, on the organisation and functioning of of support services for the CNPD [1]. Regulation5 KB (531 words) - 13:25, 3 May 2023
- 14(1)(1)(6) BDSG the BfDI is responsible for complaints under Article 77 GDPR. The BfDI has to inform the complainant about the ongoing procedure and the results3 KB (297 words) - 14:49, 1 December 2020
- Article 21 GDPR (section Or processing concerns the establishment, excercise or defence of legal claims)reiterates the obligation on the data controller to inform about the existence of the right to object at the time of the first communication with the data subject49 KB (5,993 words) - 06:22, 16 June 2023
- Article 34 GDPR (section (2) Minimal requirements of the controller's communication to the data subject)that the enforcement of Article 34 GDPR is likely to be difficult as the controller is the entity making the assessment of the level of the risk. The reporting37 KB (3,962 words) - 15:20, 16 June 2023
- necessary by the Commissioner for the purposes of the investigation 4. Following the conclusion of the investigation, you will be informed of the outcome.4 KB (483 words) - 08:17, 12 July 2022
- Article 38 GDPR (section (2) Necessary resources)monitoring of the data subjects on a large scale, or where the core activities of the controller or the processor consist of processing on a large scale of special29 KB (2,951 words) - 14:19, 25 July 2023
- helps to clarify the scope of obligations placed on controllers and processors based outside of the EU. Where Article 3(2) GDPR applies, the controller or25 KB (2,418 words) - 14:11, 24 May 2023
- Authority for the German state of North Rhine-Westphalia. It is in charge of enforcing the GDPR in the private sector in the German state of North Rhine-Westphalia4 KB (372 words) - 10:45, 22 September 2021
- referenced in all documents. The individual employee decides on behalf of the Slovak DPA. The head of the Slovak DPA is the President of the Office for Personal9 KB (1,006 words) - 07:13, 7 July 2021
- relevant to this issue is the case-law of the European Court of Human Rights (ECtHR) on the interpretation of the provisions of the European Convention on33 KB (3,748 words) - 14:25, 7 November 2023
- such a manner that the processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject. The controller must72 KB (9,140 words) - 13:12, 2 June 2023
- related to the spelling of the name cannot be considered insignificant because they impact the primary identifier of the data subject in the realm of automated23 KB (2,489 words) - 23:24, 6 March 2024
- Article 49 GDPR (section (b) Necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request)consideration to the nature of the personal data, the purpose and duration of the proposed processing operation or operations, as well as the situation in the country29 KB (3,500 words) - 08:54, 27 March 2023
- Article 57 GDPR (section (m) Encourage the drawing up of codes of conduct and regulate the use of codes of conduct)indicate the supervisory authority which has issued the measure, the date of issue of the measure, bear the signature of the head, or a member of the supervisory60 KB (7,796 words) - 20:12, 1 April 2024