Search results

From GDPRhub
  • not an easy task. The European Union does not have a comprehensive regulation of contracts, meaning that certain contractual flaws may bring to an invalid
    74 KB (11,679 words) - 08:08, 25 April 2022
  • not relate to an identifiable person. The GDPR imposes an active duty on the controller to delete data. The controller may not wait for an action by the
    38 KB (4,482 words) - 06:36, 25 April 2022
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors
    125 KB (22,296 words) - 10:24, 8 March 2022
  • (abbreviated "AEPD") is the national Data Protection Authority for Spain. The AEPD is an independent public body in charge of enforcing the GDPR in Spain. Its head
    4 KB (386 words) - 15:29, 3 September 2021
  • Adherence to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element
    22 KB (2,525 words) - 10:51, 27 April 2022
  • protection audits. An audit is commonly understood to be a comprehensive qualitative examination of the effectiveness of procedures within an organization or
    32 KB (3,311 words) - 06:29, 29 April 2022
  • information is provided by the controllers in the form of an annex to a contract, a hard-copy document or an online data protection notice, commonly referred to
    57 KB (7,481 words) - 11:58, 25 April 2022
  • it should be understandable by an average member of the intended audience. An accountable data controller will have an understanding of the people that
    40 KB (5,845 words) - 08:55, 26 April 2022
  • infringement. Where administrative fines are imposed on an undertaking, an undertaking should be understood to be an undertaking in accordance with Articles 101 and
    53 KB (7,469 words) - 11:19, 29 April 2022
  • data subject. 2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed
    42 KB (4,948 words) - 12:47, 25 April 2022
  • exception, an erasure of opinions should be excluded. However, the distinction between personal data and opinion can be difficult where an opinion is based
    41 KB (5,300 words) - 13:15, 25 April 2022
  • as it is necessary to have an account too in order to access that data. Additionally, the app gives you the option of using an anonymous profile, and the
    44 KB (5,841 words) - 08:52, 26 April 2022
  • processor to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element
    40 KB (4,431 words) - 10:33, 27 April 2022
  • intervention to an indefinite number of natural persons. 3. An approved certification mechanism pursuant to Article 42 may be used as an element to demonstrate
    35 KB (3,532 words) - 16:17, 25 April 2022
  • matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a declaration which constitutes an infringement
    26 KB (2,804 words) - 08:32, 25 April 2022
  • proportionality plays an important role in determining whether a measure is appropriate. Thus, the cost-effectiveness of a measure can play an important part
    24 KB (2,743 words) - 15:46, 25 April 2022
  • third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred
    33 KB (3,632 words) - 08:54, 26 April 2022
  • the controller; (b) an assessment of the necessity and proportionality of the processing operations in relation to the purposes; (c) an assessment of the
    35 KB (4,641 words) - 10:33, 28 April 2022
  • or without authorisation; an “integrity breach”, where personal data is altered accidentally or without authorisation; or an “availability breach”, where
    37 KB (3,971 words) - 09:45, 28 April 2022
  • "compelling legitimate grounds" in order to refuse an objection to processing. As such, the threshold for refusing an objection is lower. The extent to which a
    32 KB (3,507 words) - 14:44, 25 April 2022
  • not foresee an exception for “minimal violations” and there is no opening clause that would allow national law or case law to create such an exception.
    39 KB (4,713 words) - 09:41, 29 April 2022
  • subject within the meaning of Article 4(1) GDPR, i.e. an identified or identifiable natural person. As only an investigation of the facts can determine if the
    24 KB (2,231 words) - 08:46, 29 April 2022
  • obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing
    23 KB (2,295 words) - 10:40, 27 April 2022
  • Recital 86 GDPR, which provides an example of a scenario where the timeliness condition will be different: “the need to mitigate an immediate risk of damage would
    30 KB (3,007 words) - 10:12, 28 April 2022
  • the transfer of personal data to a third country or an international organisation in the absence of an adequacy decision and always 'on condition that enforceable
    32 KB (3,537 words) - 15:09, 28 April 2022
  • Article 79 - Right to an effective judicial remedy against a controller or processor 1.  Without prejudice to any available administrative or non-judicial
    24 KB (2,471 words) - 09:17, 29 April 2022
  • public authority; (i) monitor relevant developments, insofar as they have an impact on the protection of personal data, in particular the development of
    28 KB (2,450 words) - 06:15, 29 April 2022
  • 2018 a party can appeal to the Tribunal for: a) an information notice, b) an assessment notice, c) an enforcement notice, d) a penalty notice and a e)
    18 KB (2,488 words) - 15:22, 14 December 2021
  • of rights may apply, such as the preliminary results of an investigation, a decision opening an inquiry, etc.” Moreover, if special categories of personal
    44 KB (4,909 words) - 15:31, 25 April 2022
  • Article 45 - Transfers on the basis of an adequacy decision 1. A transfer of personal data to a third country or an international organisation may take place
    43 KB (5,641 words) - 14:58, 28 April 2022
  • the Commission with an opinion on the certification requirements referred to in Article 43(8); (r) provide the Commission with an opinion on the icons
    27 KB (2,926 words) - 08:16, 29 April 2022
  • paragraphs 1 and 2, the Board shall issue an opinion on the matter submitted to it provided that it has not already issued an opinion on the same matter. That opinion
    23 KB (2,079 words) - 07:07, 29 April 2022
  • designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society
    31 KB (4,634 words) - 14:36, 25 April 2022
  • in charge of enforcing GDPR in Belgium. The DPA consists of five bodies and an Executive Committee. The Executive Committee is composed of Director of the
    9 KB (993 words) - 14:19, 21 January 2022
  • members who are elected by Parliament for a seven-year term. The authority has an office in Rome with a staff currently numbering about 125 people. The Panel
    7 KB (808 words) - 11:38, 12 May 2022
  • GDPR, any CSA can submit an “objection to a draft decision” which must be “relevant and reasoned” and focuses on “whether there is an infringement of this
    31 KB (3,544 words) - 06:37, 29 April 2022
  • a third country or an international organisation. Member States should notify such provisions to the Commission. Any transfer to an international humanitarian
    29 KB (3,517 words) - 15:35, 28 April 2022
  • Decisions of the EDPB and Right to an Effective Judicial Remedy Any natural or legal person has the right to bring an action for annulment of decisions
    24 KB (2,968 words) - 09:07, 29 April 2022
  • request an urgent opinion or an urgent binding decision from the EDPB where a CSA has not taken an appropriate measure in a situation where there is an urgent
    20 KB (1,590 words) - 07:37, 29 April 2022
  • officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner. Article
    28 KB (2,787 words) - 11:17, 28 April 2022
  • Recital 22: Processing Activities by an Establishment Any processing of personal data in the context of the activities of an establishment of a controller or
    31 KB (3,775 words) - 09:34, 22 April 2022
  • particular whether there is an infringement of this Regulation. Recital 143: Action for Annulment of Decisions of the EDPB and Right to an Effective Judicial Remedy
    33 KB (4,161 words) - 07:26, 29 April 2022
  • the body, including whether it is an internal or external one. For example,  an internal body could be in the form of an “ad hoc internal committee”, or
    30 KB (2,736 words) - 14:09, 28 April 2022
  • data can be transferred to a third country or an international organisation without the existence of an adequate level of protection or the implementation
    21 KB (1,793 words) - 14:41, 28 April 2022
  • in Oslo and is in charge of enforcing the GDPR in Norway. Datatilsynet is an independent body established in 1980, through the Act No. 48 of 9 June 1978
    9 KB (1,048 words) - 14:10, 4 February 2022
  • this Article which intend to prepare a code of conduct or to amend or extend an existing code shall submit the draft code, amendment or extension to the supervisory
    43 KB (4,898 words) - 12:31, 28 April 2022
  • the Administrative Court. An individual can report a breach of the GDPR to the Information Commissioner, which then conducts an ex-officio inspection procedure
    8 KB (892 words) - 23:32, 22 February 2022
  • connection, “an activity cannot be regarded as being purely personal or domestic where its purpose is to make the data collected accessible to an unrestricted
    28 KB (3,764 words) - 06:12, 25 April 2022
  • protection of personal data. It was first established in 1997 and its role as an independent guardian of the protection of personal data in Greece is constitutionally
    10 KB (1,322 words) - 10:12, 11 April 2021
  • The Danish Data Protection Authority (Datatilsynet) is the national Data Protection Authority for Denmark. It resides in Copenhagen and is in charge of
    6 KB (605 words) - 14:08, 27 April 2021

View (previous 50 | next 50) (20 | 50 | 100 | 250 | 500)