Search results

91/1, 91 / 1-1, 91/2. ZP-1 Article 2, 2/2, 136, 136/1, 136 / 1-1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

here). More precise, Article 13(1)(e) GDPR, Article 14(1)(e) GDPR, Article 15(1)(c) GDPR. Klabunde, in Ehmann, Selmayr, DS-GVO, Article 4 GDPR, margin number

principles in Article 5 of Convention 108 from 1981. Following this tradition, Article 5 GDPR is also largely consistent with Article 6(1) of the previous

assess a possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member

requirements from Article 9(2) and Article 9 (3) GDPR, but will also require an additional concomitant legal basis contained in Article 6(1) GDPR. However

proportionality, enshrined in EU primary law in Article 5(4) TEU and Article 52(1)(2) CFR, is also reflected in Article 83(1) GDPR. In general, a measure is proportionate

make contact with him' (BVerwG, NJW 2006, 3367ff.)”. Article 1(1) in conjunction with Article 2(1) Directive (EU) 2016/680 of the European Parliament and

purpose(s) (Article 5(1)(b)); lawfulness of processing (Article 6); adequate, relevant and limited to what is necessary data (Article 5(1)(c)); limited

and controllers. If Article 28 GDPR did not intend any privilege, the rules of Article 28 GDPR, and in particular of Article 28(10) GDPR, would be superfluous

individual rights. These criteria have the same meaning as in Article 24(1) and Article 32(1). The "nature" of the processing consists of its “the inherent

dispute resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also

Commentary, Article 10 GDPR, p. 388 (Oxford University Press, Oxford, 2020). Schiff, in Ehmann, Selmayr, Datenschutz-Grundverordnung, Article 10 GDPR, margin

the reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate

further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the

91/1, 91 / 1-1, 91/2. ZP-1 Article 2, 2/2, 136, 136/1, 136 / 1-1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

protection of personal data in Greece is constitutionally established in Article 9A of the Greek Constitution. You can help us filling this section! As an

to access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or

draw up. Indeed, the wording of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct

GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article 27(5)

remedies. CJEU: The CJEU has clarified in C-132/21 that "Article 77(1), Article 78(1) and Article 79(1) of Regulation (EU) 2016/679 [...] must be interpreted

(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)

surveillance cameras, it was therefore in breach of Article 37(1)(b) GDPR by not having a DPO. Article 37(1) GDPR specifies three conditions in which the designation

the elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR

requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller

May 2020 (Version 1.1), p. 10 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), p. 12 (available

is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning

Category:Article 75 GDPR Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 1 (C.H. Beck 2020, 3rd edition). Case C-614/10, Commission

Category:Article 31 GDPR Hartung, in Kühling, Buchner, DS-GVO BDSG, Article 31 GDPR, margin numbers 1-4 (Beck 2020, 3rd edition). For instance, Article 58(1)(f)

number 99. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1075. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1074. For example

material or non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and

specific rules. Article 82 GDPR introduces a right to compensation for damage caused as a result of an infringement of the GDPR. Article 82(1) contains the

defined by Article 4(2) GDPR), because Article 81(1) GDPR explicitly refers to 'processing by the same controller or processor'. As a result, the Article does

adoption of a final decision that can be challenged under Article 78(1) GDPR. Again, Article 57(1)(f) GDPR is instructive regarding the SA's obligation "[to

concerning the interpretation of Article 28(1) of Directive 95/46/EC ("DPD"), the Regulation's predecessor. Article 28(1) DPD established the existence of

cases (Article 4(23) GDPR), several supervisory authorities (SA) could be competent according to Article 55 GDPR. For this reason, Article 56(1) GDPR establishes

relationship between the GDPR and the EPD is to be found in Recital 10 and Article 1(2) EPD. Article 1(2) EPD provides that the EPD's provisions serve to "particularise

only bring proceedings under Article 79(1) GDPR in limited circumstances of substantive violations. Instead, Article 79(1) GDPR should be read as excluding

Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides

information in the course of an investigation, in accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts

paragraph of Article 80 GDPR establishes several cumulative conditions for entities to qualify as NPOs. For the purposes of Article 80(1) GDPR must be

design, Article 35(2) explicitly states that the controller must "seek advice" from the DPO when undertaking a DPIA. Additionally, Article 39(1)(c) assigns

two deputy chairs under Article 73(1) GDPR. In the case of the latter provision, the wording of which differs from Article 72(1) GDPR, has lead to the view

of documents within the cooperation and the consistency mechanisms”. Article 10 11(1) of the EDPB RoP require the competent SA to send the relevant documents

definition of the notion of religion in general. For instance, under Article 10(1)(b) of Directive 2011/95/EU, “[t]he concept of religion shall in particular

access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)

the parties concerned before the civil court (Article 152 of the Code, which makes a reference to Article 10, D.lgs. 150/11). For most data protection claims

Article 99 - Entry into force and application 1. This Regulation shall enter into force on the twentieth day following that of its publication in the Official

the relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically

on the basis of (i) its legitimate interest (Article 6(1)(f) GDPR) or (ii) the public interest (Article 6(1)(e) GDPR). Hence, data subjects may find themselves

on categories of data listed under Article 9(1) GDPR. There have been conflicting arguments as to whether Article 22(1) GDPR lays down a right or a general