Search results
From GDPRhub
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor should72 KB (9,140 words) - 13:12, 2 June 2023
- Article 33 GDPR (category GDPR Articles) (section (3) Minimal requirements of the controller's notification.)respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences54 KB (6,536 words) - 08:22, 16 June 2023
- Article 34 GDPR (category GDPR Articles) (section (3) Exemptions from the obligation to communicate to the data subject)not directly mentioned by Article 33(3)(b)-(d) GDPR could be shared as additional information by the controller Article 34(3) GDPR lists three exemptions37 KB (3,962 words) - 15:20, 16 June 2023
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 32 GDPR (category GDPR Articles) (section (3) Codes of conduct and certification mechanisms)DS-GVO BDSG, Article 32 GDPR, margin number 28 (C.H. Beck 2020, 3rd Edition). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- (see Article 52 GDPR) and shall be provided with various competencies (Articles 55, 56 GDPR), tasks (Article 57 GDPR) and powers (Article 58 GDPR). For125 KB (16,328 words) - 16:01, 8 March 2024
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- HDPA (Greece) - 52/2021 (category Article 28(3) GDPR)under Article 32(2), Article 32(4) GDPR and Article 28(3) GDPR, and also issued a reprimand against the controller for a breach of Article 28(3) GDPR. Seventeen8 KB (861 words) - 10:00, 22 December 2021
- AZOP (Croatia) - Decision 04-05-2023 (category Article 28(3) GDPR)with its transparency obligation. (2) Contrary to the provisions of Article 28(3) GDPR, the controller did not have a processing agreement with the processor12 KB (1,626 words) - 15:22, 30 October 2023
- AEPD (Spain) - TD/00044/2021 (category Article 28(3) GDPR)the DPA launched a proceeding. The AEPD determined that, according to Article 28(3)(e), the processor has the obligation to assist the controller in the22 KB (3,465 words) - 13:30, 13 December 2023
- HDPA (Greece) - 47/2022 (category Article 28(3) GDPR)data subject (Article 26 GDPR). The processing by the processor must, in accordance with the provisions of article 28 paragraph 3 of the GDPR, be governed25 KB (3,943 words) - 14:32, 28 September 2022
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 28(3) GDPR)obligations under Article 28 of the GDPR and the responsibilities arising from failure to comply with them. In fact, on the one hand, Article 28, paragraph 149 KB (7,758 words) - 15:44, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9524175 (category Article 28(3) GDPR)as by Article 28(2) and (3) The obligation to adopt technical and organizational measures to ensure the security of the processing as by Article 32. The20 KB (3,133 words) - 15:53, 6 December 2023
- AEPD (Spain) - PS/00280/2022 (category Article 28(3) GDPR)subjects and the obligations and rights of the controller'), as per Article 28(3) GDPR, was lacking. Additionally, the DPA highlighted that such contract30 KB (4,551 words) - 11:51, 9 February 2023
- APD/GBA (Belgium) - 22/2020 (category Article 28(3) GDPR)Those measures shall be reviewed and, where necessary, updated. Article 28.3 AVG "3. The processing by a processor shall be governed by a contract or35 KB (5,526 words) - 16:56, 12 December 2023
- Council of State - 251.378 (category Article 28(3) GDPR)ruling and the GDPR; breach of Article 28 GDPR (the choice of a the processor does not provide sufficient guarantees); breach of Article 32 GDPR (lack of appropriate40 KB (6,324 words) - 15:34, 1 September 2021
- AEPD (Spain) - EXP202208230 (category Article 28(3) GDPR)violation of article 28.2 typified in Article 83.4 a) GDPR. SIXTY THOUSAND EUROS (€60,000) for alleged violation of article 28.3 typified in Article 83.4 a)45 KB (6,904 words) - 13:12, 13 December 2023
- Datatilsynet (Denmark) - 2020-432-0037 (category Article 28(3) GDPR)of Article 32(1) GDPR due to the scope of the data mishandling and the sensitivity of the subject. Moreover, the Family Court violated Article 28(3) with46 KB (7,343 words) - 16:39, 6 December 2023
- Datatilsynet (Denmark) - 2019-431-0048 (category Article 28(3)(f) GDPR)reactivated according to plan. It follows from Article 28 (1) of the Data Protection Regulation Article 3 (3) (f) requires the data controller to assist the18 KB (2,633 words) - 16:36, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 28(3)(a) GDPR)reviewe the security of the data processed by the processor under Article 28(3)(a) and (h) GDPR. For these reasons, the responsibility of the security incident50 KB (8,001 words) - 15:52, 6 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 4) (category Article 28(3)(a) GDPR)processor, see Article 28(3)(a) GDPR. Document that all transfers of personal data to insecure third countries, are in line with the GDPR. Describe all25 KB (3,660 words) - 08:42, 14 September 2022
- CNIL (France) - SAN-2021-020 (redirect from CNIL (France) - Délibération SAN-2021-020 du 28 décembre 2021) (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- Persónuvernd (Iceland) - 2020061954 (category Article 28(3) GDPR)Hospital was incomplete with regards to several requirements set in Article 28(3) GDPR, and notably points b, c, e, f, g and h. For example, the processing88 KB (14,189 words) - 09:58, 7 December 2021
- UODO (Poland) - DKN.5130.2024.2020 (category Article 28(3) GDPR)art. 24 sec. 1, art. 25 sec. 1, art. 28 sec. 1 and 3 and article. 32 sec. 1 and 2, as well as art. 83 sec. 1 - 3, art. 83 sec. 4 lit. a) and art. 83 sec75 KB (12,104 words) - 09:58, 17 November 2023
- UODO (Poland) - DKN.5131.31.2021 (category Article 28(3) GDPR)violated Article 33(1) GDPR by failing to inform the DPA of the data breach. Second, the DPA held that the controller violated Article 28(1), (3) and (9)105 KB (17,237 words) - 09:22, 10 May 2023
- Persónuvernd (Island) - 2022020363 (category Article 28(3) GDPR)and thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing142 KB (22,881 words) - 12:42, 16 January 2024
- AEPD (Spain) - PS/00315/2020 (category Article 28(3)(g) GDPR)CIF A76539030, for a violation of article 28.3.g) of the RGPD, in accordance with article 83.4 b) of the RGPD, and article 74.k) of the LOPDGDD, with the62 KB (10,401 words) - 14:35, 21 November 2023
- UODO (Poland) - DKN.5130.1354.2020 (category Article 28(3)(h) GDPR)expressed in Article 5 (1 ) (a)) f, and reflected in the obligations set out in Article 24 (1), Article 25 (1), Article 32 (1 ) (b ) and (d) and Article 32 (2)74 KB (11,513 words) - 09:58, 17 November 2023
- APD/GBA (Belgium) - 04/2021 (category Article 28 GDPR)the GDPR. According to the defendant, this partner is thus not processor within the meaning of Article 4 (8) GDPR. Consequently, Article 28 (3) GDPR does113 KB (18,732 words) - 16:50, 12 December 2023
- CNIL (France) - SAN-2023-003 (category Article 28(3) GDPR)found a violation of Articles 5(1)(c) and 28(3) GDPR and imposed a fine of €100,000. For the violation of Article 82 of the Data Protection Act it imposed8 KB (971 words) - 07:54, 5 April 2023
- APD/GBA (Belgium) - 137/2023 (category Article 28(3) GDPR)reprimanded for breach of Article 28(3) GDPR, and the municipality was reprimanded for violations of Article 14 GDPR and Article 12(1) GDPR for failure to take52 KB (7,789 words) - 11:38, 11 October 2023
- Tietosuojavaltuutetun toimisto (Finland) - 2889/161/21 (category Article 28(3) GDPR)agreement under Article 28 (3) of the general data protection regulation, so the agreement cannot be considered as an agreement under Article 28 (3) of the general40 KB (6,315 words) - 11:13, 22 September 2021
- APD/GBA (Belgium) - 154/2023 (category Article 5(1)(b) GDPR)designated; Decision 154/2023 - 3/7 is obliged to rely on a processor who complies with the provisions of the GDPR (Article 28.1 GDPR) and concludes an agreement21 KB (3,034 words) - 15:30, 26 January 2024
- Tietosuojavaltuutetun toimisto (Finland) - 7099/183/2018 (category Article 28(3) GDPR)provider cannot be considered a processor as per Article 4(7) GDPR, Article 4(8) GDPR, and Article 28(3) GDPR. Therefore, the service provider acted as a data34 KB (5,367 words) - 08:14, 18 May 2022
- NAIH (Hungary) - NAIH-3561-4/2022 (category Article 28(3)(a) GDPR)45, and 46 GDPR the Controller based this transfer on, and whether the applicable Google terms of service complied with Article 28(3)(a) GDPR. Additionally13 KB (1,677 words) - 09:39, 14 November 2022
- Rb. Rotterdam - C/10/655051 KG ZA 23-243 (category Article 28(3) GDPR)(hereinafter: GDPR). 3.4. In March 2018, Blauw and Nebu concluded a processing agreement as referred to in Article 28 paragraph 3 of the GDPR, called the33 KB (5,443 words) - 06:20, 26 April 2023
- Datatilsynet (Denmark) - 2021-432-0056 (category Article 28(3)(a) GDPR)processor, see Article 28(3)(a) GDPR. Document that all transfers of personal data to insecure third countries, are in line with the GDPR. Describe all16 KB (2,135 words) - 16:52, 14 September 2022
- UODO (Poland) - DKN.5131.29.2022 (category Article 28(3) GDPR)fulfill the requirements of Article 28 GDPR. The DPA concluded that the controller failed to comply with Article 28(1)(3) and (9) GDPR by not concluding a written48 KB (7,612 words) - 09:46, 25 April 2024
- Datatilsynet (Norway) - 20/01727 (category Article 28(3) GDPR)Violating Article 28(3) GDPR for not having a data processing agreement in place; Violating Article 32(2) GDPR, cf. Article 5(1)(f) GDPR and Article 5(2) GDPR53 KB (7,990 words) - 08:37, 6 October 2021
- AEPD (Spain) - PS/00151/2021 (category Article 28(3) GDPR)controller €5000 for the infringement of Article 28(3) GDPR. Besides that, AEPD fined the controller €2000 for infringing Article 22 of the Spanish Law implementing53 KB (8,628 words) - 15:44, 13 July 2022
- WSA Warsaw (Poland) - II SA/Wa 310/20 (category Article 28(3) GDPR)and accountability in connection with Article 28(1) GDPR, Article 28(3) GDPR, Article 28(10) GDPR and Article 29 GDPR, with regard to the processing of data56 KB (8,906 words) - 14:16, 20 September 2021
- CNIL (France) - SAN-2021-012 (category Article 28(3) GDPR)the obligation contained in Article 28 of the GDPR became applicable, contains the information provided for in this article 28. Consequently, the restricted55 KB (8,897 words) - 13:56, 21 November 2023
- CNIL (France) - SAN-2023-015 (category Article 28(3) GDPR)of Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 15 GDPR, Article 28 GDPR, Article 32 GDPR and Article 33 GDPR, as well as of Article L. 34-567 KB (10,546 words) - 13:55, 25 October 2023
- Garante per la protezione dei dati personali (Italy) - 9592011 (category Article 28(3)(g) GDPR)Pursuant to Article 58(2)(d) of the GDPR, the DPA ordered Associazione Rousseau to comply with the provisions of Article 28(3)(g) of the GDPR by ensuring40 KB (6,510 words) - 16:53, 26 May 2022
- Garante per la protezione dei dati personali (Italy) - 9768387 (category Article 28(3) GDPR)ISWEB violated Article 28(2) GDPR and Article 28(4) GDPR as a processor on behalf of the hospitals and Article 28(1) GDPR and Article 28(3) GDPR as controller99 KB (16,015 words) - 16:16, 1 June 2022
- APD/GBA (Belgium) - 149/2022 (category Article 28(3) GDPR)Violations of Article 5(1)(a) GDPR and Article 6(1) GDPR The DPA held that the controller did not violate Article 5(1)(a) GDPR and Article 6(1) GDPR. The DPA89 KB (13,017 words) - 15:07, 2 November 2022
- UODO (Poland) - DKN.5130.2215.2020 (category Article 28(3)(c) GDPR)right of control referred to in Article 28(3)(h) GDPR concerning PIKA's provision of the measures required under Article 32 GDPR. Only after a personal data110 KB (17,650 words) - 12:27, 29 April 2022
- AEPD (Spain) - PS/00322/2021 (category Article 28(3)(f) GDPR)000 for the breach of Article 6 GDPR, €100,000 for the breach of Article 17 GDPR and €100,000 for the breach of Article 28 GDPR). Share your comments here52 KB (8,192 words) - 20:47, 22 February 2022
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 28 GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023