Search results
From GDPRhub
- non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the41 KB (5,197 words) - 12:17, 17 April 2024
- Article 30 GDPR (category GDPR Articles) (section (1) Record of processing activities by the controller)requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 24 GDPR (category Article 24 GDPR) (section (1) Appropriate technical and organisational measures)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)limited to, security of processing (Article 32(1) GDPR) and the general principles of processing set out in Article 5 GDPR. In confirming the above interpretation20 KB (1,854 words) - 16:32, 8 March 2024
- specific rules. Article 82 GDPR introduces a right to compensation for damage caused as a result of an infringement of the GDPR. Article 82(1) contains the33 KB (4,215 words) - 09:57, 19 March 2024
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 32(1) GDPR)Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and 35, para. 1. Below48 KB (7,442 words) - 10:24, 12 September 2022
- CNIL (France) - SAN-2019-005 (category Article 32(1) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- ANSPDCP (Romania) - Fine against Telekom Romania mobile communications S.A. 2 (category Article 32(1) GDPR)to the data. The infringement of Article 32 of the GDPR led to a €10,000 fine (RON 48,748). The infringement of Article 3 of Law 506/2004 led to a fine7 KB (900 words) - 15:18, 13 December 2023
- CJEU - C-667/21 - Krankenversicherung Nordrhein (category Article 32(1) GDPR)least one of the conditions set out in Article 6(1) GDPR? On the topic of non-material damages 4) Does Article 82(1) GDPR have a specific or general preventive14 KB (1,916 words) - 16:03, 2 February 2024
- required under the GDPR (e.g. from a security perspective under Article 32 GDPR or as a means of data minimisation under Article 5(1)(c) GDPR) can get confused125 KB (16,328 words) - 16:01, 8 March 2024
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)pursuant to article 32(1) of the GDPR. The AP disagrees. The conclusion of the AP that OLVG does not comply with article 32(1) of the GDPR by not meeting67 KB (11,415 words) - 17:15, 12 December 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 32(1)(b) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- AEPD (Spain) - EXP202201721 (category Article 32(1) GDPR)violated Article 6 and Article 32 GDPR. The DPA seems to consider the authentication procedure itself as "processing" and therefore Article 32 GDPR applies79 KB (12,408 words) - 13:24, 13 December 2023
- Datatilsynet (Denmark) - 2021-442-12980 (category Article 32(1) GDPR)In an Article 60 GDPR procedure, the Danish DPA reprimanded Danske bank for a violation of Article 32(1) GDPR. A technical error resulted in the unauthorised10 KB (1,214 words) - 11:39, 22 March 2024
- ANSDPCP (Romania) - Fan Courrier Express SRL (category Article 32(1) GDPR)fined € 11.000 Fan Courrier Express SRL for violations of f Article 32 paragraphs (1) and (2) GDPR. The controller Fan Courrier Express SRL was sanctioned3 KB (197 words) - 15:10, 13 December 2023
- AEPD (Spain) - PS/00064/2021 (category Article 32(1) GDPR)constituted a data breach and were therefore a violation of Article 32(1), and additionally Article 5(1)(f) for violating the confidentiality principle. The AEPD2 KB (174 words) - 13:55, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4022/171/22 (category Article 32(1) GDPR)Finnish DPA found a healthcare provider to have breached Article 32(1) GDPR and Article 32(2) GDPR for not implementing appropriate technical and organisational14 KB (1,978 words) - 16:09, 21 February 2024
- AZOP (Croatia) - Decision 22-02-2021 (category Article 32(1)(b) GDPR)Jurisdiction: Croatia Relevant Law: Article 32(1)(b) GDPR Article 32(1)(d) GDPR Article 32(2) GDPR Article 32(4) GDPR Type: Complaint Outcome: Upheld Started:2 KB (197 words) - 15:52, 30 October 2023
- ANSPDCP (Romania) - Fine to DADA CREATION S.R.L. (category Article 32(1) GDPR)level of security appropriate to the risk of processing according to Article 32(1) GDPR? The ANSPDCP found that the controller did not implement adequate5 KB (547 words) - 15:18, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.008.029 (category Article 32(1) GDPR)Commissioner held that CYTA violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures3 KB (193 words) - 16:52, 6 December 2023
- ANSPDCP (Romania) - Banca Comercială Română S.A. (category Article 32(1) GDPR)regarding the security of processing, respectively art. 32 para. (4) in conjunction with art. 32 para. (1) and para. (2) of the General Data Protection Regulation4 KB (422 words) - 15:16, 13 December 2023
- Datatilsynet (Norway) - 20/02137 (category Article 32(1) GDPR)Norge violated Article 33 GDPR by failing to notify the Datatilsynet of the data breach? Had Telenor Norge violated Article 32(1) GDPR by failing to implement5 KB (684 words) - 08:06, 7 May 2022
- ANSPDCP (Romania) - Sanatatea Press Group S.R.L. (category Article 32(1) GDPR)that the controller had breached its obligations under Articles 5(1)(f), as well as 32(1) and (2). As a consequence, the ANSPDCP issued an administrative4 KB (422 words) - 15:20, 13 December 2023
- Datatilsynet (Denmark) - 2021-431-0138 (category Article 32(1) GDPR)there was a personal data breach pursuant to Article 4(12) GDPR. Moreover, it stated that Article 32(1) GDPR obliges controllers to take appropriate technical16 KB (2,496 words) - 15:23, 24 March 2022
- Commissioner (Cyprus) - 11.17.001.007.251 (category Article 32(1)(b) GDPR)reason, claimed that she shall receive the medical report under the veil of GDPR. The Cypriot Office of the Commissioner for Personal Data Protection disagreed4 KB (448 words) - 16:52, 6 December 2023
- AZOP (Croatia) - Decision 08-03-2022 (supermarket chain) (category Article 32(1)(b) GDPR)concluded that the controller violated Article 32(1)(b), Article 32(1)(d), Article 32(2), and Article 32(4) GDPR. Therefore, the DPA decided to impose a6 KB (730 words) - 15:49, 30 October 2023
- DPC - Health Service Executive (IN-19-9-2) (category Article 32(1) GDPR)garden. The decision found that the HSE infringed Articles 5(1)(f) and 32(1) of the GDPR by failing to implement appropriate technical and organisational3 KB (240 words) - 09:18, 3 March 2021
- Datatilsynet (Denmark) - 2021-442-12425 (category Article 32(1) GDPR)in accordance with the rules in the Data Protection Regulation [1], Article 32 (1). 1. Below is a more detailed review of the case and a justification15 KB (2,304 words) - 15:24, 24 March 2022
- AZOP (Croatia) - Decision 05-07-2021 (category Article 32(1)(b) GDPR)activities further violated Article 32(1)(b) and (d) GDPR. Accordingly, the DPA, in accordance with its powers under Article 58 (2) GDPR, imposed an administrative5 KB (599 words) - 15:38, 30 October 2023
- ANSDPCP (Romania) - Raiffeisen Bank S.A. and Vreau Credit S.R.L. (category Article 32(1) GDPR)provisions of Article 32 paragraph (4) in conjunction with Article 32 paragraph (1) and paragraph (2) of the GDPR, as well as of Article 33 paragraph (1) of the5 KB (568 words) - 15:10, 13 December 2023
- Commissioner (Cyprus) - Α/Π 68/2017 (category Article 32(1)(d) GDPR)that Cyprus Police was responsible for a violation of Article 32 par.1(b) & (d) and par.(4) GDPR, as a result of the acts and/or omissions of the Police6 KB (649 words) - 16:51, 6 December 2023
- ANSPDCP (Romania) - Fine against Proleasing Motors SRL (category Article 32(1) GDPR)Romanian DPA (ANSPDCP) fined leasing company €15,000 for violation of Article 32(1) and (2) GDPR after investigating a data breach reported by the company, where6 KB (732 words) - 15:17, 13 December 2023
- AEPD (Spain) - E/03003/2020 (category Article 32(1) GDPR)this data breach a violation of Article 32(1) GDPR? The AEPD concluded that there was no violation of Article 32(1) GDPR, because the company had implemented21 KB (3,039 words) - 13:39, 13 December 2023
- AZOP (Croatia) - Decision 21-07-2022 (A1 telecommunications) (category Article 32(1)(b) GDPR)€283,000). It held that the controller violated Articles 25(1), 32(1)(b), 32(1)(d) and 32(2) GDPR by not taking appropriate technical and organizational security7 KB (855 words) - 15:30, 30 October 2023
- ANSPDCP (Romania) - Fine against Banca Transilvania SA (category Article 32(1) GDPR)violated Article 5(1)(f) GDPR and proved the ineffectivness of the controller's employee compliance training, in violation of Article 32 GDPR. The DPA7 KB (845 words) - 15:17, 13 December 2023
- VDAI - VDAI vs VĮ Registrų centras (category Article 32(1)(b) GDPR)SE Register Center 15 thousand. A fine of EUR 1 million was imposed for infringements of Article 32 (1) (b) and (c) of the BDAR, ie failure to ensure8 KB (999 words) - 09:16, 17 November 2023
- IMY (Sweden) - DI-2021-4355 (category Article 32(1) GDPR)6 November 2020, has processed personal data in violation of Article 32(1) 1 of the GDPR by sending sensitive personal data to the complainant in an e-mail28 KB (3,101 words) - 09:49, 7 June 2023
- AEPD (Spain) - PS/00054/2021 (category Article 32(1) GDPR)infringement of article 32.1 of the RGPD, typified in article 83.4.a) of the RGPD, a fine of € 3,000 (three thousand euros), in accordance with article 73.g) of27 KB (3,993 words) - 13:52, 13 December 2023
- AP (The Netherlands) - 19.01.2023 (category Article 32(1) GDPR)assessed if it ensured an appropriate level of security under Articles 32(1) and 32(2) GDPR. The DPA held that the controller did not make a proper risk assessment10 KB (1,351 words) - 17:05, 12 December 2023
- VDAI (Lithuania) - VDAI vs UAB Prime Leasing (category Article 32(1)(a) GDPR)data. Hence, it considered Article 32(1)(a), Article 32(1)(b), Article 32(1)(d) GDPR to be breached. Pursuant to Article 82(2) GDPR, the DPA took several aggravating37 KB (4,319 words) - 09:20, 17 November 2023
- AZOP (Croatia) - Decision 04-05-2023 (category Article 32(1) GDPR)organizational measures when processing personal data, as requested by Article 32(1)(b) and (d) GDPR. This implied a risk for the security of the personal data of12 KB (1,626 words) - 15:22, 30 October 2023
- ANSPDCP (Romania) - Fina against NN Pensii Societate de Administrare a unui Fond de Pensii Administrat Privat S.A. and NN Asigurări de Viață S.A. (category Article 32(1)(b) GDPR)implement sufficient security measures, in breach of Articles 32 (1) b), d) and 32 (2) GDPR. NN Pensii Societate de Administrare a unui Fond de Pensii Administrat8 KB (1,064 words) - 08:35, 31 May 2023
- AZOP (Croatia) - Decision 26-09-2023 (category Article 32(1) GDPR)accomodation via its web form and via e-mail, acting contrary to Article 13(1) GDPR and Article 13(2) GDPR. Further, the AZOP held that the controller failed to adopt12 KB (1,634 words) - 17:02, 6 November 2023
- IMY (Sweden) - DI-2019-9457 (category Article 32(1) GDPR)administrative bodies, researchers and physicians in violation of Article 32(1) GDPR. Uppsala regional authorities notified the Swedish DPA (Integritetsskyddsmyndigheten43 KB (4,600 words) - 17:08, 23 March 2022
- AEPD (Spain) - PS/00464/2020 (category Article 32(1) GDPR)data is regulated in articles 32, 33 and 34 of the GDPR. Article 32 of the RGPD "Security of treatment", establishes that: "1. Taking into account the state29 KB (4,300 words) - 14:41, 13 December 2023
- LG München - 31 O 16606/20 (category Article 32(1) GDPR)subject pursuant to Article 82(1) GDPR, for a theft of their personal identity and financial data, because it violated Article 32(1) GDPR which led to a data25 KB (4,028 words) - 07:10, 8 February 2022
- CJEU - C‑340/21 - Natsionalna agentsia za prihodite (category Article 32 GDPR)judicial remedy against the controller under Article 79(1) GDPR. Having said that, Article 32(1) and (2) GDPR make it clear that national courts must assess13 KB (1,963 words) - 11:04, 5 January 2024
- Datatilsynet (Denmark) - 2019-431-0044 (category Article 32(1) GDPR)personal data did not comply with the rules of Article 5 (1) of the Data Protection Regulation. 1 (f) and Article 32 (1) of the Data Protection Regulation. First16 KB (2,399 words) - 16:34, 6 December 2023
- AEPD (Spain) - E/07796/2020 (category Article 32(1) GDPR)certain level of security. Therefore, they did not find a violation of Article 32(1) and decided not to fine the controller. Share your comments here! Share18 KB (2,698 words) - 13:41, 13 December 2023
- AEPD (Spain) - PS/00104/2020 (category Article 32(1) GDPR)violation of articles 5.1.f, of the RGPD -as set out in Article 83(5)(a) of the said regulation and 5(1)(f) in relation to Article 32(1)(b) and (c) - specified36 KB (6,022 words) - 13:59, 13 December 2023