Search results
From GDPRhub
- Article 5 GDPR (section (1) Principles)documentation, but Articles 5(2) or 30(1)(a) GDPR require documentation and Articles 6(1)(a), 13(1)(c) and 14(1)(c) GDPR require the disclosure of the specific51 KB (6,355 words) - 08:25, 18 April 2024
- Article 6 GDPR (section (1) Legal basis for processing)in Articles 9(1)(a), 22(2)(c) and 49(1)(a) GDPR. See the commentary on Article 9(1)(a) GDPR for explicit consent. Generally, consent must be given directly108 KB (17,005 words) - 15:39, 18 March 2024
- Article 15 GDPR (section (1) The Right of Access)further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- Article 13 should not be too long. Article 12 GDPR may be limited by Union or national Law in accordance with Article 23 GDPR. Article 12(1) GDPR requires controllers76 KB (11,304 words) - 08:37, 4 March 2024
- Article 58 GDPR (section (1) Investigative powers)it can be assumed that the SAs may be given additional powers, but that the existing powers may not be restricted. A contrary view cannot be derived from46 KB (5,825 words) - 11:12, 7 November 2023
- Article 4 GDPR (section (1) Personal data)(Nomos 2018). Recital 70 GDPR. Recital 71 sentence 1 GDPR. Recital 71 sentence 1 GDPR. Recital 28 sentence 1 GDPR, such as Hansen, in Simitis, Hornung, Spieker125 KB (16,328 words) - 16:01, 8 March 2024
- Article 13 GDPR (section (1) Information the controller shall provide at the time personal data is obtained)See the commentary on Article 5(1)(b) GDPR for more details. The legal basis must necessarily be found either in Article 6(1) GDPR or, where special categories71 KB (9,532 words) - 13:30, 6 March 2024
- non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the41 KB (5,197 words) - 12:17, 17 April 2024
- Article 17 GDPR (section (1) Right to erasure)of Article 21(1) GDPR. Therefore, for a claim for deletion to be admissible, all and only the conditions listed in Article 21(1) must be met. In particular61 KB (8,488 words) - 15:47, 18 March 2024
- Article 83 GDPR (section (1) Administrative fine)83(5) Var. 1 or (6) GDPR, as otherwise there could be a violation of ne bis in idem. First, it follows from this criterion that a fine may also be imposed55 KB (7,622 words) - 14:04, 7 November 2023
- Article 9 GDPR (section (1) General prohibition of processing of special categories of personal data)subsume the corresponding legal basis contained in Article 6(1)(a) GDPR, 6(1)(d) GDPR and 6(1)(e) GDPR respectively, and would require no additional correlation44 KB (5,905 words) - 14:00, 24 October 2023
- Article 6(1)(e) or (f) GDPR are clearly covered by Article 21(1) GDPR, mentioning profiling specifically is somewhat legally redundant. However, it can be seen49 KB (5,993 words) - 06:22, 16 June 2023
- Article 14 GDPR (section (1) Information the controller shall provide when personal data has not been obtained from the data subject)additional benefit of Article 14(1)(d) GDPR may be questionable, if one agrees that Article 14(1)(c) (see commentary on Article 13(1)(c) GDPR) already requires47 KB (5,644 words) - 17:49, 5 March 2024
- Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1) since they30 KB (3,458 words) - 10:31, 25 April 2024
- Article 25 GDPR (section (1) Data protection by design)paragraph (1). Although the measures should be implemented to ensure compliance with every data protection principle, and are therefore to be understood43 KB (4,675 words) - 06:43, 16 June 2023
- May 2020 (Version 1.1), pp. 7-8 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), pp. 8-9 (available31 KB (3,489 words) - 16:00, 8 March 2024
- Article 28 GDPR (section (1) Processor)their agreement must be the same as those of the SCCs. The SCCs will often leave some blank spaces to be filled in or options to be selected by the parties72 KB (9,140 words) - 13:12, 2 June 2023
- agreement on joint responsibility as required under Article 26(1) of the GDPR. Article 33(1) GDPR outlines that controllers (as defined above) have an obligation54 KB (6,536 words) - 08:22, 16 June 2023
- result of an infringement of the GDPR. Article 82(1) contains the conditions for such a claim, which are to be interpreted in accordance with EU law. Such conditions33 KB (4,215 words) - 09:57, 19 March 2024
- Article 35 GDPR (section (1) Mandatory DPIA)(DPO) must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the52 KB (7,297 words) - 08:05, 18 July 2023
- Article 57(1)(h) GDPR can also be initiated based on information that the SA obtained from another SA (e.g. in accordance with Article 60(1) GDPR and Article60 KB (7,796 words) - 20:12, 1 April 2024
- clarified in C-132/21 that "Article 77(1), Article 78(1) and Article 79(1) of Regulation (EU) 2016/679 [...] must be interpreted as permitting the remedies33 KB (3,641 words) - 09:51, 19 March 2024
- the supervisory authorities concerned shall be deemed to be in agreement with that draft decision and shall be bound by it. 7. The lead supervisory authority35 KB (4,017 words) - 16:04, 18 March 2024
- version=1.0 https://www.garanteprivacy.it/documents/10160/0/Bilancio+di+previsione+2019+-+Sintetico.xlsx/700e5df5-f7c3-6510-1bd5-ef90e9824f17?version=1.07 KB (808 words) - 08:17, 16 February 2023
- Article 56 GDPR (section (1) Designation of the Lead Supervisory Authority (LSA) and the Cooperation Mechanism)(Article 65(1)(b) GDPR). It seems that the decision on a conflicting view can only be taken within a specific procedure under Article 65(1)(b) GDPR and55 KB (7,446 words) - 22:28, 1 April 2024
- Article 2 GDPR (section (1) Material scope)scope requires the data in question to be 'personal data'. This term is defined, and further discussed, in Article 4(1) GDPR. Any information that relates34 KB (4,652 words) - 12:07, 12 November 2023
- Article 34(1) is not triggered, as the authorised party will not be able to make use of the data obtained. “Subsequent” measures should be interpreted37 KB (3,962 words) - 15:20, 16 June 2023
- requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 23 GDPR (section (1) Restrictions)make contact with him' (BVerwG, NJW 2006, 3367ff.)”. Article 1(1) in conjunction with Article 2(1) Directive (EU) 2016/680 of the European Parliament and of44 KB (4,896 words) - 06:25, 16 June 2023
- categories of data listed under Article 9(1) GDPR. There have been conflicting arguments as to whether Article 22(1) GDPR lays down a right or a general prohibition31 KB (4,768 words) - 06:24, 16 June 2023
- surveillance cameras, it was therefore in breach of Article 37(1)(b) GDPR by not having a DPO. Article 37(1) GDPR specifies three conditions in which the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 46 GDPR (section (1) Scope)that they will be considered to be ad hoc clauses that require the authorisation of the competent DPA" under Article 46(3)(a) GDPR.Article 46(1) allows the34 KB (3,646 words) - 08:53, 27 March 2023
- However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article23 KB (2,489 words) - 23:24, 6 March 2024
- prior authorization, irrespective of the requirements of paragraph 1. Article 36(1) GDPR establishes an obligation for the controller to consult the DPA31 KB (3,646 words) - 08:51, 21 July 2023
- Article 3 GDPR (section (1) Establishment in the Union)the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 16 (available here) referring to Article 1(1)(b) Directive (EU) 2015/1535 of the European Parliament37 KB (4,635 words) - 13:29, 24 October 2023
- processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent32 KB (3,730 words) - 08:43, 7 March 2024
- proceedings under Article 79(1) GDPR in limited circumstances of substantive violations. Instead, Article 79(1) GDPR should be read as excluding proceedings31 KB (3,550 words) - 11:11, 29 November 2023
- Article 55 - Competence 1. Each supervisory authority shall be competent for the performance of the tasks assigned to and the exercise of the powers conferred35 KB (3,971 words) - 21:34, 1 April 2024
- concerning potential conflicts of interest. According to Article 38(1) GDPR, the DPO must be involved in a timely manner in all issues which relate to the protection29 KB (2,951 words) - 14:19, 25 July 2023
- an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the cases where a consensus could not be reached within the consistency mechanism33 KB (4,185 words) - 16:09, 2 November 2023
- Article 26 GDPR (section (1) Joint controllership)(Version 2.1), p. 19 (available here). EDPB, ‘Guidelines 07/2020 on the concepts of controller and processor in the GDPR’, 07 July 2021 (Version 2.1), p. 1937 KB (3,915 words) - 12:49, 24 May 2023
- under Articles 58(1)(d) or 58(3)(a) and 58(3)(b) GDPR do not qualify as decisions and cannot be subject to legal actions under Article 78(1) GDPR. A data subject30 KB (3,874 words) - 10:46, 7 December 2023
- derogation shall not be applied, and the derogation from Article 49(1)(a) GDPR will be applicable instead. The incapacity may be physical, mental or legal29 KB (3,500 words) - 08:54, 27 March 2023
- implementation requirements for 85(1) to be fulfilled. While not outlined, the academic commentary agrees that Article 85(1) should not be read as requiring member33 KB (3,748 words) - 14:25, 7 November 2023
- of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct must be tailored to “specific44 KB (5,008 words) - 14:50, 28 July 2023
- public hearing. Under specific conditions the hearing may be secret. For an administrative fine to be issued, a prior invitation of the defendant (or his representative23 KB (2,039 words) - 08:15, 25 April 2024
- Article 39 GDPR (section (1) DPO's Tasks)processing. Paragraph 1 provides a comprehensive list of tasks that the DPO must perform according to the GDPR, and these tasks cannot be restricted by national23 KB (2,165 words) - 15:10, 27 July 2023
- Article 8 GDPR (section (1) Material scope)May 2020 (Version 1.1), p. 28 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), p. 27 (available19 KB (1,335 words) - 13:56, 24 October 2023
- in Articles 70(1)(e) and 70(1)(f) GDPR was an editorial error. This obligation applies to all guidance issued by the Board. Articles 70(1)(n) to (q) GDPR27 KB (3,038 words) - 12:19, 11 October 2023
- designation must be done in written form. The GDPR does not specify any particular requirements for the representative. However, under Article 1(17) GDPR, the25 KB (2,418 words) - 14:11, 24 May 2023