Search results

Regulation, hereinafter : "GDPR"), OJ No. L 119 of 04.05.2016 S1, the following administrative offense (s) committed: In any case, from **. February 2020 until

headquarters of [S1] and a second system is operated from the site of [S2]. The video surveillance system installed at the administrative headquarters of [S1] is composed

December 9, 2018 (Annex S1, pages 314 et seq. DA), the attorney-at-law sent the defendant's attorney-at-law to the plaintiff's attorney-at-law, a letter

concept of "explicit consent" in Articles 9(1)(a), 22(2)(c) and 49(1)(a) GDPR. See the commentary on Article 9(1)(a) GDPR for explicit consent. Generally

Article 5(1)(b) does not foresee a certain form of documentation, but Articles 5(2) or 30(1)(a) GDPR require documentation and Articles 6(1)(a), 13(1)(c) and

controller’s (or processor’s) premises in accordance with Article 58(1)(f) GDPR. The search is not restricted to the business premises but a judge’s authorization

further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller

(Nomos 2018). Recital 70 GDPR. Recital 71 sentence 1 GDPR. Recital 71 sentence 1 GDPR. Recital 28 sentence 1 GDPR, such as Hansen, in Simitis, Hornung, Spieker

alternative means of communication which suit the data subject's specific needs. Under Article 12(1) GDPR, information “shall be provided in writing, or by other

GDPR embodies the principle of transparency in Article 5(1)(a) GDPR, outlining the controller's obligation to actively provide clear and comprehensive information

data subject’s private life, and second, the public’s interest in accessing the information, which may vary depending on the data subject’s role in public

non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the

subsume the corresponding legal basis contained in Article 6(1)(a) GDPR, 6(1)(d) GDPR and 6(1)(e) GDPR respectively, and would require no additional correlation

identification of sanctionable conduct(s) and infringment(s). For a detailed analysis we refer to paragraph (1). Determination of the starting point of

public interest in the case of Article 6(1)(e) and the controller's legitimate interest in the case of Article 6(1)(f). In other words, there is a balancing

Article 13(1)(a) GDPR. Given the identical wording, see commentary on Article 13(1)(b) GDPR. Given the identical wording, see commentary on Article 13(1)(c) GDPR

Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1) since they

individual rights. These criteria have the same meaning as in Article 24(1) and Article 32(1). The "nature" of the processing consists of its “the inherent characteristics”

possible, for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III; (f) assists

May 2020 (Version 1.1), pp. 7-8 (available here). EDPB, ‘Guidelines 05/2020 on consent under Regulation 2016/679’, 4 May 2020 (Version 1.1), pp. 8-9 (available

Article 33 GDPR regulates the controller and processor's obligations in case of data breach. Pragraph 1 imposes an obligation on controllers to notify the

enforcement of the GDPR are SA's main tasks. They summarise the core idea of SA's activities. All other tasks entailed in Article 57(1) GDPR can be understood

legitimate purpose(s) (Article 5(1)(b)); lawfulness of processing (Article 6); adequate, relevant and limited to what is necessary data (Article 5(1)(c)); limited

to Article 32(1) GDPR would be an example of such an obligation. It is also important to stress that, without prejudice to the processor's liability under

ng provision of Article 56(1) GDPR. In such cases, the LSA, i.e. the SA of the place where the controller's or processor's main or sole establishment is

processor’s lead supervisory authority, version 2.1, Section 2.2, available here. Guidelines 8/2022 on identifying a controller or processor’s lead supervisory

Article 30(1)(a) states it should contain the name and contact details of the controller and, where applicable, the joint controller(s), the controller's representative

with Article 33(1) GDPR. Thus, since the supervisory authority should be aware of the data breach, it can also be involved in the controller’s procedure for

information onto a form. The form is stored in the hospital's old paper filing system, where each patient's papers are stored according to surname and first name

guide the reviewer’s decision. Otherwise, it would be completely impossible to express one's own point of view. Pursuant to Article 12(1), which expressly

to include the DPO's 'contact details', i.e. exactly the same wording used in Article 13(1)(b) GDPR. If one were to follow Apple's suggested reading, after

subject’s rights, but not deny them. The grounds for restrictions are exhaustively listed in Article 23(1) GDPR. These grounds, listed in Article 23(1)(a)-(c)

subject’s data by the controller triggers a data subject’s right under Article 13 and 14 GDPR. We reject a strict literal interpretation of Article 79(1) GDPR

CJEU: The CJEU has clarified in C-132/21 that "Article 77(1), Article 78(1) and Article 79(1) of Regulation (EU) 2016/679 [...] must be interpreted as

exercise of a SA's investigative powers under Articles 58(1)(a), (b), (c), (e) and (f) GDPR; decisions following the exercise of a SA's corrective powers

independence and expertise in data protection matters. Paragraph 1 ensures the DPO's timely and proper involvement in any data protection issues. Paragraph

Article 46 - Transfers subject to appropriate safeguards 1. In the absence of a decision pursuant to Article 45(3), a controller or processor may transfer

objection of a SA (Article 65(1)(a) GDPR), when there are different views on which SA is the lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is

prior authorization, irrespective of the requirements of paragraph 1. Article 36(1) GDPR  establishes an obligation for the controller to consult the DPA

to management or the appropriate authority. Articles 39(1)(d) and (e) GDPR lay down the DPO’s obligations in relation to the Data Protection Authorities

restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment

version=1.0 https://www.garanteprivacy.it/documents/10160/0/Bilancio+di+previsione+2019+-+Sintetico.xlsx/700e5df5-f7c3-6510-1bd5-ef90e9824f17?version=1.0

Act (Zakon o varstvu osebnih podatkov (ZVOP-1)) which stayed in force for more than 4 years after the GDPR’s entrance into force. Responding to requests

data on another party’s behalf and on this party’s documented instructions (you are a sub-processor). According to Article 26(1) of the GDPR, joint controllers

the Union. Whereas the mere accessibility of the controller's, processor's or an intermediary's website in the Union, of an email address or of other contact

after IP completion day, the court is not bound (EUWA s 6(1)) but "may have regard" to them (EUWA s 6(2)). (4) The position is different in a "relevant court"

However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article

necessary to protect an interest which is essential for the data subject's or another person's vital interests, including physical integrity or life, if the data

an advisory role. Articles 70(1)(a) and 70(1)(t) GDPR grant the EDPB an important and new role regarding the Regulation’s consistency mechanism. In particular

 the territory of the European Union (in breach of Article 27(1) GDPR). In such situations s SA may ask the competent authorities of the country of the processor