Search results
From GDPRhub
- Article 47 GDPR (section (3) Exchange of Information)members; (b) the data transfers or set of transfers, including the categories of personal data, the type of processing and its purposes, the type of data subjects29 KB (2,823 words) - 15:15, 28 April 2022
- considers the decision invalid. However, a national court may not refer a question on the validity of the decision of the Board at the request of a natural30 KB (3,874 words) - 10:46, 7 December 2023
- “accredited” by the competent DPA for the purpose of ensuring compliance with the code of conduct. The criteria for this accreditation is provided in the section30 KB (2,720 words) - 14:02, 28 July 2023
- conflict of interests. 3. The accreditation of certification bodies as referred to in paragraphs 1 and 2 of this Article shall take place on the basis of criteria22 KB (1,634 words) - 14:40, 28 July 2023
- here. The budget of the CNIL is decided by the Parliament as part of the annual finance act. data on the budget since 2000 can be found here. You can help8 KB (824 words) - 22:52, 27 February 2024
- relevant, as to: (a) the purposes of the processing or categories of processing; (b) the categories of personal data; (c) the scope of the restrictions introduced;44 KB (4,896 words) - 06:25, 16 June 2023
- includes general elements of any procedure like the service of documents (Section 106 DPA 2018) or the appeals system (Section 150 DPA 2018) in data protection8 KB (1,034 words) - 14:13, 20 August 2021
- Article 91 GDPR (section (2) DPA supervision)itself, or the general DPA responsible for monitoring the application of the GDPR at the regional or national level. In both cases, all the conditions25 KB (2,482 words) - 10:04, 19 March 2024
- Spanish DPA regarding a controller established in the UK. The Spanish DPA was unable to settle a case after the British DPA, following Brexit, left the Internal17 KB (1,142 words) - 15:41, 28 April 2022
- Article 39 GDPR (section (2) Risk-based approach)and on the demonstration of compliance by the controller or the processor, especially as regards the identification of the risk related to the processing23 KB (2,165 words) - 15:10, 27 July 2023
- Article 55 GDPR (section (2) Exclusive competence regarding processing for compliance with a legal obligation or in the public interest)for the performance of the tasks assigned to and the exercise of the powers conferred on it in accordance with this Regulation on the territory of its35 KB (3,971 words) - 21:34, 1 April 2024
- Article 83 GDPR (section (3) Multiple infringements caused by the same or linked processing operations ("unity of action"))or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher: (a) the obligations55 KB (7,622 words) - 14:04, 7 November 2023
- according to § 2(3) LDSG and § 2(5) LDSG-JB. According to § 25(3) LDSG the LfDI is responsible for complaints against governmental institutions of Baden-Württemberg4 KB (275 words) - 11:13, 8 May 2022
- investigative powers of the competent DPA. The powers in question are provided for in Article 58(e) and (f) GDPR, under which the DPA can “obtain, from the controller18 KB (1,599 words) - 12:26, 29 April 2022
- Article 63 GDPR (section Any Other Matter of General Application or Producing Effects in different Member States)“either between the DPAs over the course of the one-stop-shop mechanism [...], or when a DPA disregards or fails to seek the opinion of the EDPB in those15 KB (851 words) - 06:55, 29 April 2022
- following the expiration of the second month referred to in paragraph 2 by a simple majority of the members of the Board. Where the members of the Board are33 KB (4,185 words) - 16:09, 2 November 2023
- Law, supplementing the GDPR) Regulation n.º 757/2020, of 10 September, on the organisation and functioning of of support services for the CNPD [1]. Regulation5 KB (531 words) - 13:25, 3 May 2023
- 14(1)(1)(6) BDSG the BfDI is responsible for complaints under Article 77 GDPR. The BfDI has to inform the complainant about the ongoing procedure and the results3 KB (297 words) - 14:49, 1 December 2020
- Article 21 GDPR (section Or processing concerns the establishment, excercise or defence of legal claims)reiterates the obligation on the data controller to inform about the existence of the right to object at the time of the first communication with the data subject49 KB (5,993 words) - 06:22, 16 June 2023
- necessary by the Commissioner for the purposes of the investigation 4. Following the conclusion of the investigation, you will be informed of the outcome.4 KB (483 words) - 08:17, 12 July 2022
- Article 34 GDPR (section (2) Minimal requirements of the controller's communication to the data subject)that the enforcement of Article 34 GDPR is likely to be difficult as the controller is the entity making the assessment of the level of the risk. The reporting37 KB (3,962 words) - 15:20, 16 June 2023
- Article 38 GDPR (section (2) Necessary resources)monitoring of the data subjects on a large scale, or where the core activities of the controller or the processor consist of processing on a large scale of special29 KB (2,951 words) - 14:19, 25 July 2023
- helps to clarify the scope of obligations placed on controllers and processors based outside of the EU. Where Article 3(2) GDPR applies, the controller or25 KB (2,418 words) - 14:11, 24 May 2023
- Authority for the German state of North Rhine-Westphalia. It is in charge of enforcing the GDPR in the private sector in the German state of North Rhine-Westphalia4 KB (372 words) - 10:45, 22 September 2021
- referenced in all documents. The individual employee decides on behalf of the Slovak DPA. The head of the Slovak DPA is the President of the Office for Personal9 KB (1,006 words) - 07:13, 7 July 2021
- relevant to this issue is the case-law of the European Court of Human Rights (ECtHR) on the interpretation of the provisions of the European Convention on33 KB (3,748 words) - 14:25, 7 November 2023
- such a manner that the processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject. The controller must72 KB (9,140 words) - 13:12, 2 June 2023
- related to the spelling of the name cannot be considered insignificant because they impact the primary identifier of the data subject in the realm of automated23 KB (2,489 words) - 23:24, 6 March 2024
- Article 49 GDPR (section (b) Necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request)consideration to the nature of the personal data, the purpose and duration of the proposed processing operation or operations, as well as the situation in the country29 KB (3,500 words) - 08:54, 27 March 2023
- Article 57 GDPR (section (m) Encourage the drawing up of codes of conduct and regulate the use of codes of conduct)indicate the supervisory authority which has issued the measure, the date of issue of the measure, bear the signature of the head, or a member of the supervisory60 KB (7,796 words) - 20:12, 1 April 2024
- Article 54 GDPR (section In the course of the performance of their tasks or exercise of their powers)procedures for the appointment of the member or members of each supervisory authority; (d) the duration of the term of the member or members of each supervisory34 KB (3,649 words) - 13:19, 30 October 2023
- relation to the protection of personal data. 3. The Commission, after assessing the adequacy of the level of protection, may decide, by means of implementing43 KB (5,641 words) - 14:58, 28 April 2022
- Article 52 GDPR (section In the context of mutual assistance, cooperation and participation in the EDPB)under Article 8(3) of the Charter of Fundamental Rights of the European Union ("CFR"), Article 16(2) of the Treaty on the Functioning of the European Union47 KB (5,594 words) - 22:45, 1 April 2024
- Data Protection in Germany (section BfDI (Federal DPA))counter the risk of violating the general right of personality. Context According to the provisions of the Census Law, a census in the form of a total18 KB (1,831 words) - 13:49, 3 November 2022
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(3) GDPR) (section English Machine Translation of the Decision)July 2019, the data subject filed a complaint about the controller's answer at the DPA. The DPA continued to review the case. First, the DPA reprimanded26 KB (3,820 words) - 16:22, 6 December 2023
- within the scope of Article 100(3) ZVOP-2 in relation to Article 100(1)(2) ZVOP-2 for infringing general provisions on video surveillance. The DPA noted6 KB (645 words) - 10:59, 31 January 2024
- 2020 the Sanctions Board of the Office imposed fines for the first time. The Board has imposed a total of 21 fines, the total amount of which is €3,5035 KB (492 words) - 18:09, 19 March 2024
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR) (section English Machine Translation of the Decision)fifteen, of which the controller was fully aware, according to the DPA. Fine The DPA imposed a fine of 800,000 euros on the controller. The amount of the fine59 KB (9,566 words) - 17:03, 6 December 2023
- DSB (Austria) (category DPA) (section Relevant Elements under the Austria Data Protection Act and Administrative Procedural Act)possible the controller, the facts of the case, the reasons why the complainant feels his rights are violated, the request to find a violation of the law and11 KB (1,468 words) - 13:27, 14 May 2023
- and the data protection officer; (b) the purposes of the processing; (c) a description of the categories of data subjects and of the categories of personal31 KB (3,327 words) - 15:31, 5 June 2023
- APD/GBA (Belgium) - 161/2022 (category Article 3(2) GDPR) (section English Machine Translation of the Decision)Article 3 of the GDPR assumes of two different cases. In the first case (Article 3.1 of the GDPR), the data processing carried out in the context of the activities19 KB (2,689 words) - 15:30, 23 November 2022
- hereinafter: ZVOP-2), according to point 2 of the first paragraph of Article 103 of ZVOP-2 and according to point 3 of the first paragraph of Article 105 of ZVOP-221 KB (3,272 words) - 08:50, 1 March 2024
- Datatilsynet (Norway) - 20/02136 (category Article 3(2) GDPR) (section (a) the nature, gravity and duration of the infringement taking into account the nature scope or purpose of the processing concerned as well as the number of data subjects affected and the level of damage suffered by them)relevant in the present case. The NO DPA rejects Grindr's argument according to which the interpretation of the article violated was not clear. The NO DPA confirms18 KB (2,375 words) - 16:17, 6 December 2023
- in the text of the Regulation exempts such a category of data from the scope of the law. Finally, the DPA assessed whether the controller had a valid legal25 KB (3,679 words) - 11:30, 2 August 2023
- CJEU - C-230/14 - Weltimmo (section Was the processing carried out 'in the context of [Weltimmo's] activities' in Hungary?)circumstances, of the use of those data for the purpose of the invoicing of the advertisements after a period of one month." It referred to the Lindqvist and13 KB (1,888 words) - 13:07, 1 June 2023
- for the data transfer referred to in item 2.a). 3) The complaint against the respondent to the second complaint on the grounds of a violation of the general108 KB (17,097 words) - 13:52, 12 May 2023
- CNIL (France) - SAN-2022-024 (category Article 3 GDPR) (section English Machine Translation of the Decision)subjects in the EU (Article 3(2)(a) GDPR). The DPA concluded that Article 3(2)(b) GDPR was also not applicable. The DPA mentioned that the online collection30 KB (4,714 words) - 10:34, 4 January 2023
- Article 60 GDPR (section (3) Duty of lead supervisory authority (LSA) to communicate the relevant information and submit a draft decision)Cooperation Where the processing of personal data takes place in the context of the activities of an establishment of a controller or a processor in the Union and35 KB (4,017 words) - 16:04, 18 March 2024
- 2003/98/EC of the European Parliament and of the Council leaves intact and in no way affects the level of protection of natural persons with regard to the processing22 KB (2,177 words) - 10:01, 19 March 2024
- article 3 of the French Data Protection Act because the use of cookies is carried out within the framework of the activities of the company Google France which93 KB (14,936 words) - 17:09, 6 December 2023