Search results
From GDPRhub
- Article 34 GDPR (section (2) Minimal requirements of the controller's communication to the data subject)that the enforcement of Article 34 GDPR is likely to be difficult as the controller is the entity making the assessment of the level of the risk. The reporting37 KB (3,962 words) - 15:20, 16 June 2023
- necessary by the Commissioner for the purposes of the investigation 4. Following the conclusion of the investigation, you will be informed of the outcome.4 KB (483 words) - 08:17, 12 July 2022
- Article 38 GDPR (section (2) Necessary resources)monitoring of the data subjects on a large scale, or where the core activities of the controller or the processor consist of processing on a large scale of special29 KB (2,951 words) - 14:19, 25 July 2023
- helps to clarify the scope of obligations placed on controllers and processors based outside of the EU. Where Article 3(2) GDPR applies, the controller or25 KB (2,418 words) - 14:11, 24 May 2023
- Authority for the German state of North Rhine-Westphalia. It is in charge of enforcing the GDPR in the private sector in the German state of North Rhine-Westphalia4 KB (372 words) - 10:45, 22 September 2021
- referenced in all documents. The individual employee decides on behalf of the Slovak DPA. The head of the Slovak DPA is the President of the Office for Personal9 KB (1,006 words) - 07:13, 7 July 2021
- relevant to this issue is the case-law of the European Court of Human Rights (ECtHR) on the interpretation of the provisions of the European Convention on33 KB (3,748 words) - 14:25, 7 November 2023
- such a manner that the processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject. The controller must72 KB (9,140 words) - 13:12, 2 June 2023
- related to the spelling of the name cannot be considered insignificant because they impact the primary identifier of the data subject in the realm of automated23 KB (2,489 words) - 23:24, 6 March 2024
- Article 49 GDPR (section (b) Necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request)consideration to the nature of the personal data, the purpose and duration of the proposed processing operation or operations, as well as the situation in the country29 KB (3,500 words) - 08:54, 27 March 2023
- Article 57 GDPR (section (m) Encourage the drawing up of codes of conduct and regulate the use of codes of conduct)indicate the supervisory authority which has issued the measure, the date of issue of the measure, bear the signature of the head, or a member of the supervisory60 KB (7,796 words) - 20:12, 1 April 2024
- Article 54 GDPR (section In the course of the performance of their tasks or exercise of their powers)procedures for the appointment of the member or members of each supervisory authority; (d) the duration of the term of the member or members of each supervisory34 KB (3,649 words) - 13:19, 30 October 2023
- relation to the protection of personal data. 3. The Commission, after assessing the adequacy of the level of protection, may decide, by means of implementing43 KB (5,641 words) - 14:58, 28 April 2022
- Article 52 GDPR (section In the context of mutual assistance, cooperation and participation in the EDPB)under Article 8(3) of the Charter of Fundamental Rights of the European Union ("CFR"), Article 16(2) of the Treaty on the Functioning of the European Union47 KB (5,594 words) - 22:45, 1 April 2024
- Data Protection in Germany (section BfDI (Federal DPA))counter the risk of violating the general right of personality. Context According to the provisions of the Census Law, a census in the form of a total18 KB (1,831 words) - 13:49, 3 November 2022
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(3) GDPR) (section English Machine Translation of the Decision)July 2019, the data subject filed a complaint about the controller's answer at the DPA. The DPA continued to review the case. First, the DPA reprimanded26 KB (3,820 words) - 16:22, 6 December 2023
- within the scope of Article 100(3) ZVOP-2 in relation to Article 100(1)(2) ZVOP-2 for infringing general provisions on video surveillance. The DPA noted6 KB (645 words) - 10:59, 31 January 2024
- 2020 the Sanctions Board of the Office imposed fines for the first time. The Board has imposed a total of 21 fines, the total amount of which is €3,5035 KB (492 words) - 18:09, 19 March 2024
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR) (section English Machine Translation of the Decision)fifteen, of which the controller was fully aware, according to the DPA. Fine The DPA imposed a fine of 800,000 euros on the controller. The amount of the fine59 KB (9,566 words) - 17:03, 6 December 2023
- DSB (Austria) (category DPA) (section Relevant Elements under the Austria Data Protection Act and Administrative Procedural Act)possible the controller, the facts of the case, the reasons why the complainant feels his rights are violated, the request to find a violation of the law and11 KB (1,468 words) - 13:27, 14 May 2023
- and the data protection officer; (b) the purposes of the processing; (c) a description of the categories of data subjects and of the categories of personal31 KB (3,327 words) - 15:31, 5 June 2023
- APD/GBA (Belgium) - 161/2022 (category Article 3(2) GDPR) (section English Machine Translation of the Decision)Article 3 of the GDPR assumes of two different cases. In the first case (Article 3.1 of the GDPR), the data processing carried out in the context of the activities19 KB (2,689 words) - 15:30, 23 November 2022
- hereinafter: ZVOP-2), according to point 2 of the first paragraph of Article 103 of ZVOP-2 and according to point 3 of the first paragraph of Article 105 of ZVOP-221 KB (3,272 words) - 08:50, 1 March 2024
- Datatilsynet (Norway) - 20/02136 (category Article 3(2) GDPR) (section (a) the nature, gravity and duration of the infringement taking into account the nature scope or purpose of the processing concerned as well as the number of data subjects affected and the level of damage suffered by them)relevant in the present case. The NO DPA rejects Grindr's argument according to which the interpretation of the article violated was not clear. The NO DPA confirms18 KB (2,375 words) - 16:17, 6 December 2023
- in the text of the Regulation exempts such a category of data from the scope of the law. Finally, the DPA assessed whether the controller had a valid legal25 KB (3,679 words) - 11:30, 2 August 2023
- CJEU - C-230/14 - Weltimmo (section Was the processing carried out 'in the context of [Weltimmo's] activities' in Hungary?)circumstances, of the use of those data for the purpose of the invoicing of the advertisements after a period of one month." It referred to the Lindqvist and13 KB (1,888 words) - 13:07, 1 June 2023
- for the data transfer referred to in item 2.a). 3) The complaint against the respondent to the second complaint on the grounds of a violation of the general108 KB (17,097 words) - 13:52, 12 May 2023
- CNIL (France) - SAN-2022-024 (category Article 3 GDPR) (section English Machine Translation of the Decision)subjects in the EU (Article 3(2)(a) GDPR). The DPA concluded that Article 3(2)(b) GDPR was also not applicable. The DPA mentioned that the online collection30 KB (4,714 words) - 10:34, 4 January 2023
- Article 60 GDPR (section (3) Duty of lead supervisory authority (LSA) to communicate the relevant information and submit a draft decision)Cooperation Where the processing of personal data takes place in the context of the activities of an establishment of a controller or a processor in the Union and35 KB (4,017 words) - 16:04, 18 March 2024
- 2003/98/EC of the European Parliament and of the Council leaves intact and in no way affects the level of protection of natural persons with regard to the processing22 KB (2,177 words) - 10:01, 19 March 2024
- article 3 of the French Data Protection Act because the use of cookies is carried out within the framework of the activities of the company Google France which93 KB (14,936 words) - 17:09, 6 December 2023
- Authority for the Spanish autonomous region of the Basque Country. It is in charge of enforcing the GDPR in the public sector within the Basque Country3 KB (195 words) - 13:21, 15 September 2021
- DI-2020-11373 2(23) Date: 2023-06-30 2.2.1 Applicable regulations, etc. ................................................... .....9 2.2.2 The Privacy Protection113 KB (12,773 words) - 15:20, 6 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(2) GDPR) (section English Machine Translation of the Decision)in line with the GDPR. Furthermore, until the Municipality of Helsingor complies with the GDPR, the DPA suspended transfers of data to the United States75 KB (11,733 words) - 16:33, 21 August 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(2) GDPR) (section English Machine Translation of the Decision)high. . The warning shall be issued in accordance with Article 58 (2) of the Data Protection Regulation. 2, letter a. If the assessments of the risk made48 KB (7,442 words) - 10:24, 12 September 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 58(2)(f) GDPR) (section English Machine Translation of the Decision)Article 36(1), the ban is effective until the DPA has provided such consultation as per Article 36(2) or the DPA otherwise permits the processing until117 KB (18,075 words) - 10:19, 12 September 2022
- AKI (Estonia) - EDPBI:ee:OSS:d:2022:343 (category Article 7(2) GDPR) (section English Machine Translation of the Decision)at a German DPA (not clear which German DPA) on 2 January 2020, which transferred the complaint on 7 May 2020 to the Estonian DPA (DPA), the lead supervisory42 KB (5,644 words) - 14:35, 30 November 2022
- informed of outcome of the investigation would compromise the objectives of GDPR. The CJEU added that a DPA assessing a complaint has a margin of discretion15 KB (2,180 words) - 08:23, 13 December 2023
- decision on the language of the proceedings. Interlocutory decision 01/2021 - 4/6 2. Motivation 10. As part of the analysis of the language of the proceedings19 KB (2,707 words) - 16:50, 12 December 2023
- translation of the final decision to the provide parties. 3. On 4 February 2021, the DPA also provided the parties with the inspection report of 13 July 20208 KB (1,156 words) - 16:56, 12 December 2023
- and means of the collection and subsequent transfer of those personal data. The DPA confirmed that CDON AB is the controller. Thirdly, the DPA investigated121 KB (13,722 words) - 15:16, 5 July 2023
- ...11 2.2.2 The Privacy Protection Authority's assessment...................................13 2.3 Coop is the personal data controller for the processing115 KB (12,842 words) - 08:38, 5 July 2023
- Following the complaint, the DPA investigated the data transfers from the controller to the US through the use of Google Analytics. In its defense, the controller131 KB (14,752 words) - 08:36, 5 July 2023
- Data Protection in Greece (section Age of consent)Articles 2, 3(2)(b), 13(3), 15(1), 18(2) and (3) and 21 which remain in force according to Article 84 L. 4624/2019; 2) L. 4579/2018 on the obligations of air10 KB (1,037 words) - 14:52, 10 July 2020
- CJEU - C‑131/12 - Google Spain (section Responsibility of the operator of a search engine under Directive 95/46)Directive 95/46 … be applied, in the light of Article 8 of the [Charter], in the Member State where the centre of gravity of the conflict is located and more16 KB (2,423 words) - 13:03, 1 June 2023
- deposit in the amount of 110% of the amount enforceable on the basis of the judgment unless the judgment creditor provides security in the amount of 110% of52 KB (8,574 words) - 16:03, 10 March 2022
- BVwG - W258 2217446-1 (category Article 9(2) GDPR) (section Data on the "affinity for a political party" as special categories of personal data?)against the Austrian Postal Service. The DSB investigated i.a the records of processing activities and the data protection impact assessment of the Austrian79 KB (12,652 words) - 09:41, 10 September 2021
- Court of Appeal of Brussels - 2019/AR/1600 (category Court of Appeal of Brussels (Belgium)) (section English Machine Translation of the Decision)Article 82(2) GDPR. Most importantly, the controller challenged two of the three findings of the DPA, which had led to the fine: the absence of a valid legal60 KB (9,144 words) - 16:17, 22 March 2022
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (section English Machine Translation of the Decision)this case, the GDPR" (116). Turning to the facts of the case, the EDPB outlines a number of factors which, in contradiction to the view of the DPC, support53 KB (8,413 words) - 14:10, 30 January 2023
- those of the other persons attending the general meeting. The data subject filed a complaint with the Hungarian DPA asking it to order the controller to9 KB (1,308 words) - 12:54, 28 June 2023