Search results
From GDPRhub
- AEPD (Spain) - PS/00025/2019 (category Article 58(2)(d) GDPR)third parties (article 83.2.k, of the RGPD in relationwith article 76.2.b, of the LOPDGDD)SAWIn accordance with articles 58.2 and 83.2 of the RGPD, previously88 KB (14,301 words) - 13:48, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3021/452/2017 (category Article 58(2) GDPR) (section Application of Articles 12 and 15 GDPR to call records)(2016/679) Article 5 (1) (a), Article 12 (1), (2) and (6) , Article 13, Article 15 (1) (h), (3) and (4), Article 58 (2) (c) and (d) subparagraphs Article 34 (1)41 KB (6,220 words) - 09:48, 17 November 2023
- HDPA (Greece) - 44/2019 (category Article 58(2)(d) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9435753 (category Article 58(2)(d) GDPR)Company itself, pursuant to Article 58, paragraph 2, letter i), of the Regulation, Article 166, paragraph 7, of the Code and Article 18 of Law no. 689/1981129 KB (21,020 words) - 15:49, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 58(2)(d) GDPR)reasons the Italian DPA, with the power conferred by Article 58(2)(d) and (f) and Article 83(3) and (5) GDPR, imposed to Fastweb multiple corrective measures131 KB (21,014 words) - 15:55, 6 December 2023
- Persónuvernd (Island) - 2022020363 (category Article 58(2)(d) GDPR)administrative fine in the amount of 2,000,000 ISK on the controller under Article 83(2)(a) GDPR and Article 83(2)(g) GDPR. This is just one of five decisions142 KB (22,881 words) - 12:42, 16 January 2024
- AEPD (Spain) - EXP202211775 (category Article 6(1) GDPR)homeowner’s association. The DPA fined the controller $300 under Article 58(2)(d) GDPR and ordered that the cameras be removed or reoriented so that they2 KB (174 words) - 12:40, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3846/157/2019 (category Article 17 GDPR)with Article 58 section 2 C, the DPA ordered the controller to delete the data subject’s data in accordance with Article 17 GDPR. Pursuant to Article 58(2)(d)4 KB (424 words) - 13:05, 3 March 2024
- ANSPDCP (Romania) - 24.04.2023 (category Article 12(3) GDPR)violated Article 12(3) and Article 21 GDPR by not respecting the data subject's objection. Based on its powers pursuant to Article 58(2)(i) GDPR, the DPA6 KB (707 words) - 15:15, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9518890 (category Article 5(1)(a) GDPR)context of employment as per Article 88 GDPR. For these reasons, the Garante: - With the power conferred by Article 58(2)(i) GDPR, imposed a fine of €20,0004 KB (460 words) - 15:53, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 1198/161/2022 (category Article 9(2)(a) GDPR)within the meaning of Article 4(15) GDPR and Article 9(1) GDPR. Processing of sensitive data requires a legal basis under Article 9(2) GDPR. In the present case13 KB (1,847 words) - 15:52, 11 December 2023
- IDPC (Malta) - EDPBI:MT:OSS:D:2022:341 (category Article 58(2)(d) GDPR)access request (Article 15 GDPR). Therefore, the controller violated Article 12(2) GDPR. The DPA reprimanded the controller (Article 58(2)(b) GDPR) and ordered8 KB (958 words) - 13:00, 9 November 2022
- AZOP (Croatia) - Decision 04-07-2022 (category Article 58(1) GDPR)space. The DPA found a violation of Article 6(1) GDPR and ordered the controller, pursuant to Article 58(2)(d) GDPR, to adjust the location of the cameras14 KB (2,038 words) - 15:20, 30 October 2023
- ANSPDCP (Romania) - Fine against LORIS FUEL SHOP SRL (category Article 58(2)(d) GDPR)instruction to ensure compliance with the GDPR, the ANSPDCP did not explicitly refer to Article 58(2)(d) GDPR but it can be assumed that the instruction5 KB (572 words) - 14:37, 18 May 2022
- ANSPDCP (Romania) - 31.01.2024 (category Article 58(2)(d) GDPR)investigation, in accordance with Article 58(2)(d) GDPR, the DPA also imposed on the controller the corrective measure to provide and communicate all the7 KB (830 words) - 16:14, 14 February 2024
- ANSPDCP (Romania) - Compania Națională Poșta Română SA (category Article 58(2)(d) GDPR)provisions of Article 32(1)(b) GDPR and Article 32(2) GDPR. The DPA fined the processor €2,000 for this data breach. Under the Article 58(2)(d) GDPR it was decided8 KB (948 words) - 16:44, 15 November 2022
- DPC - Tusla Child and Family Agency (category Article 58(2)(d) GDPR)compliance with Article 32(1) and issued reprimands in respect of the infringements, pursuant to Articles 58(2)(b), (d), and (i) GDPR respectively. Procedure6 KB (761 words) - 21:06, 24 February 2021
- AEPD (Spain) - PS-00563-2022 (category Article 58(2)(d) GDPR)that a fine of €2,000 be set for the infringement of Article 13 GDPR as defined in Article 83(5) GDPR. Pursuant to Article 58(2)(d) GDPR the Spanish DPA8 KB (1,017 words) - 09:54, 18 January 2024
- ANSPDCP (Romania) - Asociația de Proprietari Aviației Park (category Article 58(2)(d) GDPR)which the data are processed. At the same time, pursuant to art. 58 para. (2) lit. d) from the RGPD, the following corrective measures were ordered against9 KB (1,206 words) - 13:59, 4 September 2022
- CNIL (France) - 2c1s196162814 (category Article 58(2)(d) GDPR)personal data. The DPA also issued a formal notice pursuant of Article 58(2)(d) GDPR and Article 20.II of the French Data Protection Act to limit the retention13 KB (1,877 words) - 12:06, 4 January 2023
- Datatilsynet (Denmark) - 2021-432-0056 (category Article 58(2)(d) GDPR)freedoms that could not be mitigated, and referred to Article 36(1) GDPR and Article 36(2) GDPR. The DPA ordered the municipality to: Change the data processing16 KB (2,135 words) - 16:52, 14 September 2022
- ВАС - 6307/27.06.2022 (category Article 58(2)(d) GDPR)violation of Article 32 GDPR since the controller did not implement the measures necessary to prevent such disclosure. Under Article 58 (2)(d) GDPR, Speedy19 KB (2,875 words) - 10:08, 22 November 2022
- Datatilsynet (Denmark) - 2020-442-8862 (category Article 58(2)(d) GDPR)to Article 58(2)(a) and ordered the controller to bring its processing operations into compliance with the GDPR, pursuant to Article 58(2)(d) GDPR. Share24 KB (3,735 words) - 17:29, 23 February 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6745/163/18 (category Article 58(2)(d) GDPR)Finnish DPA therefore instructed the controller in accordance with Article 58(2)(d) GDPR to bring the processing operations in line with the rules on the26 KB (4,068 words) - 14:27, 24 February 2022
- Datatilsynet (Denmark) - 2021-31-4871 (category Article 58(2)(d) GDPR)6(1)(a) GDPR and 4(11) GDPR. Therefore, the controller violated Articles 5(2) and 5(1)(a) GDPR. The DPA ordered the controller, pursuant to Article 58(2)(d)29 KB (4,447 words) - 16:32, 3 November 2023
- IDPC (Malta) - CDP/IMI/LSA/17/2022 (category Article 12(1) GDPR)In an Article 60 GDPR procedure, the DPA of Malta reprimanded a controller (Article 58(2)(b) GDPR) for requesting the data subject to sign an agreement7 KB (825 words) - 13:19, 9 November 2022
- Datatilsynet (Denmark) - 2021-31-5553 (category Article 58(2)(d) GDPR)6(1)(a) GDPR and 4(11) GDPR and did therefore violate Articles 5(2) and 5(1)(a) GDPR. The DPA ordered the controller pursuant to Article 58(2)(d) GDPR to ensure32 KB (4,997 words) - 14:09, 22 February 2023
- Datatilsynet (Norway) - 20/02144 (category Article 58(2)(d) GDPR)32(2) GDPR for insufficient risk assessment of security measures in the MyPostNord service, and ordered the controller, pursuant to Article 58(2)(d) GDPR38 KB (5,449 words) - 14:08, 18 January 2023
- IMY (Sweden) - DI-2020-10696 (category Article 58(2)(d) GDPR)erasure request pursuant of Article 58(2)(d) GDPR. Also, the DPA ordered the controller pursuant of Article 58(2)(d) GDPR to provide the data subject information57 KB (6,743 words) - 13:54, 1 February 2023
- Datatilsynet (Denmark) - 2021-432-0063 (category Article 58(2)(d) GDPR)cf. Article 35 of the Data Protection Regulation. The order is announced in accordance with the data protection regulation, article 58, subsection 2, letter35 KB (5,141 words) - 14:34, 28 September 2022
- Datatilsynet (Norway) - 21/02293 (category Article 58(2)(d) GDPR)data protection regulation article 6 no. 1 letter f. 2. Pursuant to the Personal Protection Regulation article 58 no. 2 letter d, Recover AS is ordered to39 KB (5,691 words) - 08:12, 14 September 2022
- Garante per la protezione dei dati personali (Italy) - 9880317 (category Article 58(2)(d) GDPR)6(1)(a) GDPR. The Italian DPA ordered the controller to erase personal data and stop the processing pursuant to Article 58(2)(d) and (f) GDPR. The DPA40 KB (6,513 words) - 13:47, 3 May 2023
- AEPD (Spain) - PS-00371-2021 (category Article 58(2)(d) GDPR)according to Article 83(4)(a) GDPR. However, the AEPD imposed no fines in either of the two violations. Instead, according to Article 58(2)(d) GDPR, the AEPD46 KB (7,141 words) - 13:00, 18 January 2024
- Garante per la protezione dei dati personali (Italy) - 9592011 (category Article 58(2)(d) GDPR)Pursuant to Article 58(2)(d) of the GDPR, the DPA ordered Associazione Rousseau to comply with the provisions of Article 28(3)(g) of the GDPR by ensuring40 KB (6,510 words) - 16:53, 26 May 2022
- Garante per la protezione dei dati personali (Italy) - 9838992 (category Article 58(2)(d) GDPR)to Articles 114 and 157 of the Privacy Code. Pursuant to Article 58(2)(i) GDPR and 83 GDPR, the DPA imposed an administrative fine of €6,000.00, and an order41 KB (6,437 words) - 12:47, 8 February 2023
- NAIH (Hungary) - NAIH-3734-15/2023 (category Article 58(2)(d) GDPR)violated Article 6 (1) point f) of the GDPR. (61) The Authority grants the Requester's request and, based on Article 58 (2) point d) of the GDPR, instructs48 KB (7,721 words) - 11:09, 10 January 2024
- DPC (Ireland) - Meta Platforms Ireland Limited (Facebook) - IN-18-5-5 (category Article 58 GDPR)of fairness pursuant to Article 5(1)(a) GDPR.” Summary of Envisaged Action The DPC made an order pursuant to Article 58(2)(d) GDPR, requiring Meta IE to21 KB (3,005 words) - 14:16, 1 February 2023
- Garante per la protezione dei dati personali (Italy) - 9668051 (category Article 58(2)(d) GDPR)third parties. In addition, through the authority identified in Article 58(2)(d) GDPR, the Italian DPA orders PagoPA S.p.A to adopt the appropriate technical54 KB (8,704 words) - 13:10, 23 June 2021
- DPC (Ireland) - Meta Platforms Ireland Limited (Instagram) - IN-18-5-7 (category Article 58 GDPR)of fairness pursuant to Article 5(1)(a) GDPR”. Summary of Envisaged Action The DPC made an order pursuant to Article 58(2)(d) GDPR, requiring Meta IE to21 KB (3,069 words) - 14:17, 1 February 2023
- Datatilsynet (Norway) - 23/00708 (category Article 58(2)(d) GDPR)per Article 57(1)(a) GDPR, Article 57(1)(h) GDPR, cf. Article 58(1)(a) GDPR, Article 58(1)(b) GDPR, Article 58(1)(e) GDPR and Article 58(1)(f) GDPR. The59 KB (8,718 words) - 14:50, 20 December 2023
- NAIH (Hungary) - NAIH-924-10/2021 (category Article 58(2)(d) GDPR)Applicant concerned infringes Article 12 (2) of the General Data Protection Regulation and Article 25 (2) and Article 58 (2) (d) of the General Data Protection56 KB (8,760 words) - 13:16, 25 August 2021
- NAIH (Hungary) - NAIH-2857-20/2021 (category Article 58(2)(d) GDPR)Union Article 58 of the General Data Protection Regulation in particular by alerting the controller or processor. In accordance with Article 58 (2) (d) of79 KB (12,495 words) - 11:03, 21 January 2022
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Garante per la protezione dei dati personali (Italy) - 9828901 (category Article 58(2)(d) GDPR)controller, pursuant to Article 58(2)(d) GDPR, ordering the controller to bring its processing activities in line with the GDPR. The DPA also imposed an91 KB (14,709 words) - 13:02, 14 December 2022
- BVwG - W214 2219800-3 (category Article 58(2)(d) GDPR)of the data subject ('storage limitation');'. Article 58(2)(d) of the GDPR reads: "Article 58 Powers (2) Each supervisory authority shall have all of the83 KB (13,846 words) - 09:39, 10 September 2021
- WSA Warsaw - II SA/Wa 2378/20 (category Article 58(2)(d) GDPR)found that the company violated Article 7 (3) GDPR, Article 12 (2) GDPR, Article 17 (1)(b)GDPR and Article 24 (1) GDPR, by failing to implement appropriate92 KB (15,312 words) - 09:57, 10 September 2021
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page82 KB (13,250 words) - 16:57, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9269629 (category Article 5(1)(f) GDPR)measures, as per Article 58(2)(d) GDPR, have been adopted, obliging the controller to complete implementation of relevant technical and organizational measures38 KB (5,724 words) - 15:47, 6 December 2023
- VG Köln - 13 L 1707/21 (category Article 58(2) GDPR)enforceable order against the Job Centre under Article 58(2)(d) GDPR to bring its processing into compliance with the GDPR and re-designate the dismissed DPO. The15 KB (2,273 words) - 15:58, 18 March 2022
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024