Search results

From GDPRhub
  • not relate to an identifiable person. The GDPR imposes an active duty on the controller to delete data. The controller may not wait for an action by the
    50 KB (6,285 words) - 14:57, 27 March 2024
  • protection of data subjects” as well as “providing an easily workable and accessible mechanism to ensure an unconditional possibility for data subjects to
    108 KB (17,005 words) - 15:39, 18 March 2024
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors
    125 KB (16,328 words) - 16:01, 8 March 2024
  • country or to an international organisation if the third country or international organisation concerned does not or no longer offers an appropriate level
    46 KB (5,825 words) - 11:12, 7 November 2023
  • information directly to them (e.g. in an attachment), linking to the resources on a website, or providing it as an answer to a natural language question
    76 KB (11,304 words) - 08:37, 4 March 2024
  • Adherence to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element
    41 KB (5,187 words) - 12:57, 14 June 2023
  • during the period it takes to respond to an access request. The controller may not delete information to avoid an accurate response. As a matter of transparency
    73 KB (9,896 words) - 15:46, 18 March 2024
  • (abbreviated "AEPD") is the national Data Protection Authority for Spain. The AEPD is an independent public body in charge of enforcing the GDPR in Spain. Its head
    4 KB (386 words) - 15:29, 3 September 2021
  • can be provided in written or electronic form, as an annex to a contract, a hard-copy document or an online multilayered document. To avoid discrepancies
    71 KB (9,532 words) - 13:30, 6 March 2024
  • infringement. Where administrative fines are imposed on an undertaking, an undertaking should be understood to be an undertaking in accordance with Articles 101 and
    55 KB (7,622 words) - 14:04, 7 November 2023
  • the photograph to be stored, as an example. Similarly, if there are no further labour law disputes with an employee, an employer no longer needs to store
    61 KB (8,488 words) - 15:47, 18 March 2024
  • as it is necessary to have an account too in order to access that data. Additionally, the app gives you the option of using an anonymous profile, and the
    44 KB (5,905 words) - 14:00, 24 October 2023
  • intervention to an indefinite number of natural persons. 3. An approved certification mechanism pursuant to Article 42 may be used as an element to demonstrate
    43 KB (4,675 words) - 06:43, 16 June 2023
  • conducted prior to a valid objection remains unaffected (with an ex-nunc effect). In the event of an objection from the data subject, the controller is required
    49 KB (5,993 words) - 06:22, 16 June 2023
  • members who are elected by Parliament for a seven-year term. The authority has an office in Rome with a staff currently numbering about 125 people. The Panel
    7 KB (808 words) - 08:17, 16 February 2023
  • processor to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element
    72 KB (9,140 words) - 13:12, 2 June 2023
  • matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a declaration which constitutes an infringement
    31 KB (3,489 words) - 16:00, 8 March 2024
  • third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred
    47 KB (5,644 words) - 17:49, 5 March 2024
  • breach”, where there is an unlawful or accidental disclosure of, or access to, personal data; an “integrity breach”, where there is an unlawful or accidental
    54 KB (6,536 words) - 08:22, 16 June 2023
  • proportionality plays an important role in determining whether a measure is appropriate. Thus, the cost-effectiveness of a measure can play an important part
    26 KB (2,953 words) - 07:57, 23 May 2023
  • in charge of enforcing GDPR in Belgium. The DPA consists of five bodies and an Executive Committee. The Executive Committee is composed of Director of the
    9 KB (993 words) - 07:10, 28 July 2022
  • the controller; (b) an assessment of the necessity and proportionality of the processing operations in relation to the purposes; (c) an assessment of the
    52 KB (7,297 words) - 08:05, 18 July 2023
  • in Article 4(24) GDPR stipulating that it is an objection to a draft decision as to “whether there is an infringement of this Regulation, or whether envisaged
    35 KB (4,017 words) - 16:04, 18 March 2024
  • not foresee an exception for “minimal violations” and there is no opening clause that would allow national law or case law to create such an exception.
    33 KB (4,215 words) - 09:57, 19 March 2024
  • necessary and appropriate steps with a view to resolving an issue or establishing whether an infringement has been committed and if so under what circumstances
    59 KB (7,678 words) - 15:58, 28 March 2024
  • The first information usually is an acknowledgement of receipt and a notice that the case has been forwarded to an (alleged) lead LSA. Although there
    33 KB (3,641 words) - 09:51, 19 March 2024
  • breach”, where there is an unauthorised or accidental disclosure of, or access to, personal data; an “integrity breach”, where there is an unauthorised or accidental
    37 KB (3,962 words) - 15:20, 16 June 2023
  • the transfer of personal data to a third country or an international organisation in the absence of an adequacy decision and always 'on condition that enforceable
    34 KB (3,646 words) - 08:53, 27 March 2023
  • of the presence of an establishment of the controller or processor in the Member State of which the SA informed it. The existence of an establishment in
    52 KB (7,153 words) - 18:48, 8 January 2024
  • Recital 22: Processing Activities by an Establishment Any processing of personal data in the context of the activities of an establishment of a controller or
    31 KB (3,550 words) - 11:11, 29 November 2023
  • obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing
    31 KB (3,327 words) - 15:31, 5 June 2023
  • officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner. Article
    43 KB (4,904 words) - 12:59, 21 July 2023
  • The Danish Data Protection Authority (Datatilsynet) is the national Data Protection Authority for Denmark. It resides in Copenhagen and is in charge of
    6 KB (605 words) - 14:08, 27 April 2021
  • protection of personal data. It was first established in 1997 and its role as an independent guardian of the protection of personal data in Greece is constitutionally
    24 KB (2,039 words) - 12:17, 29 February 2024
  • The National Supervisory Authority for Personal Data Processing (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal) is the
    3 KB (270 words) - 08:26, 2 April 2021
  • Decisions of the EDPB and Right to an Effective Judicial Remedy Any natural or legal person has the right to bring an action for annulment of decisions
    30 KB (3,874 words) - 10:46, 7 December 2023
  • designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society
    31 KB (4,768 words) - 06:24, 16 June 2023
  • 2018 a party can appeal to the Tribunal for: a) an information notice, b) an assessment notice, c) an enforcement notice, d) a penalty notice and a e)
    18 KB (2,488 words) - 15:22, 14 December 2021
  • of rights may apply, such as the preliminary results of an investigation, a decision opening an inquiry, etc.” Moreover, if special categories of personal
    44 KB (4,896 words) - 06:25, 16 June 2023
  • Article 45 - Transfers on the basis of an adequacy decision 1. A transfer of personal data to a third country or an international organisation may take place
    43 KB (5,641 words) - 14:58, 28 April 2022
  • data can be transferred to a third country or an international organisation without the existence of an adequate level of protection or the implementation
    21 KB (1,831 words) - 08:51, 27 March 2023
  • Recital 22: Processing Activities by an Establishment Any processing of personal data in the context of the activities of an establishment of a controller or
    37 KB (4,635 words) - 13:29, 24 October 2023
  • connection, “an activity cannot be regarded as being purely personal or domestic where its purpose is to make the data collected accessible to an unrestricted
    34 KB (4,652 words) - 12:07, 12 November 2023
  • Commission may not compel an undertaking to provide it with answers which might involve an admission on its part of the existence of an infringement which it
    22 KB (2,042 words) - 14:29, 20 November 2023
  • The Icelandic Data Protection Authority (Persónuvernd) is the national Data Protection Authority for Iceland. It resides in Reykjavík and is in charge
    2 KB (139 words) - 15:11, 1 December 2020
  • officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner. Article
    29 KB (2,951 words) - 14:19, 25 July 2023
  • a third country or an international organisation. Member States should notify such provisions to the Commission. Any transfer to an international humanitarian
    29 KB (3,500 words) - 08:54, 27 March 2023
  • the Commission with an opinion on the certification requirements referred to in Article 43(8); (r) provide the Commission with an opinion on the icons
    27 KB (3,038 words) - 12:19, 11 October 2023
  • particular whether there is an infringement of this Regulation. Recital 143: Action for Annulment of Decisions of the EDPB and Right to an Effective Judicial Remedy
    33 KB (4,185 words) - 16:09, 2 November 2023
  • procedure is whether the "advice" of the DPA is indeed merely an advice, or whether it can be seen as an approval on moving forward with the processing operation
    31 KB (3,646 words) - 08:51, 21 July 2023
  • paragraphs 1 and 2, the Board shall issue an opinion on the matter submitted to it provided that it has not already issued an opinion on the same matter. That opinion
    23 KB (2,079 words) - 16:07, 2 November 2023
  • CNIL was established in 1978 with the law "Informatique et Libertés". It is an independent administrative authority led by a college of 18 members and a
    8 KB (824 words) - 22:52, 27 February 2024
  • they form the Sanctions Board, which imposes the fines set out in the GDPR. An independent Expert Board is also appointed by the government for three-year
    5 KB (492 words) - 18:09, 19 March 2024
  • in particular, the transmission of relevant information on the conduct of an investigation. 3. Requests for assistance shall contain all the necessary
    24 KB (2,181 words) - 11:46, 15 January 2024
  • requires the joint controllers have an arrangement that clearly allocates the roles of each party. This is not an absolute rule. Where the responsibilities
    37 KB (3,915 words) - 12:49, 24 May 2023
  • request an urgent opinion or an urgent binding decision from the EDPB where a CSA has not taken an appropriate measure in a situation where there is an urgent
    20 KB (1,590 words) - 16:11, 2 November 2023
  • activities of an establishment on SA's territory, affects data subjects on its territory, or where processing, by a controller or processor without an establishment
    38 KB (4,589 words) - 16:01, 18 March 2024
  • 'not-for-profit' must be given an autonomous meaning, its interpretation in this context should not be determined by Member State law. Essentially, an NPO must not pursue
    26 KB (2,575 words) - 15:50, 9 November 2023
  • Data Protection Authority (DPA) for Norway, headquartered in Oslo. The DPA is an independent body established in 1980, through the Act No. 48 of 9 June 1978
    10 KB (1,078 words) - 06:40, 26 March 2023
  • is in charge of enforcing GDPR in Slovenia. The Information Commissioner is an autonomous and independent body and it oversees personal data protection and
    10 KB (1,242 words) - 10:51, 6 February 2024
  • of SAs extends to adequacy decisions adopted by the Commission. An SA is not bound by an adequacy decision adopted by the Commission under Article 45 GDPR
    47 KB (5,626 words) - 08:08, 25 October 2023
  • law must be subject to "control by an independent authority." Independent supervisory authorities are also considered an essential component of the right
    27 KB (2,604 words) - 14:24, 16 January 2024
  • the body, including whether it is an internal or external one. For example, an internal body could be in the form of an “ad hoc internal committee”, or another
    30 KB (2,720 words) - 14:02, 28 July 2023
  • this Article which intend to prepare a code of conduct or to amend or extend an existing code shall submit the draft code, amendment or extension to the supervisory
    44 KB (5,008 words) - 14:50, 28 July 2023
  • example, a proportionate exemption will rightfully apply to an artistic photo meant for an exhibition, but not to the data of buyers that the art gallery
    33 KB (3,748 words) - 14:25, 7 November 2023
  • The adherence of the processor to an approved code of conduct or an approved certification mechanism may be used as an element to demonstrate compliance
    13 KB (674 words) - 13:15, 2 June 2023
  • re-organisation of an SA. The provision's aim of establishing an exhaustive list of grounds for the termination of a member's mandate is an attempt to safeguard
    29 KB (2,894 words) - 14:45, 25 October 2023
  • is no need to be represented by a lawyer an the procedure is rather informal and usually does not require an oral hearing. The filing fee is € 35. Applicants
    11 KB (1,468 words) - 13:27, 14 May 2023
  • is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to
    28 KB (3,831 words) - 16:21, 14 March 2024
  • According to Article 6(9) DMA, gatekeepers shall provide an end user and third parties authorised by an end user with effective portability of data provided
    40 KB (5,349 words) - 07:05, 1 June 2023
  • "right to rectification", addresses situations of inaccurate personal data with an additional right of the data subject that has a broader scope, but also requires
    23 KB (2,489 words) - 23:24, 6 March 2024
  • harmonisation, in an attempt to confront a melting pot of legal principles, which are near impossible to fully reconcile. Article 88(1) GDPR acts as an opening clause
    32 KB (3,228 words) - 13:32, 30 November 2023
  • officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner. Article
    23 KB (2,165 words) - 15:10, 27 July 2023
  • personal data relating to him infringes the GDPR, he can submit an application for commencing an administrative procedure for data protection. The application
    7 KB (821 words) - 14:16, 7 March 2024
  • supervisory authority under Articles 57 and 58, certification bodies which have an appropriate level of expertise in relation to data protection shall, after
    22 KB (1,634 words) - 14:40, 28 July 2023
  • Article 71 - Reports 1. The Board shall draw up an annual report regarding the protection of natural persons with regard to processing in the Union and
    15 KB (1,196 words) - 08:15, 19 October 2023
  • or a specified sector within that third country, or an international organisation does not ensure an adequate level of protection, and imperative grounds
    17 KB (1,096 words) - 08:19, 19 October 2023
  • authorised by Union law Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor
    14 KB (716 words) - 15:19, 28 April 2022
  • a controller is processing inaccurate personal data and that this may have an adverse effect on them (e.g. inaccurate bank account details which may lead
    32 KB (3,730 words) - 08:43, 7 March 2024
  • to professional secrecy or an equivalent obligation of confidentiality under Union Law or the Member State Law, or under an obligation issued by the competent
    18 KB (1,599 words) - 12:26, 29 April 2022
  • constitute an appropriate safeguard for international data transfers. BCRs is one of the appropriate safeguards which can be used, in the absence of an adequacy
    29 KB (2,823 words) - 15:15, 28 April 2022
  • The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone
    20 KB (1,854 words) - 16:32, 8 March 2024
  • interpretations include 1) documents generated by an authority in its official capacity and 2) all documents held by an authority. Recital 154 seems to lean towards
    22 KB (2,177 words) - 10:01, 19 March 2024
  • of a misdemeanour procedure, provided that such an application of the rules in those Member States has an equivalent effect to administrative fines imposed
    19 KB (1,477 words) - 14:12, 7 November 2023
  • previously directly engaged with controllers in an "audit" procedure. The DPC now mentions the option to conduct an "inquiry" on their webpage, but highlights
    8 KB (1,034 words) - 14:13, 20 August 2021
  • need for an EU framework to ensure the free flow of personal data within the European common market, the European Commission has proposed an EU Directive
    48 KB (5,978 words) - 15:57, 1 February 2024
  • perform their tasks and exercise their powers with complete independence, is an essential component of the protection of natural persons with regard to the
    34 KB (3,649 words) - 13:19, 30 October 2023
  • in Article 12(8) and Article 43(8) shall be conferred on the Commission for an indeterminate period of time from 24 May 2016. 3.   The delegation of power
    19 KB (1,525 words) - 08:18, 19 October 2023
  • The President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) is the national Data Protection Authority for Poland. It
    3 KB (249 words) - 14:38, 1 December 2020
  • the consistent application of this Regulation, the Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should
    19 KB (1,530 words) - 14:23, 12 October 2023
  • not adopt such rules and is thus subject to the GDPR. As an illustration of this, in June 2020, an administrative court in Slovenia upheld a decision from
    25 KB (2,482 words) - 10:04, 19 March 2024
  • to act under Article 66(1) shall be presumed to be met and require an opinion or an urgent binding decision from the Board pursuant to Article 66(2). Recital
    22 KB (1,915 words) - 13:46, 15 January 2024
  • order to demonstrate compliance with the GDPR. Certification is thus viewed as an accountability framework, promoting both legal compliance and transparency
    27 KB (2,452 words) - 14:26, 28 July 2023
  • is required by the consistency mechanism”. The authority tasked with such an important role is the European Data Protection Board (EDPB). The ultimate
    15 KB (851 words) - 06:55, 29 April 2022
  • 4(25) GDPR, which in turn refers to Article 1(1) of Directive (EU) 2015/1535, an "information society service" (ISS) is any service normally provided for remuneration
    19 KB (1,335 words) - 13:56, 24 October 2023
  • the consistent application of this Regulation, the Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should
    18 KB (1,327 words) - 12:36, 14 December 2023
  • consistency mechanism, the Board should, within a determined period of time, issue an opinion, if a majority of its members so decides or if so requested by any
    22 KB (2,266 words) - 08:26, 17 October 2023
  • in the Union” can be exercised based on a contract concluded with an individual or an organisation, provided that they are established in the Union. The
    25 KB (2,418 words) - 14:11, 24 May 2023
  • third country, a territory or a specified sector within that third country, or an international organisation; standard protection clauses; formats and procedures
    15 KB (810 words) - 16:13, 2 November 2023
  • based on the following factors. Unlike the Commission, the EDPS is itself an independent supervisory authority, has its own financial budget, independent
    20 KB (1,347 words) - 14:21, 17 October 2023
  • as necessary to reconcile the right to the protection of personal data with an obligation of professional secrecy. This is without prejudice to existing
    15 KB (787 words) - 08:17, 19 October 2023
  • not affect this Regulation or any other provisions of Union law and include an appropriate level of protection for the fundamental rights of the data subjects
    13 KB (450 words) - 08:22, 19 October 2023
  • service.’ The CJEU had previously ruled that a service may only be classified as an electronic communication service where it is responsible for the transmission
    20 KB (1,539 words) - 08:21, 19 October 2023
  • disproportionate effort. It must therefore be concluded that the controller has an absolute obligation to record the recipients of personal data, in view of
    19 KB (1,436 words) - 12:35, 12 May 2023
  • the consistent application of this Regulation, the Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should
    20 KB (1,632 words) - 10:01, 11 October 2023
  • Article 59 - Activity reports Each supervisory authority shall draw up an annual report on its activities, which may include a list of types of infringement
    15 KB (718 words) - 15:31, 19 October 2023
  • use of these identifiers can nevertheless be significant. If processed in an unsecured manner, they can notably lead to identity theft. The complexity
    15 KB (660 words) - 09:37, 1 December 2023
  • The Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka) is the national Data Protection Authority for Croatia. It resides in
    2 KB (158 words) - 17:18, 22 October 2023
  • The Commissioner for Personal Data Protection (Επίτροπος Δεδομένων Προσωπικού Χαρακτήρα) is the national Data Protection Authority for Cyprus. It resides
    2 KB (144 words) - 15:13, 1 December 2020
  • The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) is the national Data Protection Authority for Netherlands. It resides in The Hague and
    4 KB (380 words) - 12:08, 1 July 2023
  • the other supervisory authorities, the Chair has also the right to request an opinion of the EDPB on any matter of general application or producing effects
    15 KB (808 words) - 09:44, 17 October 2023
  • supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against
    12 KB (295 words) - 08:25, 19 October 2023
  • The Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) is the national Data Protection Authority for Estonia. It resides in Tallinn and is
    2 KB (154 words) - 14:37, 1 December 2020
  • natural persons with regard to processing of their personal data. The CNPD is an independent public institution, financially and administratively autonomous
    10 KB (1,199 words) - 10:14, 19 October 2022
  • not affect this Regulation or any other provisions of Union law and include an appropriate level of protection for the fundamental rights of the data subjects
    17 KB (1,142 words) - 15:41, 28 April 2022
  • supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against
    17 KB (1,768 words) - 15:41, 18 March 2024
  • You shall have the right to an effective judicial remedy against a Commissioner s decision. More information on how to file an appeal may be found at the
    4 KB (483 words) - 08:17, 12 July 2022
  • supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against
    13 KB (530 words) - 09:40, 3 October 2023
  • Section 24 of the Personal Data Processing Law, an administrative act issued by or actual action of an official of the DVI, may be contested in accordance
    6 KB (544 words) - 04:39, 11 October 2022
  • supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against
    16 KB (778 words) - 08:24, 19 October 2023
  • The Berlin DPA (Berliner Beauftragte für Datenschutz und Informationsfreiheit) is the state Data Protection Authority for the German state of Berlin. It
    2 KB (164 words) - 09:53, 18 May 2022
  • specific law. The DPA follows a two-fold approch in their cases. First, they have an administrative procedure where they investigate the case, including assessing
    5 KB (465 words) - 08:57, 9 January 2024
  • electronic form according to § 14(3) BDSG at bfdi.bund.de (in German). In case of an obviously unjustified complaint or excessive complaints from one complainant
    3 KB (297 words) - 14:49, 1 December 2020
  • Hamburg. The Hamburg DPA is divided into different departments. It offers an organigram here. There is a Data Protection Act of Hamburg (Hamburgisches
    4 KB (363 words) - 22:01, 7 December 2020
  • supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against
    15 KB (943 words) - 09:58, 8 November 2023
  • The Data Protection Office (Valstybinė duomenų apsaugos inspekcija) is the national Data Protection Authority for Lithuania. It resides in Vilnius and
    2 KB (155 words) - 08:58, 17 November 2023
  • the Head of the DPA. This decision can then only be challenged by an action before an administrative court (judicial review - on a question of law). In
    5 KB (441 words) - 09:34, 17 September 2022
  • the Slovak DPA has issued penalties in an amount of 132 600 €. The highest penalty imposed on the controller was an amount of 50 000 € for breaching obligations
    9 KB (1,006 words) - 07:13, 7 July 2021
  • The Portuguese Data Protection Authority (Comissão Nacional de Protecção de Dados) is the national Data Protection Authority for Portugal. It resides in
    5 KB (531 words) - 13:25, 3 May 2023
  • Verlag 2017). Generally, when terms are not defined in Union law, they take on an autonomous meaning, any definitions drawn from national law cannot be relied
    27 KB (2,619 words) - 14:52, 16 November 2023
  • The Catalonian DPA (Autoritat Catalana de Protecció de Dades, in Catalan, or Autoridad Catalana de Protección de Datos, in Spanish) is the regional Data
    3 KB (182 words) - 13:19, 15 September 2021
  • The Baden-Württemberg DPA (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg) is the state Data Protection Authority
    4 KB (275 words) - 11:13, 8 May 2022
  • The Bulgarian Data Protection Authority (Комисия за защита на личните данни) is the national Data Protection Authority for Bulgaria. It resides in Sofia
    2 KB (158 words) - 14:35, 1 December 2020
  • The Bavaria public sector DPA (Bayerischer Landesbeauftragter für den Datenschutz) is the state Data Protection Authority for the public sector for the
    2 KB (169 words) - 15:54, 21 September 2021
  • The Hesse DPA (Hessischer Beauftragter für Datenschutz und Informationsfreiheit) is the state Data Protection Authority for the German state of Hesse.
    2 KB (164 words) - 13:59, 28 June 2022
  • The Rhineland-Palatinate DPA (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz) is the state Data Protection Authority
    2 KB (170 words) - 22:26, 7 December 2020
  • The Saarland DPA (Unabhängiges Datenschutzzentrum Saarland) is the state Data Protection Authority for the German state of Saarland. It is charge of enforcing
    2 KB (160 words) - 14:50, 1 December 2020
  • The Saxony DPA (Sächsische Datenschutzbeauftragte) is the state Data Protection Authority for the German state of Saxony. It is in charge of enforcing
    2 KB (160 words) - 22:28, 7 December 2020
  • district administration court (Verwaltungsgericht) in Düsseldorf. Regularly an appeal against the courts decision is possible at the Superior Administrative
    4 KB (372 words) - 10:45, 22 September 2021
  • The Bremen DPA (Landesbeauftragte für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen) is the state Data Protection Authority for the
    2 KB (167 words) - 22:24, 7 December 2020
  • The Saxony-Anhalt DPA (Landesbeauftragter für den Datenschutz Sachsen-Anhalt) is the state Data Protection Authority for the German state of Saxony-Anhalt
    2 KB (167 words) - 22:23, 7 December 2020
  • The Mecklenburg-Vorpommern DPA (Landesbeauftragte für den Datenschutz Mecklenburg-Vorpommern) is the state Data Protection Authority for the German state
    2 KB (167 words) - 22:25, 7 December 2020
  • The State Data Protection Inspectorate (Datenschutzstelle) is the national Data Protection Authority for Liechtenstein. It resides in Vaduz and is in charge
    2 KB (153 words) - 10:31, 10 December 2020
  • The Bavaria DPA (Bayerisches Landesamt für Datenschutzaufsicht) is the state Data Protection Authority for the German state of Bavaria. It is in charge
    2 KB (174 words) - 13:49, 23 December 2021
  • The Brandenburg DPA (Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht) is the state Data Protection Authority for the German state
    2 KB (168 words) - 22:22, 7 December 2020
  • The Schleswig-Holstein DPA (Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein) is the state Data Protection Authority for the German state
    2 KB (167 words) - 22:29, 7 December 2020
  • The Thuringia DPA (Thüringer Landesbeauftragte für den Datenschutz und die Informationsfreiheit) is the state Data Protection Authority for the German
    2 KB (165 words) - 14:54, 1 December 2020
  • The Basque DPA (DBEB, Datuak Babesteko Euskal Bulegoa, in Basque or AVPD, Agencia Vasca de Protección de Datos, in Spanish) is the regional Data Protection
    3 KB (195 words) - 13:21, 15 September 2021
  • The Ålandic DPA (Datainspektionen på Åland, in Swedish) is the regional Data Protection Authority for Finland's autonomous region of Åland. It is in charge
    3 KB (209 words) - 14:42, 30 November 2021
  • The Andalusian DPA (Consejo de Transparencia y Protección de Datos de Andalucía) is the regional Data Protection Authority for the Spanish autonomous region
    3 KB (211 words) - 09:58, 18 June 2021
  • supervisory authority Article 78: Right to an effective judicial remedy against a supervisory authority Article 79: Right to an effective judicial remedy against
    29 KB (3,695 words) - 13:44, 21 March 2024
  • own motion. They provide an overview of their policy to ex officio supervision on their webpage. In addition they provide an overview over which sectors
    4 KB (356 words) - 11:51, 20 October 2022
  • regards to assessing safeguards whether the presence of an ombudsperson can ensure that the US provides an effective remedy to data subjects whether the SCCs
    12 KB (1,780 words) - 17:22, 10 March 2022
  • The adherence of the processor to an approved code of conduct or an approved certification mechanism may be used as an element to demonstrate compliance
    182 KB (24,065 words) - 13:40, 9 July 2021
  • advising the Commission. Article 71 GDPR states that the EDPB must draw up an annual report regarding the protection of natural persons with regard to data
    2 KB (207 words) - 14:56, 7 December 2023
  • on European Union, where an interpretation of the Treaties is not comprehensible and must thus be considered arbitrary from an objective perspective. If
    18 KB (1,831 words) - 13:49, 3 November 2022
  • Planet49 organized an online lottery hosted on their webpage. In order to participate in the lottery the participant had to enter a name and an address. Underneath
    6 KB (893 words) - 15:22, 24 March 2022
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors
    108 KB (17,097 words) - 13:52, 12 May 2023
  • The CJEU held that an Internet search engine operator is considered the controller (Article 2(d) Directive 95/46) in respect of the processing (within
    16 KB (2,423 words) - 13:03, 1 June 2023
  • 28 February 2022, the data subject filed an access request. Example: Not On 28.02.2022, the data subject filed an access request. Example: Not On February
    17 KB (2,510 words) - 13:56, 24 April 2023
  • activities of an establishment of the controller on the territory of the Member State. It stated this notion of 'in the context of the activities of an establishment'
    13 KB (1,888 words) - 13:07, 1 June 2023
  • of such assumed political opinions of him. Therefore, the claimant brought an action for non-material damages before the Regional Court for Civil Law Matters
    5 KB (683 words) - 12:50, 28 June 2023
  • submitted by a candidate at a professional examination and any comments made by an examiner with respect to those answers constitute personal data. The claimant
    6 KB (766 words) - 21:17, 5 March 2024
  • Directive 96/45 is defined as information relating to an identified or an identifiable natural person. Also, an identifiable person is one who can be identified
    9 KB (1,113 words) - 13:10, 1 June 2023
  • Compliance with an approved code of conduct referred to in Article 40 or an approved certification mechanism referred to in Article 42 may be used as an element
    48 KB (7,442 words) - 10:24, 12 September 2022
  • further considers that a company, an autonomous legal person, of the same group as the controller, can constitute an establishment of the controller within
    93 KB (14,936 words) - 17:09, 6 December 2023
  • consuming compared to accepting. An “opt-out” solution would not meet the requirements for a valid consent, as it would not be an “unambiguous indication of
    18 KB (2,375 words) - 16:17, 6 December 2023
  • concept of an undertaking, as defined in Articles 101 and 102 TFEU, and the principle of an economic entity, with the result that proceedings for an administrative
    7 KB (936 words) - 16:39, 12 December 2023
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors
    51 KB (8,592 words) - 07:03, 2 November 2021
  • from a job applicant what data an employer requests from an employee under which conditions it is permissible to process an employee's personal data on the
    9 KB (1,215 words) - 16:58, 18 May 2021
  • complying with an Instruction; (b) an Instruction does not comply with European Data Protection Law; or (c) Google is otherwise unable to comply with an Instruction
    117 KB (18,075 words) - 10:19, 12 September 2022
  • too high, an impact assessment. Additionally, the DPA issued a warning that the use of G Suite’s supplementary programs without carrying out an impact assessment
    75 KB (11,733 words) - 16:33, 21 August 2022
  • Was this an appeal? Choose yes, if this case was an appeal from a lower court or from any other decision. Original Decision Details: If this was an appeal
    17 KB (2,638 words) - 11:18, 19 February 2024
  • in itself sufficient to achieve an acceptable level of protection in the context of data transfers to the US and that an analysis of the national provisions
    113 KB (12,773 words) - 15:20, 6 December 2023
  • Ch D165). However, the Minors’ Contracts Act 1987 states that an 18 year old can ratify an unenforceable contract entered into when they were under 18 years
    14 KB (2,011 words) - 15:42, 25 November 2020
  • administrative procedure, but can be appealed to the courts. Personvernnemnda is an independent administrative body subordinated to the Norwegian Ministry of
    5 KB (427 words) - 15:48, 24 January 2022
  • of the data subject's age that a refusal to disclose to an injured party personal data is not an appropriate measure when these data are necessary to initiate
    5 KB (749 words) - 12:58, 1 June 2023
  • Protection Authority handles complaints filed with them. An appeal can be brought to Personvernnemda, an independent administrative body following § 15 of the
    8 KB (1,064 words) - 12:53, 23 June 2023
  • the controller relies on an overall bundled consent to anything contained in the terms and the privacy policy. This represents an “all-or nothing” approach
    53 KB (8,413 words) - 14:10, 30 January 2023
  • Information relating to legal proceedings brought against an individual and information relating to an ensuing conviction are data relating to ‘offences’ and
    4 KB (438 words) - 14:23, 11 August 2022
  • already an unlawful transfer of personal data to the USA and thus to a third country. Irrespective of the geographical storage of the data, there is an accessibility
    62 KB (10,113 words) - 12:48, 17 August 2022
  • carried out an initial phase of analysis of the security flaw, which led to an action plan to be implemented from June 2018. She also indicated that an initial
    41 KB (6,558 words) - 17:09, 6 December 2023
  • concerns a complaint from an X AS against the Data Inspectorate's decision of 14 July 2021, where the inspectorate charged the company an infringement fee of
    31 KB (5,018 words) - 18:44, 5 March 2022
  • citizen through his electronic identity card in the context of an IT application, must also an alternative that the use of the electronic identity card does
    60 KB (9,144 words) - 16:17, 22 March 2022
  • stated by the CJEU that in the context of the examination of an abuse of a dominant position by an undertaking on a particular market, it may be necessary for
    8 KB (1,231 words) - 08:22, 6 July 2023
  • consumer in an alternative relationship to the button "Accept all". Thus, the wording "Change settings" does not contain an unambiguous reference to an alternative
    66 KB (9,990 words) - 12:30, 29 January 2024
  • assessments on the website provide an e-mail address to the Medical List. This is not sensitive personal information. An email address in itself is not sensitive
    144 KB (23,058 words) - 18:48, 5 March 2022
  • October 2020 (Annex K11, file, p. 421), the plaintiff received an answer from a landlord to an enquiry about a flat, stating that they could not rent him a
    51 KB (8,215 words) - 09:55, 13 May 2022
  • in itself sufficient to achieve an acceptable level of protection in the context of data transfers to the US and that an analysis of the national provisions
    131 KB (14,752 words) - 08:36, 5 July 2023
  • information about categories of recipients is sufficient. A data subject sent an access request to the Austrian Post (the controller) to obtain information
    8 KB (992 words) - 17:03, 4 February 2023
  • personal information, for example as a customer to a supplier or as an employee or jobseeker to an employer. In a case like this, the criterion provides less guidance
    46 KB (7,024 words) - 06:18, 6 March 2022
  • identification of an interested party that is published in an official newspaper with the information that is recorded in the FIJ, constitutes in turn an infringement
    602 KB (102,229 words) - 14:21, 13 December 2023
  • July 29, 2022, an explanation of what measures the data protection officer has taken as a result of the decision, unless it applies for an amendment to this
    49 KB (7,496 words) - 14:44, 24 January 2024
  • indirectly, in particular by reference to an identifier such as a name, an identification number, a location data, an on-line identification or one or more
    79 KB (12,652 words) - 09:41, 10 September 2021
  • directly or indirectly specifically identified referring to an identifier such as a name, an identification number, a location data or online identifiers
    121 KB (13,722 words) - 15:16, 5 July 2023
  • GDPR constitutes an instrument for the exercise of public rights, whereas the legal action provided for in Article 79 GDPR constitutes an instrument for
    9 KB (1,308 words) - 12:54, 28 June 2023
  • Constitutional Court, in Judgements 292/2000 and 254/1993, confirmed it as an autonomous right, independent of the rights to intimacy [privacy], honour
    15 KB (1,875 words) - 16:18, 13 July 2022
  • in itself sufficient to achieve an acceptable level of protection in the context of data transfers to the US and that an analysis of the national provisions
    115 KB (12,842 words) - 08:38, 5 July 2023
  • the City of Helsinki's Social services and healthcare division. As a part of an application process to volunteer as a support person for children and youth
    41 KB (6,555 words) - 08:37, 4 March 2024
  • not limited by recital 63 GDPR. Article 12(5), 15(1) and 15(3) GDPR impose an obligation on a controller to provide the data subject, free of charge, with
    10 KB (1,478 words) - 11:17, 2 November 2023
  • a general provision opening up for processing personal data that represent an important public interest based on a balancing of interest with the fundamental
    7 KB (793 words) - 14:08, 1 October 2021
  • investigation. As this is an international issue with complainants residing in various Member States, the Belgian DPA provides an interlocutory decision on
    19 KB (2,707 words) - 16:50, 12 December 2023
  • Court pointed out there is no docuiment showing that the applicant submitted an inspection request of the procedural files at stake. Then, the Court clarified
    14 KB (2,154 words) - 16:27, 10 March 2022
  • assessed by national courts. Such an interpretation is capable of ensuring the protection of personal data and the right to an effective judicial remedy against
    13 KB (1,963 words) - 11:04, 5 January 2024
  • interface of the website. On the 23 September 2019, the controller learned that an ethical hacker managed to get access to the test database which contained
    49 KB (7,800 words) - 09:22, 5 January 2024
  • 24th February 2023 (Numero protocollo: 0033835) opened an investigation concerning ChatGPT, an AI service offered by the American company OpenAI. The investigation
    14 KB (2,049 words) - 07:46, 1 August 2023
  • The data subject made an access request (DSAR) to Wise Payments Limited ("Wise"), a financial institution with which he had an account. Wise declined
    9 KB (1,191 words) - 08:44, 23 January 2024
  • 95/46 which is defined as any information relating to an identified or identifiable natural person, an identified person being one who can be identified directly
    6 KB (580 words) - 13:05, 1 June 2023
  • Administrative Court (BVwG): "This does not include provisions totalling EUR 18m for an administrative fine imposed on Austrian Post by the Austrian Data Protection
    8 KB (611 words) - 16:12, 6 December 2023
  • data, and repealing Directive 95/46/EC (General Data Protection Regulation). An English translation is available here. There are no provisions in the national
    16 KB (2,260 words) - 19:26, 30 November 2021
  • determining the conclusion of an employment agreement or for the execution of that agreement. There are provisions about the validity of an employee's consent, the
    10 KB (1,037 words) - 14:52, 10 July 2020
  • translation of the documents provided by the parties. On the 4th of February, an inspection report (of 13th July, 2020) was provided to the parties in French
    8 KB (1,156 words) - 16:56, 12 December 2023
  • subjects UF and AB underwent insolvency proceeding in Germany and were granted an early discharge from remaining debts by court decisions of 17 December 2020
    15 KB (2,180 words) - 08:23, 13 December 2023
  • its usual meaning, indicates a “faithful reproduction or transcription of an original” in opposition to a “purely general description” of data. The true
    3 KB (417 words) - 15:20, 8 May 2023
  • Asked whether an assessment of the health status of the BF had taken place, the MP stated that when an insurance contract was taken out, an assessment of
    48 KB (7,816 words) - 11:04, 29 July 2022
  • committed an infringement of Article 83(4)-(6) GDPR. On 24 March 2020, the Lithuanian Minister of Health approved the development and implementation of an IT
    9 KB (1,234 words) - 12:48, 25 January 2024
  • The APD/GBA (the Belgian DPA) found that a hospital that requested an audit by an external expert was the controller for the audit-related processing activity
    7 KB (890 words) - 16:58, 12 December 2023
  • the vicarious liability of an employer for misuse of private information by an employee and for breach of confidence by an employee has not been excluded
    87 KB (14,773 words) - 09:28, 1 March 2022
  • Administration Act states: When it is stipulated in law that an administrative sanction may be imposed on an enterprise, the sanction can be imposed even if no individual
    40 KB (5,943 words) - 18:54, 5 March 2022
  • representatives do so for it. An administrative offence, however, is an unlawful and reproachable act that constitutes an offence under a law that allows
    36 KB (5,810 words) - 13:09, 21 January 2022
  • learned this (following an access request under Article 15 GDPR), he filed a lawsuit against the defendant. He requested (i) an injunction that the defendant
    27 KB (4,090 words) - 09:54, 10 September 2021
  • complaint about the Data Inspectorate's imposition of an infringement fee of NOK 400,000 for having monitored an employee's e-mail box without a legal basis, cf
    25 KB (4,046 words) - 18:37, 5 March 2022
  • for reporting on persons shifts from an interest that focuses on the crime and the perpetrator to an interest in an analysis of the prerequisites and consequences
    133 KB (21,944 words) - 15:59, 22 March 2022
  • which are not obvious to an average visitor to the evaluation portal. In particular, the defendant does not establish such an obviousness by identifying
    121 KB (20,412 words) - 15:58, 10 March 2022
  • indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special
    32 KB (5,093 words) - 16:07, 11 September 2022
  • principle i Article 108 § 1 of the Act requires be maintained where an applicant brings an action before the Market Court which, as a result rights (may) have
    25 KB (3,812 words) - 10:03, 20 August 2021
  • (basic customers) were used on the site as an advertising platform for paying doctors (premium customers) in an inadmissible manner, partly due to functions
    143 KB (24,273 words) - 15:59, 10 March 2022
  • used for the imposition of an administrative fine. AP disagrees. The two reported data breaches only prompted the AP to launch an investigation into OLVG's
    67 KB (11,415 words) - 17:15, 12 December 2023
  • as joint controllers.-The complainant provides an overview of the provisions on which, according to him, an infringement has been committed. He also requests:1
    48 KB (7,926 words) - 16:56, 12 December 2023
  • in the form of [...]. On [...] November 2018. The Company received an e-mail from an unknown person informing about the theft of the Company's customer
    71 KB (11,304 words) - 10:01, 17 November 2023
  • was an "isolated incident", which took place relatively shortly after "a new and very complex law was introduced" and that the rules concerning an employer's
    7 KB (802 words) - 18:53, 17 May 2022
  • service, I sent an election advertisement for the defendant, in order to to avoid using his professional messaging in his capacity as an MPP. [...] And
    35 KB (5,853 words) - 16:58, 12 December 2023
  • strictly necessary for the provision of an online communication service at the express request of the data subject. If an identifier had more than one purpose
    82 KB (13,463 words) - 17:03, 6 December 2023
  • National Tax Number (NIF) of an alleged neighbour, in order to contact this third party for purposes of checking the boundaries of an allegedly adjacent land
    6 KB (657 words) - 10:02, 6 October 2021
  • the service (for example through a website, an application, an account with identifier, the interface of an IoT device or by email), it is obvious that
    113 KB (17,325 words) - 08:50, 19 March 2024
  • the Data Protection Commissioner has requested an explanation from Verkkokauppa.com Oyj in the case with an explanation request dated 13 April 2021. The
    77 KB (12,352 words) - 11:37, 27 March 2024
  • dismissed. 32 a) With an undated letter from February 2017 and an attached addendum to the insurance certificate, the defendant had declared an increase in the
    24 KB (3,847 words) - 15:19, 11 September 2022
  • the CNPD received several complaints and immediately started an investigation and issued an order to suspend the sending of personal data from the census
    163 KB (27,222 words) - 16:54, 6 December 2023
  • access is understood to be an independent claim. In LAG Hessen 9 Sa 1431/19, the Court stated that "Nor is the applicant's action an abuse of rights. The right
    17 KB (2,758 words) - 14:10, 15 December 2021
  • (simple administrative appeal, otherwise known as an application for judicial review). remedy). This is an 'informal' administrative remedy as opposed to
    14 KB (2,181 words) - 11:27, 13 September 2023
  • systematic is not such as to guarantee an appropriate involvement of the DPO, nor to establish his position in as an interlocutor within the organization
    66 KB (9,458 words) - 19:42, 4 September 2021
  • Office of the Data Protection Commissioner has requested an explanation from the clinic with an explanation request dated August 25, 2020. The deadline
    52 KB (7,936 words) - 22:32, 2 March 2024
  • com/abstract=3319284. 10, i. An end user requests a web page; ii. The publisher's ad server on the web page selects an SSP; iii. The SSP then selects an Ad exchange; iv
    429 KB (58,279 words) - 09:12, 2 November 2022
  • appear when creating an account under each of the privacy settings. In addition, an email message is sent to users when they create an account stating that:
    90 KB (14,556 words) - 17:08, 6 December 2023
  • as to the reliability of the AOD in the case - who, after all, is an entity with an interest in not disclosing the fact of the breach committed by its
    66 KB (10,785 words) - 10:00, 17 November 2023
  • Chamber emphasises that the purpose of imposing an administrative fine is not to only to put an end to an offence committed but, above all, to ensure effective
    131 KB (22,429 words) - 16:57, 12 December 2023
  • are monitored by an independent body. Art. 47 Charter of Fundamental Rights of the European Union – Right to an effective remedy and an impartial court
    158 KB (26,392 words) - 08:25, 7 June 2023
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors
    29 KB (4,557 words) - 15:33, 6 December 2023
  • Article 83 of the RGPD that an administrative fine of EUR 500 000, an injunction accompanied by a periodic penalty payment and an additional publication penalty
    62 KB (10,001 words) - 17:09, 6 December 2023
  • that it should have, the plaintiff filed an appeal with the court on February 21, 2020. The plaintiff also wants an assessment of the decision in which the
    25 KB (3,954 words) - 13:39, 16 November 2020
  • The parent's request was rejected and they had to provide the school with an additional form underlining the fact that their son was not Orthodox Christian
    12 KB (1,464 words) - 15:37, 6 December 2023
  • The Spanish DPA fined an individual 10,000€ for publishing personal data of a third person without their consent on an online blog. A data subject filed
    22 KB (3,319 words) - 13:00, 13 December 2023
  • necessarily understand that they are seeing an ad or how an ad has been targeted towards them. • There is also an assessment of the impact on human rights
    99 KB (14,431 words) - 16:20, 6 December 2023
  • 2021, it appears that «[…]». The company is now planning an IPO in 2022. The audit points out that an IPO of a company means that the public has a clear interest
    36 KB (5,859 words) - 06:40, 6 July 2022
  • Article 22(1) GDPR. In particular, it asked whether an automated creation of a credit score value constitutes an automated decision within the meaning of this
    52 KB (8,534 words) - 12:58, 15 December 2021
  • luz Energía (SIE) to via an SMS. 2nd. There is certification of the digital signature of the supply contract by sending of an SMS with SIE, on July 14
    32 KB (4,952 words) - 13:11, 13 December 2023
  • therein do not allow an individual to challenge in court the election procedure of the head of a DPA. This judgement stemmed from an appeal against a decision
    14 KB (1,999 words) - 14:20, 18 July 2023
  • its holder. When an advantage or service is offered to a citizen by means of his identity card as part of a computer application, an alternative that does
    20 KB (3,137 words) - 16:51, 12 December 2023
  • Regulation as follows: "Any information about an identified or identifiable natural person (" the data subject "); an identifiable natural person is a person
    26 KB (4,150 words) - 16:14, 6 December 2023
  • Article 83(5) GDPR provides that an infringer may be subject to an “administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of
    29 KB (4,384 words) - 16:00, 6 December 2023
  • storage of the ID. Consent is also not valid if data subjects must complete an additional form setting out that refusal. Orange  România SA is a  provider 
    8 KB (1,074 words) - 13:50, 11 August 2022
  • a delivery address is an absolute necessity for the delivery of goods to the customers. Thus, Intervare does not detect whether an address is secret, as
    24 KB (3,365 words) - 16:37, 6 December 2023
  • property is Ms. A.A.A. with an e-mail address for notification purposes ***EMAIL.1 and the tenants are Mr. B.B.B. and Ms. C.C.C., with an e-mail address for notification
    39 KB (6,623 words) - 14:08, 13 December 2023
  • restricted committee of the Commission impose an administrative fine on the two companies, as well as an injunction to bring into compliance the processing
    120 KB (19,650 words) - 09:00, 6 April 2022
  • personal data passed on to an uninvolved and unauthorized third party. This will make the Plaintiff exposed and there is also an indirect threat of potential
    27 KB (4,216 words) - 13:26, 8 January 2024
  • about the health of an employee of such service, when those data are required for determining that employee's working capacity. Allowing an exception to the
    14 KB (1,916 words) - 16:03, 2 February 2024
  • person, to an indeterminate number of individuals sicas 3. An approved certification mechanism may be used in accordance with article 42 as an element that
    270 KB (43,335 words) - 12:39, 13 December 2023
  • section 25 of the Data Protection Act (1050/2018), an appeal against this decision may be lodged with an administrative court in accordance with the provisions
    43 KB (6,677 words) - 08:47, 27 January 2022
  • The HDPA of Greece examined the complaint of an employee of the Hellenic Electricity Distribution Network Operator S.A. against the latter regarding a
    9 KB (1,089 words) - 15:35, 6 December 2023
  • ordered CARREFOUR BANQUE to pay an administrative fine of €800000. Insofar as the company took the necessary measures to put an end to the breaches of which
    48 KB (7,404 words) - 17:09, 6 December 2023
  • complaint under Article 77 GDPR. A data subject made an access request with an address publisher and direct marketing company, the controller, asking it specifically
    47 KB (7,519 words) - 09:28, 13 February 2024
  • breach is an objective fact that does not coincide with the controller’s lack of appropriate security measures – i.e. the mere GDPR infringement. An annoyance
    39 KB (6,362 words) - 14:01, 22 June 2023
  • to process sensitive personal data When you leave an assessment on Legelisten.no, you must provide an e-mail address. For many, the email address contains
    16 KB (2,111 words) - 06:21, 6 March 2022
  • The Rotterdam Court of First Instance rejected an access request to procedural files before the State of the Netherlands as inadmissible. The Court ruled
    15 KB (2,504 words) - 16:27, 10 March 2022
  • Oy, a company that keeps a credit information register. This register gives an overview of the creditworthiness of debtors, whose debts are shown in the
    43 KB (6,671 words) - 08:49, 27 January 2022
  • by default (Article 25(2) GDPR). The DPA suggested that if an insurance company requests an individual's health information from healthcare services, the
    73 KB (11,237 words) - 05:34, 21 July 2022
  • context, the one in which an interested party can issue the required declaration by filling in an electronic form, sending an email, uploading a scanned
    422 KB (70,184 words) - 13:56, 13 December 2023
  • resolution may be considered as an infraction. administrative action in accordance with the provisions of the RGPD, classified as an infraction in its article
    22 KB (3,303 words) - 13:28, 13 December 2023
  • indirectly, in particular by means of an identifier, such as example a name, an identification number, location data, an online identifier or one or more elements
    66 KB (10,558 words) - 13:14, 13 December 2023
  • recipient, and revoked), by the exporter or by an entity trusted by the exporter under a jurisdiction offering an essentially equivalent level of protection
    30 KB (4,708 words) - 16:56, 6 December 2023
  • An employee had submitted a complaint to the Greek Data Protection Authority about the video surveillance in the store in which she had worked. The Greek
    6 KB (719 words) - 15:36, 6 December 2023
  • not support as an interpretation that the legislator intended to extend the concept of "insured party" to apply also to the applicant an insurance before
    41 KB (6,133 words) - 10:29, 25 March 2024
  • Supervisory Authority, “an agreement whereby a minor user consents to the processing of his or her personal data in connection with the use of an information society
    17 KB (2,519 words) - 15:55, 6 December 2023
  • validation for an email that did not belong to the data subject. The AEPD pointed out a violation of Article 6(1) GDPR by processing data without an adequate
    45 KB (7,135 words) - 13:08, 13 December 2023
  • the claimant). The claimant states that, on January 3, 2019, he submitted an e-mail requesting the cancellation of the inclusion of his data in the Asnef
    26 KB (4,231 words) - 14:44, 13 December 2023
  • Authority first.C/ES/3409/13-05-2019 complaint by A concerning receipt of an unclaimed communication policy (e-mail message) to promote the candidacy of
    14 KB (2,070 words) - 15:38, 6 December 2023
  • data as follows: «Any information about an identified or identifiable natural person (« the registered »); An identifiable natural person is a person who
    49 KB (7,646 words) - 07:56, 7 March 2022
  • Letter b) GDPR to. The provision only lists the frequent repetition as an example of an "excessive" application on. However, the use of the word "in particular"
    40 KB (6,325 words) - 16:12, 18 May 2022
  • ​​constitutional protection of telecommunications includes, alongside an objective dimension, an indispensable subjective dimension, Thus, it is important to consider
    233 KB (37,080 words) - 20:01, 31 March 2021
  • on final convictions in the credit information register Thing Correction of an error in the credit information register and entry of default information
    42 KB (6,579 words) - 08:46, 27 January 2022
  • to which the vacancy notice for a vacancy for an official position, including a managerial position for an official, and for the recruitment of candidates
    58 KB (9,357 words) - 10:02, 17 November 2023
  • because of an unresolved data breach, which allowed unauthorised users to access citizens' personal data via URL manipulation. On 20 June 2023, an individual
    9 KB (1,211 words) - 20:32, 8 January 2024
  • a copy of the image of an email as an example. They also declare that the employees have a consultation portal, providing as an example impression of a
    79 KB (12,408 words) - 13:24, 13 December 2023
  • and 418 ZPO. A is neither an official document on declarations within the meaning of § 415 ZPO nor an official document on an official order, disposition
    112 KB (19,310 words) - 08:08, 23 June 2022
  • which had to be taken into account as an aggravating factor. The intensity of the intervention, which had also covered an unlimited number of passers-by and
    92 KB (15,435 words) - 16:00, 22 March 2022
  • construction of an office building. During the project, workers who carried out activities at the construction site registered their presence through an electronic
    9 KB (1,372 words) - 10:12, 7 June 2023
  • identifier was strictly necessary for the provision of an online communication service at the user's request. If an identifier had multiple purposes, the provider
    73 KB (11,864 words) - 17:03, 6 December 2023
  • (article 100.1, 5 ° LCA) and an order of compliance detailed below (article 100.1, 9 ° LCA) accompanied by an administrative fine in an amount of 15,000 euros
    127 KB (21,484 words) - 17:01, 12 December 2023
  • fixed phone of his office so that, in the event of an inconvenience, the recipient could request an exemption from a possible subsequent shipment. 5) Some
    14 KB (2,127 words) - 15:37, 6 December 2023
  • electoral census for delivery to political parties (date 06/03/2019).On 17/05/2019 an envelope with a miniature name and address, with the letterhead of the PSC
    26 KB (4,032 words) - 14:31, 13 December 2023
  • health data. Following the report made by a website, the CNIL carried out an online check in September 2019. On this occasion, the Commission found that
    26 KB (4,050 words) - 17:10, 6 December 2023
  • for months, especially considering that he was the subject of an Interpol Red Notice and an intensified search. The main reason for the principle of the
    61 KB (9,876 words) - 21:38, 24 March 2024
  • this body may be considered as an administrative offense in accordance with the provisions of the GDPR, classified as an infraction in its article 83.5
    74 KB (11,726 words) - 13:02, 13 December 2023
  • of an illegal act will require the prior duty of information, which may be understood to have been fulfilled when the placed in a visible place an informative
    75 KB (12,421 words) - 13:23, 13 December 2023
  • that it had submitted an request for erasure (Article 17 GDPR), but had never received an answer form the controller. The DPA started an investigation following
    11 KB (1,452 words) - 17:03, 6 December 2023
  • sentiment. b. Existence of an effective objection 35. Finally, it must be checked whether the respondent had to take into account an objection by the complainant
    31 KB (4,648 words) - 13:56, 12 May 2023
  • July 29, 2022, an explanation of what measures the data protection officer has taken as a result of the decision, unless it applies for an amendment to this
    60 KB (9,117 words) - 14:46, 24 January 2024
  • The events described above imply an impact on the content of the article 13 RGPD, lacking informative sign(s) with an effective address to the that, where
    22 KB (3,257 words) - 13:28, 13 December 2023
  • data with AFS. The DPA opened an investigation regarding the controller. In the procedure, the controller stated that it had an agreement with AFS for the
    6 KB (694 words) - 14:25, 20 January 2024
  • An association that disclosed personal data of one of its members in a Whatsapp group was fined €3,000 for violating Articles 5(1)(f) and 32 GDPR. The
    22 KB (3,386 words) - 16:05, 13 December 2023
  • result information that is accompanied by an objectively perceptible factual error and which therefore gives an incorrect, incomplete or misleading picture
    26 KB (4,072 words) - 12:18, 27 March 2024
  • they are the owner of the property being, therefore, an area of public access, which constitutes an access not authorized to said data. This document was
    34 KB (5,184 words) - 13:22, 13 December 2023
  • on ...2019 at ...2019 and time ... an automated telephone call from the number ..., to which he answered and heard an audio message that he had won 850
    54 KB (8,916 words) - 15:22, 22 February 2022
  • The CJEU held that the mandatory disclosure, in the context of an online transparency publication, of personal information concerning a public officer
    6 KB (522 words) - 13:15, 1 June 2023
  • €150,000 for sending unsolicited advertising messages, for not responding to an access request and for not facilitating the objection to processing of personal
    6 KB (634 words) - 17:48, 17 July 2023
  • not support as an interpretation that the legislator intended to extend the concept of "insured party" to apply also to the applicant of an insurance before
    22 KB (3,290 words) - 10:29, 25 March 2024
  • process, provided in particular as an ordinary way of dealing with the oral hearing of cases from May 30 to July 31, as an alternative to the purely paper-based
    16 KB (2,492 words) - 15:59, 6 December 2023
  • controller to reply to a data subject's request to delete personal data, to an objection of processing of data for marketing purposes, transfer to third
    20 KB (3,078 words) - 13:05, 13 December 2023
  • golf company AE’ (hereinafter ‘Glyfada GAAR’) which includes an event with the complainant and an employee of the company.This request was repeated on...,
    19 KB (3,034 words) - 15:33, 6 December 2023
  • and that the term remains an autonomous concept of EU law. That means that it is not decisive if an offence is classified as an administrative offence in
    12 KB (1,792 words) - 18:13, 1 February 2023
  • certificate issued for ISO 27001 Certification (reflecting the result of an audit by an external auditor)." C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd
    44 KB (6,642 words) - 10:34, 13 December 2023
  • provide for an observation period of at least five years with regard to the estimation of risk parameters. In contrast, data subjects have an interest in
    39 KB (6,244 words) - 09:40, 10 September 2021
  • La Salud) hired Electromedical and Information Services (ASEI) to carry out an internal investigation to assess whether the access to the data subject's
    62 KB (9,703 words) - 13:05, 13 December 2023
  • circumstances. The Belgian DPA brought an action before Court of First Instance of Brussels, Belgium on 11 September 2015, seeking an injunction against Facebook
    10 KB (1,311 words) - 15:26, 13 June 2023
  • controller's premises. The controller argued that the DPA should have requested an explanation from the other company as well, because the data subject was not
    22 KB (3,193 words) - 10:34, 29 February 2024
  • Regulation as any form of information about an identified or identifiable natural person (“the data subject”). An identifiable natural person means a natural
    65 KB (9,767 words) - 16:22, 6 December 2023
  • the case to the access to written answers of an exam already decided by previous judgements. Therefore an access to the driving test videos may have the
    20 KB (3,087 words) - 13:30, 13 December 2023
  • security.In addition, you are told that 401 GSNA is an Organic Formation of the General Staff, subject to an administrative management relationship and as a
    29 KB (4,578 words) - 15:35, 6 December 2023
  • a credit score is a decision for the purposes of Article 22(1) GDPR, where an action taken by a third party ‘draws strongly’ from it. A data subject was
    6 KB (783 words) - 16:05, 12 December 2023
  • 000. Share your comments here! Share blogs or news articles here! This is an available machine translated decision. Please refer to the Greek original
    12 KB (1,773 words) - 15:33, 6 December 2023
  • violation of Article 5 GDPR to be restored, as well as of its authority to impose an administrative fine that amounted to 8,000 EUR. The complainants claimed that
    20 KB (2,519 words) - 15:36, 6 December 2023
  • organization may be considered as an administrative offense in accordance with the provisions of the RGPD, classified as an infraction in its articles 83.5
    35 KB (5,475 words) - 13:21, 13 December 2023
  • challenge” died. The “blackout challenge” is an internet phenomenon in which participants film themselves in an autoerotic asphyxiation. This practice is
    9 KB (1,280 words) - 15:53, 6 December 2023
  • the principle of accountability. Moreover, the processing was conducted in an opaque way with regard to both its general policy and dealing with the data
    12 KB (1,733 words) - 15:34, 6 December 2023
  • mobile app on her phone, without informing employees or customers. Following an appeal, the Norwegian Privacy Appeals Board upheld the DPA's decision. A trade
    7 KB (801 words) - 06:28, 6 March 2022
  • processing activities. The board rejected the request. Eventually, the DPA brought an appeal before the Supreme Administrative Court, which referred the following
    5 KB (663 words) - 08:15, 27 April 2023
  • for review by the second contested decision. The data subject claimed for an annulment of the decision by European Data Protection Supervisor (EDPS) of
    61 KB (9,971 words) - 14:28, 4 January 2024
  • organization may be considered as an administrative offense in accordance with the provisions of the RGPD, classified as an infraction in its articles 83.5
    29 KB (4,482 words) - 14:06, 5 March 2024
  • of the principle of accountability, had to examine whether there was an issue of an adverse effect on the rights and freedoms of the mother with a view
    18 KB (2,865 words) - 15:33, 6 December 2023
  • participant in an electronic database, it is possible that among the numerous registered calls there is an error in the number, due to an incorrect entry
    45 KB (7,165 words) - 15:22, 22 February 2022
  • (Garante) imposed a fine of €12.25 million on Vodafone Italia S.p.A, following an inquiry into their telemarketing practices which revealed that Vodafone was
    7 KB (810 words) - 15:52, 6 December 2023
  • form of processing based on Article 4(2) GDPR. The DPA has the power to issue an ex officio interim order for immediate total or partial temporary restriction
    11 KB (1,492 words) - 13:09, 23 November 2022
  • resolution may be considered as an infraction administrative in accordance with the provisions of the RGPD, classified as an infringement in its article 83
    33 KB (4,835 words) - 13:26, 13 December 2023
  • rules"; HAVING DETECTED the publication by the online newspaper La Cronaca24 of an article entitled: "XX" available at the link https://... in which, citing
    16 KB (2,354 words) - 15:45, 6 December 2023
  • restriction, and objection. In its decision, the DPA held that, in principle, an employer could not consult private emails of his employees, even if the company
    37 KB (5,765 words) - 09:53, 14 December 2023
  • HDPA ran an on site audit at the Ministry of Foreign Affairs as being the data controller according to VIS Regulation and VIS Decision. VIS is an information
    3 KB (224 words) - 15:35, 6 December 2023
  • forgotten was not infringed and rejected the complaint. The data subject has filed an administrative appeal against this decision. The Austrian Federal Administrative
    8 KB (987 words) - 10:01, 12 May 2022
  • do not preclude national rules from laying down, without any limit in time, an obligation for Internet advertising service providers to communicate certain
    8 KB (1,081 words) - 13:13, 1 June 2023
  • controller, and about the fact that their personal data could have been used for an additional purpose. The Greek DPA also found that the objections of the customers
    8 KB (1,028 words) - 12:49, 24 November 2021
  • (in ahead, the claimed one). The claim indicates the following: “I received an email from pulpower to confirm my subscription, as I had not done no management
    10 KB (1,288 words) - 13:39, 13 December 2023
  • viewed that an activity cannot be regarded as purely personal or domestic where a) its purpose is to make the data collected accessible to an unrestricted
    10 KB (1,282 words) - 14:38, 7 June 2023
  • electricity supply corresponding to the claimant's supply point, providing an email address for the invoice to be sent. To be able to carry out the requested
    27 KB (4,121 words) - 15:06, 13 December 2023
  • Energéticas, the controler, filed a lawsuit against the data subject due to an alleged debt. In the judgment , a Spanish Court of First Instance dismissed
    26 KB (4,147 words) - 13:27, 13 December 2023
  • subject could exercise their right to object and erasure. This case concerns an interlocutory judgment in the case C/13/694440/KG ZA-20-1118 MvW/JE dated
    29 KB (4,605 words) - 17:00, 15 December 2021
  • willingness to be known, as well as regarding the conditions under which such an access should be provided. This question, as the HDPA found, was never answered
    20 KB (2,270 words) - 15:37, 6 December 2023
  • failing to implement appropriate technical and organisational measures to ensure an appropriate level of security. The failure resulted in a data breach and unauthorised
    7 KB (900 words) - 15:18, 13 December 2023
  • the Constitution also establishes that it is prohibited the attribution to an unique national number to the citizens. In Portugal the GDPR is implemented
    3 KB (332 words) - 13:31, 3 May 2023
  • bureaucratic steps that severely limit individual rights. Proceedings before an administrative tribunal can take up to 2 years. You can help us fill this
    4 KB (391 words) - 09:57, 17 May 2021
  • administrative fines of maximum EUR 20,000,000 or, in the case of a company, an amount equivalent to a maximum of 4% of the C/ Jorge Juan, 6 www.aepd.es 28001
    22 KB (3,427 words) - 13:26, 13 December 2023
  • provide the members of the Supreme Court with independent advice – known as an ‘advisory opinion’ (conclusion)- on how to rule in the cassation proceedings
    4 KB (447 words) - 15:00, 23 September 2022
  • fundamental rights of the data subject is not overridden, following § 12 (2). In an employment context, processing of personal data may take place on the basis
    5 KB (582 words) - 17:53, 3 March 2020
  • rights or special dangers or (3) in the interest of private documentation if an identification of persons is not intended. It is unclear if this national
    8 KB (721 words) - 13:45, 29 April 2021
  • liability of each in the event of breach of data protection laws. Fashion ID, an online retailer clothing company, embedded the ‘Like’ social plug-in from
    6 KB (492 words) - 13:09, 1 June 2023
  • complex, the organization acting as a data controller can state that it needs an additional time of up to two months. In the case of one complainant, Alektum
    7 KB (858 words) - 15:55, 11 December 2023
  • was fined 9898 RON (equivalent to €2000) for sending unsolicited message to an e-mail address collected indirectly from public sources for the purpose of
    6 KB (850 words) - 15:11, 13 December 2023
  • AN - 578/2021 (category AN (Spain))
    A car rental company filed an appeal with the Spanish National High Court against a Spanish DPA decision in which a fine of €25,000 was imposed for breaching
    26 KB (4,277 words) - 09:18, 26 July 2021
  • breach from a person who became an unauthorized recipient of personal data. The breach involved sending an email with an unencrypted, non-password protected
    50 KB (8,066 words) - 10:00, 17 November 2023
  • by e-mail, by an insurance agent, who is an entity processing for an insurance company, an insurance policy containing personal data to an unauthorised
    47 KB (7,608 words) - 10:00, 17 November 2023
  • Article 32 (1) (d) • An assessment of privacy consequences has not been carried out, cf. Article 35 • Using an application with an insufficient level of
    38 KB (5,967 words) - 11:48, 7 May 2022
  • e-mail through encryption. Enforced TLS is an example of an encryption solution that can be used to protect an e-mail. In the present case, enforced TLS
    28 KB (3,101 words) - 09:49, 7 June 2023
  • was not adequately secured, as it was transmitted in an unencrypted format. The DPA initiated an investigation in response to the complaint, in which it
    57 KB (8,053 words) - 17:07, 12 December 2023
  • AN - SAN 3073/2022 (category AN (Spain))
    corporate email if having an email address is necessary for the workers. The Labour Chamber of the Spanish National High Court dealt with an appeal from a case
    34 KB (5,374 words) - 14:21, 24 November 2022
  • explains its authority to impose an infringement fee, before explaining its assessment related to the infringement fee and whether an order should be issued. In
    45 KB (6,913 words) - 12:13, 15 March 2023
  • subjects who did not have an account with DPG Media, and had to provide a copy of their ID, as verification, before they could submit an access request pursuant
    50 KB (7,656 words) - 17:05, 12 December 2023
  • decision made at an individual presentation and the appeal instructions have not been attached. The notice must nevertheless be regarded as an appealable decision
    46 KB (7,394 words) - 14:08, 21 March 2024
  • proceed and is not willing to open an investigation against a company established abroad that has not designated an EU Represenative. Rocketreach sells
    3 KB (337 words) - 16:59, 6 December 2023
  • imposed a €35,000 fine on an energy company for the violation of Article 5(1)(f) GDPR and 32 GDPR because an employee accidentally sent an email to the data subject
    38 KB (5,920 words) - 12:43, 13 December 2023
  • a fair trial under Article 6 ECHR. The data subject, an asset management professional, undertook an agreement with PME Investment Services. The agreement
    103 KB (17,620 words) - 10:13, 29 November 2023
  • Persoonsgegevens (AP) launched an investigation into a possible breach of the GDPR against the provincial political party PVV Overijsssel after an individual filed a
    54 KB (8,224 words) - 17:07, 12 December 2023
  • further proof of identity before fulfilling an access request. The Council of State reaffirmed that such an additional request must not be so demanding
    19 KB (3,135 words) - 12:38, 16 September 2021
  • had processed the complainant's data without an appropriate legal basis. The DVI received a complaint about an employer who had allegedly informed other employees
    3 KB (354 words) - 16:09, 6 December 2023
  • appointing an EU representative. It further required Locatefamily.com to pay an exrta €20,000 for each two-week period it failed to appoint an EU representative
    38 KB (6,339 words) - 17:14, 12 December 2023
  • Accounting Oversight Board following an application for approval by the Federal Minister of Finance. The transfer was based on an administive arrangement per Article
    10 KB (1,335 words) - 13:39, 12 May 2023
  • Company. The President of the UODO initiated an administrative proceeding against the Company to impose an administrative fine on the Company. The DPA found
    27 KB (4,446 words) - 09:51, 17 November 2023
  • Administration Act states: When it is stipulated in law that an administrative sanction may be imposed on an enterprise, the sanction is imposed even if no individual
    45 KB (7,286 words) - 18:55, 5 March 2022
  • ordinary letters by Mr M. K." bearing an illegible signature and stamp reading "W. [...] *AN*" and a copy of an unaddressed sample notification. In response
    46 KB (7,322 words) - 09:51, 17 November 2023
  • indirectly, in particular by means of an identifier, such as a name, an identification number, location data, an online identifier or one or more elements
    23 KB (3,836 words) - 14:01, 13 December 2023
  • after an assessment of the criteria in the Personal Data Act 2000 § 46 first paragraph, the Norwegian Public Roads Administration is ordered to pay an infringement
    43 KB (6,983 words) - 09:09, 21 August 2022
  • will that inform the data subject by means of a statement or an unambiguous active accepts an act concerning him/her concerning the processing of personal
    43 KB (6,749 words) - 07:07, 28 October 2021
  • sent an e-mail to the defendant's data protection officer. He writes the following: "Dear,I am not a customer of [defendant], yet today I received an email
    39 KB (6,551 words) - 16:56, 12 December 2023
  • personal data processing) [16] : Form no. 1: By submitting an application, an individual expresses an interest in vaccination with a vaccine against COVID-19
    110 KB (17,995 words) - 11:15, 22 April 2021
  • that it accepts of t these considerations would be based on an illegality, an irregularity or an error manifest. The fact that the person concerned by the
    72 KB (11,389 words) - 08:59, 20 August 2021
  • but one an exception to a general rule from the GDPR, namely that breaches of the GDPR are possible are curbed with an administrative fine. As an exception
    62 KB (9,417 words) - 16:57, 12 December 2023
  • of third parties that must be submitted so that an undertaking can qualify for the customs status of an authorised economic operator (AEO). According to
    7 KB (1,005 words) - 13:10, 1 June 2023
  • can be assigned to an employee with the required roles (which an employee with this company role name must have), allowed roles (which an employee with this
    36 KB (5,914 words) - 17:13, 12 December 2023
  • companies. Employee policy breach Booking argued the fact that an employee had breached an internal protocol by not reporting the suspected incident to the
    77 KB (12,915 words) - 17:15, 12 December 2023
  • assess an application for compensation for material or immaterial damage resulting from an act in violation of the General Administrative Law Act by an administrative
    37 KB (5,721 words) - 12:41, 16 September 2021
  • automatically and in all cases of such an obligation on the employee. However, such an obligation of the employee may be ordered by an individual company or organization
    12 KB (1,812 words) - 15:11, 17 March 2022
  • number [number] ; On 7 March 2016 ABN AMRO an A coding for contract number [number] ; On 7 March 2016 ABN AMRO an A coding for contract number [number] ;
    27 KB (4,437 words) - 09:17, 22 August 2020
  • Administration Act on administrative sanctions. An administrative sanction means a negative reaction that can be imposed by an administrative body, which is directed
    28 KB (4,387 words) - 18:58, 5 March 2022
  • 83(5)(e) in fine of Regulation 2016/679, to an administrative fine of up to EUR 20,000,000, and in the case of an enterprise - up to 4% of its total annual
    27 KB (4,390 words) - 09:50, 17 November 2023
  • infringement. Where administrative fines are imposed on an undertaking, an undertaking should be understood to be an undertaking in accordance with Articles 101 and
    130 KB (21,195 words) - 13:52, 25 April 2021
  • confirmed an online pharmacy's (Promofarma ecom S.L) compliance with the GDPR after having used its investigation powers. The AEPD carried out an ex officio
    17 KB (2,577 words) - 13:42, 13 December 2023
  • and the greater the personal cost of an action, the less likely it is that an action will be committed. Thus, an attempt is made to increase the costs
    94 KB (15,537 words) - 09:09, 25 August 2020
  • proposed to the Commission's restricted session to impose an administrative fine on AEC and an injunction, together with a penalty payment, to bring the
    82 KB (13,424 words) - 17:10, 6 December 2023
  • imposed a €35,000 fine on an energy company for the violation of Articles 5(1)(f) and 32 GDPR because an employee accidentally sent an email to the data subject
    8 KB (1,355 words) - 13:38, 1 February 2024
  • for private life on the one hand and rights to protection of property and an effective remedy on the other hand. Directive 2002/58 provides rules determining
    6 KB (536 words) - 13:08, 1 June 2023
  • context of an Article 60 GDPR procedure, the Cypriot DPA reprimanded a controller for unlawfully asking a data subject’s ID when addressing an access request
    20 KB (3,082 words) - 13:42, 31 January 2024
  • personal data caused by an "underlying bug" is due to an infringement of the requirements of Article 32 GDPR. 88. The FR SA expressed an objection concerning
    183 KB (30,819 words) - 09:50, 20 January 2023
  • administrative proceedings to impose an administrative fine in connection with the impossibility of carrying out an inspection in the scope of the Company's
    29 KB (4,698 words) - 10:02, 17 November 2023
  • creating an account, accounts were not locked after a certain number of failed access attempts, and part of a reference code used instead of an account
    56 KB (8,757 words) - 14:12, 28 February 2024
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors
    59 KB (8,242 words) - 10:47, 17 March 2021
  • a controller €3,000 for not ensuring an adequate protection of personal data against the misuse of a processor. An employee had recorded and shared footage
    6 KB (790 words) - 15:13, 13 December 2023
  • following information: "www.***frauen.com is an offer of: N***Netzwerk GmbH & Co KG" and "www.dates***.com is an offer by: N***Netzwerk GmbH & Co KG". In order
    25 KB (3,605 words) - 13:59, 12 May 2023
  • of his ex-wife as an individual. In response to the complaint, the defendant stated that it was the claimant herself who firstly sent an e-mail to the school’s
    15 KB (2,384 words) - 10:46, 13 December 2023
  • authorized to initiate an investigation, including an on-site investigation, if it does so useful. Operative part The AP submits an order to the UWV for
    33 KB (5,112 words) - 17:10, 12 December 2023
  • protection by an organ that exercises judicial activity, which is not the case here as there is no connection with court or legal proceedings, it was an issue
    75 KB (12,118 words) - 15:46, 14 February 2024
  • Prior to contact with the respondent, an announcement letter accompanied by an information leaflet as well as an email or SMS (which will refer to the
    23 KB (3,397 words) - 17:12, 6 December 2023
  • States shall issue an alert for refusal of entry and stay if the Member State, on the basis of an individual assessment, which includes an assessment of the
    23 KB (3,560 words) - 14:17, 21 February 2024
  • guiding principles: 1 If an intended application for legal protection is settled before lis pendens and the possible filing of an action for a declaration
    31 KB (5,184 words) - 17:19, 15 April 2023
  • Under the old Personal Data Act of 2000, there was an additional requirement that the business may have an "objective need" to obtain credit information. This
    40 KB (5,988 words) - 19:04, 5 March 2022
  • Arnhem-Leeuwarden confirmed an interlocutory injunction from the Court of First Instance, stating that a copyright watchdog could not force an Internet Service Provider
    28 KB (4,573 words) - 10:04, 14 December 2023
  • Commissioner’s Office (ICO) has issued fines totalling £120,000 to an EU referendum campaign and an insurance company for serious breaches of electronic marketing
    18 KB (2,440 words) - 14:36, 5 December 2021
  • The Danish DPA (Datatilsynet) held that an insurance company acted in accordance with Article 15 GDPR by not disclosing to a data subject the name of the
    16 KB (2,455 words) - 16:38, 6 December 2023
  • conditions that must be met for an applicant (other than the ‘privileged’ applicants pursuant to Article 263(2) TFEU) to challenge an act, where it is not the
    8 KB (1,160 words) - 14:25, 15 December 2022
  • Regulation as any form of information about an identified or identifiable natural person ('the data subject'). An identifiable natural person means a natural
    33 KB (5,189 words) - 16:23, 6 December 2023
  • conducting an inspection before starting an administrative offense case is also in the manager's interest, because not every inspection results in an administrative
    114 KB (17,942 words) - 15:46, 2 November 2022
  • reachyou later than usual.” (It might be an automatic response). 8.4. On 19 May 2019, the data subject sent an email to , saying the following: I’m sorry
    42 KB (5,838 words) - 10:27, 13 December 2023
  • the controller relies on an overall bundled consent to anything contained in the terms and the privacy policy. This represents an “all-or nothing” approach
    21 KB (3,005 words) - 14:16, 1 February 2023
  • provisions, provided that these serve to safeguard an important public interest. The complainant has an obligation to provide information and evidence to
    23 KB (3,578 words) - 14:03, 12 May 2023
  • performance of an agreement involving the data subject or, at the request of the person concerned, to take measures before concluding an agreement take;
    82 KB (13,250 words) - 16:57, 12 December 2023
  • to established case law, Internet advertising is usually only an invitation to submit an offer. The Senate sees no reason to deviate from this basic rule
    32 KB (5,236 words) - 16:00, 10 March 2022
  • Spanish DPA held that where an employee had signed an image rights transfer agreement with their employer, prior to the display of an advertisement banner using
    15 KB (2,292 words) - 13:56, 13 December 2023
  • service provider provided an IP address, insofar as that legislation enables the national court seised of an application for an order for disclosure of personal
    5 KB (599 words) - 13:17, 1 June 2023
  • systematically requesting an ID card for the exercise of right by a data subject a violation of Article 12 GDPR ? Are the following practices an infringement on
    104 KB (16,646 words) - 17:09, 6 December 2023
  • Act , an administrative sanction may be imposed on an enterprise itselfif no individual has shown guilt. This means that Oslo Municipality has an objectiveliability
    41 KB (6,337 words) - 18:52, 5 March 2022
  • Norwegian DPA (Datatilsynet) stating that they had been subject to an unauthorized credit rating. An employee of the credit rating agency has indeed triggered a
    18 KB (2,791 words) - 18:36, 5 March 2022
  • club (UAB VS FITNESS), fingerprint scanning is required. It then initiated an own volition investigation of a possible breach of the GDPR. The VDAI found
    53 KB (2,523 words) - 09:19, 17 November 2023
  • constitute an economic activity for the service provider. ... c) "Service provider" or "provider": natural or legal person that provides an information
    18 KB (2,693 words) - 13:40, 13 December 2023
  • data subjects were harmed in any way. After an overall assessment, the PVN concluded (under doubt) that an administrative fine for such a violation should
    40 KB (6,549 words) - 18:49, 5 March 2022
  • breach of Article 83(6) GDPR for failure to comply with an order of the DPA, the DPA imposed an administrative fine of €440,000 on the controller pursuant
    71 KB (11,552 words) - 13:40, 12 January 2024
  • in particular by means of assignment to an identifier such as a name; an identification number, location data, an online identifier or one or more factors
    44 KB (7,334 words) - 09:02, 17 March 2022
  • Benefits Department used the applicants' nationality (Dutch/not Dutch) as an indicator in an automated "risk-classification model", to assess which applications
    87 KB (11,601 words) - 17:08, 12 December 2023
  • Norwegian Data Protection Authority's assessment of an infringement fee of NOK 100,000 for having monitored an employee's e-mail box without a legal basis, cf
    26 KB (4,039 words) - 09:08, 20 January 2023
  • 83(5)(e) in fine of Regulation 2016/679, to an administrative fine of up to EUR 20,000,000, and in the case of an undertaking, up to 4% of its total annual
    28 KB (4,490 words) - 09:51, 17 November 2023
  • photographed and / or photographed by the selfie box during an active action. In connection with the start of an event, it is announced over loudspeakers that there
    27 KB (4,300 words) - 16:36, 6 December 2023
  • remembered that the complainant was an employee of a higher federal authority and repeated the request to present an ID card in order to obtain a PeP (politically
    33 KB (5,254 words) - 13:33, 12 May 2023
  • question per. email, even if they had an email address registered with the Zoo. Against this background, Zoo stated that an extract of e-mail addresses had been
    33 KB (5,347 words) - 16:39, 6 December 2023
  • in these proceedings, has made an attempt to justify such proceedings. Considering that the Company is an entrepreneur, an entity professionally participating
    31 KB (5,101 words) - 09:52, 17 November 2023
  • personal data to Google LLC in the U.S. The respondent is an online retail company. The complainant is an individual represented by noyb - European Centre for
    40 KB (5,904 words) - 16:51, 24 February 2022
  • self-employed and liberal professionals to switch from a paper to an electronic invoice. Due to an error in the selection of e-mail addresses, a number of the
    55 KB (8,810 words) - 16:55, 12 December 2023
  • Administrative Courts. For example, Administrative Courts are competent to deal with an action for misuse of powers against a national decree which allows uninterrupted
    10 KB (1,108 words) - 09:37, 29 September 2021
  • viewing of an apartment that was advertised for sale, without their consent and knowledge. The photo was available on a public website via an URL link.
    12 KB (1,882 words) - 15:24, 30 October 2023
  • imposed a warning on an association for the protection of prison workers for publishing personal data without consent on Twitter. An association for the
    17 KB (2,458 words) - 13:51, 13 December 2023
  • not therefore mean that an administrative body is obliged to provide a copy of the documents containing those personal data. An administrative body may
    22 KB (3,354 words) - 09:23, 18 February 2022
  • Secure @ Mail. In the case of an advisory email about new e-mail in Secure @ Mail, the advisory email will include: include an ID number on the email, a link
    24 KB (3,947 words) - 16:24, 6 December 2023
  • with an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element
    24 KB (3,651 words) - 16:38, 6 December 2023
  • by means of an invoice form signed by her, that an amount of € 32,368 be transferred to her by virtue of this money loan in order to pay an invoice from
    26 KB (4,225 words) - 16:00, 15 March 2022
  • There is no place for an independent appeal against the order under point 1, only on the merits of the case may be challenged in an appeal against a decision
    30 KB (4,563 words) - 10:12, 17 November 2023
  • appellant may challenge this decision within 30 days by submitting an appeal to an administrative court in accordance with the Code of Administrative Court
    28 KB (4,474 words) - 10:31, 13 December 2023
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors
    41 KB (7,150 words) - 12:30, 4 October 2021
  • the protection of personal information. Access to an employee's or former employee's e-mail box is an intrusive treatment of personal information, and constitutes
    47 KB (7,661 words) - 18:54, 5 March 2022
  • identified, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or of one or more elements
    56 KB (8,716 words) - 09:09, 2 March 2023
  • reason, the processing of personal data from an electoral roll for an election in 2012 not possible for an election in 2018. As regards the lack of transparency
    62 KB (10,509 words) - 16:58, 12 December 2023
  • until the expiry of the time limit for bringing an action to challenge the decision or, in the case of an administrative action, until the final decision
    75 KB (12,586 words) - 10:10, 17 November 2023
  • may take place regardless of whether the person is convicted of an offence that entails an increased risk of relapse into “DNA relevant” crime. Thus, the
    77 KB (12,671 words) - 06:13, 6 March 2022
  • indirectly, in particular by reference to an identifier such as a name, an identification number, a location data, an on-line identification or one or more
    107 KB (17,615 words) - 09:42, 10 September 2021
  • which includes an Israeli journalist, Raviv Drucker, an Israeli website, Seventh Eye, and one of its staff writers, Oren Persico, and an American journalist
    108 KB (18,178 words) - 11:57, 29 November 2021
  • downloads the application form via the website of the embassy or BZ. An appointment for an intake at the consulate can be made be on the embassy's website via
    179 KB (22,957 words) - 17:07, 12 December 2023
  • must be sufficiently precise to be invoked by an individual and by the national courts [and imposes] an unconditional obligation. ” 4 CJEU judgment of
    82 KB (12,100 words) - 17:01, 12 December 2023
  • were not kept in connection with an obligation under pharmaceutical law and (b) had not been taken along in the context of an audit of the operation of a Section
    66 KB (10,546 words) - 13:50, 12 May 2023
  • the fact that the entry / exit card is an excessive measure. 2. On 17/10/2019, an Officer of my Office sent an email to his XXXXXXXX Defendant's staff's
    56 KB (8,913 words) - 16:52, 6 December 2023
  • send an email to ciao@ecooltra.com for there is evidence that you no longer want to use the account. ELEVENTH: On October 30, 2018 at 4:26 p.m. an email
    54 KB (8,870 words) - 10:43, 13 December 2023
  • process personal data with an appropriate level of security, as required by Article 32 GDPR. The company accepted applications via an applicant portal integrated
    3 KB (190 words) - 10:17, 17 November 2023
  • Does the tracking of a company vehicle (which an employee is also free to use in his leisure time) by an employer via a GPS positioning system require
    24 KB (3,763 words) - 09:49, 14 December 2023
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors
    19 KB (3,027 words) - 17:13, 12 December 2023
  • requests from an Airbnb customer (the data subject) to Airbnb Ireland UC (the controller); an access request under Article 15 GDPR and an erasure request
    20 KB (3,069 words) - 18:48, 24 January 2023
  • indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors
    110 KB (18,000 words) - 08:01, 5 June 2023
  • The Spanish DPA held that sending an e-mail without using the BCC (Blind Carbon Copy) option is an infringement of Article 5(1)(b) and (f) GDPR. In particular
    15 KB (2,317 words) - 13:59, 13 December 2023
  • The controller requested a copy of an identity document for identification purposes. Following the request of an official identity document, the data
    15 KB (2,321 words) - 16:01, 22 March 2022
  • travel services to Russia offered on the website, and an offer for a group trip is requested by sending an e-mail to the registrar. Visa types other than group
    56 KB (8,980 words) - 08:47, 4 March 2024
  • of […] euros in 2015. 5. During the summer of 2015, during an internal research project on an anti-fraud mechanism, the company reused personal data contained
    56 KB (9,069 words) - 17:02, 6 December 2023
  • although Member States are in principle free to fix an appropriate fee for bringing an appeal before an administrative authority, that fee may not be set
    91 KB (15,371 words) - 15:11, 5 October 2021
  • recidivism to be an aggravating circumstance. Se / on el / e, / 'the absence of an aggravating circumstance does not mean the existence of an aggravating circumstance
    51 KB (7,792 words) - 11:43, 24 January 2022
  • basis. The Slovenian DPA (IP) was asked for an opinion concerning the scope of GDPR Article 15. Within the GDPR, an individual can only request their own personal
    10 KB (1,575 words) - 13:37, 10 August 2021
  • educational magazines, received an e-mail from the individual in charge of its web-portal. This individual stated that an external alleged researcher had
    10 KB (1,343 words) - 13:13, 13 December 2023
  • the law if (i) there is an infringement of a subjective right, (ii) an act or omission is in breach of a statutory duty or (iii) an act or omission is in
    40 KB (6,777 words) - 16:28, 15 March 2022
  • claimed, from the email address: ***EMAIL.1 sent an email email to the SGT and General Directorates, in which an Excel sheet was attached where you could see
    45 KB (6,998 words) - 12:58, 13 December 2023
  • Adherence to an approved code of conduct within the meaning of Article 40 or to a certification mechanism approved under Article 42 may serve as an element
    39 KB (6,720 words) - 14:22, 13 December 2023
  • October 2019, - an internal audit subcontracted to an audit firm covering organizational aspects, - an external audit carried out by an audit firm, in order
    81 KB (11,895 words) - 16:58, 6 December 2023
  • within 30 days by either: - an appeal to the Data Protection Inspectorate pursuant to the Administrative Procedure Act; or - an appeal to Tallinn Administrative
    7 KB (982 words) - 10:31, 13 December 2023
  • that was available to the creditors came from the surrender of an insurance policy and (for an amount of € 10,757) from a son of [applicants] et al. would
    35 KB (5,805 words) - 10:04, 14 December 2023
  • carried out an online control mission on the "discord.com" website and on the DISCORD mobile application on 17 November 2020. 8. On 29 December 2020, an off-site
    59 KB (9,566 words) - 17:03, 6 December 2023
  • employees' fingerprints. Security An employer may ask an employee to give a fingerprint for, for example, access control. Sometimes an employee is obliged to give
    5 KB (600 words) - 17:12, 12 December 2023
  • Hellenic DPA imposed an administrative fine of €20,000 on a leasing company. They fined them €10,000 for violating Article 5(1)(c) GDPR, and an additional €10
    6 KB (695 words) - 16:39, 9 January 2024
  • associated an email address and/or phone number with a business account (whether as a mandatory requirement of switching prior to September 2019, or on an optional
    276 KB (38,206 words) - 09:46, 20 January 2023
  • Furthermore, the evaluations are only displayed when an higher amount evaluations are collected. As an additional safeguard, all students are verified via
    30 KB (4,834 words) - 13:14, 10 November 2021
  • carried out by an optician or an optician or ophthalmologist. According to the answer, many customers do not seem to know that dealing with an optician is
    28 KB (4,501 words) - 13:07, 3 March 2024
  • CI Plus module as an alternative to a loan receiver (quasi an adapter that replaces the zapping receiver and can be inserted into an existing receiver
    200 KB (33,233 words) - 09:49, 14 December 2023
  • In October 2020, the Polish DPA received an anonymous tip informing about this incident. The DPA started an investigation and requested information from
    105 KB (17,237 words) - 09:22, 10 May 2023
View (previous 500 | ) (20 | 50 | 100 | 250 | 500)