Search results

reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate

possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State

access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data

provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be

consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details

further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller

4(20) GDPR, Article 47 GDPR); The data transfer for internal administrative purposes (Article 6(1)(f) GDPR) with Recital 48 GDPR); The determination of the

between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)

additional benefit of Article 14(1)(d) GDPR may be questionable, if one agrees that Article 14(1)(c) (see commentary on Article 13(1)(c) GDPR) already requires

categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific

access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation

requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller

mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual

commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA

must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller

access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)

flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision

Articles 70(1)(e) and 70(1)(f) GDPR was an editorial error. This obligation applies to all guidance issued by the Board. Articles 70(1)(n) to (q) GDPR outline

non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the

under Article 13 should not be too long. Article 12 GDPR may be limited by Union or national Law in accordance with Article 23 GDPR. Article 12(1) GDPR

compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to

the establishment of SAs are set out in Article 51(1) and 52 GDPR, Article 54(1)(a) GDPR repeats that these should be legislated for through a Member State's

According to the final paragraph in Article 49(1) GDPR, when none of the derogations described above (Article 49(1)(a-g) GDPR) is applicable, transfers to third

accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand

the basis of (i) its legitimate interest (Article 6(1)(f) GDPR) or (ii) the public interest (Article 6(1)(e) GDPR). Hence, data subjects may find themselves

difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter

accordance with the consistency mechanism set out in Article 63 GDPR. Following provisions of Article 64(f) GDPR, the EDPB issues a non-binding opinion whenever

important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal

Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 6

the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally

64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR

into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)

adoption of a final decision that can be challenged under Article 78(1) GDPR. Again, Article 57(1)(f) GDPR is instructive regarding the SA's obligation "[to reach]

mentioned in Article 26(1), but also encompasses other obligations of controllers under the GDPR. EDPB: This extends to various obligations under the GDPR, including

up. Indeed, the wording of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct

the competent supervisory authority of such a breach. Article 34(1) GDPR differs from Article 33 GDPR. Instead of having to notify the supervisor authority

deadline of Article 36(1) GDPR, and it is still disputed whether the outcome of the procedure rather resembles that of Article 58(3)(a) GDPR or Article 58(3)(b)

falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting

in accordance with Article 6(1)(f) is not covered by the right under Article 20 GDPR. The right to data portability under Art. 20(1)(b) only applies to

agreement on joint responsibility as required under Article 26(1) of the GDPR. Article 33(1) GDPR outlines that controllers (as defined above) have an

of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and

request (Article 61(5) GDPR), the requesting SA may adopt a provisional measure on the territory of its Member State under Article 55(1) GDPR. If the SA

this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the

the SAs' tasks, please refer to Article 57 GDPR and for their powers please refer to Article 58 GDPR. See Recital 122 GDPR. In this respect, reference should

767f2?version=1.0 https://www.garanteprivacy.it/documents/10160/0/Bilancio+di+previsione+2019+-+Sintetico.xlsx/700e5df5-f7c3-6510-1bd5-ef90e9824f17?version=1

interests under Article 6(1)(f) GDPR. On the erasure obligations under Article 17 GDPR, the CJEU held that under Article 17(1)(d) GDPR SCHUFA will be under

meaning of Article 6(1)(f) of the GDPR must already be known in order for a balancing of interests within the meaning of Article 6(1)(f) of the GDPR to be possible

at/dam/jcr:ee7b155a-0a1f-4d00-98e9-902314c7022d/Datenschutzbericht%202022.pdf Report: Europe’s governments are failing the GDPR by Brave, page 6 - https://brave

personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO,

other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of

compliance with the principles of Article 5 GDPR and that they could be based on the legal basis of Article 6(1)(f) GDPR. The BVwG ruled that the principle

accordance with the provisions of Article 6(1)(c), Article 6(1)(f) GDPR, or both provisions? 2.     Does the answer to Question 1 mean: a)      that the person

in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection Act, provides: 1. Each supervisory

presenting the principles of data processing of Article 5(1) GDPR, underlined that, based on Article 5(2) GDPR, it is the data processor's responsibility to

the personal data to be provided pursuant to Article 15(1) of the GDPR, Article 15(3) sentence 1 of the GDPR must be interpreted as meaning that, due to

objected to its processing pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore

assert or defend legal claims ». Article 17 of the GDPR regulates the right to deletion. Article 17 (1) (c) states: «1. The data subject shall have the

specific categories of information in Article 8 (1) and (5) of Directive 95/46 or in Article 9 (1), Article 10 (1) and Article 10 of Regulation 2016/679, the

Art. 44 GDPR is dismissed. Legal basis: Art. 4 (1), (2), (7) and (8), Art. 5, Art. 44, Art. 46 (1) and (2) (c), Art. 51 (1), Art. 57 (1) (d) and (f), Art

pursuant to Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR)

Art. 2 para. 1, Art. 1 para. 1 GG, Art. 17 para. 1 lit. d) DSGVO, because her personal data is stored according to Art. 6 para. 1 lit. f. DSGVO had been

given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the AEPD

cites Articles 5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing

analogous to Article 18 (1)(a) GDPR the Court held that § 12 of the German Registration Law explicitly exludes the application of Article 18 (1)(a) GDPR. According

III Article 5.1.f) of the GDPR Article 5.1.f) “Principles relating to processing” of the GDPR establishes: "1. The personal data will be: (…) f) treated

data for the purposes of its legitimate interests in accordance with Article 6(1)(f) GDPR. Therefore, the data subject must be considered to have objected

Protection Authority (APO below}, what it does on June 17, 2020 » 1• 1 Impugned Decision, Exhibit 36, §§ 1 - 24. 1 PAGE 01-00003026497-0006-0025-02-01-� L_JCourt

claimed party, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notification of the Commencement Agreement

third-party action (1.). On the complainant's side, his general right of personality (Article 2.1 in conjunction with Article 1.1 of the Basic Law) in

within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated

in particular of children was in breach of Article 5, Article 6, Article 8, Article 9, and Article 25 GDPR. Consequently, the DPA urgently imposed upon

the DPA determined that the legal grounds of Article 6(1)(b), 6(1)(c), Article 6(1)(d) and Article 6(1)(e) GDPR were not applicable in this case. It also

infringement of article 6.1 of the GDPR, infringement typified in article 83.5 of the aforementioned Regulation 2016/679. II breached obligation Article 6.1 of the

violation of article 5.1.f) of the GDPR SAW The violation of article 5.1.f) of the RGPD implies the commission of the violations typified in article 83.5 of

infringement of Article 5.1.f) of the RGPD typified in Article 83.5.a) of the RGPD and considered very serious, for the purposes of prescription, in Article 72.1

to in Article 5(1) LRN, under which the controller did not fall in. Therefore, the controller breached Article 5(1)(a) GDPR and Article 6(1) GDPR, in conjunction

basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful

enshrined in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not

considering that it has violated the provisions of Article 17 of the GDPR and Article 21 of the GDPR and urge GLOBAL CAPITAL GROUP SPAIN, S.L. with NIF

exercise the right of access under Article 15 GDPR and the right to restriction of processing under Article 18 GDPR against three mobile telephone service

its obligations under Article 17(1)(a), of the RGPD. 162 The same facts also constitute a breach of section 6(1)(f) of the GDPR when in the circumstances

meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA

The heading of Article 6(1) and the wording “has given” in Article 6(1)(a) support this interpretation. It follows logically from Article 6 and Recital

regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing

data in violation of the Privacy Ordinance, Article 5 (1) (a) and (c), Article 6, Article 12 (1) and Article 13. The Authority requested in the notification

procedures." II Article 5.1.f) of the GDPR Article 5.1.f) "Principles relating to processing" of the GDPR establishes: "1. Personal data will be: (…) f) processed

constitute personal data under Article 4(1) GDPR? If so, do they qualify as special categories of personal data under Article 9 GDPR? Is the defendant obliged

breach of Article 32 of the GDPR has occurred. B. On the failure to notify the data breach to the CNIL 32. Pursuant to Article 33 (1) of the GDPR, in the

investigations the CNIL found five breaches of the GDPR: -         Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively

treatment in Article 6 (1) (f) which is the most obvious. We point to that The Privacy Board has assumed that Article 6, paragraph 1, letter f is a relevant

of articles 38.1, 38.3, 39.1 a) and 39.1 b) of the GDPR; - to issue an injunction against Company A to comply with Article 38.1 of the GDPR, within four

provided for in Article 5(1)(a), (e) and (f), Article 5(2), Article 24(1) and (2), Article 28(3), Article 30(1)(d) and (f) and Article 32(1) of the General

regulation[1] article 5, subsection 2, cf. Article 5, subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1, and

powers provided for in article 15 par. 8 of Law 4624/2019 in conjunction with article 58 par. 2 f of Regulation (EU) 2016/679 (GDPR), considered the case

case the data subject. Violation of Article 24(1) GDPR The DPA determined that the controller violated Article 24(1) GDPR, because the controller did not implement

very serious in article 72.1. e) from the LOPDGDD, with 10,000 euros. -article 13 of the GDPR, in accordance with article 83.5 b) of the GDPR, and for the

1983 - 1 BvR 209/83, 1 BvR 269/83, 1 BvR 362/83, 1 BvR 420/83, 1 BvR 440/83, 1 BvR 484/83 (in DE) (Abstract in EN) - ECLI:DE:BVerfG:1983:rs19831215.1bvr020983

misuse suffice to claim damages under Article 82 GDPR? The court held that neither §26(1) BDSG nor Article 6(1)f GDPR legitimize the processing of employee

of Articles 14(2)(f), 17(1)(c) and 21(1) GDPR, on the following grounds. Firstly, the DPA found a violation of Article 14(2)(f) GDPR, as the controller

and application of Article 20.1 c) by the AEPD implies the exclusion of the weighting required by the legitimizing basis of Article 6.1.f) of the RGPD and

"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller

personal data in this case is Article 6 no. 1 letter f (necessary to safeguard a legitimate interest). Article 6 (1) (f) authorizes the processing of information

employee's email account, as per Article 6(1)(f) erase the content of the former employee's email account, as per Article 17(1)(e) assess the former employee's

against Google. The DPA noted that the lawful basis was Article 6(1)(f) GDPR and referred to the Article 29 Group's guidelines WP225 relating to search engine

violating Article 5(1)(c) and Article 5(1)(e) GDPR. The DPA of Berlin fined Deutsche Wohnen SE for violating Article 5(1)(c) and Article 5(1)(e) GDPR, because

Ordinance Article 6 No. 1 letter f, for failure to assess protests, cf. Article 21, and for lack of information, cf. Article 13. 2. Pursuant to Article 58 (2)

be erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement

referred to in this article for the processing of personal data in the context of its search function. 4.5 Subsequently, Article 17(1) of the GDPR grants the right

follows: Article 5(1)(c) , Article 5(1)(e) and Article 6(1)(f) of the GDPR The DPC found that Airbnb did not validly rely on Article 6(1)(f) of the GDPR as the

obligation under the articles5 (1) (f), 5 (2), 15, 32 and 33 of the Regulation, as well as article 33 (1) (y) of Law 125 (1) / 2018and she was asked to submit

the transmitted data (see point II.1.3 or II.1.3.1) at least in combination, personal data according to Art. 4 Z 1 DSGVO. For the lack of an appropriate

DPC decisions, Meta shifted its legal basis from Article 6(1)(b) GDPR (contract) to Article 6(1)(f) GDPR (legitimate interest) for most of its processing

conformity with Article 5.1. c), Article 6.1., Article 13.1. c), Article 13.1. c), Article 13.1. e) and Article 13.2. a) of the DGPS pursuant to Article 101 of

Madrid sedeagpd.gob.es 17/17 3. Violation of article 34 of the RGPD in relation to article 5.1.f) of the RGPD, typified in article 83.4.a) of the RGPD, with

personal data under Article 17(1)(d) GDPR, and ordered the controller to pay the data subject €579.17 in damages under Article 82(1) GDPR. Share your comments

claimed party, for the alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: Notification of the aforementioned start-up

that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines

paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the

(internal) registers removed is rejected. 6(1)(f) of the GDPR, [applicant] can rely on Article 21 of the GDPR. Article 21 GDPR gives a data subject the right to

€150,000 on Xfera Móviles S.A. (defendant) for infringing Article 17, 32, 5(1)(f) GDPR and Article 21 LSSI. The fine was imposed after investigating two complaints

1 f) GDPR) (and the obligations arising from it – Article 32 GDPR) and the principle of purpose (Article 5 § 1 b) GDPR) which the principle of security

controller violated Article 6(1)(f) GDPR when accessing the employee's email account and emails. Further, the Datatilsynet breached Article 21 GDPR since the controller

e7141c720c53441c2483c; has_js=1; _gid=GA1.2.1837808855.1597415922; _gat=1 Upgrade-Insecure-Requests 1 If-None-Match" 1597405902-1" Cache-Control max-age=0”

legal basis for their processing in article 6(1)(f) GDPR. However, according to article 17(1)(c) and article 21(1) GDPR, upon receiving an erasure request

€ (article 83, paragraphe 2, de l'AVG ; article 100, §1, 13° WOG et article 101 WOG). 129. Compte tenu de l'article 83 AVG et de la jurisprudence17 de

refers to the Privacy Ordinance Article 6 No. 1 letter f as the relevant valid basis for processing, as well as Article 21 No. 1 on the data subject's right

their processing, according to with article 21 par. 1 of the GDPR, which is based on article 6 par. 1 item or GDPR. In his reply dated 24-05-2022, the

connection with the violation of article/and 5.1. c); 6.1.; 13.1. (c);13.1(e) and13.2(a)AVG: r PAGE 01-00001582885-0002-0033-01- □1-� r L _JCourt of Appeal Brussels

consent [Article 6(1)(a)], due to the nature of the employer-employee relationship.' 3. Rationale 3.1 Definitions 3.1.1 According to Articles 4(1) and 4(2)

..) 3. In addition to Article 17(3)(b) of the GDPR, paragraph 1 applies accordingly in the case of Article 17(1)(a) of the GDPR, if the deletion would

contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could

no. 2, Art. 5 para. 1 lit. f, Art. 6 Para. 1 lit. c and lit. f, Art. 13, Art. 51 Para. 1, Art. 57 Para. 1 lit. f and Art. 77 Para. 1 of Regulation (EU)

minimisation in violation of Article 5(1)(c) GDPR, and the controller had no legal basis for the processing as required by Article 6 GDPR. As a result of the violations

according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines

violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account

controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result, the DPA issued

the infringement of Article 5.1 c) AVG has been proven. f)Transparent information (Article 5.1(a); Article 12.1. and Article 13.1. and 13.2. AVG) 43.The

in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because

and Article of 11Law No. 3471/2006, in accordance with Article 13(58i2) of the GDPR in conjunction with Article 83(1)(a) of the GDPR. 5 of the GDPR, and

been deleted by the employer upon request pursuant to Article 16, Article 17 and Article 5(1)(d) GDPR (inaccuracy of personal data). Therefore, the employer

according to To 1): € 1.200,00 To 2): € 300,00 To 3): € 300,00 . . . In total: € 1.800 To 1): 3 days To 2): 1 day To 3): 1 day ... In total: 5 days Ad 1): Art.

legitimate interest and thus their legal basis for processing was Article 6(1)(f) GDPR. Moreover, it claimed that, if the person would agree to partake

referred to as [applicant] and the State. 1 The procedure 1.1. An application dated 30 January 2019, with productions 1 to 10, was received at the Registry of

transparency, cf. Article 5(1)(a), and accuracy, cf. Article (5)(1)(d), they hadn't recorded the processing activity as required in Article 30, hadn't conducted

terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The

4 line 16, Art. 12 para. 1, Art. 14 para. 1 to para. 5, Art. 15, Art. 51 para. 1, Art. 57 para. 1 lit. f and Art. 77 para. 1 of Regulation (EU) 2016/679

directly on the basis of the GDPR, not the register assessed on the basis of Article 30(1) of the GDPR. II.3. Article 6(1)(f) of the GDPR 49. Above, the Disputes

according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines

with Article 6 (1) of the Data Protection Regulation. Article 17 (1) (c) and that the information shall not be deleted in accordance with Article 17 (1)

her on the basis of Article 6(1)(e) or (f), including of profiling based on those provisions. Article 6(1)(e) and (f) of the GDPR reads as follows: The

to object to the GDPR does not limit the grounds on which data subjects may request erasure pursuant to Article 17 para. 1 of the GDPR. The data subject

management, - Article 12 (1) of the GDPR, as it did not provide transparent and understandable information, - Article 15 (1) and Article 17 (1) of the GDPR, Article

for fraud prevention under Article 6(1)(f) GDPR. Did the company’s policy breach Article 6 or any other articles of the GDPR? The Garante held that the

infringement of Article 6.1 a) of the RGPD, typified in Article 83.5 of the RGPD, and a fine of EUR 60 000 is proposed. PROVEN FACTS 1.- The facts set

the Article are not mutually exclusive. Therefore, both Article 6(1)(c) and (f) GDPR can apply at once. As such, the Court held that Article 6(1)(f) is

§ 166 para. 1 p. 1 ZPO § 114 para. 1 p. 1, § 121 para. 1 StVZO § 31a paragraph 1 p. 1, paragraph 3 Regulation (EU) 2016/679 Art. 5 para. 1 lit. d, Art

Sentence 1, Section 102 Paragraph 1 BetrVG, Section 17 Paragraph 2 Sentence 1 KSchG) on the consultation (e.g. Section 90 Paragraph 2 Sentence 1, Section

engines (see Annex 1 to note of 9 January 2019, p. 1); b) to be "aware of the dispersion of data on 12.12.2018" (see note of 9 January 2019, p. 1) and to have

obtained from them, as required under Article 14(1)(a) AVG and Article 14(2)(c)(e) and point (f) AVG; c. article 12 j° article 14 AVG, in view of the defendant

regulation's article 5, subsection 2, cf. Article 5, subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1, and Article

to Articles 57(1) and 58(2) GDPR for the processing of personal data without the consent of the data subject, as foreseen in Article 6 GDPR. Firstly, the

withdrawal of consent under Article 7(3) GDPR. The Authority also considers the existence of a deletion request under Article 17 GDPR. The AEPD concludes that

Articles 2.1, 4 2), 5.1 c) and 57.1 a), f) and h) GDPR, to the extent necessary read in conjunction with Article 288(2) TFEU and Articles 4 § 1, 63, 72 and

paragraph 1 to 1. c) and5, paragraph 1, al. f), all of the aforementioned regulations;-pursuant to article 58, paragraph 2, al. i) the GDPR, the application

the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision

data (Article 9 GDPR)? Does the data controller have a legitimate interest to process credit card data of recurring purchasers under Article 6(1)(f)? Can

during the implementation of the processing, in line with Article 5(1)(f) GDPR and Article 32 GDPR. Additionally, regarding the access to personal data and

referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding

violation of article 6.1. RGPD, typified in article 83.5.a), and article 31, in relation to article 58.1.e), both of the RGPD, typified in article 83.5.e) of

complainant's computer was accessed (16.5.2018) (note 1.3.2019, p. 4-5). 1.4. On 17 May 2019, pursuant to Article 166, paragraph 5, of the Code, the Office notified

covered by Article 6, clause 1 (c) of the AVG and not by Article 6, clause 6 (f) of the AVG. The BKR itself refers to Article 6, clause 1 (f) of the GCG

2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.

the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the

Regulation, Article 6 (1) (f)Article 13 (2) (f) and Article 14 (2) (g), Article 14 (1) andArticle 15 (1) (h) and Article 21 (1)infringement of Article 18 (1) (a)

infringed Articles 6.1 (a) and 5.1 (a) of the GDPR, in breach of Articles (a) and (a) of the GDPR¬, in accordance with Article 71 (1) (a) and (b) respectively

legitimate interests under Article 6(1)(f) GDPR, they must still comply with data protection principles under Article 5 GDPR. In Croatia, many employers

committing an offense for violation of the Article 5.1.f) of the RGPD, which states that: "1. The personal data will be: (…) f) treated in such a way as to guarantee

exercised by a complainant pursuant to Article 17 GDPR and analysed the exercise of the rights under Articles 15-22 GDPR. On 15 February 2019, Mrs A.A.A.  (hereinafter

annexed to the minutes of the hearing. 2. Legal basis Article 5.1 f) AVG 1. Personal data must be: (…) (f) processed by the application of appropriate technical

the data could be processed under the legitimate interest basis (ARTICLE 6(1)(f) GDPR). The tribunal weighted the different interests at stake and decided

processing as per Article 5(1)(b), nor legal grounds as per Article 6. In sum, the DPA found that NIF had breached Article 5(1)(a), (c) and (f), Article 6, and Article

Spanish Agency of Data Protection, as laid down in Article 56(2) in in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of European Parliament

did not follow the security principles as per Article 5(1)(f) GDPR (ed.: the decision actually reads 5(2)(f)), highlighting ‘the absence of an assessment

on legitimate interests according to Article 6(1)(f) GDPR and that Ziggo had to comply with Article 6(4)(d) GDPR. The Court found that DFW had a legitimate

right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that

with NIF ***NIF.1, for an infringement of Article 5.1.f) of the RGPD, typified in Article 83.5 of the RGPD, in relation to Article 72(1)(a) a fine of EUR

established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there was

protocols. This therefore breached Article 5(1)(f) GDPR and Article 32 GDPR. The initial sanction for infringing Article 5(1)(f) was a fine of €5000 and the

violated Article 12 GDPR, as it did not facilitate the data subject´s exercise of their rights, especially the right to erasure under Article 17 GDPR. In view

the basis of the notification, Article 57 (1) f) of the General Data Protection Regulation and Article 38. § Article 1Regulation (EU) 2016/679 of the European

the violation of the GDPR: violation of article 6.1, violation typified in its article 83.5.a). IV Secondly, article 32 of the GDPR “Security of processing”

arises from Article 5.2 and Article 24 GDPR where it is up to the defendant to demonstrate that they also acts in accordance with article 5.1. f GDPR namely:

correspond would be for the infringement of article 6.1 of the GDPR, typified in article 83.5 a) of the GDPR, the sanction that would correspond would be

violation of the GDPR? The Persónuvernd held that the processing was lawful for several reasons. Regarding the GDPR, it held that Article 6(1)(f) applied as

data processed (Article 5, paragraph 1, letter d) of the Regulation), nor in terms of safety and integrity (Article 5, paragraph 1, letter f) of the Regulation)

controller with €10,000 for the violation of Article 5(1)(f) GDPR and €25,000 for the violation of Article 32 GDPR. There is a pattern in the Spanish DPA resolutions

breaching Article 12(3) GDPR, since it failed to notify the data subject that her erasure request was satisfied, as well as Article 24(1) GDPR, given that

violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article

request under Article 17; request additional information necessary to confirm the data subject's identity is provided. According to Article 17 (1) (a), the

complainant invokes thefirst time a series of other GDPR violations (Articles 5.1.a, 5.1.f, 5.2, 6.1.a, 6.1.f, 12,13, 17 and 25). In particular, it raises the question

protected by article 5 par. 1 item a) GDPR, in conjunction with Article 13 GDPR and b) directs a reprimand, according to article 58 par. 2 b) GDPR, to the complained

processing was therefore in breach of Article 5(1)(a) and Article 6(1)(c) of the GDPR. The DPA also ruled out Article 6(1)(f) on the grounds of domestic law:

internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its

requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data

Consequently, based on Article 83(5)(a) GDPR, the hospital was fined to pay a fine of EUR 30.000,00 for violation of Article 5(1)(f) GDPR. Corrective measures

questions: 1° Should Article 72.2 of the e-Privacy Directive 2002/58/EC, read in conjunction with Article 2(f) of that directive and with Article 95 of the

in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European

to the Privacy Ordinance, Article 6, No. 1, letter f, as the relevant valid basis for processing, as well as Article 21, No. 1 on the data subject's right

in accordance with the provisions of section 2 of article 56 in in relation to section 1 f) of article 57, both of Regulation (EU) 2016/679 of the European

- the rectification of the violation of Article 13 GDPR would also rectify the violation of Article 5(1)(a) GDPR (principle of transparency) and therefore

accordance with article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 The GDPR defines

defendant (Article 6.1.e. AVG). 32. In its conclusions, the defendant bases the lawfulness of the aforementioned processing operations on Article 6.1.f. AVG

their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public

Guarantor pursuant to Article 166(7) of the Code" (Article 16(1) of the Regulation of the EDPS). 16(1) of the Garante's Regulation No. 1/2019). In this regard

controller had infringed Article 6(1) GDPR, in addition to violating the principle of data minimisation in Article 5(1)(c) GDPR. Concerning the second issue

in accordance with the provisions of section 2 of article 56 in in relation to section 1 f) of article 57, both of Regulation (EU) 2016/679 of the European

where the processing is based on Article 6(1)(f), the legitimate interests (d) where the processing is based on Article 6(1)(f), the legitimate interests pursued

lawfulness: (1) the consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the

competent to decide, in accordance with the provisions of Article 56(2) in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of the European Parliament

entrepreneur. The DPA found that the controller violated Article 31 GDPR and Article 58(1)(e) GDPR and issued a warning to the entrepreneur. The entrepreneur

him based on Article 6 (1) (e) and (f) GDPR at any time for reasons related to his specific situation . Pursuant to Article 17, paragraph 1, preamble and

violated Article 5(1)(f) GDPR and proved the ineffectivness of the controller's employee compliance training, in violation of Article 32 GDPR. The DPA

law--> |GDPR_Article_1=Article 12(5) GDPR |GDPR_Article_Link_1=Article 12 GDPR#5 |GDPR_Article_2=Article 15 GDPR |GDPR_Article_Link_2=Article 15 GDPR |GDPR_Article_3=Article

law--> |GDPR_Article_1=Article 12(5) GDPR |GDPR_Article_Link_1=Article 12 GDPR#5 |GDPR_Article_2=Article 15 GDPR |GDPR_Article_Link_2=Article 15 GDPR |GDPR_Article_3=Article

(definition) Article 5.1 : Principles of data processing Article 5.1.a : Principle of legality, objectivity and transparency Article 5.1.b : Principle

processing carried out is in violation of Article 5(1)(f) GDPR, Article 25(1) GDPR, Article 32 GDPR and Article 35 GDPR. Especially, the controller cannot exclude

that Customer 1 violated Article 12 (1) and Article 13 (1) c) and (e) and (2) d) of the GDPR. 7. The Authority determined that Customer 1, by not deleting

compliance with paragraph 1 ("accountability") ". 8.1. Based on the Data Minimization Principle established by Article 5 (1) (c) of the GIP, Defendant

violation of the provisions of Article 5(1)(a), Article 6(1), Article 7(3), Article 12(2), Article 17(1)(b) and Article 24(1) of Regulation 2016/679 imposes

period Article 5.1.f: Principle of integrity and confidentiality Article 5.2: Principle of accountability Article 6.1.a: Legal basis of consent Article 6.1

based on a legitimate interest under Article 6(1)(f) GDPR, so that the principle of lawfulness under Article 5(1)(a) GDPR is violated. This is due to the fact

decision of the Minister is no longer based on Article 17(3) GDPR. Instead the decision is based on Article 6(4) GDPR. However the Minister did not explain well

concerned on the one hand (Article 17(1) GDPR), requires a comprehensive weighing of fundamental rights on the other hand (Article 17(1) GDPR). 7, 8 CFR), the fundamental

infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been

under Article 15 GDPR, in a timely manner as well as in clear and transparent form. Second, the DPA looked at the right to erasure under Article 17 GDPR

the Guarantor pursuant to Article 166, paragraph 7, of the Code "(Article 16, paragraph 1, of the Guarantor Regulation no. 1/2019). The aforementioned

party, for the allegedviolation of article 5.1.f) of the RGPD, sanctioned in accordance with the provisions of theArticle 83.5.a) of the aforementioned RGPD

the defendant for an infringement of Article 5(1)(a) GDPR a warning penalty in accordance with Article 58(2)(b) GDPR. Share your comments here! Share blogs

in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European

minimization set out in Article 5 (1) (c) of the General Data Protection Regulation. The data subject's right to have his data deleted Article 17 of the General

legitimate under Regulation [2016/679], and specifically under Article 6(1) [first subparagraph] (f) thereof? In the first place, the Court clarified that the

basis of Article 58(2)(b) of the GDPR because its processing activities infringed Articles 5(1)(a)(b) and (c), 6(1), 12(1)-(5), 15(1) and 17(1) of the GDPR

in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European

obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process

Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments

under Article 58(2) GDPR and impose on the respondent the responsibility to restore the fulfilment of Article 5(1)(a) GDPR and of Article 5(1)(b-f) GDPR

relation to the requirements prescribed by Article 12.1 of the GDPR (transparency obligation) and by Article 13 of the GDPR (right to information). The Head of

in accordance with the provisions of section 2 of article 56 inin relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of theEuropean

in line with the principle of lawfulness in Article 5(1)(a) GDPR, as none of the conditions of Article 6 GDPR were satisfied. The data disclosed in the land

provided for in Article 18 GDPR. As explained by the Court, Article 18(1) GDPR, in particular in paragraph (d), is linked to Article 21(1) GDPR, which guarantees

subject pursuant to Article 82(1) GDPR, for a theft of their personal identity and financial data, because it violated Article 32(1) GDPR which led to a data

basis for doing so. Neither Article 6(1)(d) nor Article 6(1)(e) can be used as a legal basis. The DPA researches if Article 6(1)(f) can be used as a legal

account of the defendant (Article 6.1. f) GDPR). The other legal grounds included in Article 6.1. points a), b), c), d) and e) GDPR are in present case not

of the article 5.1.f) of the RGPD, infringement typified in its article 83.5.a) of the aforementioned regulation. IV. Article 83.5 a) of the GDPR, considers

functions assigned to the control authorities in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es

infringement in question was correctly defined as a breach of Article 5(1)(a) GDPR and Article 6(1)(f). However, the PVN did not agree that the infringement was

under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting

introduction of Title 8.4 in the Awb on the basis of Article 8:4, paragraph 1, opening words and under f of the Awb, the possibility to appeal against a decision

company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose

the Guarantor pursuant to Article 166, paragraph 7, of the Code "(Article 16, paragraph 1, of the Guarantor Regulation no. 1/2019). The aforementioned

under Article 36 GDPR) regarding the compliance of the envisaged processing with the GDPR. According to the Commission, the legal basis was Article 6(1)(e)

database. The request for erasure under Article 17(1) GDPR is not applicable, because under Article 17(3)(e) GDPR, the processing was necessary for the defence

es 17/17 Against this resolution, which puts an end to the administrative procedure as prescribed by the art. 114.1.c) of Law 39/2015, of October 1, on

of the duty of information as per article 13 GDPR. The DPA imposed thus a fine of €1000 for violating Article 13 GDPR. Share your comments here! Share blogs

complainant as per Article 17 GDPR, as well as his/her right as a consumer to refuse unsolicited commercial phone calls, as per Article 21 GDPR in connection

the Spanish Agency of Data Protection, as laid down in Article 56(2) inin relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of European Parliament

turn, article 72. 1 h) of the LOPDGDD, under the heading "Infringements considered very serious provides: “1 Based on the provisions of article 83.5 of

with Art. 31, art. 57 sec. 1 lit. a), art. 58 section 1 lit. e) and f) and art. 58 sec. 2 lit. i) in connection with Art. 83 sec. 1 and 2, art. 83 sec. 4 lit

in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter GDPR), and C/

violation of thearticle 5.1.f), in relation to article 6.1 of the RGPD.The violation of article 5.1.f) of the RGPD is typified in article 83.5.a)of the RGPD.

information under Article 13 GDPR is illegal. Consequently, the APED decided to issue a fine of €1.500 for the violation of Article 13 GDPR. Share your comments

Articles 5(1)(a), (d) and (f), 9 and 32(1)(b) GDPR.” Pursuant to Article 58(2)(i), the DPA hence imposed an administrative fine as per Article 83(4) and

violation of the principle of integrity and confidentiality pursuant to Article 5(1)(f) GDPR. The DPA followed that the above-mentioned violation was a result

in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European

under Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet

of an infringement of Article 5 (1) (f) of the GDPR under (74345679) (f) of the GDPR, as set out in Article 83 (5) (a) of the GDPR. SECOND: To notify this

the authority initiated proceedings for the alleged infringement of Article 5(1)(d) GDPR against the political party aforementioned. The Political party acknowledged

process these data. Article 29 of the Croatian Labour Act and Article 5(4) of the Labour Law Rulebook (Official Gazette, no. 73/17) refer, among others

COMMUNITY OF OWNERS RRR, withNIF *** NIF. 1 , for a violation of Article 5.1.f) of the RGPD, in relation to ArticleC / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd

commerce (hereinafter LSSI), as provided in article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, on Administrative Procedure Common of Public

under Article 6(1)(f) GDPR is not a valid legal basis for the processing of cookies. The Italian DPA also held that the controller violated Article 122 of

for a infringement of Article 5.1.f) of the RGPD, as defined in Article 83.5 of the RGPD, following the application of Article 85(1) and (3) of LPACAP, a

regulated in article 6 of the GDPR. The assumptions that allow the processing of personal data to be considered lawful listed in article 6.1 of the GDPR: 1. Treatment

on April 1, 2017 in the amount of €39.96, 14 Tariff B... increase on April 1, 2020 in the amount of €74.26, 15Tarif T... increase on April 1, 2017 in the

right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can

claimed party, for the alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: Notification of the aforementioned start-up

Sections 1004 analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could

regulated in article 6 of the GDPR. The assumptions that allow the processing of personal data to be considered lawful listed in article 6.1 of the GDPR: 1. Treatment

and GDPR? Is a prediction of a political affiliation a "special category of data" under Article 9(1) GDPR? How much are the damages under Article 82 GDPR

is maintained under Article 6.1 b) to f) of the GDPR and therefore in Article 6.1.c) invoked in the species. Article 6.1 of the GDPR in fact reproduces

infringements of Article 5(1)(f), Article 24, and Article 32 GDPR, and to the objection of the IT SA on the possible infringement of Article 5(2) GDPR, the EDPB

expressed in Article 5 (1 ) (a)) f, and reflected in the obligations set out in Article 24 (1), Article 25 (1), Article 32 (1 ) (b ) and (d) and Article 32 (2)

in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter GDPR), and C/

of article 17 of the GDPR. X Classification of the infringement of article 17 of the GDPR The aforementioned infringement of article 17 of the GDPR supposes

with the principle of fair and transparent processing contained in Article 5(1)(a) GDPR? Is the information relating to personal data processing operations

for the infringement of Article 5.1 f) of the RGPD, typified in Article 83.5 a) of the RGPD and considered very serious in 72.1.a), for the purposes of

processing is based on consent under Article 6(1)(a) GDPR, the consent must meet the requirements of, among others, Article 7 GDPR. The DPA observed deficiencies

measures, from unauthorized processing "(Article 5, paragraph 1, letter a) , e) and f), of the Regulation). 3.1 Information for interested parties From

subject's right to lodge a complaint as per Article 77 GDPR, in conjunction with Recital 141, and Article 57(1)(f) GDPR. The Board referenced an earlier decision

(1) GDPR? The AEPD found that publishing the image of the data subject without his consent was a violation of Article 6 (1) GDPR, and decided to fine the

interest" as a basis for treatment. 5.2. Article 6 (1) (f) of the Privacy Regulation - "legitimate interest" Article 6 (1) (f) requires that the collection of

private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA

violated Article 6(1)GDPR, for processing personal data without a legal basis. Hence, the AEPD decided to fine Telefónica for the violation of Article 6(1)GDPR

controller, in this case the public administration, breached Articles 5(1)(c) and 5(1)(f) GDPR. The AEPD examined a complaint submitted by an anonymous citizen

role of the person responsible, Art. 4 No. 7 GDPR. In particular, the requirements of Art. 6 Para. 1 S.1 f) GDPR are not met. Legally, the Authorization to

lawfulness, fairness and transparency under Article 5(1)(a) GDPR, and the principle of accountability under Article 5(2) GDPR. Additionally, the HDPA held that the

infringement in the context of Article 82(1) of the GDPR. cc) The answer to the legal question of how Article 82 (1) of the GDPR is to be interpreted against

same - that, pursuant to Article 166, paragraph 7, of the Code, and Article 16, paragraph 1, of the Regulation of the Guarantor no. 1/2019, this measure should

(AVG). Article 6.1 of the AVG states that: Processing is only lawful if and insofar as at least one of the following conditions is met: (…) (f) processing

referred to as LPACAP), for the alleged infringement of Article 6.1 of the RGPD, as defined in Article 83.5 of the RGPD. FOURTH: Upon notification of the aforementioned

under Article 82(1) of the GDPR; they can only "lead to [...] non-material damage". [21] (7) Compensation for non-material damage under Art 82(1) GDPR therefore

secrecy (Section 1 (1) DSG) as follows The appeal is dismissed as unfounded. Legal basis: Article 51(1), Article 57(1)(f) and Article 77(1) of Regulation

or by a third party. The court used Article 9(2)(f) GDPR to interpret legitimate interests under Article 6(1)(f) GDPR as including the establishment, exercise

the processing of personal data of the data subject (Article 5(1)(a) GDPR; Article 6 and Article 8 of the Italian Legislative Decree No. 101 of August

in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European

violation of the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned

for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned

the same year, for alleged infringement of Article 5.1.f) of the GDPR, typified in article 83.5 of the GDPR, proposing a fine of 50,000 euros. Vodafone

of article 39 bis 2 of the LSSI so that withinONE MONTH from the notification of this resolution:2.1. COMPLIES with the provisions of article 21.1 of the

administrative procedure according to the provisions of article 114.1.c) of Law 39/2015, of October 1, on the Common Administrative Procedure of Public Administrations

Regulation no. 1/2000; REPORTER Dr. Antonello Soro; PROVIDED THAT 1. The complaint against the company and the investigative activity. 1.1. With a complaint

described violates article 6.1. of the RGPD and is subsumable in the sanctioning type of the article 83.5.a, of the RGPD. IV Article 72.1.b) of the LOPDGDD

OF OWNERS R.R.R., with NIF ***NIF.1, for a violation of Article 5.1.f) of the GDPR, typified in Article 83.5 of the GDPR, a fine of €2000. SECOND: NOTIFY

implementing the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a

pursuant to Article 17.1 GDPR , and that the data controller subsequently confirmed the deletion of her account, as required by Article 12(3) and (4) 1 1. The

with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the GDPR; and in article 47 of the LOPDGDD. SECOND: In accordance

infringement of Article 12(3) GDPR, as explained above, under the provisions of Article 83 of the GDPR, I take into account the following mitigating (1-3) and aggravating

alleged infringement of Article 5(1)(f) GDPR. Does the action of the defendant constitute a violation of Article 5(1)(f) GDPR? Considering the evidence

DPA (AEPD) imposed a €1000 fine on a beauty salon for breaching Article 17 GDPR and Article 21 LSSI. The salon sent a marketing SMS to a client months after

an infractionof article 6 of the RGPD, typified in article 83.5.a) and classified as very serious toprescription effects in article 72.1.b) of the LOPDGDD

ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of

" *** DIRECCION.2 *** *** LOCALIDAD.1 CCAA.1 " . In section“ NIF ” the *** NIF.1. And in the section " Telephone 1" the mobile number*** PHONE . 2. The

Agency's decision 3.1. Authorization to record telephone conversations 3.1.1. Pursuant to Article 9 (1) of the Data Protection Regulation 1, there is in principle

given the almost total identity between its article 7.f) and article 6.1.f) of the RGPD Article 7, letter f) of said Directive indicated: “Member States

the rules in the Data Protection Regulation [1], cf. Article 6 (1). Article 17 (1) (e) and Article 17 (1) 3, letter b. However, the Danish Data Protection

against the controller. Based on Article 72(1)(b) of the national data protection law, and Articles 83(1) and 83(2) GDPR, the DPA considered aggravating

be processed in accordance with Article 6 (2) of the Data Protection Regulation. 1 (a) to (f). Pursuant to Article 6 (1) of the Data Protection Regulation

VODAIONE ONO SAU, with C.I.F. A62186556, for infringement of Article 48 (1) (b) of Law LGT, which is classified as ‘minor’ in Article 78 (11) of the Law. SECOND:Notify

Justification 3.1.1. Regarding the purpose limitation findings (Article 5.1 b) GDPR) and the lawfulness of processing (Article 6.1 GDPR) 12. In its report

purpose limitation in accordance with Article 5 Paragraph 1 Letter b GDPR (Paal/Pauly/Paal, 3rd edition 2021, GDPR Article 15 Rn. 24). The plaintiff has a right

competent to decide, in accordance with the provisions of Article 56(2) in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of the European Parliament

personal data under Article 15 GDPR? The Spanish DPA held that the airline company had not complied with the right to access in Article 15 GDPR when it refused

functions assigned to the control authorities in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es

of the GDPR: art. 5.1 a, 12.1, 13, 14, 6, 7, 5.1.c in conjunction with 25, 5.2, 28.3, 31, 37 and 38 AVG. 63. With regard to Article 5 (1) (a) GDPR, the defendant

in accordance with Article 5, paragraph 1, preamble and under b, of the GDPR. 4.4. Article 6, paragraph 1, opening words, of the GDPR stipulates that processing

it was not possible to rely on Article 6(1)(a) GDPR. Secondly, the DPA recalled that, according to Article 6(1)(f) GDPR, processing of personal data on

once all the persona data mentioned by virtue of Article 15(1) GDPR, in the lights of Recital (63) GDPR. Thus, the authority ruled that the lack of a complete

comply with section 5.1(b) of the MDR, and for failure to comply with section 5.1(a) of the MDR. and 5.1(b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the MDR

with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the GDPR; and in article 47 of the LOPDGDD. SECOND: In accordance

necessary according to Article 17(3)(b) GDPR and Article 17(3)(e) GDPR. The controller stated that, according to Chapter 8 Section 1(2)(4) of the Finnish

legal bases provided by the GDPR and national data protection law. 2. According to article 6 par. 1 sec. b and f of the GDPR "1. The processing is lawful

controller was in breach of Article 38(1) GDPR at the time of the investigation. Regarding the breach of Article 39(1)(b) GDPR, the CNPD concurred with the

means of processing the personal data. The DPA found a breach of Article 5(1)(f) GDPR since the personal data of the data subject were disclosed to a third

infringement of article 5.1.c) of the RGPD and article 13 of the RGPD, typified in Article 83.5 a) and b) of the GDPR. FIFTH: On 12/17/2021 the claimant

absence of consent under Art. 6(1)(a) GDPR, a balance of interests according to Art. 6(1)(f) GDPR is required. The legitimate interests pursued by the plaintiff

(see “1.2.4- As regards the complaint according to which the defendant hadless time than the complainant to prepare his arguments ”).1.1.1. Place1.1.1.1.-

point (e) of Article 6(1) of the GDPR. 48 If a data subject has objected to the data processing, it follows from Article 21(1) of the GDPR that compelling

referred to as [applicant] and the State. 1 The procedure 1.1. An application dated 30 January 2019 with productions 1 to 7 was received at the Registry of

of the data subject's rights under, inter alia, Article 17 on deletion. In accordance with Article 12 (1) of the Data Protection Regulation. 6, a data controller

in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter GDPR), and in

provided in article 5.1.f) and 32.1 of the GDPR (LCEur 2016, 605). It should be noted that the GDPR, without prejudice to the provisions of its article 83, contemplates

comes regulated in article 32 of the GDPR. II Article 5.1.f) of the GDPR Article 5.1.f) of the GDPR establishes the following: "Article 5 Principles relating

subject's request to remove the search result link as per Article 58(2)(c) GDPR? Article 87 GDPR gives Member States the right to specify conditions for

established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there was

appeals to that effect legitimate interest (Article 6.1 f) GDPR). 26. In accordance with Article 6.1 f) GDPR and the case law of the Court of Justice of

for the use of XXX cameras could be derived from IKÜ Article 6(1)(f). According to Article 6(1)(f) of IKÜM, the processing of personal data is legal if

required by Article 12 GDPR. The DPA clarified that the right of information and the right of access are distinct. An access request under Article 15 GDPR is not

in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European

under Article 77(1) GDPR and subsequently the right of judicial remedy against the supervisory authority under Article 78(1) GDPR. Article 79 (1) GDPR provides

in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European

worden ervan. 17. Zoals uitgezet in haar Beslissing 17/2020,1 is de Geschillenkamer een orgaan van de GBA, opgericht krachtens artikel 4(1) van de WOG,

accordance with the provisions of paragraph 2 of Article 56 in relation to paragraph 1 f) of Article 57, both of Regulation (EU) 2016/679 of the European

that Wind Tre had violated the following articles of the GDPR: Articles 5(1), 5(2), 6(1)(a), 7, 12(1), 12(2), 24 and 25. It subsequently fined Wind Tre 16

her life. Her objection to processing follows from Article 21(1) GDPR. ING argues that Article 21(1) GDPR cannot be relied on in this case because it applies

of Article 6(1) GDPR? The Spanish DPA held that the documentation in the file provides evidence that G.L.P. Instalaciones 86, S.L violated Article 6(1)

imposed a fine of 20.000 EUR on IBERIA Airlines for the violation of Article 6(1)(f) GDPR, when further sending unsolicited emails after a customer has requested

IV Right to erasure Article 17 of the GDPR, which regulates the right to deletion of personal data, establishes the following: "1. The interested party

of Articles 5.1.a, 5.1.b, 6.1.c), 6.3, 9.2.i), 12.1, 13.1.c), 13.2.a), 13.2.d), 13.2.e), 30.1.a) and 30.1.d), 35.1 and 35.7 of the GDPR 9. The applicant

determines the purposes and means of the processing". According to Article 26(1) of the GDPR, "where two or more controllers jointly determine the purposes

for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned

violation of article 6.1. f) of the RGPD, in relation with article 20.1 c) of the LOPDGDD, typified in article 83.5.a) of the cited GDPR That by writing

as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal

in accordance with the provisions of section 2 of article 56 in in relation to section 1 f) of article 57, both of Regulation (EU) 2016/679 of the European

imposed by sections 24.1., 28.1. and 30.1. of the DGPS ; -On 11 June 2019, the Disputes Chamber decides, pursuant to Article 95, § 1, 1° and 98 of the ICA

breach of the obligation to inform pursuant to Article 14 of the GDPR 20. According to Article 14 of the GDPR: 1. Where personal data has not been collected

specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "1. Each supervisory authority

This behaviour was in violation of Article 31 GDPR. Thirdly, Company B was found to be in violation of Article 32(1) GDPR. This provision imposes an obligation

108. Article 17 of the Regulation defines the conditions under which data subjects are entitled to have their personal data erased. Article 17-1-c), in

par. 1, letter a) and c); 6, par. 1, letter c) and e), par. 2 and par. 3, letter b); 9, par. 1, 2, 4, of the Regulation; Articles 2-ter, par. 1 and 3

the general rule of Article 15 (1) (a), c) and d) of the GDPR by not giving substantive, specific answers to the request under Article 15 and by sharing

for the violation of Article 6 GDPR and € 4 000 for the violation of article 13, under the power conferred by Article 83(5) GDPR. Share your comments here

proceedings Article 77 (1) and Article 22 (b) of the General Data Protection Regulation. may be submitted in the case provided for in Under Article 77 (1) of the

filmed by the owner of the location. Principles in Article 5(1)(a) and (c) and Article 6(1)(f) GDPR are therefore violated. In addition there were violations

pursuant to Article 13 GDPR. In the present case, the controller omitted this obligation. The DPA therefore held that the controller violated Article 13 GDPR

fines of €50,000 on IBERDROLA CLIENTES, SAU for infringement of Article 5(1) GDPR and 17 GDPR respectively. A former IBERDROLA client complained to the Spanish

applicable to the controller, including Articles 5(1)(a) and 6 GDPR. As a matter of fact, Articles 5(1)(a) and 6 GDPR set general principles and conditions of processing

proceeding personal data under Article 5(1)(a) GDPR. Lursoft claim to be have such a legal basis under Article 6(1)(c) GDPR. However, this was rejected by

accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently

basis under Article 6(1)(c) GDPR, the Court found that the data subject cannot exercise his right to object pursuant to Article 21(1) GDPR. Secondly, the

of Articles 5, par. 1, letter a) and c); 6, par. 1, letter c) and e), par. 2 and par. 3, letter b) and Article 2-ter, paragraphs 1 and 3, caused by the

itself, that the information and measures mentioned in Article 33(1)(b) to Article 33(1)(d) GDPR must also be communicated to the data subject. However

commercial SMS on your mobile line ***PHONE.1. In this sense, article 21 of the LSSI provides the following: "1. The sending of advertising or promotional

meant to refer to Article 6(1)(f) GDPR instead (like a similar case by the Cyprian DPA). Since the DPA only referred to Article 6(1) GDPR, and did not specify

violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)

fairness and transparency (Article 5.1 a) GDPR), purpose limitation (Article 5.1 b) GDPR) and minimum data processing (Article 5.1 c) GDPR); 4) the legal basis

DECISION DKE.561.1.2020 The Commission shall be assisted by the European Parliament and the Council in the context of Article 31, Article 58(1)(e) in conjunction

The Garante ascertained the violation of: 1. Violation of articles 5(1) and (2), 6(1), 7, 24 and 25(1) GDPR, since Fastweb has not proceeded to implement

of public space respect Article 5 (1) (c) GDPR? The AEPD held that the installation of a video surveillance system under Article 22 LOPDGDD must always

AEPD concluded that the defendant could have breached Article 13 GDPR, Article 7 GDPR and Article 22(2) LSSI: there was no identification of the data controller

lack of consent, he exercised his right to erasure according to Article 17(1)(b) GDPR. The AEPD found that the complainant had provided the FEDA with his

B., with NIF ***NIF.1, in accordance with article 58.2.d) of the GDPR, for a violation of article 13 of the GDPR typified in article 83.5.b) of the aforementioned

information: tion and manifestations: 1. DNI data and postal addresses of the parents of D.D.D .; Mr. E.E.E. and Doña F.F.F .. What about D.D.D. no data is obtained

with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the RGPD; and in article 47 of the LOPDGDD. C/ Jorge Juan

(Considering 40 GDPR), Article 6.1 of the GDPR is therefore applicable and not RD 1720/2007 used by the defendant. Thus, the aforementioned article 6.1 GDPR establishes

controller had violated Article 6(1) GDPR since the legitimate interest assessment on which the processing was based (Article 6(1)(f) GDPR) was understood as

adequate information under Article 13 GDPR, and for the processing of personal data in a manner contrary to Article 5(1)(a) of the GDPR. A data subject submitted

violation of Article 5(1)(a), (b), (d) and (e) GDPR. Furthermore, there was no legal basis for these processing operations under Article 6(1) GDPR. The DPA

there is no violation of articles 5.1(c), 5.1(d), 5.1(e) and 5.1(f). Articles 5.1(c), (d) and (f), 5.2, 12, 16, 24, 25, 30.1, 31, 32, 38.3 and 38.6 of the AVG

images, in violation of Article 5(1)(a) GDPR? The Spanish DPA (AEPD) found that the defendant's conduct violated Article 5(1)(a) GDPR, as a broader principle

having knowledge of the following: 1.1 In general, marketing actions can be classified attending to several criteria. 1.1.1. Campaigns managed directly by

otherwise makes it impossible to exercise the information function" (Article 2, paragraph 1, of the Deontological Rules) and that the existence of this requirement

lack of a valid legal basis as per Article 6(1)(f) GDPR and a fine of €30,382 (NOK 300,000) for breaching Article 6(1)(f), 13 and 24. After the Company shared

Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg

case; (…)” IV Infringement of Article 6.1.a) of the GDPR Article 5, Principles relating to processing, of the RGPD states: "1. Personal data shall be: (a)

plain. The word "concise" in Article 12(1) GDPR, however, does not mean incomplete, all mandatory information from Article 13 GDPR must still be included. The

which the person responsible is subject. In contrast to Article 6 (1) (b) GDPR, Article 6 (1) (c) GDPR with “legal obligation” does not mean a contractual

data subject (Article 26 GDPR). The processing by the processor must, in accordance with the provisions of article 28 paragraph 3 of the GDPR, be governed

the principle of confidentiality, namely Article 5(1)(f) GDPR, and thus, it did not comply with Article 5(2) GDPR referred as the principle of "proactive

of art. 17 of the Regulation of the Guarantor no. 1/2019 are met. Pursuant to Article 78 of the Regulation, Article 152 of the Code and Article 10 of Legislative

is only determined by Article 5 et seqq. GDPR. A violation of Article 13 or 14 GDPR can be fined under Article 83(5) GDPR but it does not affect the lawfulness

according to which data subjects may request delisting as under Article 17.1 GDPR. 30. The GDPR therefore changes the burden of proof, providing a presumption

J10460640 , for aviolation of article 6 of the RGPD, typified in article 83.5 of the RGPD, in relation towith article 72.1 b) of the LOPDGDD, a fine of

allegations to the initiation of the file. In this sense, article 64.2.f) of Law 39/2015, of October 1, of the Common Administrative Procedure of Public Administrations

under Article 5.1 sentence 1 of the Basic Law. The claim to access to information is based on § 2.1 sentence 1 no. 1 VIG and not on Article 5.1 sentence

loss of control of personal data and a breach of Article 5(1)(f) GDPR, Article 6 GDPR and Article 32(2) GDPR. The first complainant is a company that is engaged

performance of a contract" or "legitimate interest" pursuant to "W" (Article 6.1.b or Article 6.1.f of the AVG). 128. In particular, the website may invoke its

requirements of article 24 and 32, paragraph 1, AVG and further elaborated in article32, paragraph2, preamble, FISHOrdinancesBIO standards5.1.1,5.1.1.1and5.1.2.1.

B67543355, for a violation of Article 48.1.b) of the LGT, typified in Article 78.11 of the LGT (minor offense), a fine of € 1,500 (one thousand five hundred

building, which was considered a data breach and therefore a violation of Article 32(1) GDPR. The Police Force of Navarra (Spain) reported to the AEPD the fact

infringement of article 32.1 of the RGPD, typified in article 83.4.a) of the RGPD, a fine of € 3,000 (three thousand euros), in accordance with article 73.g) of

the authority ofcontrol pursuant to Article 58 (2), or failure to provide access in breachof article 58, paragraph 1. "Organic Law 3/2018, on the Protection

Articles 6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the

infringement of Article 5.1.f) of the RGPD, Article 33 of the RGPD, Article 25 of the RGPD and Article 32 of the RGPD, typified in Article 83.5 of the RGPD

CPDP issued NRA an order under Article 58(2)(d) supra Article 57(1)(a) and Article 83(2)(a), (c), (d), (f) and (g) of the GDPR for undertaking suitable technical

the Guarantor n. 1/2000; Rapporteur dr. Antonello Soro; WHEREAS 1. The complaint against the company and the preliminary activity. 1.1. With a complaint

right of access under Article 15 GDPR? By denying the complainant access, did the respondent infringe Articles 12(1) or 12(2) GDPR? The NAIH that the complainant's

according to article 4.1 of the GDPR, are a Personal data and its protection, therefore, is the subject of said Regulation. In the article 4.2 of the GDPR defines

imposed by sections 24.1., 28.1. and 30.1. of the DGPS ; -On 11 June 2019, the Disputes Chamber decides, pursuant to Article 95, § 1, 1° and 98 of the ICA

October 1, of the Common Administrative Procedure of Public Administrations (hereinafter, LPACAP), for the alleged violation of article 5.1.f) of Regulation

(LOPDGDD) in its article 72.1 m), under the rubric “Infractions considered very grave ”provides: "1. In accordance with the provisions of article 83.5 of Regulation

the infringements of Articles 32 and 33 GDPR as "serious" offences, whilst the violation of Article 5(1)(f) GDPR was considered a "very serious" offence

constitutes sensitive data within the meaning of Article 9 GDPR. The DPA alluded to Article 9(1) GDPR which prohibits the processing of these special categories

Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg

complaint - infringes Article 6(1) GDPR, by unlawfully processing the complainant's personal data, in relation to Article 5(1)(f) GDPR, which governs the

processing at any time if the data subject so requests (see Art 17 (1), Article 21 (1)) or if a data protection breach occurs. 4.7. Challenger: AKI breached

his compliance with the principles of article 5 par. 1 of the GDPR. 5. Furthermore, Article 6 para. 1 of the GDPR provides, among other things, that the

data under the GDPR. The Italian DPA started an investigation concerning potential violations of Articles 5(1)(a), 6, 13, 28(1) and 35 GDPR. The Italian

have entered into a breacha / 'article 14.1-2 combined' article 12.3, article 6, article 5.1, c) and articles 5.2 and 24.1-2 of the RGPO. It is therefore

es Page 17 17/177 Article 6 of the RGPD, typified in Article 83.5.a) of the aforementioned Regulation; and for the alleged violation of article 22 of the

functions assigned to the control authorities in article 57.1 and the powers granted in the article 58.1 of Regulation (EU) 2016/679 (General Data Protection

[The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or

valid consent under Article 4(11) GDPR and Article 6(1) LOPDGDD (National data protection law aimed at the implementation of the GDPR). In both articles

complied with Article 13. of Regulation (EU) 2016/679, cf. Paragraph 2 Article 17 Act no. 90/2018, Coll. and point 1. Paragraph 1 Article 8 Act no. 90/2018

least one of the conditions referred to in Article 6(1) of the AVG is met. In points (e) and (f), Article 6(1) sets out, inter alia, the condition that

referred to as ABN AMRO. 1.2 1.2 [Appellants] lodged an appeal with the Court of Appeal on 1 May 2019, received at the Court Registry on 1 May 2019, against the

provides as follows: - (1) This section applies where, after a data subject makes a complaint under section 165 or Article 77 of the GDPR, the Commissioner-

rely on Article 6(1)(b) GDPR in the context of its offering of the Instagram Terms of Use, and to include an infringement of Article 6(1) GDPR” (Para 137)

submits that Article 77 AVG 2, interpreted in the light of Articles 1, 51(1) and 57 AVG, recitals 7, 10 and 141 AVG, Article 8 Charter and Article 16 TFEU,

obligations arising from Article 5(1)(e) of the GDPR. D. On the breach of the transparency obligation 36. Article 12(1) of the GDPR provides that "the controller

data breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal

party, breach Article 6(1) GDPR? The Spanish DPA (AEPD) referred to the principle of lawfulness, fairness and transparency (Article 5(1)(a)), as well as

amount of the fine under Article 83(2) GDPR. The data subjects complains about the violation of its right of access (Article 15 GDPR) by the Istituto Nazionale

According to Article 94 of the GDPR "references to the repealed directive must be understood as references to the [GDPR]". 84. Under Article 4, paragraph

data concerning him / her on the basis of Article 6 (1) (f) of the GDPR . Should Article 21 (1) of the GDPR - and in particular the addition `` at any

relief against a controller according to Article 17(1) GDPR. The court found that the requirements of Article 17(1) GDPR were met and that the already issued

(Article 57, 1., a) GDPR), and the performance of all other related tasks with the protection of personal data (Article 57, 1., v) GDPR). 10 49. In that respect

Specifically, these are Sections 17(3), 3(5) ApBetrO, 43 AMG, 11(1) sentence 1 no. 3, no. 7 and no. 11 HWG, and Section 14(2) no. 1 BerufsO of the Saxony-Anhalt

art. 5 and 6 of the GDPR? The DPA held that Regione Campania violated art 5(1)(a)(c), art. 6(1)(c)(e), art. 6(2) and art. 6(3)(b) GDPR, and concluded that

virtue of article 4.7 of the GDPR. For its part, article 5.1.c) of the GDPR regulates the “principles relating to processing” establishing that: “1. Personal

personal data by bank to the data subject's wife under Article 5 (1) (a) GDPR and Article 5 (1) (f) GDPR. An additional €50,000 was added for the violation

supervisory authority pursuant to Article 58(2) or failing to provide access in violation of Article 58(1).” Article 72.1 (m) of Organic Law 3/2018 on the

Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.000

the exceptional circumstances of Article 23 (1) e GDPR in conjunction with Sections 32c (1) No. 1, 32b (1) sentence 1 No 1 a, sentence 2, § 32 paragraph 2

publication would violate the principle of data minimisation as well as Article 6(1)(f) GDPR. However, in doing so, the Commissioner did not disclose the existence

Articles 6 and 13 GDPR? The AEPD decided to impose, for infringement of Article 6 GDPR, a fine of € 10000 and, for infringement of Article 13 GDPR, a fine of

rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, and the right to restriction of processing under Article 18 GDPR. The court therefore

the processing, taking into account article 11 par. 1 and 2 of Law 3471/2006, may be article 6 par. 1 f of the GDPR ("the processing is necessary for the

Section 1 (1) DSG can therefore not be assumed (RS0130870). 3.2.1. On the legality of the publication of the BF's data in the app Art 6 para 1 GDPR contains

with NIF G08564379, an infringement of article 5.1.b) GDPR, typified in Article 83.5 GDPR, in relation to Article 72.1 a) of the LOPDGDD, a fine of 5000 euros

found that the right to a copy under Article 15(3) GDPR is independent from the right to access under Article 15(1) GDPR and is to be construed extensively

out by the school). Article 9 GDPR, for having processed biometric data without any valid ground from Article 9(2). Article 13 GDPR, for not having informed

sanction Vodafone in accordance with Article 83(5)(e) GDPR, for the non-compliance with an order pursuant to Article 58(1) GDPR. For this infringement, the AEPD

breach Article 13 GDPR even if the contact form is not operational? The Spanish DPA (AEPD) held that the defendant, PSI, violated Article 13 GDPR by failing

taken place in accordance with Article 5 (1) of the Data Protection Regulation. 1, letter e, and Article 6, para. 1, cf. Article 4, point 11. The Danish Data

legal bases of contract (Article 6(1)(b) GDPR), legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR) and determined that

Austria and Germany: 1.1.1. For a right of choice for the person responsible: According to Haidinger in Knyrim, DatKomm Art 15 GDPR margin no. 39, the word

with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the GDPR; and in article 47 of the LOPDGDD. SECOND: In accordance

the alleged violation of article 21 of theLSSI, classified as minor infractions according to article 39.1.c) of said textlegal.1. APPOINT RRR as an instructor

thealleged infringement of Article 6 of the RGPD, typified in Article 83.5 a) of the RGPDand considered very serious in 72.1.a), for the purposes of prescription

ofinvestigation granted to the control authorities in article 57.1 of the Regulation(EU) 2016/679 (RGPD). Thus, dated 02/17/20, an informative request is addressed tothe