Search results
From GDPRhub
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 17(3)(d) GDPR) (section Article 17(1)(d) GDPR)as there is no reference to Article 17 GDPR. The DSB decided that there is no ground for erasure under Article 17(1)(d) GDPR. According to the DSB there31 KB (4,648 words) - 13:56, 12 May 2023
- Personvernnemnda (Norway) - PVN-2022-19 (category Article 17(3)(d) GDPR)(letter d). About the exceptions in article 17 no. 3 letters b and d, the ministry says in Prop. 56 LS (2017-2018) page 81: "Article 17 no. 3 letter d makes23 KB (3,547 words) - 10:05, 17 November 2023
- Persónuvernd (Iceland) - Case no. 2021010248 (category Article 17(3)(d) GDPR)the right to erasure of data subjects granted by Article 17(1) GDPR, the DPA noted that Article 17(3) GDPR provides an exception to the right. Namely, as18 KB (2,641 words) - 10:46, 5 January 2023
- Datatilsynet (Norway) - PVN-2022-21 (category Article 17(3)(d) GDPR)pursuant to Article 17(1) GDPR, and secondly, that the DPA must also decide on the scope of the exceptions that follow from Article 17(3)(b) GDPR and 17(3)(d)GDPR25 KB (3,868 words) - 15:17, 26 April 2023
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- consent under Article 7(3), object under Article 21 GDPR or if the processing is in fact compliant with the principles of Article 5(1) GDPR. Simply listing71 KB (9,532 words) - 13:30, 6 March 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)proportionate (Article 7 and 8 EU Charter of Fundamental Rights) and in compliance with Article 6(2) and (3) GDPR. According to Article 6(3) GDPR, the legal108 KB (17,005 words) - 15:39, 18 March 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- Upravno sodišče - TBD (category Article 17 GDPR)impair the achievement of the objectives of that processing (Article 17(3)(d) GDPR). The SA emphasised, that the aforementioned act itself stipulates that8 KB (1,014 words) - 10:16, 10 May 2022
- further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 2 GDPR (category GDPR Articles) (section (d) Prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties)elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- Article 32 GDPR (category GDPR Articles) (section (d) Regularly testing, assessing and evaluating...)evaluating the effectiveness of security measures (Article 32(1)(d) GDPR). According to Article 4(5) GDPR, "pseudonymisation" means the processing of personal41 KB (5,197 words) - 12:17, 17 April 2024
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)and (3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5)32 KB (3,730 words) - 08:43, 7 March 2024
- requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 23 GDPR (category GDPR Articles) (section (d) Prevention, investigation, detection or prosecution of criminal offenses)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- Garante per la protezione dei dati personali (Italy) (section Complaints Procedure under Art 77 GDPR)Garante. For example, Article 3 reiterates the general principles of fairness and transparency of the proceeding before the DPA. Article 12 ensures a right7 KB (808 words) - 08:17, 16 February 2023
- not directly mentioned by Article 33(3)(b)-(d) GDPR could be shared as additional information by the controller Article 34(3) GDPR lists three exemptions37 KB (3,962 words) - 15:20, 16 June 2023
- Article 33 GDPR (category GDPR Articles) (section (3) Minimal requirements of the controller's notification.)respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences54 KB (6,536 words) - 08:22, 16 June 2023
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)Category:Article 83 GDPR The wording “infringements of this Regulation” in Article 83(1) GDPR is slightly imprecise. In fact, Article 83(5)(d) GDPR also provides55 KB (7,622 words) - 14:04, 7 November 2023
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Article 39 GDPR (category GDPR Articles) (section (d)(e) Cooperatian with the supervisory authority)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor should72 KB (9,140 words) - 13:12, 2 June 2023
- provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- Article 16 GDPR (category GDPR Articles)However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article23 KB (2,489 words) - 23:24, 6 March 2024
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 19 GDPR (category GDPR Articles)relying on another legal basis under Article 6 GDPR, or can use either of the exceptions under Article 17(3) GDPR, the processing can carry on. The controller19 KB (1,436 words) - 12:35, 12 May 2023
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- (see Article 52 GDPR) and shall be provided with various competencies (Articles 55, 56 GDPR), tasks (Article 57 GDPR) and powers (Article 58 GDPR). For125 KB (16,328 words) - 16:01, 8 March 2024
- Article 49 GDPR (category GDPR Articles) (section (d) Necessary for Important Reasons of Public Interest)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- Article 64 GDPR (category Article 64 GDPR) (section (3) Conditions for the adoption of the opinion and timeline)to Article 41(3) or a certification body pursuant to Article 43(3); (d) aims to determine standard data protection clauses referred to in point (d) of23 KB (2,079 words) - 16:07, 2 November 2023
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 70 GDPR (category Article 70 GDPR) (section (3) Forwarding the opinions, guidelines, and recommendations)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p29 KB (2,823 words) - 15:15, 28 April 2022
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e) GDPR)31 KB (3,646 words) - 08:51, 21 July 2023
- Article 42 GDPR (category GDPR Articles) (section (3-4) Certification as a voluntary act that does not reduce compliance obligations)or processor should be approved pursuant to Article 58(3) GDPR, or by the EDPB pursuant to Article 63 GDPR. Where such an approval takes place through27 KB (2,452 words) - 14:26, 28 July 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 93 GDPR (category Article 93 GDPR) (section (3) Urgency procedure under Article 8 of Regulation (EU) No. 182/2011)organisation), Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats17 KB (1,096 words) - 08:19, 19 October 2023
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 43 GDPR (category GDPR Articles)Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A19 KB (1,525 words) - 08:18, 19 October 2023
- Article 78 GDPR (category GDPR Articles) (section (3) Competent courts and national procedural requirements)Articles 58(1)(d) or 58(3)(a) and 58(3)(b) GDPR do not qualify as decisions and cannot be subject to legal actions under Article 78(1) GDPR. A data subject30 KB (3,874 words) - 10:46, 7 December 2023
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)purposes of Article 17 TFEU and the DPD, and the Advocate General's Opinion in the same case suggests that this may be true also under Article 91 GDPR”. See25 KB (2,482 words) - 10:04, 19 March 2024
- CJEU - Joined Cases C‑26/22 and C‑64/22 - SCHUFA (category Article 17(1)(d) GDPR)interests under Article 6(1)(f) GDPR. On the erasure obligations under Article 17 GDPR, the CJEU held that under Article 17(1)(d) GDPR SCHUFA will be under15 KB (2,180 words) - 08:23, 13 December 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- at/dam/jcr:ee7b155a-0a1f-4d00-98e9-902314c7022d/Datenschutzbericht%202022.pdf Report: Europe’s governments are failing the GDPR by Brave, page 6 - https://brave11 KB (1,468 words) - 13:27, 14 May 2023
- entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 651 KB (8,215 words) - 09:55, 13 May 2022
- CJEU - C-40/17 - Fashion ID (category Article 80 GDPR)arguing that it wasn’t a controller within the definition set out under Article 2(d) Directive 95/46 and that NRW did not have legal standing to bring a class6 KB (492 words) - 13:09, 1 June 2023
- BVwG - W258 2217446-1 (category Article 17(3) GDPR)Chapter 1.3.3 and Annex 2D, and Annex 3 of the complainant's opinion of 22 January 2019 (OZ 1 p 52, 83 ff and 185 ff). The findings regarding 1.3. are based79 KB (12,652 words) - 09:41, 10 September 2021
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed60 KB (9,144 words) - 16:17, 22 March 2022
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- DSB (Austria) - 2021-0.586.257 (redirect from DSB (Austria) - 2021-0.586.257 (D155.027)) (category Article 57(1)(d) GDPR)question if Google LLC violated Articles 5 et seqq. GDPR in connection with Article 28(3)(a) and Article 29 GDPR. The DSB fully upheld the complaint with regard108 KB (17,097 words) - 13:52, 12 May 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(d) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- VGH Baden-Württemberg - 1 S 397/19 (category Article 17(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)pursuant to Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR)121 KB (20,412 words) - 15:58, 10 March 2022
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)02/14/2023 Response to DEUTSCHE BANK SAE requirement 02/17/2023 Allegations of D.D.D. 02/17/2023 Response to D.D.D. 02/24/2023 Response to HOLALUZ-CLIDOM SA requirement45 KB (7,135 words) - 13:08, 13 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)under Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR143 KB (24,273 words) - 15:59, 10 March 2022
- HDPA (Greece) - 6/2020 (category Article 17(3) GDPR)personal data in accordance with Article 17(1) of the GDPR, except for the exceptions referred to in Article 17(3) of the GDPR.In this case, the deletion is29 KB (4,557 words) - 15:33, 6 December 2023
- Personvernnemnda (Norway) - 2021-18 (20/02059) (category Article 5(1)(d) GDPR)around the processing of personal data subject to Article 10 GDPR. Pursuant to Article 6(1)(f) GDPR, the Privacy Appeals Board conducted a balancing test36 KB (5,859 words) - 06:40, 6 July 2022
- Tietosuojavaltuutetun toimisto (Finland) - 3216/452/17 (category Article 58(2)(d) GDPR)violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR. As a result, and in accordance with Article 58(2)(d) GDPR, the60 KB (9,117 words) - 14:46, 24 January 2024
- HDPA (Greece) - 11/2024 (category Article 17 GDPR)in accordance with Article 21 paragraph 2, d) the personal data were processed unlawfully, [...]' . In paragraph 3 of the same article it is defined that36 KB (5,761 words) - 17:19, 22 April 2024
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 4(11) GDPR) (section 5.3.3. Is valid consent obtained?)considered the controller as referred to in Article 2(d) of Directive 95/46 (Judgment of 10.7.2018, Jehovah's Order, C-25/17, EU: C: 2018: 551, para. 68). 69 In65 KB (9,767 words) - 16:22, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4680/182/18 (category Article 58(2)(d) GDPR)with Article 58(2)(d) GDPR, the DPA ordered the controller to bring its processing operations into compliance with the provisions of Article 9 GDPR. The49 KB (7,496 words) - 14:44, 24 January 2024
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notification of the Commencement Agreement26 KB (4,147 words) - 13:27, 13 December 2023
- AEPD (Spain) - EXP202301529 (category Article 17 GDPR)considering that it has violated the provisions of Article 17 of the GDPR and Article 21 of the GDPR and urge GLOBAL CAPITAL GROUP SPAIN, S.L. with NIF20 KB (3,078 words) - 13:05, 13 December 2023
- Hoge Raad - 21/00241 (category Article 17 GDPR)erasure provided for in Article 17 GDPR? b) that person is not entitled to a right of objection as referred to in Article 21 GDPR? 3. If the answer29 KB (4,605 words) - 17:00, 15 December 2021
- democratic legitimation necessary under Article 23(1) second sentence in conjunction with Article 20(1) and (2) and Article 79(3) of the Basic Law. Since data protection18 KB (1,831 words) - 13:49, 3 November 2022
- CNIL (France) - SAN-2022-019 (category Article 3(2) GDPR)did not react either. GDPR applicable? (Article 3(2) GDPR) The DPA held that the GDPR was applicable pursuant of Article 3(2) GDPR. Because the controller11 KB (1,452 words) - 17:03, 6 December 2023
- AEPD (Spain) - EXP202105680 (category Article 9 GDPR)very serious in article 72.1. e) from the LOPDGDD, with 10,000 euros. -article 13 of the GDPR, in accordance with article 83.5 b) of the GDPR, and for the66 KB (10,558 words) - 13:14, 13 December 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)change of SIM was the correct holder, Mr. D.D.D., not being able in any way notice that said person was not Mr. D.D.D., but a offender who was impersonating270 KB (43,335 words) - 12:39, 13 December 2023
- AEPD (Spain) - EXP202206626 (category Article 5(1)(c) GDPR)accordance with article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 The GDPR defines35 KB (5,475 words) - 13:21, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(3) GDPR)Company A 17/25 measures to the recipients to whom the personal data have been disclosed in accordance with Article 17, paragraph 2, and Article 19; h) withdraw66 KB (9,458 words) - 19:42, 4 September 2021
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines75 KB (12,421 words) - 13:23, 13 December 2023
- BVwG - W211 2225136-1 (category Article 17 GDPR)objected to its processing pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore39 KB (6,244 words) - 09:40, 10 September 2021
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)that the controller had not violated Article 45 GDPR nor any of the subsequent Articles from Chapter V of the GDPR. The AEPD took into account that the44 KB (6,642 words) - 10:34, 13 December 2023
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)records a call to our telephone platform made on 13/04/18 by the user, Ms. D.D.D., requesting the Universal Supply Point Code, located in the ***DIRECTION39 KB (6,623 words) - 14:08, 13 December 2023
- AEPD (Spain) - EXP202205932 (category Article 6(1) GDPR)basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful32 KB (4,952 words) - 13:11, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 58(2)(d) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 4(11) GDPR)addresses that the Medical List does today, cf. GDPR Article 4, No. 11, Article 6 No. 1 letter a, Article 7 and Article 9 No. 2 letter a If current practice is144 KB (23,058 words) - 18:48, 5 March 2022
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)this case under Article 6(1)(a) or 6(1)(c)? If Article 6(1)(a) applies, do the requirements for parental consent under Article 8 GDPR also apply? Did the48 KB (7,926 words) - 16:56, 12 December 2023
- AEPD (Spain) - EXP202201746 (category Article 5(1)(f) GDPR)infringement of Article 32 GDPR. Therefore, the Spanish DPA issued a warning sanction for each violation of Article 5(1)(f) and Article 32 GDPR. AEPD highlighted62 KB (9,703 words) - 13:05, 13 December 2023
- HDPA (Greece) - 20/2020 (category Article 37(3) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)with the principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of61 KB (10,257 words) - 10:15, 1 November 2023
- Datatilsynet (Denmark) - 2020-32-1733 (category Article 17(3)(b) GDPR)pursuant to the Article 17(3)(b) of the GDPR. However, Statistics Denmark has been criticised for not complying with the Article 5(1)(d) of the GDPR, namely,16 KB (2,377 words) - 16:39, 6 December 2023
- AEPD (Spain) - EXP202102430 (category Article 58(2)(d) GDPR)the claimed party, for the alleged violation of Article 32 of the RGPD, typified in Article 83.4 of the GDPR. Once the initiation agreement was notified,33 KB (4,835 words) - 13:26, 13 December 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)established on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data131 KB (14,752 words) - 08:36, 5 July 2023
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)provided for in Article 5(1)(a), (e) and (f), Article 5(2), Article 24(1) and (2), Article 28(3), Article 30(1)(d) and (f) and Article 32(1) of the General58 KB (9,357 words) - 10:02, 17 November 2023
- APD/GBA (Belgium) - 08/2019 (category Article 12(3) GDPR)violated Articles 12(3), (4), 13(2)(b), 30(1)(d) and (g) of the GDPR and issued a warning by virtue of Article 58(2)(b) of the GDPR. Due to the anonimisation24 KB (3,843 words) - 16:51, 12 December 2023
- VG Potsdam - VG 3 K 1458/19 (category Article 17 GDPR)the alert on the SIS system under Article 17(1)(d) GDPR. The reason for the data subject invoking the GDPR is that Article 53(1) Regulation (EU) 2018/186123 KB (3,560 words) - 14:17, 21 February 2024
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)point at which it was found to be unlawful. 3.3 More specifically, in Kyriakidis n. Republic (2013) 3 A.A.D. 629 it was mentioned in this regard: "... we31 KB (4,973 words) - 16:50, 6 December 2023
- HDPA (Greece) - 56/2021 (category Article 13 GDPR)and Article of 11Law No. 3471/2006, in accordance with Article 13(58i2) of the GDPR in conjunction with Article 83(1)(a) of the GDPR. 5 of the GDPR, and54 KB (8,916 words) - 15:22, 22 February 2022
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.121 KB (13,722 words) - 15:16, 5 July 2023
- AEPD (Spain) - PS/00220/2020 (category Article 5(1)(d) GDPR)personal data a breach of Article 5(1)(d)? Can this failure to update data result in a refusal to comply with Article 17 GDPR? The AEPD held that IBERDROLA28 KB (4,295 words) - 14:11, 13 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- NAIH (Hungary) - NAIH/2020/193/8 (category Article 5(1)(d) GDPR)been deleted by the employer upon request pursuant to Article 16, Article 17 and Article 5(1)(d) GDPR (inaccuracy of personal data). Therefore, the employer58 KB (9,413 words) - 10:11, 17 November 2023
- DPC (Ireland) - Inquiry into Airbnb Ireland UC - 28 September 2023 (category Article 13(1)(d) GDPR)issue, the DPC held that the controller did not infringe Article 17(1) GDPR nor Article 12(3) GDPR as it duly responded to the erasure request within 30 days17 KB (2,411 words) - 09:25, 27 November 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))pursuant to Article 17(2) DPA Act. 9. Moreover, as regards the one-stop-shop mechanism, Article 56 GDPR states: "Without prejudice to Article 55, the supervisory429 KB (58,279 words) - 09:12, 2 November 2022
- LG Münster I - ECLI:DE:LGMS:2023:0704.16O238.22.00 (category Article 6(1)(f) GDPR)personal data under Article 17(1)(d) GDPR, and ordered the controller to pay the data subject €579.17 in damages under Article 82(1) GDPR. Share your comments28 KB (4,215 words) - 15:09, 6 December 2023
- AEPD (Spain) - EXP202100764 (category Article 5(1)(f) GDPR)the alleged violation of Article 5.1.f) of the RGPD and Article 32 of the RGPD, typified in Article 83.4 of the RGPD and Article 83.5 of the RGPD. The initiation34 KB (5,184 words) - 13:22, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.010.045 (category Article 5(1)(c) GDPR)that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines74 KB (12,375 words) - 10:07, 4 October 2023
- Datatilsynet (Norway) - 20/01949 (category Article 17(1)(d) GDPR)transparency, cf. Article 5(1)(a), and accuracy, cf. Article (5)(1)(d), they hadn't recorded the processing activity as required in Article 30, hadn't conducted49 KB (7,572 words) - 16:14, 6 December 2023
- AEPD (Spain) - PS/00070/2019 (category Article 13(1)(d) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.009.232 (category Article 12(3) GDPR)breaching Article 12(3) GDPR, since it failed to notify the data subject that her erasure request was satisfied, as well as Article 24(1) GDPR, given that17 KB (2,515 words) - 11:17, 6 February 2024
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)violation of Article 6 of the GDPR, typified in Article 83.5.a) of the GDPR, and classified as very serious for the purposes of prescription in article 72.1.b)74 KB (11,726 words) - 13:02, 13 December 2023
- Rb. Overijssel - AK 20 1535 (category Article 17(3)(b) GDPR)assistance under Article 2.3 of the Youth Act and that deletion would violate the Archives Act (Archiefwet) and Article 17(3)(b) GDPR. The mother objected23 KB (3,225 words) - 11:52, 4 October 2021
- AEPD (Spain) - PS/00219/2019 (category Article 5(1)(d) GDPR)processing personal data without the accuracy required according to Article 5(1)(d) GDPR. BBVA sent the claimant's personal data to a collection agency. The37 KB (5,785 words) - 14:11, 13 December 2023
- RvS - 201905347/1/A3 (category Article 17(3) GDPR)decision of the Minister is no longer based on Article 17(3) GDPR. Instead the decision is based on Article 6(4) GDPR. However the Minister did not explain well25 KB (3,824 words) - 22:46, 10 October 2020
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- AEPD (Spain) - PS/00451/2019 (category Article 6(1)(f) GDPR)regard to article 83.2 (k) of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k)26 KB (4,231 words) - 14:44, 13 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 35(1) GDPR)protection regulation's article 5, subsection 2, cf. Article 5, subsection 1, letter a, Article 24, cf. Article 28, subsection 1, Article 35, subsection 1, as117 KB (18,075 words) - 10:19, 12 September 2022
- AZOP (Croatia) - Decision 17-05-2022 (category Article 6 GDPR)consent, in line with Article 6(1)(a) GDPR. The Court recalled that Article 31 of the Croatian Law on the Implementation of the GDPR stipulates that the15 KB (2,261 words) - 15:55, 30 October 2023
- Datatilsynet (Norway) - 17/01281 (category Article 6(1)(f) GDPR)then involved D because he was chairman of the mission assembly. D contacted B who sent him five footage showing some of what B accused A of. D watched the38 KB (6,275 words) - 16:13, 6 December 2023
- DSB (Austria) - 2020-0.303.727 (category Article 17(1) GDPR)subject to Article 85 GDPR and § 9(1) of the Austrian Data Protection Act? Did the respondent violate the complaint's right to erasure under Article 17 GDPR21 KB (3,266 words) - 13:51, 12 May 2023
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 7(4) GDPR)employees. ». D. Conclusion - Conclusion: 17. In the light of the above and exercising the powers conferred upon me by the provisions of Article 58 (1) (d) I inform56 KB (8,913 words) - 16:52, 6 December 2023
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data115 KB (12,842 words) - 08:38, 5 July 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 6(3) GDPR)reasons, article 780, 3° of the Judicial Code, article 149 of the Constitution and article 6 of the ECHR - the pleas not explicitly stated. 17.3.3. The Procurement83 KB (13,694 words) - 09:53, 14 December 2023
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 5(1)(f) GDPR)principlesprocessing of subparagraphs b '. y '. d 'and e' of par. 1 of article 5 as well as of article 6 par. 1ΓΚΠΔ ... ». 3. Reasoning 3.1. The data contained in an insurance61 KB (9,412 words) - 16:52, 6 December 2023
- Helsingin hallinto-oikeus (Finland) - 116/2024 (category Article 5(1)(a) GDPR)life insurance company had breached Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR as its as its practice was to process41 KB (6,133 words) - 10:29, 25 March 2024
- AEPD (Spain) - PS/00273/2020 (category Article 17 GDPR)DPA (AEPD) imposed a €1000 fine on a beauty salon for breaching Article 17 GDPR and Article 21 LSSI. The salon sent a marketing SMS to a client months after15 KB (2,337 words) - 14:24, 13 December 2023
- TS - 1039/2022 (category Article 18(1)(d) GDPR)provided for in Article 18 GDPR. As explained by the Court, Article 18(1) GDPR, in particular in paragraph (d), is linked to Article 21(1) GDPR, which guarantees44 KB (6,561 words) - 14:24, 24 November 2022
- AEPD (Spain) - EXP202103886 (redirect from AEPD (Spain) - D.A.A.A v VUELING AIRLINES S.A ---- PS/00032/2022 (EXP202103886))provided in the C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 3/17 past to create profiles that allow you to be identified with customer segments45 KB (7,313 words) - 10:32, 13 December 2023
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)claimed party, for the alleged infringement of article 6 of the GDPR, typified in article 83.5 of the GDPR. FOURTH: On January 16, 2023, the aforementioned22 KB (3,427 words) - 13:26, 13 December 2023
- VGH München – 11 ZB 19.991 (category Article 23(1)(d) GDPR)(1) lit. d GDPR. The procedure was also compatible with the principle of purpose limitation within the meaning of Article 5 para. 1 lit. b GDPR. In September31 KB (5,184 words) - 17:19, 15 April 2023
- APD/GBA (Belgium) - 28/2020 (category Article 17(1)(c) GDPR)be erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement27 KB (4,363 words) - 16:56, 12 December 2023
- BVwG - W274 2232028-1/3E (category Article 17 GDPR)is only determined by Article 5 et seqq. GDPR. A violation of Article 13 or 14 GDPR can be fined under Article 83(5) GDPR but it does not affect the lawfulness32 KB (5,232 words) - 09:40, 10 September 2021
- AEPD (Spain) - PS/00101/2020 (category Article 17 GDPR)electronic communications for marketing purposes, connected to Article 6, 7 and 17 of the GDPR. The decision is the consequence of a complaint submitted by13 KB (1,871 words) - 13:59, 13 December 2023
- AEPD (Spain) - EXP202202937 (category Article 17 GDPR)identify the data subject and it shall justify the reasons, as per Article 12(3) GDPR. AEPD stated that, with the documentation provided, the data subject26 KB (3,997 words) - 18:59, 26 February 2024
- AZOP (Croatia) - Decision 28-08-2019 (category Article 17(1)(d) GDPR)violation of Article 5, Article 6, and Article 25 GDPR. It ordered the controller to comply with the data subject's erasure request pursuant to Article 17(1)(d)16 KB (2,373 words) - 15:31, 30 October 2023
- AEPD (Spain) - PS/00051/2020 (category Article 7(3) GDPR)withdrawal of consent under Article 7(3) GDPR. The Authority also considers the existence of a deletion request under Article 17 GDPR. The AEPD concludes that31 KB (4,853 words) - 13:52, 13 December 2023
- AEPD (Spain) - EXP202205353 (category Article 5(1)(f) GDPR)the alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement22 KB (3,386 words) - 16:05, 13 December 2023
- APD/GBA (Belgium) - 11/2019 (category Article 5(1)(b) GDPR)the obligations relating to the right to erase data (Articles 12.3 and 4 and Article 17 of the RGPD) and contained findings going further than the subject24 KB (3,844 words) - 16:51, 12 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- AEPD (Spain) - EXP202201987 (category Article 17 GDPR)under Article 15 GDPR, in a timely manner as well as in clear and transparent form. Second, the DPA looked at the right to erasure under Article 17 GDPR21 KB (3,290 words) - 10:50, 13 December 2023
- AEPD (Spain) - TD/00233/2020 (category Article 17 GDPR)and the free circulation of these data (hereinafter, GDPR); and in article 47 of the Law Organic 3/2018, of December 5, Protection of Personal Data and17 KB (2,670 words) - 14:46, 13 December 2023
- AEPD (Spain) - TD/00185/2019 (category Article 17 GDPR)the following article. Once this period has expired, the interested party may consider his or her claim to be accepted. THIRD: Article 17 of the RGPD provides17 KB (2,620 words) - 14:51, 13 December 2023
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: Notification of the aforementioned start-up22 KB (3,319 words) - 13:00, 13 December 2023
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)applicability of Article 2 (2) point d) GDPR, which reads as follows:“2. This Regulation does not apply to the processing of personal data:(…)(d) by the competent41 KB (6,354 words) - 16:59, 12 December 2023
- AEPD (Spain) - TD/00005/2020 (category Article 17 GDPR)concerned an alleged violation of the applicant's right of erasure (Article 17 GDPR). However, the conflicting information had been anonymized by the webmaster23 KB (3,780 words) - 14:49, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.010.201 (category Article 5(1)(a) GDPR)not be employee consent [Article 6(1)(a)], due to the nature of the employer-employee relationship.' 3. Rationale 3.1 Definitions 3.1.1 According to Articles23 KB (3,737 words) - 10:30, 7 June 2023
- APD/GBA (Belgium) - 38/2021 (category Article 17 GDPR)consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results73 KB (11,604 words) - 16:57, 12 December 2023
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller gives120 KB (19,650 words) - 09:00, 6 April 2022
- CNPD (Portugal) - Deliberação 984/2018 (category Article 32(1)(d) GDPR)points b) and d) and article 83, paragraph 4, al. a), all documented regulation.-In addition, under the terms of article 83, paragraph 3 of the GDPR, the fine40 KB (5,935 words) - 16:55, 6 December 2023
- GHAL - 200.256.426 (category Article 6(4)(d) GDPR)on legitimate interests according to Article 6(1)(f) GDPR and that Ziggo had to comply with Article 6(4)(d) GDPR. The Court found that DFW had a legitimate40 KB (6,777 words) - 16:28, 15 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 4282/161/21 (category Article 17(1) GDPR)controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result, the DPA issued56 KB (8,980 words) - 08:47, 4 March 2024
- Garante per la protezione dei dati personali (Italy) - 9435807 (category Article 58(2)(d) GDPR)indicated in point 3.3 of this decision. 4.3. Safety measures applied to the storage of traffic data. The conduct ascertained in point 3.4 of this decision58 KB (9,448 words) - 15:50, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 58(2)(d) GDPR)for fraud prevention under Article 6(1)(f) GDPR. Did the company’s policy breach Article 6 or any other articles of the GDPR? The Garante held that the33 KB (5,342 words) - 15:52, 6 December 2023
- AEPD (Spain) - TD/00071/2020 (category Article 17 GDPR)made by D. AAA against GOOGLESPAIN, SL.SECOND : NOTIFY this resolution to D. AAA and GOOGLE SPAIN, SL.In accordance with the provisions of article 50 of19 KB (2,948 words) - 14:50, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9446730 (category Article 58(2)(d) GDPR)complainant's computer was accessed (16.5.2018) (note 1.3.2019, p. 4-5). 1.4. On 17 May 2019, pursuant to Article 166, paragraph 5, of the Code, the Office notified34 KB (5,420 words) - 15:51, 6 December 2023
- AEPD (Spain) - TD/00109/2020 (category Article 17 GDPR)prejudice to Articles 12(5) and 15(3) of the EU Regulation 2016/679 and in Article 13(3) and (4) of this Organic Law". FIFTH: Article 15 of the RGPD provides that19 KB (3,100 words) - 14:50, 13 December 2023
- DSB (Austria) - D122.970/0004-DSB/2019 (category Article 17 GDPR)executed. Legal basis: Article 4 lines 1, 2 and 5, Article 11 paragraphs 1 and 2, Article 12 paragraph 2, Article 17 paragraph 1 and Article 58 paragraph 2 lit23 KB (3,622 words) - 13:57, 12 May 2023
- AEPD (Spain) - PS/00239/2022 (category Article 17 GDPR)of article 17 of the GDPR. X Classification of the infringement of article 17 of the GDPR The aforementioned infringement of article 17 of the GDPR supposes60 KB (9,630 words) - 12:34, 13 December 2023
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- NAIH (Hungary) - NAIH-1091-10/2022 (NAIH-6936/2021) (category Article 12(3) GDPR)Customer based on Article 58 (2) point b) of the GDPR, because violated: - Article 6 (1) of the GDPR, 16 - Article 5 (2) of the GDPR, - Article 7 (1) of the69 KB (11,255 words) - 10:08, 17 November 2023
- Rb. Gelderland - C/05/391171 / HA RK 21-135 (category Article 17 GDPR)the principle of storage limitation as used in Article 5 of the GDPR and that Article 17(1)(d) of the GDPR also does not apply.c. Is the method of registration56 KB (9,287 words) - 16:00, 26 January 2022
- AEPD (Spain) - PS/00448/2020 (category Article 17 GDPR)for infringing the following provisions: -Article 17 GDPR – Right to Erasure - €50000 fine -Article 32 GDPR – Failure to implement appropriate technical45 KB (7,217 words) - 14:40, 13 December 2023
- AEPD (Spain) - EXP202201721 (category Article 6(1) GDPR)violated Article 6 and Article 32 GDPR. The DPA seems to consider the authentication procedure itself as "processing" and therefore Article 32 GDPR applies79 KB (12,408 words) - 13:24, 13 December 2023
- AEPD (Spain) - PS/00173/2020 (category Article 5(1)(d) GDPR)defendant) for the infringement of the accuracy principle, as per Article 5(1)(d) of the GDPR. The decision is the consequence of a complaint submitted by another22 KB (3,424 words) - 14:06, 13 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "182 KB (13,463 words) - 17:03, 6 December 2023
- DSB (Austria) - 2020-0.816.655 (category Article 3 GDPR)pursuant to Article 14 - and not the right to information pursuant to Article 15 of the GDPR as alleged by the respondent - was alleged. However, Article 14 (1)28 KB (4,230 words) - 13:53, 12 May 2023
- HDPA (Greece) - 44/2019 (category Article 58(2)(d) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- BAC (Bulgaria) - 2606/2021 (category Article 58(2)(d) GDPR)CPDP issued NRA an order under Article 58(2)(d) supra Article 57(1)(a) and Article 83(2)(a), (c), (d), (f) and (g) of the GDPR for undertaking suitable technical13 KB (1,761 words) - 09:58, 14 December 2023
- AEPD (Spain) - EXP202103878 (category Article 17 GDPR)Articles 57(1) and 58(2) GDPR for the processing of personal data without the consent of the data subject, as foreseen in Article 6 GDPR. Firstly, the DPA found20 KB (3,035 words) - 10:33, 13 December 2023
- APD/GBA (Belgium) - 06/2019 (category Article 5(1)(c) GDPR)(e) and 13(2)(a) GDPR. Thus, it ordered the controller to comply with the GDPR. In addition it fined € 10,000 under Article 58(2)(i) GDPR for the violation20 KB (3,137 words) - 16:51, 12 December 2023
- ANSPDCP (Romania) - Vodafone România S.A. 3 (category Article 17 GDPR)responding to access and erasure requests in breach of Articles 12, 15, and 17 GDPR. The ANSPDCP conducted an investigation into Vodafone România S.A. and found3 KB (335 words) - 15:21, 13 December 2023
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 17(1)(b) GDPR)consent, is in violation of Article 17(1)(b) of the GDPR. 8. On the basis of Article 58, Paragraph 2, Point d) of the GDPR, the Authority instructs Customer140 KB (23,189 words) - 08:25, 20 February 2024
- Commissioner (Cyprus) - 11.17.001.010.007 (category Article 15(3) GDPR)intention to infringe either article 5(1)( c) or article 34(1) of the GDPR. Legal framework 8.1. Pursuant to Article 5(1)(c) of the GDPR “Personal Data shall be:20 KB (3,082 words) - 13:42, 31 January 2024
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- Garante per la protezione dei dati personali (Italy) - 9269618 (category Article 5(1)(f) GDPR)controller under the GDPR. The data controller did not process personal data with an appropriate level of security, as required by article 32, read in conjunction34 KB (4,967 words) - 15:46, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)based on Article 6.1.f) of the GDPR, but not for all processing based on this article. […] 73 74Investigation report, page 22, point 4.4.2.3.3. WP 260 rev82 KB (11,472 words) - 16:58, 6 December 2023
- AEPD (Spain) - EXP202206825 (category Article 6(1) GDPR)which we live. Said chalet consists of 3 separate rooms or “houses”. We live in one, in another C.C.C. and D.D.D., and in the last E.E.E.. B.B.B. He is31 KB (4,864 words) - 13:27, 13 December 2023
- DPC (Ireland) - IN-21-3-1 (category Article 17 GDPR)UC (the controller); an access request under Article 15 GDPR and an erasure request under Article 17 GDPR. Regarding the erasure request specifically,20 KB (3,069 words) - 18:48, 24 January 2023
- AEPD (Spain) - TD/00164/2020 (category Article 17 GDPR)articles 12.5 and 15.3 of the Regulation (EU) 2016/679 and in sections 3 and 4 of article 13 of this organic law. " FIFTH: Article 17 of the RGPD provides17 KB (2,571 words) - 14:51, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 38(3) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg56 KB (8,326 words) - 16:57, 6 December 2023
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)general data protectionArticle 5 (1) (a), Article 5 (2), Article 12 (1) and (4) ofArticle 14, Article 15 and Article 21 (4).1.3. The Authority condemns192 KB (30,170 words) - 10:11, 17 November 2023
- GHAL - 200.254.914 (category Article 17(1)(a) GDPR)referred to in this article for the processing of personal data in the context of its search function. 4.5 Subsequently, Article 17(1) of the GDPR grants the right20 KB (2,722 words) - 10:04, 14 December 2023
- AEPD (Spain) - PS/00475/2019 (category Article 17 GDPR)complainant as per Article 17 GDPR, as well as his/her right as a consumer to refuse unsolicited commercial phone calls, as per Article 21 GDPR in connection23 KB (3,481 words) - 14:42, 13 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)pursuant to Article 17(3)(a) of the GDPR, it is rightly that Google maintained it. 128 SEO No. 3. This referencing refers to an article on the RTL Info131 KB (22,429 words) - 16:57, 12 December 2023
- DSB (Austria) - D130.206/0006-DSB/2019 (category Article 3(3) GDPR)in line with Article 13 GDPR. On the DSB's request, the controller declared R*** Hotels GmbH as its representative under Article 27 GDPR and sent a reply40 KB (6,007 words) - 13:59, 12 May 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)for more details. Article 2: Material scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal data9 KB (1,251 words) - 12:15, 8 May 2023
- ANSPDCP (Romania) - S.C. Viva Credit IFN S.A. (category Article 12(3) GDPR)a violation of GDPR Art. 17 and Art. 12(3) & (4). The National Supervisory Authority found that there had been a violation of the GDPR and imposed a fine4 KB (565 words) - 15:20, 13 December 2023
- AEPD (Spain) - PS/00025/2019 (category Article 58(2)(d) GDPR)of article 6.1 of the RGPD, typified in article 83.5 of the RGPD, afine of 75,000 euros (seventy-five thousand euros).SECOND: Under article 58.2.d) of88 KB (14,301 words) - 13:48, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- AEPD (Spain) - PS/00135/2021 (category Article 6(1) GDPR)violated Article 6(1)GDPR, for processing personal data without a legal basis. Hence, the AEPD decided to fine Telefónica for the violation of Article 6(1)GDPR30 KB (4,631 words) - 13:00, 13 December 2023
- company "bieNNova" infringed Article 21 LSSI (Ley de Servicios de Sociedad de la Información y de Comercio Electronico). Article 21 establishes that it is14 KB (2,070 words) - 13:43, 13 December 2023
- AEPD (Spain) - EXP202203606 (category Article 17(1)(a) GDPR)However, the right for deletion could not be granted in accordance with Article 17 GDPR. Resolution No. R/00665/2022 is highlighted by a case concerning a claimant22 KB (3,264 words) - 13:29, 13 December 2023
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)the light of Article 13 of the AVG. In this respect, the Inspectorate refers to column 3 of the table below.3 Column 1 Column 2 Column 3 Privacy policy107 KB (17,697 words) - 16:52, 12 December 2023
- in the need for a confirmation of acceptance and identification (points 3.3 and 3.5.2 of the General Terms and Conditions for letters nationally and point28 KB (4,228 words) - 14:00, 12 May 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)II.3.3. Regarding the scope of Art. 44 ff GDPR: If the following three requirements are met, there is a transfer and Chapter V (Art. 44 ff) GDPR is applicable158 KB (26,392 words) - 08:25, 7 June 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)2, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3133 KB (21,944 words) - 15:59, 22 March 2022
- APD/GBA (Belgium) - 63/2020 (category Article 17 GDPR)volksgezondheid overeenkomstig artikel 9, lid 2, punten h) en i), en artikel 9, lid 3; d) met het oog op archivering in het algemeen belang, wetenschappelijk of historisch20 KB (2,982 words) - 17:00, 12 December 2023
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)the authority initiated proceedings for the alleged infringement of Article 5(1)(d) GDPR against the political party aforementioned. The Political party acknowledged26 KB (4,032 words) - 14:31, 13 December 2023
- AEPD (Spain) - PS/00151/2020 (category Article 5(1)(c) GDPR)specified period - article 58. 2 d) -. According to the provisions of article 83.2 of the RGPD, the measure provided for in article 58.2 d) of the aforementioned28 KB (4,525 words) - 14:06, 13 December 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(3) GDPR)that, due to the application of Article 17.3.b, the complainant cannot invokea reason provided for in article 17.1 or 17.2 for requesting the erasure of81 KB (13,211 words) - 16:59, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 17 GDPR)for erasure within the meaning of Article 17 of the General Data Protection Regulation? 3° Must Article 24 and Article 5(2) of the General Data Protection67 KB (10,544 words) - 09:24, 10 September 2021
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)obligations arising from article 12.3 and 4 of the GDPR (methods for exercising the data subject's rights) and Article 15.1.b) and c) 5 of the GDPR (right of access76 KB (11,147 words) - 16:58, 6 December 2023
- AEPD (Spain) - EXP202203914 (category Article 6(1) GDPR)third parties (article 83.2.k, of the GDPR in relation to article 76.2.b, of the LOPDGDD). The Judgment of the National Court of 10/17/2007 (rec. 63/2006)37 KB (5,914 words) - 10:42, 13 December 2023
- AEPD (Spain) - PS/00335/2020 (category Article 5(1)(f) GDPR)protocols. This therefore breached Article 5(1)(f) GDPR and Article 32 GDPR. The initial sanction for infringing Article 5(1)(f) was a fine of €5000 and the34 KB (5,427 words) - 14:30, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445180 (category Article 5(1)(a) GDPR)referred to in Article 10, paragraph 3, of Legislative Decree no. 150 of 1/9/2011 provided for the lodging of the appeal as indicated below (Article 166, paragraph34 KB (5,414 words) - 15:50, 6 December 2023
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)more details. Article 2: Substantive scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal9 KB (1,168 words) - 15:30, 6 December 2023
- HG Wien - 57 Cg 32/20m (category Article 5(1)(d) GDPR) (section Clause 3: Violation of the Transparency Principle under Article 5(1)(a) GDPR)based on a legitimate interest under Article 6(1)(f) GDPR, so that the principle of lawfulness under Article 5(1)(a) GDPR is violated. This is due to the fact24 KB (3,579 words) - 12:05, 7 July 2021
- NAIH (Hungary) - NAIH/2020/6484 (category Article 15(1)(d) GDPR)the general rule of Article 15 (1) (a), c) and d) of the GDPR by not giving substantive, specific answers to the request under Article 15 and by sharing27 KB (4,159 words) - 10:13, 17 November 2023
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)requests it. ". 26. Article D. 213-1 of the same code provides that "[t]he amount mentioned in article L. 213-1 is set at 120 euros" and article D. 213-2 provides56 KB (8,757 words) - 14:12, 28 February 2024
- AEPD (Spain) - TD/00044/2021 (category Article 17 GDPR)of these data (hereinafter, GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish22 KB (3,465 words) - 13:30, 13 December 2023
- AEPD (Spain) - PS/00423/2019 (category Article 13 GDPR)information under Article 13 GDPR is illegal. Consequently, the APED decided to issue a fine of €1.500 for the violation of Article 13 GDPR. Share your comments23 KB (3,636 words) - 14:38, 13 December 2023
- AEPD (Spain) - EXP202315744 (category Article 17 GDPR)accessible manner, with a clear and simple language. IV Right to erasure Article 17 of the GDPR, which regulates the right to deletion of personal data, establishes20 KB (3,052 words) - 08:17, 16 April 2024
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)processing operation; (d) where the processing is based on Article 6(1)(f), the legitimate interests (d) where the processing is based on Article 6(1)(f), the legitimate69 KB (11,315 words) - 13:30, 19 January 2022
- AEPD (Spain) - PS/00003/2020 (category Article 5(1)(c) GDPR)Claim of C.C.C. 2. Transfer of claim to PLAY ORENES, S.L. 3. Answer to the request of D.D.D. 4. Admission for processing to C.C.C. 5. E / 02186/2019 650 KB (7,524 words) - 13:44, 13 December 2023
- Helsingin hallinto-oikeus (Finland) - H6072/2021 (category Article 17(3)(a) GDPR)right of freedom of expression and information within the meaning of Article 17(3)(a) GDPR. The controller also stated that there were compelling legitimate61 KB (9,876 words) - 21:38, 24 March 2024
- AEPD (Spain) - TD/00013/2021 (category Article 17 GDPR)of these data (hereinafter, GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish19 KB (3,027 words) - 14:48, 13 December 2023
- DSB (Austria) - 2022-0.332.606 (redirect from DSB (Austria) - GZ: 2022-0.332.606 vom 8. Juni 2022 (Verfahrenszahl: DSB-D124.4108)) (category Article 2(2)(c) GDPR)case fell under the household exception found in Article 2(2)(c) GDPR. According to this provision, the GDPR does not apply to the processing of personal data21 KB (3,166 words) - 13:43, 12 May 2023
- NAIH (Hungary) - NAIH/2020/3479 (category Article 5(1)(d) GDPR)that the controller violated the principle of accuracy under Article 5 (1) (d) of the GDPR. Share your comments here! Share blogs or news articles here30 KB (4,563 words) - 10:12, 17 November 2023
- OGH - 6Ob35/21x (category Article 4(1) GDPR)constitute personal data under Article 4(1) GDPR? If so, do they qualify as special categories of personal data under Article 9 GDPR? Is the defendant obliged27 KB (4,090 words) - 09:54, 10 September 2021
- AEPD (Spain) - EXP202203996 (category Article 15 GDPR)for the health center established in article 17. The LOPD, in relation to articles 17, 18 and, especially article 15 of the LAP, recognizes a right of26 KB (4,017 words) - 12:37, 13 December 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 32(1)(d) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- AEPD (Spain) - TD/00277/2020 (category Article 17 GDPR)search the following urls: 1. *** URL.1 2. *** URL.2 3. *** URL.3 SECOND: In accordance with article 65.4 of the LOPDGDD, which has provided for a mechanism40 KB (6,518 words) - 13:29, 13 December 2023
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)imposition of measures, according to article 58.2 d) of the GDPR. Along with it and In accordance with article 58.2 of the GDPR, it was also indicated that the195 KB (30,495 words) - 12:40, 13 December 2023
- CNIL (France) - SAN-2020-056 (category Article 5(1)(d) GDPR)the one hand, the Ministry considers that the provisions of article 17.3(b) and (c) of the GDPR exclude the application of the right of erasure and, on the43 KB (6,847 words) - 17:11, 6 December 2023
- HDPA (Greece) - 9/2024 (category Article 5(1)(a) GDPR)technical nature –G. D.1, G.D.2, G.D.3 – or human when a manual call is made –G.D.4, G.E.7-). In the other cases it states the following: G.D.5-G.D.6: In these102 KB (17,186 words) - 13:46, 26 April 2024
- NAIH (Hungary) - NAIH/2020/32/4 (category Article 17 GDPR)right of access under Article 15 of the GDPR and the right to erasure (‘forgotten’) under Article 17 of the GDPR, Article 12 of the GDPR on measures to exercise75 KB (12,586 words) - 10:10, 17 November 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg81 KB (11,895 words) - 16:58, 6 December 2023
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)resume. 3 The Marktenhof states in point 4.7. of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and79 KB (12,260 words) - 17:00, 12 December 2023
- BVwG - W211 2210458-1/10 (category Article 2(1) GDPR)of the GDPR. To 2): c) Article 50b (2) DSG 2000 (for the period prior to 25 May 2018) (d) Article 13(3) DSG (for the period from 25 May 2018) To 3): c) Article92 KB (15,435 words) - 16:00, 22 March 2022
- AEPD (Spain) - EXP202204530 (category Article 6(1) GDPR)violation of article 6.1 of the RGPD, typified in article 83.5.a) of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 3/9 The proposed26 KB (3,971 words) - 13:26, 13 December 2023
- Norges Høyesterett - 2021-2403-A (category Article 4(11) GDPR)Privacy Regulation (GDPR) article 6 no. 1 letter f. GDPR applies according to the Personal Data Act § 1 as Norwegian law. Legelisten.no (3) Legelisten.no is46 KB (7,024 words) - 06:18, 6 March 2022
- Garante per la protezione dei dati personali (Italy) - 9795350 (category Article 5(1)(a) GDPR)required by Article 12 GDPR. The DPA clarified that the right of information and the right of access are distinct. An access request under Article 15 GDPR is not90 KB (14,651 words) - 08:07, 5 September 2022
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page82 KB (13,250 words) - 16:57, 12 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 28(3) GDPR)data breach and at least the data and measures referred to in Article 33(3)(b), (c) and (d). 3. The communication to the person concerned referred to in paragraph35 KB (5,526 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4431/161/21 (category Article 58(2)(d) GDPR)DPA held that the controller had violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to54 KB (8,279 words) - 13:53, 21 March 2024
- Personvernnemnda (Norway) - 2021-17 (20/02389) (category Article 17(1)(c) GDPR)legal basis for their processing in article 6(1)(f) GDPR. However, according to article 17(1)(c) and article 21(1) GDPR, upon receiving an erasure request45 KB (7,396 words) - 18:49, 5 March 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(1)(a) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose52 KB (7,520 words) - 13:13, 20 July 2021
- Tietosuojavaltuutetun toimisto (Finland) - 3846/157/2019 (category Article 17 GDPR)objected to direct marketing as per Article 21 GDPR and requested for their data to be deleted as per Article 17 GDPR. The Finnish DPA held that the controller4 KB (424 words) - 13:05, 3 March 2024
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)APPEAR: A D.D.D., for the violation of article 6 of the RGPD typified in article 83.5.a). REQUIRE: A D.D.D., in accordance with the provisions of article 58.247 KB (7,616 words) - 14:35, 13 December 2023
- AEPD (Spain) - PS/00483/2020 (category Article 5(1)(f) GDPR)confidentiality established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there32 KB (4,834 words) - 14:43, 13 December 2023
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)their rights'. 91. The rights referred to in Article 14(1)(c), (d) and (e) and in Article 14(2)(a), (b), (d) and (g) AVG such information shall not be required62 KB (10,509 words) - 16:58, 12 December 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)to [plaintiff] now that the court in para. 2.24. from the 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 final judgment (see paragraph 2.8 above) had already ruled103 KB (17,620 words) - 10:13, 29 November 2023
- UODO (Poland) - DKN.5130.1354.2020 (category Article 28(3)(h) GDPR)expressed in Article 5 (1 ) (a)) f, and reflected in the obligations set out in Article 24 (1), Article 25 (1), Article 32 (1 ) (b ) and (d) and Article 32 (2)74 KB (11,513 words) - 09:58, 17 November 2023
- AEPD (Spain) - EXP202105693 (category Article 6(1) GDPR)as well as the presentation d claim before the DGSFP and before this body for the same facts (article 83.2, a) of the GDPR). . - The activity of the claimed49 KB (7,579 words) - 13:15, 13 December 2023
- AEPD (Spain) - PS/00187/2020 (category Article 5(1)(f) GDPR)Madrid sedeagpd.gob.es 17/17 3. Violation of article 34 of the RGPD in relation to article 5.1.f) of the RGPD, typified in article 83.4.a) of the RGPD, with51 KB (7,770 words) - 14:08, 13 December 2023
- AEPD (Spain) - EXP202102088 (category Article 13 GDPR)claimed party, for the alleged infringement of article 13 of the RGPD, typified in article 83.5 of the GDPR. FIFTH: After the period granted for the formulation26 KB (3,881 words) - 13:35, 13 December 2023
- AEPD (Spain) - EXP202200999 (category Article 6(1) GDPR)processing is based on consent under Article 6(1)(a) GDPR, the consent must meet the requirements of, among others, Article 7 GDPR. The DPA observed deficiencies51 KB (7,867 words) - 13:10, 13 December 2023
- AEPD (Spain) - E/00113/2019 (category Article 17(1)(b) GDPR)lack of consent, he exercised his right to erasure according to Article 17(1)(b) GDPR. The AEPD found that the complainant had provided the FEDA with his27 KB (4,497 words) - 13:38, 13 December 2023
- OLG Frankfurt am Main - 13 U 206/20 (category Article 17(1) GDPR)relief against a controller according to Article 17(1) GDPR. The court found that the requirements of Article 17(1) GDPR were met and that the already issued44 KB (7,334 words) - 09:02, 17 March 2022
- Datatilsynet (Norway) - 20/02274 (category Article 17(1)(e) GDPR)fundamental principles of the GDPR, notably Article 5(1)(a) and (e) GDPR. The DPA found violations of various provisions of the GDPR. It held that the controller47 KB (7,661 words) - 18:54, 5 March 2022
- Commissioner (Cyprus) - 11.17.001.008.222 (category Article 12(3) GDPR)infringement of Article 12(3) GDPR, as explained above, under the provisions of Article 83 of the GDPR, I take into account the following mitigating (1-3) and aggravating16 KB (2,438 words) - 09:07, 9 June 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)and 13 GDPR? Is the information provided to data subjects throughout the subscription process in compliance with the provisions of Article 13 GDPR? Does48 KB (7,404 words) - 17:09, 6 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments60 KB (9,713 words) - 13:07, 26 March 2024
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 4 GDPR)administrative fine for the infringement of Article 6(1) or Article 6(1)(b) GDPR meet the requirements of Article 4(24) GDPR. 504. The EDPB decides that the relevant53 KB (8,413 words) - 14:10, 30 January 2023
- Datatilsynet (Norway) - 20/01626 (category Article 5(1)(a) GDPR)processing as per Article 5(1)(b), nor legal grounds as per Article 6. In sum, the DPA found that NIF had breached Article 5(1)(a), (c) and (f), Article 6, and Article50 KB (8,081 words) - 18:52, 5 March 2022
- UODO (Poland) - DKE.561.1.2020 (category Article 31 GDPR)and the Council in the context of Article 31, Article 58(1)(e) in conjunction with Article 83(1) to (3) and Article 83(5)(e) of Regulation 2016/679 of31 KB (5,101 words) - 09:52, 17 November 2023
- manner described above. D. From a legal point of view, it follows that D.1 The legal situation: D.1.1. infringement of Article 1(1) of the DSG 2000: A28 KB (3,418 words) - 13:49, 12 May 2023
- Garante per la protezione dei dati personali (Italy) - 9269629 (category Article 5(1)(f) GDPR)Consequently, based on Article 83(5)(a) GDPR, the hospital was fined to pay a fine of EUR 30.000,00 for violation of Article 5(1)(f) GDPR. Corrective measures38 KB (5,724 words) - 15:47, 6 December 2023
- APD/GBA (Belgium) - XX/2021 (category Article 17(1) GDPR)personal data under Article 17 GDPR. On 21 September 2021, the controller confirmed the deletion, as required by Article 12(3) and (4) GDPR. However, the complainant17 KB (2,189 words) - 12:34, 3 August 2022
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)implement 1See e.g. PVN 2019-09 2FOR-2018-07-02-1107. 3 Prop. 56 LS (2017-2018), point 31.3.3.3 4controlling measures in their business. Regulations on49 KB (7,646 words) - 07:56, 7 March 2022
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)to persons concerned by the GDPR, including the right to complaint (Article 77 of the GDPR - also recognized in Article 8.3. of the Charter of Rights Decision73 KB (11,238 words) - 16:59, 12 December 2023
- AEPD (Spain) - PS/00040/2020 (category Article 15 GDPR)provides a brief 08/09/2018 summary “sending a report on the claim presented by D.D.D., on behalf of A.A.A. on access to character data protected "The resolves38 KB (6,303 words) - 13:50, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/1111 (category Article 3(1) GDPR)ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of37 KB (5,919 words) - 08:54, 20 August 2021
- AEPD (Spain) - PS/00274/2020 (category Article 21 GDPR)Raise Marketing violated the data subject's right to object (Article 21 GDPR and Article 23 LOPDGDD). The DPA fined Raise Marketing €1500 for this violation16 KB (2,544 words) - 14:25, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9440075 (category Article 6(3) GDPR)art 5(1)(a)(c), art. 6(1)(c)(e), art. 6(2) and art. 6(3)(b) GDPR, and concluded that art. 73 of D. Lgs. 118/2011 imposed no obligation with regard to the27 KB (4,339 words) - 15:50, 6 December 2023
- UODO (Poland) - ZSPR.421.7.2019 (category Article 7(3) GDPR)connection with Article 5 paragraph 1 point a, Article 5 paragraph 2, Article 6 paragraph 1, Article 7 paragraph 3, Article 12 paragraph 2, Article 17 paragraph60 KB (9,815 words) - 10:02, 17 November 2023
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)authentication via a third service provider cannot constitute a breach of Article 6 of the GDPR when it implies that the personal data of the data subjects are not124 KB (18,772 words) - 17:01, 12 December 2023
- AEPD (Spain) - TD/00034/2020 (category Article 17(3) GDPR)articles 12.5 and 15.3 of the Regulation (EU)2016/679 and in the paragraphs 3 and 4 of article 13 of this organic law " FIFTH: Article 17 of the RGPD states17 KB (2,730 words) - 14:50, 13 December 2023
- Persónuvernd - 2020010678 (category Article 5(1) GDPR)violation of the GDPR? The Persónuvernd held that the processing was lawful for several reasons. Regarding the GDPR, it held that Article 6(1)(f) applied26 KB (4,135 words) - 09:59, 6 May 2021
- AEPD (Spain) - PS/00415/2019 (category Article 6(1) GDPR)regard to Article 83.2 (k) of the RGPD, the LOPDGDD, Article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k)22 KB (3,521 words) - 14:36, 13 December 2023
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)02/2021 - 14/26 3. Motifs 3.1 Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe96 KB (15,396 words) - 16:50, 12 December 2023
- AEPD (Spain) - PS/00139/2020 (category Article 5(1)(d) GDPR)violation of Article 5(1)(d) of the GPRS, in relation to Article 4(1) of the LOPDGDD, which governs the principle of accuracy of personal data. IV Article 72.120 KB (3,086 words) - 14:04, 13 December 2023
- HDPA (Greece) - 2/2023 (category Article 4(7) GDPR)protected by article 5 par. 1 item a) GDPR, in conjunction with Article 13 GDPR and b) directs a reprimand, according to article 58 par. 2 b) GDPR, to the complained31 KB (5,021 words) - 16:15, 18 July 2023
- AEPD (Spain) - PS/00129/2022 (category Article 83(5) GDPR)council for an infringement of Article 32 GDPR. The AEPD dropped the case due to the time limitations outlined in Article 72 and 73 LOGPD. The access to22 KB (3,420 words) - 12:59, 13 December 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR. The complainants are clients52 KB (8,603 words) - 16:55, 12 December 2023
- LG Essen - 6 O 190/21 (category Article 33 GDPR)violated Article 34(2) GDPR, because he only informed the data subject of the alleged data loss. However, the information obligations of Article 34 GDPR provide28 KB (4,596 words) - 18:30, 18 November 2021
- territorial application of the requirements set out in Article 82 of the Data Protection Act is set out in Article 3, paragraph I, of the same Act, which states:73 KB (11,864 words) - 17:03, 6 December 2023
- VG Regensburg - RN 9 K 19.1061 (category Article 2 GDPR)Fundamental Rights (Article 8 (1) in conjunction with Article 8 (3) CFR) is protected by Article 77 (1) GDPR in conjunction with Article 77 (1) CFR. Art.94 KB (15,537 words) - 09:09, 25 August 2020
- AEPD (Spain) - PS/00117/2022 (category Article 4(11) GDPR)6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 3/11 SECOND: In accordance with article 65.4 of Organic Law 3/2018, of 5 December, Protection of Personal Data30 KB (4,623 words) - 12:58, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445567 (category Article 5(1)(a) GDPR)pursuant to art. 10, paragraph 3, of d. lgs. n. 150 of 1/9/2011 envisaged for the submission of the appeal as indicated below (Article 166, paragraph 8, of the16 KB (2,471 words) - 15:51, 6 December 2023
- RvS - 202100789/1/A3 (category Article 17(3)(e) GDPR)in accordance with Article 5, paragraph 1, preamble and under b, of the GDPR. 4.4. Article 6, paragraph 1, opening words, of the GDPR stipulates that processing20 KB (2,965 words) - 12:52, 28 June 2023
- AEPD (Spain) - PS/00069/2020 (category Article 6(1)(a) GDPR)provided for in Article 46(1) of the referred to Law. Finally, it is pointed out that in accordance with the provisions of Article 90.3 a) of the LPACAP20 KB (3,066 words) - 13:55, 13 December 2023
- AEPD (Spain) - EXP202200367 (category Article 5(1)(a) GDPR)sedeagpd.gob.es 17/28 ANNEX 0 A.A.A. (hereinafter claimant 1). B.B.B. (hereinafter claimant 2). C.C.C. (hereinafter claimant 3). D.D.D. (hereinafter claimant57 KB (8,117 words) - 10:35, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861827 (category Article 17 GDPR)violated Article 12 GDPR, as it did not facilitate the data subject´s exercise of their rights, especially the right to erasure under Article 17 GDPR. In view87 KB (14,525 words) - 15:45, 6 December 2023
- GHDHA - C/09/574422 / HA RK 19-368 (category Article 1 GDPR)obligation (Article 4:32 § 1 Wft). Therefore, Article 6(1)(c) GDPR was relevant. However, the Court highlighted that the phrase "at least on" in Article 6(1)43 KB (7,297 words) - 12:26, 4 October 2021
- AEPD (Spain) - PS/00278/2020 (category Article 5(1)(a) GDPR)seen at the top, the name with which it appears is D.D.D., which initiates the conversation, stating D.D.D. who was in the village, had dinner with old men28 KB (4,592 words) - 14:25, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 9885/157/19 (category Article 58(2)(d) GDPR)subject's rights, such as the right to object according to Article 21 GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA ordered the controller to ensure that data21 KB (3,097 words) - 13:40, 12 January 2024
- APD/GBA (Belgium) - 24/2021 (category Article 7(3) GDPR)the basis of article 6.1 e) GDPR read together with articles 5.2 GDPR and 24.1 GDPR. 3) Violation of Articles 12.1, 12.6, 13.1 and 13.2 GDPR: the Inspection110 KB (18,238 words) - 16:56, 12 December 2023
- AEPD (Spain) - EXP202204881 (category Article 6(1) GDPR)the LPACAP, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On January 23, 2023, DIGI requests a55 KB (9,017 words) - 10:46, 13 December 2023
- NAIH (Hungary) - NAIH/2020/34/3 (category Article 83(2)(d) GDPR)right of access under Article 15 GDPR? By denying the complainant access, did the respondent infringe Articles 12(1) or 12(2) GDPR? The NAIH that the complainant's48 KB (7,727 words) - 10:11, 17 November 2023
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 12(5) GDPR)of the proceedings. 3.2. [applicant sub 1] et al bases the removal requests on Article 17 paragraph 1, under a, c and d, and Article 21 paragraph 1 of the34 KB (5,811 words) - 09:44, 8 December 2020
- CNIL (France) - SAN-2020-015 (category Article 32(1) GDPR)private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA29 KB (4,374 words) - 16:03, 19 January 2024
- Garante per la protezione dei dati personali (Italy) - 9435753 (category Article 58(2)(d) GDPR)address traceable to the customer. 3.3. Information to interested parties With reference to what is represented in point 2.3. above, the Company, following129 KB (21,020 words) - 15:49, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9698724 (category Article 5(1)(a) GDPR)Guarantor or to ask to be heard by the Authority (Article 166, paragraphs 6 and 7, of the Code; as well as Article 18, paragraph 1, of Law no. . 689 of 11/24/1981)83 KB (13,648 words) - 11:30, 16 August 2022
- AEPD (Spain) - PS/00057/2020 (category Article 7 GDPR)LGT, and the offenses typified in articles 38.3 c), d) and i) and38.4 d), g) and h) of Law 34/2002, of July 11, on services of the society of theinformation31 KB (4,757 words) - 13:52, 13 December 2023
- AZOP (Croatia) - Decision 29-06-2022 (Center for Social Welfare) (category Article 5 GDPR)process these data. Article 29 of the Croatian Labour Act and Article 5(4) of the Labour Law Rulebook (Official Gazette, no. 73/17) refer, among others17 KB (2,660 words) - 15:35, 30 October 2023
- Garante per la protezione dei dati personali (Italy) - 9852214 (category Article 5 GDPR)in particular of children was in breach of Article 5, Article 6, Article 8, Article 9, and Article 25 GDPR. Consequently, the DPA urgently imposed upon36 KB (5,598 words) - 10:15, 8 February 2023
- AEPD (Spain) - TD/00262/2019 (category Article 17 GDPR)articles 12.5 and 15.3 of the Regulation (UE)2016/679 and in the paragraphs 3 and 4 of article 13 of this organic law "FIFTH: The article 17 of the RGPD establishes17 KB (2,751 words) - 14:51, 13 December 2023
- AEPD (Spain) - EXP202202000 (category Article 17(3)(b) GDPR)information correctly published at the time. The DPA noted that under Article 17(3)(b) GDPR, personal data shall not be erased if their processing is necessary20 KB (3,107 words) - 10:49, 13 December 2023
- AEPD (Spain) - EXP202205820 (category Article 6 GDPR)according to article 4.1 of the GDPR, are a Personal data and its protection, therefore, is the subject of said Regulation. In the article 4.2 of the GDPR defines61 KB (9,700 words) - 13:21, 13 December 2023
- AEPD (Spain) - PS/00201/2019 (category Article 58(2)(d) GDPR)data had taken place, meaning GDPR obligations did not apply. Are these magnetic cards personal data within Article 4(1) GDPR? If so, did the MCP infringe54 KB (9,019 words) - 14:10, 13 December 2023
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- HDPA (Greece) - Opinion 2/2020 (category Article 35(1) GDPR)of Article 6(1)(e) GDPR -public interest and exercise of official authority vested in it, which falls within the exception of Article 9(2)(j) GDPR. It33 KB (5,266 words) - 15:32, 6 December 2023
- LG Feldkirch - 57 Cg 30/19b - 15 (category Article 9(1) GDPR)the GDPR, as the data falls under Article 9 GDPR and awarded € 800 in emotional damages. The Austrian Business Code cannot override Article 9 GDPR. There69 KB (11,077 words) - 16:48, 7 March 2022
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)arising from Article 15 of the GDPR. 3. On the breach relating to the obligation to respect the right of opposition (article 21 of the GDPR) 45. The rapporteur48 KB (7,525 words) - 17:02, 6 December 2023
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)violation of article 21 of the LSSICE, classified as serious in article 38.3.d) and c) of said rule, for the alleged infringement of article 48.1.b) of the287 KB (48,336 words) - 13:53, 13 December 2023
- HDPA (Greece) - 55/2021 (category Article 33 GDPR)measures to security of processing, in accordance with Article 32 GDPR, in connection with Article 24 GDPR, as the controller did not take into account the risks65 KB (10,533 words) - 10:28, 27 January 2022
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 28(3)(a) GDPR)reviewe the security of the data processed by the processor under Article 28(3)(a) and (h) GDPR. For these reasons, the responsibility of the security incident50 KB (8,001 words) - 15:52, 6 December 2023
- AEPD (Spain) - PS/00058/2020 (category Article 5(1)(f) GDPR)for the alleged violation of article 5.1f) of the RGPD in relation to the Article 5 of the LOPDGDD, typified in article 83.5 a) of the RGPD. C / Jorge28 KB (4,619 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00365/2019 (category Article 31 GDPR)infringement of Article 31 GDPR in conjunction with Article 58(1)(e) GDPR. The AEPD, therefore, agreed to impose a penalty of € 20000 under Article 83(5)(e) GDPR86 KB (14,295 words) - 14:32, 13 December 2023
- AEPD (Spain) - EXP202209001 (category Article 5(1)(c) GDPR)te, LPACAP), for the alleged violation of Article 5.1.c) of the RGPD, typified in the Article 83.5 of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid22 KB (3,303 words) - 13:28, 13 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 12(3) GDPR)period allotted to it to do so (Article 15.1 combined with Article 12.3. of GDPR as well as Article 12.2. of the GDPR (obligation to facilitate the exercise127 KB (21,484 words) - 17:01, 12 December 2023
- the publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that206 KB (30,485 words) - 09:54, 14 December 2023
- AEPD (Spain) - EXP202100639 (category Article 5(1)(c) GDPR)infringement of article 5.1.c) of the RGPD and article 13 of the RGPD, typified in Article 83.5 a) and b) of the GDPR. FIFTH: On 12/17/2021 the claimant32 KB (4,945 words) - 13:25, 13 December 2023
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)section 3.3 >>.<< 3.3. Informed manifestation of willThe GDPR reinforces the requirement that consent must be informed. In accordance with theArticle 5 of206 KB (32,869 words) - 14:36, 13 December 2023
- VDAI (Lithuania) - VDAI vs UAB Prime Leasing (category Article 32(1)(d) GDPR)data. Hence, it considered Article 32(1)(a), Article 32(1)(b), Article 32(1)(d) GDPR to be breached. Pursuant to Article 82(2) GDPR, the DPA took several aggravating37 KB (4,319 words) - 09:20, 17 November 2023
- AEPD (Spain) - EXP202211953 (category Article 5(1)(a) GDPR)adequate information under Article 13 GDPR, and for the processing of personal data in a manner contrary to Article 5(1)(a) of the GDPR. A data subject submitted85 KB (13,042 words) - 12:42, 13 December 2023
- GHAL - 200.266.445 (category Article 17 GDPR)concerning him based on Article 6 (1) (e) and (f) GDPR at any time for reasons related to his specific situation . Pursuant to Article 17, paragraph 1, preamble15 KB (2,380 words) - 13:35, 5 July 2022
- TGI Paris - N° 14/07224 (category Article 5(1)(d) GDPR)regarding - of article L.121-20-3 of the Consumer Code in its wording prior to the law of March 17, 2014 for all contracts, - of article R.132-1 / 4 ° &392 KB (67,730 words) - 15:27, 17 March 2022
- AEPD (Spain) - EXP202100897 (category Article 6(1) GDPR)basis for the processing (Article 21(1) GDPR). Finally, the DPA fined the controller €12,000 for a violation of Article 6(1) GDPR due to the lack of a valid72 KB (11,671 words) - 13:34, 13 December 2023
- HDPA (Greece) - 47/2022 (category Article 28(3) GDPR)data subject (Article 26 GDPR). The processing by the processor must, in accordance with the provisions of article 28 paragraph 3 of the GDPR, be governed25 KB (3,943 words) - 14:32, 28 September 2022
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)(see Article 19.2, Article 79.3 of the Basic Law) and ensures this protection also with regard to the Union Treaties (see Article 23.1 sentence 3 of the127 KB (21,367 words) - 16:00, 22 March 2022
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)DSGVO/BDSG , Article 15 paragraph 33; Schaffland/Holthaus in Schaffland/Wiltfang, GDPR, Article 15 GDPR paragraph 44; loc. A. Härting, CR 2019, 219). 136 (3) In97 KB (16,519 words) - 09:57, 22 February 2023
- Garante per la protezione dei dati personali (Italy) - 9451734 (category Article 6(3) GDPR)delegated to the Guarantor. In accordance with Article 78 of the Regulation, Article 152 of the Code and Article 10 of Legislative Decree no. 150/2011, it is24 KB (3,697 words) - 15:52, 6 December 2023
- AEPD (Spain) - PS/00433/2020 (category Article 58(2)(c) GDPR)authority ofcontrol pursuant to Article 58 (2), or failure to provide access in breachof article 58, paragraph 1. "Organic Law 3/2018, on the Protection of23 KB (3,592 words) - 14:40, 13 December 2023
- AEPD (Spain) - PS/00060/2020 (category Article 58(1)(a) GDPR)personal data under Article 15 GDPR? The Spanish DPA held that the airline company had not complied with the right to access in Article 15 GDPR when it refused23 KB (3,695 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00149/2020 (category Article 6 GDPR)LGT, and the offenses typified in articles 38.3 c), d) and i) and38.4 d), g) and h) of Law 34/2002, of July 11, on services of the society of theinformation19 KB (2,795 words) - 14:06, 13 December 2023
- AEPD (Spain) - EXP202202837 (category Article 6(1) GDPR)(Considering 40 GDPR), Article 6.1 of the GDPR is therefore applicable and not RD 1720/2007 used by the defendant. Thus, the aforementioned article 6.1 GDPR establishes58 KB (8,995 words) - 13:00, 13 December 2023
- AEPD (Spain) - PS/00085/2021 (category Article 6(1)(a) GDPR)for the alleged violation of article 6.1. GDPR typified in article 83.5.a) of the aforementioned RGPD. 1. APPOINT Mr. D.D.D. as instructor. and as secretary28 KB (4,350 words) - 13:57, 13 December 2023
- DVI (Latvia) - SIA "TET" (category Article 5(1)(d) GDPR)violation of Article 5(1)(a), (b), (d) and (e) GDPR. Furthermore, there was no legal basis for these processing operations under Article 6(1) GDPR. The DPA114 KB (17,942 words) - 15:46, 2 November 2022
- AEPD (Spain) - PS/00320/2020 (category Article 4(11) GDPR)of the respondent a violation of the GDPR? The AEPD held that the actions of the company violated Article 6 GDPR. According to the decision, acting as18 KB (2,736 words) - 14:28, 13 December 2023
- AEPD (Spain) - PS/00006/2022 (category Article 17 GDPR)violation of the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned54 KB (8,870 words) - 10:43, 13 December 2023
- AEPD (Spain) - PS/00183/2022 (category Article 5(1)(d) GDPR)right of rectification of Article 16 GDPR and Article 14 of LOPDGDD, the national data protection law, the DPA stated that Article 12(4) LOPDGDD obliges the63 KB (10,203 words) - 13:01, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 28(3) GDPR)by the GDPR, on the other, Article 28, paragraph 3 of the GDPR does not provide any indication regarding the obligation to conclude a deed of appointment49 KB (7,758 words) - 15:44, 6 December 2023
- APD/GBA (Belgium) - 33/2020 (category Article 12(3) GDPR)commit a breach of Article 12(3) GDPR? Did the controller fail to uphold its responsibilities under Article 24 GDPR? No lawful basis for processing: The39 KB (6,551 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)three years, which was in violation of Article 12(3) GDPR. The DPA also determined a violation of Article 17(1)(a) GDPR, because data subject's e-mail accounts59 KB (9,623 words) - 17:03, 6 December 2023
- Datatilsynet (Denmark) - 2019-41-0043 (category Article 13(2)(d) GDPR)monitoring in the service vehicles does not meet the requirements of Article 13 (1) (c) (2) (d) GDPR. Regarding the storage period, it appears that the collected26 KB (3,931 words) - 16:25, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 58(2)(d) GDPR)reasons the Italian DPA, with the power conferred by Article 58(2)(d) and (f) and Article 83(3) and (5) GDPR, imposed to Fastweb multiple corrective measures131 KB (21,014 words) - 15:55, 6 December 2023
- APD/GBA (Belgium) - 07/2021 (category Article 5(1) GDPR)infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been72 KB (11,208 words) - 16:51, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8040/163/2019 (category Article 58(2)(d) GDPR)and 5 (3) of Directive 2002/58, read in conjunction with Article 2 (h) of Directive 95/46 and Regulation 2016/679 4 Article 6 (11) and Article 6 (1) (a)29 KB (4,610 words) - 13:07, 3 March 2024
- DSB (Austria) - 2021-0.347.702 (redirect from DSB (Austria) - DSB-D124.3420) (category Article 6(1)(f) GDPR)or by a third party. The court used Article 9(2)(f) GDPR to interpret legitimate interests under Article 6(1)(f) GDPR as including the establishment, exercise25 KB (3,875 words) - 10:36, 11 January 2024
- Garante per la protezione dei dati personali (Italy) - 9685947 (category Article 28 GDPR)therefore lack the implementation of such adequate safeguards and violate Article 32 GDPR. In this regard, the controller has not received any communications115 KB (18,595 words) - 11:30, 16 August 2022
- 02-16-2023 Response to request from OPEN HOST SL 02-17-2023 NIC Diligence 02-17-2023 Diligence opennemas 02-17-2023 Inf. planned actions. 04-11-2023 Startup52 KB (7,564 words) - 12:41, 13 December 2023
- AKI (Estonia) - 2.1.-1/22/1396 (category Article 58(1)(d) GDPR)basis in line with Article 13(1)(d) GDPR. The DPA stated that it would impose a fine on the controller, pursuant to Article 58(2)(i) GDPR, if latter does34 KB (5,305 words) - 08:40, 29 June 2023
- Datatilsynet (Denmark) - 2019-431-0052 (category Article 4(11) GDPR)pursuant to Article 13 GDPR as well as to set a retention period for the personal data. Following an investigation conducted by the DPA on 17 January 202027 KB (4,300 words) - 16:36, 6 December 2023
- APD/GBA (Belgium) - 75/2023 (category Article 12(3) GDPR)paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the77 KB (11,604 words) - 08:55, 29 June 2023
- AEPD (Spain) - PS/00368/2020 (category Article 21 GDPR)company, Iberdrola Clientes, S.A.U for infringing Article 21 GDPR, Article 48(1)(b) LGT, and Article 23(4) LOPDGDD. The initial proposed fine was €1000021 KB (3,137 words) - 14:33, 13 December 2023
- AEPD (Spain) - PS/00450/2019 (category Article 5(1)(f) GDPR)as provided for in Article 46(1) of referred to Law. Finally, it is noted that in accordance with the provisions of Article 90.3 a) of the LPACAP, the17 KB (2,620 words) - 14:43, 13 December 2023
- VG Mainz - 1 K 584/19.MZ (category Article 9(1) GDPR)measures pursuant to Article 58 (2) (d) DSGVO were announced - this error would in any case have been remedied pursuant to Article 45 (1) no. 3 VwVfG by the fact58 KB (9,665 words) - 08:51, 25 November 2020
- AZOP (Croatia) - Decision 21-01-2022 (category Article 5(1)(a) GDPR)controller thus also violated Article 14 GDPR. However, the DPA did not use any of their corrective powers as listed in Article 58(2) GDPR. Share your comments18 KB (2,722 words) - 15:26, 30 October 2023
- AEPD (Spain) - PS/00205/2021 (category Article 6(1) GDPR)violation of article 6.1, typified in article 83.5 of the same legal text SECOND: APPOINT C.C.C. as instructor. and, as secretary, to D.D.D., indi- Whereas28 KB (4,527 words) - 12:35, 13 December 2023
- Datatilsynet (Norway) - 20/01865 (category Article 2 GDPR)under Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet19 KB (2,942 words) - 09:03, 14 September 2023
- AEPD (Spain) - PS/00402/2019 (category Article 6 GDPR)stop. Therefore, Mr D lodged a second complaint alleging the ongoing violation of Article 6 GDPR. The AEPD finds the violation of Article 6 quite apparent15 KB (2,327 words) - 14:34, 13 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)that a controller is allowed to reject a request to access under Article 12(5)(b) GDPR as "excessive" if the request's sole purpose is to verify the validity40 KB (6,325 words) - 16:12, 18 May 2022
- AEPD (Spain) - PS/00385/2020 (category Article 6(1)(a) GDPR)Claimant 3.- E / 11798/2019 B.B.B. - *** NIF.1 Claimant 4.- E / 05495/2020 C.C.C. - *** NIF.2 Claimant 5.- E / 06303/2020 D.D.D. - *** NIF.3 Claimant 655 KB (8,967 words) - 14:33, 13 December 2023
- HDPA (Greece) - 12/2022 (category Article 5(1)(a) GDPR)lawfulness, fairness and transparency under Article 5(1)(a) GDPR, and the principle of accountability under Article 5(2) GDPR. Additionally, the HDPA held that the46 KB (7,390 words) - 08:07, 1 April 2022
- AEPD (Spain) - PS/00200/2020 (category Article 6(1) GDPR)complaint - infringes Article 6(1) GDPR, by unlawfully processing the complainant's personal data, in relation to Article 5(1)(f) GDPR, which governs the30 KB (4,833 words) - 14:10, 13 December 2023
- AEPD (Spain) - EXP202208230 (category Article 28(3) GDPR)violation of article 28.2 typified in Article 83.4 a) GDPR. SIXTY THOUSAND EUROS (€60,000) for alleged violation of article 28.3 typified in Article 83.4 a)45 KB (6,904 words) - 13:12, 13 December 2023
- DSB (Austria) - D123.921/0005-DSB/2019 (category Article 12(3) GDPR)Information about the storage period (Art. 15 Para. 1 lit. d GDPR) According to Art. 15 para. 1 lit.d GDPR, there is a right to information about the planned duration42 KB (6,592 words) - 13:58, 12 May 2023
- AEPD (Spain) - EXP202204515 (category Article 6(1)(a) GDPR)on 12/10/2021, 12/17/2021 and 03/15/2021. The issuer is identified as YOIGO. SECOND: In accordance with article 65.4 of Organic Law 3/2018, of 5 December20 KB (3,159 words) - 13:20, 13 December 2023
- GHAL - 200.186.790/01 (category Article 6(1)(b) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- of the Italian Privacy Code (d. lgs. 30 giugno 2003, n. 196). Article 122 is a direct transposition of Article 5(3) of the Directive. The violation of57 KB (9,084 words) - 15:11, 13 July 2022
- DSB (Austria) - 2020-0.191.240 (category Article 4(1) GDPR)exception to the obligation to delete data pursuant to Article 17 (3) lit. c in conjunction with Article 9 (2) lit. i DSGVO, if this was necessary for the reasons66 KB (10,546 words) - 13:50, 12 May 2023
- AEPD (Spain) - TD/00261/2020 (category Article 12 GDPR)articles 12.5 and 15.3 of Regulation (EU) 2016/679 and in the sections 3 and 4 of article 13 of this organic law. " FIFTH: Article 15 of the RGPD provides23 KB (3,523 words) - 14:46, 13 December 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 35(3) GDPR)writing (cf. paragraphs 3 and 4 of article 28 of the GDPR), verification of the requirements set out in article 28 of the GDPR it must be substantive and163 KB (27,222 words) - 16:54, 6 December 2023
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)be regarded as a reasonable measure within the meaning of Article 5(1)(d) TFEU. of Article 5.1(d) of the AVG. - The Respondent cites that the judgment of90 KB (14,937 words) - 12:35, 3 August 2022
- Garante per la protezione dei dati personali (Italy) - 9524175 (category Article 28(3) GDPR)of art. 17 of the Regulation of the Guarantor no. 1/2019 are met. Pursuant to Article 78 of the Regulation, Article 152 of the Code and Article 10 of Legislative20 KB (3,133 words) - 15:53, 6 December 2023
- AEPD (Spain) - PS/00189/2020 (category Article 58(2) GDPR)authority with pursuant to article 58 (2), or failure to provide access in breach of article 58, Paragraph 1." Organic Law 3/2018, on Protection of Personal22 KB (3,343 words) - 14:08, 13 December 2023
- AEPD (Spain) - PS/00452/2019 (category Article 6(1)(a) GDPR)(hereinafter GPRD), an offense under Article 83(5)(a) of the GPRD and described as very serious in article 72.1. a) of Organic Law 3/2018 of 5 December, on Protection25 KB (4,037 words) - 14:55, 13 December 2023
- AEPD (Spain) - EXP202200429 (category Article 5(1)(c) GDPR)infringement of the GDPR, articles: -12 of the GDPR, in accordance with article 83.5.b) of the GDPR and 72.1.k) of the LOPDGDD, and -5.1.c) of the GDPR, in accordance56 KB (9,356 words) - 10:43, 13 December 2023
- DSB (Austria) - 2020-0.280.699 (redirect from DSB (Austria) - DSB-D124.720)subject's data under Article 6(1)(c) GDPR. Thus, the data subject was entitled to have the controller delete his personal data per Article 17(1)(d), which allows33 KB (5,254 words) - 13:33, 12 May 2023
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- APD/GBA (Belgium) - 73/2020 (category Article 5 GDPR)plain. The word "concise" in Article 12(1) GDPR, however, does not mean incomplete, all mandatory information from Article 13 GDPR must still be included. The93 KB (14,040 words) - 17:00, 12 December 2023
- AEPD (Spain) - PS/00502/2020 (category Article 21 GDPR)registered on the Robinson List in breach of Article 48(1)(b) LGT and Article 21 GDPR in conjunction with Article 23(4) LOPDGDD. Avilon Center SL made an voluntary23 KB (3,590 words) - 14:45, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9468523 (category Article 5(1) GDPR)2 and par. 3, lett. b), of the GDPR; as well as art. 2-ter, paragraphs 1 and 3, of the Code (see also the provision contained in Article 15, paragraph22 KB (3,488 words) - 15:52, 6 December 2023
- CNIL (France) - SAN-2021-003 (category Article 4(1) GDPR)data laid down by Article 4(1) and (2) GDPR. The DPA then quotes ECJ, 11 December 2014, Ryneš, case C-212/13 (point 22), EDPB Guidelines 3/2019 on processing39 KB (6,015 words) - 17:11, 6 December 2023
- AEPD (Spain) - PS/00034/2020 (category Article 5(1)(f) GDPR)the notice board of the neighbour’s community a violation of Article 5 (1) (f) GDPR? Article 9 of Ley de Propriedad Horizontal provides that: "If a summons18 KB (2,727 words) - 13:50, 13 December 2023
- AN - SAN 3073/2022 (category Article 5(1)(c) GDPR)union enshrined in Article 7 of the Spanish Constitution. Therefore, such processing would be lawful in accordance with Article 6(1) GDPR. Share your comments34 KB (5,374 words) - 14:21, 24 November 2022
- AEPD (Spain) - PS/00234/2020 (category Article 7 GDPR)AEPD concluded that the defendant could have breached Article 13 GDPR, Article 7 GDPR and Article 22(2) LSSI: there was no identification of the data controller47 KB (7,368 words) - 14:21, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)(1) (3) of the Personal Data Act (523/1999). 3. The Data Protection Regulation is the law directly applicable in the Member States. However, Article 6 (2)41 KB (6,555 words) - 08:37, 4 March 2024
- AEPD (Spain) - PS/00062/2020 (category Article 13 GDPR)specified period - article 58. 2 d) -. According to the provisions of article 83.2 of the RGPD, the measure provided for in article 58.2 d) of the aforementioned44 KB (7,162 words) - 13:53, 13 December 2023
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- CE - N° 430810 (category Article 6(1)(a) GDPR)application must be dismissed. D E C I D E : ---------- Article 1: The intervention of the PDU - What to choose is allowed. Article 2: The request of the company42 KB (6,800 words) - 09:50, 10 September 2021
- Garante per la protezione dei dati personali (Italy) - 9529527 (category Article 5(1)(f) GDPR)several violations of the GDPR. Firstly, the USL had not documented its processing activities as required by Article 30 GDPR, despite the two years between55 KB (8,833 words) - 15:54, 6 December 2023
- AEPD (Spain) - EXP202204631 (category Article 5(1)(f) GDPR)BACKGROUND FIRST: Ms. A.A.A., in the name and representation of D. B.B.B., D. C.C.C., D. D.D.D. and D.E.E.E. (hereinafter, the claimant), on March 16, 2022, filed36 KB (5,485 words) - 13:19, 13 December 2023
- AEPD (Spain) - EXP202202183 (category Article 6(1) GDPR)provided for in Article 15 GDPR and Article 13 LOPDGDD was exercised. Secondly, the DPA noted that a valid legal basis under Article 6(1) GDPR is required22 KB (3,432 words) - 12:37, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542155 (category Article 5(2) GDPR)of Bologna for violation of Articles 5(2)(f) and 9 GDPR. On the basis of Articles 58(2)(i) and 83 GDPR, the Garante imposed a fine of € 18 000 on the Local26 KB (4,162 words) - 15:54, 6 December 2023
- AEPD (Spain) - PS/00214/2022 (category Article 6(1) GDPR)legal bases of contract (Article 6(1)(b) GDPR), legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR) and determined that131 KB (20,916 words) - 12:38, 13 December 2023
- Persónuvernd (Island) - 2022020363 (category Article 28(3) GDPR)and thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing142 KB (22,881 words) - 12:42, 16 January 2024
- AEPD (Spain) - PS/00028/2020 (category Article 6 GDPR)NIF J10460640 , for aviolation of article 6 of the RGPD, typified in article 83.5 of the RGPD, in relation towith article 72.1 b) of the LOPDGDD, a fine of14 KB (2,075 words) - 13:48, 13 December 2023
- AEPD (Spain) - EXP202104875 (category Article 5(1)(f) GDPR)of the article 5.1.f) of the RGPD, infringement typified in its article 83.5.a) of the aforementioned regulation. IV. Article 83.5 a) of the GDPR, considers54 KB (8,451 words) - 13:35, 13 December 2023
- AEPD (Spain) - PS/00348/2020 (category Article 5(1)(a) GDPR)of article 6.1. of the RGPD typified in article 83.5.a) of the aforementioned RGPD. 2. APPOINT D. C.C.C. as instructor. and as secretary to Mrs. D.D.D38 KB (5,648 words) - 14:31, 13 December 2023
- AEPD (Spain) - PS/00141/2020 (category Article 6(1)(a) GDPR)Judiciales (JAVA). JAVA infringed Article 6(1)(a) GDPR by publishing illegal recordings on its website and also infringed Article 22(2) LSSI due to its cookie26 KB (4,150 words) - 14:05, 13 December 2023
- HDPA (Greece) - 29/2023 (category Article 12(3) GDPR)15(1)(a)-(h) GDPR. For these reasons, under Article 58 GDPR, the HDPA reprimanded the controller for violating Article 5(1)(c) GDPR and Article 15 GDPR. In addition21 KB (3,334 words) - 09:12, 25 October 2023
- AP (The Netherlands) - 10.12.2020 (locatefamily.com) (category Article 27(1) GDPR)personal data within the meaning of Article 4, opening words and (1) of the AVG. Based on Article 2, paragraph 1 and Article 3, paragraph 2, of the AVG, the38 KB (6,339 words) - 17:14, 12 December 2023
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On October 13, 2022, DIGI requests the49 KB (7,973 words) - 13:25, 13 December 2023
- CE - N° 433311 (category Article 5(1)(e) GDPR)tending to the application of Article L. 761-1 of the Code of Administrative Justice. D E C I D E S : -------------- Article 1: The request of the company18 KB (2,677 words) - 09:50, 10 September 2021
- AEPD (Spain) - PS/00308/2020 (category Article 5(1)(a) GDPR)third party, breach Article 6(1) GDPR? The Spanish DPA (AEPD) referred to the principle of lawfulness, fairness and transparency (Article 5(1)(a)), as well25 KB (4,016 words) - 14:27, 13 December 2023
- AEPD (Spain) - PS/00014/2020 (category Article 6(1) GDPR)violation of article 6 of the RGPD, typified in article 83.5 of the RGPD. C / Jorge Juan, 6 28001 - Madrid www.aepd.es sedeagpd.gob.es 3/8 FOURTH: Once21 KB (3,441 words) - 13:46, 13 December 2023
- HDPA (Greece) - 12/2024 (category Article 17 GDPR)according to which data subjects may request delisting as under Article 17.1 GDPR. 30. The GDPR therefore changes the burden of proof, providing a presumption37 KB (5,933 words) - 16:53, 19 April 2024
- AEPD (Spain) - PS/00155/2021 (category Article 58(1) GDPR)sanction Vodafone in accordance with Article 83(5)(e) GDPR, for the non-compliance with an order pursuant to Article 58(1) GDPR. For this infringement, the AEPD20 KB (2,992 words) - 13:30, 13 December 2023
- Persónuvernd (Iceland) - 2020061951 (category Article 5(1) GDPR)in Section I.3.2. Then the agency sent s.d. letter to the Science Ethics Committee and requested the explanations listed in section I.3.1.3.1.Replies of44 KB (7,044 words) - 08:42, 13 December 2021
- AEPD (Spain) - EXP202205791 (category Article 17 GDPR)observations. Firstly, the right to be forgotten can be found in Article 17 GDPR and Article 93 of the LOPDGDD, the Spanish data protection law. It establishes29 KB (4,648 words) - 12:38, 13 December 2023
- AEPD (Spain) - EXP202206302 (category Article 6 GDPR)sanctioning procedure, under Article 83(5)(a) of the GDPR, against AAA on 21 December 2022, due to a infringement of Article 6. AAA was the father of the28 KB (4,608 words) - 13:27, 13 December 2023
- Personvernnemnda (Norway) - PVN-2023-04 (category Article 16 GDPR)data according with Article 16 GDPR as the information was not per se incorrect and thus the first condition under Article 16 GDPR was not met. Given that18 KB (2,845 words) - 10:07, 17 November 2023
- Gerechtshof Amsterdam - 200.251.466/01 (category Article 21 GDPR)proceedings. 3.6.3. There is no dispute between the parties that the credit registration is based on article 4:32 Wft. This article implements Article 8 of Directive19 KB (3,021 words) - 15:48, 15 March 2022
- AEPD (Spain) - PS/00200/2019 (category Article 5(1)(f) GDPR)for a violation of Article 5.1.f) of the RGPD, in relation to ArticleC / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 3 3/55 of the LOPDGDD14 KB (2,163 words) - 14:10, 13 December 2023
- AEPD (Spain) - PS/00379/2019 (category Article 6 GDPR)an alleged violation of article 6 of the GDPR typified as an infringement of basic principles for processing in article 83.5 GDPR. In determining the amount26 KB (4,235 words) - 14:33, 13 December 2023
- Personvernnemnda (Norway) - 2021-05 (20/02912) (category Article 17(1)(c) GDPR)decided under Article 17(1)(c), it is not obvious how it reflects the standards for deletion/delisting under those articles in the GDPR, as opposed to26 KB (4,299 words) - 18:49, 5 March 2022
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 4 GDPR)accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently144 KB (23,155 words) - 15:46, 6 December 2023
- AEPD (Spain) - EXP202206542 (category Article 5(1) GDPR)NIF ***NIF.1, in accordance with article 58.2.d) of the GDPR, for a violation of article 13 of the GDPR typified in article 83.5.b) of the aforementioned24 KB (3,749 words) - 13:19, 13 December 2023
- AEPD (Spain) - PS/00180/2020 (category Article 13 GDPR)the LGT, and the offenses typified in articles 38.3 c), d) and i) and38.4 d), g) and h) of Law 34/2002, of July 11, on services of the company of theinformation38 KB (5,879 words) - 14:07, 13 December 2023
- CNPD (Luxembourg) - Délibération n°37FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg26 KB (3,862 words) - 17:41, 25 June 2022
- AEPD (Spain) - PS/00235/2019 (category Article 6(1)(a) GDPR)twenty thousand euros), under¬ Article 6.1 (a) and Article 5.1 (a) of the GDPR, under consideration as ‘very serious’, in¬ Article 71 (1) (a) and (b), respectively24 KB (4,074 words) - 14:21, 13 December 2023
- where, after a data subject makes a complaint under section 165 or Article 77 of the GDPR, the Commissioner- (a) fails to take appropriate steps to respond12 KB (1,722 words) - 14:39, 21 December 2023
- AEPD (Spain) - PS/00075/2020 (category Article 6(1)(a) GDPR)sanction is imposed for violation of Article 6.1.a) of the GDPR of 3,000 euros. VIII Infringement of Article 13 of the GDPR The facts claimed also provide evidence31 KB (4,909 words) - 13:56, 13 December 2023
- Datatilsynet (Norway) - 20/04401 (category Article 6(1) GDPR)legal action basis, cf. the Privacy Ordinance Article 6 No. 1 letter f. 2. Pursuant to Article 58 (2) (d) of the Privacy Regulation, the EAS / Elektro40 KB (5,988 words) - 19:04, 5 March 2022
- AEPD (Spain) - PS/00324/2020 (category Article 5(1)(f) GDPR)criteria stated in Article 83(5)(a) GDPR. In imposing the fine, the AEPD factored in accordance with Article 83(2) GDPR and Article 76 LOPDGDD the following25 KB (3,670 words) - 14:28, 13 December 2023
- AZOP (Croatia) - Decision 30-12-2021 (category Article 5(1)(a) GDPR)had a legal basis under Article 6(1) GDPR to publish the data subject’s personal data, and did not violate Article 5(1)(a) GDPR. In the decision, the Croatian16 KB (2,411 words) - 15:44, 30 October 2023
- Datatilsynet (Denmark) - 2019-441-3399 (category Article 32 GDPR)processed in accordance with Article 32 (2) of the Regulation. 2nd 3.3. Article 33 (1) of the Data Protection Regulation 1 and Article 34 (1). 1 The Data Inspectorate27 KB (4,231 words) - 16:38, 6 December 2023
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)complaint lodged under Article 77 of the GDPR, or proceedings based on Article 78(1) of the GDPR, is not precluded by the GDPR or any other provision of59 KB (8,242 words) - 10:47, 17 March 2021
- Personvernnemnda (Norway) - 2021-03 (category Article 5(1)(a) GDPR)Ordinance Article 6 No. 1 letter f, for failure to assess protests, cf. Article 21, and for lack of information, cf. Article 13. 2. Pursuant to Article 58 (2)25 KB (4,046 words) - 18:37, 5 March 2022
- AEPD (Spain) - PS/00079/2020 (category Article 6(1) GDPR)of Article 6(1) GDPR? The Spanish DPA held that the documentation in the file provides evidence that G.L.P. Instalaciones 86, S.L violated Article 6(1)20 KB (3,301 words) - 13:57, 13 December 2023
- AEPD (Spain) - PS/00262/2020 (category Article 5(2) GDPR)Spanish DPA (AEPD) fined XFERA MÓVILES, S.A. €40000 for violating Article 6(1) GDPR by illegally processing personal data of the claimants in a fraudulent22 KB (3,293 words) - 14:23, 13 December 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)accordance with Article 60(3) GDPR. Ten DPAs (AT, DE, ES, FI, FR, HU, IT, NL, NO, SE) raised objections, in accordance with Article 60(4) GDPR, to the Draft468 KB (51,340 words) - 14:10, 30 January 2023
- AEPD (Spain) - PS/00182/2020 (category Article 6(1) GDPR)parties (article 83.2.k, of the RGPD in relation to article 76.2.b, of the LOPDGDD). The balance of the circumstances contemplated in article 83.2 of the21 KB (3,154 words) - 14:07, 13 December 2023
- AEPD (Spain) - PS/00209/2019 (category Article 57(1) GDPR)act, as provided for in Article 46 (1) of the aforementioned Law. Finally, it should be noted that, in accordance with Article 90.3 (a) of the LPACAP, the26 KB (4,212 words) - 14:10, 13 December 2023
- AEPD (Spain) - EXP202306257 (category Article 44 GDPR)EDREAMS, S.L. was ordered for a violation of the Article 44 of the GDPR, typified in Article 83.5 of the GDPR, adapt the activity of data processing carried83 KB (12,999 words) - 15:30, 6 March 2024
- AEPD (Spain) - PS/00093/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD, as defined in Article 83.5 of the RGPD, following the application of Article 85(1) and (3) of LPACAP, a fine37 KB (5,995 words) - 13:58, 13 December 2023
- CE - N° 429571 (category Article 6(1)(a) GDPR) (section On the CNIL's competence to interpret Article 6 GDPR)personal data (Article 9 GDPR)? Does the data controller have a legitimate interest to process credit card data of recurring purchasers under Article 6(1)(f)19 KB (2,790 words) - 09:50, 10 September 2021
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)controller for the purposes of Article 4(7) GDPR, and Company A was the processor for the purposes of Article 4(8) GDPR. The DPA found that both Companies55 KB (9,079 words) - 16:57, 6 December 2023
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)are subject to the GDPR pursuant to Article 3(2)(a) of this Regulation. B. On the competence of the CNIL 22. Article 55(1) of the GDPR provides that "each59 KB (9,566 words) - 17:03, 6 December 2023
- AZOP (Croatia) - Decision 04-08-2022 (category Article 6 GDPR)legitimate interests under Article 6(1)(f) GDPR, they must still comply with data protection principles under Article 5 GDPR. In Croatia, many employers11 KB (1,655 words) - 13:32, 31 October 2023
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include440 KB (73,154 words) - 09:44, 12 May 2021
- AEPD (Spain) - PS/00054/2021 (category Article 32(1) GDPR)infringement of article 32.1 of the RGPD, typified in article 83.4.a) of the RGPD, a fine of € 3,000 (three thousand euros), in accordance with article 73.g) of27 KB (3,993 words) - 13:52, 13 December 2023
- basis under Article 6 GDPR to collect and process vehicle registration numbers. The legal basis is a statutory obligation prescribed by Article 229 of the16 KB (2,404 words) - 15:46, 30 October 2023
- OLG Köln - 20 U 295/21 (category Article 15(3) GDPR)found that the right to a copy under Article 15(3) GDPR is independent from the right to access under Article 15(1) GDPR and is to be construed extensively42 KB (6,689 words) - 08:30, 21 November 2022
- AKI (Estonia) - 2.1.-1/23/2891-5 (category Article 6(1)(a) GDPR)it was not possible to rely on Article 6(1)(a) GDPR. Secondly, the DPA recalled that, according to Article 6(1)(f) GDPR, processing of personal data on23 KB (3,657 words) - 11:23, 17 April 2024
- AEPD (Spain) - EXP202104917 (category Article 4(11) GDPR)valid consent under Article 4(11) GDPR and Article 6(1) LOPDGDD (National data protection law aimed at the implementation of the GDPR). In both articles27 KB (4,356 words) - 12:41, 13 December 2023
- AEPD (Spain) - EXP202103039 (category Article 13 GDPR)pursuant to Article 13 GDPR. In the present case, the controller omitted this obligation. The DPA therefore held that the controller violated Article 13 GDPR22 KB (3,385 words) - 13:35, 13 December 2023
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)to criminal investigations, pursuant to Article 2(2)(d) GDPR. The second problem was the fact that Article 9 GDPR prohibited the processing of genetic and110 KB (18,000 words) - 08:01, 5 June 2023
- CNIL (France) - SAN-2020-018 (category Article 15(3) GDPR) (section Violations of the obligations to inform as prescribed by Article 12 and 13 GDPR:)in violation of Article 13 GDPR. The questionnaire to subscribe to Nestor did not include all the information required by Article 13 GDPR: there was no information69 KB (11,007 words) - 17:10, 6 December 2023
- AP (The Netherlands) - 24.03.2020 (category Article 4(15) GDPR)volition investigation into CP&A's compliance with Article 9, as well as Article 32 GDPR. Since Article 9 GDPR prohibits the processing of special categories48 KB (7,461 words) - 17:04, 12 December 2023
- AEPD (Spain) - PS/00425/2019 (category Article 5(1)(f) GDPR)of an infringement of Article 5 (1) (f) of the GDPR under (74345679) (f) of the GDPR, as set out in Article 83 (5) (a) of the GDPR. SECOND: To notify this14 KB (2,140 words) - 14:39, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9538748 (category Article 5(1)(f) GDPR)pursuant to Article 58, paragraph 2, of the Regulation, with this measure. Pursuant to Article 78 of the Regulation, Article 152 of the Code and Article 10 of24 KB (3,672 words) - 15:54, 6 December 2023
- AEPD (Spain) - PS/00273/2019 (category Article 5(1)(c) GDPR)a specified period - Article 58. 2 d)-. In accordance with Article 83(2) of the RGPD, the measure provided for in Article 58(2)(d) of that Regulation is16 KB (2,359 words) - 14:24, 13 December 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)purpose limitation in accordance with Article 5 Paragraph 1 Letter b GDPR (Paal/Pauly/Paal, 3rd edition 2021, GDPR Article 15 Rn. 24). The plaintiff has a right32 KB (5,093 words) - 16:07, 11 September 2022
- APD/GBA (Belgium) - 05/2021 (category Article 5(1)(f) GDPR)of 25,000 euros (Article 83, paragraph 2 GDPR; Article 100, §1, 13 ° WOG and Article 101 WOG). 18 55. Taking into account article 83 GDPR and the case law60 KB (9,281 words) - 16:50, 12 December 2023
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(3) GDPR)related to in-game chat messages. 3. Reasons for the decision of the DPA 3.1. It follows from Article 15 of the GDPR that the data subject has the right26 KB (3,820 words) - 16:22, 6 December 2023
- UODO (Poland) - ZSOŚS.421.25.2019 (category Article 30(1)(d) GDPR)protection policy at the University. In the remaining scope, i.e. in point 3.3.16, 3.3.19 above analysis, the University indicated that the analysis clearly156 KB (25,012 words) - 10:01, 17 November 2023
- AEPD (Spain) - EXP202200439 (category Article 6(1) GDPR)constitutes sensitive data within the meaning of Article 9 GDPR. The DPA alluded to Article 9(1) GDPR which prohibits the processing of these special categories36 KB (5,608 words) - 13:01, 13 December 2023
- AEPD (Spain) - PS/00406/2020 (category Article 6(1)(f) GDPR)violation of article 6.1. f) of the RGPD, in relation with article 20.1 c) of the LOPDGDD, typified in article 83.5.a) of the cited GDPR That by writing36 KB (5,582 words) - 14:35, 13 December 2023
- BVwG - W211 2230221-1 (category Article 15(1)(c) GDPR)These findings are not in dispute. 3. Legal assessment: To A) 3.1. According to § 38 AVG, which according to § 17 VwGVG is to be applied accordingly in19 KB (2,825 words) - 09:42, 26 November 2021
- AEPD (Spain) - PS/00332/2020 (category Article 7 GDPR)The Spanish DPA (AEPD) fined Borjamotor, S.A. for infringing Article 7 GDPR and Article Article 21(1) of the Spanish Law on Information Society Services (LSSI)45 KB (6,853 words) - 14:29, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3831/161/21 (category Article 58(2)(d) GDPR)Finnish DPA found a retail chain to have breached Article 5(1)(e) GDPR, Article 25(1) GDPR and Article 25(2) GDPR for its lengthy storage of purchase behaviour61 KB (9,477 words) - 13:38, 12 January 2024
- AEPD (Spain) - PS/00464/2020 (category Article 32(1) GDPR)such data. 3. Adherence to a code of conduct approved in accordance with article 40 or to a certification mechanism approved under article 42 may serve29 KB (4,300 words) - 14:41, 13 December 2023
- AEPD (Spain) - PS/00280/2022 (category Article 28(3) GDPR)subjects and the obligations and rights of the controller'), as per Article 28(3) GDPR, was lacking. Additionally, the DPA highlighted that such contract30 KB (4,551 words) - 11:51, 9 February 2023
- AEPD (Spain) - PS/00132/2020 (category Article 6(1) GDPR)paragraph k) of Article 83.2 of the RGPD, the LOPDGDD, Article 76, "Sanctions and corrective measures", it provides: "In accordance with Article 83(2)(k) of24 KB (3,939 words) - 14:03, 13 December 2023
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- AEPD (Spain) - PS/00113/2019 (category Article 5(1)(a) GDPR)the defendant for an infringement of Article 5(1)(a) GDPR a warning penalty in accordance with Article 58(2)(b) GDPR. Share your comments here! Share blogs23 KB (3,836 words) - 14:01, 13 December 2023
- AEPD (Spain) - EXP202309109 (category Article 5(1)(c) GDPR)purposes and means of such activity, by virtue of article 4.7 of the GDPR. For its part, article 5.1.c) of the GDPR regulates the “principles relating to processing”18 KB (2,733 words) - 13:18, 13 December 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)data, recorded in copies Article 6 (1) of the GDPR and, in the case of health data, Article 9 of the GDPR. Article 1 (1); (3) did not provide clear and72 KB (11,159 words) - 10:09, 17 November 2023
- AEPD (Spain) - PS/00148/2019 (category Article 6 GDPR)minutes 3:11:51 and 3:11:57; The video (2) NUM001, between minutes 3:12:06 and 3:12:28; The video (3) NUM002, between the minutes 3:12:54 and 3:13:04; The48 KB (7,550 words) - 14:05, 13 December 2023
- AEPD (Spain) - PS/00287/2020 (category Article 5(1)(f) GDPR)confidentiality established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there32 KB (4,837 words) - 14:26, 13 December 2023
- AEPD (Spain) - PS/00227/2020 (category Article 6(1) GDPR)Articles 6 and 13 GDPR? The AEPD decided to impose, for infringement of Article 6 GDPR, a fine of € 10000 and, for infringement of Article 13 GDPR, a fine of46 KB (7,230 words) - 14:20, 13 December 2023
- APD/GBA (Belgium) - 19/2020 (category Article 5(1)(b) GDPR)1 f) GDPR) (and the obligations arising from it – Article 32 GDPR) and the principle of purpose (Article 5 § 1 b) GDPR) which the principle of security39 KB (6,246 words) - 16:55, 12 December 2023
- Rb. Den Haag - C/09/581973/KG ZA 19/1024 (category Article 82 GDPR)pursuant to Article 12(3) of the AVG. If, as in this case, such a decision is taken by an administrative body, then, pursuant to Article 34 of the GDPR Implementing20 KB (3,086 words) - 16:15, 10 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 7285/183/18 (category Article 5(1)(a) GDPR)fairness of processing (Article 5(1)(a) GDPR), data minimisation (Article 5(1)(c) GDPR), and data protection by default (Article 25(2) GDPR). The DPA suggested73 KB (11,237 words) - 05:34, 21 July 2022
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)force of the GDPR, the controller also sent him a separate revocation letter referring to the operational reasons under Article 38(3) GDPR, second sentence40 KB (6,019 words) - 14:13, 28 November 2023
- Court of Appeal of Brussels - 2021/AR/163 (redirect from Cour d'appel de Bruxelles - 2021/AR/163) (category Article 83 GDPR)(articles 12 and 14 of the GDPR); A breach of his right of access (article 15 of the GDPR); A breach of Article 28 of the GDPR with regard to its status72 KB (11,389 words) - 08:59, 20 August 2021
- AEPD (Spain) - EXP202202889 (category Article 12 GDPR)with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the GDPR; and in article 47 of the LOPDGDD. SECOND: In accordance20 KB (3,077 words) - 10:46, 13 December 2023
- AEPD (Spain) - PS/00116/2020 (category Article 13 GDPR)cookies, as per Article 22(2) Spanish Law on Information Society Services (LSSI). This law regulates cookies, connected to Article 13 GDPR. The decision16 KB (2,380 words) - 14:01, 13 December 2023
- AEPD (Spain) - PS/00477/2019 (category Article 6 GDPR)es Page 17 17/177 Article 6 of the RGPD, typified in Article 83.5.a) of the aforementioned Regulation; and for the alleged violation of article 22 of the566 KB (93,179 words) - 13:43, 13 December 2023
- APD/GBA (Belgium) - 03/2021 (category Article 5(1)(b) GDPR)account of the defendant (Article 6.1. f) GDPR). The other legal grounds included in Article 6.1. points a), b), c), d) and e) GDPR are in present case not32 KB (4,880 words) - 16:50, 12 December 2023
- Council of State - 251.378 (category Article 28(3) GDPR)ruling and the GDPR; breach of Article 28 GDPR (the choice of a the processor does not provide sufficient guarantees); breach of Article 32 GDPR (lack of appropriate40 KB (6,324 words) - 15:34, 1 September 2021
- Norway, and not the GDPR. The DPA does, however, refer to corresponding Articles in the GDPR: Articles 5(1)(b) and (c), as well as Article 17. Share blogs or43 KB (6,983 words) - 09:09, 21 August 2022
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.00085 KB (12,340 words) - 15:30, 19 August 2022
- AEPD (Spain) - PS/00291/2019 (category Article 6(1)(a) GDPR)virtue of the powers that Article 58.2 of the RGPD grants to each control authority, and as established in Article 47 of Organic Law 3/2018, of December 5,33 KB (5,396 words) - 14:26, 13 December 2023
- AEPD (Spain) - PS/00245/2019 (category Article 5(1)(a) GDPR)Articles 5(1)(a) GDPR and 13 GDPR. On the other hand, they disagreed with the infringement of Article 5(1)(a) GDPR in relation to Article 9(1) GDPR with regard116 KB (18,941 words) - 14:21, 13 December 2023
- CNIL (France) - SAN-2020-008 (category Article 17 GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include457 KB (75,575 words) - 09:36, 12 May 2021
- Theodorou Ltd v. Republic of Cyprus (2009) 3 A.A.D. 577) »In the Bakery A. Theodorou Ltd v. Democracy (2009 ) 3 Α.Α.Δ. 577, a report was made with approval22 KB (3,496 words) - 12:08, 17 February 2022
- APD/GBA (Belgium) - 10/2019 (category Article 5(1)(b) GDPR)logically been taken up in Article 5(1)(b) of the GDPR under the Principles relating to the processing of personal data (Chapter II). Article 5(1)(b) of the RGPD32 KB (5,190 words) - 16:51, 12 December 2023
- Rb. Gelderland - AWB - 18 3073 (category Article 6 GDPR)Baan Centre. (hereinafter: SPC) a claim for compensation as referred to in Article 49, first and second paragraphs of the Personal Data Protection Act (Wbp)10 KB (1,424 words) - 12:09, 9 May 2022
- APDCAT (Catalonia) - PS 49/2019 (category Article 5(1)(a) GDPR)out by the school). Article 9 GDPR, for having processed biometric data without any valid ground from Article 9(2). Article 13 GDPR, for not having informed38 KB (5,760 words) - 08:26, 8 September 2021
- Garante per la protezione dei dati personali (Italy) - 9861249 (category Article 5(1)(a) GDPR)should have applied Article 35 GDPR. In light of the above, the Italian DPA used its corrective powers under Article 58(2)(c) and 83 GDPR and fined the controller87 KB (14,104 words) - 15:45, 6 December 2023
- AEPD (Spain) - PS/00279/2020 (category Article 6 GDPR)for the violation of Article 6 GDPR and € 4 000 for the violation of article 13, under the power conferred by Article 83(5) GDPR. Share your comments here21 KB (3,123 words) - 14:25, 13 December 2023
- AEPD (Spain) - PS/00114/2019 (category Article 6(1) GDPR)of service? -Yes -Okay, the recording is here. >> 3.-Regarding the test requested from TDE in point 3.3. of the written notification of evidence that consisted60 KB (10,197 words) - 14:01, 13 December 2023
- AEPD (Spain) - PS/00351/2019 (category Article 58(2)(c) GDPR)regard to Article 83 (2) (k) of the GDPR, Article 76 of the GDPR, ‘Sanctions and remedial measures’, provides: ‘2. In accordance with Article 83 (2) (k)17 KB (2,739 words) - 14:31, 13 December 2023
- HDPA (Greece) - 25/2022 (category Article 5(1)(a) GDPR)according to Article 21 paragraph 2 , d) the personal data were processed unlawfully…”. 3. In addition, according to article 4 par. 2 of the GDPR as processing48 KB (7,803 words) - 13:29, 11 October 2022
- DSB (Austria) - 2020-0.743.659 (category Article 4(15) GDPR)permission in Article 6 (1) (c) GDPR and argues that it is the Viennese in accordance with Article 5 (3) of the EpiG in conjunction with Article 1 (2) (e)50 KB (8,015 words) - 13:52, 12 May 2023
- BVwG - W101 2132183-1 and W101 2132039-1 (category Article 15(3) GDPR) (section Use of online tools to provide access in line with Article 12 GDPR)personal data and information under Article 15 GDPR in his Google account, Google has not violated Article 15 GDPR concerning this data/information. As107 KB (17,615 words) - 09:42, 10 September 2021
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)notice in accordance with Article 58(2)(b) of the General Data Protection Regulation and an order in accordance with Article 58(2)(d) to bring the processing71 KB (11,552 words) - 13:40, 12 January 2024