Search results
From GDPRhub
- CJEU - C‑307/22 - Copies of Medical Records (category Article 23(1)(i) GDPR)the conditions the GDPR prescribes. The court agreed that Article 23(1)(i) GDPR places a limitation on the scope of Article 15 GDPR. Consequently the right10 KB (1,478 words) - 11:17, 2 November 2023
- Rb. Den Haag - AWB - 20 5680 (category Article 23(1)(i) GDPR)third parties who reported them, because of the right to privacy per Article 23(1)(i) GDPR of these third parties. The controller is the managing board of the12 KB (1,765 words) - 15:30, 12 January 2022
- Rb. Rotterdam - ROT 22/2125 (category Article 23(1)(i) GDPR)personal data. Last, the controller generally referred to Article 13(4), Article 14(5) and Article 23 GDPR for possible non-disclosure. The data subject found18 KB (2,609 words) - 15:20, 21 March 2023
- GHDHA - 200.290.360-01 (category Article 23(1)(i) GDPR)legislative measure that serves one of the objectives listed in Article 23, namely Article 23(1)(i) GDPR. After all, the Court of first instance notes, “compliance35 KB (5,770 words) - 07:13, 4 April 2022
- RVS - 201907404/1/A3 (category Article 23(1)(i) GDPR)it deemed the restrictions on the right of access (Article 15 GDPR]) according to Article 23(1)(h) GDPR legitimate after a reasonable balancing of the public40 KB (5,988 words) - 12:51, 9 December 2021
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- Articles 4(11), 6(1)(a), 7 and 8 GDPR. For the definition of 'consent', see the more commentary under Article 6(1)(a) GDPR and Article 7 GDPR. For the definition125 KB (16,328 words) - 16:01, 8 March 2024
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- LG Erfurt - 8 O 1280/21 (category Article 23 GDPR)obligations and rights resulting from Article 15 (3) sentence 1 in conjunction with Article 12 (5) GDPR under Article 23 (1) (i) GDPR Consider a national rule which15 KB (2,461 words) - 17:01, 24 August 2022
- Article 24 GDPR (category Article 24 GDPR) (section (1) Appropriate technical and organisational measures)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- additional benefit of Article 14(1)(d) GDPR may be questionable, if one agrees that Article 14(1)(c) (see commentary on Article 13(1)(c) GDPR) already requires47 KB (5,644 words) - 17:49, 5 March 2024
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 16 (available here) referring to Article 1(1)(b) Directive (EU) 2015/153537 KB (4,635 words) - 13:29, 24 October 2023
- cases (Article 4(23) GDPR), several supervisory authorities (SA) could be competent according to Article 55 GDPR. For this reason, Article 56(1) GDPR establishes55 KB (7,446 words) - 22:28, 1 April 2024
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- DSB (Austria) - 2020-0.436.002 (category Article 4(1) GDPR)access under Article 15(1)(h) GDPR applies to all kinds of profiling rather than only to automated decision making under Article 22(1) and (4) GDPR. The DPA28 KB (4,091 words) - 05:23, 14 August 2021
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)contrast to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not32 KB (3,730 words) - 08:43, 7 March 2024
- Article 85 GDPR (category Article 85 GDPR) (section (1) Reconciling data protection rules with freedom of expression)prevention (Article 23(1)(a-j) GDPR) allow for far fewer GDPR restrictions than those granted by freedom of expression. Article 85(2) GDPR poses one condition33 KB (3,748 words) - 14:25, 7 November 2023
- will not have to submit another request for erasure under Article 17(1)(b) GDPR. Article 7(4) GDPR provides some useful guidance on the factors to be taken31 KB (3,489 words) - 16:00, 8 March 2024
- Article 83 GDPR (category GDPR Articles) (section (i) where measures referred to in Article 58(2) have previously been ordered and complied with;)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- proceedings under Article 79(1) GDPR where no subjective rights under the GDPR are concerned. For example, a data subject cannot use Article 79(1) GDPR to bring31 KB (3,550 words) - 11:11, 29 November 2023
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 52 GDPR (category GDPR Articles) (section (1) Complete independence of supervisory authorities (SAs))this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- Article 97 GDPR (category Article 97 GDPR)recitals for Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out16 KB (778 words) - 08:24, 19 October 2023
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing of data (i) relies on19 KB (1,335 words) - 13:56, 24 October 2023
- Article 33 GDPR (category GDPR Articles) (section (1) Controller's notification in the event of a personal data breach)agreement on joint responsibility as required under Article 26(1) of the GDPR. Article 33(1) GDPR outlines that controllers (as defined above) have an54 KB (6,536 words) - 08:22, 16 June 2023
- complaint under Article 77(1) GDPR on behalf of the data subject and to represent the them before all supervisory authorities (“SA”) (Article 4(21) GDPR). Secondly26 KB (2,575 words) - 15:50, 9 November 2023
- must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller52 KB (7,297 words) - 08:05, 18 July 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 16 GDPR (category GDPR Articles)However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article23 KB (2,489 words) - 23:24, 6 March 2024
- the establishment of SAs are set out in Article 51(1) and 52 GDPR, Article 54(1)(a) GDPR repeats that these should be legislated for through a Member State's34 KB (3,649 words) - 13:19, 30 October 2023
- opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- bound by the GDPR in its entirety. For the derogation of Article 91 GDPR to become relevant, the following conditions must be fulfilled: (i) first, the25 KB (2,482 words) - 10:04, 19 March 2024
- framework of voluntary cooperation provided for in Article 62(1) GDPR is partly supplemented by Article 62(2) GDPR, which contains several cases in which joint22 KB (1,915 words) - 13:46, 15 January 2024
- other DPAs concerned. The BCR Lead the submits, following Article 64(1) GDPR and Article 64(4) GDPR, a draft decision to the EDPB. The EDPB, in turn, issues29 KB (2,823 words) - 15:15, 28 April 2022
- Article 42 GDPR (category GDPR Articles) (section (1) Defining certification mechanisms, data protection seals, and marks)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the41 KB (5,197 words) - 12:17, 17 April 2024
- Article 38 GDPR (category GDPR Articles) (section (1) DPO's involvement in any data protection issues)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- under Article 13 should not be too long. Article 12 GDPR may be limited by Union or national Law in accordance with Article 23 GDPR. Article 12(1) GDPR76 KB (11,304 words) - 08:37, 4 March 2024
- the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- basis of Article 6(1)(c) GDPR (i.e. processing is necessary for compliance with a legal obligation to which the controller is subject) or Article 6(1)(e) GDPR22 KB (2,177 words) - 10:01, 19 March 2024
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 53 GDPR (category GDPR Articles) (section (1) Authority appointing the members of the supervisory authority (SA))the SAs' tasks, please refer to Article 57 GDPR and for their powers please refer to Article 58 GDPR. See Recital 122 GDPR. In this respect, reference should29 KB (2,894 words) - 23:06, 1 April 2024
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- all sanctions mentioned in Chapter VIII GDPR, i.e. the damages under Article 82 GDPR and fines under Article 83 GDPR. In any case, should fines for conduct19 KB (1,477 words) - 14:12, 7 November 2023
- Article 78 GDPR (category GDPR Articles) (section (1) Right to an effective judicial remedy against an SA's decision)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- binding decision under Article 66 GDPR, at the request of the Hamburg SA which adopted provisional measures under Article 66(1) GDPR, based on its consideration20 KB (1,590 words) - 16:11, 2 November 2023
- Article 89 GDPR (category Article 89 GDPR) (section (1) Mandatory Appropriate Safeguards for Archiving Purposes in the Public Interest, Scientific or Historical Research Purposes,...)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)subjects - which would be counterproductive. Article 11 GDPR is meant to address this matter. Under Article 11(1) GDPR, when a processing operation does not or20 KB (1,854 words) - 16:32, 8 March 2024
- specific rules. Article 82 GDPR introduces a right to compensation for damage caused as a result of an infringement of the GDPR. Article 82(1) contains the33 KB (4,215 words) - 09:57, 19 March 2024
- compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- with the support of the EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph43 KB (5,641 words) - 14:58, 28 April 2022
- within the meaning of Article 72(1) GDPR. The GDPR does not contain detailed content requirements for the RoP. Article 74(2) GDPR only stipulates that the22 KB (2,266 words) - 08:26, 17 October 2023
- Article 70 GDPR (category Article 70 GDPR) (section (1) Tasks to ensure the consistent application of the Regulation)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 37 GDPR (category GDPR Articles) (section (1) Obligation to designate a data protection officer)surveillance cameras, it was therefore in breach of Article 37(1)(b) GDPR by not having a DPO. Article 37(1) GDPR specifies three conditions in which the designation43 KB (4,904 words) - 12:59, 21 July 2023
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- deadline of Article 36(1) GDPR, and it is still disputed whether the outcome of the procedure rather resembles that of Article 58(3)(a) GDPR or Article 58(3)(b)31 KB (3,646 words) - 08:51, 21 July 2023
- up. Indeed, the wording of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct44 KB (5,008 words) - 14:50, 28 July 2023
- mentioned in Article 26(1), but also encompasses other obligations of controllers under the GDPR. EDPB: This extends to various obligations under the GDPR, including37 KB (3,915 words) - 12:49, 24 May 2023
- self-determination: 1. In the context of modern data processing, the general right of personality under Article 2.1 in conjunction with Article 1.1 of the Basic18 KB (1,831 words) - 13:49, 3 November 2022
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)identifier) pursuant to Article 4(1) of the GDPR. c) Combination with other elements The fulfillment of Article 4(1) of the GDPR becomes even more apparent108 KB (17,097 words) - 13:52, 12 May 2023
- citizens and the full exercise of their rights". This article is found in Section I of Chapter II of Title I of the Constitution, which confers reinforced constitutional15 KB (1,875 words) - 16:18, 13 July 2022
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)million) kroner for violation of Article 44 of the data protection regulation. 1 Description of the supervisory matter 1.1 The processing The Swedish Privacy113 KB (12,773 words) - 15:20, 6 December 2023
- PHR - 22/01253 (category Article 23 GDPR)personal data in that assessment pursuant to Article 15(1) GDPR. However, Article 23(1)(i) GDPR and Article 41 UAVG provide the possibility of a restriction241 KB (42,617 words) - 14:14, 13 September 2022
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)connection with the violation of article/and 5.1. c); 6.1.; 13.1. (c);13.1(e) and13.2(a)AVG: r PAGE 01-00001582885-0002-0033-01- □1-� r L _JCourt of Appeal Brussels60 KB (9,144 words) - 16:17, 22 March 2022
- processing by the defendant can only be Article 6 (1) sentence 1 lit e) DSGVO (see b) or Article 6 (1) sentence 1 lit f) DSGVO (see c), the requirements51 KB (8,215 words) - 09:55, 13 May 2022
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)may not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data115 KB (12,842 words) - 08:38, 5 July 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the AEPD602 KB (102,229 words) - 14:21, 13 December 2023
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing49 KB (7,800 words) - 09:22, 5 January 2024
- VGH Baden-Württemberg - 1 S 397/19 (category Article 23(1)(c) GDPR)analogous to Article 18 (1)(a) GDPR the Court held that § 12 of the German Registration Law explicitly exludes the application of Article 18 (1)(a) GDPR. According112 KB (19,310 words) - 08:08, 23 June 2022
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.121 KB (13,722 words) - 15:16, 5 July 2023
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)provisions of article 83.1 of the GDPR. In order to determine the administrative fine to be imposed, the provisions of article 83.2 of the GDPR and article 76 of74 KB (11,726 words) - 13:02, 13 December 2023
- CJEU - Joined Cases C‑26/22 and C‑64/22 - SCHUFA (category Article 6(1) GDPR)interests under Article 6(1)(f) GDPR. On the erasure obligations under Article 17 GDPR, the CJEU held that under Article 17(1)(d) GDPR SCHUFA will be under15 KB (2,180 words) - 08:23, 13 December 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)the processing of personal data of Article 23(1) of Regulation 2018/1725, the EDPS recalled that, under Article 5(1)(b) of Regulation 2018/1725, processing61 KB (9,971 words) - 14:28, 4 January 2024
- HDPA (Greece) - 33/2020 (category Article 23 GDPR)presenting the principles of data processing of Article 5(1) GDPR, underlined that, based on Article 5(2) GDPR, it is the data processor's responsibility to20 KB (2,270 words) - 15:37, 6 December 2023
- AEPD (Spain) - EXP202209511 (category Article 6(1) GDPR)***NIF.1, for a violation of Article 6.1 and another of article 13 of the RGPD, typified in Article 83.5 letters a) and b) of the RGPD, a fine of €1,500 (€122 KB (3,257 words) - 13:28, 13 December 2023
- HDPA (Greece) - 20/2020 (category Article 6(1)(e) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- APD/GBA (Belgium) - 06/2019 (category Article 5(1)(c) GDPR)conformity with Article 5.1. c), Article 6.1., Article 13.1. c), Article 13.1. c), Article 13.1. e) and Article 13.2. a) of the DGPS pursuant to Article 101 of20 KB (3,137 words) - 16:51, 12 December 2023
- HDPA (Greece) - 56/2021 (category Article 13 GDPR)processing of personal data (Article 5(1) of the GDPR), must, in accordance with Article 12(1) of the GDPR. 1 of the GDPR, must take appropriate measures54 KB (8,916 words) - 15:22, 22 February 2022
- LG Köln - 33 O 376/22 (category Article 6(1)(b) GDPR)application 1.b., from §§ 1, 3 para. 1 no. 1, 4 UKlag in conjunction with §§ 307 para. 1, para. 2 no.1 in conjunction with Art. 5 para. 1 lit. a), Art66 KB (9,990 words) - 12:30, 29 January 2024
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)and Article 57(1)(a), Article 58(2)(d) and (i) in connection with Article 5(1)(a), (e) and (f) and (2), Article 24(1) and (2), Article 28, Article 30(1)(d)58 KB (9,357 words) - 10:02, 17 November 2023
- CNIL (France) - SAN-2020-012 (category Article 26(1) GDPR)in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection Act, provides: 1. Each supervisory93 KB (14,936 words) - 17:09, 6 December 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)be established on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data131 KB (14,752 words) - 08:36, 5 July 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)enshrined in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not270 KB (43,335 words) - 12:39, 13 December 2023
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)their processing, according to with article 21 par. 1 of the GDPR, which is based on article 6 par. 1 item or GDPR. In his reply dated 24-05-2022, the61 KB (10,257 words) - 10:15, 1 November 2023
- HDPA (Greece) - 11/2024 (category Article 17(1) GDPR)of 27 June 2017, Satakunnan M a r k k i n a p ö r s s i O y k a i S a t a m e d i a O y k a t a F i n l a n d i a s § 165). Also, in the same recent decision36 KB (5,761 words) - 17:19, 22 April 2024
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)breach of Article 32 of the GDPR has occurred. B. On the failure to notify the data breach to the CNIL 32. Pursuant to Article 33 (1) of the GDPR, in the26 KB (4,050 words) - 17:10, 6 December 2023
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)violating Article 5(1)(c) and Article 5(1)(e) GDPR. The DPA of Berlin fined Deutsche Wohnen SE for violating Article 5(1)(c) and Article 5(1)(e) GDPR, because36 KB (5,810 words) - 13:09, 21 January 2022
- HDPA (Greece) - 57/2021 (category Article 13 GDPR)pre-existing form of Article 11 of Law 3471/2006). However, with the provisions of article 16 par. 1 and 2 of law 3917/2011, par. 1 and 2 of article 11 of law 3471/200645 KB (7,165 words) - 15:22, 22 February 2022
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 5(1)(a) GDPR)the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR. As a result, the DPA issued52 KB (7,936 words) - 22:32, 2 March 2024
- AEPD (Spain) - EXP202301529 (category Article 17 GDPR)established in the articles 15 to 22 of the GDPR, regulated in article 64.1 of the LOPDGDD, according to the which: "1. When the procedure refers exclusively20 KB (3,078 words) - 13:05, 13 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)transmission in accordance with Art. 44 GDPR. I. Procedure: I.1. With a submission dated August 18, 2020, the BF1 lodged a complaint against the BF2 and158 KB (26,392 words) - 08:25, 7 June 2023
- AEPD (Spain) - EXP202201721 (category Article 6(1) GDPR)the violation of the GDPR: violation of article 6.1, violation typified in its article 83.5.a). IV Secondly, article 32 of the GDPR “Security of processing”79 KB (12,408 words) - 13:24, 13 December 2023
- HDPA (Greece) - 6/2020 (category Article 17(1) GDPR)compliance with the principles of Article 5 (1) GDPR. 4. As, in accordance with the provisions of Article 4 (c) (d).1 GDPR is personal data “any information29 KB (4,557 words) - 15:33, 6 December 2023
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)violations of Articles 5(1)(c) and 6 GDPR and Article 29(1) of Law 125(I)/2018. Concerning the violation of Article 29(1) of Law 125(I)/2018, the DPA took into31 KB (4,973 words) - 16:50, 6 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)with Art. 2 para. 1, Art. 1 para. 1 GG, Art. 17 para. 1 lit. d) DSGVO, because her personal data is stored according to Art. 6 para. 1 lit. f. DSGVO had143 KB (24,273 words) - 15:59, 10 March 2022
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)to in Article 5(1) LRN, under which the controller did not fall in. Therefore, the controller breached Article 5(1)(a) GDPR and Article 6(1) GDPR, in conjunction113 KB (17,325 words) - 08:50, 19 March 2024
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)of articles 38.1, 38.3, 39.1 a) and 39.1 b) of the GDPR; - to issue an injunction against Company A to comply with Article 38.1 of the GDPR, within four66 KB (9,458 words) - 19:42, 4 September 2021
- VG Wiesbaden - 6 K 788/20.WI (category Article 15(1)(h) GDPR)conditions of Article 6 (1) of the GDPR. This follows both from Article 21(1)(1)(2) of the GDPR, which refers to Article 6(1)(1)(e) and (f) of the GDPR as a possible52 KB (8,534 words) - 12:58, 15 December 2021
- BVwG - W258 2217446-1 (category Article 4(1) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO,79 KB (12,652 words) - 09:41, 10 September 2021
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) of the GDPR, Article 15(3) sentence 1 of the GDPR must be interpreted as meaning that, due to51 KB (8,592 words) - 07:03, 2 November 2021
- AEPD (Spain) - EXP202105680 (category Article 9 GDPR)very serious in article 72.1. e) from the LOPDGDD, with 10,000 euros. -article 13 of the GDPR, in accordance with article 83.5 b) of the GDPR, and for the66 KB (10,558 words) - 13:14, 13 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read131 KB (22,429 words) - 16:57, 12 December 2023
- AKI (Estonia) - 2.1.-3/19/4304 (category Article 15(1) GDPR)been destroyed. The individual complained before the DPA revoking Article 15(1) and (3) GDPR and the DPA to order the delivering of the requested information13 KB (2,032 words) - 10:30, 13 December 2023
- Norges Høyesterett - 2021-2403-A (category Article 5(1)(a) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- AEPD (Spain) - PS/00070/2019 (category Article 5(1)(a) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(a) GDPR)comply with section 5.1(b) of the MDR, and for failure to comply with section 5.1(a) of the MDR. and 5.1(b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the MDR35 KB (5,853 words) - 16:58, 12 December 2023
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)Art. 82 Para. 1, Para. 2, Art. 5 Para. 1 lit. a Var. 1, Article 6 paragraph 1 subparagraph. 1 lit. 1, Article 6 paragraph 1 subparagraph. 1 lit. a, Art.130 KB (21,874 words) - 09:43, 15 February 2024
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)is maintained under Article 6.1 b) to f) of the GDPR and therefore in Article 6.1.c) invoked in the species. Article 6.1 of the GDPR in fact reproduces73 KB (11,238 words) - 16:59, 12 December 2023
- DSB (Austria) - D123.921/0005-DSB/2019 (category Article 1(2) GDPR)processing, even if this is not expressly mentioned in Art. 15 (1) GDPR. - Art. 15 para. 1 lit. b GDPR The general information on the data categories processed42 KB (6,592 words) - 13:58, 12 May 2023
- Garante per la protezione dei dati personali (Italy) - 9446730 (category Article 5(1)(e) GDPR)ascertained, that pursuant to Article 166, paragraph 7, of the Code and Article 16, paragraph 1, of the Regulation of the Guarantor no. 1/2019, this measure should34 KB (5,420 words) - 15:51, 6 December 2023
- IMY (Sweden) - DI-2020-10561 (category Article 12(3) GDPR)Networks AB for violating Article 17 GDPR by not deleting personal data of the complainant without undue delay and Article 23 GDPR by providing incorrect17 KB (1,940 words) - 15:23, 6 December 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 5(1)(f) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA429 KB (58,279 words) - 09:12, 2 November 2022
- AEPD (Spain) - EXP202209001 (category Article 5(1)(c) GDPR)IMPOSE Ms. B.B.B., with NIF ***NIF.1, for a violation of the Article 5.1.c) and 13 of the RGPD, typified in Article 83.5 a) and b) of the RGPD, a fine22 KB (3,303 words) - 13:28, 13 December 2023
- Personvernnemnda (Norway) - 2021-03 (category Article 5(1)(a) GDPR)Ordinance Article 6 No. 1 letter f, for failure to assess protests, cf. Article 21, and for lack of information, cf. Article 13. 2. Pursuant to Article 58 (2)25 KB (4,046 words) - 18:37, 5 March 2022
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)lawfulness, the Litigation Chamber concludes that Article 5.1.a. of the GDPR in conjunction with Article 6 of the GDPR have not been complied with with regard to37 KB (5,765 words) - 09:53, 14 December 2023
- CNIL (France) - SAN-2020-056 (category Article 23(1) GDPR)is based on Article 9(2)(i) of the GDPR as mentioned above. 34. However, certain data referred to in the PIA are not mentioned in Article 2 of the draft43 KB (6,847 words) - 17:11, 6 December 2023
- VGH München – 11 ZB 19.991 (category Article 23(1)(d) GDPR)§ 166 para. 1 p. 1 ZPO § 114 para. 1 p. 1, § 121 para. 1 StVZO § 31a paragraph 1 p. 1, paragraph 3 Regulation (EU) 2016/679 Art. 5 para. 1 lit. d, Art31 KB (5,184 words) - 17:19, 15 April 2023
- From a legal point of view, it follows that D.1 The legal situation: D.1.1. infringement of Article 1(1) of the DSG 2000: A decision on this part of the28 KB (3,418 words) - 13:49, 12 May 2023
- BVwG - W211 2225136-1 (category Article 5 GDPR)objected to its processing pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore39 KB (6,244 words) - 09:40, 10 September 2021
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- Hoge Raad - ECLI:NL:PHR:2023:935 (redirect from Hoge Raad - 23/00030) (category Article 5(1)(c) GDPR)the Strijp-S housing complex in Eindhoven. It's agreed 1 Facts 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 that [plaintiff] directly to PME Investment Services103 KB (17,620 words) - 10:13, 29 November 2023
- Cass.Civ. - 14381/2021 (category Article 7 GDPR)indictment. Reasons for the decision I. - C o i p rim i q u a ttro m o tive, with n n e ssi, the vvo ca tu re applicant denounces: (i) om it exam and the decisive21 KB (3,076 words) - 12:50, 16 September 2021
- VG Mainz - 1 K 584/19.MZ (category Article 9(1) GDPR)they had to be revoked. 1. the warning issued in respect of Camera 1 (point 1 of the decision of 23 November 2018) is lawful Camera 1 films the area where58 KB (9,665 words) - 08:51, 25 November 2020
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- AEPD (Spain) - PS/00502/2020 (category Article 21 GDPR)registered on the Robinson List in breach of Article 48(1)(b) LGT and Article 21 GDPR in conjunction with Article 23(4) LOPDGDD. Avilon Center SL made an voluntary23 KB (3,590 words) - 14:45, 13 December 2023
- AEPD (Spain) - PS/00368/2020 (category Article 21 GDPR)company, Iberdrola Clientes, S.A.U for infringing Article 21 GDPR, Article 48(1)(b) LGT, and Article 23(4) LOPDGDD. The initial proposed fine was €1000021 KB (3,137 words) - 14:33, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)obligation according to Article 25(1) of the General Data Protection Regulation, because the controller had failed to implement Article 5(1)(a) of the General71 KB (11,552 words) - 13:40, 12 January 2024
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)contrary to the plaintiff's view - does not follow from Art. 82 (1) GDPR. Art. 82 (1) GDPR would probably be directly applicable in national law. The defendant28 KB (4,527 words) - 15:58, 26 April 2022
- OLG Nürnberg - 8 U 2907/21 (category Article 15(1) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 5(1)(f) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- Gerechtshof Amsterdam - 200.258.736/01 (category Article 15 GDPR)under 1] signed with [estate 1] states in article 13 that [brother of appellant under 1] any change to the must pass on ownership. On May 22, 2006, I became41 KB (7,150 words) - 12:30, 4 October 2021
- BVwG - W176 2244407-1/18E (category Article 15(4) GDPR)Administrative Court. 3. Legal Assessment 3.1. To dismiss the complaint 3.1.1. In accordance with Art. 15 Para. 1 GDPR, the data subject has the right to request48 KB (7,816 words) - 11:04, 29 July 2022
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)conditions laid down in Article 6(1), - processing as described above, and in particular one of the conditions laid down in Article 6(1). 1 AVG. It should be62 KB (10,509 words) - 16:58, 12 December 2023
- HDPA (Greece) - 23/2021 (category Article 5(1)(a) GDPR)Applicable provisions Article 5.1.a: Principle of legality, objectivity and transparency Article 5.1.b: Principle of limitation of purpose Article 5.2: Principle7 KB (845 words) - 13:29, 14 July 2021
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)Manifestation of the general right of personality, Article 2 Paragraph 1 GG in conjunction with Article 1 Paragraph 1 GG, or from Section 823 Paragraph 2 BGB in27 KB (4,216 words) - 13:26, 8 January 2024
- AKI (Estonia) - 2.1.-1/23/2891-5 (category Article 6(1)(a) GDPR)it was not possible to rely on Article 6(1)(a) GDPR. Secondly, the DPA recalled that, according to Article 6(1)(f) GDPR, processing of personal data on23 KB (3,657 words) - 11:23, 17 April 2024
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)the infringement of Article 5.1 c) AVG has been proven. f)Transparent information (Article 5.1(a); Article 12.1. and Article 13.1. and 13.2. AVG) 43.The48 KB (7,926 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00234/2020 (category Article 7 GDPR)AEPD concluded that the defendant could have breached Article 13 GDPR, Article 7 GDPR and Article 22(2) LSSI: there was no identification of the data controller47 KB (7,368 words) - 14:21, 13 December 2023
- AEPD (Spain) - PS/00334/2020 (category Article 6(1) GDPR)legitimate basis a violation of GDPR? The Spanish DPA considered that the processing of personal data was in breach of Article 6(1) GDPR, as the worker had processed16 KB (2,328 words) - 14:30, 13 December 2023
- AEPD (Spain) - PS/00235/2019 (category Article 6(1)(a) GDPR)infringed Articles 6.1 (a) and 5.1 (a) of the GDPR, in breach of Articles (a) and (a) of the GDPR¬, in accordance with Article 71 (1) (a) and (b) respectively24 KB (4,074 words) - 14:21, 13 December 2023
- AEPD (Spain) - PS/00278/2020 (category Article 5(1)(a) GDPR)images, in violation of Article 5(1)(a) GDPR? The Spanish DPA (AEPD) found that the defendant's conduct violated Article 5(1)(a) GDPR, as a broader principle28 KB (4,592 words) - 14:25, 13 December 2023
- LG Münster I - ECLI:DE:LGMS:2023:0704.16O238.22.00 (category Article 6(1)(f) GDPR)requirements of Art. 6 Paragraph 1 Sentence 1 Letter e GDPR and the requirements of Article 6 Paragraph 1 Sentence 1 Letter f GDPR do not apply in favor of the28 KB (4,215 words) - 15:09, 6 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "1. Each supervisory authority82 KB (13,463 words) - 17:03, 6 December 2023
- UODO (Poland) - DKN.5112.7.2020 (category Article 5(1)(a) GDPR)Survey". Justification . Pursuant to Article 78 paragraph 1, Article 79 paragraph 1 point 1 and Article 84 paragraph 1 point 1-4 of the Act of 10 May 2018 on29 KB (4,687 words) - 09:56, 17 November 2023
- LAG Baden-Württemberg - Sa 11/18 (category Article 23 GDPR)Section 34 (1) in conjunction with. § Section 29 (1) and (2) of the BDSG are based on the opening clause of Article 23 (1) (i) of the GDPR, according to18 KB (2,724 words) - 08:24, 14 March 2022
- HDPA (Greece) - 2/2023 (category Article 5(1) GDPR)protected by article 5 par. 1 item a) GDPR, in conjunction with Article 13 GDPR and b) directs a reprimand, according to article 58 par. 2 b) GDPR, to the complained31 KB (5,021 words) - 16:15, 18 July 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)with the principle of fair and transparent processing contained in Article 5(1)(a) GDPR? Is the information relating to personal data processing operations48 KB (7,404 words) - 17:09, 6 December 2023
- AEPD (Spain) - PS/00026/2021 (category Article 21 GDPR)processor, Vamavi Phone SL, had violated Article 48(1) LGT, Article 21 GDPR in link with Article 23 LOPDGDD and Article 28 GDPR by making a commercial call on behalf33 KB (5,185 words) - 13:48, 13 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)the data is not obtained from the interested party (article 14). Article 13 of the GDPR states: "1. When personal data relating to him or her is obtained29 KB (4,482 words) - 14:06, 5 March 2024
- NAIH (Hungary) - NAIH/2020/6484 (category Article 15(1)(a) GDPR)the general rule of Article 15 (1) (a), c) and d) of the GDPR by not giving substantive, specific answers to the request under Article 15 and by sharing27 KB (4,159 words) - 10:13, 17 November 2023
- OLG Frankfurt am Main - 13 U 206/20 (category Article 17(1) GDPR)by the plaintiff pursuant to Article 82(1) GDPR, since there have been violations of Article 6(1)(a) GDPR and Article 34 GDPR. The defendant also breached44 KB (7,334 words) - 09:02, 17 March 2022
- APD/GBA (Belgium) - 135/2022 (category Article 4(23) GDPR)held that the controller violated Article 12(1) GDPR, Article 12(2) GDPR, Article 15(1) GDPR and Article 15(3) GDPR. The controller had deleted the data39 KB (5,674 words) - 08:57, 29 June 2023
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)to injunctive relief from § 29 para. 1 sentence 1 no. 2 BDSG old version, but from § 29 para. 1 sentence 1 no. 1 BDSG old version, although the "basic121 KB (20,412 words) - 15:58, 10 March 2022
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)subjects required by Article 12.2. of the GDPR. 8.1.3. As for the breach of the principle of minimization (article 5.1 c) of the GDPR) 8.1.3.1. In view of the127 KB (21,484 words) - 17:01, 12 December 2023
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: Notification of the aforementioned start-up22 KB (3,319 words) - 13:00, 13 December 2023
- AEPD (Spain) - PS/00274/2020 (category Article 21 GDPR)Raise Marketing violated the data subject's right to object (Article 21 GDPR and Article 23 LOPDGDD). The DPA fined Raise Marketing €1500 for this violation16 KB (2,544 words) - 14:25, 13 December 2023
- OGH - 6Ob35/21x (category Article 4(1) GDPR)constitute personal data under Article 4(1) GDPR? If so, do they qualify as special categories of personal data under Article 9 GDPR? Is the defendant obliged27 KB (4,090 words) - 09:54, 10 September 2021
- Datatilsynet (Denmark) - 2020-31-4131 (category Article 2(1) GDPR)It follows from Article 32 (1) of the Data Protection Regulation 1, that data controllers and data processors, taking into account i.a. the nature, scope24 KB (3,651 words) - 16:38, 6 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2021:125 (category Article 54(1) GDPR)section 1, subsection 1, section 14, subsections 1–2, section 15, subsections 1 and 3. and subsection 4, 3 points, section 16, subsection 1, section 1846 KB (7,394 words) - 14:08, 21 March 2024
- HDPA (Greece) - 4/2020 (category Article 15(1) GDPR)parent's request, thus violating Article 15(1) and (4) GDPR as well as the principle of accountability pursuant to Article 5(2) GDPR. The complainant requested18 KB (2,865 words) - 15:33, 6 December 2023
- Datatilsynet (Norway) - 20/02291 (category Article 5(1)(f) GDPR)patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital45 KB (6,645 words) - 14:40, 28 March 2022
- AEPD (Spain) - PS/00006/2022 (category Article 12 GDPR)authorities in the article 57.1 and of the powers granted in article 58.1 of the GDPR, and of in accordance with the provisions of Title VII, Chapter I, Second Section54 KB (8,870 words) - 10:43, 13 December 2023
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)the exceptional circumstances of Article 23 (1) e GDPR in conjunction with Sections 32c (1) No. 1, 32b (1) sentence 1 No 1 a, sentence 2, § 32 paragraph 297 KB (16,519 words) - 09:57, 22 February 2023
- Garante per la protezione dei dati personali (Italy) - 9861249 (category Article 5(1)(a) GDPR)data under the GDPR. The Italian DPA started an investigation concerning potential violations of Articles 5(1)(a), 6, 13, 28(1) and 35 GDPR. The Italian87 KB (14,104 words) - 15:45, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542096 (category Article 58(2)(i) GDPR)a violation of Article 12(3) in relation to Article 15 GDPR. The Garante hence applied an administrative fine as per Article 83(5) GDPR. The amount of21 KB (3,092 words) - 15:54, 6 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 15(1) GDPR)on April 1, 2017 in the amount of €39.96, 14 Tariff B... increase on April 1, 2020 in the amount of €74.26, 15Tarif T... increase on April 1, 2017 in the40 KB (6,325 words) - 16:12, 18 May 2022
- appeal is admissible; however, it is not justified. Legal assessment 1.1 Paragraph 1328a(1) of the ABGB states Anyone who unlawfully and culpably encroaches24 KB (3,763 words) - 09:49, 14 December 2023
- CNIL (France) - Google Analytics (no case number) (category Article 4(23)(b) GDPR)be personal data per Article 4 GDPR. The CNIL then assessed whether the transfers of the data to the US comply with Article 44 GDPR. It considered whether40 KB (5,904 words) - 16:51, 24 February 2022
- OLG Stuttgart - 9 U 34/21 (category Article 82 GDPR)data breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal60 KB (10,254 words) - 11:22, 22 December 2021
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)the authority initiated proceedings for the alleged infringement of Article 5(1)(d) GDPR against the political party aforementioned. The Political party acknowledged26 KB (4,032 words) - 14:31, 13 December 2023
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(a) GDPR)data in violation of the Privacy Ordinance, Article 5 (1) (a) and (c), Article 6, Article 12 (1) and Article 13. The Authority requested in the notification31 KB (5,018 words) - 18:44, 5 March 2022
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)have entered into a breacha / 'article 14.1-2 combined' article 12.3, article 6, article 5.1, c) and articles 5.2 and 24.1-2 of the RGPO. It is therefore72 KB (11,389 words) - 08:59, 20 August 2021
- Datatilsynet (Denmark) - 2020-31-2757 (category Article 15(1) GDPR)medical consultant pursuant to Article 15 GDPR? The Datatilsynet held that the insurance company did act in line with Article 15 GDPR. The DPA did not consider16 KB (2,455 words) - 16:38, 6 December 2023
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- AP (The Netherlands) - 23.09.2021 (category Article 32(1) GDPR)which led to a (sensitive) data breach, in violation of Article 32(1) and Article 32(2) GDPR In Oktober 2019, a malicious third party gained unauthorized66 KB (8,861 words) - 17:08, 12 December 2023
- AEPD (Spain) - PS/00031/2020 (category Article 21 GDPR)services (hereinafter LSSI), in accordance with article 43.1 of said Law. II Article 85 of Law 39/2015, of 1 October, on the Common Administrative Procedure15 KB (2,411 words) - 13:49, 13 December 2023
- AEPD (Spain) - EXP202100282 (category Article 6(1) GDPR)S.A.U. with NIF A-65559296, for the alleged violation of article 6.1. GDPR typified in article 83.5.a) of the aforementioned RGPD. C / Jorge Juan, 6 www27 KB (4,108 words) - 13:32, 13 December 2023
- DSB (Austria) - 2022-0.332.606 (category Article 5(1)(a) GDPR)Section 4 (1) of the Data Protection Act (DSG), Federal Law Gazette I No. 165/1999 as amended; Article 8 and Article 52(1) of the Charter of Fundamental Rights21 KB (3,166 words) - 13:43, 12 May 2023
- AEPD (Spain) - PS/00365/2019 (category Article 58(1)(e) GDPR)violation of article 6.1. RGPD, typified in article 83.5.a), and article 31, in relation to article 58.1.e), both of the RGPD, typified in article 83.5.e) of86 KB (14,295 words) - 14:32, 13 December 2023
- OLG Koln - 15 U 45/23 (category Article 17(1) GDPR)database. The request for erasure under Article 17(1) GDPR is not applicable, because under Article 17(3)(e) GDPR, the processing was necessary for the defence26 KB (4,187 words) - 14:46, 8 May 2024
- AEPD (Spain) - PS/00484/2020 (category Article 6(1)(a) GDPR)messages. Is this a violation of Article 6(1)(a) GDPR? The AEPD held that this behaviour was a violation of Article 6(1)(a) GDPR and fined Vodafone €100,00027 KB (4,189 words) - 14:44, 13 December 2023
- AEPD (Spain) - PS/00220/2020 (category Article 5(1)(d) GDPR)fines of €50,000 on IBERDROLA CLIENTES, SAU for infringement of Article 5(1) GDPR and 17 GDPR respectively. A former IBERDROLA client complained to the Spanish28 KB (4,295 words) - 14:11, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)processing was therefore in breach of Article 5(1)(a) and Article 6(1)(c) of the GDPR. The DPA also ruled out Article 6(1)(f) on the grounds of domestic law:76 KB (11,147 words) - 16:58, 6 December 2023
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)lawfulness: (1) the consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the73 KB (11,604 words) - 16:57, 12 December 2023
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the processing30 KB (4,708 words) - 16:56, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)This behaviour was in violation of Article 31 GDPR. Thirdly, Company B was found to be in violation of Article 32(1) GDPR. This provision imposes an obligation55 KB (9,079 words) - 16:57, 6 December 2023
- IP - 07121-1/2020/1159 (category Article 6 GDPR)employer is lawful under Article 6(1)(b) GDPR (i.e. necessary for the performance of the employment contract) or Article 6(1)(c) GDPR (i.e. if there is a legal7 KB (1,028 words) - 11:05, 13 January 2021
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 5(1)(a) GDPR)applicable to the controller, including Articles 5(1)(a) and 6 GDPR. As a matter of fact, Articles 5(1)(a) and 6 GDPR set general principles and conditions of processing49 KB (7,758 words) - 15:44, 6 December 2023
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA206 KB (30,485 words) - 09:54, 14 December 2023
- AEPD (Spain) - PS/00189/2020 (category Article 58(2) GDPR)(LOPDGDD) in its article 72.1 m), under the rubric “Infractions considered very grave ”provides: "1. In accordance with the provisions of article 83.5 of Regulation22 KB (3,343 words) - 14:08, 13 December 2023
- Court of Appeal of Brussels - 2023/AR/801 (category Article 96 GDPR)Appeal considered that Article 96 GDPR does not provide a time limit for the validity of international agreements concluded prior GDPR and that a ban on some11 KB (1,467 words) - 09:40, 6 July 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)(definition) Article 5.1 : Principles of data processing Article 5.1.a : Principle of legality, objectivity and transparency Article 5.1.b : Principle9 KB (1,251 words) - 12:15, 8 May 2023
- APD/GBA (Belgium) - XX/2021 (category Article 17(1) GDPR)pursuant to Article 17.1 GDPR , and that the data controller subsequently confirmed the deletion of her account, as required by Article 12(3) and (4) 1 1. The17 KB (2,189 words) - 12:34, 3 August 2022
- UODO (Poland) - ZSPR.421.3.2018 (category Article 4(1) GDPR)pursuant to Art. 14 par. 5 lit. b GDPR? The President of UODO found that: 1) The applicable provision is the Art. 14 GDPR since the data controller collects52 KB (8,444 words) - 10:01, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9269618 (category Article 5(1)(f) GDPR)engines (see Annex 1 to note of 9 January 2019, p. 1); b) to be "aware of the dispersion of data on 12.12.2018" (see note of 9 January 2019, p. 1) and to have34 KB (4,967 words) - 15:46, 6 December 2023
- Persónuvernd (Iceland) - 2020061951 (category Article 5(1) GDPR)in Section I.3.2. Then the agency sent s.d. letter to the Science Ethics Committee and requested the explanations listed in section I.3.1.3.1.Replies of44 KB (7,044 words) - 08:42, 13 December 2021
- AEPD (Spain) - PS/00273/2020 (category Article 17 GDPR)B.B. with NIF *** NIF.1, with a fine of € 1,000 (thousand euros) for the violation of article 21 of the LSSI, typified in article 38.4.d) of the LSSI. SEVENTH:15 KB (2,337 words) - 14:24, 13 December 2023
- CNIL (France) - SAN-2022-022 (category Article 17(1)(a) GDPR)requests for information according to Article 15(1) GDPR. The ‘Business secrecy’ exception only applied to Article 15(4) GDPR, where a data subject would request59 KB (9,623 words) - 17:03, 6 December 2023
- Rb. Midden-Nederland - UTR- 20 817 en UTR 20 3081 (category Article 77 GDPR)arguments for the following reasons: 1) Article 78(2) GDPR defines the applicable time frame in line with Article 4:13(1) of the Dutch Administrative law.25 KB (3,954 words) - 13:39, 16 November 2020
- HDPA (Greece) - 51/2021 (category Article 21(1) GDPR)organization (definition) Article 5.1: Data processing principles Article 5.1.a: Principle of legality, objectivity and transparency Article 5.1. b: Principle of9 KB (1,168 words) - 15:30, 6 December 2023
- BVwG - W258 2227269-1/14E (category Article 5(1)(a) GDPR)violating Article 5(1) GDPR Article 6 (1) GDPR Article 6(4) GDPR Article 9 GDPR Article 14 GDPR Article 30 GDPR Article 35 GDPR and Article 36 GDPR. The fine47 KB (7,345 words) - 09:41, 10 September 2021
- AEPD (Spain) - PS/00069/2020 (category Article 6(1)(a) GDPR)consent of the respective data subject, therefore infringing Article 6(1)(a) GDPR. On 23 October 2019, a complaint was lodged before a court relating to20 KB (3,066 words) - 13:55, 13 December 2023
- AEPD (Spain) - PS/00174/2019 (category Article 5(1)(f) GDPR)organisation contravene Article 5(1)(f) GDPR? The AEPD found that the disclosure of her personal data to the 400 members violated Article 5(1)(f) GDPR. The AEPD stressed18 KB (2,714 words) - 14:07, 13 December 2023
- Personvernnemnda (Norway) - PVN-2022-22 (category Article 6(1) GDPR)processing of sensitive personal data under Article 9 GDPR and their lack of valid consent to do so under Article 6(1) GDPR. In 2020, the Norwegian Consumer Council91 KB (14,440 words) - 10:06, 17 November 2023
- AEPD (Spain) - EXP202206302 (category Article 6 GDPR)functions assigned to the control authorities in article 57.1 and the powers granted in the article 58.1 of Regulation (EU) 2016/679 (General Data Protection28 KB (4,608 words) - 13:27, 13 December 2023
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)//<![CDATA[(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]|| function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o)44 KB (6,642 words) - 10:34, 13 December 2023
- AEPD (Spain) - PS/00219/2019 (category Article 5(1)(d) GDPR)commerce (hereinafter LSSI), as provided in article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, on Administrative Procedure Common of Public37 KB (5,785 words) - 14:11, 13 December 2023
- AEPD (Spain) - PS/00205/2021 (category Article 6(1) GDPR)constitutes personal data according with Article 4(1) GDPR therefore its processing falls within the scope of GDPR. The DPA also analysed whether the controller28 KB (4,527 words) - 12:35, 13 December 2023
- AEPD (Spain) - PS/00085/2021 (category Article 6(1)(a) GDPR)A80907397, for the alleged violation of article 6.1. GDPR typified in article 83.5.a) of the aforementioned RGPD. 1. APPOINT Mr. D.D.D. as instructor. and28 KB (4,350 words) - 13:57, 13 December 2023
- the DPA provides: - (1) This section applies where, after a data subject makes a complaint under section 165 or Article 77 of the GDPR, the Commissioner (a)15 KB (2,203 words) - 14:39, 21 December 2023
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- AEPD (Spain) - PS/00070/2020 (category Article 5(1)(a) GDPR)publication of the judgment breach the GDPR? The AEPD held that the respondent’s actions violated the GDPR Article 5(1)(a) requirement that processing must43 KB (7,001 words) - 13:56, 13 December 2023
- FiS - 7565-20 (redirect from Förvaltningsrätten i Stockholm - 7565-20) (category Article 5(1)(b) GDPR)Google's request to overturn the Swedish DPA's decision on the company's Article 17 violations. However, the court reduced the fine imposed by the DPA from7 KB (849 words) - 14:23, 1 November 2022
- AEPD (Spain) - EXP202100897 (category Article 6(1) GDPR)basis for the processing (Article 21(1) GDPR). Finally, the DPA fined the controller €12,000 for a violation of Article 6(1) GDPR due to the lack of a valid72 KB (11,671 words) - 13:34, 13 December 2023
- AEPD (Spain) - EXP202201718 (category Article 32 GDPR)functions assigned to the control authorities in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) 2016/679 (General Data Protection10 KB (1,503 words) - 10:35, 13 December 2023
- AEPD (Spain) - EXP202102430 (category Article 32 GDPR)functions assigned to the control authorities in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es33 KB (4,835 words) - 13:26, 13 December 2023
- AEPD (Spain) - PS/00110/2020 (category Article 7 GDPR)infringed Article 7 of the GDPR and Article 6(3) of the Spanish Law on Data Protection and Digital Rights Guarantee (LOPDGDD), according to which, (i) commercial32 KB (4,992 words) - 14:00, 13 December 2023
- AEPD (Spain) - PS/00104/2020 (category Article 5(1)(f) GDPR)measures that would have implemented as required by Article 32(1) of Regulation (EU) For its part, Article 72(1)(i) of the LOPDGDD considers a very serious infringement36 KB (6,022 words) - 13:59, 13 December 2023
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for37 KB (5,721 words) - 12:41, 16 September 2021
- GHAL - 200.186.790/01 (category Article 6(1)(b) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)Sentence 1, Section 102 Paragraph 1 BetrVG, Section 17 Paragraph 2 Sentence 1 KSchG) on the consultation (e.g. Section 90 Paragraph 2 Sentence 1, Section40 KB (6,019 words) - 14:13, 28 November 2023
- AEPD (Spain) - PS/00474/2020 (category Article 21 GDPR)data subject has exercised their right to object under Article 21 GDPR. In the same way, Article 48(1)(b) of the Spanish General Telecommunications Act grants38 KB (5,945 words) - 12:14, 9 June 2021
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- AEPD (Spain) - PS/00452/2019 (category Article 6(1)(a) GDPR)resolution, i.e. "of the nullity or invalidity of all acts dealt with in the files E/004416/2018 and PS/00452/2019, pursuant to Article 47(1) and 48.1 of Law25 KB (4,037 words) - 14:55, 13 December 2023
- AEPD (Spain) - PS/00102/2021 (category Article 6(1) GDPR)(LOPDGDD) in its article 72, under the heading "Infractions considered very serious ”provides: "1. Based on what is established in article 83.5 of the Regulation21 KB (3,099 words) - 13:59, 13 December 2023
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)provided in article 5.1.f) and 32.1 of the GDPR (LCEur 2016, 605). It should be noted that the GDPR, without prejudice to the provisions of its article 83, contemplates195 KB (30,495 words) - 12:40, 13 December 2023
- AEPD (Spain) - PS/00114/2019 (category Article 6(1) GDPR)of articles 83.1 and 83.2 of the RGPD must be observed. In turn, pursuant to article 83. 2.k GDPR, the circumstances described in article 76 LOPDGDD may60 KB (10,197 words) - 14:01, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8979/162/21 (category Article 6(1) GDPR)the social and health authority of a city to have breached Article 6(1) GDPR and Article 10 GDPR by requesting data subjects to provide it with personal data19 KB (2,906 words) - 09:35, 4 March 2024
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)having knowledge of the following: 1.1 In general, marketing actions can be classified attending to several criteria. 1.1.1. Campaigns managed directly by287 KB (48,336 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00060/2020 (category Article 58(1)(a) GDPR)personal data under Article 15 GDPR? The Spanish DPA held that the airline company had not complied with the right to access in Article 15 GDPR when it refused23 KB (3,695 words) - 13:53, 13 December 2023
- Persónuvernd (Iceland) - 2020061954 (category Article 14(1) GDPR)according to Article 13? of Regulation (EU) 2016/679, cf. 1. tölul. Paragraph 1 Article 8 Act no. 90/2018 and item a of the first paragraph. Article 5 of the88 KB (14,189 words) - 09:58, 7 December 2021
- Court of Appeal of Brussels - 2021/AR/205 (category Article 6 GDPR)ensure the protection of the interests referred to in Article 23(1). objectives referred to in Article 23(1), the controller shall take into account when assessing92 KB (14,873 words) - 09:03, 20 August 2021
- HDPA (Greece) - 55/2021 (category Article 37(1) GDPR)Ministry of Tourism violated Article 33 GDPR by failing to report the aforementioned data breach, and Article 37(1) GDPR by not appointing a DPO (at the65 KB (10,533 words) - 10:28, 27 January 2022
- Persónuvernd - 2020010601 (category Article 4(1) GDPR)within the meaning of point 2. Article 3 Act no. 90/2018, 1. tölul. Article 4 Regulation (EU) 2016/679 and point 1. Article 2 Act no. 75/2019. On the other39 KB (6,351 words) - 09:52, 6 May 2021
- CNIL (France) - SAN-2021-003 (category Article 4(1) GDPR)paragraph of Article 87 of the Data Protection Act, Article I of Title III of the Act provides: this Title shall apply without prejudice to Title I er , data39 KB (6,015 words) - 17:11, 6 December 2023
- DSB (Austria) - D122.844/0006-DSB/2018 (category Article 12(5) GDPR)under Article 15 GDPR and demanded free access to the historic bank transaction data. The bank argued that this would be a misuse of Article 15 GDPR and19 KB (2,936 words) - 13:55, 12 May 2023
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)cites Articles 5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing31 KB (4,648 words) - 13:56, 12 May 2023
- DSB (Austria) - 2020-0.349.984 (category Article 5(1)(f) GDPR)Regulation, hereinafter: GDPR), ABl. No. L 119 of 4.5.2016 p. 1; §§ 1 Paragraph 1 and Paragraph 2, 18 Paragraph 1 and 24 Paragraph 1 and Paragraph 5 of the28 KB (4,228 words) - 14:00, 12 May 2023
- DSB (Austria) - 2020-0.816.655 (category Article 12(1) GDPR)4 line 16, Art. 12 para. 1, Art. 14 para. 1 to para. 5, Art. 15, Art. 51 para. 1, Art. 57 para. 1 lit. f and Art. 77 para. 1 of Regulation (EU) 2016/67928 KB (4,230 words) - 13:53, 12 May 2023
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)hereinafter "the defendant". Decision on the merits 145/2023 - 2/15 I. Facts and procedure I.1. Facts 1. The subject matter of the complaint concerns the sending39 KB (6,247 words) - 09:14, 15 November 2023
- AEPD (Spain) - PS/00291/2019 (category Article 6(1)(a) GDPR)Sections 1.1 and 1.2 of the first stipulation and section 2.2 of the second stipulation of the aforementioned contract state "FIRST.- OBJECT: 1.1 The purpose33 KB (5,396 words) - 14:26, 13 December 2023
- VG Regensburg - RN 9 K 19.1061 (category Article 77(1) GDPR)under Article 77(1) GDPR and subsequently the right of judicial remedy against the supervisory authority under Article 78(1) GDPR. Article 79 (1) GDPR provides94 KB (15,537 words) - 09:09, 25 August 2020
- DSB (Austria) - D130.206/0006-DSB/2019 (category Article 5(1)(a) GDPR)- the rectification of the violation of Article 13 GDPR would also rectify the violation of Article 5(1)(a) GDPR (principle of transparency) and therefore40 KB (6,007 words) - 13:59, 12 May 2023
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)point (e) of Article 6(1) of the GDPR. 48 If a data subject has objected to the data processing, it follows from Article 21(1) of the GDPR that compelling59 KB (8,242 words) - 10:47, 17 March 2021
- CNIL (France) - SAN-2020-015 (category Article 32(1) GDPR)private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA29 KB (4,374 words) - 16:03, 19 January 2024
- BVwG - W211 2210458-1/10 (category Article 2(1) GDPR)according to To 1): € 1.200,00 To 2): € 300,00 To 3): € 300,00 . . . In total: € 1.800 To 1): 3 days To 2): 1 day To 3): 1 day ... In total: 5 days Ad 1): Art.92 KB (15,435 words) - 16:00, 22 March 2022
- AEPD (Spain) - PS/00227/2020 (category Article 6(1) GDPR)Articles 6 and 13 GDPR? The AEPD decided to impose, for infringement of Article 6 GDPR, a fine of € 10000 and, for infringement of Article 13 GDPR, a fine of46 KB (7,230 words) - 14:20, 13 December 2023
- OLG Bremen - 1 W 18/21 (category Article 82 GDPR)damages were not fully presented. Article 82 GDPR presupposes damage. The asserted mere breach of the provisions of the GDPR is not sufficient for a claim7 KB (945 words) - 13:54, 20 September 2021
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- AEPD (Spain) - PS/00430/2018 (category Article 6(1)(f) GDPR)OF RIBADEDEVA ( *** POSITION 1) for an infraction of Article 6.1.f) of the GDPR, in accordance with Article 83.5 of the GDPR ”. In the face of it, no allegations40 KB (6,508 words) - 14:39, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)with the requirements of Article 13.1 and Article 13.1 and 2 of the GDPR (right to information) as regards the data subjects, i.e. employees and employees69 KB (11,315 words) - 13:30, 19 January 2022
- application of the requirements set out in Article 82 of the Data Protection Act is set out in Article 3, paragraph I, of the same Act, which states: "without73 KB (11,864 words) - 17:03, 6 December 2023
- AP (The Netherlands) - 25.11.2021 (category Article 5(1)(a) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- AEPD (Spain) - EXP202204881 (category Article 6(1) GDPR)for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On January 23, 2023, DIGI requests a copy of the55 KB (9,017 words) - 10:46, 13 December 2023
- TGI Paris - N° 14/07224 (category Article 5(1)(d) GDPR)offered and / or concluded after July 1, 2016, articles L.211-1, L.212-3, L.212-1, L.241-1, R.212-1 / 1 °, L .111-1, L.111-2, L.111-3, L.221-5, L.221-6,392 KB (67,730 words) - 15:27, 17 March 2022
- Recitals GDPR (section Recitals from the GDPR)practice. Recital 1: The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter182 KB (24,065 words) - 13:40, 9 July 2021
- APD/GBA (Belgium) - 72/2020 (category Article 5(1)(b) GDPR)articles 5.1.,b) juncto 24.1 and 9.2.a) juncto 7.3 of the RGPD; - that it is not necessary to pronounce one of the measures provided for in Article 100, §1 of34 KB (5,677 words) - 17:00, 12 December 2023
- Supreme Court - C.20.0323.N (category Article 5(1)(c) GDPR)minimisation under Article 5(1)(c) GDPR, and contrary to the obligation to obtain the freely given consent of the data subject under Article 6(1)(a) GDPR, when refusal43 KB (6,749 words) - 07:07, 28 October 2021
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 35(1) GDPR)regulation[1] article 5, subsection 2, cf. Article 5, subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1, and117 KB (18,075 words) - 10:19, 12 September 2022
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)accordance with Article 56 paragraph 1 of the Regulation. 23. Applying the cooperation and consistency mechanism provided for in Chapter VII of the GDPR, the CNIL56 KB (9,069 words) - 17:02, 6 December 2023
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)recorded such acts and uploaded the video to Instagram had infringed Article 6(1) GDPR, for processing personal data without a legitimate basis (namely without47 KB (7,616 words) - 14:35, 13 December 2023
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(a) GDPR)an infringement of Article 5 (1) a), b) and c) and (2) of the GDPR and Article 24 (1) of the GDPR; and - an infringement of article 8 of the law of 2143 KB (6,274 words) - 08:57, 29 June 2023
- Datatilsynet (Norway) - 20/02147 (category Article 24(1) GDPR)the lack of security routines, thus breaching Article 32(1)(b) cf. Article 5 GDPR, Article 35 and Article 24(1), respectively. Teachers at two junior high24 KB (3,591 words) - 18:57, 5 March 2022
- LG Krefeld - 2 O 448/20 (category Article 15(1) GDPR)regarded as an access request under Article 15(1) GDPR. According to Recital 63 GDPR, the right of access under Article 15 GDPR serves data subjects to be informed17 KB (2,758 words) - 14:10, 15 December 2021
- AEPD (Spain) - PS/00356/2020 (category Article 6(1) GDPR)commerce (hereinafter LSSI), as provided in article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, on Administrative Procedure Common of Public26 KB (3,848 words) - 14:31, 13 December 2023
- EWHC (UK)- QB- Soriano v Forensic News LLC (category Article 3(1) GDPR)conferred by article 79(2) of the GDPR. This is the relevant provision for the purposes of para 3.1(20) of CPR Practice Direction 3B. Article 79(2) provides:108 KB (18,178 words) - 11:57, 29 November 2021
- AEPD (Spain) - EXP202211953 (category Article 5(1)(a) GDPR)adequate information under Article 13 GDPR, and for the processing of personal data in a manner contrary to Article 5(1)(a) of the GDPR. A data subject submitted85 KB (13,042 words) - 12:42, 13 December 2023
- AEPD (Spain) - PS/00197/2020 (category Article 5(1)(b) GDPR)Articles 6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the129 KB (21,793 words) - 14:09, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 5(1)(b) GDPR)of Articles 5.1.a, 5.1.b, 6.1.c), 6.3, 9.2.i), 12.1, 13.1.c), 13.2.a), 13.2.d), 13.2.e), 30.1.a) and 30.1.d), 35.1 and 35.7 of the GDPR 9. The applicant83 KB (13,694 words) - 09:53, 14 December 2023
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)there is no violation of articles 5.1(c), 5.1(d), 5.1(e) and 5.1(f). Articles 5.1(c), (d) and (f), 5.2, 12, 16, 24, 25, 30.1, 31, 32, 38.3 and 38.6 of the AVG90 KB (14,937 words) - 12:35, 3 August 2022
- UODO (Poland) - ZSZZS.440.768.2018 (category Article 5(1)(c) GDPR)connection with Article 5 paragraph 1 point c, Article 9 paragraph 1, Article 58 paragraph 2 point f, point g and point i and with Article 83 paragraph 232 KB (5,139 words) - 10:02, 17 November 2023
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the77 KB (11,604 words) - 08:55, 29 June 2023
- AEPD (Spain) - PS/00206/2020 (category Article 6 GDPR)thealleged infringement of Article 6 of the RGPD, typified in Article 83.5 a) of the RGPDand considered very serious in 72.1.a), for the purposes of prescription20 KB (3,078 words) - 14:10, 13 December 2023
- Gerechtshof Amsterdam - 200.251.466/01 (category Article 21 GDPR)request under Article 21 GDPR can be made at any time and several times. It also found that a provisional measure can be granted under Article 21 GDPR if an urgent19 KB (3,021 words) - 15:48, 15 March 2022
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter GDPR), and C/49 KB (7,973 words) - 13:25, 13 December 2023
- CE - N° 430810 (category Article 6(1)(a) GDPR)referred to in Article 64(1) or does not follow the opinion of the Committee issued under Article 64". 8. The investigation shows that, on 1 June 2018, the42 KB (6,800 words) - 09:50, 10 September 2021
- AEPD (Spain) - PS/00389/2019 (category Article 5 GDPR)LEGAL GROUNDS I By virtue of the powers conferred on each individual by Article 58(2) of the GPRS, the authority, and in accordance with Article 47 of Organic31 KB (4,819 words) - 14:34, 13 December 2023
- law--> |GDPR_Article_1=Article 12(5) GDPR |GDPR_Article_Link_1=Article 12 GDPR#5 |GDPR_Article_2=Article 15 GDPR |GDPR_Article_Link_2=Article 15 GDPR |GDPR_Article_3=Article32 KB (6,006 words) - 16:33, 7 July 2021
- law--> |GDPR_Article_1=Article 12(5) GDPR |GDPR_Article_Link_1=Article 12 GDPR#5 |GDPR_Article_2=Article 15 GDPR |GDPR_Article_Link_2=Article 15 GDPR |GDPR_Article_3=Article34 KB (5,924 words) - 18:14, 20 April 2021
- AEPD (Spain) - PS/00268/2022 (category Article 5(1)(f) GDPR)According to Article 72.1 LOPDGDD, the violation of data processing principles under Article 5 GDPR was considered very serious. Considering Article 25(1) GDPR63 KB (9,551 words) - 12:33, 13 December 2023
- AEPD (Spain) - PS/00266/2019 (category Article 13 GDPR)referred to as the ISESA), as provided for in Article 43.1 of the said Act. II Article 85 of Law 39/2015 of 1 October 1995 on the Common Administrative Procedure28 KB (4,459 words) - 14:23, 13 December 2023
- AP (The Netherlands) - 10.12.2020 (Booking.com) (category Article 33(1) GDPR)in Annex 1 in category I, category II or category III. In Annex 1, Article 33(1) of the AVG is classified as category III. Pursuant to Article 2 (2.3),77 KB (12,915 words) - 17:15, 12 December 2023
- AEPD (Spain) - PS/00386/2019 (category Article 7 GDPR)*** URL.1 , a penalty of 3,000 euros (three thousand euros), for in-fraction of article 22.2) of the LSSI Law, typified as “slight” in article 38.4.g)of16 KB (2,335 words) - 14:33, 13 December 2023
- AEPD (Spain) - PS/00268/2019 (category Article 13 GDPR)specific enough and did not comply with Article 13 GDPR. Does the lack of precision enough to infrige Article 13 GDPR? The AEPD found that the information28 KB (4,435 words) - 14:23, 13 December 2023
- OGH - 6Ob159/20f (category Article 12(1) GDPR)under Article 15 GDPR to the defendant and requested i.a. information on concrete recipients of their personal data under Article 15(1)(c) GDPR. The defendant22 KB (3,310 words) - 07:44, 5 October 2021
- LG Feldkirch - 57 Cg 30/19b - 15 (category Article 9(1) GDPR)and GDPR? Is a prediction of a political affiliation a "special category of data" under Article 9(1) GDPR? How much are the damages under Article 82 GDPR69 KB (11,077 words) - 16:48, 7 March 2022
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)rely on Article 6(1)(b) GDPR in the context of its offering of the Instagram Terms of Use, and to include an infringement of Article 6(1) GDPR” (Para 137)468 KB (51,340 words) - 14:10, 30 January 2023
- AEPD (Spain) - EXP202203996 (category Article 15 GDPR)in accordance with the provisions of section 2 of article 56 in in relation to section 1 f) of article 57, both of Regulation (EU) 2016/679 of the European26 KB (4,017 words) - 12:37, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 5(1)(a) GDPR)for fraud prevention under Article 6(1)(f) GDPR. Did the company’s policy breach Article 6 or any other articles of the GDPR? The Garante held that the33 KB (5,342 words) - 15:52, 6 December 2023
- APD/GBA (Belgium) - 73/2020 (category Article 38(1) GDPR)plain. The word "concise" in Article 12(1) GDPR, however, does not mean incomplete, all mandatory information from Article 13 GDPR must still be included. The93 KB (14,040 words) - 17:00, 12 December 2023
- AEPD (Spain) - PS/00044/2020 (category Article 13 GDPR)of article Article 24.1, and in relation to the obligations referred to in the previous section, The information obligation provided for in Article 5 of39 KB (6,270 words) - 13:51, 13 December 2023
- Persónuvernd (Island) - 2022020363 (category Article 28(1) GDPR)according to Article 8, Article 23. and paragraph 1 Article 25 Act no. 90/2018, cf. Article 5, paragraph 1 Article 24 and paragraph 1 Article 28 of regulation142 KB (22,881 words) - 12:42, 16 January 2024
- (Article 57, 1., a) GDPR), and the performance of all other related tasks with the protection of personal data (Article 57, 1., v) GDPR). 10 49. In that respect35 KB (5,303 words) - 17:01, 12 December 2023
- AP (The Netherlands) - z2018-02009 (category Article 32 GDPR)(hereinafter: the GDPR) applies on 25 May 2018 become. The GDPR imposes the same obligation in Article 32, paragraph 1, as it applied under Article 13 6. The UWV33 KB (5,112 words) - 17:10, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/1111 (category Article 3(1) GDPR)ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of37 KB (5,919 words) - 08:54, 20 August 2021
- Datatilsynet (Denmark) - 2019-32-0988 (category Article 5(1)(e) GDPR)Agency's decision 3.1. Authorization to record telephone conversations 3.1.1. Pursuant to Article 9 (1) of the Data Protection Regulation 1, there is in principle45 KB (7,151 words) - 16:24, 6 December 2023
- APD/GBA (Belgium) - 10/2019 (category Article 5(1)(b) GDPR)been taken up in Article 5(1)(b) of the GDPR under the Principles relating to the processing of personal data (Chapter II). Article 5(1)(b) of the RGPD32 KB (5,190 words) - 16:51, 12 December 2023
- AEPD (Spain) - PS/00335/2020 (category Article 5(1)(f) GDPR)protocols. This therefore breached Article 5(1)(f) GDPR and Article 32 GDPR. The initial sanction for infringing Article 5(1)(f) was a fine of €5000 and the34 KB (5,427 words) - 14:30, 13 December 2023
- LG München - 31 O 16606/20 (category Article 5(1)(f) GDPR)subject pursuant to Article 82(1) GDPR, for a theft of their personal identity and financial data, because it violated Article 32(1) GDPR which led to a data25 KB (4,028 words) - 07:10, 8 February 2022
- AN - 578/2021 (category Article 5(1)(d) GDPR)its part, art. 58.2.i) of the RGPD provides: "2. Each control authority will have all the following corrective powers listed below: 1. impose an administrative26 KB (4,277 words) - 09:18, 26 July 2021
- APD/GBA (Belgium) - 136/2023 (category Article 5(1)(f) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- AEPD (Spain) - PS/00449/2019 (category Article 5(1)(b) GDPR)with NIF G08564379, an infringement of article 5.1.b) GDPR, typified in Article 83.5 GDPR, in relation to Article 72.1 a) of the LOPDGDD, a fine of 5000 euros19 KB (2,862 words) - 14:43, 13 December 2023
- CNIL (France) - SAN-2023-0076 (category Article 5(1)(b) GDPR)instance, the controller sought to rely upon Article 6(1)(e) GDPR and Article 9(2)(j) GDPR. Article 6(1)(e) GDPR establishes a lawful basis for the processing19 KB (2,826 words) - 17:01, 6 December 2023
- Datatilsynet (Norway) - 20/01879 (category Article 32(1)(b) GDPR)highly sensitive personal data exposed, thus breaching Article 32(1)(b) GDPR and Article 32(2), cf. Article 24. An employee in a municipal health care center30 KB (4,302 words) - 18:53, 5 March 2022
- CNIL (France) - SAN-2023-016 (category Article 5(1)(b) GDPR)breached Article 5(1)(b) GDPR. Therefore, the DPA handed down a 'call to order' against the joint controllers for breaching Article 5(1)(b) GDPR, and no27 KB (4,166 words) - 17:06, 6 December 2023
- AEPD (Spain) - PS/00315/2020 (category Article 28 GDPR)03/31/2020, a written letter is sent to the respondent, *** ADDRESS.1, *** LOCALITY.1 (*** PROVINCE.1), address of the Mer- cantil, giving result "Returned to Origin62 KB (10,401 words) - 14:35, 21 November 2023
- HDPA (Greece) - 12/2024 (category Article 17(1) GDPR)60 of the GDPR does not apply the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR and 13 para37 KB (5,933 words) - 16:53, 19 April 2024
- NAIH (Hungary) - NAIH/2020/2555 (category Article 4(1) GDPR)Fees. Act (hereinafter: Act I ) 45 / A. § (1). From the advance payment of the fee, the Itv. Section 59 (1) and Section 62 (1) (h) shall release the party33 KB (5,033 words) - 10:12, 17 November 2023
- APD/GBA (Belgium) - 19/2020 (category Article 5(1)(b) GDPR)f) GDPR) (and the obligations arising from it – Article 32 GDPR) and the principle of purpose (Article 5 § 1 b) GDPR) which the principle of security guarantees39 KB (6,246 words) - 16:55, 12 December 2023
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)breach of the obligation to inform pursuant to Article 14 of the GDPR 20. According to Article 14 of the GDPR: 1. Where personal data has not been collected48 KB (7,525 words) - 17:02, 6 December 2023
- AEPD (Spain) - PS/00245/2019 (category Article 5(1)(a) GDPR)Articles 5(1)(a) GDPR and 13 GDPR. On the other hand, they disagreed with the infringement of Article 5(1)(a) GDPR in relation to Article 9(1) GDPR with regard116 KB (18,941 words) - 14:21, 13 December 2023
- Tribunal da Relação de Coimbra - 4354/19.7T8CBR-A.C2 (category Article 4(1) GDPR)to privacy, namely, personal data that are protected by Article 9(1) and 9(2)(f) of the GDPR (i.e. union dues, insurance and alimony payments and absences30 KB (4,858 words) - 09:58, 6 October 2021
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- Personvernnemnda (Norway) - 2022-13 (21/00481) (category Article 5(1)(f) GDPR)controller) about €352,555 (NOK 4,000,000) for violating Article 5(1)(f) GDPR, Article 24 GDPR and Article 32 GDPR after a serious ransomware attack led to highly45 KB (6,913 words) - 12:13, 15 March 2023
- Rb. Noord-Nederland - C/ 18/189406/HA ZA 19-6 (category Article 5(1)(f) GDPR)loss of control of personal data and a breach of Article 5(1)(f) GDPR, Article 6 GDPR and Article 32(2) GDPR. The first complainant is a company that is engaged105 KB (18,002 words) - 16:24, 10 March 2022
- Rb. Gelderland - C/05/391171 / HA RK 21-135 (category Article 5(1)(c) GDPR)the other grounds from Article 6(1) of the GDPR do not apply. For example, according to [applicant], Article 6(1)(c) of the GDPR does not apply because56 KB (9,287 words) - 16:00, 26 January 2022
- LG Bonn - 29 OWi 1/20 (category Article 32(1) GDPR)83(4)(a) GDPR in conjunction with [Article 32(1) GDPR. Article 32 (1) GDPRby failing, at least with gross negligence, to ensure processes for sufficient authentication58 KB (9,577 words) - 08:06, 16 September 2021
- AEPD (Spain) - PS/00406/2020 (category Article 6(1)(f) GDPR)violation of article 6.1. f) of the RGPD, in relation with article 20.1 c) of the LOPDGDD, typified in article 83.5.a) of the cited GDPR That by writing36 KB (5,582 words) - 14:35, 13 December 2023
- EWHC (UK) - Johnson v Eastlight Community Homes Ltd (category Article 82 GDPR)principles to the GDPR; (b) The effect (if any) of the remaining claims Article 5(1)(f) GDPR (the data security principle), the Article 8 claim and46 KB (7,676 words) - 10:45, 7 December 2021
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)((articles 5. 1, a) GDPR , 12.1 GDPR and 14.1 a) and c) GDPR) and how the accountability obligation was fulfilled (art 5.2 GDPR and 24 GDPR). The parties102 KB (15,787 words) - 07:39, 6 September 2023
- UODO (Poland) - DKN.5131.6.2020 (category Article 33(1) GDPR)Article 57 (1) (a), Article 58 (2) (e) and (i), Article 83 (1) - (3) and Article 83 (4) (a) in connection with Article 33 (1) and Article 34 (1), (2) and66 KB (10,785 words) - 10:00, 17 November 2023
- GHAL - 200.256.426 (category Article 6(1)(f) GDPR)on legitimate interests according to Article 6(1)(f) GDPR and that Ziggo had to comply with Article 6(4)(d) GDPR. The Court found that DFW had a legitimate40 KB (6,777 words) - 16:28, 15 March 2022
- CNIL (France) - SAN-2023-076 (category Article 14 GDPR)communications under Article 14 GDPR were not legally necessary, as in the present case, Article 23 GDPR restrictions were applicable. Article 23 GDPR establishes36 KB (5,524 words) - 17:01, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9795350 (category Article 5(1)(a) GDPR)required by Article 12 GDPR. The DPA clarified that the right of information and the right of access are distinct. An access request under Article 15 GDPR is not90 KB (14,651 words) - 08:07, 5 September 2022
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)Justification 3.1.1. Regarding the purpose limitation findings (Article 5.1 b) GDPR) and the lawfulness of processing (Article 6.1 GDPR) 12. In its report82 KB (13,250 words) - 16:57, 12 December 2023
- APD/GBA (Belgium) - 15/2021 (category Article 15(1) GDPR)(see “1.2.4- As regards the complaint according to which the defendant hadless time than the complainant to prepare his arguments ”).1.1.1. Place1.1.1.1.-85 KB (13,724 words) - 16:52, 12 December 2023
- UODO (Poland) - DKE.561.11.2020 (category Article 57(1)(a) GDPR)and Article 57(1)(a), Article 83(1)-(2) and Article 83(6) in connection with Article 58(2)(e) and (i) of the Regulation of the European Parliament and of46 KB (7,322 words) - 09:51, 17 November 2023
- Court of Appeal of Brussels - 2020/AR/1333 (category Article 5(1)(a) GDPR)5- □ 1-i; -J L ..J Brussels-2020 Court of Appeal / AR / 1333 p. 3 breach of articles 5.1.a} and 5.1.b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the GDPR read51 KB (7,792 words) - 11:43, 24 January 2022
- AEPD (Spain) - PS/00280/2022 (category Article 5(1)(f) GDPR)means of processing the personal data. The DPA found a breach of Article 5(1)(f) GDPR since the personal data of the data subject were disclosed to a third30 KB (4,551 words) - 11:51, 9 February 2023
- APD/GBA (Belgium) - 154/2023 (category Article 5(1)(b) GDPR)principle (Article 5.1 b) GDPR) and the principle of minimum data processing (Article 5.1 c) GDPR). This follows from both provisions of the GDPR camera surveillance21 KB (3,034 words) - 15:30, 26 January 2024
- IP - 0610-376/2020/35 (category Article 13(1) GDPR)pursuant to Article 54 of ZVOP-1, points (a), (d) and (f) of Article 58 (2) of the General Regulation, Articles 29 and 32 of the ZIN and Article 221 ZUP,110 KB (17,995 words) - 11:15, 22 April 2021
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- AKI (Estonia) - 2.1-1/19/4627 (category Article 6 GDPR)challenge 1/23/2020 The contested administrative act or operation Procedure of the Data Protection Inspectorate 22.01.2020 Decision No 2.1-1 / 19/462716 KB (2,456 words) - 10:29, 13 December 2023
- APD/GBA (Belgium) - 170/2023 (category Article 24 GDPR)action under article 100, § 1, 1° of the st LCA, since no violation of the GDPR can be found in this regard. In accordance with article 108, § 1 of the LCA24 KB (3,525 words) - 15:29, 26 January 2024
- CNIL (France) - SAN-2023-018 (category Article 37(1)(a) GDPR)data protection officer pursuant to Article 37(1)(a) of the GDPR 13. In law, Article 37, paragraph 1, a) of the GDPR provides that “The controller and the22 KB (3,384 words) - 13:25, 24 January 2024
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- AEPD (Spain) - PS/00183/2022 (category Article 5(1)(d) GDPR)"Principles of Data Protection", article 4.1 of the LOPDGDD determines: "4. Data accuracy. 1. In accordance with article 5.1.d) of Regulation (EU) 2016/67963 KB (10,203 words) - 13:01, 13 December 2023
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861827 (category Article 5(1)(a) GDPR)violated Article 12 GDPR, as it did not facilitate the data subject´s exercise of their rights, especially the right to erasure under Article 17 GDPR. In view87 KB (14,525 words) - 15:45, 6 December 2023
- AEPD (Spain) - PS/00339/2019 (category Article 5(1)(f) GDPR)Agency. The reasons on which the complaint is based are "I am sending you this complaint because I have asked the National Institute of Statistics (INE) to18 KB (2,781 words) - 14:30, 13 December 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- Commissioner (Cyprus) - 11.17.001.010.007 (category Article 5(1)(c) GDPR)intention to infringe either article 5(1)( c) or article 34(1) of the GDPR. Legal framework 8.1. Pursuant to Article 5(1)(c) of the GDPR “Personal Data shall be:20 KB (3,082 words) - 13:42, 31 January 2024
- AEPD (Spain) - PS/00324/2019 (category Article 13 GDPR)IMPORTANT TO ME. In this privacy statement I explain what personal data I collect from my users and how I use it. I encourage you to read these terms carefully22 KB (3,480 words) - 14:28, 13 December 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)violation of Article 6(1)(e) and 6(1) GDPR - The lack of information on the identity of the controller and the DPO amounts to a violation of Article 13(1)(a) and81 KB (13,211 words) - 16:59, 12 December 2023
- BVwG (Austria) - W211 2268942-1 (category Article 55(3) GDPR)accordance with Section 1 Paragraph 1 of the GDPR by not observing the principles in accordance with Articles 5 and 6 of the GDPR. The complaint in question75 KB (12,118 words) - 15:46, 14 February 2024
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)principle, namely the breaches of articles 5-1-c), 5 -1 e), 13, 32 and 35-1 of the GDPR; no breach of Article 6 of the GDPR and of Directive 2002/58 / EC of the61 KB (10,028 words) - 17:09, 6 December 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.00085 KB (12,340 words) - 15:30, 19 August 2022
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)Motifs 3.1 Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG,96 KB (15,396 words) - 16:50, 12 December 2023
- Commissioner (Cyprus) - 11.17.001.010.201 (category Article 5(1)(a) GDPR)consent [Article 6(1)(a)], due to the nature of the employer-employee relationship.' 3. Rationale 3.1 Definitions 3.1.1 According to Articles 4(1) and 4(2)23 KB (3,737 words) - 10:30, 7 June 2023
- HDPA (Greece) - 53/2022 (category Article 5(1)(a) GDPR)his compliance with the principles of article 5 par. 1 of the GDPR. 5. Furthermore, Article 6 para. 1 of the GDPR provides, among other things, that the50 KB (8,004 words) - 04:49, 14 December 2022
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 5(1)(f) GDPR)subparagraphs b '. y '. d 'and e' of par. 1 of article 5 as well as of article 6 par. 1ΓΚΠΔ ... ». 3. Reasoning 3.1. The data contained in an insurance policy61 KB (9,412 words) - 16:52, 6 December 2023
- DSB (Austria) - 2021-0.347.702 (category Article 6(1)(f) GDPR)2016 p. 1; § 1 paragraph 1 and 2, § 18 paragraph 1 and § 24 paragraph 1 and paragraph 5 of the Data Protection Act (DSG), Federal Law Gazette I No. 165/199925 KB (3,875 words) - 10:36, 11 January 2024
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant 1, cannot suffice84 KB (12,933 words) - 16:46, 12 December 2023
- APD/GBA (Belgium) - 11/2024 (category Article 5(2) GDPR)established in Article 12(3) and (4) GDPR. Therefore, the Belgian DPA found the controller to have breached Article 15 GDPR in conjunction with Article 12(3) and26 KB (3,856 words) - 08:51, 19 March 2024
- HDPA (Greece) - 20/2022 (category Article 12(3) GDPR)violation of article 17 in combination with article 21 par. 3 and article 12 paragraph 3 of the GDPR and article 25 paragraph 1 of the GDPR. For its judgment16 KB (2,374 words) - 11:46, 18 August 2022
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)health data, recorded in copies Article 6 (1) of the GDPR and, in the case of health data, Article 9 of the GDPR. Article 1 (1); (3) did not provide clear72 KB (11,159 words) - 10:09, 17 November 2023
- Helsingin hallinto-oikeus (Finland) - H5259/2022 (category Article 6(1)(c) GDPR)6, Subsection 1, Clauses 1, 2 and 7 of the Data Protection Act, Article 9, Clause 1 of the Data Protection Regulation does not apply: 1) information obtained43 KB (6,678 words) - 08:41, 4 March 2024
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)found that the right to a copy under Article 15(3) GDPR is independent from the right to access under Article 15(1) GDPR and is to be construed extensively42 KB (6,689 words) - 08:30, 21 November 2022
- HDPA (Greece) - 12/2022 (category Article 5(1)(a) GDPR)lawfulness, fairness and transparency under Article 5(1)(a) GDPR, and the principle of accountability under Article 5(2) GDPR. Additionally, the HDPA held that the46 KB (7,390 words) - 08:07, 1 April 2022
- AEPD (Spain) - PS/00425/2019 (category Article 5(1)(f) GDPR)respondent for the alleged breach of Article 5 (1) (f) of the GDPR, as set out in Article 83 (5) of the GDPR. FOURTH:On 23 January 2020, the abovementioned14 KB (2,140 words) - 14:39, 13 December 2023
- AEPD (Spain) - PS/00212/2019 (category Article 32 GDPR)typified in article 83.4 of the RGPD and is qualified as serious in article 73.1 g) of the LOPDPGDD for prescription purposes.III Article 58.Article 58.2 of17 KB (2,518 words) - 14:11, 13 December 2023
- AEPD (Spain) - PS/00322/2020 (category Article 5(1)(f) GDPR)data integrity, security and confidentiality under Article 5(1)(f) GDPR. For the violation of Article 32, the AEPD issued the law firm with a reprimand26 KB (3,840 words) - 14:28, 13 December 2023
- AEPD (Spain) - EXP202203914 (category Article 6(1) GDPR)correspond would be for the infringement of article 6.1 of the GDPR, typified in article 83.5 a) of the GDPR, the sanction that would correspond would be37 KB (5,914 words) - 10:42, 13 December 2023
- AEPD (Spain) - PS/00004/2020 (category Article 5(1)(c) GDPR)the infringement of the data minimisation principle specified at Article 5(1)(c) GDPR, as the defendant agreed to an early and guilty voluntary payment18 KB (2,798 words) - 13:44, 13 December 2023
- NAIH (Hungary) - NAIH/2020/193/8 (category Article 5(1)(d) GDPR)been deleted by the employer upon request pursuant to Article 16, Article 17 and Article 5(1)(d) GDPR (inaccuracy of personal data). Therefore, the employer58 KB (9,413 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS/00417/2019 (category Article 37 GDPR)DPO as per Article 37 GDPR and 34(1) LOPDGDD, as well as in relation to the need of registering such appointment at the AEPD website [Article 34(3) LOPDGDD]16 KB (2,298 words) - 14:36, 13 December 2023
- website: ***URL.1. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 2/20 FOURTH: On 02/17/23, this Agency accessed the website ***URL.1, verifying52 KB (7,564 words) - 12:41, 13 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)challenged decision of the Federal Court of Justice (Article 2.1 in conjunction with Article 1.1 of the Basic Law). I. 41 The assessment standard of the constitutional133 KB (21,944 words) - 15:59, 22 March 2022
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)relation to the requirements prescribed by Article 12.1 of the GDPR (transparency obligation) and by Article 13 of the GDPR (right to information). The Head of82 KB (11,472 words) - 16:58, 6 December 2023
- BVwG - W274 2232028-1/3E (category Article 5 GDPR)is only determined by Article 5 et seqq. GDPR. A violation of Article 13 or 14 GDPR can be fined under Article 83(5) GDPR but it does not affect the lawfulness32 KB (5,232 words) - 09:40, 10 September 2021
- AEPD (Spain) - PS/00253/2020 (category Article 5(1)(c) GDPR)FIRST: IMPOSE Don B.B.B., with NIF *** NIF.1, for a violation of Article 5.1.c) of the RGPD, typified in Article 83.5 of the RGPD, a fine of € 5,000 (Five22 KB (3,562 words) - 14:22, 13 December 2023
- APD/GBA (Belgium) - 157/2023 (category Article 21(2) GDPR)the meaning of Article 100 of the WOG. The Disputes Chamber has thus decided, on the basis of Article 58.2.c) GDPR and Article 95, § 1, 5° of the WOG,17 KB (2,723 words) - 16:34, 26 January 2024
- AEPD (Spain) - PS/00152/2020 (category Article 33 GDPR)foundation was responsible for violating Article 33 GDPR, and issued it with a warning pursuant to Article 58(2)(b) GDPR. The AEPD did not find the former Secretary27 KB (4,243 words) - 14:06, 13 December 2023
- UODO (Poland) - ZSPR.421.7.2019 (category Article 5(1)(a) GDPR)violation of the provisions of Article 5(1)(a), Article 6(1), Article 7(3), Article 12(2), Article 17(1)(b) and Article 24(1) of Regulation 2016/679 imposes60 KB (9,815 words) - 10:02, 17 November 2023
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)artikel 100, §1, 2° WOG de buitenvervolgingstelling bevelen, of de klacht seponeren overeenkomstig artikel 95, §1, 1° of artikel 100, §1, 1° WOG (naargelang124 KB (18,772 words) - 17:01, 12 December 2023
- AEPD (Spain) - PS/00139/2020 (category Article 5(1)(a) GDPR)violation of Article 5(1)(d) of the GPRS, in relation to Article 4(1) of the LOPDGDD, which governs the principle of accuracy of personal data. IV Article 72.120 KB (3,086 words) - 14:04, 13 December 2023
- BVerfG - 1 BvR 2853/19 (category Article 82 GDPR)infringement in the context of Article 82(1) of the GDPR. cc) The answer to the legal question of how Article 82 (1) of the GDPR is to be interpreted against19 KB (3,209 words) - 13:08, 15 September 2021
- Datatilsynet (Norway) - 20/01949 (category Article 5(1)(d) GDPR)transparency, cf. Article 5(1)(a), and accuracy, cf. Article (5)(1)(d), they hadn't recorded the processing activity as required in Article 30, hadn't conducted49 KB (7,572 words) - 16:14, 6 December 2023
- that a valid legal basis would be either Article 6(1)(c) GDPR, or Article 6(1)(d) GDPR or Article 9(2)(b) GDPR. The Data protection authority (the UOOU)25 KB (3,096 words) - 17:48, 25 November 2021
- LG Essen - 6 O 190/21 (category Article 33 GDPR)itself, that the information and measures mentioned in Article 33(1)(b) to Article 33(1)(d) GDPR must also be communicated to the data subject. However28 KB (4,596 words) - 18:30, 18 November 2021
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 5(1)(f) GDPR)infringements of Article 5(1)(f), Article 24, and Article 32 GDPR, and to the objection of the IT SA on the possible infringement of Article 5(2) GDPR, the EDPB183 KB (30,819 words) - 09:50, 20 January 2023
- AEPD (Spain) - EXP202105644 (category Article 5(1)(f) GDPR)controller €80,000: €50,000 for the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. The original fine of €80,000 was reduced27 KB (4,121 words) - 15:06, 13 December 2023
- DSB (Austria) - 2020-0.303.727 (category Article 17(1) GDPR)that publishing the article on its website qualified as processing carried out for journalistic purposes under Article 85 GDPR and § 9(1) of the Austrian21 KB (3,266 words) - 13:51, 12 May 2023
- OLG München - 3 U 2906/20 (category Article 4(1) GDPR)according to Article 15 GDPR, which has been directly applicable since May 25, 2018 (Article 99 (2) GDPR). According to Art. 15 Para. 1 GDPR, the person21 KB (3,450 words) - 10:33, 8 February 2022
- AEPD (Spain) - PS/00143/2020 (category Article 5(1)(f) GDPR)breach of Article 5(1)(f) GDPR ("integrity and confidentiality"). Therefore, the Spanish DPA held that there was an infringement of the GDPR. It imposed17 KB (2,578 words) - 14:05, 13 December 2023
- Court of Appeal of Brussels - 2019/AR/1006 (category Article 16 GDPR)accordance with Article 4(1) GDPR, according to the DPA. The Court of Appeal of Brussels held that, in accordance with Article 16 GDPR, the data subject59 KB (9,290 words) - 09:10, 5 May 2024
- HDPA (Greece) - 9/2024 (category Article 5(1)(a) GDPR)violation of article 5 par. 1 a' of the GDPR and the sanctioning of the administrative fine based on article 58 par. 2 subsection i of the GDPR is appropriate102 KB (17,186 words) - 13:46, 26 April 2024
- DSB (Austria) - 2020-0.605.768 (category Article 41(1) GDPR)Para. 1 GDPR, which pursuant to Art. 57 Para. 1 lit. q GDPR in conjunction with Section 2 (2) of the ÜStAkk-V can be submitted to this. On point 1 (partial19 KB (2,799 words) - 13:52, 12 May 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 15(1) GDPR)subjects to Under the conditions set out in Article 15 (1) and (3) of the GDPR, thereby infringing the GDPR Article 25 (1). III.3.2. Designed to handle requests60 KB (9,820 words) - 10:08, 17 November 2023
- ANSPDCP (Romania) - Fine to a physician for recording a patient on his personal telephone (category Article 6(1) GDPR)violation of Article 5 GDPR, Article 6(1) GDPR and Article 9 GDPR. Article 5 GDPR establishes the principles of data processing. Firstly, Article 5(1)(a) GDPR7 KB (876 words) - 15:12, 13 December 2023
- AEPD (Spain) - PS/00155/2021 (category Article 58(1) GDPR)sanction Vodafone in accordance with Article 83(5)(e) GDPR, for the non-compliance with an order pursuant to Article 58(1) GDPR. For this infringement, the AEPD20 KB (2,992 words) - 13:30, 13 December 2023
- AEPD (Spain) - PS/00102/2020 (category Article 5(1)(f) GDPR)for the infringement of the confidentiality principle specified at Article 5(1)(f) GDPR, as the defendant agreed to an early and guilty voluntary payment21 KB (3,082 words) - 13:59, 13 December 2023
- AEPD (Spain) - EXP202200471 (category Article 5(1)(f) GDPR)the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. According to the national legislation (Article 76(2)(b) LOPDGDDon40 KB (6,014 words) - 13:21, 13 December 2023
- AEPD (Spain) - PS/00149/2020 (category Article 6 GDPR)the alleged violation of article 21 of theLSSI, classified as minor infractions according to article 39.1.c) of said textlegal.1. APPOINT RRR as an instructor19 KB (2,795 words) - 14:06, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9269629 (category Article 5(1)(f) GDPR)Consequently, based on Article 83(5)(a) GDPR, the hospital was fined to pay a fine of EUR 30.000,00 for violation of Article 5(1)(f) GDPR. Corrective measures38 KB (5,724 words) - 15:47, 6 December 2023
- AEPD (Spain) - PS/00090/2020 (category Article 57(1) GDPR)typified in Article 83.5.e) of the RGPD, which considers such as: 'failure to provide access in breach of Article 58(1)'. The same Article states that16 KB (2,462 words) - 13:58, 13 December 2023
- UODO (Poland) - ZSPR.421.19.2019 (category Article 4(1) GDPR)connection with Article 31, Article 58(1)(e) and (f) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament and29 KB (4,698 words) - 10:02, 17 November 2023
- Commissioner (Cyprus) - 11.17.001.010.045 (category Article 5(1)(c) GDPR)that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines74 KB (12,375 words) - 10:07, 4 October 2023
- AEPD (Spain) - PS/00215/2020 (category Article 5(1)(c) GDPR)processed (data minimization), would that be an infringement of the Article 5.(1)(c) GDPR? The AEPD held, that it is responsibility of the demandant to make18 KB (2,721 words) - 14:11, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 38(1) GDPR)controller was in breach of Article 38(1) GDPR at the time of the investigation. Regarding the breach of Article 39(1)(b) GDPR, the CNPD concurred with the81 KB (11,895 words) - 16:58, 6 December 2023
- AEPD (Spain) - PS/00003/2020 (category Article 5(1)(c) GDPR)of public space respect Article 5 (1) (c) GDPR? The AEPD held that the installation of a video surveillance system under Article 22 LOPDGDD must always50 KB (7,524 words) - 13:44, 13 December 2023
- AKI (Estonia) - 2.1.-1/21/129 (category Article 6 GDPR)reply. The AKI reminded the defendant of its obligation under Article 13 GDPR and Article 14 GDPR to inform the data subject in a concise, clear, comprehensible22 KB (3,237 words) - 12:25, 17 June 2022
- AEPD (Spain) - EXP202210237 (category Article 6(1) GDPR)fact that the processing of the controller relied on Article (6)(1)(b) GDPR and Article 6(1)(c) GDPR as legal basis affects the holding of the DPA since32 KB (4,780 words) - 10:44, 13 December 2023
- AEPD (Spain) - PS/00200/2019 (category Article 5(1)(f) GDPR)COMMUNITY OF OWNERS RRR, withNIF *** NIF. 1 , for a violation of Article 5.1.f) of the RGPD, in relation to ArticleC / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd14 KB (2,163 words) - 14:10, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8235/154/18 (category Article 5(1)(c) GDPR)accordance with Article 5 (1) (c) of the General Data Protection Regulation; and (3) whether the controller should be ordered in accordance with Article 58 (2)28 KB (4,501 words) - 13:07, 3 March 2024
- AEPD (Spain) - PS/00475/2019 (category Article 17 GDPR)infringement of the right to objection specified at Article 21 GDPR in connection with Article 48(1)(b) of the Spanish Telecommunications General Law, as23 KB (3,481 words) - 14:42, 13 December 2023
- AEPD (Spain) - PS/00168/2020 (category Article 6(1) GDPR)violation of Article 6(1) GDPR? AEPD considered that the documentation provided offers evidence that Vodafone violated Article 6(1) of the GDPR, by processing22 KB (3,568 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00249/2020 (category Article 5(1)(b) GDPR)the presumed infringement of article 5.1 b) of the RGPD, typified in Article 83.5 a) of the RGPD, in relation to Article 72.1 a) of the LOPDGDD. SECOND:20 KB (3,097 words) - 14:22, 13 December 2023
- AEPD (Spain) - PS/00120/2020 (category Article 13 GDPR)procedure to the claimed, by thealleged violation of Article 5.1.c), 5.1 f) and 13 of the RGPD, typified in Article83.5 of the RGPD.FIFTH. On 07/29/20, a Proposal31 KB (4,808 words) - 14:01, 13 December 2023
- AEPD (Spain) - PS/00405/2019 (category Article 6(1) GDPR)significant (Article 83(2)(b) GDPR). - basic personal identifiers were affected (name, identification number, the line identifier) (Article 83(2)(g) GDPR). The24 KB (3,887 words) - 14:34, 13 December 2023
- AEPD (Spain) - PS/00182/2020 (category Article 6(1) GDPR)of October 1, of the Common Administrative Procedure of Public Administrations (hereinafter, LPACAP), for the alleged violation of Article 6.1 of the RGPD21 KB (3,154 words) - 14:07, 13 December 2023
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)accountability pursuant to Article 5(2) UK GDPR because it failed to demonstrate compliance with Article 5(1)(a) and (c) UK GDPR principles of lawfulness129 KB (17,281 words) - 14:57, 10 April 2024
- UODO (Poland) - DKN.5130.2024.2020 (category Article 5(1)(f) GDPR)sec. 1 lit. a) and art. 58 sec. 2 lit. i) in connection with Art. 5 sec. 1 lit. f), art. 24 sec. 1, art. 25 sec. 1, art. 28 sec. 1 and 3 and article. 3275 KB (12,104 words) - 09:58, 17 November 2023
- AEPD (Spain) - PS/00008/2020 (category Article 6(1) GDPR)commerce (hereinafter LSSI), as provided in the article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, of the Administrative Procedure Common of27 KB (4,408 words) - 13:45, 13 December 2023
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)accordance with the provisions of Article 6(1)(c), Article 6(1)(f) GDPR, or both provisions? 2. Does the answer to Question 1 mean: a) that the person29 KB (4,605 words) - 17:00, 15 December 2021
- UODO (Poland) - DKE.561.16.2020 (category Article 58(1)(a) GDPR)1781) in connection with Article 31, Article 58(1)(a) in connection with Article 83(1)-(3) and Article 83(5)(e) of Regulation EU 2016/679 of the European28 KB (4,490 words) - 09:51, 17 November 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)ol , thete I eloo n i n I i chtí n g en d i e n st,It is undisputed that there is no Royal Decree .Proximus refers to slot also yet to Article 45.3 WEC as67 KB (10,544 words) - 09:24, 10 September 2021
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)injunctive relief pursuant to Sec. 8 (1) Sentence 1 in conjunction with Sec. 3a UWG for violation of Art. 9 (1) DSGVO. I. 53. The plaintiff is actively legitimized32 KB (5,236 words) - 16:00, 10 March 2022
- AEPD (Spain) - EXP202200399 (category Article 5(1)(f) GDPR)the database of the controller. Therefore, the controller violated Article 5(1)(f) GDPR. The DPA considered several aggravating factors, such as the fact10 KB (1,343 words) - 13:13, 13 December 2023
- DSB (Austria) - D123.768/0004-DSB/2019 (category Article 85(1) GDPR)Law §1 para 1 Data Protection Law §1 para 2 Data Protection Law §9 para 1 Media Law §1 no 6 Media Law §1 no 7 Media Law §1 Z8 lit c Law of Parties §1 para29 KB (4,637 words) - 13:57, 12 May 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)is covered by Article 6, clause 1 (c) of the AVG and not by Article 6, clause 6 (f) of the AVG. The BKR itself refers to Article 6, clause 1 (f) of the GCG91 KB (15,371 words) - 15:11, 5 October 2021
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)infringement of article 6.1 of the GDPR, infringement typified in article 83.5 of the aforementioned Regulation 2016/679. II breached obligation Article 6.1 of the45 KB (7,135 words) - 13:08, 13 December 2023
- AEPD (Spain) - PS/00198/2020 (category Article 6(1) GDPR)(the defendant) for the infringement of Article 6(1) of the GDPR, as the defendant agreed to an early and guilty voluntary payment of the corresponding24 KB (3,769 words) - 14:10, 13 December 2023
- AP (The Netherlands) - 10.12.2020 (locatefamily.com) (category Article 27(1) GDPR)personal data within the meaning of Article 4, opening words and (1) of the AVG. Based on Article 2, paragraph 1 and Article 3, paragraph 2, of the AVG, the38 KB (6,339 words) - 17:14, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9524175 (category Article 5(1)(a) GDPR)Guarantor no. 1/2019 are met. Pursuant to Article 78 of the Regulation, Article 152 of the Code and Article 10 of Legislative Decree no. 150 of 1 September20 KB (3,133 words) - 15:53, 6 December 2023
- NAIH (Hungary) - NAIH/2020/3479 (category Article 5(1)(d) GDPR)proceedings Article 77 (1) and Article 22 (b) of the General Data Protection Regulation. may be submitted in the case provided for in Under Article 77 (1) of the30 KB (4,563 words) - 10:12, 17 November 2023
- AEPD (Spain) - PS/00303/2020 (category Article 6(1) GDPR)commerce (hereinafter LSSI), as provided in article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, on Administrative Procedure Common of Public29 KB (4,480 words) - 14:27, 13 December 2023
- AEPD (Spain) - PS/00173/2020 (category Article 5(1)(d) GDPR)infringed the accuracy principle included at Article 5(1)(d) GDPR. Consequently, after considering some circumstances [(i) the local scope of the processing activity22 KB (3,424 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00068/2020 (category Article 6(1) GDPR)have breached the lawfulness of processing principle as per article 6(1) GDPR, as well as article 20 of the Spanish Law on Personal Data Protection and Guarantee27 KB (4,106 words) - 13:55, 13 December 2023
- AEPD (Spain) - PS/00317/2020 (category Article 13 GDPR)commerce (hereinafter LSSI), as provided in article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, on Administrative Procedure Common of Public31 KB (4,862 words) - 14:28, 13 December 2023
- AN - SAN 3073/2022 (category Article 5(1)(c) GDPR)union enshrined in Article 7 of the Spanish Constitution. Therefore, such processing would be lawful in accordance with Article 6(1) GDPR. Share your comments34 KB (5,374 words) - 14:21, 24 November 2022
- AEPD (Spain) - E/01090/2021 (category Article 4(9) GDPR)addressed to the Social Court no. 7 of *** LOCALITY. 1, of June 15, 2020, claim procedure amount *** PROCEDURE.1, and diligence of incorporation into the judicial17 KB (2,544 words) - 13:39, 13 December 2023
- AEPD (Spain) - PS/00023/2020 (category Article 5(1)(c) GDPR)with NIF ***NIF.1 (hereinafter the claimant), for the installation of a video surveillance in ***ADDRESS.1, ***APPARTMENTS.1 - ***LOCALITY.1 (SANTACRUZ OF21 KB (3,298 words) - 13:46, 13 December 2023
- RvS - 201905347/1/A3 (category Article 5 GDPR)decision of the Minister is no longer based on Article 17(3) GDPR. Instead the decision is based on Article 6(4) GDPR. However the Minister did not explain well25 KB (3,824 words) - 22:46, 10 October 2020
- AEPD (Spain) - PS/00009/2020 (category Article 6(1) GDPR)Vodafone España, S.A.U. (the defendant) for the infringement of Article 6(1) of the GDPR, as the defendant agreed to an early voluntary payment of the corresponding27 KB (4,150 words) - 13:45, 13 December 2023
- AEPD (Spain) - PS/00308/2020 (category Article 5(1)(a) GDPR)party, breach Article 6(1) GDPR? The Spanish DPA (AEPD) referred to the principle of lawfulness, fairness and transparency (Article 5(1)(a)), as well as25 KB (4,016 words) - 14:27, 13 December 2023
- Datatilsynet (Norway) - 20/01516 (category Article 32(1)(b) GDPR)second paragraph, cf. Article 58 (2) (i) of the Privacy Regulation, cf. Article 83, to pay a infringement fee to the Treasury of 1,000,000 - one million26 KB (3,885 words) - 08:43, 7 May 2022
- AEPD (Spain) - PS/00188/2020 (category Article 5(1)(f) GDPR)violation of Article 5 (1) (f) GDPR? The Spanish DPA held that were clear indications that the defendant infringed Article 5 (1) (f) GDPR, principles relating24 KB (3,907 words) - 14:08, 13 December 2023
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2020-008 (category Article 5(1)(e) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- CNPD (Luxembourg) - Délibération n°37FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg26 KB (3,862 words) - 17:41, 25 June 2022
- Garante per la protezione dei dati personali (Italy) - 9509558 (category Article 5(1)(a) GDPR)otherwise makes it impossible to exercise the information function" (Article 2, paragraph 1, of the Deontological Rules) and that the existence of this requirement24 KB (3,667 words) - 15:53, 6 December 2023
- AEPD (Spain) - PS/00348/2020 (category Article 5(1)(a) GDPR)claimant’s signature constitute a breach under the GDPR? The AEPD held that Vodafone violated Article 6(1) GDPR, as they had processed the claimant’s data without38 KB (5,648 words) - 14:31, 13 December 2023
- AEPD (Spain) - PS/00415/2020 (category Article 5(1)(d) GDPR)imposed a fine of €60000 for the violating Article 5(1)(d) GDPR and €30000 for violating Article 5(1)(f) GDPR. In imposing the fine, the AEPD factored in30 KB (4,436 words) - 14:36, 13 December 2023
- AEPD (Spain) - TD/00262/2019 (category Article 17 GDPR)exercised by a complainant pursuant to Article 17 GDPR and analysed the exercise of the rights under Articles 15-22 GDPR. On 15 February 2019, Mrs A.A.A. (hereinafter17 KB (2,751 words) - 14:51, 13 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 5(1)(f) GDPR)hereinafter referred to as "the defendant". 1. Facts and procedure 1. On 4 June 2018, on the basis of Article 114/1 of the Act of 13 June 2005 on electronic35 KB (5,526 words) - 16:56, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/329 (category Article 57(1)(f) GDPR)Appeal against the aforementioned dismissal decision, 1 PAGE □1- □□□ 01721242- □□□ 7-□□ 28- □2-□1-;i .. L 1!11- _JCourt of Appeal Brussels-2020/AR/329- p. 1148 KB (7,560 words) - 09:03, 20 August 2021
- DSB (Austria) - 2021-0.101.211 (category Article 6(1)(c) GDPR)held that “A synopsis of the provisions of Article 9(1)(i) of the GDPR in conjunction with Article 3(1)(1), (1a) and (2) of the EpiG shows that the competent37 KB (5,745 words) - 13:53, 12 May 2023
- CNIL (France) - SAN-2022-020 (category Article 5(1)(e) GDPR)obligations arising from Article 5(1)(e) of the GDPR. D. On the breach of the transparency obligation 36. Article 12(1) of the GDPR provides that "the controller59 KB (9,566 words) - 17:03, 6 December 2023
- AEPD (Spain) - PS/00135/2021 (category Article 6(1) GDPR)violated Article 6(1)GDPR, for processing personal data without a legal basis. Hence, the AEPD decided to fine Telefónica for the violation of Article 6(1)GDPR30 KB (4,631 words) - 13:00, 13 December 2023
- AEPD (Spain) - E/03379/2021 (category Article 13 GDPR)investigation granted to the control authorities in article 57.1 of Regulation (EU) 2016/679 (GDPR). Thus, dated 12/04/20, an information request is addressed18 KB (2,693 words) - 13:40, 13 December 2023
- APD/GBA (Belgium) - 24/2021 (category Article 7(1) GDPR)fairness and transparency (Article 5.1 a) GDPR), purpose limitation (Article 5.1 b) GDPR) and minimum data processing (Article 5.1 c) GDPR); 4) the legal basis110 KB (18,238 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00028/2022 (category Article 5(1)(f) GDPR)entity has violated article 6 of the GDPR, for carrying out a processing of personal data without legitimacy. II Article 6.1 of the GDPR establishes the assumptions58 KB (9,301 words) - 12:39, 13 December 2023
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller120 KB (19,650 words) - 09:00, 6 April 2022
- AEPD (Spain) - PS/00473/2019 (category Article 5 GDPR)the article 43.1 of said Law. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es Page 12 12/12 II Article 85 of Law 39/2015, of October 1, of35 KB (5,635 words) - 14:41, 13 December 2023
- AEPD (Spain) - PS/00057/2020 (category Article 7 GDPR)innone of the cases of compulsory designation included (i) in article 37.1RGPD, as well as (ii) in article 34 of the Organic Law on Data Protection andguarantee31 KB (4,757 words) - 13:52, 13 December 2023
- BVwG - W214 2233132-1/27E (category Article 15(1)(c) GDPR)DSG §4 GDPR Art 12 GDPR Art 15 GDPR Art 15 Paragraph 1 litc GDPR Art77 UWG §26b paragraph 1 B-VG Art. 133 today B-VG Art. 133 valid from January 1st, 201987 KB (14,194 words) - 10:07, 15 February 2024
- AEPD (Spain) - EXP202204530 (category Article 6(1) GDPR)regulated in article 6 of the GDPR. The assumptions that allow the processing of personal data to be considered lawful listed in article 6.1 of the GDPR: 1. Treatment26 KB (3,971 words) - 13:26, 13 December 2023
- Datatilsynet (Denmark) - 2019-41-0043 (category Article 5(1)(a) GDPR)Articles 13 and 14 GDPR complied with the principle of transparency in Article 5 (2) (1) (a) GDPR, which according to the Authority's assessment i.a. implies that26 KB (3,931 words) - 16:25, 6 December 2023
- AEPD (Spain) - E/08210/2021 (category Article 56(1) GDPR)authority. Under Article 60 GDPR, the following DPAs were identified as “concerned supervisory authorities” under Article 4(22) GDPR: the Netherlands,29 KB (4,457 words) - 10:34, 13 December 2023
- AEPD (Spain) - EXP202204492 (category Article 6(1) GDPR)provisions of article 58.2.i) of the GDPR, for the alleged infringement of article 6.1 of the GDPR, typified in article 83.5.b) of the GDPR. SECOND: APPOINT26 KB (3,867 words) - 10:44, 13 December 2023
- DSB (Austria) - D130.073/0008-DSB/2019 (category Article 32 GDPR)user registrations, the respondent violated Article 5 GDPR, Article 6 GDPR, and Article 32 GDPR, and § 1 para 1 DSG (the Austrian Data Protection Act), which25 KB (3,605 words) - 13:59, 12 May 2023
- OGH - 6Ob35/21x (request for preliminary ruling under Article 267 TFEU) (category Article 82 GDPR)under Article 82(1) of the GDPR; they can only "lead to [...] non-material damage". [21] (7) Compensation for non-material damage under Art 82(1) GDPR therefore23 KB (3,551 words) - 09:54, 10 September 2021
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)requirements of article 24 and 32, paragraph 1, AVG and further elaborated in article32, paragraph2, preamble, FISHOrdinancesBIO standards5.1.1,5.1.1.1and5.1.2.1.179 KB (22,957 words) - 17:07, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542155 (category Article 5(2) GDPR)the Guarantor pursuant to Article 166, paragraph 7, of the Code "(Article 16, paragraph 1, of the Guarantor Regulation no. 1/2019). The aforementioned26 KB (4,162 words) - 15:54, 6 December 2023
- AEPD (Spain) - PS/00433/2020 (category Article 58(2)(c) GDPR)the authority ofcontrol pursuant to Article 58 (2), or failure to provide access in breachof article 58, paragraph 1. "Organic Law 3/2018, on the Protection23 KB (3,592 words) - 14:40, 13 December 2023
- AEPD (Spain) - PS/00100/2020 (category Article 13 GDPR)provisions of article 43.1 of said Law. C/ Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 9/9 II Article 85 of Law 39/2015 of 1 October on the27 KB (4,296 words) - 13:59, 13 December 2023
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)an infractionof article 6 of the RGPD, typified in article 83.5.a) and classified as very serious toprescription effects in article 72.1.b) of the LOPDGDD206 KB (32,869 words) - 14:36, 13 December 2023
- APD/GBA (Belgium) - 12/2019 (category Article 6(1)(a) GDPR)implementing the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a107 KB (17,697 words) - 16:52, 12 December 2023
- AEPD (Spain) - EXP202305050 (category Article 58(1) GDPR)Agency sanction QUALITY for an infringement of Article 58.1 of the GDPR, typified in Article 83.5 of the GDPR, with a fine of €20,000.00. This proposed resolution57 KB (9,217 words) - 10:44, 13 December 2023
- AEPD (Spain) - PS/00172/2020 (category Article 6(1) GDPR)Consequently, I have suffered significant non-pecuniary damage, since the person with whom I kissing me was not my partner at that time. I request that38 KB (6,160 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00200/2020 (category Article 6(1) GDPR)complaint - infringes Article 6(1) GDPR, by unlawfully processing the complainant's personal data, in relation to Article 5(1)(f) GDPR, which governs the30 KB (4,833 words) - 14:10, 13 December 2023
- AEPD (Spain) - PS/00430/2020 (category Article 6(1) GDPR)his/her consent. The DPA first outlined Article 6(1)(a) and (b) GDPR, Articles 4(11) GDPR on consent, as well as Article 6 of the Spanish Data Protection Law31 KB (4,738 words) - 14:39, 13 December 2023
- AEPD (Spain) - PS/00341/2020 (category Article 6(1) GDPR)principles are found under Article 5(1)(a) and Article 5(2) GDPR respectively]. The Spanish DPA even made reference to Recital 40 GDPR on the legality of processing32 KB (4,831 words) - 14:31, 13 December 2023
- APD/GBA (Belgium) - 33/2020 (category Article 5(1)(c) GDPR)by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit39 KB (6,551 words) - 16:56, 12 December 2023
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)disclosing personal data from a surveillance footage, thus breaching Article 5(1)(a) GDPR and Article 6. The company appealed to the Norwegian Privacy Appeals Board49 KB (7,646 words) - 07:56, 7 March 2022
- Datatilsynet (Denmark) - 2020-442-8866 (category Article 4(1) GDPR)limit mandated by Article 33(1). Did the secretariat of the DPA breach its data security obligations under Articles 32(1), 33(1), and 34(1)? The Datatilsynet20 KB (3,045 words) - 16:40, 6 December 2023
- AEPD (Spain) - PS/00332/2020 (category Article 7 GDPR)Spanish DPA (AEPD) fined Borjamotor, S.A. for infringing Article 7 GDPR and Article Article 21(1) of the Spanish Law on Information Society Services (LSSI)45 KB (6,853 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00247/2019 (category Article 32(2) GDPR)employee of the entity - infringes Article 32. 2 and 32.4 of the RGPD, an infringement punishable under Article 83.4.a of the GDPR. Assessing the circumstances39 KB (6,720 words) - 14:22, 13 December 2023
- Datatilsynet (Denmark) - 2018-423-0018 (category Article 5(1) GDPR)responsibility under Article 26 GDPR. Categories of data subjects and categories of personal data Pursuant to Article 30 (I) (1) (c) GDPR, a list must contain21 KB (3,119 words) - 16:22, 6 December 2023