Search results
From GDPRhub
- Data Protection Regulation (GDPR): A Commentary, Article 25 GDPR, p. 577 (Oxford University Press 2020). Although Article 25(1) mentions that the measures43 KB (4,675 words) - 06:43, 16 June 2023
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- HDPA (Greece) - 20/2023 (category Article 25(1) GDPR)registered letter in violation of article 15 (1) cond. 12 par. 2, 3 and 4 GDPR and c) 30,000 euros for violation of Article 25 (1) GDPR because it did not in practice6 KB (634 words) - 17:48, 17 July 2023
- HDPA (Greece) - 25/2023 (category Article 25(1) GDPR)processing of personal data meets the legal requirements, in breach of Article 25(1) GDPR. Finally, the DPA stated that the response to the access request was6 KB (694 words) - 14:25, 20 January 2024
- Garante per la protezione dei dati personali (Italy) - 9485681 (category Article 25(1) GDPR)Vodafone S.p.A in violation of the following GDPR provisions: Article 5(1) and Article 5(2) and Article 25(1): for failing to implement control systems of7 KB (810 words) - 15:52, 6 December 2023
- Helsingin hallinto-oikeus (Finland) - 3620/2023 (category Article 25(1) GDPR)the GDPR. In light of this, the Court agreed with the DPA that the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article22 KB (3,193 words) - 10:34, 29 February 2024
- Tietosuojavaltuutetun toimisto (Finland) - 4356/532/19 (category Article 25(1) GDPR)on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for43 KB (6,671 words) - 08:49, 27 January 2022
- Tietosuojavaltuutetun toimisto (Finland) - 834/532/18 (category Article 25(1) GDPR)on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for43 KB (6,677 words) - 08:47, 27 January 2022
- APD/GBA (Belgium) - 53/2020 (category Article 25(1) GDPR)comply with section 5.1(b) of the MDR, and for failure to comply with section 5.1(a) of the MDR. and 5.1(b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the MDR35 KB (5,853 words) - 16:58, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 25(1) GDPR)the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR. As a result, the DPA issued52 KB (7,936 words) - 22:32, 2 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 8211/161/19 (category Article 25(1) GDPR)this from happening, in violation with Article 24(1), Article 24(2), and Article 25(1) GDPR. According to Article 24(4) of the Finish Data Protection Act42 KB (6,579 words) - 08:46, 27 January 2022
- BlnBDI (Berlin) - C-807/21 - Deutsche Wohnen (category Article 83 GDPR)necessary. For the intentional infringement of Article 25(1) GDPR and Article 5(1)(a), (c), and (e) GDPR, the authority imposed a pecuniary penalty of €147 KB (936 words) - 16:39, 12 December 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 25(1) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- BlnBDI (Berlin) - 711.412.1 (category Article 25(1) GDPR)coming into force of the GDPR, the DPA found that the company still did not comply. How do Article 5(1)(e) and Article 25(1) GDPR apply to archives? The8 KB (965 words) - 16:38, 12 December 2023
- HDPA (Greece) - 64/2022 (category Article 25(1) GDPR)of natural persons who decisions, in accordance with the provisions of the GDPR. The DPA examined the rules for the removal of identification data displayed3 KB (199 words) - 20:46, 13 December 2022
- HDPA (Greece) - 4/2022 (category Article 25(1) GDPR)HDPA held that COSMOTE violated Article 25(1) GDPR, because the processing for statistical purposes under Article 89(1) GDPR should have been done with anonymised11 KB (1,274 words) - 10:37, 23 February 2022
- Commissioner (Cyprus) - 11.17.001.008.029 (category Article 25(1) GDPR)Commissioner held that CYTA violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures3 KB (193 words) - 16:52, 6 December 2023
- HDPA (Greece) - 30/2023 (category Article 25(1) GDPR)violation of article 5 par. 1 item. e' of the GDPR, b) reprimanded the OASA for the violations of the provisions of article 25 par. 1 and article 35 par. 1 of the6 KB (623 words) - 09:08, 25 October 2023
- HDPA (Greece) - 61/2022 (category Article 25(1) GDPR)information provided to data subjects was less than that required by the GDPR, and the information was not provided in an intelligible and easily accessible6 KB (663 words) - 15:31, 6 December 2023
- HDPA (Greece) - 50/2021 (category Article 25(1) GDPR)information in accordance with Article 13 GDPR. In addition, the HDPA found that the Ministry violated the obligation of Article 35(9) GDPR in relation to the expression5 KB (548 words) - 09:23, 12 October 2022
- AZOP (Croatia) - Decision 21-07-2022 (A1 telecommunications) (category Article 25(1) GDPR)€283,000). It held that the controller violated Articles 25(1), 32(1)(b), 32(1)(d) and 32(2) GDPR by not taking appropriate technical and organizational7 KB (855 words) - 15:30, 30 October 2023
- AZOP (Croatia) - Decision 18-05-2023 (category Article 25(1) GDPR)was fined €380,000 for violating Articles 6(1), 13(1) and (2), and 25(1) and (2) and 32(1)(a) and (d) GDPR. A sports betting agency, acting as the controller9 KB (1,276 words) - 15:25, 30 October 2023
- AZOP (Croatia) - Decision 28-08-2019 (category Article 25(1) GDPR)of Article 5, Article 6, and Article 25 GDPR. It ordered the controller to comply with the data subject's erasure request pursuant to Article 17(1)(d)16 KB (2,373 words) - 15:31, 30 October 2023
- CNIL (France) - MED-2019-027 (category Article 25(1) GDPR)design and default. The CNIL ordered the Ministry to comply with Article 24 and 25 GDPR regarding the collection and further processing of personal data21 KB (3,274 words) - 17:08, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3831/161/21 (category Article 25(1) GDPR)Finnish DPA found a retail chain to have breached Article 5(1)(e) GDPR, Article 25(1) GDPR and Article 25(2) GDPR for its lengthy storage of purchase behaviour61 KB (9,477 words) - 13:38, 12 January 2024
- HmbBfDI (Hamburg) - Vermerk: Abdingbarkeit von TOMs (category Article 25(1) GDPR)even though Article 32 GDPR stipulates such a technical measure for certain emails. It is important to note that only Article 6(1)(a) GDPR allows for such30 KB (4,562 words) - 15:27, 6 December 2023
- APD/GBA (Belgium) - 03/2021 (category Article 25(1) GDPR)fulfilled. The school breaches Article 6(1)(b) in combination with Article 6(4) and Article 6(1) Articles 24 and 25 GDPR Furthermore, as the school continued32 KB (4,880 words) - 16:50, 12 December 2023
- UODO (Poland) - DKN.5130.2815.2020 (category Article 25(1) GDPR)and Article 58(2)(b) in connection with Article 5(1)(f), Article 24(1), Article 25(1), Article 32(1) and (2) of 2 of Regulation EU 2016/679 of the European37 KB (5,819 words) - 09:58, 17 November 2023
- APD/GBA (Belgium) - 74/2020 (category Article 25(1) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- AEPD (Spain) - PS/00268/2022 (category Article 25(1) GDPR)According to Article 72.1 LOPDGDD, the violation of data processing principles under Article 5 GDPR was considered very serious. Considering Article 25(1) GDPR63 KB (9,551 words) - 12:33, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/1333 (category Article 25(1) GDPR)5- □ 1-i; -J L ..J Brussels-2020 Court of Appeal / AR / 1333 p. 3 breach of articles 5.1.a} and 5.1.b), 6.1, 25.1 and 25.2, 32.1 and 32.4 of the GDPR read51 KB (7,792 words) - 11:43, 24 January 2022
- Tietosuojavaltuutetun toimisto (Finland) - 4282/161/21 (category Article 25(1) GDPR)controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result, the DPA issued56 KB (8,980 words) - 08:47, 4 March 2024
- APD/GBA (Belgium) - 136/2023 (category Article 25(1) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- UODO (Poland) - DKN.5101.25.2020 (category Article 25(1) GDPR)with Art. 5 sec. 1 lit. f, art. 24 sec. 1, art. 25 sec. 1, art. 32 sec. 1 lit. d, art. 32 sec. 2, art. 33 paragraph. 1 and art. 34 sec. 1 of the Regulation63 KB (10,088 words) - 09:52, 17 November 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 25(1) GDPR)(2) § 23, § 25, 25 / G. § (3), (4) and (6), 25 / H. § (2) paragraph 25 / M. § (2), 25 / N. §, 51 / A. § (1), Articles 52-54. §- in Section 55 (1) - (2), Sections60 KB (9,820 words) - 10:08, 17 November 2023
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(1) GDPR)regard to Client 1 that data management - infringed Article 25 (1) to (2) of the General Data Protection Regulation, - infringed Article 32 (1) (b) of the General67 KB (10,492 words) - 10:11, 17 November 2023
- UODO (Poland) - DKN.5130.1354.2020 (category Article 25(1) GDPR)expressed in Article 5 (1 ) (a)) f, and reflected in the obligations set out in Article 24 (1), Article 25 (1), Article 32 (1 ) (b ) and (d) and Article 32 (2)74 KB (11,513 words) - 09:58, 17 November 2023
- UODO (Poland) - DKN.5130.2024.2020 (category Article 25(1) GDPR)sec. 1 lit. a) and art. 58 sec. 2 lit. i) in connection with Art. 5 sec. 1 lit. f), art. 24 sec. 1, art. 25 sec. 1, art. 28 sec. 1 and 3 and article. 3275 KB (12,104 words) - 09:58, 17 November 2023
- APD/GBA (Belgium) - 55/2021 (category Article 25(1) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9685922 (category Article 25(1) GDPR)processing carried out is in violation of Article 5(1)(f) GDPR, Article 25(1) GDPR, Article 32 GDPR and Article 35 GDPR. Especially, the controller cannot exclude119 KB (19,123 words) - 11:29, 16 August 2022
- APD/GBA (Belgium) - 82/2020 (category Article 25(1) GDPR)artikel 100, §1, 2° WOG de buitenvervolgingstelling bevelen, of de klacht seponeren overeenkomstig artikel 95, §1, 1° of artikel 100, §1, 1° WOG (naargelang124 KB (18,772 words) - 17:01, 12 December 2023
- UODO (Poland) - ZSOŚS.421.25.2019 (category Article 25(1) GDPR)5 sec. 1 lit. f, art. 5 sec. 2, art. 25 sec. 1, art. 32 sec. 1 lit. b, art. 32 sec. 1 lit. d, art. 32 sec. 2, art. 38 sec. 1, art. 39 sec. 1 lit. b and156 KB (25,012 words) - 10:01, 17 November 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 25(1) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- DPC (Ireland) - IN-19-7-2 (category Article 25(1) GDPR)violated Article 25(1) GDPR by failing to take measures designed to implement the accuracy principle in the database, and Articles 5(2) and 24(1) GDPR by failing5 KB (620 words) - 13:13, 19 May 2021
- HDPA (Greece) - 20/2022 (category Article 12(3) GDPR)violation of article 17 in combination with article 21 par. 3 and article 12 paragraph 3 of the GDPR and article 25 paragraph 1 of the GDPR. For its judgment16 KB (2,374 words) - 11:46, 18 August 2022
- ANSPDCP (Romania) - Banca Comercială Română SA (category Article 25(1) GDPR)This amounted to a violation of Article 25(1) GDPR, Article 32(1)(b) GDPR, Article 32(1)(d) GDPR, Article 32(2) GDPR. Consequently, the DPA fined the5 KB (558 words) - 08:06, 26 September 2022
- ANSPDCP (Romania) - Raiffeisen Bank SA (category Article 25(1) GDPR)violating Article 32(4) jo Article 32(1) and (2) GDPR (security of processing). In addition, a fine of €5,000 for violating Article 25(1) GDPR (data protection14 KB (1,905 words) - 15:22, 29 November 2022
- ANSPDCP (Romania) - Fine against Bitfactor SRL (category Article 25(1) GDPR)laid down in Article 5(1)(f) GDPR. In this context, the DPA referred to Article 25(1) GDPR (data protection by design) and Recital 78 GDPR. As a result6 KB (708 words) - 08:12, 6 October 2022
- APD/GBA (Belgium) - 29/2023 (category Article 25(1) GDPR)risk analysis. Therefore, the DPC found a violation of Article 25(1), 25(2), 5(1)(b) and 5(1)(f) GDPR, ordered Meta to comply with the provisions and imposed5 KB (536 words) - 14:11, 21 March 2023
- HDPA (Greece) - 41/2022 (category Article 25(1) GDPR)thereby violating Article 13(2) GDPR. The investigated controllers did not comply with the storage limitation principle under Article 5(1) GDPR because the data14 KB (2,046 words) - 19:00, 21 September 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6132/151/19 (category Article 25(1) GDPR)data free of charge in light of the principle of privacy by design (Article 25(1) GDPR). According to this principle, data protection issues should be taken14 KB (2,085 words) - 10:24, 4 November 2021
- HDPA (Greece) - 13/2024 (category Article 25(1) GDPR)processing under Article 9 GDPR. Second, the HDPA also found a violation of the principle of lawfulness under Article 5(1a) of the GDPR. It found that the12 KB (1,511 words) - 16:01, 10 April 2024
- Datatilsynet (Denmark) - 2021-441-10244 (category Article 25(1) GDPR)accordance with Article 32 (1) of the Data Protection Regulation. 1. 3.2. Article 25 of the Data Protection Regulation It follows from Article 25 (1) of the Data19 KB (2,832 words) - 14:47, 27 July 2022
- Garante per la protezione dei dati personali (Italy) - 9817058 (category Article 25(1) GDPR)data constituted a breach of Articles 5(1)(f) and 32 GDPR. Additionally, the controller violated Article 25(1) GDPR because it failed to implement a secure24 KB (3,588 words) - 13:43, 2 November 2022
- HDPA (Greece) - 13/2021 (category Article 25(1) GDPR)that in accordance with Article 1 7 in in conjunction with Article 21 (3) and Article 12 (3) of the GIPA and Article 25 par. 1 of the GCP meet the conditions22 KB (3,167 words) - 07:59, 14 October 2021
- APDCAT (Catalonia) - PS 28/2021 (category Article 25(1) GDPR)city council had violated Article 13 GDPR and Article 25(1) GDPR. However, since the deficiencies regarding Article 13 GDPR were corrected before the end42 KB (6,526 words) - 14:26, 24 November 2022
- APD/GBA (Belgium) - 165/2023 (category Article 25(1) GDPR)violation of: 1. Article 5.1.f) and 5.2 of the GDPR, Article 24.1 of the GDPR, Article 25.1 of the GDPR and Articles 32.1 and 32.2 GDPR; 2. Articles 35.1, 35.267 KB (9,908 words) - 11:09, 10 January 2024
- APD/GBA (Belgium) - 60/2023 (category Article 25(1) GDPR)information obligations under Article 5(1)(a), Article 6(1), Article 12, Article 13, Article 24(1), Article 25(1) and Article 25(2). Share your comments here39 KB (5,541 words) - 08:17, 6 June 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4672/161/2022 (category Article 25(1) GDPR)controllers have violated Article 5(1)(a), Article 6(1), Article 13, paragraphs 1 and 2, Article 25, Article 32, paragraphs 1 and 2, and Articles 44 and44 KB (6,748 words) - 16:10, 21 March 2023
- APD/GBA (Belgium) - 162/2022 (category Article 25(1) GDPR)(2) GDPR; b. a breach of Article 12(1) and (6) GDPR, Article 13(1) and (2) GDPR and Article 14(1) and (2) GDPR, Article 5(2) GDPR, Article 24(1) GDPR and71 KB (10,426 words) - 08:21, 23 November 2022
- UODO (Poland) - DKN.5131.8.2022 (category Article 25(1) GDPR)the laptop theft, in breach of Article 32(1) GDPR. Moreover, the DPA found a violation of Articles 24(1) and 25(1) GDPR because the controller failed to48 KB (7,609 words) - 12:24, 23 November 2022
- Datatilsynet (Norway) - 18/04147 (category Article 25(1) GDPR)violating Article 5(1) GDPR, Article 17(1)(a), Article 17(1)(d) and Article 25(1), cf. Article 5(1)(c), Article 5(1)(d), Article 5(1)(e) and Article 5(1)(f)47 KB (7,575 words) - 11:35, 18 November 2023
- UODO (Poland) - DKN.5130.2559.2020 (category Article 25(1) GDPR)provisions of Article 5(1)(f) GDPR, Article 5(2) GDPR, Article 24(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR by: (a) failing62 KB (9,906 words) - 09:02, 11 October 2022
- UODO (Poland) - DKN.5131.31.2022 (category Article 25(1) GDPR)controller €5,400 for infringements of Articles 5(1)(f) and 5(2) GDPR as well as Article 25(1) and Article 32(1) GDPR. First, the controller did not ensure adequate71 KB (11,306 words) - 10:51, 22 January 2024
- Garante per la protezione dei dati personali (Italy) - 9917728 (category Article 25(1) GDPR)The DPA found violations of Articles 5(1)(a)(c)(f), 9, 25(1)(2) and issued a fine of 25,000 euros under Article 83. An advertising billboard depicted a60 KB (9,523 words) - 08:00, 23 August 2023
- APD/GBA (Belgium) - 24/2021 (category Article 7(1) GDPR)fairness and transparency (Article 5.1 a) GDPR), purpose limitation (Article 5.1 b) GDPR) and minimum data processing (Article 5.1 c) GDPR); 4) the legal basis110 KB (18,238 words) - 16:56, 12 December 2023
- OLG München - 18 U 2822/19 Pre (category Article 25(1) GDPR)violated section 13(6) of the German Telemedia Act (TMG) or Article 4(7) GDPR and Artcicle 25(1) GDPR? The Higher Regional Court Munich dismissed the appeal59 KB (9,846 words) - 14:03, 20 September 2021
- UODO (Poland) - DKN.5131.12.2020 (category Article 25(1) GDPR)comply with the principles under Article 5 GDPR, including the principle of integrity and confidentiality (Article 5(1)(f) GDPR). According to this principle74 KB (11,896 words) - 15:14, 7 March 2023
- APD/GBA (Belgium) - 15/2023 (category Article 25(1) GDPR)regard resources. II.1. Article 5 (1) (a) and (2) of the GDPR and Article 6 (1) of the GDPR II.1.1. Article 5 (1) a) and Article 6 (1) GDPR with regard to legality105 KB (15,883 words) - 15:05, 8 March 2023
- UODO (Poland) - DKN.5131.22.2021 (category Article 25(1) GDPR)that the controller breached Article 5(1)(f), Article 24(1), Article 25(1), Article 32(1)(b) and (d), and Article 32(2) GDPR due to a lack of a reliably68 KB (10,909 words) - 14:47, 25 October 2021
- APD/GBA (Belgium) - 188/2022 (category Article 25(1) GDPR)of Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) paragraph 2 of the GDPR; and 2. a breach of Article 12 paragraph 1 and paragraph 495 KB (14,325 words) - 14:27, 25 January 2023
- UODO - DKN.5112.1.2020 (category Article 25(1) GDPR)controller under Article 24(1) GDPR, Article 25 (1) GDPR, Article 32(1)(b) GDPR and Article 32(1)(d) GDPR and Article 32 GDPR#2"Article 32(2) GDPR. Share blogs89 KB (14,285 words) - 12:21, 10 September 2021
- UODO (Poland) - DKN.5112.1.2020 (category Article 25(1) GDPR)of the case (Article 107 § 3 of the Code of Administrative Procedure in connection with Article 77 § 1, Article 80, Article 8 § 1 and Article 11 of the Code110 KB (17,607 words) - 15:35, 3 January 2023
- Garante per la protezione dei dati personali (Italy) - 9921112 (category Article 25(1) GDPR)personal data during the promotional phone call. Article 5(1)(a), Article 6(1)(a) and Article 7 GDPR, for having carried out promotional telephone calls87 KB (13,867 words) - 13:11, 28 September 2023
- WSA Warsaw (Poland) - II SA/Wa 2559/19 (category Article 25(1) GDPR)5 sec. 1 lit. f of Regulation 2016/679 (and reflected in the form of obligations set out in Article 24 (1), Article 25 (1) and Article 32 (1) (b) and90 KB (14,642 words) - 11:12, 18 November 2020
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- UODO (Poland) - DKN.5130.2215.2020 (category Article 25(1) GDPR)sec. 1 lit. f), art. 24 sec. 1, art. 25 sec. 1, art. 28 sec. 1 and sec. 3, art. 32 sec. 1 and 2 and article. 34 sec. 1, as well as art. 83 sec. 1-3 and110 KB (17,650 words) - 12:27, 29 April 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6097/161/21 (category Article 25(1) GDPR)(2016/679) Article 12(1), 2, 3, 4 and 6, Article 5(1)(c), Article 15, Article 17, Article 25, Article 58(2)(b) and (d), Article 83 paragraphs 1, 2, 3, 4139 KB (22,397 words) - 21:48, 13 July 2022
- APD/GBA (Belgium) - 57/2023 (category Article 5(1) GDPR)violation of: 1. Article 5 (1) (a) and (2) and Article 6 (1) GDPR; 2. Article 5, Article 24 (1) and 25 (1) and (2) GDPR; 3. Article 12 paragraph 1, paragraph99 KB (15,129 words) - 09:21, 31 May 2023
- Garante per la protezione dei dati personali (Italy) - 9825667 (category Article 25(1) GDPR)violated Articles 5(2), 24 and 25(1) GDPR. At last, the DPA established a violation of Article 5(2), Article 24 and Article 13 GDPR, for failing to provide evidence131 KB (21,176 words) - 12:52, 20 December 2022
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant45 KB (6,780 words) - 16:57, 12 December 2023
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8492/163/20 (category Article 25(1) GDPR)accuracy of Article 5(1)(d) GDPR and data protection by design of Article 25(1) GDPR. In addition, the DPA held that the controller violated Articles 5(1)(a) and149 KB (24,224 words) - 12:20, 2 January 2023
- NAIH (Hungary) - NAIH-85-3/2022 (category Article 25(1) GDPR) (section Fine and order to comply with GDPR)No Article 5 (1) (a) and (b), Article 6 (1), Article 6 (4) Article 12 (1), Article 13, Article 21 (1) and (2), Article 24 (1), Article 25 Article 1 (1)147 KB (23,028 words) - 13:36, 28 February 2023
- Garante per la protezione dei dati personali (Italy) - 9864063 (category Article 25(1) GDPR)justify it, in breach of Articles 5(1)(a) and 6 GDPR. Finally, the Italian DPA found a violation of Article 25(1) and (2) GDPR because the controller had not152 KB (24,743 words) - 14:39, 21 March 2023
- Tietosuojavaltuutetun toimisto (Finland) - 1150/161/2021 (category Article 25(1) GDPR)infringement of Article 33(1) GDPR, a fine of €145,600 for infringement of Article 34(1) GDPR, and a fine of €316,800 for infringement of Article 5(1)(f) GDPR. In153 KB (24,570 words) - 15:11, 26 March 2024
- Articles 4(11), 6(1)(a), 7 and 8 GDPR. For the definition of 'consent', see the more commentary under Article 6(1)(a) GDPR and Article 7 GDPR. For the definition125 KB (16,328 words) - 16:01, 8 March 2024
- ANSPDCP (Romania) - Fine against Automobile Bavaria SRL (category Article 25 GDPR)security of the data, in violation of Article 32(1) and (2) GDPR and warned the controller for a violation of Article 25(1) GDPR. The DPA fined the controller6 KB (788 words) - 08:33, 31 May 2023
- non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the41 KB (5,197 words) - 12:17, 17 April 2024
- DSB (Austria) - D130.1170 (category Article 7(3) GDPR)violation of Article 7(3) GDPR and it also failed to comply with the requirements set out in Article 5(1)(a) GDPR and Article 25(1) GDPR. Accordingly,5 KB (661 words) - 08:56, 27 September 2023
- DPC (Ireland) - IN-21-9-1 (category Article 5(1)(a) GDPR)minimisation (Article 5(1)(c) GDPR), integrity and confidentiality (Article 5(1)(f) GDPR) and privacy by design and by default (Article 25 GDPR). These principles7 KB (858 words) - 12:25, 20 September 2023
- CJEU - C807/21 - Deutsche Wohnen (category Article 83(4) GDPR)fined DW €14,385,000 for intentional infringement of Article 5(1)(a), (c) and (e) and of Article 25(1) GDPR. The DPA found that DW intentionally failed to take10 KB (1,543 words) - 13:53, 8 December 2023
- elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- of the GDPR, Article 6 of the GDPR, Article 9 of the GDPR, Article 12 of the GDPR, Article 35 of the RGPD, Article 13 of the RGPD, Article 25 of the RGPD337 KB (50,591 words) - 15:29, 5 August 2021
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the77 KB (11,604 words) - 08:55, 29 June 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 24 GDPR (category Article 24 GDPR) (section (1) Appropriate technical and organisational measures)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- According to the final paragraph in Article 49(1) GDPR, when none of the derogations described above (Article 49(1)(a-g) GDPR) is applicable, transfers to third29 KB (3,500 words) - 08:54, 27 March 2023
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- Datatilsynet (Denmark) - Unknown (category Article 32(1) GDPR)was clear to the DPA that the principle of privacy by design under Article 25(1) GDPR had not been considered. Better testing of the platform before launching19 KB (2,823 words) - 13:59, 24 January 2024
- Article 94 GDPR (category Article 94 GDPR)place from 25 May 2018 is no longer regulated by Directive 95/46/EC, but by the GDPR. This provision is to be differentiated from Article 99(1) GDPR, which13 KB (530 words) - 09:40, 3 October 2023
- Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 97 GDPR (category Article 97 GDPR)recitals for Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out16 KB (778 words) - 08:24, 19 October 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller52 KB (7,297 words) - 08:05, 18 July 2023
- Article 99 GDPR (category Article 99 GDPR)European Union. 2. It shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's12 KB (295 words) - 08:25, 19 October 2023
- establishes an EU-wide penalty regime for violations under Article 83 GDPR, Article 84(1) GDPR dispenses with complete harmonisation. It does, however, provide19 KB (1,477 words) - 14:12, 7 November 2023
- Garante per la protezione dei dati personali (Italy) - 9735672 (category Article 25(1) GDPR)any appropriate assessment by the Authority. Violation of Article 5(2) GDPR and Article 25(1) GDPR, for not having taken effective action against undue promotional380 KB (62,114 words) - 15:20, 26 January 2022
- within the meaning of Article 72(1) GDPR. The GDPR does not contain detailed content requirements for the RoP. Article 74(2) GDPR only stipulates that the22 KB (2,266 words) - 08:26, 17 October 2023
- with the support of the EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph43 KB (5,641 words) - 14:58, 28 April 2022
- APD/GBA (Belgium) - 165/2022 (category Article 5(1)(a) GDPR)(2) GDPR, Article 14 (1) and (1) 2 GDPR, Article 5 (2) GDPR, Article 24 (1) GDPR and Article 25 (1) GDPR. II. Motivation II.1. Interest of the complainant28 KB (4,010 words) - 13:40, 14 December 2022
- proceedings under Article 79(1) GDPR where no subjective rights under the GDPR are concerned. For example, a data subject cannot use Article 79(1) GDPR to bring31 KB (3,550 words) - 11:11, 29 November 2023
- APD/GBA (Belgium) - 07/2024 (category Article 5(1)(c) GDPR)those involved (Article 12.1, Article 13.1 and 13.2, Article 14.1 and 14.2, Article 5.2, Article 24.1, and Article 25.1 GDPR) 57 II.4.1. Position of the350 KB (51,369 words) - 09:25, 31 January 2024
- mentioned in Article 26(1), but also encompasses other obligations of controllers under the GDPR. EDPB: This extends to various obligations under the GDPR, including37 KB (3,915 words) - 12:49, 24 May 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- the information society service(s)." According to Article 4(25) GDPR, which in turn refers to Article 1(1) of Directive (EU) 2015/1535, an "information society19 KB (1,335 words) - 13:56, 24 October 2023
- opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 16 (available here) referring to Article 1(1)(b) Directive (EU) 2015/153537 KB (4,635 words) - 13:29, 24 October 2023
- compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- Article 52 GDPR (category GDPR Articles) (section (1) Complete independence of supervisory authorities (SAs))this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- additional benefit of Article 14(1)(d) GDPR may be questionable, if one agrees that Article 14(1)(c) (see commentary on Article 13(1)(c) GDPR) already requires47 KB (5,644 words) - 17:49, 5 March 2024
- under Article 13 should not be too long. Article 12 GDPR may be limited by Union or national Law in accordance with Article 23 GDPR. Article 12(1) GDPR76 KB (11,304 words) - 08:37, 4 March 2024
- 64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- Article 51 GDPR (category GDPR Articles) (section (1) Establishment of a supervisory authority (SA))controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- KG Berlin - 3 Ws 250/21 - 161 AR 64/21 (category Article 83 GDPR)DPA fined Deutsche Wohnen SE € 14,500,000 for violating Article 5(1)(e) and Article 25(1) GDPR as the company's archive system was structurally unable38 KB (5,956 words) - 11:41, 21 January 2022
- Article 42 GDPR (category GDPR Articles) (section (1) Defining certification mechanisms, data protection seals, and marks)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- the establishment of SAs are set out in Article 51(1) and 52 GDPR, Article 54(1)(a) GDPR repeats that these should be legislated for through a Member State's34 KB (3,649 words) - 13:19, 30 October 2023
- up. Indeed, the wording of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct44 KB (5,008 words) - 14:50, 28 July 2023
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- decisions in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C15 KB (808 words) - 09:44, 17 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- in the EDPB's Rules of Procedure (“RoP”). Article 33(1) RoP stipulates that in “accordance with Art 76 (1) GDPR”, discussions of the Board and of expert15 KB (787 words) - 08:17, 19 October 2023
- will not have to submit another request for erasure under Article 17(1)(b) GDPR. Article 7(4) GDPR provides some useful guidance on the factors to be taken31 KB (3,489 words) - 16:00, 8 March 2024
- one of the 'other administrative or non-judicial' remedies, which Article 78(2) GDPR refers to. If the DPA decides to uphold their decision, they will10 KB (1,078 words) - 06:40, 26 March 2023
- Article 59 GDPR (category GDPR Articles)accordance with Article 58(2) [GDPR]”. These is a reference to the information that SAs must keep in internal records according to Article 57(1)(u) GDPR. The report15 KB (718 words) - 15:31, 19 October 2023
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 25 GDPR)accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently144 KB (23,155 words) - 15:46, 6 December 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 67 GDPR (category Article 67 GDPR)Category:Article 67 GDPR See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available here). See EDPB, 2019 Annual Report, Section 4.3.1 (available15 KB (810 words) - 16:13, 2 November 2023
- consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 19 GDPR (category GDPR Articles)of Article 15(1)(c) GDPR, which permits in certain cases that the information provided is limited to "categories of recipient[s]": Article 15 GDPR is a19 KB (1,436 words) - 12:35, 12 May 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 16 GDPR (category GDPR Articles)However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article23 KB (2,489 words) - 23:24, 6 March 2024
- Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- organisation-fined-for-gdpr-rule-breach-1.4255692?mode=amp https://www.irishlegal.com/article/tusla-fined-40-000-in-second-gdpr-breach https://www.dataprotection8 KB (1,034 words) - 14:13, 20 August 2021
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- binding decision under Article 66 GDPR, at the request of the Hamburg SA which adopted provisional measures under Article 66(1) GDPR, based on its consideration20 KB (1,590 words) - 16:11, 2 November 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- specific rules. Article 82 GDPR introduces a right to compensation for damage caused as a result of an infringement of the GDPR. Article 82(1) contains the33 KB (4,215 words) - 09:57, 19 March 2024
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- category of data. Part 1 deals with processing within the scope of the GDPR. Part 2 deals with processing outside of the scope of the GDPR. Part 3 deals with18 KB (2,488 words) - 15:22, 14 December 2021
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)first glance, Article 92 GDPR's wording seems to be in conflict with Article 290(1) TFEU, but in actuality it is not. Article 92(2) GDPR must be read in19 KB (1,525 words) - 08:18, 19 October 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)subjects - which would be counterproductive. Article 11 GDPR is meant to address this matter. Under Article 11(1) GDPR, when a processing operation does not or20 KB (1,854 words) - 16:32, 8 March 2024
- Article 38 GDPR (category GDPR Articles) (section (1) DPO's involvement in any data protection issues)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- Article 61 GDPR (category Article 61 GDPR) (section (1) Exchange of information and mutual assistance)request (Article 61(5) GDPR), the requesting SA may adopt a provisional measure on the territory of its Member State under Article 55(1) GDPR. If the SA24 KB (2,181 words) - 11:46, 15 January 2024
- framework of voluntary cooperation provided for in Article 62(1) GDPR is partly supplemented by Article 62(2) GDPR, which contains several cases in which joint22 KB (1,915 words) - 13:46, 15 January 2024
- Garante per la protezione dei dati personali (Italy) - 9925674 (category Article 5(1)(a) GDPR)constituting a breach of Article 12(2) GDPR and Article 12(3) GDPR, as well as Article 15 GDPR, Article 17 GDPR and Article 21(2) GDPR. Thus, the calls carried63 KB (9,986 words) - 12:04, 11 October 2023
- Article 30 GDPR (category GDPR Articles) (section (1) Record of processing activities by the controller)requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 70 GDPR (category Article 70 GDPR) (section (1) Tasks to ensure the consistent application of the Regulation)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 34 GDPR (category GDPR Articles) (section (1) Communication of a personal data breach to the data subject)the competent supervisory authority of such a breach. Article 34(1) GDPR differs from Article 33 GDPR. Instead of having to notify the supervisor authority37 KB (3,962 words) - 15:20, 16 June 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- complaint under Article 77(1) GDPR on behalf of the data subject and to represent the them before all supervisory authorities (“SA”) (Article 4(21) GDPR). Secondly26 KB (2,575 words) - 15:50, 9 November 2023
- other DPAs concerned. The BCR Lead the submits, following Article 64(1) GDPR and Article 64(4) GDPR, a draft decision to the EDPB. The EDPB, in turn, issues29 KB (2,823 words) - 15:15, 28 April 2022
- deadline of Article 36(1) GDPR, and it is still disputed whether the outcome of the procedure rather resembles that of Article 58(3)(a) GDPR or Article 58(3)(b)31 KB (3,646 words) - 08:51, 21 July 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)the basis of (i) its legitimate interest (Article 6(1)(f) GDPR) or (ii) the public interest (Article 6(1)(e) GDPR). Hence, data subjects may find themselves32 KB (3,730 words) - 08:43, 7 March 2024
- Article 85 GDPR (category Article 85 GDPR) (section (1) Reconciling data protection rules with freedom of expression)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- Article 53 GDPR (category GDPR Articles) (section (1) Authority appointing the members of the supervisory authority (SA))the SAs' tasks, please refer to Article 57 GDPR and for their powers please refer to Article 58 GDPR. See Recital 122 GDPR. In this respect, reference should29 KB (2,894 words) - 23:06, 1 April 2024
- Article 55 GDPR (category GDPR Articles) (section (1) Territorial competence of supervisory authorities (SAs))which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- categories of data listed under Article 9(1) GDPR. There have been conflicting arguments as to whether Article 22(1) GDPR lays down a right or a general31 KB (4,768 words) - 06:24, 16 June 2023
- Article 78 GDPR (category GDPR Articles) (section (1) Right to an effective judicial remedy against an SA's decision)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- Article 33 GDPR (category GDPR Articles) (section (1) Controller's notification in the event of a personal data breach)agreement on joint responsibility as required under Article 26(1) of the GDPR. Article 33(1) GDPR outlines that controllers (as defined above) have an54 KB (6,536 words) - 08:22, 16 June 2023
- Article 89 GDPR (category Article 89 GDPR) (section (1) Mandatory Appropriate Safeguards for Archiving Purposes in the Public Interest, Scientific or Historical Research Purposes,...)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- Article 37 GDPR (category GDPR Articles) (section (1) Obligation to designate a data protection officer)surveillance cameras, it was therefore in breach of Article 37(1)(b) GDPR by not having a DPO. Article 37(1) GDPR specifies three conditions in which the designation43 KB (4,904 words) - 12:59, 21 July 2023
- the parties. Section 100 of the Slovak Data Protection Act implements Article 77 GDPR. The complaint shall include (Section 100 (3)): The name, surname, correspondence9 KB (1,006 words) - 07:13, 7 July 2021
- 1983 - 1 BvR 209/83, 1 BvR 269/83, 1 BvR 362/83, 1 BvR 420/83, 1 BvR 440/83, 1 BvR 484/83 (in DE) (Abstract in EN) - ECLI:DE:BVerfG:1983:rs19831215.1bvr02098318 KB (1,831 words) - 13:49, 3 November 2022
- APD/GBA (Belgium) - 149/2022 (category Article 5(1)(b) GDPR)Violations of Article 5(1)(a) GDPR and Article 6(1) GDPR The DPA held that the controller did not violate Article 5(1)(a) GDPR and Article 6(1) GDPR. The DPA89 KB (13,017 words) - 15:07, 2 November 2022
- commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)Art. 82 Para. 1, Para. 2, Art. 5 Para. 1 lit. a Var. 1, Article 6 paragraph 1 subparagraph. 1 lit. 1, Article 6 paragraph 1 subparagraph. 1 lit. a, Art.130 KB (21,874 words) - 09:43, 15 February 2024
- CJEU - C-311/18 - Schrems II (category Article 2(2) GDPR)under Article 57(1)(f) of the GDPR, each supervisory authority is required on its territory to handle complaints which, in accordance with Article 77(1)12 KB (1,780 words) - 17:22, 10 March 2022
- Datatilsynet (Norway) - 20/02136 (category Article 6(1) GDPR) (section Special categories of data under Article 9 GDPR)elements. Infringement of Article 6 and 9 GDPR qualifies for the maximum amount for administrative fines as set out in Article 83(5) GDPR: 20,000,000 € or 4%18 KB (2,375 words) - 16:17, 6 December 2023
- protection authorities (Art. 78.1 GDPR), as well as by the possibility to bring actions directly in court (Art. 79 GDPR). Against the decisions that put15 KB (1,875 words) - 16:18, 13 July 2022
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx. €25,000). The controller121 KB (13,722 words) - 15:16, 5 July 2023
- than those expressly indicated in Article 22(1), with the exception of personal data referred to in Article 10 GDPR. This means that data concerning criminal9 KB (1,215 words) - 16:58, 18 May 2021
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)obligation of the controller (Article 6 (1) (c)) or to perform a public interest task or exercise public authority paragraph (e)). Article 6 (3) of the Data Protection41 KB (6,555 words) - 08:37, 4 March 2024
- CNIL (France) - SAN-2020-012 (category Article 26(1) GDPR)in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection Act, provides: 1. Each supervisory93 KB (14,936 words) - 17:09, 6 December 2023
- Recitals GDPR (section Recitals from the GDPR)practice. Recital 1: The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter182 KB (24,065 words) - 13:40, 9 July 2021
- processing by the defendant can only be Article 6 (1) sentence 1 lit e) DSGVO (see b) or Article 6 (1) sentence 1 lit f) DSGVO (see c), the requirements51 KB (8,215 words) - 09:55, 13 May 2022
- Garante per la protezione dei dati personali (Italy) - 9574709 (category Article 25 GDPR)Moreover, the information provided as per Article 13 GDPR were not compliant with the requirements of Article 12 GDPR in light of the fact that TikTok services17 KB (2,519 words) - 15:55, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)of articles 38.1, 38.3, 39.1 a) and 39.1 b) of the GDPR; - to issue an injunction against Company A to comply with Article 38.1 of the GDPR, within four66 KB (9,458 words) - 19:42, 4 September 2021
- Tietosuojavaltuutetun toimisto (Finland) - 4680/182/18 (category Article 9(1) GDPR)Regulation Article 5 paragraph 1 subparagraph a Article 7 Article 9 Data Protection Act Section 6 subsection 1 paragraph 1 Insurance Contract Act Section 1 and49 KB (7,496 words) - 14:44, 24 January 2024
- Helsingin hallinto-oikeus (Finland) - 116/2024 (category Article 5(1)(a) GDPR)life insurance company had breached Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR as its as its practice was to process41 KB (6,133 words) - 10:29, 25 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 3216/452/17 (category Article 5(1)(a) GDPR)violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR. As a result, and in accordance with Article 58(2)(d) GDPR, the60 KB (9,117 words) - 14:46, 24 January 2024
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the AEPD602 KB (102,229 words) - 14:21, 13 December 2023
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines75 KB (12,421 words) - 13:23, 13 December 2023
- BVwG - W258 2217446-1 (category Article 4(1) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO,79 KB (12,652 words) - 09:41, 10 September 2021
- Rb. Rotterdam - C/10/576074/HA RK 19-694 (category Article 15(3) GDPR)referred to as [applicant] and the State. 1 The procedure 1.1. An application dated 30 January 2019 with productions 1 to 7 was received at the Registry of15 KB (2,504 words) - 16:27, 10 March 2022
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 4 GDPR)Articles 5(1)(a), 12(1) and 13(1)(c) GDPR within three months, to refer not only to information provided on data processed pursuant to Article 6(1)(b) GDPR, but53 KB (8,413 words) - 14:10, 30 January 2023
- Tietosuojavaltuutetun toimisto (Finland) - 7285/183/18 (category Article 5(1)(a) GDPR)fairness of processing (Article 5(1)(a) GDPR), data minimisation (Article 5(1)(c) GDPR), and data protection by default (Article 25(2) GDPR). The DPA suggested73 KB (11,237 words) - 05:34, 21 July 2022
- artistic or literary purposes, only Article 24, Article 26, Article 28, Article 29, Article 32, and Article 40- Article 43 applies, following § 3. Special8 KB (1,064 words) - 12:53, 23 June 2023
- HDPA (Greece) - 26/2023 (category Article 15 GDPR)provide for the possibility of bringing such actions of Article 25 of the Code of Civil Procedure1. 1 See, by way of example, the Authority's Decision No 73/201814 KB (2,181 words) - 11:27, 13 September 2023
- Garante per la protezione dei dati personali (Italy) - 9870832 (category Article 5 GDPR)enshrined in Article 5(1)(d). Finally, the DPA also considered that the lack of any mechanism to check the age of the users entailed a violation of Article 8 GDPR14 KB (2,049 words) - 07:46, 1 August 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)be established on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data131 KB (14,752 words) - 08:36, 5 July 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA429 KB (58,279 words) - 09:12, 2 November 2022
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- BVwG - W211 2210458-1/10 (category Article 2(1) GDPR)according to To 1): € 1.200,00 To 2): € 300,00 To 3): € 300,00 . . . In total: € 1.800 To 1): 3 days To 2): 1 day To 3): 1 day ... In total: 5 days Ad 1): Art.92 KB (15,435 words) - 16:00, 22 March 2022
- LG Köln - 33 O 376/22 (category Article 6(1)(b) GDPR)application 1.b., from §§ 1, 3 para. 1 no. 1, 4 UKlag in conjunction with §§ 307 para. 1, para. 2 no.1 in conjunction with Art. 5 para. 1 lit. a), Art66 KB (9,990 words) - 12:30, 29 January 2024
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)analogous to Article 18 (1)(a) GDPR the Court held that § 12 of the German Registration Law explicitly exludes the application of Article 18 (1)(a) GDPR. According112 KB (19,310 words) - 08:08, 23 June 2022
- context Article 29 of the Data Protection Act 2019 establishes exceptions in Article 9(1) GDPR, Article 15 GDPR, Article 16 GDPR, Article 18(1)(a) GDPR, Article10 KB (1,037 words) - 14:52, 10 July 2020
- minor, following Article 5(5) UAVG. In all other situations, the age of consent is 16 years, following Article 5(1) UAVG. Pursuant to Article 43 of the Dutch7 KB (764 words) - 07:50, 6 May 2024
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing49 KB (7,800 words) - 09:22, 5 January 2024
- Garante per la protezione dei dati personali (Italy) - 9852214 (category Article 58(1) GDPR)in particular of children was in breach of Article 5, Article 6, Article 8, Article 9, and Article 25 GDPR. Consequently, the DPA urgently imposed upon36 KB (5,598 words) - 10:15, 8 February 2023
- Personvernnemnda (Norway) - 2021-03 (category Article 5(1)(a) GDPR)Ordinance Article 6 No. 1 letter f, for failure to assess protests, cf. Article 21, and for lack of information, cf. Article 13. 2. Pursuant to Article 58 (2)25 KB (4,046 words) - 18:37, 5 March 2022
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)lawfulness, the Litigation Chamber concludes that Article 5.1.a. of the GDPR in conjunction with Article 6 of the GDPR have not been complied with with regard to37 KB (5,765 words) - 09:53, 14 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)subjects required by Article 12.2. of the GDPR. 8.1.3. As for the breach of the principle of minimization (article 5.1 c) of the GDPR) 8.1.3.1. In view of the127 KB (21,484 words) - 17:01, 12 December 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)Sections 1004 analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could39 KB (6,362 words) - 14:01, 22 June 2023
- AEPD (Spain) - EXP202201721 (category Article 6(1) GDPR)the violation of the GDPR: violation of article 6.1, violation typified in its article 83.5.a). IV Secondly, article 32 of the GDPR “Security of processing”79 KB (12,408 words) - 13:24, 13 December 2023
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)connection with the violation of article/and 5.1. c); 6.1.; 13.1. (c);13.1(e) and13.2(a)AVG: r PAGE 01-00001582885-0002-0033-01- □1-� r L _JCourt of Appeal Brussels60 KB (9,144 words) - 16:17, 22 March 2022
- AEPD (Spain) - E/03276/2021 (category Article 6(1)(a) GDPR)the presumed responsible for the administrative offense. Article 64 of Law 39/2015, of October 1, on Administrative Procedure Common of Public Administrations10 KB (1,288 words) - 13:39, 13 December 2023
- GDPR, Article 9 GDPR, Article 10 GDPR, Article 30 GDPR and Article 34 GDPR, as well as the provision of the PDPA governing processing of personal data10 KB (1,440 words) - 08:54, 17 January 2020
- AEPD (Spain) - EXP202100764 (category Article 5(1)(f) GDPR)party, respectively. III Article 5.1.f) of the GDPR Article 5.1.f) “Principles relating to processing” of the GDPR establishes: "1. The personal data will34 KB (5,184 words) - 13:22, 13 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)with the principle of fair and transparent processing contained in Article 5(1)(a) GDPR? Is the information relating to personal data processing operations48 KB (7,404 words) - 17:09, 6 December 2023
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)violating Article 5(1)(c) and Article 5(1)(e) GDPR. The DPA of Berlin fined Deutsche Wohnen SE for violating Article 5(1)(c) and Article 5(1)(e) GDPR, because36 KB (5,810 words) - 13:09, 21 January 2022
- The heading of Article 6(1) and the wording “has given” in Article 6(1)(a) support this interpretation. It follows logically from Article 6 and Recital65 KB (9,767 words) - 16:22, 6 December 2023
- HDPA (Greece) - 28/2023 (category Article 58(2) GDPR)council in Greece to cease their processing activities, under Article 58(2) GDPR and Article 15(8) of Law 4624/2019, because of an unresolved data breach9 KB (1,211 words) - 20:32, 8 January 2024
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)identifier) pursuant to Article 4(1) of the GDPR. c) Combination with other elements The fulfillment of Article 4(1) of the GDPR becomes even more apparent108 KB (17,097 words) - 13:52, 12 May 2023
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)pursuant to article 32(1) of the GDPR. The AP disagrees. The conclusion of the AP that OLVG does not comply with article 32(1) of the GDPR by not meeting67 KB (11,415 words) - 17:15, 12 December 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- AEPD (Spain) - EXP202201746 (category Article 5(1)(f) GDPR)infringement of Article 32 GDPR. Therefore, the Spanish DPA issued a warning sanction for each violation of Article 5(1)(f) and Article 32 GDPR. AEPD highlighted62 KB (9,703 words) - 13:05, 13 December 2023
- HDPA (Greece) - 37/2020 (category Article 4(7) GDPR)accordance with article 11 par.1 Law 3471/2006, as applicable, the prior consent of the data subject, without prejudice to paragraph 3 of the same article, as applicable14 KB (2,127 words) - 15:37, 6 December 2023
- HDPA (Greece) - 38/2020 (category Article 4(7) GDPR)accordance with article 11 par.1 Law 3471/2006, as applicable, the prior consent of the data subject, without prejudice to paragraph 3 of the same article, as applicable14 KB (2,070 words) - 15:38, 6 December 2023
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)e7141c720c53441c2483c; has_js=1; _gid=GA1.2.1837808855.1597415922; _gat=1 Upgrade-Insecure-Requests 1 If-None-Match" 1597405902-1" Cache-Control max-age=0”44 KB (6,642 words) - 10:34, 13 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- AEPD (Spain) - EXP202105680 (category Article 9 GDPR)very serious in article 72.1. e) from the LOPDGDD, with 10,000 euros. -article 13 of the GDPR, in accordance with article 83.5 b) of the GDPR, and for the66 KB (10,558 words) - 13:14, 13 December 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)the infringement of Article 5.1 c) AVG has been proven. f)Transparent information (Article 5.1(a); Article 12.1. and Article 13.1. and 13.2. AVG) 43.The48 KB (7,926 words) - 16:56, 12 December 2023
- AP (The Netherlands) - 25.11.2021 (category Article 5(1)(a) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)enshrined in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not270 KB (43,335 words) - 12:39, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9556958 (category Article 5(1)(a) GDPR)as per Article 25 GDPR and the liability principle of 5(2) GDPR. The DPA finally found out that the provision on impact assessment, as per Article 35 GDPR4 KB (505 words) - 15:55, 6 December 2023
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)to in Article 5(1) LRN, under which the controller did not fall in. Therefore, the controller breached Article 5(1)(a) GDPR and Article 6(1) GDPR, in conjunction113 KB (17,325 words) - 08:50, 19 March 2024
- AKI (Estonia) - 2.1-3/20/172 (category Article 16 GDPR)Judgment 1-11-10084 that the judgment of the Tartu County Court of 25 September 2014 was annulled in full. Second, on 1 May 2015, paragraph 1 of Resolution28 KB (4,711 words) - 10:30, 13 December 2023
- ANSPDCP (Romania) - S.C. Marsorom S.R.L. (category Article 5(1)(e) GDPR)limitation principle enshrined in Article 5(1)(e) GDPR, and also failed to fulfill its obligation under Articles 25 and 32 GDPR. Consequently, the DPA issued4 KB (391 words) - 15:20, 13 December 2023
- AZOP (Croatia) - Decision 13-09-2023 (category Article 13(1)(c) GDPR)the controller violated the provisions of Article 13(1)(c) GDPR, Article 13(2)(a) GDPR and Article 13(2)(e) GDPR, according to which a controller is obliged9 KB (1,276 words) - 15:22, 30 October 2023
- OGH - 6Ob77/20x (category Article 25 GDPR)opening clauses in Article 80(1) and (2) GDPR ("closed shop"). In this case, consumer rights associations would be barred from bringing GDPR class actions unless7 KB (658 words) - 13:16, 8 July 2021
- Tietosuojavaltuutetun toimisto (Finland) - 6609/163/19 (category Article 5(1)(c) GDPR)processed" (Article 5(1)(c) GDPR). The Finish DPA ruled that the controller did not comply with the principle of data minimization set out in Article 5(1)(c) GDPR13 KB (1,873 words) - 13:06, 3 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 2984/182/2019 (category Article 5(1)(c) GDPR)complied with the principle of data minimization as per Article 5 (1) (c) and Article 25 (2) GDPR? The Finnish DPA held that the controller has not complied17 KB (2,614 words) - 13:05, 3 March 2024
- statutory legal obligation as stipulated under Article 6(1)(c) GDPR, in this case prescribed by Article 229 of the Act on Road Traffic Safety. The Court16 KB (2,404 words) - 15:46, 30 October 2023
- AZOP (Croatia) - Decision 31-05-2022 (category Article 25 GDPR)Data Protection Agency, OIB: 28454963989 based on Article 57 paragraph 1 and Article 58 paragraph 1 of Regulation (EU) 2016/679 of the European Parliament17 KB (2,433 words) - 15:45, 30 October 2023
- ANSPDCP (Romania) - Asociația de proprietari Bl. FC 5, orașul Năvodari, județul Constanța (category Article 6(1) GDPR)unlawfully, as it breached Articles 5 and 6(1) GDPR. For this violation, the DPA used its powers under Article 82(5)(a) and fined the association with €5006 KB (779 words) - 15:16, 13 December 2023
- AEPD (Spain) - EXP202205353 (category Article 5(1)(f) GDPR)the alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement22 KB (3,386 words) - 16:05, 13 December 2023
- AEPD (Spain) - PS/00187/2020 (category Article 5(1)(f) GDPR)by the alleged violation of Article 32 of the RGPD, Article 5.1.f) of the RGPD, Article 25 of the RGPD, typified in Article 83.5 of the RGPD. FOURTH: On51 KB (7,770 words) - 14:08, 13 December 2023
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines22 KB (3,427 words) - 13:26, 13 December 2023
- CJEU - C-601/20 - SOVIM (category Article 5(1)(b) GDPR)guaranteed by Article 7 of the Charter and the right to protection of personal data guaranteed by Article 8 of the Charter? Question 3 1. Is Article 5(1)(a) of9 KB (1,176 words) - 13:29, 5 January 2024
- Court of Appeal of Brussels - 2022/AR/292 (category Article 5(1)(f) GDPR)companies that use the TC-string? (Article 4(1) GDPR) 2) a) Is IAB a (joint) controller (Article 4(7) GDPR and Article 24(1) GDPR)? b) Does it matter whether6 KB (675 words) - 09:55, 14 December 2023
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: Notification of the aforementioned start-up22 KB (3,319 words) - 13:00, 13 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "1. Each supervisory authority82 KB (13,463 words) - 17:03, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/29/2020 (category Article 5(1)(c) GDPR)violated Article 5(1)(c) GDPR, Article 25(2) GDPR and Section 29(4) of the Finnish Data Protection Act. As a result, and in accordance with Article 58(2)(d)25 KB (3,651 words) - 09:37, 3 April 2024
- HDPA (Greece) - 20/2021 (category Article 17(1) GDPR)considers that in accordance with Article 17 in in conjunction with Article 21 para. 3 of the GCP and Article 25 para. 1 of the GCP the conditions for enforcement20 KB (2,936 words) - 14:58, 22 November 2021
- Korkein hallinto-oikeus (Finland) - KHO:2023:56 (category Article 5(1)(c) GDPR)Regulation) Article 5, paragraph 1, subparagraph c, Article 25, Article 58, paragraph 2, subparagraph d, and Article 87, Section 29, subsection 1 of the Data45 KB (5,016 words) - 14:14, 21 March 2024
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/224/2023 (category Article 5(1)(e) GDPR)violated Article 5(1)(c) GDPR, Article 5(1)(e) GDPR, Article 12(2) GDPR, Article 12(6) GDPR and Article 25(2) GDPR. In accordance with Article 58(2)(c)31 KB (4,693 words) - 11:50, 6 March 2024
- AP (The Netherlands) - 23.09.2021 (category Article 32(1) GDPR)which led to a (sensitive) data breach, in violation of Article 32(1) and Article 32(2) GDPR In Oktober 2019, a malicious third party gained unauthorized66 KB (8,861 words) - 17:08, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 9209/157/2019 (category Article 25(2) GDPR)Data Protection Regulation (2016/679) Article 12 (4), Article 17 (3), Article 21 (2) and (3), Article 25 (2), Article 58 (2) (b) Section 2 of the Health Care20 KB (3,108 words) - 13:02, 3 March 2024
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)complaint hearing, the bB (OZ 23 to W245 2252208-1), the BF1 (OZ 24 to W245 2252208-1) and BF2 (OZ 25 to W245 2252208-1) Observations. In these observations, the158 KB (26,392 words) - 08:25, 7 June 2023
- HDPA (Greece) - 25/2022 (category Article 5(1)(a) GDPR)principles of article 5 par. 1 GDPR. It's not a coincidence that the GDPR includes accountability (already mentioned above article 5 par. 2 GDPR) in the regulation48 KB (7,803 words) - 13:29, 11 October 2022
- Tietosuojavaltuutetun toimisto (Finland) - 4431/161/21 (category Article 5(1)(a) GDPR)DPA held that the controller had violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to54 KB (8,279 words) - 13:53, 21 March 2024
- infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been72 KB (11,208 words) - 16:51, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 531/161/20 (category Article 25 GDPR)obligations under Article 35 GPDPR? 3. Has the controller taken adequate organisational and/or technical measures in accordance with Article 25 GDPR. The Finnish3 KB (263 words) - 13:05, 3 March 2024
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)of the GDPR: art. 5.1 a, 12.1, 13, 14, 6, 7, 5.1.c in conjunction with 25, 5.2, 28.3, 31, 37 and 38 AVG. 63. With regard to Article 5 (1) (a) GDPR, the defendant113 KB (18,732 words) - 16:50, 12 December 2023
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notification of the Commencement Agreement26 KB (4,147 words) - 13:27, 13 December 2023
- DSB (Austria) - D550.038/0003-DSB/2018 (category Article 5(1)(a) GDPR)provision(s): Regarding 1) - Article 5(1)(a) and (c) and Article 6(1) of the Data Protection Basic Regulation - DSGVO, OJ No L 119, 4.5.2016, p. 1. Re 2) (a) Section31 KB (5,161 words) - 14:02, 12 May 2023
- AP (The Netherlands) - 10.12.2020 (locatefamily.com) (category Article 27(1) GDPR)personal data within the meaning of Article 4, opening words and (1) of the AVG. Based on Article 2, paragraph 1 and Article 3, paragraph 2, of the AVG, the38 KB (6,339 words) - 17:14, 12 December 2023
- CE - N° 428451 (category Article 25 GDPR)accordance with Article L. 6113-7 of the French Public Health Code and the decree of 26 December 2018 comply with Articles 6, 9(3) and 25 GDPR? To reach the35 KB (5,153 words) - 16:29, 20 May 2021
- Garante per la protezione dei dati personali (Italy) - 9698724 (category Article 5(1)(a) GDPR)the Guarantor pursuant to Article 166, paragraph 7, of the Code "(Article 16, paragraph 1, of the Guarantor Regulation no. 1/2019). In this regard, taking83 KB (13,648 words) - 11:30, 16 August 2022
- CNIL (France) - SAN-2022-020 (category Article 5(1)(e) GDPR)Failure to ensure data protection by default (Article 25(2) GDPR) The DPA also found a violation of Article 25(2) GDPR regarding the controllers “X” icon at the59 KB (9,566 words) - 17:03, 6 December 2023
- DSB (Austria) - D122.844/0006-DSB/2018 (category Article 12(5) GDPR)coming into force of the GDPR on 25. 5. 2018. Can a controller charge for access to historic account data under Article 15 GDPR? Is GDPR applicable to a case19 KB (2,936 words) - 13:55, 12 May 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)breach of Article 32 of the GDPR has occurred. B. On the failure to notify the data breach to the CNIL 32. Pursuant to Article 33 (1) of the GDPR, in the26 KB (4,050 words) - 17:10, 6 December 2023
- CNIL (France) - SAN-2023-018 (category Article 37(1)(a) GDPR)data protection officer pursuant to Article 37(1)(a) of the GDPR 13. In law, Article 37, paragraph 1, a) of the GDPR provides that “The controller and the22 KB (3,384 words) - 13:25, 24 January 2024
- AEPD (Spain) - PS/00356/2020 (category Article 6(1) GDPR)commerce (hereinafter LSSI), as provided in article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, on Administrative Procedure Common of Public26 KB (3,848 words) - 14:31, 13 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2021:125 (category Article 54(1) GDPR)EC (GDPR), Art. 51, 52, 53.1, 53.3, 53.4 and 54.1 (a) - (e) The Self-Government Act for Åland, section 1, section 3, subsection 2. and section 25, subsection46 KB (7,394 words) - 14:08, 21 March 2024
- AEPD (Spain) - EXP202105644 (category Article 5(1)(f) GDPR)controller €80,000: €50,000 for the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. The original fine of €80,000 was reduced27 KB (4,121 words) - 15:06, 13 December 2023
- AEPD (Spain) - PS/00474/2020 (category Article 21 GDPR)data subject has exercised their right to object under Article 21 GDPR. In the same way, Article 48(1)(b) of the Spanish General Telecommunications Act grants38 KB (5,945 words) - 12:14, 9 June 2021
- AEPD (Spain) - PS/00451/2019 (category Article 6(1)(f) GDPR)and application of Article 20.1 c) by the AEPD implies the exclusion of the weighting required by the legitimizing basis of Article 6.1.f) of the RGPD and26 KB (4,231 words) - 14:44, 13 December 2023
- AP (The Netherlands) - 11.03.2021 (category Article 6(1)(c) GDPR)this processing could be based on the Article 6(1)(c) “compliance with a legal obligation” or Article 6(1)(e) GDPR “the performance of a task carried out5 KB (613 words) - 17:06, 12 December 2023
- TGI Paris - N° 14/07224 (category Article 5(1)(d) GDPR)offered and / or concluded after July 1, 2016, articles L.211-1, L.212-3, L.212-1, L.241-1, R.212-1 / 1 °, L .111-1, L.111-2, L.111-3, L.221-5, L.221-6,392 KB (67,730 words) - 15:27, 17 March 2022
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)Justification 3.1.1. Regarding the purpose limitation findings (Article 5.1 b) GDPR) and the lawfulness of processing (Article 6.1 GDPR) 12. In its report82 KB (13,250 words) - 16:57, 12 December 2023
- HDPA (Greece) - 39/2020 (category Article 4(7) GDPR)show_context_help(h) { newWindow = window.open(h,"Help", "menubar=1,toolbar=1,scrollbars=1,resizable=1,width=700, height=500"); } </SCRIPT><NOSCRIPT></NOSCRIPT><STYLE56 KB (7,755 words) - 15:39, 6 December 2023
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)there is no violation of articles 5.1(c), 5.1(d), 5.1(e) and 5.1(f). Articles 5.1(c), (d) and (f), 5.2, 12, 16, 24, 25, 30.1, 31, 32, 38.3 and 38.6 of the AVG90 KB (14,937 words) - 12:35, 3 August 2022
- IMY (Sweden) - DI-2019-9457 (category Article 32(1) GDPR)administrative bodies, researchers and physicians in violation of Article 32(1) GDPR. Uppsala regional authorities notified the Swedish DPA (Integritetsskyddsmyndigheten43 KB (4,600 words) - 17:08, 23 March 2022
- CNIL (France) - MED-2020-015 (category Article 5(1)(a) GDPR)with the terms of the decree of 29 May 2020, pursuant to Article 5-1-a) of the RGPD. Article 5(1)(a) of the Regulation stipulates that: personal data must33 KB (5,322 words) - 17:08, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 5(1) GDPR)of this regulation and protect the rights of data subjects "(Article 25, paragraph 1, of GDPR). COMMENTS OF THE MISE In the note prot. n. XX of the XX century57 KB (9,144 words) - 15:55, 6 December 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)(definition) Article 5.1 : Principles of data processing Article 5.1.a : Principle of legality, objectivity and transparency Article 5.1.b : Principle9 KB (1,251 words) - 12:15, 8 May 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)stipulated by the labor court, § 15 GDPR. 1. According to Art. 99 (2) GDPR, the GDPR has been in force since May 25, 2018. It is directly applicable. According32 KB (5,093 words) - 16:07, 11 September 2022
- AEPD (Spain) - EXP202205932 (category Article 6(1) GDPR)basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful32 KB (4,952 words) - 13:11, 13 December 2023
- AP (The Netherlands) - 24.03.2020 (category Article 4(15) GDPR)volition investigation into CP&A's compliance with Article 9, as well as Article 32 GDPR. Since Article 9 GDPR prohibits the processing of special categories48 KB (7,461 words) - 17:04, 12 December 2023
- Persónuvernd (Island) - 2022020363 (category Article 25 GDPR)according to Article 8, Article 23. and paragraph 1 Article 25 Act no. 90/2018, cf. Article 5, paragraph 1 Article 24 and paragraph 1 Article 28 of regulation142 KB (22,881 words) - 12:42, 16 January 2024
- Garante per la protezione dei dati personali (Italy) - 9435753 (category Article 5(1) GDPR)Tre had violated the following articles of the GDPR: Articles 5(1), 5(2), 6(1)(a), 7, 12(1), 12(2), 24 and 25. It subsequently fined Wind Tre 16,729,600 EUR129 KB (21,020 words) - 15:49, 6 December 2023
- CNPD (Luxembourg) - Délibération n°37FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg26 KB (3,862 words) - 17:41, 25 June 2022
- NAIH (Hungary) - NAIH/2020/193/8 (category Article 5(1)(d) GDPR)been deleted by the employer upon request pursuant to Article 16, Article 17 and Article 5(1)(d) GDPR (inaccuracy of personal data). Therefore, the employer58 KB (9,413 words) - 10:11, 17 November 2023
- AEPD (Spain) - EXP202102430 (category Article 32 GDPR)functions assigned to the control authorities in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es33 KB (4,835 words) - 13:26, 13 December 2023
- Datatilsynet (Denmark) - 2019-423-0202 (category Article 12(3) GDPR)Datatilsynet hold that the Municipality of Odense infringed Article 12(3) GDPR and Article 15 GDPR due to delayed answers to access requests. The Datatilsynet20 KB (3,084 words) - 16:28, 6 December 2023
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)principle, namely the breaches of articles 5-1-c), 5 -1 e), 13, 32 and 35-1 of the GDPR; no breach of Article 6 of the GDPR and of Directive 2002/58 / EC of the61 KB (10,028 words) - 17:09, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)the processing is based on Article 6(1)(a) or on Article 9, (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the69 KB (11,315 words) - 13:30, 19 January 2022
- RvS - 201901006/1/A2 (category Article 79 GDPR)directly applicable in each Member State as of 25 May 2018 (Article 99(3) of the AVG). The Wbp was repealed on 25 May 2018. The AVG has immediate effect. The34 KB (5,179 words) - 07:10, 7 April 2020
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 5(1) GDPR)The Garante ascertained the violation of: 1. Violation of articles 5(1) and (2), 6(1), 7, 24 and 25(1) GDPR, since Fastweb has not proceeded to implement131 KB (21,014 words) - 15:55, 6 December 2023
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for37 KB (5,721 words) - 12:41, 16 September 2021
- Garante per la protezione dei dati personali (Italy) - 9435807 (category Article 5(1)(a) GDPR)same - that, pursuant to Article 166, paragraph 7, of the Code, and Article 16, paragraph 1, of the Regulation of the Guarantor no. 1/2019, this measure should58 KB (9,448 words) - 15:50, 6 December 2023
- HDPA (Greece) - 56/2021 (category Article 13 GDPR)processing of personal data (Article 5(1) of the GDPR), must, in accordance with Article 12(1) of the GDPR. 1 of the GDPR, must take appropriate measures54 KB (8,916 words) - 15:22, 22 February 2022
- AEPD (Spain) - EXP202206626 (category Article 5(1)(c) GDPR)accordance with article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 The GDPR defines35 KB (5,475 words) - 13:21, 13 December 2023
- AZOP (Croatia) - Decision 05-10-2023 (category Article 5 GDPR)privacy policies, which is contrary to Article 12 paragraph 1 of the GDPR and, in this regard, to Article 13 paragraphs 1 and 2; 5. For the recording of telephone13 KB (1,934 words) - 20:55, 1 November 2023
- AEPD (Spain) - PS/00114/2019 (category Article 6(1) GDPR)of articles 83.1 and 83.2 of the RGPD must be observed. In turn, pursuant to article 83. 2.k GDPR, the circumstances described in article 76 LOPDGDD may60 KB (10,197 words) - 14:01, 13 December 2023
- APD/GBA (Belgium) - 19/2020 (category Article 5(1)(b) GDPR)f) GDPR) (and the obligations arising from it – Article 32 GDPR) and the principle of purpose (Article 5 § 1 b) GDPR) which the principle of security guarantees39 KB (6,246 words) - 16:55, 12 December 2023
- CE - 437808 (category Article 83 GDPR)Secondly, under Article 83 of the GDPR: "1. Each supervisory authority shall ensure that administrative fines imposed under this article for violations13 KB (1,928 words) - 09:51, 10 September 2021
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)processing was therefore in breach of Article 5(1)(a) and Article 6(1)(c) of the GDPR. The DPA also ruled out Article 6(1)(f) on the grounds of domestic law:76 KB (11,147 words) - 16:58, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 38(1) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg56 KB (8,326 words) - 16:57, 6 December 2023
- AZOP (Croatia) - Decision 04-07-2022 (category Article 6(1) GDPR)space. The DPA found a violation of Article 6(1) GDPR and ordered the controller, pursuant to Article 58(2)(d) GDPR, to adjust the location of the cameras14 KB (2,038 words) - 15:20, 30 October 2023
- GHAL - 200.186.790/01 (category Article 6(1)(b) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 1011/161/22 (category Article 5(1)(c) GDPR)reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA also ordered the controller to erase the15 KB (2,137 words) - 20:18, 27 March 2024
- HDPA (Greece) - 47/2022 (category Article 28(3) GDPR)data subject (Article 26 GDPR). The processing by the processor must, in accordance with the provisions of article 28 paragraph 3 of the GDPR, be governed25 KB (3,943 words) - 14:32, 28 September 2022
- Garante per la protezione dei dati personali (Italy) - 9524194 (category Article 66(1) GDPR)provision. Pursuant to Article 78 of the Regulation, as well as to Article 152 of the Code and Article 10 of Legislative Decree no. 150 of 1 September 2011, an9 KB (1,280 words) - 15:53, 6 December 2023
- AEPD (Spain) - PS/00189/2020 (category Article 58(2) GDPR)(LOPDGDD) in its article 72.1 m), under the rubric “Infractions considered very grave ”provides: "1. In accordance with the provisions of article 83.5 of Regulation22 KB (3,343 words) - 14:08, 13 December 2023
- CJEU - C-645/19 - Facebook Ireland and others v Gegevensbeschermingsautoriteit (category Article 55(1) GDPR)decision under Article 66 GDPR when the lead SA fails to respond to provide mutual assistance within a month as per Article 61(8) GDPR. The CJEU adopted10 KB (1,311 words) - 15:26, 13 June 2023
- AEPD (Spain) - PS/00417/2019 (category Article 37 GDPR)DPO as per Article 37 GDPR and 34(1) LOPDGDD, as well as in relation to the need of registering such appointment at the AEPD website [Article 34(3) LOPDGDD]16 KB (2,298 words) - 14:36, 13 December 2023
- Rb. Rotterdam - ROT 19/1393 (category Article 17(1) GDPR)information relating to the state of mind of the plaintiff according to Article 17(1) GDPR. The legal aid council processed the personal data for the purposes9 KB (1,203 words) - 16:30, 10 March 2022
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)Sentence 1, Section 102 Paragraph 1 BetrVG, Section 17 Paragraph 2 Sentence 1 KSchG) on the consultation (e.g. Section 90 Paragraph 2 Sentence 1, Section40 KB (6,019 words) - 14:13, 28 November 2023
- HDPA (Greece) - 18/2020 (category Article 5(1)(a) GDPR)compliance and accountability with the principles of Article 5(1) and par.2 in conjunction with Article 6(1) GDPR. B. imposes on NEW YORK COLLEGE S.A. the effective12 KB (1,733 words) - 15:34, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 38(1) GDPR)controller was in breach of Article 38(1) GDPR at the time of the investigation. Regarding the breach of Article 39(1)(b) GDPR, the CNPD concurred with the81 KB (11,895 words) - 16:58, 6 December 2023
- HDPA (Greece) - 51/2021 (category Article 21(1) GDPR)organization (definition) Article 5.1: Data processing principles Article 5.1.a: Principle of legality, objectivity and transparency Article 5.1. b: Principle of9 KB (1,168 words) - 15:30, 6 December 2023
- HDPA (Greece) - 3/2022 (category Article 4(7) GDPR)exercise the right of access under Article 15 GDPR and the right to restriction of processing under Article 18 GDPR against three mobile telephone service11 KB (1,492 words) - 13:09, 23 November 2022
- Personvernnemnda (Norway) - 2021-18 (20/02059) (category Article 5(1)(d) GDPR)specific categories of information in Article 8 (1) and (5) of Directive 95/46 or in Article 9 (1), Article 10 (1) and Article 10 of Regulation 2016/679, the36 KB (5,859 words) - 06:40, 6 July 2022
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)third-party action (1.). On the complainant's side, his general right of personality (Article 2.1 in conjunction with Article 1.1 of the Basic Law) in133 KB (21,944 words) - 15:59, 22 March 2022
- GHAL - 200.254.914 (category Article 6(1)(f) GDPR)referred to in this article for the processing of personal data in the context of its search function. 4.5 Subsequently, Article 17(1) of the GDPR grants the right20 KB (2,722 words) - 10:04, 14 December 2023
- BVwG - W258 2227269-1/14E (category Article 5(1)(a) GDPR)violating Article 5(1) GDPR Article 6 (1) GDPR Article 6(4) GDPR Article 9 GDPR Article 14 GDPR Article 30 GDPR Article 35 GDPR and Article 36 GDPR. The fine47 KB (7,345 words) - 09:41, 10 September 2021
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 5(1)(f) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- AEPD (Spain) - EXP202104875 (category Article 5(1)(f) GDPR)of the article 5.1.f) of the RGPD, infringement typified in its article 83.5.a) of the aforementioned regulation. IV. Article 83.5 a) of the GDPR, considers54 KB (8,451 words) - 13:35, 13 December 2023
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include440 KB (73,154 words) - 09:44, 12 May 2021
- AEPD (Spain) - PS/00257/2020 (category Article 37 GDPR)specified time". In this sense, Article 77.1 c) and 2, 4 and 5 of the LOPGDD, indicates: 1. The regime established in this article shall apply to the processing18 KB (2,737 words) - 14:23, 13 December 2023
- Datatilsynet (Norway) - 20/02291 (category Article 5(1)(f) GDPR)patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital45 KB (6,645 words) - 14:40, 28 March 2022
- CNPD (Portugal) - Deliberação 2019/222 (category Article 13(1) GDPR)information duties under article 13 GDPR The controller had installed in its facilities a video surveillance system with 9 cameras and 1 recorder. During an2 KB (183 words) - 16:56, 6 December 2023
- AEPD (Spain) - PS/00491/2020 (category Article 6(1) GDPR)(1) GDPR? The AEPD found that publishing the image of the data subject without his consent was a violation of Article 6 (1) GDPR, and decided to fine the19 KB (2,957 words) - 14:45, 13 December 2023
- LG Essen - 6 O 190/21 (category Article 33 GDPR)the controller's premises, constituting a violation of Article 24, Article 25(1), or Article 32 GDPR. The alleged loss of the data did not occur at the controller's28 KB (4,596 words) - 18:30, 18 November 2021
- AP (The Netherlands) - 09.04.2021 (category Article 12(1) GDPR)of Article 12(1) GDPR. The AP outlined that, in the event of an infringement of Article 12(1) of the GDPR, pursuant to Article 58(2)(i) and Article 83(5)12 KB (1,616 words) - 17:08, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- AEPD (Spain) - PS/00009/2020 (category Article 6(1) GDPR)Vodafone España, S.A.U. (the defendant) for the infringement of Article 6(1) of the GDPR, as the defendant agreed to an early voluntary payment of the corresponding27 KB (4,150 words) - 13:45, 13 December 2023
- AEPD (Spain) - PS/00219/2019 (category Article 5(1)(d) GDPR)commerce (hereinafter LSSI), as provided in article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, on Administrative Procedure Common of Public37 KB (5,785 words) - 14:11, 13 December 2023
- APD/GBA (Belgium) - 72/2020 (category Article 5(1)(b) GDPR)articles 5.1.,b) juncto 24.1 and 9.2.a) juncto 7.3 of the RGPD; - that it is not necessary to pronounce one of the measures provided for in Article 100, §1 of34 KB (5,677 words) - 17:00, 12 December 2023
- AEPD (Spain) - EXP202104917 (category Article 4(11) GDPR)valid consent under Article 4(11) GDPR and Article 6(1) LOPDGDD (National data protection law aimed at the implementation of the GDPR). In both articles27 KB (4,356 words) - 12:41, 13 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read131 KB (22,429 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant 1, cannot suffice84 KB (12,933 words) - 16:46, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose52 KB (7,520 words) - 13:13, 20 July 2021
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller120 KB (19,650 words) - 09:00, 6 April 2022
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)((articles 5. 1, a) GDPR , 12.1 GDPR and 14.1 a) and c) GDPR) and how the accountability obligation was fulfilled (art 5.2 GDPR and 24 GDPR). The parties102 KB (15,787 words) - 07:39, 6 September 2023
- AEPD (Spain) - PS/00262/2020 (category Article 6(1) GDPR)offense for violation of the Article 6.1 of the RGPD. Article 6, Legality of treatment, of the RGPD establishes that: "1. The treatment will only be lawful22 KB (3,293 words) - 14:23, 13 December 2023
- HDPA (Greece) - 33/2023 (category Article 5(1)(a) GDPR)rely on Article 6(1)(c) GDPR as a legal basis. This made the processing also unlawful under Article 5(1)(a) GDPR. The HDPA fined the municipality €1,000 for4 KB (367 words) - 14:07, 20 December 2023
- Datatilsynet (Denmark) - 2018-32-0232 (category Article 5(1)(c) GDPR)be processed in accordance with Article 6 (2) of the Data Protection Regulation. 1 (a) to (f). Pursuant to Article 6 (1) of the Data Protection Regulation13 KB (1,990 words) - 16:22, 6 December 2023
- AEPD (Spain) - PS/00326/2020 (category Article 37(1)(a) GDPR)obligation imposed on public authorities under Article 37(1) GDPR. This obligation is also within Article 34(1) and (3) of the Spanish data protection law14 KB (1,992 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00269/2019 (category Article 5(1)(f) GDPR)infringement of article 5.1.f), in relation to article 6.1, of the RGPD. The infringement of article 5.1.f) of the RGPD is typified in article 83.5.a) of the30 KB (4,761 words) - 14:24, 13 December 2023
- BAC (Bulgaria) - № 11179 (category Article 5(1)(c) GDPR)violated the principle of data minimisation as prescribed my Article 5, para. 1, b. 'c' of the GDPR, with regards to document content. Regarding administrative13 KB (1,908 words) - 13:41, 15 September 2021
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD typified in Article 83.5.a) of the RGPD and considered very serious, for the purposes of prescription, in Article 72.139 KB (6,623 words) - 14:08, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)Company A 25/31 Order, pursuant to Article 58 (2) d) of the GDPR, the Controlled being brought into compliance with Article 12 (1) of the GDPR by making82 KB (11,472 words) - 16:58, 6 December 2023
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include457 KB (75,575 words) - 09:36, 12 May 2021
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- AEPD (Spain) - PS/00329/2020 (category Article 37 GDPR)period ”. In this sense, article 77.1 c) and 2, 4 and 5 of the LOPGDD, indicates: 1. "The regime established in this article shall apply to the treatment13 KB (2,002 words) - 14:29, 13 December 2023
- AP (The Netherlands) - z2018-02009 (category Article 32 GDPR)(hereinafter: the GDPR) applies on 25 May 2018 become. The GDPR imposes the same obligation in Article 32, paragraph 1, as it applied under Article 13 6. The UWV33 KB (5,112 words) - 17:10, 12 December 2023
- LAG Baden-Württemberg - 17 Sa 37/20 (category Article 6(1)(f) GDPR)misuse suffice to claim damages under Article 82 GDPR? The court held that neither §26(1) BDSG nor Article 6(1)f GDPR legitimize the processing of employee4 KB (398 words) - 14:25, 17 September 2021
- NAIH (Hungary) - NAIH/2020/2000/5 (category Article 5(1)(a) GDPR)a Commission decision on adequacy , or in Article 46, Article 47 or the second subparagraph of Article 49 (1) (a) the period for which the personal data24 KB (3,815 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS/00029/2020 (category Article 5(1)(f) GDPR)the alleged infringement of Article 5.1.f) of the RGPD, in accordance with the provisions of Article 83.5 of the RGPD and 72.1.i) of the LOPDGDD, considered44 KB (6,943 words) - 13:49, 13 December 2023
- APD/GBA (Belgium) - 10/2019 (category Article 5(1)(b) GDPR)been taken up in Article 5(1)(b) of the GDPR under the Principles relating to the processing of personal data (Chapter II). Article 5(1)(b) of the RGPD32 KB (5,190 words) - 16:51, 12 December 2023
- HDPA (Greece) - 1/2022 (category Article 12(3) GDPR)The Hellenic DPA fined a Greek company €1000 for violating Article 15 GDPR and Article 12(3) GDPR by not granting a data subject their right of access in7 KB (817 words) - 07:35, 4 August 2023
- Datatilsynet (Denmark) - 2021-442-12425 (category Article 32(1) GDPR)in accordance with the rules in the Data Protection Regulation [1], Article 32 (1). 1. Below is a more detailed review of the case and a justification15 KB (2,304 words) - 15:24, 24 March 2022
- HDPA (Greece) - 2/2020 (category Article 12(4) GDPR)CONSIDERATION 1. The General Data Protection Regulation (hereinafter referred to as ‘GDPR’), which replaced Directive 95/56, has been applicable since 25 May 201812 KB (1,773 words) - 15:33, 6 December 2023
- AEPD (Spain) - PS/00054/2021 (category Article 32(1) GDPR)infringement of article 32.1 of the RGPD, typified in article 83.4.a) of the RGPD, a fine of € 3,000 (three thousand euros), in accordance with article 73.g) of27 KB (3,993 words) - 13:52, 13 December 2023
- DSB (Austria) - D122.970/0004-DSB/2019 (category Article 17 GDPR)executed. Legal basis: Article 4 lines 1, 2 and 5, Article 11 paragraphs 1 and 2, Article 12 paragraph 2, Article 17 paragraph 1 and Article 58 paragraph 2 lit23 KB (3,622 words) - 13:57, 12 May 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)Court found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw32 KB (5,236 words) - 16:00, 10 March 2022
- AEPD (Spain) - PS/00247/2020 (category Article 7 GDPR)L. for the infringement of Article 13 GDPR (data privacy policy) and a warning penalty for the infringement of Article 7 GDPR regarding the collection of24 KB (3,893 words) - 14:22, 13 December 2023
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)infringement of article 6.1 of the GDPR, infringement typified in article 83.5 of the aforementioned Regulation 2016/679. II breached obligation Article 6.1 of the45 KB (7,135 words) - 13:08, 13 December 2023
- GHAL - 200.256.426 (category Article 6(1)(f) GDPR)on legitimate interests according to Article 6(1)(f) GDPR and that Ziggo had to comply with Article 6(4)(d) GDPR. The Court found that DFW had a legitimate40 KB (6,777 words) - 16:28, 15 March 2022
- AZOP (Croatia) - Decision 30-12-2021 (category Article 5(1)(a) GDPR)had a legal basis under Article 6(1) GDPR to publish the data subject’s personal data, and did not violate Article 5(1)(a) GDPR. In the decision, the Croatian16 KB (2,411 words) - 15:44, 30 October 2023
- AEPD (Spain) - PS/00315/2020 (category Article 28 GDPR)03/31/2020, a written letter is sent to the respondent, *** ADDRESS.1, *** LOCALITY.1 (*** PROVINCE.1), address of the Mer- cantil, giving result "Returned to Origin62 KB (10,401 words) - 14:35, 21 November 2023
- AEPD (Spain) - PS/00070/2019 (category Article 5(1)(a) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 21(1) GDPR)data concerning him / her on the basis of Article 6 (1) (f) of the GDPR . Should Article 21 (1) of the GDPR - and in particular the addition `` at any34 KB (5,811 words) - 09:44, 8 December 2020
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- AEPD (Spain) - EXP202200471 (category Article 5(1)(f) GDPR)the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. According to the national legislation (Article 76(2)(b) LOPDGDDon40 KB (6,014 words) - 13:21, 13 December 2023
- AEPD (Spain) - EXP202202837 (category Article 6(1) GDPR)(Considering 40 GDPR), Article 6.1 of the GDPR is therefore applicable and not RD 1720/2007 used by the defendant. Thus, the aforementioned article 6.1 GDPR establishes58 KB (8,995 words) - 13:00, 13 December 2023
- OLG Frankfurt am Main - 13 U 206/20 (category Article 17(1) GDPR)by the plaintiff pursuant to Article 82(1) GDPR, since there have been violations of Article 6(1)(a) GDPR and Article 34 GDPR. The defendant also breached44 KB (7,334 words) - 09:02, 17 March 2022
- AEPD (Spain) - PS/00148/2019 (category Article 6 GDPR)manifestation of will. However, according to Article 31(1) of the Spanish Public Sector Act and to Article 25 of the Spanish Constitution, and the interpretation48 KB (7,550 words) - 14:05, 13 December 2023
- Datatilsynet (Denmark) - 2019-421-0028 (category Article 15(1)(h) GDPR)data subject in the context of an access requests, to comply with Article 15(1)(h) GDPR. The Datatilsynet conducted some investigations at Udbetaling Danmark17 KB (2,639 words) - 16:27, 6 December 2023
- AEPD (Spain) - PS/00266/2019 (category Article 13 GDPR)referred to as the ISESA), as provided for in Article 43.1 of the said Act. II Article 85 of Law 39/2015 of 1 October 1995 on the Common Administrative Procedure28 KB (4,459 words) - 14:23, 13 December 2023
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)breach of the obligation to inform pursuant to Article 14 of the GDPR 20. According to Article 14 of the GDPR: 1. Where personal data has not been collected48 KB (7,525 words) - 17:02, 6 December 2023
- From a legal point of view, it follows that D.1 The legal situation: D.1.1. infringement of Article 1(1) of the DSG 2000: A decision on this part of the28 KB (3,418 words) - 13:49, 12 May 2023
- AEPD (Spain) - EXP202100300 (category Article 16 GDPR)included within the framework of data protection. Therefore, Article 16 GDPR cannot be applied. Article 16 refers to inaccurate personal data, not to the rectification16 KB (2,362 words) - 13:37, 13 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)with Art. 2 para. 1, Art. 1 para. 1 GG, Art. 17 para. 1 lit. d) DSGVO, because her personal data is stored according to Art. 6 para. 1 lit. f. DSGVO had143 KB (24,273 words) - 15:59, 10 March 2022
- OLG Innsbruck - 1 R 182/19b (category Article 82 GDPR)of Innsbruck held that the right to compensation in accordance with article 82(1) GDPR is subject to two cumulative conditions. They must be met by the data54 KB (7,916 words) - 12:06, 9 May 2022
- AEPD (Spain) - TD/00233/2020 (category Article 17 GDPR)in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European17 KB (2,670 words) - 14:46, 13 December 2023
- RvS - 202100789/1/A3 (category Article 5(1)(b) GDPR)in accordance with Article 5, paragraph 1, preamble and under b, of the GDPR. 4.4. Article 6, paragraph 1, opening words, of the GDPR stipulates that processing20 KB (2,965 words) - 12:52, 28 June 2023
- AEPD (Spain) - PS/00339/2019 (category Article 5(1)(f) GDPR)the period of time established by the regulations in force. III Article 25 of Law 40/2015 (1 October) provides as follows "Only natural and legal persons18 KB (2,781 words) - 14:30, 13 December 2023
- Rb. Amsterdam - C/13/696660/HA RK - 21-37 (category Article 79(2) GDPR)Bing. The claimant based his request on Articles 17(1)(a) and (c) GDPR and Articles 10 and 21 GDPR. The Court first examined its competence to rule on18 KB (2,617 words) - 08:23, 2 September 2021
- IP - 07126-1/2020/29 (category Article 4(7) GDPR)gave its non-binding opinion on the data protection roles under Article 4(7) and (8) GDPR of the entities involved in clinical trials in Slovenia , holding8 KB (1,029 words) - 11:07, 13 January 2021
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- EWHC (QB) - Damavand Media Ltd v DMA Media Ltd (category Article 5(1)(f) GDPR)that IITV could and should have prevented the leak. He relied on Article 5(1)(f) of the GDPR to support his argument that “his contact details and the content7 KB (880 words) - 11:54, 12 January 2022
- Tietosuojavaltuutetun toimisto (Finland) - TSV/35/2022 (category Article 5(1)(a) GDPR)a violation of Article 5(1)(b) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Generally, a controller20 KB (2,859 words) - 13:11, 13 March 2024
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)found violations of Articles 5(1)(c) and 6 GDPR and Article 29(1) of Law 125(I)/2018. Concerning the violation of Article 29(1) of Law 125(I)/2018, the DPA31 KB (4,973 words) - 16:50, 6 December 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 5(1)(e) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- DSB (Austria) - 2020-0.191.240 (category Article 4(1) GDPR)secrecy (Section 1 (1) DSG) as follows The appeal is dismissed as unfounded. Legal basis: Article 51(1), Article 57(1)(f) and Article 77(1) of Regulation66 KB (10,546 words) - 13:50, 12 May 2023
- AEPD (Spain) - PS/00483/2020 (category Article 5(1)(f) GDPR)established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there was32 KB (4,834 words) - 14:43, 13 December 2023
- Rb. Rotterdam - 9436020 \ CV EXPL 21-30289 (category Article 4(2) GDPR)data is a form of processing as referred to in the GDPR (article 4 sub 2 GDPR). Article 6 of the GDPR provides that the processing of personal data is only19 KB (2,828 words) - 10:09, 18 March 2022
- AEPD (Spain) - PS/00025/2019 (category Article 6(1) GDPR)" *** DIRECCION.2 *** *** LOCALIDAD.1 CCAA.1 " . In section“ NIF ” the *** NIF.1. And in the section " Telephone 1" the mobile number*** PHONE . 2. The88 KB (14,301 words) - 13:48, 13 December 2023
- AEPD (Spain) - PS/00062/2020 (category Article 13 GDPR)breach Article 13 GDPR even if the contact form is not operational? The Spanish DPA (AEPD) held that the defendant, PSI, violated Article 13 GDPR by failing44 KB (7,162 words) - 13:53, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 9885/157/19 (category Article 12(1) GDPR)the data protection officer in a transparent manner (Article 5(1)(a), Article 12(1) and Article 25(1) of the General Data Protection Regulation) The data21 KB (3,097 words) - 13:40, 12 January 2024
- VG Wiesbaden - 6 K 788/20.WI (category Article 15(1)(h) GDPR)conditions of Article 6 (1) of the GDPR. This follows both from Article 21(1)(1)(2) of the GDPR, which refers to Article 6(1)(1)(e) and (f) of the GDPR as a possible52 KB (8,534 words) - 12:58, 15 December 2021
- RvS - 201905319/1/A3 (category Article 12(6) GDPR)Act and, subsequently, the GDPR. Request for compensation in case his data is processed unlawfully is also in line with the GDPR. The facts that this may21 KB (3,337 words) - 10:08, 16 December 2020
- Gerechtshof Amsterdam - 200.258.736/01 (category Article 15 GDPR)referred to as ABN AMRO. 1.2 1.2 [Appellants] lodged an appeal with the Court of Appeal on 1 May 2019, received at the Court Registry on 1 May 2019, against the41 KB (7,150 words) - 12:30, 4 October 2021
- BVwG - W274 2232028-1/3E (category Article 5 GDPR)is only determined by Article 5 et seqq. GDPR. A violation of Article 13 or 14 GDPR can be fined under Article 83(5) GDPR but it does not affect the lawfulness32 KB (5,232 words) - 09:40, 10 September 2021
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)This behaviour was in violation of Article 31 GDPR. Thirdly, Company B was found to be in violation of Article 32(1) GDPR. This provision imposes an obligation55 KB (9,079 words) - 16:57, 6 December 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)the Strijp-S housing complex in Eindhoven. It's agreed 1 Facts 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 that [plaintiff] directly to PME Investment Services103 KB (17,620 words) - 10:13, 29 November 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)too sick to work. 1 2See, among other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI106 KB (14,502 words) - 17:09, 12 December 2023
- AEPD (Spain) - EXP202200439 (category Article 6(1) GDPR)constitutes sensitive data within the meaning of Article 9 GDPR. The DPA alluded to Article 9(1) GDPR which prohibits the processing of these special categories36 KB (5,608 words) - 13:01, 13 December 2023
- DPC (Ireland) - Meta Platforms Ireland Limited (Facebook) - IN-18-5-5 (category Article 4 GDPR)6(1)(b) GDPR, Articles 5(1)(a), 12(1) and 13(1)(c) have been infringed.” Issue 4 (Additional Issue) – Whether Facebook Infringed the Article 5(1)(a) GDPR21 KB (3,005 words) - 14:16, 1 February 2023
- IMY (Sweden) - DI-2021-5595 (category Article 5(1)(f) GDPR)of approximately €150,000 (1,600,000 SEK) on the University Hospital Board for the violation of Articles 5(1)(f) and 32(1) GDPR. The data breach notification47 KB (5,207 words) - 18:51, 21 March 2022
- APD/GBA (Belgium) - 15/2021 (category Article 15(1) GDPR)(see “1.2.4- As regards the complaint according to which the defendant hadless time than the complainant to prepare his arguments ”).1.1.1. Place1.1.1.1.-85 KB (13,724 words) - 16:52, 12 December 2023
- DSB (Austria) - 2020-0.303.727 (category Article 17(1) GDPR)that publishing the article on its website qualified as processing carried out for journalistic purposes under Article 85 GDPR and § 9(1) of the Austrian21 KB (3,266 words) - 13:51, 12 May 2023
- OLG München - 3 U 2906/20 (category Article 4(1) GDPR)entitled to information under Article 15(1) GDPR is also, independently, entitled to receive copies pursuant to Article 15(3) GDPR. Both paragraphs concern21 KB (3,450 words) - 10:33, 8 February 2022
- HDPA (Greece) - Opinion 2/2020 (category Article 35(1) GDPR)of Article 6(1)(e) GDPR -public interest and exercise of official authority vested in it, which falls within the exception of Article 9(2)(j) GDPR. It33 KB (5,266 words) - 15:32, 6 December 2023
- AP (The Netherlands) - AWB-20 2533/20 2938 (category Article 12(2) GDPR)their decision. Between 25-05-2018 and 28-04-2019, the BKR provided for two ways to gain access to their personal information. 1. Through a subscription4 KB (387 words) - 17:11, 12 December 2023
- DSB (Austria) - 2022-0.332.606 (category Article 5(1)(a) GDPR)Art. 5 Para. 1 lit. a in conjunction with Art. 6 GDPR. D.2. right to secrecy a) Relationship between Section 1 (1) DSG and Art. 2 (2) GDPR The next step21 KB (3,166 words) - 13:43, 12 May 2023
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)disclosing personal data from a surveillance footage, thus breaching Article 5(1)(a) GDPR and Article 6. The company appealed to the Norwegian Privacy Appeals Board49 KB (7,646 words) - 07:56, 7 March 2022
- Rb. Noord-Holland - C/15/311101 / HA RK 20-227 (category Article 17(1) GDPR)destruction of personal data on the basis of Article 17(1) of the GDPR in conjunction with Article 7.3.9(1) of the Youth Act is granted. Locations Rechtspraak22 KB (3,333 words) - 13:22, 2 June 2021
- Datatilsynet (Denmark) - 2019-32-0910 (category Article 5(1)(c) GDPR)“type-ahead” search function on the municipality’s website under Article 6(1)(e) GDPR. It also found that the purpose of this function was to offer a better10 KB (1,528 words) - 16:23, 6 December 2023
- AEPD (Spain) - PS/00291/2019 (category Article 6(1)(a) GDPR)Sections 1.1 and 1.2 of the first stipulation and section 2.2 of the second stipulation of the aforementioned contract state "FIRST.- OBJECT: 1.1 The purpose33 KB (5,396 words) - 14:26, 13 December 2023
- AEPD (Spain) - PS/00092/2020 (category Article 13 GDPR)reprimand to the company for not complying with Article 13 GDPR, since it failed to even mention the GDPR in its Privacy Policy. Share your comments here22 KB (3,514 words) - 13:58, 13 December 2023
- AEPD (Spain) - PS/00089/2021 (category Article 6(1)(a) GDPR)the privacy policy. Thus, Article 21(1) LSSI has not been complied with, as there is no consent according to Articles 6 and 7 GDPR. Serious infringements11 KB (1,490 words) - 13:58, 13 December 2023
- Constitutional Court (Belgium) - 135/2019 (category Article 23 GDPR)traveloperators to communicatepassenger information, under Article 261 TFEU. The federal Act of 25 December 2016 concerning the treatment of passenger information6 KB (801 words) - 16:31, 24 March 2022
- AZOP (Croatia) - Decision 18-12-2020 (category Article 5(1)(c) GDPR)that the lawful basis for processing of personal data according to Article 6(1) GDPR are the provisions of the Media Act. As a consequence, the AZOP found21 KB (3,345 words) - 15:24, 30 October 2023
- AEPD (Spain) - PS/00423/2019 (category Article 13 GDPR)information under Article 13 GDPR is illegal. Consequently, the APED decided to issue a fine of €1.500 for the violation of Article 13 GDPR. Share your comments23 KB (3,636 words) - 14:38, 13 December 2023
- BVwG - W176 2244407-1/18E (category Article 15(4) GDPR)Administrative Court. 3. Legal Assessment 3.1. To dismiss the complaint 3.1.1. In accordance with Art. 15 Para. 1 GDPR, the data subject has the right to request48 KB (7,816 words) - 11:04, 29 July 2022
- AEPD (Spain) - PS/00173/2020 (category Article 5(1)(d) GDPR)RESOLVES:FIRST: IMPOSE BBB , with NIF *** NIF.1 , for a violation of the article5.1.d) of the RGPD, typified in article 83.5 of the RGPD, a penalty of € 3,00022 KB (3,424 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00060/2020 (category Article 58(1)(a) GDPR)personal data under Article 15 GDPR? The Spanish DPA held that the airline company had not complied with the right to access in Article 15 GDPR when it refused23 KB (3,695 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)recorded such acts and uploaded the video to Instagram had infringed Article 6(1) GDPR, for processing personal data without a legitimate basis (namely without47 KB (7,616 words) - 14:35, 13 December 2023
- CNPD (Portugal) - Deliberação 984/2018 (category Article 5(1)(f) GDPR)paragraph 1 to 1. c) and5, paragraph 1, al. f), all of the aforementioned regulations;-pursuant to article 58, paragraph 2, al. i) the GDPR, the application40 KB (5,935 words) - 16:55, 6 December 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 5(1)(f) GDPR)infringements of Article 5(1)(f), Article 24, and Article 32 GDPR, and to the objection of the IT SA on the possible infringement of Article 5(2) GDPR, the EDPB183 KB (30,819 words) - 09:50, 20 January 2023
- AKI (Estonia) - 18.02.2022 (category Article 5(1) GDPR)issues a reprimand under Article 58(2)(b) GDPR. After this, the DPA draws attention to the fact that pursuant of Article 5(1)(a) GDPR, data must be processed42 KB (5,838 words) - 10:27, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.00085 KB (12,340 words) - 15:30, 19 August 2022
- AEPD (Spain) - PS/00422/2018 (category Article 5(1)(f) GDPR)RETAIL S.L. for alleged infringement of Article 5.1 f) of the GDPR, in accordance with Article 83.5.a) of the GDPR- Initiate sanctioning procedure against25 KB (3,933 words) - 14:37, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3843/163/20 (category Article 5(1)(a) GDPR)the DPA held that the controller had violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 6 GDPR and Section 3 of the Finnish Act on the Protection39 KB (6,038 words) - 17:39, 29 April 2024
- Tietosuojavaltuutetun toimisto (Finland) - 8393/161/2019 (category Article 5(1)(c) GDPR)with Article 5 (1) (a) and Article 6 (1) (f) GDPR. Thus, the controller failed to comply with the accountability principle under Article 5 (2) GDPR. Second111 KB (17,604 words) - 13:08, 3 March 2024
- AEPD (Spain) - PS/00452/2019 (category Article 6(1)(a) GDPR)pursuant to Article 47(1) and 48.1 of Law 39/2015 of 1 October, on the limitation of the infringement of article 6.1 of the RGPD typified in article 83.5 a)25 KB (4,037 words) - 14:55, 13 December 2023
- AEPD (Spain) - PS/00408/2019 (category Article 58(2) GDPR)Protection besanction BBB , with NIF *** NIF.1 , for a violation of Article 58.1 of the GDPR,typified in Article 83.5 of the RGPD, with a warning sanction12 KB (1,812 words) - 14:35, 13 December 2023
- AEPD (Spain) - PS/00043/2020 (category Article 13 GDPR)portability of the data; c) when the treatment is based on article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), the existence of the right24 KB (3,838 words) - 13:51, 13 December 2023
- AEPD (Spain) - PS/00365/2019 (category Article 58(1)(e) GDPR)violation of article 6.1. RGPD, typified in article 83.5.a), and article 31, in relation to article 58.1.e), both of the RGPD, typified in article 83.5.e) of86 KB (14,295 words) - 14:32, 13 December 2023
- determines the purposes and means of the processing". According to Article 26(1) of the GDPR, "where two or more controllers jointly determine the purposes73 KB (11,864 words) - 17:03, 6 December 2023
- AEPD (Spain) - PS/00235/2020 (category Article 6(1) GDPR)Telefónica Móviles España, S.A.U. with a fine of €75,000 for violating Article 6(1) GDPR. The complainant had five telephone lines contracted with Telefónica24 KB (3,766 words) - 14:21, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445550 (category Article 15 GDPR)amount of the fine under Article 83(2) GDPR. The data subjects complains about the violation of its right of access (Article 15 GDPR) by the Istituto Nazionale22 KB (3,478 words) - 15:51, 6 December 2023
- AEPD (Spain) - EXP202104530 (category Article 28 GDPR)they filed a complaint, however the accused company acted according to Article 28 GDPR and the Spanish DPA ended the proceedings. A.A.A. (data subject) received12 KB (1,685 words) - 12:41, 13 December 2023
- AEPD (Spain) - PS/00197/2020 (category Article 5(1)(b) GDPR)Articles 6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the129 KB (21,793 words) - 14:09, 13 December 2023
- AEPD (Spain) - EXP202301529 (category Article 17 GDPR)established in the articles 15 to 22 of the GDPR, regulated in article 64.1 of the LOPDGDD, according to the which: "1. When the procedure refers exclusively20 KB (3,078 words) - 13:05, 13 December 2023
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) of the GDPR, Article 15(3) sentence 1 of the GDPR must be interpreted as meaning that, due to51 KB (8,592 words) - 07:03, 2 November 2021
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- IP - 0610-376/2020/35 (category Article 13(1) GDPR)pursuant to Article 54 of ZVOP-1, points (a), (d) and (f) of Article 58 (2) of the General Regulation, Articles 29 and 32 of the ZIN and Article 221 ZUP,110 KB (17,995 words) - 11:15, 22 April 2021
- LfDI (Baden-Württemberg) - O 1018/115 (category Article 32(1)(a) GDPR)107 OWiG 1.V.m. with § 464 (1), § 465 StPO). The procedural fee is 5% of the fine, but at least 25 euros and at most 7,500 euros (§ 107 (1) sentence 313 KB (1,926 words) - 10:22, 17 November 2023
- AEPD (Spain) - PS/00430/2018 (category Article 6(1)(f) GDPR)OF RIBADEDEVA ( *** POSITION 1) for an infraction of Article 6.1.f) of the GDPR, in accordance with Article 83.5 of the GDPR ”. In the face of it, no allegations40 KB (6,508 words) - 14:39, 13 December 2023
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)lawfulness: (1) the consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the73 KB (11,604 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00028/2020 (category Article 6 GDPR)J10460640 , for aviolation of article 6 of the RGPD, typified in article 83.5 of the RGPD, in relation towith article 72.1 b) of the LOPDGDD, a fine of14 KB (2,075 words) - 13:48, 13 December 2023
- HDPA (Greece) - 30/2020 (category Article 4(1) GDPR)powers under Article 58(2) GDPR and impose on the respondent the responsibility to restore the fulfilment of Article 5(1)(a) GDPR and of Article 5(1)(b-f) GDPR20 KB (2,519 words) - 15:36, 6 December 2023
- APD/GBA (Belgium) - 06/2019 (category Article 5(1)(c) GDPR)conformity with Article 5.1. c), Article 6.1., Article 13.1. c), Article 13.1. c), Article 13.1. e) and Article 13.2. a) of the DGPS pursuant to Article 101 of20 KB (3,137 words) - 16:51, 12 December 2023
- HDPA (Greece) - 3/2020 (category Article 15 GDPR)for the particular case of video surveillance systems, Article 13 (1) of the Authority’s Directive 1/2011 on the use of video surveillance systems for the19 KB (3,034 words) - 15:33, 6 December 2023
- AEPD (Spain) - E/00113/2019 (category Article 17(1)(b) GDPR)lack of consent, he exercised his right to erasure according to Article 17(1)(b) GDPR. The AEPD found that the complainant had provided the FEDA with his27 KB (4,497 words) - 13:38, 13 December 2023
- Datatilsynet (Norway) - 21/00480 (category Article 5(1)(f) GDPR)municipality €409,768 (NOK 4,000,000) for breaches of Article 5(1)(f) GDPR, Article 24 GDPR and Article 32 GDPR after a serious ransomware attack led to highly31 KB (4,380 words) - 06:12, 14 March 2023
- LG Münster I - ECLI:DE:LGMS:2023:0704.16O238.22.00 (category Article 6(1)(f) GDPR)requirements of Art. 6 Paragraph 1 Sentence 1 Letter e GDPR and the requirements of Article 6 Paragraph 1 Sentence 1 Letter f GDPR do not apply in favor of the28 KB (4,215 words) - 15:09, 6 December 2023
- NAIH (Hungary) - NAIH/2020/5553 (category Article 12(3) GDPR)under Article 15 and with the one month deadline under Article 12(3). Was Google Ireland Ltd in breach of its obligations under GDPR Article 15(1) and Article27 KB (4,279 words) - 10:12, 17 November 2023
- Datatilsynet (Norway) - 20/01879 (category Article 32(1)(b) GDPR)highly sensitive personal data exposed, thus breaching Article 32(1)(b) GDPR and Article 32(2), cf. Article 24. An employee in a municipal health care center30 KB (4,302 words) - 18:53, 5 March 2022
- AEPD (Spain) - EXP202209001 (category Article 5(1)(c) GDPR)IMPOSE Ms. B.B.B., with NIF ***NIF.1, for a violation of the Article 5.1.c) and 13 of the RGPD, typified in Article 83.5 a) and b) of the RGPD, a fine22 KB (3,303 words) - 13:28, 13 December 2023
- AEPD (Spain) - PS/00464/2020 (category Article 32(1) GDPR)building, which was considered a data breach and therefore a violation of Article 32(1) GDPR. The Police Force of Navarra (Spain) reported to the AEPD the fact29 KB (4,300 words) - 14:41, 13 December 2023