Search results
From GDPRhub
- compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor should72 KB (9,140 words) - 13:12, 2 June 2023
- Article 32 GDPR (category GDPR Articles) (section (3) Codes of conduct and certification mechanisms)BDSG, Article 32 GDPR, margin number 28 (C.H. Beck 2020, 3rd Edition). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number 29 (C.H. Beck41 KB (5,197 words) - 12:17, 17 April 2024
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 28(3)(h) GDPR)reviewe the security of the data processed by the processor under Article 28(3)(a) and (h) GDPR. For these reasons, the responsibility of the security incident50 KB (8,001 words) - 15:52, 6 December 2023
- UODO (Poland) - DKN.5130.1354.2020 (category Article 28(3)(h) GDPR)expressed in Article 5 (1 ) (a)) f, and reflected in the obligations set out in Article 24 (1), Article 25 (1), Article 32 (1 ) (b ) and (d) and Article 32 (2)74 KB (11,513 words) - 09:58, 17 November 2023
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- 14(2)(g) GDPR; access rights under Article 15(1)(h) GDPR; or the the need to perform data protection impact assessments under Article 35(3)(a) GDPR. Profiling125 KB (16,328 words) - 16:01, 8 March 2024
- Article 5 GDPR (category GDPR Articles)consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))both Article 13(1) and Article 13(2) of the GDPR. See, Bäcker, in Kühling, Buchner, DS-GVO BDSG, Article 13 GDPR, margin number 20 (C.H. Beck 2020, 3rd Edition)71 KB (9,532 words) - 13:30, 6 March 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)out pursuant to Article 83(1) GDPR. This part of Article 83 concerns the principle of "unity of action" (see above). With Article 83(3) GDPR, the legislator55 KB (7,622 words) - 14:04, 7 November 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)proportionate (Article 7 and 8 EU Charter of Fundamental Rights) and in compliance with Article 6(2) and (3) GDPR. According to Article 6(3) GDPR, the legal108 KB (17,005 words) - 15:39, 18 March 2024
- affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- under the material part of the GDPR and the controller-processor agreement pursuant to Article 28 GDPR. Article 82(6) GDPR states that claims for damages33 KB (4,215 words) - 09:57, 19 March 2024
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- Article 34 GDPR (category GDPR Articles) (section (3) Exemptions from the obligation to communicate to the data subject)commentary under Article 33(3)(a) GDPR. Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 34 GDPR, margin number 11 (C.H. Beck 2020, 3rd Edition). In our37 KB (3,962 words) - 15:20, 16 June 2023
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 33 GDPR (category GDPR Articles) (section (3) Minimal requirements of the controller's notification.)respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences54 KB (6,536 words) - 08:22, 16 June 2023
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)under Article 79 GDPR – or both. This flexibility allows for parallel proceedings under both Article 77 GDPR and under Article 79 GDPR. As the GDPR foresees31 KB (3,550 words) - 11:11, 29 November 2023
- Datenschutz-Grundverordnung, Article 7 GDPR, margin number 80 (C.H. Beck, 2nd Edition 2018). Stemmer, in Wolff, Brink, BeckOK Datenschutzrecht, Article 7 GDPR, margin number31 KB (3,489 words) - 16:00, 8 March 2024
- Article 70 GDPR (category Article 70 GDPR) (section (3) Forwarding the opinions, guidelines, and recommendations)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph 3, or other information43 KB (5,641 words) - 14:58, 28 April 2022
- Kühling/Buchner, DSGVO, Article 2 GDPR, margin number 15 (C.H. Beck 2020, 3rd edition). Bäcker, in Wolff, Brink, BeckOK Datenschutzrecht, Article 2 GDPR, margin number34 KB (4,652 words) - 12:07, 12 November 2023
- Article 19 GDPR (category GDPR Articles)relying on another legal basis under Article 6 GDPR, or can use either of the exceptions under Article 17(3) GDPR, the processing can carry on. The controller19 KB (1,436 words) - 12:35, 12 May 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)Gola, DS-GVO, Article 4 GDPR, margin number 106 (C.H. Beck 2018). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November25 KB (2,418 words) - 14:11, 24 May 2023
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 54 GDPR (category GDPR Articles)provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 38 GDPR (category GDPR Articles) (section (3) Independence, no retaliation, direct communication with management)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 73 GDPR (category Article 73 GDPR)Datenschutzrecht, Article 73 GDPR, margin number 3 (C.H. Beck 2019, 1st edition). Nguyen, in Gola, DS-GVO, Article 73 GDPR, margin number 2 (C.H. Beck 2018,19 KB (1,530 words) - 14:23, 12 October 2023
- Article 93 GDPR (category Article 93 GDPR) (section (3) Urgency procedure under Article 8 of Regulation (EU) No. 182/2011)organisation), Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats17 KB (1,096 words) - 08:19, 19 October 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 28 GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)and (3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5)32 KB (3,730 words) - 08:43, 7 March 2024
- Article 59 GDPR (category GDPR Articles)BDSG, Article 59 GDPR, margin number 4 (C.H. Beck 2020). Boehm, in Kühling, Buchner, DS-GVO BDSG, Article 59 GDPR, margin number 7 (C.H. Beck 2020, 3rd Edition)15 KB (718 words) - 15:31, 19 October 2023
- Article 69 GDPR (category Article 69 GDPR)BDSG, Article 69 GDPR, margin number 4 (C.H. Beck 2020, 3rd edition). Dix in Kühling, Buchner, DS-GVO BDSG, Article 69 GDPR, margin number 5 (C.H. Beck18 KB (1,327 words) - 12:36, 14 December 2023
- processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e) GDPR)31 KB (3,646 words) - 08:51, 21 July 2023
- Regulation, Article 68 GDPR, margin number 3 (C.H. Beck 2023, 1st edition). Albrecht in Ehmann, Selmayr, Article 68 GDPR, margin number 1 (C.H. C.H. Beck 201820 KB (1,632 words) - 10:01, 11 October 2023
- Article 64 GDPR (category Article 64 GDPR) (section (3) Conditions for the adoption of the opinion and timeline)in point (d) of Article 46(2) and in Article 28(8); (e) aims to authorise contractual clauses referred to in point (a) of Article 46(3); or (f) aims to23 KB (2,079 words) - 16:07, 2 November 2023
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 16 GDPR (category GDPR Articles)processing through Article 15 GDPR. See, Kamann, Braun, in Ehmann, Selmayr, Datenschutz-Grundverordnung, Article 16 GDPR, margin number 6 (C.H. Beck 2018, 2nd23 KB (2,489 words) - 23:24, 6 March 2024
- DS-GVO BDSG, Article 53 GDPR, margin number 5 (C.H. Beck 2020, 3rd Edition). Polenz, in Simitis, Hornung, Spiecker, Datenschutzrecht, Article 53 GDPR, margin29 KB (2,894 words) - 23:06, 1 April 2024
- Datenschutzrecht, Article 80 GDPR, margin number 5 (C.H. Beck 2019); Bergt in Kühling, Buchner, DS-GVO BDSG, Article 80 GDPR, margin number 4 (C.H. Beck 2020, 3rd edition)26 KB (2,575 words) - 15:50, 9 November 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 78 GDPR (category GDPR Articles) (section (3) Competent courts and national procedural requirements)BDSG, Article 78 GDPR, margin number 6 (C.H. Beck 2020, 3rd edition); Körffer in Paal, Pauly, DS-GVO BDSG, Article 78 GDPR, margin numbers 3-5, (C.H. Beck30 KB (3,874 words) - 10:46, 7 December 2023
- DSGVO, Article 81 GDPR, margin number 3 (Jan Sramek 2021). Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 5 (C.H. Beck 2020, 3rd edition)27 KB (2,619 words) - 14:52, 16 November 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Article 72 GDPR (category Article 72 GDPR)DS-GVO BDSG, Article 72 GDPR, margin number 5 (C.H. Beck 2020, 3rd edition). Nguyen in Gola, DS-GVO, Article 72 GDPR, margin numbers 1-2 (C.H. Beck 201822 KB (2,266 words) - 08:26, 17 October 2023
- Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 6 (C.H. Beck20 KB (1,347 words) - 14:21, 17 October 2023
- which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- see commentary to Article 51(3) GDPR bellow. Article 8(3) of the Charter of Fundamental Rights of the European Union ("CFR") and Article 16(2) of the Treaty27 KB (2,604 words) - 14:24, 16 January 2024
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)BDSG, Article 92 GDPR, margin number 8 (C.H. Beck 2020, 3rd Edition). Herbst in Kühling, Buchner, DS-GVO BDSG, Article 92 GDPR, margin number 13 (C.H. Beck19 KB (1,525 words) - 08:18, 19 October 2023
- Article 60 GDPR (category GDPR Articles) (section (3) Duty of lead supervisory authority (LSA) to communicate the relevant information and submit a draft decision)resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 97 GDPR (category Article 97 GDPR)years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the16 KB (778 words) - 08:24, 19 October 2023
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 42 GDPR (category GDPR Articles) (section (3-4) Certification as a voluntary act that does not reduce compliance obligations)or processor should be approved pursuant to Article 58(3) GDPR, or by the EDPB pursuant to Article 63 GDPR. Where such an approval takes place through27 KB (2,452 words) - 14:26, 28 July 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Category:Article 11 GDPR Georgieva, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 11 GDPR, p. 39520 KB (1,854 words) - 16:32, 8 March 2024
- Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p29 KB (2,823 words) - 15:15, 28 April 2022
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- use of trusted third party verification services. Article 8(3) GDPR makes it clear that Article 8(1) GDPR only refers to consent, not to the object of the19 KB (1,335 words) - 13:56, 24 October 2023
- Article 43 GDPR (category GDPR Articles)Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- Article 89 GDPR (category Article 89 GDPR) (section (3) Derogations are Possible for Archiving Purposes in the Public Interest)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Article 90 GDPR (category Article 90 GDPR)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 76 GDPR (category Article 76 GDPR)decisions in Category:Article 76 GDPR Dix, in Kühling, Buchner, DS-GVO BDSG, Article 76 GDPR, margin number 1 (C.H. Beck 2020, 3rd edition). Docksey, in15 KB (787 words) - 08:17, 19 October 2023
- Article 74 GDPR (category Article 74 GDPR)Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C.H. Beck 202015 KB (808 words) - 09:44, 17 October 2023
- decisions in Category:Article 26 GDPR Petri, in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 26 GDPR, margin number 12 (C.H. Beck 2019). EDPB37 KB (3,915 words) - 12:49, 24 May 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- all related decisions in Category:Article 3 GDPR EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1)37 KB (4,635 words) - 13:29, 24 October 2023
- Article 66 GDPR (category Article 66 GDPR) (section (3) Adoption of a final decision of the EDPB without provisional measures)derogation from Article 64(3) and Article 65(2), an urgent opinion or an urgent binding decision referred to in paragraphs 2 and 3 of this Article shall be adopted20 KB (1,590 words) - 16:11, 2 November 2023
- refusal to take action on a data subject’s request (Article 12(4)). The first sentence of Article 20(3) GDPR clarifies that the exercise of the right to data40 KB (5,349 words) - 07:05, 1 June 2023
- Article 61 GDPR (category Article 61 GDPR) (section (3) Requirements of an assistance request and limitation of utilization of requested information)standards of clarity (Article 61(3) GDPR). Requests are imperative and, subject to specific exceptions (Article 61(4) and (5) GDPR), must be fulfilled and24 KB (2,181 words) - 11:46, 15 January 2024
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- UODO (Poland) - DKN.5130.2215.2020 (category Article 28(3)(c) GDPR)right of control referred to in Article 28(3)(h) GDPR concerning PIKA's provision of the measures required under Article 32 GDPR. Only after a personal data110 KB (17,650 words) - 12:27, 29 April 2022
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notification of the Commencement Agreement26 KB (4,147 words) - 13:27, 13 December 2023
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SEVENTH: Notification of the aforementioned45 KB (7,135 words) - 13:08, 13 December 2023
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled27 KB (4,216 words) - 13:26, 8 January 2024
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)That on August 4, 2019, Mr. H.H.H. contacted me. of the fraudulent transfer department of my bank EVO BANC. The Mr. H.H.H. informed me that in the early270 KB (43,335 words) - 12:39, 13 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)claimed party, for the alleged infringement of article 6 of the GDPR, typified in article 83.5 of the GDPR. FOURTH: On January 16, 2023, the aforementioned22 KB (3,427 words) - 13:26, 13 December 2023
- AEPD (Spain) - EXP202200367 (category Article 5(1)(a) GDPR)Madrid sedeagpd.gob.es 26/28 ANNEX IX H.H.H. (hereinafter claimant 9). C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 27/28 ANNEX X I.I.I. *** CHARGE57 KB (8,117 words) - 10:35, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3021/452/2017 (category Article 15(1)(h) GDPR) (section Application of Articles 12 and 15 GDPR to call records)(2016/679) Article 5 (1) (a), Article 12 (1), (2) and (6) , Article 13, Article 15 (1) (h), (3) and (4), Article 58 (2) (c) and (d) subparagraphs Article 34 (1)41 KB (6,220 words) - 09:48, 17 November 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 28(1) GDPR)writing (cf. paragraphs 3 and 4 of article 28 of the GDPR), verification of the requirements set out in article 28 of the GDPR it must be substantive and163 KB (27,222 words) - 16:54, 6 December 2023
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(a) GDPR)Appeals Board assessed if a fine could be imposed as per Article 83(5) GDPR, cf. Article 83(2) GDPR, and in which case, how large it should be. The Board31 KB (5,018 words) - 18:44, 5 March 2022
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- APD/GBA (Belgium) - 06/2019 (category Article 5(1)(c) GDPR)(e) and 13(2)(a) GDPR. Thus, it ordered the controller to comply with the GDPR. In addition it fined € 10,000 under Article 58(2)(i) GDPR for the violation20 KB (3,137 words) - 16:51, 12 December 2023
- APDCAT (Catalonia) - PS 49/2019 (category Article 28 GDPR)out by the school). Article 9 GDPR, for having processed biometric data without any valid ground from Article 9(2). Article 13 GDPR, for not having informed38 KB (5,760 words) - 08:26, 8 September 2021
- HDPA (Greece) - 47/2022 (category Article 28(3) GDPR)data subject (Article 26 GDPR). The processing by the processor must, in accordance with the provisions of article 28 paragraph 3 of the GDPR, be governed25 KB (3,943 words) - 14:32, 28 September 2022
- Court of Appeal of Brussels - 2022/AR/556 (category Article 6(3) GDPR)the APD file) dated 3 September 2020, 28 September 2020, 28 September 2020, 28 September 2020, 28 September 2020, 28 September 2020, 28 September 2020 October83 KB (13,694 words) - 09:53, 14 December 2023
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- AZOP (Croatia) - Decision 17-05-2022 (category Article 6 GDPR)consent, in line with Article 6(1)(a) GDPR. The Court recalled that Article 31 of the Croatian Law on the Implementation of the GDPR stipulates that the15 KB (2,261 words) - 15:55, 30 October 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could be asserted by way39 KB (6,362 words) - 14:01, 22 June 2023
- AEPD (Spain) - PS/00430/2020 (category Article 4(11) GDPR)his/her consent. The DPA first outlined Article 6(1)(a) and (b) GDPR, Articles 4(11) GDPR on consent, as well as Article 6 of the Spanish Data Protection Law31 KB (4,738 words) - 14:39, 13 December 2023
- NAIH (Hungary) - NAIH/2020/3479 (category Article 5(1)(d) GDPR)proceedings Article 77 (1) and Article 22 (b) of the General Data Protection Regulation. may be submitted in the case provided for in Under Article 77 (1) of30 KB (4,563 words) - 10:12, 17 November 2023
- DSB (Austria) - D550.038/0003-DSB/2018 (category Article 5(1)(a) GDPR)obligation violates § Article 13 (3) in conjunction with Article 62 (1) 4 DSG and for the period prior to 25 May 2018 against Article 52 Paragraph 2 no. 731 KB (5,161 words) - 14:02, 12 May 2023
- AEPD (Spain) - PS/00026/2021 (category Article 28 GDPR)processor, Vamavi Phone SL, had violated Article 48(1) LGT, Article 21 GDPR in link with Article 23 LOPDGDD and Article 28 GDPR by making a commercial call on behalf33 KB (5,185 words) - 13:48, 13 December 2023
- AEPD (Spain) - PS/00278/2019 (category Article 4(11) GDPR)lack of valid consent under Article 6(1)(a) GDPR. Thus, it imposed VODAFONE a fine of EUR 75,000 under Article 83(5) GDPR, being indecisive whether there23 KB (3,672 words) - 14:25, 13 December 2023
- AEPD (Spain) - PS/00415/2019 (category Article 6(1) GDPR)regard to Article 83.2 (k) of the RGPD, the LOPDGDD, Article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k)22 KB (3,521 words) - 14:36, 13 December 2023
- HDPA (Greece) - 39/2020 (category Article 4(7) GDPR)rowspan="2" width="3"><img src="http://www.dpa.gr:80/APDPXPortlets/images/menutop_space.jpg" width="3" height="104"></td><!--/*++++++++++++++++++++++++3 Υπομενού56 KB (7,755 words) - 15:39, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9529527 (category Article 28 GDPR)several violations of the GDPR. Firstly, the USL had not documented its processing activities as required by Article 30 GDPR, despite the two years between55 KB (8,833 words) - 15:54, 6 December 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)provided for in Article 5(1)(a), (e) and (f), Article 5(2), Article 24(1) and (2), Article 28(3), Article 30(1)(d) and (f) and Article 32(1) of the General58 KB (9,357 words) - 10:02, 17 November 2023
- UODO (Poland) - DKN.5130.2024.2020 (category Article 28(3) GDPR)art. 24 sec. 1, art. 25 sec. 1, art. 28 sec. 1 and 3 and article. 32 sec. 1 and 2, as well as art. 83 sec. 1 - 3, art. 83 sec. 4 lit. a) and art. 83 sec75 KB (12,104 words) - 09:58, 17 November 2023
- AEPD (Spain) - EXP202102430 (category Article 32 GDPR)the claimed party, for the alleged violation of Article 32 of the RGPD, typified in Article 83.4 of the GDPR. Once the initiation agreement was notified,33 KB (4,835 words) - 13:26, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9795350 (category Article 5(1)(a) GDPR)required by Article 12 GDPR. The DPA clarified that the right of information and the right of access are distinct. An access request under Article 15 GDPR is not90 KB (14,651 words) - 08:07, 5 September 2022
- Garante per la protezione dei dati personali (Italy) - 9542155 (category Article 5(2) GDPR)purposes of diagnosis, assistance and health therapy (Article 9, paragraph 2, lett. h) and par. 3 of the Regulation) and is carried out on the basis of26 KB (4,162 words) - 15:54, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9269618 (category Article 5(1)(f) GDPR)controller under the GDPR. The data controller did not process personal data with an appropriate level of security, as required by article 32, read in conjunction34 KB (4,967 words) - 15:46, 6 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 12(3) GDPR)(Articles 12 and 14 of the GDPR) - a breach of her right of access (article 15 of the GDPR) - a breach of Article 28 of the GDPR with regard to the quality127 KB (21,484 words) - 17:01, 12 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 28(3) GDPR)Those measures shall be reviewed and, where necessary, updated. Article 28.3 AVG "3. The processing by a processor shall be governed by a contract or35 KB (5,526 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00405/2019 (category Article 6(1) GDPR)significant (Article 83(2)(b) GDPR). - basic personal identifiers were affected (name, identification number, the line identifier) (Article 83(2)(g) GDPR). The24 KB (3,887 words) - 14:34, 13 December 2023
- AEPD (Spain) - PS/00433/2020 (category Article 58(2)(c) GDPR)authority ofcontrol pursuant to Article 58 (2), or failure to provide access in breachof article 58, paragraph 1. "Organic Law 3/2018, on the Protection of23 KB (3,592 words) - 14:40, 13 December 2023
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)or instead of the measures referred to points (a) to (h) of Article 58(2) and Article 58(2)(a) to (h) paragraph 2(j). When deciding on the imposition of31 KB (4,973 words) - 16:50, 6 December 2023
- AEPD (Spain) - EXP202201721 (category Article 6(1) GDPR)violated Article 6 and Article 32 GDPR. The DPA seems to consider the authentication procedure itself as "processing" and therefore Article 32 GDPR applies79 KB (12,408 words) - 13:24, 13 December 2023
- AEPD (Spain) - EXP202208230 (category Article 28(3) GDPR)violation of article 28.2 typified in Article 83.4 a) GDPR. SIXTY THOUSAND EUROS (€60,000) for alleged violation of article 28.3 typified in Article 83.4 a)45 KB (6,904 words) - 13:12, 13 December 2023
- AEPD (Spain) - PS/00315/2020 (category Article 28(3)(g) GDPR)CIF A76539030, for a violation of article 28.3.g) of the RGPD, in accordance with article 83.4 b) of the RGPD, and article 74.k) of the LOPDGDD, with the62 KB (10,401 words) - 14:35, 21 November 2023
- AEPD (Spain) - EXP202203956 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned start-up52 KB (8,323 words) - 13:17, 13 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)under Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR143 KB (24,273 words) - 15:59, 10 March 2022
- UODO (Poland) - DKN.5131.31.2021 (category Article 28(3) GDPR)violated Article 33(1) GDPR by failing to inform the DPA of the data breach. Second, the DPA held that the controller violated Article 28(1), (3) and (9)105 KB (17,237 words) - 09:22, 10 May 2023
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)AEPD fined in €2,000 a website for non-GDPR compliant privacy policy, violating Article 13 GDPR. On January 16, 2022 the data subject complaint against29 KB (4,482 words) - 14:06, 5 March 2024
- AEPD (Spain) - PS/00079/2020 (category Article 6(1) GDPR)of Article 6(1) GDPR? The Spanish DPA held that the documentation in the file provides evidence that G.L.P. Instalaciones 86, S.L violated Article 6(1)20 KB (3,301 words) - 13:57, 13 December 2023
- AEPD (Spain) - PS/00182/2020 (category Article 6(1) GDPR)Resolution was notified on September 28, 2020, by alleged violation of article 6.1 of the RGPD, typified in article 83.5 of the RGPD, proposing a fine of21 KB (3,154 words) - 14:07, 13 December 2023
- AEPD (Spain) - EXP202103878 (category Article 6(1) GDPR)Articles 57(1) and 58(2) GDPR for the processing of personal data without the consent of the data subject, as foreseen in Article 6 GDPR. Firstly, the DPA found20 KB (3,035 words) - 10:33, 13 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)and 13 GDPR? Is the information provided to data subjects throughout the subscription process in compliance with the provisions of Article 13 GDPR? Does48 KB (7,404 words) - 17:09, 6 December 2023
- AEPD (Spain) - PS/00219/2019 (category Article 5(1)(d) GDPR)infractions of article 48 of Law 9/2014, of May 9, General of Telecommunications (hereinafter LGT), in accordance with the provisions of the article 84.3 of the37 KB (5,785 words) - 14:11, 13 December 2023
- AEPD (Spain) - PS/00028/2022 (category Article 5(1)(f) GDPR)confidentiality. Second, the DPA found a violation of Article 32 GDPR. The DPA held Article 32 GDPR requires the controller to have a complete protocol that58 KB (9,301 words) - 12:39, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 28(3) GDPR)obligations under Article 28 of the GDPR and the responsibilities arising from failure to comply with them. In fact, on the one hand, Article 28, paragraph 149 KB (7,758 words) - 15:44, 6 December 2023
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)until the end of the service as indicated in the article itself 28.3.g). And continues article 28.3.h): “will make available to the person in charge all287 KB (48,336 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00247/2019 (category Article 32(2) GDPR)employee of the entity - infringes Article 32. 2 and 32.4 of the RGPD, an infringement punishable under Article 83.4.a of the GDPR. Assessing the circumstances39 KB (6,720 words) - 14:22, 13 December 2023
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- AEPD (Spain) - PS/00093/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD, as defined in Article 83.5 of the RGPD, following the application of Article 85(1) and (3) of LPACAP, a fine37 KB (5,995 words) - 13:58, 13 December 2023
- OLG Köln - 15 U 126/19 (category Article 17(3) GDPR)pursuant to Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR)121 KB (20,412 words) - 15:58, 10 March 2022
- AEPD (Spain) - EXP202204530 (category Article 6(1) GDPR)violation of article 6.1 of the RGPD, typified in article 83.5.a) of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 3/9 The proposed26 KB (3,971 words) - 13:26, 13 December 2023
- DSB (Austria) - D122.970/0004-DSB/2019 (category Article 17 GDPR)executed. Legal basis: Article 4 lines 1, 2 and 5, Article 11 paragraphs 1 and 2, Article 12 paragraph 2, Article 17 paragraph 1 and Article 58 paragraph 2 lit23 KB (3,622 words) - 13:57, 12 May 2023
- AEPD (Spain) - PS/00291/2019 (category Article 6(1)(a) GDPR)information received from MEDISALUD, dated February 28, 2019, in accordance with article 65.4 of Organic Law 3/2018, dated December 5, on the Protection of Personal33 KB (5,396 words) - 14:26, 13 December 2023
- subject's data under Article 6(1)(c) GDPR. Thus, the data subject was entitled to have the controller delete his personal data per Article 17(1)(d), which allows33 KB (5,254 words) - 13:33, 12 May 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)the EU Article 28: Processor of processing (regulations) Article 28.3: Arrangements of a contract (or other legal act) with processors Article 29: Processing9 KB (1,251 words) - 12:15, 8 May 2023
- AEPD (Spain) - TD/00044/2021 (category Article 28(3) GDPR)the DPA launched a proceeding. The AEPD determined that, according to Article 28(3)(e), the processor has the obligation to assist the controller in the22 KB (3,465 words) - 13:30, 13 December 2023
- NAIH (Hungary) - NAIH/2020/193/8 (category Article 12(3) GDPR)been deleted by the employer upon request pursuant to Article 16, Article 17 and Article 5(1)(d) GDPR (inaccuracy of personal data). Therefore, the employer58 KB (9,413 words) - 10:11, 17 November 2023
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)question if Google LLC violated Articles 5 et seqq. GDPR in connection with Article 28(3)(a) and Article 29 GDPR. The DSB fully upheld the complaint with regard108 KB (17,097 words) - 13:52, 12 May 2023
- NAIH (Hungary) - NAIH/2020/6484 (category Article 15(1)(a) GDPR)the general rule of Article 15 (1) (a), c) and d) of the GDPR by not giving substantive, specific answers to the request under Article 15 and by sharing27 KB (4,159 words) - 10:13, 17 November 2023
- Norges Høyesterett - 2021-2403-A (category Article 4(11) GDPR)Privacy Regulation (GDPR) article 6 no. 1 letter f. GDPR applies according to the Personal Data Act § 1 as Norwegian law. Legelisten.no (3) Legelisten.no is46 KB (7,024 words) - 06:18, 6 March 2022
- AEPD (Spain) - PS/00464/2020 (category Article 32(1) GDPR)such data. 3. Adherence to a code of conduct approved in accordance with article 40 or to a certification mechanism approved under article 42 may serve29 KB (4,300 words) - 14:41, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)obligations arising from article 12.3 and 4 of the GDPR (methods for exercising the data subject's rights) and Article 15.1.b) and c) 5 of the GDPR (right of access76 KB (11,147 words) - 16:58, 6 December 2023
- CNIL (France) - SAN-2020-015 (category Article 32(1) GDPR)private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA29 KB (4,374 words) - 16:03, 19 January 2024
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)more details. Article 2: Substantive scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal9 KB (1,168 words) - 15:30, 6 December 2023
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)implement 1See e.g. PVN 2019-09 2FOR-2018-07-02-1107. 3 Prop. 56 LS (2017-2018), point 31.3.3.3 4controlling measures in their business. Regulations on49 KB (7,646 words) - 07:56, 7 March 2022
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA429 KB (58,279 words) - 09:12, 2 November 2022
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)uncensored form” as intended by the court, i.e. without that 3.20 3.21 3.22 3.23 3.24 3.25 3.26 3.27 3.28 essential information in the deeds had been blacked out103 KB (17,620 words) - 10:13, 29 November 2023
- AEPD (Spain) - PS/00275/2019 (category Article 5(1)(f) GDPR)Vodafone on December 3 of the same year, for alleged infringement of Article 5.1.f) of the GDPR, typified in article 83.5 of the GDPR, proposing a fine of21 KB (3,335 words) - 14:25, 13 December 2023
- the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European25 KB (3,812 words) - 10:03, 20 August 2021
- AEPD (Spain) - PS/00491/2020 (category Article 6(1) GDPR)violation of Article 13 GDPR and issued a warning to the controller. The AEPD took into account the following aggravating factors (Article 83 (2) GDPR) to determine19 KB (2,957 words) - 14:45, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3843/163/20 (category Article 5(1)(a) GDPR)DPA held that the controller had violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 6 GDPR and Section 3 of the Finnish Act on the Protection of39 KB (6,038 words) - 17:39, 29 April 2024
- AEPD (Spain) - PS/00069/2020 (category Article 6(1)(a) GDPR)provided for in Article 46(1) of the referred to Law. Finally, it is pointed out that in accordance with the provisions of Article 90.3 a) of the LPACAP20 KB (3,066 words) - 13:55, 13 December 2023
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00008/2020 (category Article 6(1) GDPR)infractions of article 48 of Law 9/2014, of May 9, General Telecommunications (hereinafter LGT), in accordance with the provisions of the article 84.3 of the LGT27 KB (4,408 words) - 13:45, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 5(1)(a) GDPR)for fraud prevention under Article 6(1)(f) GDPR. Did the company’s policy breach Article 6 or any other articles of the GDPR? The Garante held that the33 KB (5,342 words) - 15:52, 6 December 2023
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- Datatilsynet (Norway) - 21/02873 (category Article 3(1) GDPR)in Article 12(5) GDPR, Article 15(4) GDPR or Article 16 of the Norwegian Personal Data Act were applicable. The DPA ordered the controller (Article 58(2)(d)13 KB (1,583 words) - 16:20, 6 December 2023
- APD/GBA (Belgium) - 15/2021 (category Article 15(3) GDPR)rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 1885 KB (13,724 words) - 16:52, 12 December 2023
- GHAL - 200.256.387 (category Article 17(3)(b) GDPR)virtue of Article 17(3)(b) GDPR. Indeed, it further is justified that the task carried out in the public interest under Article 6(1)(e) GDPR does not constitute27 KB (4,289 words) - 07:57, 7 March 2022
- AEPD (Spain) - PS/00214/2022 (category Article 6(1) GDPR)legal bases of contract (Article 6(1)(b) GDPR), legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR) and determined that131 KB (20,916 words) - 12:38, 13 December 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)this case under Article 6(1)(a) or 6(1)(c)? If Article 6(1)(a) applies, do the requirements for parental consent under Article 8 GDPR also apply? Did the48 KB (7,926 words) - 16:56, 12 December 2023
- Court of Appeal of Brussels - 2021/AR/205 (category Article 6 GDPR)processing plea 6: the right to object - Article 21(1) AVG plea 7: Article 12(3) TFEU - no infringement plea 8: Article 20 AVG-Right of transfer-the warning-not92 KB (14,873 words) - 09:03, 20 August 2021
- AEPD (Spain) - EXP202200439 (category Article 6(1) GDPR)constitutes sensitive data within the meaning of Article 9 GDPR. The DPA alluded to Article 9(1) GDPR which prohibits the processing of these special categories36 KB (5,608 words) - 13:01, 13 December 2023
- AEPD (Spain) - PS/00173/2020 (category Article 5(1)(d) GDPR)Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 3 3/8IBy virtue of the powers that article 58.2 of the RGPD recognizes to eachcontrol authority,22 KB (3,424 words) - 14:06, 13 December 2023
- AEPD (Spain) - EXP202202937 (category Article 12 GDPR)identify the data subject and it shall justify the reasons, as per Article 12(3) GDPR. AEPD stated that, with the documentation provided, the data subject26 KB (3,997 words) - 18:59, 26 February 2024
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)the processing is based on Article 6(1)(a) or on Article 9, (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the69 KB (11,315 words) - 13:30, 19 January 2022
- AEPD (Spain) - PS/00341/2020 (category Article 5 GDPR)principles are found under Article 5(1)(a) and Article 5(2) GDPR respectively]. The Spanish DPA even made reference to Recital 40 GDPR on the legality of processing32 KB (4,831 words) - 14:31, 13 December 2023
- APD/GBA (Belgium) - 10/2019 (category Article 5(1)(b) GDPR)logically been taken up in Article 5(1)(b) of the GDPR under the Principles relating to the processing of personal data (Chapter II). Article 5(1)(b) of the RGPD32 KB (5,190 words) - 16:51, 12 December 2023
- AEPD (Spain) - PS/00247/2020 (category Article 7 GDPR)L. for the infringement of Article 13 GDPR (data privacy policy) and a warning penalty for the infringement of Article 7 GDPR regarding the collection of24 KB (3,893 words) - 14:22, 13 December 2023
- AEPD (Spain) - PS/00274/2019 (category Article 5(1)(f) GDPR)thearticle 5.1.f), in relation to article 6.1 of the RGPD.The violation of article 5.1.f) of the RGPD is typified in article 83.5.a)of the RGPD. The LOPDGDD37 KB (5,700 words) - 14:24, 13 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "182 KB (13,463 words) - 17:03, 6 December 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)data, recorded in copies Article 6 (1) of the GDPR and, in the case of health data, Article 9 of the GDPR. Article 1 (1); (3) did not provide clear and72 KB (11,159 words) - 10:09, 17 November 2023
- AEPD (Spain) - PS/00201/2019 (category Article 4(1) GDPR)data had taken place, meaning GDPR obligations did not apply. Are these magnetic cards personal data within Article 4(1) GDPR? If so, did the MCP infringe54 KB (9,019 words) - 14:10, 13 December 2023
- HDPA (Greece) - 55/2021 (category Article 33 GDPR)measures to security of processing, in accordance with Article 32 GDPR, in connection with Article 24 GDPR, as the controller did not take into account the risks65 KB (10,533 words) - 10:28, 27 January 2022
- AEPD (Spain) - PS/00075/2020 (category Article 6(1)(a) GDPR)sanction is imposed for violation of Article 6.1.a) of the GDPR of 3,000 euros. VIII Infringement of Article 13 of the GDPR The facts claimed also provide evidence31 KB (4,909 words) - 13:56, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)the GDPR is the provisions directly imposing obligations on processors. [...] In this regard, the [EDPS] considers that Article 28(3) of the GDPR, while55 KB (9,079 words) - 16:57, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861249 (category Article 28 GDPR)violated Articles 5(1)(a) and 13 GDPR, as it did not provide the data subject with a proper privacy policy. Article 28 GDPR was also infringed, as no controller-processor87 KB (14,104 words) - 15:45, 6 December 2023
- CE - N° 428451 (category Article 9(3) GDPR)the analysis of a health establishment's activities are collected. Article 9(3) GDPR provides that health data may be processed for the purposes of the35 KB (5,153 words) - 16:29, 20 May 2021
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)aggravating circumstance according to Article 83(2)(i) or as a separate violation according to Article 83(5)(e) or Article 83(6). Since the situation at hand71 KB (11,552 words) - 13:40, 12 January 2024
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)based on Article 6.1.f) of the GDPR, but not for all processing based on this article. […] 73 74Investigation report, page 22, point 4.4.2.3.3. WP 260 rev82 KB (11,472 words) - 16:58, 6 December 2023
- AEPD (Spain) - PS/00009/2020 (category Article 6(1) GDPR)February 2019 to February 28, 2019, the date on which thefinal discharge.C / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 3 3/11THIRD: On February27 KB (4,150 words) - 13:45, 13 December 2023
- APD/GBA (Belgium) - 08/2019 (category Article 12(3) GDPR)violated Articles 12(3), (4), 13(2)(b), 30(1)(d) and (g) of the GDPR and issued a warning by virtue of Article 58(2)(b) of the GDPR. Due to the anonimisation24 KB (3,843 words) - 16:51, 12 December 2023
- APD/GBA (Belgium) - 11/2019 (category Article 5(1)(b) GDPR)of the provisions as set out in Article 95 § 2 and Article 98 of the ICA. They are also informed, pursuant to Article 99 of the ICA, of the time limits24 KB (3,844 words) - 16:51, 12 December 2023
- NAIH (Hungary) - NAIH/2020/32/4 (category Article 5(1) GDPR)right of access under Article 15 of the GDPR and the right to erasure (‘forgotten’) under Article 17 of the GDPR, Article 12 of the GDPR on measures to exercise75 KB (12,586 words) - 10:10, 17 November 2023
- CNPD (Luxembourg) - Délibération n°37FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg26 KB (3,862 words) - 17:41, 25 June 2022
- APD/GBA (Belgium) - 149/2023 (category Article 7(3) GDPR)online booking platform, for failing to comply with Article 12(3) GDPR and because Article 6(1)(f) GDPR was not a valid legal basis to publish personal data113 KB (17,325 words) - 08:50, 19 March 2024
- Persónuvernd (Iceland) - 2020061954 (category Article 28(3) GDPR)incomplete with regards to several requirements set in Article 28(3) GDPR, and notably points b, c, e, f, g and h. For example, the processing agreement did not88 KB (14,189 words) - 09:58, 7 December 2021
- UODO (Poland) - DKN.5112.13.2020 (category Article 57(1)(h) GDPR)in line with the principle of lawfulness in Article 5(1)(a) GDPR, as none of the conditions of Article 6 GDPR were satisfied. The data disclosed in the land60 KB (9,755 words) - 09:58, 17 November 2023
- Rb. Amsterdam - C/13/692003/HA RK 20-302 (category Article 15(1) GDPR)All this is in violation of Article 22 GDPR. The requirements of proportionality and subsidiarity have also not been met. 3.3. Furthermore, prior to the30 KB (4,797 words) - 10:03, 19 May 2021
- AEPD (Spain) - PS/00232/2020 (category Article 6(1) GDPR)for processing a data subject's personal data without a legal basis (Article 6(1) GDPR). Flip Energy had switched switched the data subject over from the29 KB (4,386 words) - 14:20, 13 December 2023
- Personvernnemnda (Norway) - 2021-09 & PVN-2021-15 (20/01790) (category Article 5(1)(a) GDPR)the footage (3 seconds), that it did not show any faces or the theft itself, did not concern any personal data as per Article 9 GDPR or Article 10 and was40 KB (6,549 words) - 18:49, 5 March 2022
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(3) GDPR)guarantee the autonomy of the DPO 1. On the principles 28. According to Article 38.3 of the GDPR, the body must ensure that the DPO "does not receive no66 KB (9,458 words) - 19:42, 4 September 2021
- UODO (Poland) - ZSPR.421.3.2018 (category Article 14 GDPR)obligation by providing the information required under Art. 14 (1) – (3) of the GDPR only in relation to the persons whose e-mail addresses it had at its52 KB (8,444 words) - 10:01, 17 November 2023
- OLG Köln - 20 U 295/21 (category Article 15(3) GDPR)found that the right to a copy under Article 15(3) GDPR is independent from the right to access under Article 15(1) GDPR and is to be construed extensively42 KB (6,689 words) - 08:30, 21 November 2022
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)disregarded the provisions of Article 5-1 e) of the GDPR. C. On the breach of the obligation to inform people 65. Article 13 of the GDPR requires the data controller61 KB (10,028 words) - 17:09, 6 December 2023
- BVwG - W101 2132183-1 and W101 2132039-1 (category Article 15(3) GDPR) (section Use of online tools to provide access in line with Article 12 GDPR)to Article 28 (2) of the Administrative Procedure Act in conjunction with Article 24 (1) and (5) of the Federal Data Protection Act as amended. 3.3.5 Pursuant107 KB (17,615 words) - 09:42, 10 September 2021
- Supreme Court - C.20.0323.N (category Article 4(11) GDPR)minimisation under Article 5(1)(c) GDPR, and contrary to the obligation to obtain the freely given consent of the data subject under Article 6(1)(a) GDPR, when refusal43 KB (6,749 words) - 07:07, 28 October 2021
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- AEPD (Spain) - TD/00261/2020 (category Article 12 GDPR)articles 12.5 and 15.3 of Regulation (EU) 2016/679 and in the sections 3 and 4 of article 13 of this organic law. " FIFTH: Article 15 of the RGPD provides23 KB (3,523 words) - 14:46, 13 December 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)purpose limitation in accordance with Article 5 Paragraph 1 Letter b GDPR (Paal/Pauly/Paal, 3rd edition 2021, GDPR Article 15 Rn. 24). The plaintiff has a right32 KB (5,093 words) - 16:07, 11 September 2022
- UODO (Poland) - DKN.5131.5.2020 (category Article 83(3) GDPR)subjects, according to Article 33(1) GDPR and Article 34(1) GDPR? The PUODO held that the insurance company infringed the GDPR provisions, failing to notify47 KB (7,608 words) - 10:00, 17 November 2023
- APD/GBA (Belgium) - 73/2020 (category Article 5 GDPR)plain. The word "concise" in Article 12(1) GDPR, however, does not mean incomplete, all mandatory information from Article 13 GDPR must still be included. The93 KB (14,040 words) - 17:00, 12 December 2023
- APD/GBA (Belgium) - 11/2024 (category Article 12(3) GDPR)established in Article 12(3) and (4) GDPR. Therefore, the Belgian DPA found the controller to have breached Article 15 GDPR in conjunction with Article 12(3) and26 KB (3,856 words) - 08:51, 19 March 2024
- AEPD (Spain) - 0098/2022 (category Article 6(1)(e) GDPR)under Article 36 GDPR) regarding the compliance of the envisaged processing with the GDPR. According to the Commission, the legal basis was Article 6(1)(e)56 KB (8,102 words) - 13:57, 1 February 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 83(3) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 12(3) GDPR)the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR. As a result, the DPA issued52 KB (7,936 words) - 22:32, 2 March 2024
- CE - N° 433311 (category Article 5(1)(e) GDPR)company for faulty website security (article 32 GDPR) and violation of the storage limitation principle (article 5(1)(e) GDPR). After a complaint in 2018, the18 KB (2,677 words) - 09:50, 10 September 2021
- UODO (Poland) - ZSPR.421.7.2019 (category Article 7(3) GDPR)connection with Article 5 paragraph 1 point a, Article 5 paragraph 2, Article 6 paragraph 1, Article 7 paragraph 3, Article 12 paragraph 2, Article 17 paragraph60 KB (9,815 words) - 10:02, 17 November 2023
- AEPD (Spain) - PS/00117/2022 (category Article 4(11) GDPR)6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 3/11 SECOND: In accordance with article 65.4 of Organic Law 3/2018, of 5 December, Protection of Personal Data30 KB (4,623 words) - 12:58, 13 December 2023
- APD/GBA (Belgium) - 63/2020 (category Article 12(4) GDPR)van volksgezondheid overeenkomstig artikel 9, lid 2, punten h) en i), en artikel 9, lid 3; d) met het oog op archivering in het algemeen belang, wetenschappelijk20 KB (2,982 words) - 17:00, 12 December 2023
- DSB (Austria) - 2020-0.191.240 (category Article 4(1) GDPR)follows The appeal is dismissed as unfounded. Legal basis: Article 51(1), Article 57(1)(f) and Article 77(1) of Regulation (EU) 2016/679 (the basic data protection66 KB (10,546 words) - 13:50, 12 May 2023
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- Datatilsynet (Norway) - 20/01865 (category Article 2 GDPR)under Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet19 KB (2,942 words) - 09:03, 14 September 2023
- AEPD (Spain) - PS/00406/2020 (category Article 6(1)(f) GDPR)violation of article 6.1. f) of the RGPD, in relation with article 20.1 c) of the LOPDGDD, typified in article 83.5.a) of the cited GDPR That by writing36 KB (5,582 words) - 14:35, 13 December 2023
- UODO (Poland) - DKE.561.2.2020 (category Article 58(1)(e) GDPR)connection with Article 31, Article 58(1)(e) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament and of27 KB (4,390 words) - 09:50, 17 November 2023
- CPDP (Bulgaria) - PNN-01-433/2019 (category Article 6(1)(a) GDPR)for processing personal data without a legal ground as required by Article 6(1) GDPR, after hiring a handwriting expert to determine that an alleged signature18 KB (2,987 words) - 16:49, 6 December 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR. The complainants are clients52 KB (8,603 words) - 16:55, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 38(3) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg56 KB (8,326 words) - 16:57, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509558 (category Article 5(1)(a) GDPR)Regulation (Article 85) and the Code (Articles 136 et seq.); h) the adoption of suitable measures to eliminate the consequences of the violation (Article 83, paragraph24 KB (3,667 words) - 15:53, 6 December 2023
- AEPD (Spain) - EXP202204631 (category Article 5(1)(f) GDPR)comes regulated in article 32 of the GDPR. II Article 5.1.f) of the GDPR Article 5.1.f) of the GDPR establishes the following: "Article 5 Principles relating36 KB (5,485 words) - 13:19, 13 December 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- AEPD (Spain) - EXP202210237 (category Article 6(1) GDPR)fact that the processing of the controller relied on Article (6)(1)(b) GDPR and Article 6(1)(c) GDPR as legal basis affects the holding of the DPA since32 KB (4,780 words) - 10:44, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861827 (category Article 5(1)(a) GDPR)violated Article 12 GDPR, as it did not facilitate the data subject´s exercise of their rights, especially the right to erasure under Article 17 GDPR. In view87 KB (14,525 words) - 15:45, 6 December 2023
- UODO (Poland) - DKN.5131.7.2020 (category Article 33(3) GDPR)2016/679 (Article 83 (2 ) (h) of the Regulation 2016/679); e) compliance with previously applied in the same case the measures are laid down in Article. 58 sec50 KB (8,066 words) - 10:00, 17 November 2023
- Datatilsynet (Norway) - 20/02375 (category Article 6(1)(f) GDPR)rating, breaching Article 6(1) GDPR, and required the company to implement a policy for conducting credit ratings per Article 24 GDPR. A person lodged a40 KB (5,943 words) - 18:54, 5 March 2022
- CE - N° 430810 (category Article 6(1)(a) GDPR)---------- Article 1: The intervention of the PDU - What to choose is allowed. Article 2: The request of the company Google LLC is rejected. Article 3: This42 KB (6,800 words) - 09:50, 10 September 2021
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)Schaffland/Holthaus in Schaffland/Wiltfang, GDPR, Article 15 GDPR paragraph 44; loc. A. Härting, CR 2019, 219). 136 (3) In accordance with the above legal principles97 KB (16,519 words) - 09:57, 22 February 2023
- OGH - 6Ob159/20f (category Article 12(1) GDPR)under Article 15 GDPR to the defendant and requested i.a. information on concrete recipients of their personal data under Article 15(1)(c) GDPR. The defendant22 KB (3,310 words) - 07:44, 5 October 2021
- AEPD (Spain) - PS/00234/2020 (category Article 7 GDPR)AEPD concluded that the defendant could have breached Article 13 GDPR, Article 7 GDPR and Article 22(2) LSSI: there was no identification of the data controller47 KB (7,368 words) - 14:21, 13 December 2023
- Datatilsynet (Norway) - 20/01879 (category Article 24 GDPR)highly sensitive personal data exposed, thus breaching Article 32(1)(b) GDPR and Article 32(2), cf. Article 24. An employee in a municipal health care center30 KB (4,302 words) - 18:53, 5 March 2022
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(3) GDPR)related to in-game chat messages. 3. Reasons for the decision of the DPA 3.1. It follows from Article 15 of the GDPR that the data subject has the right26 KB (3,820 words) - 16:22, 6 December 2023
- AEPD (Spain) - EXP202204881 (category Article 6(1) GDPR)the LPACAP, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On January 23, 2023, DIGI requests a55 KB (9,017 words) - 10:46, 13 December 2023
- AEPD (Spain) - PS/00381/2019 (category Article 5(1)(f) GDPR)breach of Article 5(1)(f) GDPR. Was the publication of the census copies a breach of the data integrity and confidentiality principle under Article 5(1)(f)22 KB (3,479 words) - 14:33, 13 December 2023
- AEPD (Spain) - PS/00062/2020 (category Article 13 GDPR)breach Article 13 GDPR even if the contact form is not operational? The Spanish DPA (AEPD) held that the defendant, PSI, violated Article 13 GDPR by failing44 KB (7,162 words) - 13:53, 13 December 2023
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results73 KB (11,604 words) - 16:57, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9779057 (category Article 4(1) GDPR)without references to names. Moreover, (2) it included health data (Article 4(15) GDPR) as the newsletters were send to patients of the respected medical63 KB (9,916 words) - 11:28, 16 August 2022
- AG Pankow - 4 C 199/21 (category Article 15 GDPR)according to Article 82 GDPR. The District Court rejected the claim of the data subject. It held that the controller did not violate Article 15(1) GDPR. It found17 KB (2,569 words) - 07:15, 17 May 2022
- AEPD (Spain) - PS/00183/2022 (category Article 5(1)(d) GDPR)right of rectification of Article 16 GDPR and Article 14 of LOPDGDD, the national data protection law, the DPA stated that Article 12(4) LOPDGDD obliges the63 KB (10,203 words) - 13:01, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9435807 (category Article 5(1)(a) GDPR)indicated in point 3.3 of this decision. 4.3. Safety measures applied to the storage of traffic data. The conduct ascertained in point 3.4 of this decision58 KB (9,448 words) - 15:50, 6 December 2023
- AEPD (Spain) - TD/00185/2019 (category Article 17 GDPR)public interest in the field of public health in accordance with Article 9(2)(h) and (i) and (3); (d) for archiving purposes in the public interest, for the17 KB (2,620 words) - 14:51, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8393/161/2019 (category Article 5(1)(c) GDPR)with Article 5 (1) (a) and Article 6 (1) (f) GDPR. Thus, the controller failed to comply with the accountability principle under Article 5 (2) GDPR. Second111 KB (17,604 words) - 13:08, 3 March 2024
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD typified in Article 83.5.a) of the RGPD and considered very serious, for the purposes of prescription, in Article 72.139 KB (6,623 words) - 14:08, 13 December 2023
- UODO (Poland) - DKN.5131.6.2020 (category Article 33(1) GDPR)as Article 57 (1) (a), Article 58 (2) (e) and (i), Article 83 (1) - (3) and Article 83 (4) (a) in connection with Article 33 (1) and Article 34 (1), (2)66 KB (10,785 words) - 10:00, 17 November 2023
- Norway, and not the GDPR. The DPA does, however, refer to corresponding Articles in the GDPR: Articles 5(1)(b) and (c), as well as Article 17. Share blogs43 KB (6,983 words) - 09:09, 21 August 2022
- AEPD (Spain) - PS/00212/2019 (category Article 32 GDPR)typified in article 83.4 of the RGPD and is qualified as serious in article 73.1 g) of the LOPDPGDD for prescription purposes.III Article 58.Article 58.2 of17 KB (2,518 words) - 14:11, 13 December 2023
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(a) GDPR)directly on the basis of the GDPR, not the register assessed on the basis of Article 30(1) of the GDPR. II.3. Article 6(1)(f) of the GDPR 49. Above, the Disputes43 KB (6,274 words) - 08:57, 29 June 2023
- Court of Appeal of Brussels - 2020/AR/1333 (category Article 5(1)(a) GDPR)proportionate and complies with the article 83 of the GDPR. The Litigation Chamber fully complied with article 83.1 of the GDPR and principle of proportionality51 KB (7,792 words) - 11:43, 24 January 2022
- CNIL (France) - SAN-2020-008 (category Article 5(1)(e) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)that the controller had not violated Article 45 GDPR nor any of the subsequent Articles from Chapter V of the GDPR. The AEPD took into account that the44 KB (6,642 words) - 10:34, 13 December 2023
- AEPD (Spain) - PS/00025/2019 (category Article 6(1) GDPR)infringement of article 6.1 of the RGPD, typified in article 83.5 of the RGPD, afine of 75,000 euros (seventy-five thousand euros).SECOND: Under article 58.2.d)88 KB (14,301 words) - 13:48, 13 December 2023
- Datatilsynet (Norway) - 20/01627 (category Article 4(1) GDPR)surveillance of Rognan center, cf. Article 6 of the Privacy Ordinance. 4.3. Assessment of the principle of legality in Article 5 (1) (a) The requirement that45 KB (6,973 words) - 05:12, 15 September 2022
- BVwG - W211 2210458-1/10 (category Article 2(1) GDPR)of the GDPR. To 2): c) Article 50b (2) DSG 2000 (for the period prior to 25 May 2018) (d) Article 13(3) DSG (for the period from 25 May 2018) To 3): c) Article92 KB (15,435 words) - 16:00, 22 March 2022
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)general data protectionArticle 5 (1) (a), Article 5 (2), Article 12 (1) and (4) ofArticle 14, Article 15 and Article 21 (4).1.3. The Authority condemns192 KB (30,170 words) - 10:11, 17 November 2023
- AEPD (Spain) - EXP202105693 (category Article 6(1) GDPR)The Spanish DPA fined an insurance company €24,000 for violating Article 6(1) GDPR due to the processing of personal data without a legal basis. The company49 KB (7,579 words) - 13:15, 13 December 2023
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)complaint lodged under Article 77 of the GDPR, or proceedings based on Article 78(1) of the GDPR, is not precluded by the GDPR or any other provision of59 KB (8,242 words) - 10:47, 17 March 2021
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)02/2021 - 14/26 3. Motifs 3.1 Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe96 KB (15,396 words) - 16:50, 12 December 2023
- AEPD (Spain) - EXP202315744 (category Article 17 GDPR)the field of public health in accordance with Article 9, paragraph 2, letters h) and i), and paragraph 3; d) for archival purposes in the public interest20 KB (3,052 words) - 08:17, 16 April 2024
- AP (The Netherlands) - 16.06.2020 (category Article 4(12) GDPR)2020 [CONFIDENTIAL] 3.3 Report obligation in connection with personal data on AP 3.3.1 Breach of Personal Data On the basis of Article 33, first paragraph54 KB (8,224 words) - 17:07, 12 December 2023
- GHAL - 200.186.790/01 (category Article 6(1)(b) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On October 13, 2022, DIGI requests the49 KB (7,973 words) - 13:25, 13 December 2023
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)section 3.3 >>.<< 3.3. Informed manifestation of willThe GDPR reinforces the requirement that consent must be informed. In accordance with theArticle 5 of206 KB (32,869 words) - 14:36, 13 December 2023
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)(articles 12 and 14 of the GDPR); A breach of his right of access (article 15 of the GDPR); A breach of Article 28 of the GDPR with regard to its status72 KB (11,389 words) - 08:59, 20 August 2021
- AEPD (Spain) - PS/00102/2020 (category Article 5(1)(f) GDPR)for the infringement of the confidentiality principle specified at Article 5(1)(f) GDPR, as the defendant agreed to an early and guilty voluntary payment21 KB (3,082 words) - 13:59, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)refer to ‘consent’ in the light of GDPR and thus the condition for a valid consent (Article 7 GDPR) must be met. 3° This consent relates to the purpose67 KB (10,544 words) - 09:24, 10 September 2021
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)also be subject to the provisions of Article 6.1(e) DSGVO in conjunction with Article 6.1(b) DSGVO. Article 2, 28.2 no. 2 BayDSG without the consent of31 KB (5,184 words) - 17:19, 15 April 2023
- OGH - 6Ob127/20z (category Article 4(1) GDPR)held that a lawsuit under Article 79 GDPR regarding the alleged violation of Article 15 GDPR is indeed feasible. Article 79 GDPR is not limited to certain34 KB (5,408 words) - 13:57, 20 September 2021
- DSB (Austria) - 2021-0.024.862 (category Article 36(3)(e) GDPR)that Article 36(1) GDPR provides for a duty to consult if two conditions are met. First, a data protection impact assessment under Article 35 GDPR must38 KB (5,821 words) - 13:39, 12 May 2023
- AEPD (Spain) - PS/00040/2020 (category Article 15 GDPR)for processing on 03/28/2019. Appealed, on appeal RR 354/2019 was resolved on 07/09/2019 being dismissed, highlights, in fact “On May 3, 2019, the affected38 KB (6,303 words) - 13:50, 13 December 2023
- LG Köln - 28 O 168/22 (category Article 17(3)(a) GDPR)meaning of Article 4(7) GDPR and that the controller is requested to delete the data subject’s personal data as the requirements of Article 17(1)(c) GDPR and10 KB (1,473 words) - 13:58, 20 July 2022
- AEPD (Spain) - PS/00239/2022 (category Article 15 GDPR)violation of Article 15 of the GDPR, typified in Article 83.5 of the GDPR, as well as for the alleged infringement of Article 17 of the GDPR, typified in60 KB (9,630 words) - 12:34, 13 December 2023
- VG Mainz - 1 K 467/19.MZ (category Article 9(2)(h) GDPR)constituted health data under Article 9(1) and Article 4(15) GDPR but the transfer was nevertheless admissible pursuant to Article 9 GDPR, as the strict requirements34 KB (5,514 words) - 15:11, 22 March 2022
- AEPD (Spain) - TD/00129/2020 (category Article 4(1) GDPR)C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es Page 3 3/7 THIRD: Article 12 of Regulation (EU) 2016/679, of April 27, 2016, General Data Protection22 KB (3,422 words) - 14:50, 13 December 2023
- AEPD (Spain) - TD/00263/2020 (category Article 13 GDPR)and the free circulation of these data (hereinafter, GDPR); and in article 47 of the Law Organic 3/2018, of December 5, Protection of Personal Data and22 KB (3,544 words) - 14:48, 13 December 2023
- AEPD (Spain) - PS/00254/2019 (category Article 4(12) GDPR)infringement of Article 32.1 of the GDPR typified as a serious infringement in Article 73 f) of the LOPDGDD and in Article 83.4 of the GDPR. For its part39 KB (6,341 words) - 14:23, 13 December 2023
- DSB (Austria) - D123.921/0005-DSB/2019 (category Article 12(3) GDPR)Steuerberatungsgesellschaft mbH (Art 15 Paragraph 1 GDPR) and a copy of this data in accordance with Art 15 Paragraph 3 GDPR cannot be made in view of the42 KB (6,592 words) - 13:58, 12 May 2023
- Datatilsynet (Norway) - 20/02291 (category Article 5(1)(f) GDPR)patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital45 KB (6,645 words) - 14:40, 28 March 2022
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- AEPD (Spain) - PS/00148/2019 (category Article 6 GDPR)minutes 3:11:51 and 3:11:57; The video (2) NUM001, between minutes 3:12:06 and 3:12:28; The video (3) NUM002, between the minutes 3:12:54 and 3:13:04; The48 KB (7,550 words) - 14:05, 13 December 2023
- AEPD (Spain) - TD/00254/2020 (category Article 15 GDPR)and the free circulation of these data (hereinafter, GDPR); and in article 47 of the Law Organic 3/2018, of December 5, Protection of Personal Data and25 KB (3,791 words) - 14:47, 13 December 2023
- UODO (Poland) - DKE.561.11.2020 (category Article 34(4) GDPR)(2), Article 60, Article 101, Article 101a and Article 103 of the Act of 10 May 2018 on personal data protection (Journal of Laws of 2019, item 1781) and46 KB (7,322 words) - 09:51, 17 November 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg81 KB (11,895 words) - 16:58, 6 December 2023
- CPDP (Bulgaria) - PNN-01-487/2021 (category Article 6(1)(a) GDPR)According to the Bulgarian DPA, a company violated Article 6(1) GDPR by sending pre-employment arrangements to a government agency while national law only27 KB (4,439 words) - 09:03, 9 February 2023
- Commissioner (Cyprus) - 11.17.001.009.048 (category Article 9(2)(h) GDPR)data under Article 9 GDPR, which can only be lawful if one of the exceptions of Article 9(2) GDPR apply. With respect to Article 9(2)(h) GDPR, the DPC held44 KB (7,042 words) - 13:53, 31 January 2024
- AEPD (Spain) - TD/00005/2020 (category Article 17 GDPR)interest in the field of public health in accordance with with Article 9(2)(h) and (i) and (3); (d) for archiving purposes in the public interest, for scientific23 KB (3,780 words) - 14:49, 13 December 2023
- UODO (Poland) - DKN.5131.29.2022 (category Article 28(3) GDPR)fulfill the requirements of Article 28 GDPR. The DPA concluded that the controller failed to comply with Article 28(1)(3) and (9) GDPR by not concluding a written48 KB (7,612 words) - 09:46, 25 April 2024
- DSB (Austria) - 2020-0.436.002 (category Article 15(1)(h) GDPR)Daten is therefore based on Article 15 (1) (h) GDPR, whereby specifically for information in accordance with Article 15 (1) (h) GDPR, the parameters / input28 KB (4,091 words) - 05:23, 14 August 2021
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose52 KB (7,520 words) - 13:13, 20 July 2021
- BVwG - W256 2234851-1 (category Article 15(1)(h) GDPR)meaningful information under Article 15(1)(h) GDPR when it does not carry out profiling within the meaning of Article 22 GDPR. On 22 February 2019, a data43 KB (6,684 words) - 08:28, 9 November 2023
- Tietosuojavaltuutetun toimisto (Finland) - 2889/161/21 (category Article 28(3) GDPR)agreement under Article 28 (3) of the general data protection regulation, so the agreement cannot be considered as an agreement under Article 28 (3) of the general40 KB (6,315 words) - 11:13, 22 September 2021
- Persónuvernd (Island) - 2022020363 (category Article 28(3) GDPR)and thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing142 KB (22,881 words) - 12:42, 16 January 2024
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- BGH - I ZR 7/16 (category Article 4(11) GDPR)meaning of Article 5(3) and Article 2(f) of Directive 2002/58/EC, as amended by Article 2(5) of Directive 2009/136/EC, in conjunction with Article 2(h) of Directive52 KB (8,575 words) - 15:55, 22 March 2022
- Datatilsynet (Norway) - 20/02191 (category Article 5(1)(f) GDPR)processing special categories of data, cf. Article 32(1)(b) GDPR, Article 32(1)(d), Article 24 and Article 35, cf. Article 5. In May 2019, a municipality reported38 KB (5,967 words) - 11:48, 7 May 2022
- PHR - 22/01253 (category Article 15 GDPR)personal data in that assessment pursuant to Article 15(1) GDPR. However, Article 23(1)(i) GDPR and Article 41 UAVG provide the possibility of a restriction241 KB (42,617 words) - 14:14, 13 September 2022
- AN - 578/2021 (category Article 5(1)(d) GDPR)appellant. This is one of the first cases of an Spanish Court dealing with the GDPR after it become applicable in 2018. Share blogs or news articles here! The26 KB (4,277 words) - 09:18, 26 July 2021
- AEPD (Spain) - PS/00112/2020 (category Article 13 GDPR)communications, as per Article 21(1) of the Spanish Law on Information Society Services (LSSI), as well as for the infringement of Article 13 of the GDPR. The decision29 KB (4,402 words) - 14:00, 13 December 2023
- GHAMS - 200.295.742/01 (category Article 15(1)(h) GDPR)information under Article 15(1)(h) GDPR (information on the existence of automated decision-making within the meaning of Article 22 GDPR) after their accounts3 KB (190 words) - 10:49, 5 April 2023
- CNIL (France) - SAN-2019-001 (category Article 4(11) GDPR)investigations, in accordance with Article 57(1)(a) and (h) of the RGPD. Moreover, the restricted formation notes that Article 80 of the EPMR provides for the90 KB (14,556 words) - 17:08, 6 December 2023
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)to persons concerned by the GDPR, including the right to complaint (Article 77 of the GDPR - also recognized in Article 8.3. of the Charter of Rights Decision73 KB (11,238 words) - 16:59, 12 December 2023
- Datatilsynet (Norway) - 20/01896 (category Article 5(2) GDPR)rating without a legal basis under Article 6(1)(f) GDPR and for not adhering to the accountability principle as per Article 5(2). The DPA also requires that28 KB (4,387 words) - 18:58, 5 March 2022
- NAIH (Hungary) - NAIH-4667-10/2022 (category Article 28(3)(c) GDPR)with Article 28 (3) point (e). In the event of the use of a data processor, in accordance with the provisions of the agreement pursuant to Article 28 of62 KB (9,999 words) - 10:21, 7 December 2022
- WSA Warsaw (Poland) - II SA/Wa 310/20 (category Article 28(3) GDPR)and accountability in connection with Article 28(1) GDPR, Article 28(3) GDPR, Article 28(10) GDPR and Article 29 GDPR, with regard to the processing of data56 KB (8,906 words) - 14:16, 20 September 2021
- CNPD (Portugal) - Deliberação 2022/140 (category Article 5(1)(e) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- AEPD (Spain) - EXP202100897 (category Article 6(1) GDPR)basis for the processing (Article 21(1) GDPR). Finally, the DPA fined the controller €12,000 for a violation of Article 6(1) GDPR due to the lack of a valid72 KB (11,671 words) - 13:34, 13 December 2023
- AEPD (Spain) - PS/00070/2019 (category Article 21(3) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- AEPD (Spain) - PS/00477/2019 (category Article 6 GDPR)LOPD. This resolution warns about the provisions of article 95.3 of the On the other part, article 95.3 of Law 39/2015, of October 1, on Administrative Procedure566 KB (93,179 words) - 13:43, 13 December 2023
- IMY (Sweden) - DI-2019-6696 (category Article 12(3) GDPR)required by Article 15(1)(a)-(h) and 15(2) GDPR via an online function. When Spotify provides a copy of personal data under Article 15(3) GDPR it includes157 KB (18,556 words) - 12:00, 28 June 2023
- Rb. Rotterdam - 9519423 \ CV EXPL 21-35975 (category Article 6(1)(e) GDPR)concerning him on the basis of Article 6 paragraph 1 under e and f GDPR. Pursuant to Article 17 paragraph 1 preamble and under c and d GDPR, the data subject has55 KB (9,218 words) - 12:22, 16 June 2023
- HDPA (Greece) - 2/2023 (category Article 4(7) GDPR)protected by article 5 par. 1 item a) GDPR, in conjunction with Article 13 GDPR and b) directs a reprimand, according to article 58 par. 2 b) GDPR, to the complained31 KB (5,021 words) - 16:15, 18 July 2023
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 28 GDPR)accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently144 KB (23,155 words) - 15:46, 6 December 2023
- AEPD (Spain) - PS/00003/2020 (category Article 5(1)(c) GDPR)of public space respect Article 5 (1) (c) GDPR? The AEPD held that the installation of a video surveillance system under Article 22 LOPDGDD must always50 KB (7,524 words) - 13:44, 13 December 2023
- BVwG - W101 2218962-1 (category Article 4(1) GDPR)associated with significant cost savings. 3.3. to A) 3.3.1. Applicable Law 3.3.1.1. The relevant provisions of the GDPR Article 4 definitions For the purposes of42 KB (6,586 words) - 09:33, 17 September 2022
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)Commissioner concerning contraventions of Article 5(2) and Article 35 UK GDPR by the Home Office ENFORCEMENT NOTICE H OME OFFICE 28 February 2024 Enforcement Notice129 KB (17,281 words) - 14:57, 10 April 2024
- VG Köln - 25 K 2138/19 (category Article 16 GDPR)claim was Article 16 GDPR, as § 12 Bundesmeldegesetz (BMG - Federal Registration Act) clarifies. Then, it held that the legal requirements of Article 16 GDPR39 KB (6,235 words) - 11:14, 15 June 2022
- Garante per la protezione dei dati personali (Italy) - 9880398 (category Article 5(1)(a) GDPR)the processing was lawful within the meaning of Article 5(1)(a) GDPR. According to Article 88 GDPR, the GDPR is applicable without prejudice to more protective123 KB (20,446 words) - 14:39, 13 June 2023
- AEPD (Spain) - PS/00030/2021 (category Article 28 GDPR)provided in the above transcribed art 28 of the GDPR. In this regard, add that the obligation provided in article 28.3.h) RGPD, using in the at the beginning73 KB (11,933 words) - 09:33, 2 June 2021
- Rb. Rotterdam - ROT 19/5030 (category Article 28 GDPR)The Directorate failed to provide the documents (required following Article 28(3) GDPR) to demonstrate that the purposes and means of processing were determined28 KB (4,560 words) - 15:01, 10 August 2021
- APD/GBA (Belgium) - 46/2022 (category Article 28 GDPR)erasure (Article 17 of the GDPR), the right to restriction (Article 18 GDPR), as well as the right of opposition (Article 21 GDPR) 91. Article 17 of the86 KB (12,864 words) - 06:37, 23 February 2023
- Commissioner (Cyprus) - 11.17.001.008.147 (category Article 28 GDPR)provided for in article 28(1) of the Regulation. 35. Additionally, the non-existence of an assignment contract, as provided for in article 28(3) of the Regulation53 KB (8,451 words) - 22:10, 28 February 2024
- Datatilsynet (Norway) - 20/01626 (category Article 5(1)(a) GDPR)processing as per Article 5(1)(b), nor legal grounds as per Article 6. In sum, the DPA found that NIF had breached Article 5(1)(a), (c) and (f), Article 6, and Article50 KB (8,081 words) - 18:52, 5 March 2022
- AEPD (Spain) - EXP202200429 (category Article 5(1)(c) GDPR)infringement of article 5.1.c) of the GDPR, in accordance with article 83.5.a) of the GDPR and 72.1.a) of the LOPDGDD. 2-That in application of article 58.2.c)56 KB (9,356 words) - 10:43, 13 December 2023
- UODO (Poland) - ZSZZS.440.768.2018 (category Article 83(3) GDPR)with Article 5 paragraph 1 point c, Article 9 paragraph 1, Article 58 paragraph 2 point f, point g and point i and with Article 83 paragraph 2 and 3, Article32 KB (5,139 words) - 10:02, 17 November 2023
- RvS - 201902604/1/A3 (category Article 15 GDPR)hundred and fifty-nine euros). Thus determined by C.H.M. van Altena, chairman, and G.M.H. Hoogvliet and H.C.P. Venema, members, in the presence of S. Langeveld-Mak20 KB (3,234 words) - 12:01, 24 March 2022
- BVwG - W214 2233132-1/27E (category Article 15 GDPR)also met. 3.3. In the matter 3.3.1. Legal situation: Article 12 of Regulation (EU) 2016/679 of the European Parliament and of the CouncilArticle 12, of Regulation87 KB (14,194 words) - 10:07, 15 February 2024
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)the light of Article 13 of the AVG. In this respect, the Inspectorate refers to column 3 of the table below.3 Column 1 Column 2 Column 3 Privacy policy107 KB (17,697 words) - 16:52, 12 December 2023
- TGI Paris - N° 14/07224 (category Article 5(1)(d) GDPR)articles L.111-1, L.111-2, L.111-3, L.221- 15, L.224-30, L.224-29, L.224-33, L.212-1, L.212-3, L.2141-1, L.211-1, L.232-1, R.631-3, L.621-1, L.621-2, L.621-7392 KB (67,730 words) - 15:27, 17 March 2022
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- AP (The Netherlands) - 10.12.2020 (Booking.com) (category Article 33(1) GDPR)pursuant to Article 55 In section 3.3 it was established that Booking is the data controller. In section 3.1, the AP established that, pursuant to Article 56 of77 KB (12,915 words) - 17:15, 12 December 2023
- BVwG - W211 2231475-1 (category Article 28 GDPR)controller (“verlängerter Arm”) (cmp. Article 29 GDPR). If the processing of data is in accordance with Article 6 GDPR, the controller is free to deploy a60 KB (9,653 words) - 17:28, 2 February 2022
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)then enter a password before gaining access to the computer. 3.3.3 Control of logging 3.3.3.1 Facts The OLVG information security & privacy policy states67 KB (11,415 words) - 17:15, 12 December 2023
- DSB (Austria) - 2023-0.637.760 (category Article 31 GDPR)powers (Article 58, paragraphs 1 and 2 of the GDPR). The DSB is a supervisory authority within the meaning of Article 51 GDPR Article 51, GDPR (see also82 KB (13,593 words) - 11:03, 24 January 2024
- UODO (Poland) - DKN.5131.11.2020 (category Article 57(1)(h) GDPR)the Foundation. The DPA held that the Foundation violated Article 33(1), Article 34(1) GDPR by failing to notify the DPA of a personal data protection51 KB (8,179 words) - 12:07, 11 August 2021
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)made to the GDPR, it follows that the "consent" provided for in Article 5, paragraph 3, of the "ePrivacy" directive as transposed in article 82 of the "Informatique82 KB (13,428 words) - 17:02, 6 December 2023
- DSB (Austria) - DSB-D213.1759 (category Article 5(1)(c) GDPR)hereinafter: GDPR), OJ L 119, 4 May 2016, p. 1.: Article 4, Article 5 Paragraph 1 Letter c, Article 6, Article 12 Paragraph 3, Article 51 Paragraph 172 KB (11,993 words) - 14:21, 10 April 2024
- AEPD (Spain) - EXP202211953 (category Article 5(1)(a) GDPR)adequate information under Article 13 GDPR, and for the processing of personal data in a manner contrary to Article 5(1)(a) of the GDPR. A data subject submitted85 KB (13,042 words) - 12:42, 13 December 2023
- infractions of article 48 of Law 9/2014, of May 9, General of Telecommunications (hereinafter LGT), in accordance with the provisions of the article 84.3 of the34 KB (5,222 words) - 12:58, 13 December 2023
- AEPD (Spain) - PS/00065/2020 (category Article 13 GDPR)required by Article 13 of the GDPR GDPR. The form used violated Article 13 of the GDPR conduct that is subsumi- ble under Article 83(5) of the GDPR, which provides:61 KB (9,973 words) - 13:55, 13 December 2023
- Datatilsynet (Norway) - 20/04401 (category Article 6(1) GDPR)implications. 5.3. Relevant practice related to the Personal Data Regulations § 4-3 - «factual need» According to the Personal Data Regulations § 4-3, credit assessment40 KB (5,988 words) - 19:04, 5 March 2022
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA was206 KB (30,485 words) - 09:54, 14 December 2023
- AEPD (Spain) - PS/00261/2021 (category Article 6(1) GDPR)in charge and the person in charge, as stipulated in the Article 28, paragraph 3, of the GDPR. In this regard, Guidelines 07/2020 on the concepts of "responsible34 KB (5,536 words) - 19:04, 16 May 2022
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(1) GDPR)fine are set out in Article 83 of the General Data Protection Regulation. contained in Article. In the event of a breach of Article 5 of the General Data67 KB (10,492 words) - 10:11, 17 November 2023
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- IP - 07121-1/2020/2187 (category Article 9(2)(h) GDPR)processing that one of the separate legal bases set out in Article 6 (1) in conjunction with Article 9 (2) of the General Regulation is met. This means that13 KB (1,905 words) - 14:28, 4 February 2021
- VG Mainz - 1 K 584/19.MZ (category Article 9(1) GDPR)measures pursuant to Article 58 (2) (d) DSGVO were announced - this error would in any case have been remedied pursuant to Article 45 (1) no. 3 VwVfG by the fact58 KB (9,665 words) - 08:51, 25 November 2020
- AEPD (Spain) - PS/00006/2022 (category Article 12 GDPR)violation of the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned54 KB (8,870 words) - 10:43, 13 December 2023
- AEPD (Spain) - PS/00151/2021 (category Article 28(3) GDPR)controller €5000 for the infringement of Article 28(3) GDPR. Besides that, AEPD fined the controller €2000 for infringing Article 22 of the Spanish Law implementing53 KB (8,628 words) - 15:44, 13 July 2022
- VG Hamburg - 21 K 1802/21 (category Article 9(2)(h) GDPR)V, § 3 BKRG, §§ 2 ff. HmbKrebsRG Article 9 (1) GDPR, Article 6 (1) GDPR, Article 5 (1) in conjunction with Articles 12, 13 and/or Article 14 GDPR and/or115 KB (18,479 words) - 16:31, 25 January 2023
- CBB - 20/935 (category Article 17 GDPR)visiting address of the Foundation against the conditions for this in Article 51(3)(a) to (e) of the Hrb 2008, including the condition of a probable threat13 KB (1,931 words) - 11:36, 10 November 2022
- under Article 82 UK-GDPR and sections 168 and 169 of the Data Protection Act (DPA) 2018. The defendant applied for the claim to be struck out under 3.4(2)(a)61 KB (8,986 words) - 08:40, 22 February 2022
- AP (The Netherlands) - 10.12.2020 (locatefamily.com) (category Article 27(1) GDPR)personal data within the meaning of Article 4, opening words and (1) of the AVG. Based on Article 2, paragraph 1 and Article 3, paragraph 2, of the AVG, the38 KB (6,339 words) - 17:14, 12 December 2023
- LAG Schleswig-Holstein - 1 Sa 148/22 (category Article 15(3) GDPR)the data subject requested his personal information (Article 15 (1) GDPR and Article 15 (3) GDPR) from the controller. On the same day, the data subject51 KB (8,324 words) - 15:52, 18 January 2024
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- Datatilsynet (Norway) - 18/02579 (category Article 5(1)(f) GDPR)subsequent violations of Article 32(1)(b) GDPR and Article 32(1)(d) GDPR and of the principle of accountability as foreseen in Article 5(2) GDPR read in conjunction41 KB (6,337 words) - 18:52, 5 March 2022
- APD/GBA (Belgium) - 07/2021 (category Article 5(1) GDPR)infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been72 KB (11,208 words) - 16:51, 12 December 2023
- DSB (Austria) - 2022-0.021.739 (category Article 5(1)(c) GDPR)461/1969 as amended. : Article 6, Article 51, paragraph one, Article 57, paragraph one, letter h, Article 58, paragraph 2, letter f, GDPR of Regulation (EU)47 KB (7,599 words) - 15:38, 11 October 2023
- RvS - 201905709/1/A3 (category Article 15 GDPR)on the basis of Article 15 GDPR. To that extent, the decision of the Minister for Legal Protection was taken in breach of Article 15 GDPR, and the Court21 KB (3,425 words) - 12:57, 16 September 2021
- BlnBDI (Berlin) - 521.13874 (category Article 12(3) GDPR)an eBay-shop for violating Article 6(1) GDPR since they sent newsletters to a customer without consent, Article 12(3) GDPR for not responding to their13 KB (1,811 words) - 09:06, 12 November 2021
- HDPA (Greece) - 10/2024 (category Article 5(1)(f) GDPR)pursuant to Article 5(5)(a) of the GDPR. 1(f) of the GDPR. β. They have not implemented appropriate data protection policies to ensure t h a t t h e y a r25 KB (3,916 words) - 14:34, 24 April 2024
- Persónuvernd (Iceland) - 2020092288 (category Article 28(3) GDPR)the first paragraph. Article 6, Article 7, Article 12, 13 Article 24, Article 24, Article 25, Article 3 Article 28 and Article 32. Regulation (EU) 2016/679125 KB (20,768 words) - 13:06, 22 December 2021
- Commissioner (Cyprus) - 11.17.001.008.229 (category Article 5(2) GDPR)violation of Article 5(2) GPDR since the controller failed to demonstrate compliance with Article 5(1) GDPR and a violation of Article 44 GDPR since the controller56 KB (8,616 words) - 15:31, 6 March 2024
- Datatilsynet (Norway) - 0/02422 (category Article 12(3) GDPR)violation of Article 12(3) GDPR and Article 15 GDPR due to a failure to respond to an access request that was submitted around a month after the GDPR became162 KB (24,007 words) - 19:41, 15 February 2023
- NAIH (Hungary) - NAIH-1743/2021 (category Article 5(1) GDPR)pursuant to Article 58 (2) (b) of the GDPR. condemns the Applicant for violating Article 5 (1) (a) of the GDPR; (b) and (c), Article 6 and Article 9. (50)47 KB (7,131 words) - 11:05, 21 January 2022
- Rb. Amsterdam - C/13/702849 / HA ZA 21-526, C/13/706680 / HA ZA 21-789 and C/13/706842 / HA ZA 21-794 (category Article 79 GDPR) (section TikTok Ireland: jurisdiction under the GDPR)follows from Article 80 of the GDPR that representatives of interests can rely on Article 79, paragraph 2 of the GDPR. Finally, the GDPR is not an exclusive92 KB (15,064 words) - 12:26, 28 June 2023
- FG Nürnberg - 3 K 596/22 (category Article 6(3) GDPR)legislator used the open clause of Article 6(1)(c) and (e) GDPR, in combination with Article 6(2) and Article 6(3) GDPR, to create a legal basis for the38 KB (6,277 words) - 08:12, 18 May 2023
- Commissioner (Cyprus) - 1.17.001.007.270 (category Article 5(1)(a) GDPR)rescission of X's membership, AAEA had violated Article 5(1)(a) GDPR, Article 6(1) GDPR and Article 9(1) GDPR. The Commissioner therefore decided to impose64 KB (10,097 words) - 08:07, 27 October 2021
- AEPD (Spain) - EXP202206805 (category Article 5(1)(a) GDPR)by virtue of Article 83(2)(e) of the GDPR in order to gauge the illegality of the data controller’s actions. The AEPD, relying on Article 85 of Law 39/201537 KB (5,879 words) - 07:09, 4 October 2023
- AEPD (Spain) - EXP202204836 (category Article 15 GDPR)related to the GDPR. First, EasyJet told the DPA that they responded to the complainant by 01/04/2022. The DPA pointed out that Article 12(3) GDPR requires controller's52 KB (8,320 words) - 13:18, 14 February 2024
- AEPD (Spain) - PS/00427/2021 (category Article 6(1) GDPR)infractions of article 48 of Law 9/2014, of May 9, General Telecommunications (hereinafter LGT), in accordance with the provisions of the article 84.3 of the LGT23 KB (3,593 words) - 16:23, 26 January 2022
- GHAL - 200.256.426 (category Article 4(2) GDPR)on legitimate interests according to Article 6(1)(f) GDPR and that Ziggo had to comply with Article 6(4)(d) GDPR. The Court found that DFW had a legitimate40 KB (6,777 words) - 16:28, 15 March 2022
- APD/GBA (Belgium) - 137/2023 (category Article 28(3) GDPR)reprimanded for breach of Article 28(3) GDPR, and the municipality was reprimanded for violations of Article 14 GDPR and Article 12(1) GDPR for failure to take52 KB (7,789 words) - 11:38, 11 October 2023
- Rb. Rotterdam - ROT 19/3036 (category Article 28 GDPR)complied with the conditions set out in Article 6 of the GDPR . In his view, on the basis of Article 5(2) GDPR the controller has an accountability obligation33 KB (5,288 words) - 12:58, 16 September 2021
- AEPD (Spain) - PS-00446-2023 (category Article 6(1) GDPR)violates the principle of legality enshrined in article 6.1 of the RGPD, typified in article 83.5 a) of the GDPR. SAW In order to establish the administrative34 KB (5,141 words) - 09:28, 8 March 2024
- BVwG - W256 2235360-1 (category Article 4 GDPR)case law of the highest courts on Article 6(1)(e) of the GDPR, Article 9(2)(g) of the GDPR and Article 22 of the GDPR in connection with profiling. It was67 KB (10,431 words) - 08:39, 21 February 2024
- APD/GBA (Belgium) - 57/2021 (category Article 5(1)(a) GDPR)result of the violations of article 5.1 a), article 5.2, article 6.1, article 12.1, article 13.1 c) and d) and article 13.2 b) GDPR. 21. On 17 June 2020, the99 KB (15,064 words) - 14:05, 2 June 2021
- UODO (Poland) - DOKE.561.1.2023 (category Article 58(1)(a) GDPR)information and granting it access to personal data in accordance with Article 58 (1)(a) and (e) GDPR. The data subject filed a complaint with the Polish DPA, claiming45 KB (7,312 words) - 21:50, 8 August 2023
- AP (The Netherlands) - 24.03.2020 (category Article 4(15) GDPR)volition investigation into CP&A's compliance with Article 9, as well as Article 32 GDPR. Since Article 9 GDPR prohibits the processing of special categories48 KB (7,461 words) - 17:04, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 17FR/2021 (category Article 5(1)(c) GDPR)requirements of Article 5.1.c) of the GDPR and non-compliance with the requirements of article 5.1.e) of the GDPR. 10. On February 28, 2020, the inspected44 KB (6,212 words) - 08:28, 16 June 2021
- AEPD (Spain) - PS/00322/2021 (category Article 28(3)(f) GDPR)000 for the breach of Article 6 GDPR, €100,000 for the breach of Article 17 GDPR and €100,000 for the breach of Article 28 GDPR). Share your comments here52 KB (8,192 words) - 20:47, 22 February 2022
- AP (The Netherlands) - Decision of 18 December 2023 (category Article 35 GDPR)be equivalent to a DPIA under Article 35 GDPR. For this reason, the AP held that the controller violated Article 35(1) GDPR. In this, the AP considered it55 KB (8,007 words) - 09:50, 24 January 2024
- AEPD (Spain) - PS/00126/2021 (category Article 6(1) GDPR)negligence of the infringement (Article 83(2)(b) GDPR) the impact on basic personal identifiers (Article 83(2)(g) GDPR) Share your comments here! Share26 KB (3,922 words) - 13:10, 9 June 2021
- UODO (Poland) - DKN.5131.33.2021 (category Article 57(1)(h) GDPR)the breach, pursuant to the obligation expressed in Article 34 GDPR, in conjunction with Article 12 GDPR. Based on this assessment, the DPA issued an administrative81 KB (13,351 words) - 14:48, 2 March 2022
- CJEU - C-40/17 - Fashion ID (category Article 80 GDPR)arguing that it wasn’t a controller within the definition set out under Article 2(d) Directive 95/46 and that NRW did not have legal standing to bring a6 KB (492 words) - 13:09, 1 June 2023
- APD/GBA (Belgium) - 49/2023 (category Article 6(1)(e) GDPR)scope of Article 9(1) GDPR. Since Article 9 GDPR was not applicable, the DPA examined the lawfulness of the processing under Article 6(1)(e) GDPR which was57 KB (8,705 words) - 11:48, 16 May 2023
- Datatilsynet (Norway) - 20/02225 (category Article 5(2) GDPR)dissuasive" as per Article 83(1). In addition to a breach of Article 6(1)(f), the lack of organisational measures pursuant to Article 5(2) was weighted45 KB (7,286 words) - 18:55, 5 March 2022
- Datatilsynet (Norway) - 20/01727 (category Article 28(3) GDPR)Violating Article 28(3) GDPR for not having a data processing agreement in place; Violating Article 32(2) GDPR, cf. Article 5(1)(f) GDPR and Article 5(2) GDPR53 KB (7,990 words) - 08:37, 6 October 2021
- LG Rostock - 3 O 762/19 (category Article 28 GDPR)pursuant to Art. 13(1)(c) GDPR, (3) Insofar as the application refers to Article 7 (3) sentence 3 and Article 21 (4) of the GDPR, this is sufficient, as103 KB (16,959 words) - 13:58, 20 September 2021
- GHDHA - 200.291.947/01 (category Article 6(1)(f) GDPR)deletion request, the Court examined Article 6(1)(f), Article 17, and Article 21 GDPR. The second sentence of Article 21(1) stipulates that the controller41 KB (6,941 words) - 10:56, 17 November 2021
- AEPD (Spain) - EXP202300944 (category Article 4(11) GDPR)in response to the LPBCFT before the TGSS. III Article 6.1 of the GDPR According to article 6 of the GDPR “Legitimacy of processing: 1. Treatment will only76 KB (11,351 words) - 09:28, 24 April 2024
- AEPD (Spain) - PS/00188/2021 (category Article 6(1) GDPR)transferred the claimed on January 28, 2021, in accordance with the provisions in article 65.4 of the Organic Law 3/2018, of December 5, on Data Protection33 KB (5,242 words) - 11:42, 11 August 2021
- ICO (UK) - Tuckers Solicitors LLP (category Article 5(1)(f) GDPR)of the GDPR. 17. By Article 57(1) of the GDPR, it is the Commissioner's task to monitor and enforce the application of the GDPR. 18. By Article 58(2)(d)87 KB (10,588 words) - 14:32, 16 March 2022
- AEPD (Spain) - PS/00301/2020 (category Article 5(1)(d) GDPR)B28905784, for an infringement of the article 5.1.d) of the GDPR, in accordance with article 83.5 a) of the GDPR, with a fine of 10,000 euros (ten honey28 KB (4,554 words) - 11:33, 30 June 2021
- BVwG - W211 2225136-1 (category Article 5 GDPR)objected to its processing pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore39 KB (6,244 words) - 09:40, 10 September 2021
- Gerechtshof Den Haag - 200.271.226/01 (category Article 21(1) GDPR)and the assessment of a removal request - on the basis of (Article 21(1) of) the AVG. 3.5 Grief 3 argued that the repossession, which gave rise to the registration20 KB (3,205 words) - 12:23, 4 October 2021
- BVwG - W245 2247035-1/8E and W245 2251274-1/6E (category Article 12 GDPR)Clause 1 GDPR) to the "How" (Article 15 Paragraph 1 Clause 2 lit. a-h, Paragraph 2 GDPR) to the "What" ( Art 15 para. 1 clause 2, para. 3 GDPR). If the51 KB (8,535 words) - 09:16, 1 February 2023
- AEPD (Spain) - EXP202210101 (category Article 6(1) GDPR)on August 3, 2022. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 2/28 SECOND: In accordance with article 65.4 of Organic Law 3/2018, of 585 KB (13,823 words) - 12:51, 3 April 2024
- Datatilsynet (Norway) - 21/03126 (category Article 33(1) GDPR)purposes of Article 4(16) GDPR." Consequently, the DPA concluded that the cooperation mechanism and procedure set out in Article 56(1) GDPR and Article 60 GDPR133 KB (19,309 words) - 05:16, 24 March 2023
- ICO (UK) - Cabinet Office (category Article 5(1)(f) GDPR)the GDPR and DPA 2018. They are obliged by Article 5(2) of the GDPR to adhere to the data processing principle set out in Article 5(1). 8. Article 5(1)(f)79 KB (10,566 words) - 10:48, 7 December 2021
- FG Berlin-Brandenburg - 16 K 5148/20 (category Article 15(3) GDPR)interpretation of the GDPR. Second, the court argued with the drafting history of the GDPR which connects Article 15(3) GDPR to Article 20(1) GDPR, showing that45 KB (7,420 words) - 18:15, 12 March 2024
- VGW - VGW-101/042/791/2020-44 (category Article 15(1)(h) GDPR)that Article 3, Article 5, Article 6, Article 7 paragraph 1, Article 8, Article 9 paragraph 1 subparagraph 2, Article 9 paragraphs 3 and 4, Article 10 paragraph90 KB (14,726 words) - 14:01, 23 October 2023
- DSB (Austria) - 2023-0.594.826 (category Article 3 GDPR)under Article 3 GDPR was also fulfilled, as the controller had an official seat in Vienna. In general, the material scope under Article 2(1) GDPR would56 KB (8,692 words) - 14:58, 10 April 2024
- AEPD (Spain) - EXP202104896 (category Article 9(2) GDPR)Federation, B.B.B., citing article 9.3 of the GDPR. 10) Regarding economic sanctions, for the infringement of article 6.1 of the GDPR, contemplated in the provisions103 KB (17,238 words) - 13:27, 3 April 2023
- NSS - 10 As 190/2020 - 39 (category Article 32 GDPR)body within the meaning of Article 83(7) GDPR. In interpreting what amounts to a public authority or body under Article 83(7) GDPR, the NSS held that such34 KB (5,374 words) - 04:32, 28 April 2022
- UODO (Poland) - DKN.5110.12.2021 (category Article 33(1) GDPR)controller violated Article 33(1) GDPR by not notifying the DPA of the data breach. Consequently, the DPA issued a fine of approximately €3,492 (16,000 PLN)51 KB (8,343 words) - 14:16, 15 June 2022
- HDPA (Greece) - 4/2023 (category Article 5(1)(a) GDPR)the EU Article 28: Processor of processing (regulations) Article 28.3: Arrangements of a contract (or other legal act) with processors Article 29: Processing10 KB (1,249 words) - 12:16, 8 May 2023
- RvS - 202001436/1/A2 (category Article 15(3) GDPR)under Article 15(3) of the GDPR from Zilveren Kruis, Stichting Philadelphia Zorg, Stichting Cordaan and another party. On 30 August 2018 and 28 September21 KB (3,368 words) - 20:43, 26 July 2020
- Garante per la protezione dei dati personali (Italy) - 9909235 (category Article 5(1)(a) GDPR)accounts of three of its former employees in violation of Article 5(1) GDPR and Article 13 GDPR. GEICO S.p.A., the controller, was the employer of the three90 KB (14,258 words) - 14:14, 3 January 2024
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 5(1)(b) GDPR)thereby violating Article 12 (1) and Article 14 (1) points a) and c), as well as Article 14 (2) b), c) and e) of the GDPR points. 3.5. Customer 1's data140 KB (23,189 words) - 08:25, 20 February 2024
- Rb. Gelderland - C/05/400739 / KG ZA 22-54 (category Article 5 GDPR)himself, this principle is elaborated in Article 14 of the GDPR. It follows from Article 14(1)(d) of the GDPR that the controller must inform the data21 KB (3,270 words) - 15:32, 11 May 2022
- Garante per la protezione dei dati personali (Italy) - 9845156 (category Article 5 GDPR)the type of data) are: Article 9(2)(h) GDPR (necessary for the purposes of preventive or occupational medicine); Article 9(2)(i) GDPR (for reasons of public128 KB (20,856 words) - 12:32, 14 March 2023
- AEPD (Spain) - PS/00501/2021 (category Article 5(2) GDPR)infractions of article 48 of Law 9/2014, of May 9, General Telecommunications (hereinafter LGT), in accordance with the provisions of the article 84.3 of the LGT26 KB (3,914 words) - 12:38, 2 February 2022
- ICO (UK) - The Central Young Men’s Christian Association (category Article 5(1)(f) GDPR)the UK GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the UK GDPR. Article 5(2)54 KB (7,579 words) - 16:44, 7 May 2024
- APD/GBA (Belgium) - 72/2021 (category Article 12(3) GDPR)conditions provided for in Article 6.1.e) are met by the species. Under Article 6.3.b) and recital 45 of the GDPR, processing based on Article 6.1.e) must meet two57 KB (8,330 words) - 11:53, 30 June 2021
- VG Wiesbaden - 6 K 788/20.WI (category Article 15(1)(h) GDPR)information under Article 15(1)(h) of the GDPR, the right of data subjects to object under Article 21(1)(1)(2) of the GDPR and - in essence - in Article 22 of the52 KB (8,534 words) - 12:58, 15 December 2021
- AEPD (Spain) - PS/00178/2021 (category Article 5(1)(f) GDPR)claimed party, for the alleged violation of article 32 of the RGPD and article 5.1.f) of the RGPD, typified in article 83.5 of the RGPD. FIFTH: The initiation20 KB (3,078 words) - 14:26, 24 November 2022
- Datatilsynet (Norway) - 23/00708 (category Article 57(1)(h) GDPR)per Article 57(1)(a) GDPR, Article 57(1)(h) GDPR, cf. Article 58(1)(a) GDPR, Article 58(1)(b) GDPR, Article 58(1)(e) GDPR and Article 58(1)(f) GDPR. The59 KB (8,718 words) - 14:50, 20 December 2023
- NAIH (Hungary) - NAIH-7058-5/2022 (category Article 6(1) GDPR)processing to be unlawful. The processing violated Article 7(2) GDPR, Article 7(4) GDPR and Article 6(1)(a) GDPR. The controller was fined 2,000,000 HUF (approx66 KB (10,499 words) - 08:55, 10 February 2023
- AEPD (Spain) - PS/00132/2022 (category Article 6(1) GDPR)above aspects may constitute a breach of Article 13 of the GDPR. Article 13 of the GDPR. In this regard, Article 72.1.h) of the LOPDGDD, considers as very serious52 KB (8,416 words) - 12:59, 13 December 2023
- ICO (UK) - HIV Scotland (category Article 5(1)(f) GDPR)under the GDPR. 14. By Article 57(1) of the GDPR, it is the Commissioner'task to monitor and enforce the application of the GDPR. 15. By Article 58(2)(d)of55 KB (6,916 words) - 07:27, 26 October 2021
- GHDHA - 200.290.360-01 (category Article 12(3) GDPR)legislative measure that serves one of the objectives listed in Article 23, namely Article 23(1)(i) GDPR. After all, the Court of first instance notes, “compliance35 KB (5,770 words) - 07:13, 4 April 2022
- AEPD (Spain) - PS/00189/2021 (category Article 6(1) GDPR)Vodafone processed personal data without a legal basis according to Article 6(1) GDPR. The complainant has been a victim of identity theft with the data23 KB (3,387 words) - 09:55, 22 September 2021
- AEPD (Spain) - PS/00388/2022 (category Article 32(1) GDPR)has not violated the article 15 of the GDPR, infringement typified in article 83.5 a) of the GDPR. IV. Secondly, article 32 of the GDPR "Security of treatment"72 KB (11,730 words) - 08:54, 19 July 2023
- DSB (Austria) - DPA 2023-0.594.826 (category Article 3 GDPR)under Article 3 GDPR was also fulfilled, as the controller had an official seat in Vienna. Moreover, the material scope under Article 2(1) GDPR also applied56 KB (8,709 words) - 14:27, 10 April 2024
- GHAMS - 200.295.747/01 (category Article 15(1)(h) GDPR)a) The scope of Article 15(1)(h) AVG 3.28 The Court will first address the scope and conditions of application of Article 15 (1) (h) AVG, as this provision80 KB (13,304 words) - 13:05, 12 April 2023
- Garante per la protezione dei dati personali (Italy) - 9864063 (category Article 5(1)(b) GDPR)services pursuant to Article 123(3) of the Code. The Italian DPA observed that the definition of 'traffic data' proposed by Article 121 Code would be too152 KB (24,743 words) - 14:39, 21 March 2023
- VGH Baden-Württemberg - 1 S 1739/20 (category Article 5 GDPR)Section 3 (3) sentence 1 CoronaVO Restaurants. The data must be deleted by the operator four weeks after being collected (§ 2 Para. 3 Sentence 3 CoronaVO66 KB (10,911 words) - 08:49, 21 June 2022
- AEPD (Spain) - PS-00507-2022 (category Article 4(1) GDPR)were initiated, based on Article 63 and Article 64 LPACAP and an infringement of Article 6(1) GDPR typified in Article 83(5) GDPR. After the proceedings49 KB (7,832 words) - 10:54, 22 January 2024
- VGH München - 11 ZB 22.895 (category Article 17 GDPR)drives and that this obligation was not contrary to Article 6(1) GDPR. Pursuant to Article 6(1)(f) GDPR, a controller may use the legal basis of legitimate22 KB (3,613 words) - 13:20, 31 August 2022
- ICO (UK) - Monetary Penalty Notice to Easylife Limited (category Article 5(1)(a) GDPR)in the GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the GDPR. Article 5(2) makes77 KB (9,347 words) - 07:39, 13 October 2022
- Rb. Zeeland-West-Brabant - AWB- 20 7155 VV (category Article 6(1)(e) GDPR)Office (BKR) with a debt arrangement (SR). On 28 May 2020, the applicant requested, with reference to Article 21 of the General Data Protection Regulation15 KB (2,218 words) - 08:57, 28 July 2020
- RVS - 202105980/1/A3 (category Article 15 GDPR)Authorities to receive the information as referred to in Article 15, paragraph 1 a to h GDPR." 3.1. The Division agrees with the judgment of the District15 KB (2,191 words) - 16:02, 19 April 2023
- Rb. Amsterdam - ECLI:NL:RBAMS:2323:6530 (category Article 6(1)(a) GDPR)for the purposes of Article 26 GDPR. It held that their cookie practices were (i) in violation of Article 6(1)(a) GDPR, and (ii) Article 11.7a of the Dutch47 KB (7,636 words) - 13:42, 6 November 2023
- APD/GBA (Belgium) - 10/2023 (category Article 12(3) GDPR)set out by Article 12(4) GDPR. The DPA ordered the controller to comply with the access request pursuant Article 58(2)(c) GDPR and Article 95(1)(5) LCA14 KB (1,967 words) - 15:07, 22 February 2023
- APD/GBA (Belgium) - 141/2022 (category Article 17(3) GDPR)under Article 10 ECHR and Article 11 of the Charter. The DPA also added the GDPR provided an exception to its own, specifically Article 17(3)(a) GDPR, which25 KB (3,628 words) - 16:09, 9 November 2022
- (“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)32 KB (5,066 words) - 09:04, 14 February 2022
- Rb. Amsterdam - AMS 22/1414 (category Article 17 GDPR)defendant. 4.3. The request to delete the BKR registration must be regarded as a request under the General Data Protection Regulation (GDPR). Article 34 of the12 KB (1,857 words) - 14:27, 20 April 2022
- RVS - 202004314/1/A3 (category Article 4(1) GDPR)to in Articles 15 to 22 of the GDPR. This follows from Article 34 of the GDPR Implementation Act. Article 21 of the GDPR is entitled to object. That right46 KB (7,313 words) - 11:27, 3 March 2022
- OLG Dresden - 4 U 760/19 (category Article 82(1) GDPR)between the parties). With regard to Article 99(2) GDPR, the Court already expressed doubts as to whether Article 82 GDPR is applicable to the deletion/blocking22 KB (3,547 words) - 15:53, 10 March 2022
- BGH - VI ZB 39/18 (category Article 6(1)(c) GDPR)democratic society as required under Article 23(1)(j) GDPR. Moreover, the exception provided for under Article 6(4) GDPR which allows processing for different53 KB (8,894 words) - 15:56, 22 March 2022
- AEPD (Spain) - PS/00410/2020 (category Article 6(1)(a) GDPR)do- as established in article 2.2 of the RGPD and article 2.2.a) of the LO- PDGDD, the following should be noted: it says to article 2.2 of the RGPD: "two47 KB (7,334 words) - 17:00, 14 December 2022
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 7(4) GDPR)time tracking system, due to a lack of compatibility with Article 7(4) and Article 35(9) of GDPR. KEO PLC decided to upgrade its ERP system, whose upgrade56 KB (8,913 words) - 16:52, 6 December 2023
- BVwG - W214 2228346-1 (category Article 4(1) GDPR)met. 3.3. to part A): 3.3.1 Legal situation: The contested authority based its decision on the following legal bases: Article 12, Article 15, Article 57(1)(f)65 KB (10,246 words) - 09:42, 10 September 2021
- Rb. Amsterdam - C/13/689705/HA RK 20-258 (category Article 15 GDPR)incomplete data provision. 3.3. The request under I (iii) is based on Articles 15, paragraph 1, opening words and under h and 22 GDPR (automated decision-making57 KB (9,498 words) - 20:42, 28 April 2021
- UODO (Poland) - DKN.5112.5.2021 (category Article 5(1)(a) GDPR)GDPR obliges the controller to demonstrate compliance with GDPR provisions, this includes obtaining proof of consent in line with Article 7(1) GDPR. Especially82 KB (13,363 words) - 14:11, 18 January 2023
- Rb. Gelderland - C/05/391171 / HA RK 21-135 (category Article 5(1)(c) GDPR)registers removed is rejected. 6(1)(f) of the GDPR, [applicant] can rely on Article 21 of the GDPR. Article 21 GDPR gives a data subject the right to object56 KB (9,287 words) - 16:00, 26 January 2022
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- NAIH (Hungary) - NAIH-5802-9/2022. (category Article 5(1)(a) GDPR)violated Article 14(1) and (2) GDPR. Because it failed to provide clear and transparent information, the controller also violated Article 12(1) GDPR. The DPA120 KB (19,907 words) - 10:48, 9 November 2022
- DSB (Austria) - 2021-0.119.956 (category Article 15(3) GDPR)information. b.) On the right to a copy (Article 15, Paragraph 3, GDPR)b.) On the right to a copy (Article 15, Paragraph 3, GDPR) The right to a copy of data in50 KB (8,021 words) - 15:40, 18 January 2024
- Persónuvernd (Iceland) - 2021091678 (category Article 6 GDPR)that justify it. This monitoring should rely on a legal basis under Article 6 GDPR. In this case, the DPA assessed whether the legitimate interest could16 KB (2,425 words) - 15:58, 19 April 2023
- Datatilsynet (Norway) - 20/02376 (category Article 24(1) GDPR)for conducting risk assessments. Both Article 24 and Article 32 GDPR impose such an obligation. Considering the individual case a thorough assessment would38 KB (5,620 words) - 07:40, 4 October 2021
- OLG Dresden - 4 U 1278/21 (category Article 4(1) GDPR)personal data according to Article 4(1) GDPR, and that the data subject had a right to erasure pursuant to Article 17(1)(d) GDPR. According to the OLG Dresden31 KB (5,060 words) - 07:47, 16 March 2022
- IP - 0610-376/2020/35 (category Article 13(1) GDPR)act, which must contain certain prescribed components (Article 28 of the General Regulation). Article 13 (1) of the General Regulation provides that where110 KB (17,995 words) - 11:15, 22 April 2021
- Persónuvernd - 2020010634 (category Article 6(1)(a) GDPR)the basis of Article 15. of the Regulation, cf. further discussion in Chapter II.3.3. below, which is laid down in the 5th paragraph. Article 12 her. That65 KB (10,686 words) - 09:50, 3 March 2021
- Rb. Gelderland - AWB-22/4722 (category Article 15 GDPR)chosen method of provision meets the purpose of Article 15(3) of the GDPR.11 Judgment of the court 11.3. This ground of appeal fails. In the primary decision35 KB (5,609 words) - 06:56, 18 October 2023
- Rb. Noord-Holland - HAA 19/4807 (category Article 12(3) GDPR)access to personal data relating to him under the AVG and that, in view of Article 12(3) of the AVG, the opponent should in principle have decided within one14 KB (2,262 words) - 22:02, 3 August 2020
- NAIH (Hungary) - NAIH-175-12/2022 (category Article 5(1)(b) GDPR)data processing [Article 83 (2) (d) GDPR]; the personal data collected are also special categories of personal data [Article 83 GDPR. Article 2 (2) (g)]; -112 KB (17,918 words) - 08:55, 24 March 2022
- Rb. Zeeland-West-Brabant - AWB - 21 373, 21 4309, 21 4310 (category Article 5(1)(a) GDPR)help him, since it is contrary to the text of the aforementioned Article 46, paragraph 3, opening words and letter b [addition of the court : of the 196421 KB (3,294 words) - 09:23, 7 July 2022
- Garante per la protezione dei dati personali (Italy) - 9751137 (category Article 5(1)(a) GDPR)fairness and transparency under Article 5(1)(a) GDPR, as well as the data subject’s right to information under Articles 12 and 13 GDPR, and issued a fine of €1041 KB (6,671 words) - 16:56, 23 March 2022
- Garante per la protezione dei dati personali (Italy) - 9817535 (category Article 5(2) GDPR)transparency from Article 5(1)(a) GDPR. Therefore, the controller violated the principle of accountability provided by Article 5(2) and 24 GDPR for the failure56 KB (8,922 words) - 10:20, 16 November 2022
- APD/GBA (Belgium) - 103/2023 (category Article 5(2) GDPR)issued a warning to a hospital group for non-compliance of Article 32 GDPR and Article 24 GDPR, as the hospital group had failed to implement the appropriate31 KB (4,549 words) - 11:50, 10 August 2023
- ICO (UK) - Mermaids (category Article 5(1)(f) GDPR)for by Article 51 of the GDPR. 13. By Article 57(1) of the GDPR, it is the Commissioner's task to monitor and enforce the application of the GDPR. 14. By58 KB (7,695 words) - 09:00, 28 July 2021
- Rb. Amsterdam - C/13/687315 / HA RK 20-207 (category Article 12(3) GDPR)the scope of Article 22 and therefore Article 15(1)(h) applies. They also claimed to have a right to data portability under Article 20(1) GDPR and that information82 KB (14,053 words) - 16:25, 25 March 2021
- FG München - 15 K 194/20 (category Article 2(1) GDPR)dossiers from the Finanzamt Neu-Ulm on 28.10.2019. The BayLfSt received a request to access under Article 15(1) GDPR on 07.11.2019. The data subject wanted17 KB (2,559 words) - 14:49, 27 July 2022
- AEPD (Spain) - PS/00119/2021 (category Article 6(1) GDPR)for an infraction of article 6.1 of the RGPD, typified in article 83.5 a) of the RGPD, and for the purposes of prescription in article 72.1.a) of the LOPDGDD28 KB (4,459 words) - 14:26, 24 November 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)(1) (3) of the Personal Data Act (523/1999). 3. The Data Protection Regulation is the law directly applicable in the Member States. However, Article 6 (2)41 KB (6,555 words) - 08:37, 4 March 2024
- LG Duisburg - 10 O 126/22 (category Article 82 GDPR)report under Article 33 GDPR and the obligation to provide information under Article 34 GDPR does not fall within the scope of Article 82 GDPR (see above)63 KB (10,478 words) - 09:40, 15 February 2024
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read131 KB (22,429 words) - 16:57, 12 December 2023
- AEPD (Spain) - EXP202104693 (category Article 6(1) GDPR)to the GDPR pursuant to Article 3(1) of the GDPR, so no EU representative is required in accordance with compliance with article 27 of the GDPR.” It does143 KB (23,267 words) - 08:54, 16 May 2023
- LG Bielefeld - 19 O 147/22 (category Article 24 GDPR)and Section 2 of the German Civil Code in conjunction with Article 6 (1) GDPR and Article 17 GDPR, the plaintiff is also not entitled to an injunctive relief37 KB (5,986 words) - 14:50, 9 May 2023
- APD/GBA (Belgium) - 143/2022 (category Article 12(3) GDPR)to comply with the request (Article 12(3) GDPR) or not (Article 12(4) GDPR). Without addressing a potential breach of the GDPR, the DPA ordered the controller23 KB (3,383 words) - 08:06, 3 November 2022
- Persónuvernd - 2020010428 (category Article 5(1)(f) GDPR)requirements of the first paragraph. Article 11 of the Act, cf. Paragraph 2 Article 9 Regulation. According to point 3 (b). Article 3 the law is health information47 KB (7,369 words) - 16:37, 19 March 2020
- Datatilsynet (Norway) - 20/01813 (category Article 5(1)(f) GDPR)safety for the processing of personal data under Article 32 GDPR, Article 24, Article 5(1)(f) and Article 5(2), as well as § 26(1) of the Personal Data Act36 KB (5,150 words) - 17:58, 31 October 2021
- Garante per la protezione dei dati personali (Italy) - 9995680 (category Article 28 GDPR)processing lack any applicable conditions found in Article 9(2) GDPR and was found in breach of Article 5(2) GDPR. Additionally, the Garante reiterated that the105 KB (16,849 words) - 11:58, 11 April 2024
- AEPD (Spain) - PS/00197/2020 (category Article 5(1)(b) GDPR)6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the Spanish Data129 KB (21,793 words) - 14:09, 13 December 2023
- NAIH (Hungary) - NAIH-5114-35/2022 (category Article 5(1)(e) GDPR)under Article 5(1)(e) GDPR by not taking any measures to ensure that the recordings were deleted after set limitation of 3 days, 3) Article 12(1) GDPR by146 KB (22,679 words) - 15:52, 3 May 2023
- VwGH - Ro 2020/04/0031-9 (category Article 6(1)(f) GDPR)use of your data 21 GDPR, he did not explain to what extent the Data processing based on Article 6 Paragraph 1 Letter f of the GDPR is nevertheless not74 KB (10,458 words) - 14:49, 27 March 2024
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)are subject to the GDPR pursuant to Article 3(2)(a) of this Regulation. B. On the competence of the CNIL 22. Article 55(1) of the GDPR provides that "each59 KB (9,566 words) - 17:03, 6 December 2023
- OVG Münster - 16 A 1582/21 (category Article 15(3) GDPR) (section Applicability of Articles 15(3)(1), 12(5)(1) GDPR)data electronically pursuant to Article 15(3)(3) GDPR, the controller generally has discretion under Article 12(1)(2) GDPR as to the form in which they provide123 KB (20,784 words) - 10:11, 26 November 2021
- Persónuvernd (Iceland) - Nr. 2020123144 (category Article 14 GDPR)with the applicable data protection law, and in particular with Article 14 of the GDPR. In Iceland, the processing of personal data relating to the creditworthiness19 KB (2,786 words) - 11:36, 22 September 2021
- AEPD (Spain) - PS/00080/2022 (category Article 5(1)(f) GDPR)data that was exposed fell within Article 9(1) GDPR. With this in mind, the Spanish DPA found a violation of Article 32 GDPR since the lack of security measures47 KB (7,265 words) - 10:05, 21 July 2022
- ICO (UK) - AMEX (category Article 4(11) GDPR)430 and 432(6)). 6. Consent is defined in Article 4(11) the General Data Protection Regulation 2016/679 ("GDPR") as "any freely given, specific, informed72 KB (8,623 words) - 10:38, 26 May 2021
- Rb. Zeeland-West-Brabant - AWB- 20 6846 (category Article 12(3) GDPR)Court considered that pursuant to Article 12(3) GDPR, data controllers must provide data subjects with information on Article 15 to 22 requests without delay12 KB (1,755 words) - 15:01, 10 November 2020
- LAG Düsseldorf - 12 Sa 186/19 (category Article 9 GDPR)entitled to a claim under Article 82 (1) GDPR, which he could also base on Article 823 (1) BGB in conjunction with Article 2 (1) and Article 1 (1) GG. The defendant120 KB (20,753 words) - 17:06, 7 March 2022
- IDPC (Malta) - EDPBI:MT:OSS:D:2019:70 (category Article 15 GDPR)under the GDPR and to keep within the legal timeframes; and also giving due regard to the circumstances contemplated under Article 83.2 of the GDPR and taking10 KB (1,255 words) - 13:48, 9 February 2022
- Helsingin hallinto-oikeus (Finland) - H5259/2022 (category Article 6 GDPR)the social and health authority of a city to had breached Article 6 GDPR and Article 10 GDPR by requesting data subjects to provide it with personal data43 KB (6,678 words) - 08:41, 4 March 2024
- VG Karlsruhe - 7 K 2578/22 (category Article 15(3) GDPR)personal data within the meaning of Article 4(1) GDPR and thus cannot be object of an access request under Article 15(3) GDPR. Making reference to CJEU case83 KB (13,935 words) - 10:24, 17 January 2024