Search results
From GDPRhub
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor should72 KB (9,140 words) - 13:12, 2 June 2023
- Article 33 GDPR (category GDPR Articles) (section (3) Minimal requirements of the controller's notification.)respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences54 KB (6,536 words) - 08:22, 16 June 2023
- Article 34 GDPR (category GDPR Articles) (section (3) Exemptions from the obligation to communicate to the data subject)not directly mentioned by Article 33(3)(b)-(d) GDPR could be shared as additional information by the controller Article 34(3) GDPR lists three exemptions37 KB (3,962 words) - 15:20, 16 June 2023
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 32 GDPR (category GDPR Articles) (section (3) Codes of conduct and certification mechanisms)DS-GVO BDSG, Article 32 GDPR, margin number 28 (C.H. Beck 2020, 3rd Edition). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- (see Article 52 GDPR) and shall be provided with various competencies (Articles 55, 56 GDPR), tasks (Article 57 GDPR) and powers (Article 58 GDPR). For125 KB (16,328 words) - 16:01, 8 March 2024
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- HDPA (Greece) - 52/2021 (category Article 28(3) GDPR)under Article 32(2), Article 32(4) GDPR and Article 28(3) GDPR, and also issued a reprimand against the controller for a breach of Article 28(3) GDPR. Seventeen8 KB (861 words) - 10:00, 22 December 2021
- AZOP (Croatia) - Decision 04-05-2023 (category Article 28(3) GDPR)with its transparency obligation. (2) Contrary to the provisions of Article 28(3) GDPR, the controller did not have a processing agreement with the processor12 KB (1,626 words) - 15:22, 30 October 2023
- AEPD (Spain) - TD/00044/2021 (category Article 28(3) GDPR)the DPA launched a proceeding. The AEPD determined that, according to Article 28(3)(e), the processor has the obligation to assist the controller in the22 KB (3,465 words) - 13:30, 13 December 2023
- HDPA (Greece) - 47/2022 (category Article 28(3) GDPR)data subject (Article 26 GDPR). The processing by the processor must, in accordance with the provisions of article 28 paragraph 3 of the GDPR, be governed25 KB (3,943 words) - 14:32, 28 September 2022
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 28(3) GDPR)obligations under Article 28 of the GDPR and the responsibilities arising from failure to comply with them. In fact, on the one hand, Article 28, paragraph 149 KB (7,758 words) - 15:44, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9524175 (category Article 28(3) GDPR)as by Article 28(2) and (3) The obligation to adopt technical and organizational measures to ensure the security of the processing as by Article 32. The20 KB (3,133 words) - 15:53, 6 December 2023
- AEPD (Spain) - PS/00280/2022 (category Article 28(3) GDPR)subjects and the obligations and rights of the controller'), as per Article 28(3) GDPR, was lacking. Additionally, the DPA highlighted that such contract30 KB (4,551 words) - 11:51, 9 February 2023
- APD/GBA (Belgium) - 22/2020 (category Article 28(3) GDPR)Those measures shall be reviewed and, where necessary, updated. Article 28.3 AVG "3. The processing by a processor shall be governed by a contract or35 KB (5,526 words) - 16:56, 12 December 2023
- Council of State - 251.378 (category Article 28(3) GDPR)ruling and the GDPR; breach of Article 28 GDPR (the choice of a the processor does not provide sufficient guarantees); breach of Article 32 GDPR (lack of appropriate40 KB (6,324 words) - 15:34, 1 September 2021
- AEPD (Spain) - EXP202208230 (category Article 28(3) GDPR)violation of article 28.2 typified in Article 83.4 a) GDPR. SIXTY THOUSAND EUROS (€60,000) for alleged violation of article 28.3 typified in Article 83.4 a)45 KB (6,904 words) - 13:12, 13 December 2023
- Datatilsynet (Denmark) - 2020-432-0037 (category Article 28(3) GDPR)of Article 32(1) GDPR due to the scope of the data mishandling and the sensitivity of the subject. Moreover, the Family Court violated Article 28(3) with46 KB (7,343 words) - 16:39, 6 December 2023
- Datatilsynet (Denmark) - 2019-431-0048 (category Article 28(3)(f) GDPR)reactivated according to plan. It follows from Article 28 (1) of the Data Protection Regulation Article 3 (3) (f) requires the data controller to assist the18 KB (2,633 words) - 16:36, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 28(3)(a) GDPR)reviewe the security of the data processed by the processor under Article 28(3)(a) and (h) GDPR. For these reasons, the responsibility of the security incident50 KB (8,001 words) - 15:52, 6 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 4) (category Article 28(3)(a) GDPR)processor, see Article 28(3)(a) GDPR. Document that all transfers of personal data to insecure third countries, are in line with the GDPR. Describe all25 KB (3,660 words) - 08:42, 14 September 2022
- CNIL (France) - SAN-2021-020 (redirect from CNIL (France) - Délibération SAN-2021-020 du 28 décembre 2021) (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- Persónuvernd (Iceland) - 2020061954 (category Article 28(3) GDPR)Hospital was incomplete with regards to several requirements set in Article 28(3) GDPR, and notably points b, c, e, f, g and h. For example, the processing88 KB (14,189 words) - 09:58, 7 December 2021
- UODO (Poland) - DKN.5130.2024.2020 (category Article 28(3) GDPR)art. 24 sec. 1, art. 25 sec. 1, art. 28 sec. 1 and 3 and article. 32 sec. 1 and 2, as well as art. 83 sec. 1 - 3, art. 83 sec. 4 lit. a) and art. 83 sec75 KB (12,104 words) - 09:58, 17 November 2023
- UODO (Poland) - DKN.5131.31.2021 (category Article 28(3) GDPR)violated Article 33(1) GDPR by failing to inform the DPA of the data breach. Second, the DPA held that the controller violated Article 28(1), (3) and (9)105 KB (17,237 words) - 09:22, 10 May 2023
- Persónuvernd (Island) - 2022020363 (category Article 28(3) GDPR)and thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing142 KB (22,881 words) - 12:42, 16 January 2024
- AEPD (Spain) - PS/00315/2020 (category Article 28(3)(g) GDPR)CIF A76539030, for a violation of article 28.3.g) of the RGPD, in accordance with article 83.4 b) of the RGPD, and article 74.k) of the LOPDGDD, with the62 KB (10,401 words) - 14:35, 21 November 2023
- UODO (Poland) - DKN.5130.1354.2020 (category Article 28(3)(h) GDPR)expressed in Article 5 (1 ) (a)) f, and reflected in the obligations set out in Article 24 (1), Article 25 (1), Article 32 (1 ) (b ) and (d) and Article 32 (2)74 KB (11,513 words) - 09:58, 17 November 2023
- APD/GBA (Belgium) - 04/2021 (category Article 28 GDPR)the GDPR. According to the defendant, this partner is thus not processor within the meaning of Article 4 (8) GDPR. Consequently, Article 28 (3) GDPR does113 KB (18,732 words) - 16:50, 12 December 2023
- CNIL (France) - SAN-2023-003 (category Article 28(3) GDPR)found a violation of Articles 5(1)(c) and 28(3) GDPR and imposed a fine of €100,000. For the violation of Article 82 of the Data Protection Act it imposed8 KB (971 words) - 07:54, 5 April 2023
- APD/GBA (Belgium) - 137/2023 (category Article 28(3) GDPR)reprimanded for breach of Article 28(3) GDPR, and the municipality was reprimanded for violations of Article 14 GDPR and Article 12(1) GDPR for failure to take52 KB (7,789 words) - 11:38, 11 October 2023
- Tietosuojavaltuutetun toimisto (Finland) - 2889/161/21 (category Article 28(3) GDPR)agreement under Article 28 (3) of the general data protection regulation, so the agreement cannot be considered as an agreement under Article 28 (3) of the general40 KB (6,315 words) - 11:13, 22 September 2021
- APD/GBA (Belgium) - 154/2023 (category Article 5(1)(b) GDPR)designated; Decision 154/2023 - 3/7 is obliged to rely on a processor who complies with the provisions of the GDPR (Article 28.1 GDPR) and concludes an agreement21 KB (3,034 words) - 15:30, 26 January 2024
- Tietosuojavaltuutetun toimisto (Finland) - 7099/183/2018 (category Article 28(3) GDPR)provider cannot be considered a processor as per Article 4(7) GDPR, Article 4(8) GDPR, and Article 28(3) GDPR. Therefore, the service provider acted as a data34 KB (5,367 words) - 08:14, 18 May 2022
- NAIH (Hungary) - NAIH-3561-4/2022 (category Article 28(3)(a) GDPR)45, and 46 GDPR the Controller based this transfer on, and whether the applicable Google terms of service complied with Article 28(3)(a) GDPR. Additionally13 KB (1,677 words) - 09:39, 14 November 2022
- Rb. Rotterdam - C/10/655051 KG ZA 23-243 (category Article 28(3) GDPR)(hereinafter: GDPR). 3.4. In March 2018, Blauw and Nebu concluded a processing agreement as referred to in Article 28 paragraph 3 of the GDPR, called the33 KB (5,443 words) - 06:20, 26 April 2023
- Datatilsynet (Denmark) - 2021-432-0056 (category Article 28(3)(a) GDPR)processor, see Article 28(3)(a) GDPR. Document that all transfers of personal data to insecure third countries, are in line with the GDPR. Describe all16 KB (2,135 words) - 16:52, 14 September 2022
- UODO (Poland) - DKN.5131.29.2022 (category Article 28(3) GDPR)fulfill the requirements of Article 28 GDPR. The DPA concluded that the controller failed to comply with Article 28(1)(3) and (9) GDPR by not concluding a written48 KB (7,612 words) - 09:46, 25 April 2024
- Datatilsynet (Norway) - 20/01727 (category Article 28(3) GDPR)Violating Article 28(3) GDPR for not having a data processing agreement in place; Violating Article 32(2) GDPR, cf. Article 5(1)(f) GDPR and Article 5(2) GDPR53 KB (7,990 words) - 08:37, 6 October 2021
- AEPD (Spain) - PS/00151/2021 (category Article 28(3) GDPR)controller €5000 for the infringement of Article 28(3) GDPR. Besides that, AEPD fined the controller €2000 for infringing Article 22 of the Spanish Law implementing53 KB (8,628 words) - 15:44, 13 July 2022
- WSA Warsaw (Poland) - II SA/Wa 310/20 (category Article 28(3) GDPR)and accountability in connection with Article 28(1) GDPR, Article 28(3) GDPR, Article 28(10) GDPR and Article 29 GDPR, with regard to the processing of data56 KB (8,906 words) - 14:16, 20 September 2021
- CNIL (France) - SAN-2021-012 (category Article 28(3) GDPR)the obligation contained in Article 28 of the GDPR became applicable, contains the information provided for in this article 28. Consequently, the restricted55 KB (8,897 words) - 13:56, 21 November 2023
- CNIL (France) - SAN-2023-015 (category Article 28(3) GDPR)of Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 15 GDPR, Article 28 GDPR, Article 32 GDPR and Article 33 GDPR, as well as of Article L. 34-567 KB (10,546 words) - 13:55, 25 October 2023
- Garante per la protezione dei dati personali (Italy) - 9592011 (category Article 28(3)(g) GDPR)Pursuant to Article 58(2)(d) of the GDPR, the DPA ordered Associazione Rousseau to comply with the provisions of Article 28(3)(g) of the GDPR by ensuring40 KB (6,510 words) - 16:53, 26 May 2022
- Garante per la protezione dei dati personali (Italy) - 9768387 (category Article 28(3) GDPR)ISWEB violated Article 28(2) GDPR and Article 28(4) GDPR as a processor on behalf of the hospitals and Article 28(1) GDPR and Article 28(3) GDPR as controller99 KB (16,015 words) - 16:16, 1 June 2022
- APD/GBA (Belgium) - 149/2022 (category Article 28(3) GDPR)Violations of Article 5(1)(a) GDPR and Article 6(1) GDPR The DPA held that the controller did not violate Article 5(1)(a) GDPR and Article 6(1) GDPR. The DPA89 KB (13,017 words) - 15:07, 2 November 2022
- UODO (Poland) - DKN.5130.2215.2020 (category Article 28(3)(c) GDPR)right of control referred to in Article 28(3)(h) GDPR concerning PIKA's provision of the measures required under Article 32 GDPR. Only after a personal data110 KB (17,650 words) - 12:27, 29 April 2022
- AEPD (Spain) - PS/00322/2021 (category Article 28(3)(f) GDPR)000 for the breach of Article 6 GDPR, €100,000 for the breach of Article 17 GDPR and €100,000 for the breach of Article 28 GDPR). Share your comments here52 KB (8,192 words) - 20:47, 22 February 2022
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 28 GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023
- further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- NAIH (Hungary) - NAIH-4667-10/2022 (category Article 28(3)(c) GDPR)with Article 28 (3) point (e). In the event of the use of a data processor, in accordance with the provisions of the agreement pursuant to Article 28 of62 KB (9,999 words) - 10:21, 7 December 2022
- Persónuvernd (Iceland) - 2020092288 (category Article 28(3) GDPR)the first paragraph. Article 6, Article 7, Article 12, 13 Article 24, Article 24, Article 25, Article 3 Article 28 and Article 32. Regulation (EU) 2016/679125 KB (20,768 words) - 13:06, 22 December 2021
- Datatilsynet (Denmark) - 2019-431-0037 (category Article 28(1) GDPR)publicly available on the Internet. However, it follows from Article 28(1) GDPR and Article 28(3)(f) GDPR that the data processor (in this instance Kombit A/S)18 KB (2,710 words) - 16:34, 6 December 2023
- CNIL (France) - SAN-2022-009 (category Article 28 GDPR)requirements of Article 28(3) GDPR. The processor did not dispute this violation. However, it claimed that it was not solely responsible as Article 28(3) GDPR imposes52 KB (8,268 words) - 13:02, 27 April 2022
- CNIL (France) - SAN-2024-002 (category Article 28 GDPR)breached Article 28(3) GDPR where it had tried to retroactively amend one of its data processor agreements to include all requirements of this Article. The56 KB (8,757 words) - 14:12, 28 February 2024
- CNIL (France) - SAN-2023-008 (category Article 28 GDPR)5. Failure to comply with Article 12 GDPR Information is considered easily accessible, within the meaning of Article 12 GDPR, if it is provided to the10 KB (1,254 words) - 16:37, 8 January 2024
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))consent under Article 7(3), object under Article 21 GDPR or if the processing is in fact compliant with the principles of Article 5(1) GDPR. Simply listing71 KB (9,532 words) - 13:30, 6 March 2024
- Article 5 GDPR (category GDPR Articles)consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- under the material part of the GDPR and the controller-processor agreement pursuant to Article 28 GDPR. Article 82(6) GDPR states that claims for damages33 KB (4,215 words) - 09:57, 19 March 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph 3, or other information43 KB (5,641 words) - 14:58, 28 April 2022
- ANSPDCP (Romania) - Fine against S.C. Delivery Solutions S.A. (Sameday) (category Article 29 GDPR)held that the controller violated Article 29, Article 32(1)(b), and Article 32(2) GDPR. The DPA fined the processor €3,000 (RON 14,825.70). Share your comments6 KB (676 words) - 06:36, 21 July 2022
- APD/GBA (Belgium) - 73/2020 (category Article 5 GDPR)plain. The word "concise" in Article 12(1) GDPR, however, does not mean incomplete, all mandatory information from Article 13 GDPR must still be included. The93 KB (14,040 words) - 17:00, 12 December 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)under Article 79 GDPR – or both. This flexibility allows for parallel proceedings under both Article 77 GDPR and under Article 79 GDPR. As the GDPR foresees31 KB (3,550 words) - 11:11, 29 November 2023
- Rb. Rotterdam - ROT 19/5030 (category Article 28 GDPR)The Directorate failed to provide the documents (required following Article 28(3) GDPR) to demonstrate that the purposes and means of processing were determined28 KB (4,560 words) - 15:01, 10 August 2021
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)out pursuant to Article 83(1) GDPR. This part of Article 83 concerns the principle of "unity of action" (see above). With Article 83(3) GDPR, the legislator55 KB (7,622 words) - 14:04, 7 November 2023
- all related decisions in Category:Article 3 GDPR EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1)37 KB (4,635 words) - 13:29, 24 October 2023
- one of the 'other administrative or non-judicial' remedies, which Article 78(2) GDPR refers to. If the DPA decides to uphold their decision, they will10 KB (1,078 words) - 06:40, 26 March 2023
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- related decisions in Category:Article 26 GDPR Petri, in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 26 GDPR, margin number 12 (C.H. Beck37 KB (3,915 words) - 12:49, 24 May 2023
- use of trusted third party verification services. Article 8(3) GDPR makes it clear that Article 8(1) GDPR only refers to consent, not to the object of the19 KB (1,335 words) - 13:56, 24 October 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- organisation-fined-for-gdpr-rule-breach-1.4255692?mode=amp https://www.irishlegal.com/article/tusla-fined-40-000-in-second-gdpr-breach https://www.dataprotection8 KB (1,034 words) - 14:13, 20 August 2021
- Article 93 GDPR (category Article 93 GDPR) (section (3) Urgency procedure under Article 8 of Regulation (EU) No. 182/2011)organisation), Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats17 KB (1,096 words) - 08:19, 19 October 2023
- this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- Article 43 GDPR (category GDPR Articles)Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- Article 64 GDPR (category Article 64 GDPR) (section (3) Conditions for the adoption of the opinion and timeline)in point (d) of Article 46(2) and in Article 28(8); (e) aims to authorise contractual clauses referred to in point (a) of Article 46(3); or (f) aims to23 KB (2,079 words) - 16:07, 2 November 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU, Case C‑28/08, European22 KB (2,177 words) - 10:01, 19 March 2024
- Kühling/Buchner, DSGVO, Article 2 GDPR, margin number 15 (C.H. Beck 2020, 3rd edition). Bäcker, in Wolff, Brink, BeckOK Datenschutzrecht, Article 2 GDPR, margin number34 KB (4,652 words) - 12:07, 12 November 2023
- Article 19 GDPR (category GDPR Articles)relying on another legal basis under Article 6 GDPR, or can use either of the exceptions under Article 17(3) GDPR, the processing can carry on. The controller19 KB (1,436 words) - 12:35, 12 May 2023
- Article 59 GDPR (category GDPR Articles)enforcement of the GDPR. → You can find all related decisions in Category:Article 59 GDPR Selmayr, in Ehmann, Selmayr, DS-GVO Kommentar, Article 59 GDPR, margin number15 KB (718 words) - 15:31, 19 October 2023
- Article 70 GDPR (category Article 70 GDPR) (section (3) Forwarding the opinions, guidelines, and recommendations)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- occupation. For example, Article 52(2) GDPR requires SA members to remain free from external influence and Article 52(3) GDPR entails a prohibition of29 KB (2,894 words) - 23:06, 1 April 2024
- limit the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- Article 54 GDPR (category GDPR Articles)provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- Article 97 GDPR (category Article 97 GDPR)years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the16 KB (778 words) - 08:24, 19 October 2023
- Regulation (GDPR), Article 7 GDPR, p. 350 (Oxford University Press 2020). Heckmann, Paschke, in Ehmann, Selmayr, Datenschutz-Grundverordnung, Article 7 GDPR, margin31 KB (3,489 words) - 16:00, 8 March 2024
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 76 GDPR (category Article 76 GDPR)Regulation (GDPR), Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article15 KB (787 words) - 08:17, 19 October 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 74 GDPR (category Article 74 GDPR)decisions in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C15 KB (808 words) - 09:44, 17 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 66 GDPR (category Article 66 GDPR) (section (3) Adoption of a final decision of the EDPB without provisional measures)derogation from Article 64(3) and Article 65(2), an urgent opinion or an urgent binding decision referred to in paragraphs 2 and 3 of this Article shall be adopted20 KB (1,590 words) - 16:11, 2 November 2023
- Article 67 GDPR (category Article 67 GDPR)Category:Article 67 GDPR See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available here). See EDPB, 2019 Annual Report, Section 4.3.1 (available15 KB (810 words) - 16:13, 2 November 2023
- Article 98 GDPR (category Article 98 GDPR)Regulation. Noting that a broader reading of Article 98 GDPR is supported by the wording of Article 2(3) GDPR, which provides that: 'For the processing of15 KB (943 words) - 09:58, 8 November 2023
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 69 GDPR (category Article 69 GDPR)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- with processing within the scope of the GDPR. Part 2 deals with processing outside of the scope of the GDPR. Part 3 deals with processing by competent authorities18 KB (2,488 words) - 15:22, 14 December 2021
- Article 38 GDPR (category GDPR Articles) (section (3) Independence, no retaliation, direct communication with management)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 60 GDPR (category GDPR Articles) (section (3) Duty of lead supervisory authority (LSA) to communicate the relevant information and submit a draft decision)resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 73 GDPR (category Article 73 GDPR)simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A19 KB (1,525 words) - 08:18, 19 October 2023
- Article 16 GDPR (category GDPR Articles)requirements of Article 5(1)(d) GDPR are not complied with. In such cases, there is no need to exercise the rights under Article 16 GDPR - but also no harm23 KB (2,489 words) - 23:24, 6 March 2024
- see commentary to Article 51(3) GDPR bellow. Article 8(3) of the Charter of Fundamental Rights of the European Union ("CFR") and Article 16(2) of the Treaty27 KB (2,604 words) - 14:24, 16 January 2024
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Article 61 GDPR (category Article 61 GDPR) (section (3) Requirements of an assistance request and limitation of utilization of requested information)standards of clarity (Article 61(3) GDPR). Requests are imperative and, subject to specific exceptions (Article 61(4) and (5) GDPR), must be fulfilled and24 KB (2,181 words) - 11:46, 15 January 2024
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- ng, Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters22 KB (1,915 words) - 13:46, 15 January 2024
- requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 72 GDPR (category Article 72 GDPR)of each Member State (Article 68(3) GDPR). The EDPS is a member, but has only limited voting rights pursuant to Article 68(6) GDPR. In this respect, the22 KB (2,266 words) - 08:26, 17 October 2023
- processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e) GDPR)31 KB (3,646 words) - 08:51, 21 July 2023
- Article 42 GDPR (category GDPR Articles) (section (3-4) Certification as a voluntary act that does not reduce compliance obligations)or processor should be approved pursuant to Article 58(3) GDPR, or by the EDPB pursuant to Article 63 GDPR. Where such an approval takes place through27 KB (2,452 words) - 14:26, 28 July 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Category:Article 11 GDPR Georgieva, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 11 GDPR, p. 39520 KB (1,854 words) - 16:32, 8 March 2024
- Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p29 KB (2,823 words) - 15:15, 28 April 2022
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)and (3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5)32 KB (3,730 words) - 08:43, 7 March 2024
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)proportionate (Article 7 and 8 EU Charter of Fundamental Rights) and in compliance with Article 6(2) and (3) GDPR. According to Article 6(3) GDPR, the legal108 KB (17,005 words) - 15:39, 18 March 2024
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 90 GDPR (category Article 90 GDPR)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Datatilsynet (Denmark) - 2021-431-0163 (category Article 32(1) GDPR)breach". Under Article 33 GDPR, it is the controller's duty to report breaches, while processors may assist as outlined in Article 28(3)(f) GDPR. In fact, the26 KB (3,912 words) - 10:46, 22 November 2023
- Article 41 GDPR (category GDPR Articles) (section (3) Submitting the draft criteria for accreditation to the EDPB)clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- APD/GBA (Belgium) - 165/2023 (category Article 35(3) GDPR)accordance with Article 1 (1) (f) and (2) of the GDPR, Article 24 (1) of the GDPR, Article 25, paragraph 1 of the GDPR and article 32 of the GDPR. Please also67 KB (9,908 words) - 11:09, 10 January 2024
- and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- Article 49 GDPR (category GDPR Articles)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- Article 78 GDPR (category GDPR Articles) (section (3) Competent courts and national procedural requirements)DS-GVO BDSG, Article 78 GDPR, margin number 6 (C.H. Beck 2020, 3rd edition); Körffer in Paal, Pauly, DS-GVO BDSG, Article 78 GDPR, margin numbers 3-5, (C.H30 KB (3,874 words) - 10:46, 7 December 2023
- Article 89 GDPR (category Article 89 GDPR) (section (3) Derogations are Possible for Archiving Purposes in the Public Interest)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- pursuant to Article 77 GDPR. Lastly, the NPO may file a legal remedy under Article 79 GDPR against a controller or processor regarding a GDPR infringement26 KB (2,575 words) - 15:50, 9 November 2023
- lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- refusal to take action on a data subject’s request (Article 12(4)). The first sentence of Article 20(3) GDPR clarifies that the exercise of the right to data40 KB (5,349 words) - 07:05, 1 June 2023
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- democratic legitimation necessary under Article 23(1) second sentence in conjunction with Article 20(1) and (2) and Article 79(3) of the Basic Law. Since data protection18 KB (1,831 words) - 13:49, 3 November 2022
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)question if Google LLC violated Articles 5 et seqq. GDPR in connection with Article 28(3)(a) and Article 29 GDPR. The DSB fully upheld the complaint with regard108 KB (17,097 words) - 13:52, 12 May 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 28(1) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- HDPA (Greece) - 28/2023 (category Article 58(2) GDPR)council in Greece to cease their processing activities, under Article 58(2) GDPR and Article 15(8) of Law 4624/2019, because of an unresolved data breach9 KB (1,211 words) - 20:32, 8 January 2024
- exemption is based on Article 85(2) GDPR. According to Article 26(3) of the 2018 Act, certain GDPR provisions (listed in Article 26(9)) will not apply14 KB (2,011 words) - 15:42, 25 November 2020
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)case to the Irish DPA (DPC) under Article 56 GDPR, and in accordance with the procedure outlined in Article 60 GDPR. Responding to the Complainant’s assertions289 KB (33,568 words) - 15:00, 1 February 2023
- Spain the GDPR is developed by the Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD). Article 7.2 LOPDGDD15 KB (1,875 words) - 16:18, 13 July 2022
- Recitals GDPR (section Recitals from the GDPR)data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the182 KB (24,065 words) - 13:40, 9 July 2021
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed60 KB (9,144 words) - 16:17, 22 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)(1) (3) of the Personal Data Act (523/1999). 3. The Data Protection Regulation is the law directly applicable in the Member States. However, Article 6 (2)41 KB (6,555 words) - 08:37, 4 March 2024
- entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 651 KB (8,215 words) - 09:55, 13 May 2022
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 28(1) GDPR)writing (cf. paragraphs 3 and 4 of article 28 of the GDPR), verification of the requirements set out in article 28 of the GDPR it must be substantive and163 KB (27,222 words) - 16:54, 6 December 2023
- literary purposes, only Article 24, Article 26, Article 28, Article 29, Article 32, and Article 40- Article 43 applies, following § 3. Special categories of8 KB (1,064 words) - 12:53, 23 June 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could be asserted by way39 KB (6,362 words) - 14:01, 22 June 2023
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)provided for in Article 5(1)(a), (e) and (f), Article 5(2), Article 24(1) and (2), Article 28(3), Article 30(1)(d) and (f) and Article 32(1) of the General58 KB (9,357 words) - 10:02, 17 November 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data113 KB (12,773 words) - 15:20, 6 December 2023
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SEVENTH: Notification of the aforementioned45 KB (7,135 words) - 13:08, 13 December 2023
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(a) GDPR)Appeals Board assessed if a fine could be imposed as per Article 83(5) GDPR, cf. Article 83(2) GDPR, and in which case, how large it should be. The Board31 KB (5,018 words) - 18:44, 5 March 2022
- many waivers from GDPR for research purposes under Article 89 GDPR. It is questionable of the law is constitutional and in line with GDPR. § 151 of the Austrian8 KB (721 words) - 09:32, 24 April 2024
- Protection Act 2019 sets exceptions in Article 9(1) GDPR, Article 15 GDPR, Article 16 GDPR, Article 18 GDPR and Article 21 GDPR for scientific or historical research10 KB (1,037 words) - 14:52, 10 July 2020
- APD/GBA (Belgium) - 06/2019 (category Article 5(1)(c) GDPR)(e) and 13(2)(a) GDPR. Thus, it ordered the controller to comply with the GDPR. In addition it fined € 10,000 under Article 58(2)(i) GDPR for the violation20 KB (3,137 words) - 16:51, 12 December 2023
- CJEU - C-40/17 - Fashion ID (category Article 80 GDPR)arguing that it wasn’t a controller within the definition set out under Article 2(d) Directive 95/46 and that NRW did not have legal standing to bring a6 KB (492 words) - 13:09, 1 June 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- Rb. Rotterdam - C/10/576074/HA RK 19-694 (category Article 15(3) GDPR)the documents or files containing their personal data under Article 15(3) GDPR and Article 12 of the ePrivacy Directive. However, there is a right to a15 KB (2,504 words) - 16:27, 10 March 2022
- CJEU - C‑307/22 - Copies of Medical Records (category Article 15(3) GDPR)the first sentence of recital 63 GDPR. Neither the wording of Article 12(5) GDPR nor that of Article 15(1) and (3) GDPR condition the provision (to access10 KB (1,478 words) - 11:17, 2 November 2023
- purposes, with the exception of Article 28-32, which still applies. Personal data may be processed under Article 6 and Article 9 for the purpose of fulfilling5 KB (582 words) - 17:53, 3 March 2020
- APD/GBA (Belgium) - 149/2023 (category Article 7(3) GDPR)online booking platform, for failing to comply with Article 12(3) GDPR and because Article 6(1)(f) GDPR was not a valid legal basis to publish personal data113 KB (17,325 words) - 08:50, 19 March 2024
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notification of the Commencement Agreement26 KB (4,147 words) - 13:27, 13 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)II.3.3. Regarding the scope of Art. 44 ff GDPR: If the following three requirements are met, there is a transfer and Chapter V (Art. 44 ff) GDPR is applicable158 KB (26,392 words) - 08:25, 7 June 2023
- specific to processing in the electronic communications sector. 28. 28. Under Article 16 of the Data Protection Act, "the restricted formation shall take73 KB (11,864 words) - 17:03, 6 December 2023
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- AEPD (Spain) - EXP202205353 (category Article 5(1)(f) GDPR)the alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement22 KB (3,386 words) - 16:05, 13 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)2, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3133 KB (21,944 words) - 15:59, 22 March 2022
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)controller €3,940,000 for the violation of Article 5(1)(f) GDPR and Article 5(2) GDPR. The AEPD considered that the fine was proportional, since the GDPR establishes270 KB (43,335 words) - 12:39, 13 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 12(3) GDPR)(Articles 12 and 14 of the GDPR) - a breach of her right of access (article 15 of the GDPR) - a breach of Article 28 of the GDPR with regard to the quality127 KB (21,484 words) - 17:01, 12 December 2023
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- AEPD (Spain) - EXP202102430 (category Article 32 GDPR)the claimed party, for the alleged violation of Article 32 of the RGPD, typified in Article 83.4 of the GDPR. Once the initiation agreement was notified,33 KB (4,835 words) - 13:26, 13 December 2023
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)implement 1See e.g. PVN 2019-09 2FOR-2018-07-02-1107. 3 Prop. 56 LS (2017-2018), point 31.3.3.3 4controlling measures in their business. Regulations on49 KB (7,646 words) - 07:56, 7 March 2022
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data115 KB (12,842 words) - 08:38, 5 July 2023
- EWHC (QB) - Sanso Rondon v LexisNexis Risk Solutions UK Ltd (redirect from EWHC - Sanso Rondon v LexisNexis Risk Solutions UK Ltd (2021) EWHC 1427 (QB) (28 May 2021) QB-2020-002788) (category Article 3 GDPR)its representative in the UK according to Article 27 GDPR. The court ruled that the purpose of Article 27 GDPR is primarily to make it easier for data subjects4 KB (474 words) - 08:41, 22 February 2022
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)be erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement27 KB (4,363 words) - 16:56, 12 December 2023
- ANSPDCP (Romania) - Actamedica SRL (category Article 12(3) GDPR)of processing. This lead to a security incident, in breach of Article 28(1) and 32 GDPR, for which the controller was fined RON 9,836.6 (approximately7 KB (900 words) - 15:23, 13 December 2023
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)Pursuant to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not36 KB (5,810 words) - 13:09, 21 January 2022
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)established on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data131 KB (14,752 words) - 08:36, 5 July 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(a) GDPR)been taken up again at Article 5.1(b) of the GDPR under the Principles for the Processing of Personal Data (Chapter II). 16. Article 5.1(b) of the GDMP provides35 KB (5,853 words) - 16:58, 12 December 2023
- DPC (Ireland) - Inquiry into Airbnb Ireland UC - 28 September 2023 (category Article 5(1)(c) GDPR)issue, the DPC held that the controller did not infringe Article 17(1) GDPR nor Article 12(3) GDPR as it duly responded to the erasure request within 30 days17 KB (2,411 words) - 09:25, 27 November 2023
- Datatilsynet (Denmark) - 2019-32-0639 (category Article 14(3) GDPR)12(1), 14(1)(c), 14(2) and 14(3) GDPR. In addition, Datatilsynet also issued criticism in relation to Article 5(1)(a) GDPR for the controller’s attempt26 KB (4,157 words) - 16:23, 6 December 2023
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 83(3) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- AEPD (Spain) - PS/00026/2021 (category Article 28 GDPR)processor, Vamavi Phone SL, had violated Article 48(1) LGT, Article 21 GDPR in link with Article 23 LOPDGDD and Article 28 GDPR by making a commercial call on behalf33 KB (5,185 words) - 13:48, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861249 (category Article 28 GDPR)violated Articles 5(1)(a) and 13 GDPR, as it did not provide the data subject with a proper privacy policy. Article 28 GDPR was also infringed, as no controller-processor87 KB (14,104 words) - 15:45, 6 December 2023
- AEPD (Spain) - EXP202200367 (category Article 5(1)(a) GDPR)processing is in the public interest arising from article 6.1.e) of the GDPR, authorized by article 46.3 of the LOU. v. The corresponding weighting judgment57 KB (8,117 words) - 10:35, 13 December 2023
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)for the alleged infringement of Article 5.1.d) of the RGPD, typified in Article 83.5 of the RGPD. SIXTH: On October 28, 19, written allegations were received26 KB (4,032 words) - 14:31, 13 December 2023
- APDCAT (Catalonia) - PS 49/2019 (category Article 28 GDPR)out by the school). Article 9 GDPR, for having processed biometric data without any valid ground from Article 9(2). Article 13 GDPR, for not having informed38 KB (5,760 words) - 08:26, 8 September 2021
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- Garante per la protezione dei dati personali (Italy) - 9698724 (category Article 28 GDPR)interested parties "only on the documented instruction of the owner" (Article 28, paragraph 3, letter a) of the Regulation). The Regulation also governed the83 KB (13,648 words) - 11:30, 16 August 2022
- Garante per la protezione dei dati personali (Italy) - 9685947 (category Article 28 GDPR)control of the treatments that are carried out on his behalf, violating Article 28 GDPR. Share your comments here! Share blogs or news articles here! The decision115 KB (18,595 words) - 11:30, 16 August 2022
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)under Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR143 KB (24,273 words) - 15:59, 10 March 2022
- AEPD (Spain) - EXP202104530 (category Article 28 GDPR)they filed a complaint, however the accused company acted according to Article 28 GDPR and the Spanish DPA ended the proceedings. A.A.A. (data subject) received12 KB (1,685 words) - 12:41, 13 December 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)this case under Article 6(1)(a) or 6(1)(c)? If Article 6(1)(a) applies, do the requirements for parental consent under Article 8 GDPR also apply? Did the48 KB (7,926 words) - 16:56, 12 December 2023
- Personvernnemnda (Norway) - PVN-2022-19 (category Article 17(3)(b) GDPR)About the exceptions in article 17 no. 3 letters b and d, the ministry says in Prop. 56 LS (2017-2018) page 81: "Article 17 no. 3 letter d makes exceptions23 KB (3,547 words) - 10:05, 17 November 2023
- BVwG - W256 2240235-1 (category Article 6(1)(e) GDPR)interests under Article 6(1)(f) GDPR. The data subject was heard on this statement and filed a submission, arguing that Article 6(1)(f) GDPR does not apply33 KB (5,154 words) - 11:08, 21 January 2022
- CE - N° 428451 (category Article 9(3) GDPR)the analysis of a health establishment's activities are collected. Article 9(3) GDPR provides that health data may be processed for the purposes of the35 KB (5,153 words) - 16:29, 20 May 2021
- AEPD (Spain) - EXP202102778 (category Article 6(1)(f) GDPR)controller had violated Article 6(1) GDPR since the legitimate interest assessment on which the processing was based (Article 6(1)(f) GDPR) was understood as84 KB (13,036 words) - 13:26, 13 December 2023
- OLG Köln - 15 U 126/19 (category Article 17(3) GDPR)pursuant to Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR)121 KB (20,412 words) - 15:58, 10 March 2022
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)with the principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of61 KB (10,257 words) - 10:15, 1 November 2023
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)AEPD fined in €2,000 a website for non-GDPR compliant privacy policy, violating Article 13 GDPR. On January 16, 2022 the data subject complaint against29 KB (4,482 words) - 14:06, 5 March 2024
- CJEU - C-175/20 - SIA ‘SS’ (Opinion of AG Bobek) (category Article 6(3) GDPR)specialized website. AG Bobek is also of the opinion that Article 6(1)(c) GDPR and Article 6(3) GDPR do not preclude national rules from laying down, without8 KB (1,081 words) - 13:13, 1 June 2023
- AKI (Estonia) - 2.1-3/20/172 (category Article 16 GDPR)2014 3-1-13-10084 no longer exists for the following reasons: 1-) Paragraph 1 of the resolution of the Tartu Circuit Court judgment of 28.11.2014 3-1-13-10084:28 KB (4,711 words) - 10:30, 13 December 2023
- CNIL (France) - 2023-097 (category Article 28 GDPR)the public interest, per Article 6(1)(e) GDPR, and was also necessary for scientific research purposes under Article 9(2)(j) GDPR. Thirdly, that the data18 KB (2,536 words) - 17:11, 6 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read131 KB (22,429 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)until the end of the service as indicated in the article itself 28.3.g). And continues article 28.3.h): “will make available to the person in charge all287 KB (48,336 words) - 13:53, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/329 (category Article 57(1)(f) GDPR)Chamber of the GBA of 28 January 2020 {kenk DOS 2019-06201) dismissing her complaint on the basis of Article 95 § 1, 3 of the Act of 3 December 2017 establishing48 KB (7,560 words) - 09:03, 20 August 2021
- Garante per la protezione dei dati personali (Italy) - 9529527 (category Article 28 GDPR)several violations of the GDPR. Firstly, the USL had not documented its processing activities as required by Article 30 GDPR, despite the two years between55 KB (8,833 words) - 15:54, 6 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- AZOP (Croatia) - Decision 28-08-2019 (category Article 4(1) GDPR)violation of Article 5, Article 6, and Article 25 GDPR. It ordered the controller to comply with the data subject's erasure request pursuant to Article 17(1)(d)16 KB (2,373 words) - 15:31, 30 October 2023
- BVerfG - 1 BvR 2853/19 (category Article 82 GDPR)claim asserted here and based on Article 82 of the GDPR, appears questionable in view of sentence 3 of recital 146 of the GDPR. In the case in dispute, however19 KB (3,209 words) - 13:08, 15 September 2021
- Garante per la protezione dei dati personali (Italy) - 9356568 (category Article 36 GDPR)processing. In accordance with Article 36 GDPR, the Garante must decide on the adequacy of the intended processing under the GDPR. After careful examination71 KB (11,426 words) - 15:49, 6 December 2023
- DSB (Austria) - 2021-0.101.211 (category Article 4(15) GDPR)and held that “A synopsis of the provisions of Article 9(1)(i) of the GDPR in conjunction with Article 3(1)(1), (1a) and (2) of the EpiG shows that the37 KB (5,745 words) - 13:53, 12 May 2023
- TGI Paris - N° 14/07224 (category Article 5(1)(d) GDPR)articles L.111-1, L.111-2, L.111-3, L.221- 15, L.224-30, L.224-29, L.224-33, L.212-1, L.212-3, L.2141-1, L.211-1, L.232-1, R.631-3, L.621-1, L.621-2, L.621-7392 KB (67,730 words) - 15:27, 17 March 2022
- Datatilsynet (Denmark) - 2019-431-0045 (category Article 6(3) GDPR)instruction, under Article 28(1) GDPR. Thus, it has not been decided on whether or not MaCom could process information in accordance with Article 6(3)(a), (1)(a)14 KB (2,119 words) - 16:36, 6 December 2023
- HDPA (Greece) - 4/2022 (category Article 28 GDPR)with the principle of transparency under Article 5(1) GDPR and for not anonymising the data under Article 25(1) GDPR, among others. The second for failing11 KB (1,274 words) - 10:37, 23 February 2022
- AEPD (Spain) - EXP202203956 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned start-up52 KB (8,323 words) - 13:17, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3021/452/2017 (category Article 15(3) GDPR) (section Application of Articles 12 and 15 GDPR to call records)(2016/679) Article 5 (1) (a), Article 12 (1), (2) and (6) , Article 13, Article 15 (1) (h), (3) and (4), Article 58 (2) (c) and (d) subparagraphs Article 34 (1)41 KB (6,220 words) - 09:48, 17 November 2023
- AEPD (Spain) - PS/00430/2020 (category Article 4(11) GDPR)his/her consent. The DPA first outlined Article 6(1)(a) and (b) GDPR, Articles 4(11) GDPR on consent, as well as Article 6 of the Spanish Data Protection Law31 KB (4,738 words) - 14:39, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9435807 (category Article 5(1)(a) GDPR)indicated in point 3.3 of this decision. 4.3. Safety measures applied to the storage of traffic data. The conduct ascertained in point 3.4 of this decision58 KB (9,448 words) - 15:50, 6 December 2023
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- AEPD (Spain) - PS/00028/2022 (category Article 5(1)(f) GDPR)confidentiality. Second, the DPA found a violation of Article 32 GDPR. The DPA held Article 32 GDPR requires the controller to have a complete protocol that58 KB (9,301 words) - 12:39, 13 December 2023
- Norges Høyesterett - 2021-2403-A (category Article 4(11) GDPR)Privacy Regulation (GDPR) article 6 no. 1 letter f. GDPR applies according to the Personal Data Act § 1 as Norwegian law. Legelisten.no (3) Legelisten.no is46 KB (7,024 words) - 06:18, 6 March 2022
- CNIL (France) - MED-2020-015 (category Article 28 GDPR)obligations provided for in Article 28 and to allow audits to be carried out. These facts constitute a breach of section 28 of the GDR. A failure to carry33 KB (5,322 words) - 17:08, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)based on Article 6.1.f) of the GDPR, but not for all processing based on this article. […] 73 74Investigation report, page 22, point 4.4.2.3.3. WP 260 rev82 KB (11,472 words) - 16:58, 6 December 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- HG Wien - 57 Cg 32/20m (category Article 4(2) GDPR) (section Clause 3: Violation of the Transparency Principle under Article 5(1)(a) GDPR)based on a legitimate interest under Article 6(1)(f) GDPR, so that the principle of lawfulness under Article 5(1)(a) GDPR is violated. This is due to the fact24 KB (3,579 words) - 12:05, 7 July 2021
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 90. In addition, a controller102 KB (15,787 words) - 07:39, 6 September 2023
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 28 GDPR)accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently144 KB (23,155 words) - 15:46, 6 December 2023
- EDPB - Binding Decision 1/2021 - 'WhatsApp' (category Article 4(24) GDPR) (section Additional infringement of Article 13(2)(e) GDPR)several paragraphs of Article 83 of the GDPR, as further summarised below. Fining of the ‘gravest infringement’. Article 83(3) GDPR provides that “[i]f a29 KB (4,384 words) - 16:00, 6 December 2023
- AEPD (Spain) - PS/00278/2019 (category Article 4(11) GDPR)lack of valid consent under Article 6(1)(a) GDPR. Thus, it imposed VODAFONE a fine of EUR 75,000 under Article 83(5) GDPR, being indecisive whether there23 KB (3,672 words) - 14:25, 13 December 2023
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant84 KB (12,933 words) - 16:46, 12 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 35(1) GDPR)protection regulation's article 5, subsection 2, cf. Article 5, subsection 1, letter a, Article 24, cf. Article 28, subsection 1, Article 35, subsection 1, as117 KB (18,075 words) - 10:19, 12 September 2022
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)obligations arising from article 12.3 and 4 of the GDPR (methods for exercising the data subject's rights) and Article 15.1.b) and c) 5 of the GDPR (right of access76 KB (11,147 words) - 16:58, 6 December 2023
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)02/2021 - 14/26 3. Motifs 3.1 Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe96 KB (15,396 words) - 16:50, 12 December 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)market participants. Specifically, these are Sections 17(3), 3(5) ApBetrO, 43 AMG, 11(1) sentence 1 no. 3, no. 7 and no. 11 HWG, and Section 14(2) no. 1 BerufsO32 KB (5,236 words) - 16:00, 10 March 2022
- Garante per la protezione dei dati personali (Italy) - 9861827 (category Article 5(1)(a) GDPR)violated Article 12 GDPR, as it did not facilitate the data subject´s exercise of their rights, especially the right to erasure under Article 17 GDPR. In view87 KB (14,525 words) - 15:45, 6 December 2023
- AEPD (Spain) - PS/00134/2019 (category Article 5(1)(a) GDPR)a violation of article 5.1 a) of the RGPD, ofin accordance with article 83.5 of the RGPD, a fine of APPEARANCE, in accordancewith article 58.2.b) of the26 KB (4,034 words) - 14:04, 13 December 2023
- RvS - 202002066/1/A3 (category Article 15(3) GDPR)interpretation given by the court to Article 15 of the GDPR is incorrect. According to [appellant], Article 15(3) of the GDPR gives the right to a copy of all22 KB (3,354 words) - 09:23, 18 February 2022
- AP (The Netherlands) - 09.04.2021 (category Article 14(3) GDPR)of Article 12(1) GDPR. The AP outlined that, in the event of an infringement of Article 12(1) of the GDPR, pursuant to Article 58(2)(i) and Article 83(5)12 KB (1,616 words) - 17:08, 12 December 2023
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.121 KB (13,722 words) - 15:16, 5 July 2023
- Persónuvernd - 2020010678 (category Article 5(1) GDPR)violation of the GDPR? The Persónuvernd held that the processing was lawful for several reasons. Regarding the GDPR, it held that Article 6(1)(f) applied26 KB (4,135 words) - 09:59, 6 May 2021
- AKI (Estonia) - 18.02.2022 (category Article 5(1) GDPR)issues a reprimand under Article 58(2)(b) GDPR. After this, the DPA draws attention to the fact that pursuant of Article 5(1)(a) GDPR, data must be processed42 KB (5,838 words) - 10:27, 13 December 2023
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller gives120 KB (19,650 words) - 09:00, 6 April 2022
- AEPD (Spain) - PS/00187/2020 (category Article 5(1)(f) GDPR)by the alleged violation of Article 32 of the RGPD, Article 5.1.f) of the RGPD, Article 25 of the RGPD, typified in Article 83.5 of the RGPD. FOURTH: On51 KB (7,770 words) - 14:08, 13 December 2023
- AEPD (Spain) - PS/00257/2020 (category Article 37 GDPR)Arroyomolinos for violating Article 37 GDPR. The reprimand was issued by virtue of the power conferred by Article 58(2)(b) GDPR. Share your comments here18 KB (2,737 words) - 14:23, 13 December 2023
- DSB (Austria) - D122.844/0006-DSB/2018 (category Article 12(5) GDPR)under Article 15 GDPR and demanded free access to the historic bank transaction data. The bank argued that this would be a misuse of Article 15 GDPR and19 KB (2,936 words) - 13:55, 12 May 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)additional submissions regarding Article 83(3) GDPR (“Meta IE Submissions on Article 83(3) GDPR”). December 2021 On3December2021,theIESAshareditsDraftDecisionwiththeCSAs276 KB (38,206 words) - 09:46, 20 January 2023
- AEPD (Spain) - PS/00415/2019 (category Article 6(1) GDPR)regard to Article 83.2 (k) of the RGPD, the LOPDGDD, Article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k)22 KB (3,521 words) - 14:36, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 6(3) GDPR)the APD file) dated 3 September 2020, 28 September 2020, 28 September 2020, 28 September 2020, 28 September 2020, 28 September 2020, 28 September 2020 October83 KB (13,694 words) - 09:53, 14 December 2023
- APD/GBA (Belgium) - 08/2019 (category Article 12(3) GDPR)violated Articles 12(3), (4), 13(2)(b), 30(1)(d) and (g) of the GDPR and issued a warning by virtue of Article 58(2)(b) of the GDPR. Due to the anonimisation24 KB (3,843 words) - 16:51, 12 December 2023
- DSB (Austria) - D130.073/0008-DSB/2019 (category Article 32 GDPR)process for user registrations, the respondent violated Article 5 GDPR, Article 6 GDPR, and Article 32 GDPR, and § 1 para 1 DSG (the Austrian Data Protection25 KB (3,605 words) - 13:59, 12 May 2023
- DSB (Austria) - 2020-0.605.768 (category Article 40 GDPR)conducts under Article 41 GDPR (redacted as "code S***", code M*** and code U***"). These codes had been approved by the DSB under Article 40(5) GDPR. Inverstigations19 KB (2,799 words) - 13:52, 12 May 2023
- Garante per la protezione dei dati personali (Italy) - 9269618 (category Article 5(1)(f) GDPR)controller under the GDPR. The data controller did not process personal data with an appropriate level of security, as required by article 32, read in conjunction34 KB (4,967 words) - 15:46, 6 December 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)security at all times”. 3.3.2Assessment From both article 13 of the Wb and article 32, first and second paragraph, of the GDPR it follows that the controller106 KB (14,502 words) - 17:09, 12 December 2023
- APD/GBA (Belgium) - 11/2019 (category Article 5(1)(b) GDPR)of the provisions as set out in Article 95 § 2 and Article 98 of the ICA. They are also informed, pursuant to Article 99 of the ICA, of the time limits24 KB (3,844 words) - 16:51, 12 December 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- Helsingin hallinto-oikeus (Finland) - H5259/2022 (category Article 6 GDPR)the social and health authority of a city to had breached Article 6 GDPR and Article 10 GDPR by requesting data subjects to provide it with personal data43 KB (6,678 words) - 08:41, 4 March 2024
- UODO (Poland) - DKE.561.13.2020 (category Article 31 GDPR)(1)-(3), Article 83 (5)(e) in connection with Article 31, Article 58 (1)(e), Article 58 (2)(i) of Regulation EU 2016/679 of the European Parliament and27 KB (4,446 words) - 09:51, 17 November 2023
- CNPD (Luxembourg) - Délibération n°37FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg26 KB (3,862 words) - 17:41, 25 June 2022
- AZOP (Croatia) - Decision 17-05-2022 (category Article 6 GDPR)consent, in line with Article 6(1)(a) GDPR. The Court recalled that Article 31 of the Croatian Law on the Implementation of the GDPR stipulates that the15 KB (2,261 words) - 15:55, 30 October 2023
- AEPD (Spain) - PS/00044/2020 (category Article 13 GDPR)activity has been declared. 3. Art 32.3 of Law 10/2010 of April 28 states that: “By virtue of the provisions of the Article 24.1, and in relation to the39 KB (6,270 words) - 13:51, 13 December 2023
- Personvernnemnda (Norway) - PVN-2023-08 (category Article 77 GDPR)data controller and the data processor represented a breach of Article 28(3) of the GDPR. The Data Protection Authority found it sufficient to point out16 KB (2,367 words) - 10:06, 17 November 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 12(3) GDPR)the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR. As a result, the DPA issued52 KB (7,936 words) - 22:32, 2 March 2024
- OLG Koln - 15 U 45/23 (category Article 17(3)(e) GDPR)database. The request for erasure under Article 17(1) GDPR is not applicable, because under Article 17(3)(e) GDPR, the processing was necessary for the defence26 KB (4,187 words) - 14:46, 8 May 2024
- authority (cf. Article 36 (2) no. 7 lit. a DPA) for the purposes of military self-protection (cf. Article 36 (1) DPA in conjunction with Article 2 (1) no. 228 KB (3,418 words) - 13:49, 12 May 2023
- NAIH (Hungary) - NAIH/2020/3479 (category Article 5(1)(d) GDPR)proceedings Article 77 (1) and Article 22 (b) of the General Data Protection Regulation. may be submitted in the case provided for in Under Article 77 (1) of30 KB (4,563 words) - 10:12, 17 November 2023
- AEPD (Spain) - PS/00436/2021 (category Article 13(1) GDPR)that, in cases of video surveillance, Article 22.4 LOPDGDD provides that the duty of disclosure in Article 12 GDPR may be fulfilled by placing a sign near20 KB (3,085 words) - 12:24, 13 December 2023
- Personvernnemnda (Norway) - PVN-2023-04 (category Article 16 GDPR)data according with Article 16 GDPR as the information was not per se incorrect and thus the first condition under Article 16 GDPR was not met. Given that18 KB (2,845 words) - 10:07, 17 November 2023
- LG Krefeld - 2 O 448/20 (category Article 15(1) GDPR)regarded as an access request under Article 15(1) GDPR. According to Recital 63 GDPR, the right of access under Article 15 GDPR serves data subjects to be informed17 KB (2,758 words) - 14:10, 15 December 2021
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)disregarded the provisions of Article 5-1 e) of the GDPR. C. On the breach of the obligation to inform people 65. Article 13 of the GDPR requires the data controller61 KB (10,028 words) - 17:09, 6 December 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)the EU Article 28: Processor of processing (regulations) Article 28.3: Arrangements of a contract (or other legal act) with processors Article 29: Processing9 KB (1,251 words) - 12:15, 8 May 2023
- VGH München – 5 CS 19.2087 (category Article 6(3) GDPR)opening clause in Article 86 GDPR if the disclosure involves personal data? The court held that the VIG complies with Article 86 GDPR: The provisions of40 KB (6,397 words) - 08:03, 21 March 2022
- BVwG - W176 2244407-1/18E (category Article 15(4) GDPR)Federal Administrative Court. 3. Legal Assessment 3.1. To dismiss the complaint 3.1.1. In accordance with Art. 15 Para. 1 GDPR, the data subject has the right48 KB (7,816 words) - 11:04, 29 July 2022
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)obtained from them, as required under Article 14(1)(a) AVG and Article 14(2)(c)(e) and point (f) AVG; c. article 12 j° article 14 AVG, in view of the defendant62 KB (10,509 words) - 16:58, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542155 (category Article 5(2) GDPR)of Bologna for violation of Articles 5(2)(f) and 9 GDPR. On the basis of Articles 58(2)(i) and 83 GDPR, the Garante imposed a fine of € 18 000 on the Local26 KB (4,162 words) - 15:54, 6 December 2023
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)authentication via a third service provider cannot constitute a breach of Article 6 of the GDPR when it implies that the personal data of the data subjects are not124 KB (18,772 words) - 17:01, 12 December 2023
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant45 KB (6,780 words) - 16:57, 12 December 2023
- AEPD (Spain) - E/00113/2019 (category Article 4(11) GDPR)timetable" "B.- In accordance with Article 67 of the GDPR, the Inspectorate of the AEPD, in accordance with Article E/0113/2019, carried out the following27 KB (4,497 words) - 13:38, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 60/171/2020 (category Article 5(1)(a) GDPR)DPA, the controller signed a Data Processing Agreement pursuant to Article 28 GDPR and provided a report on the measures taken to ensure that a data breach8 KB (1,064 words) - 09:48, 17 November 2023
- AEPD (Spain) - PS/00194/2020 (category Article 6 GDPR)norm therefore by article 19 of the LOPD as business data. We consider relevant the legal basis by which, according to the article Article 65 of the LOPD33 KB (5,338 words) - 14:09, 13 December 2023
- DSB (Austria) - D550.038/0003-DSB/2018 (category Article 5(1)(a) GDPR)obligation violates § Article 13 (3) in conjunction with Article 62 (1) 4 DSG and for the period prior to 25 May 2018 against Article 52 Paragraph 2 no. 731 KB (5,161 words) - 14:02, 12 May 2023
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)resume. 3 The Marktenhof states in point 4.7. of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d)79 KB (12,260 words) - 17:00, 12 December 2023
- AEPD (Spain) - EXP202210237 (category Article 6(1) GDPR)fact that the processing of the controller relied on Article (6)(1)(b) GDPR and Article 6(1)(c) GDPR as legal basis affects the holding of the DPA since32 KB (4,780 words) - 10:44, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.00085 KB (12,340 words) - 15:30, 19 August 2022
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)sections 3.2, 3.3 and 3.4 of the DPIA, for clarity, the Commissioner also recommends that the Home Office links its purposes to both its Article 6(1)(e)129 KB (17,281 words) - 14:57, 10 April 2024
- AP (The Netherlands) - 16.06.2020 (category Article 4(12) GDPR)2020 [CONFIDENTIAL] 3.3 Report obligation in connection with personal data on AP 3.3.1 Breach of Personal Data On the basis of Article 33, first paragraph54 KB (8,224 words) - 17:07, 12 December 2023
- BVwG - W211 2225136-1 (category Article 5 GDPR)objected to its processing pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore39 KB (6,244 words) - 09:40, 10 September 2021
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)more details. Article 2: Substantive scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal9 KB (1,168 words) - 15:30, 6 December 2023
- AEPD (Spain) - EXP202103878 (category Article 6(1) GDPR)Articles 57(1) and 58(2) GDPR for the processing of personal data without the consent of the data subject, as foreseen in Article 6 GDPR. Firstly, the DPA found20 KB (3,035 words) - 10:33, 13 December 2023
- DSB (Austria) - D122.970/0004-DSB/2019 (category Article 17 GDPR)executed. Legal basis: Article 4 lines 1, 2 and 5, Article 11 paragraphs 1 and 2, Article 12 paragraph 2, Article 17 paragraph 1 and Article 58 paragraph 2 lit23 KB (3,622 words) - 13:57, 12 May 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "182 KB (13,463 words) - 17:03, 6 December 2023
- UODO (Poland) - DKE.561.16.2020 (category Article 31 GDPR)1781) in connection with Article 31, Article 58(1)(a) in connection with Article 83(1)-(3) and Article 83(5)(e) of Regulation EU 2016/679 of the European28 KB (4,490 words) - 09:51, 17 November 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3843/163/20 (category Article 5(1)(a) GDPR)DPA held that the controller had violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 6 GDPR and Section 3 of the Finnish Act on the Protection of39 KB (6,038 words) - 17:39, 29 April 2024
- UODO (Poland) - ZSPR.421.7.2019 (category Article 7(3) GDPR)connection with Article 5 paragraph 1 point a, Article 5 paragraph 2, Article 6 paragraph 1, Article 7 paragraph 3, Article 12 paragraph 2, Article 17 paragraph60 KB (9,815 words) - 10:02, 17 November 2023
- Datatilsynet (Norway) - 21/02873 (category Article 3(1) GDPR)in Article 12(5) GDPR, Article 15(4) GDPR or Article 16 of the Norwegian Personal Data Act were applicable. The DPA ordered the controller (Article 58(2)(d)13 KB (1,583 words) - 16:20, 6 December 2023
- Court of Appeal of Brussels - 2023/AR/801 (category Article 96 GDPR)Appeal considered that Article 96 GDPR does not provide a time limit for the validity of international agreements concluded prior GDPR and that a ban on some11 KB (1,467 words) - 09:40, 6 July 2023
- CNIL (France) - MED-2019-025 (category Article 5(1)(c) GDPR)two-months period to comply with the GDPR. The controller had two months to comply with Articles 5(1)(c), 13, 28, 30(1) and 32 GDPR. In its latest order, the CNIL23 KB (3,471 words) - 17:07, 6 December 2023
- UODO (Poland) - DKE.561.2.2020 (category Article 58(1)(e) GDPR)connection with Article 31, Article 58(1)(e) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament and of27 KB (4,390 words) - 09:50, 17 November 2023
- Datatilsynet (Norway) - 20/01627 (category Article 4(1) GDPR)surveillance of Rognan center, cf. Article 6 of the Privacy Ordinance. 4.3. Assessment of the principle of legality in Article 5 (1) (a) The requirement that45 KB (6,973 words) - 05:12, 15 September 2022
- Garante per la protezione dei dati personali (Italy) - 9778094 (category Article 5(1)(a) GDPR)the processing of personal data of the data subject (Article 5(1)(a) GDPR; Article 6 and Article 8 of the Italian Legislative Decree No. 101 of August66 KB (10,708 words) - 11:29, 16 August 2022
- GHAL - 200.186.790/01 (category Article 6(1)(b) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- HDPA (Greece) - 9/2024 (category Article 5(1)(a) GDPR)with article 21 of the GDPR, oppose the processing for direct marketing purposes, with a statement which, based on the article 21 para. 3 of the GDPR must102 KB (17,186 words) - 13:46, 26 April 2024
- Garante per la protezione dei dati personali (Italy) - 9429195 (category Article 32 GDPR)the different violations described above. The fine was applied pursuant pre-GDPR legislation, owing to the fact that the breaches and the following notification27 KB (4,203 words) - 15:49, 6 December 2023
- UODO (Poland) - ZSPR.421.19.2019 (category Article 31 GDPR)connection with Article 31, Article 58(1)(e) and (f) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament29 KB (4,698 words) - 10:02, 17 November 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page82 KB (13,250 words) - 16:57, 12 December 2023
- DSB (Austria) - 2020-0.816.655 (category Article 3 GDPR)pursuant to Article 14 - and not the right to information pursuant to Article 15 of the GDPR as alleged by the respondent - was alleged. However, Article 14 (1)28 KB (4,230 words) - 13:53, 12 May 2023
- Court of Appeal of Brussels - 2021/AR/205 (category Article 6 GDPR)processing plea 6: the right to object - Article 21(1) AVG plea 7: Article 12(3) TFEU - no infringement plea 8: Article 20 AVG-Right of transfer-the warning-not92 KB (14,873 words) - 09:03, 20 August 2021
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(a) GDPR)directly on the basis of the GDPR, not the register assessed on the basis of Article 30(1) of the GDPR. II.3. Article 6(1)(f) of the GDPR 49. Above, the Disputes43 KB (6,274 words) - 08:57, 29 June 2023
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)claimed party, for the alleged infringement of article 6 of the GDPR, typified in article 83.5 of the GDPR. FOURTH: On January 16, 2023, the aforementioned22 KB (3,427 words) - 13:26, 13 December 2023
- AP (The Netherlands) - 23.09.2021 (category Article 32(1) GDPR)this procedure from other European supervisors. 3.3 Appropriate Security Measures 3.3.1 Introduction Article32 of the AVG are the requirements concerning66 KB (8,861 words) - 17:08, 12 December 2023
- AEPD (Spain) - TD/00183/2021 (category Article 15 GDPR)and the free circulation of these data (hereinafter, GDPR); and in article 47 of the Law Organic 3/2018, of December 5, Protection of Personal Data and20 KB (3,087 words) - 13:30, 13 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)and 13 GDPR? Is the information provided to data subjects throughout the subscription process in compliance with the provisions of Article 13 GDPR? Does48 KB (7,404 words) - 17:09, 6 December 2023
- AEPD (Spain) - PS/00093/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD, as defined in Article 83.5 of the RGPD, following the application of Article 85(1) and (3) of LPACAP, a fine37 KB (5,995 words) - 13:58, 13 December 2023
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)on the basis of of Article 91, §2 WOG, as a result of which the Dispute Resolution Chamber was constituted pursuant to Article 92, 3° WOG; B. Procedure90 KB (14,937 words) - 12:35, 3 August 2022
- AEPD (Spain) - TD/00293/2021 (category Article 4(1) GDPR)transactions are personal data under Article 4(1) GDPR and are as such subject to the right of access guaranteed by Article 15 GDPR. The DPA did not, however, explicitly13 KB (1,878 words) - 13:37, 13 December 2023
- AEPD (Spain) - PS/00005/2020 (category Article 5(1)(c) GDPR)possible non-compliance with the data minimisation principle, as per Article 5(1)(c) GDPR. The decision is the consequence of a complaint submitted by a Spanish13 KB (1,795 words) - 13:47, 13 December 2023
- VG Regensburg - RN 9 K 19.1061 (category Article 2 GDPR)Fundamental Rights (Article 8 (1) in conjunction with Article 8 (3) CFR) is protected by Article 77 (1) GDPR in conjunction with Article 77 (1) CFR. Art.94 KB (15,537 words) - 09:09, 25 August 2020
- APD/GBA (Belgium) - 136/2023 (category Article 38(3) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)meaning of Article 5.1.c. AVG). 13. The transcript of the hearing is subsequently transmitted to the parties on 28 June 2023; in accordance with Article 54 of39 KB (6,247 words) - 09:14, 15 November 2023
- UODO (Poland) - DKE.561.1.2020 (category Article 31 GDPR)and the Council in the context of Article 31, Article 58(1)(e) in conjunction with Article 83(1) to (3) and Article 83(5)(e) of Regulation 2016/679 of31 KB (5,101 words) - 09:52, 17 November 2023
- Datatilsynet (Norway) - 20/03293 (category Article 30 GDPR)Privacy Ordinance article 58 no. 2. 4.2 Requirements for treatment protocol Pursuant to Article 30 of the Privacy Regulation (and Article 24 of Directive18 KB (2,525 words) - 08:44, 11 July 2022
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA429 KB (58,279 words) - 09:12, 2 November 2022
- AEPD (Spain) - PS/00332/2019 (category Article 5(1)(c) GDPR)2012 to 2019 that it was operating. Following Article 83(5)(a)GDPR, read in the lights of Recital (148) GDPR, the AEPD issued a reprimand to the owner of15 KB (2,275 words) - 14:29, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509558 (category Article 5(1)(a) GDPR)Regulation (Article 85) and the Code (Articles 136 et seq.); h) the adoption of suitable measures to eliminate the consequences of the violation (Article 83, paragraph24 KB (3,667 words) - 15:53, 6 December 2023
- UODO (Poland) - ZSPR.421.3.2018 (category Article 14 GDPR)obligation by providing the information required under Art. 14 (1) – (3) of the GDPR only in relation to the persons whose e-mail addresses it had at its52 KB (8,444 words) - 10:01, 17 November 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 5(1)(e) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- BVwG - W101 2132183-1 and W101 2132039-1 (category Article 15(3) GDPR) (section Use of online tools to provide access in line with Article 12 GDPR)to Article 28 (2) of the Administrative Procedure Act in conjunction with Article 24 (1) and (5) of the Federal Data Protection Act as amended. 3.3.5 Pursuant107 KB (17,615 words) - 09:42, 10 September 2021
- APD/GBA (Belgium) - 55/2021 (category Article 6(3) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European25 KB (3,812 words) - 10:03, 20 August 2021
- Garante per la protezione dei dati personali (Italy) - 9685922 (category Article 5(1)(f) GDPR)processing carried out is in violation of Article 5(1)(f) GDPR, Article 25(1) GDPR, Article 32 GDPR and Article 35 GDPR. Especially, the controller cannot exclude119 KB (19,123 words) - 11:29, 16 August 2022
- Korkein hallinto-oikeus (Finland) - KHO:2021:125 (category Article 51 GDPR)Constitution, Article 19 TFEU and Article 47 CFR. As Mr A's mandate and termination had not been assessed in the light of the provisions of the GDPR, the Supreme46 KB (7,394 words) - 14:08, 21 March 2024
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- APD/GBA (Belgium) - 15/2021 (category Article 15(3) GDPR)rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 1885 KB (13,724 words) - 16:52, 12 December 2023
- AEPD (Spain) - EXP202306257 (category Article 44 GDPR)EDREAMS, S.L. was ordered for a violation of the Article 44 of the GDPR, typified in Article 83.5 of the GDPR, adapt the activity of data processing carried83 KB (12,999 words) - 15:30, 6 March 2024
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)of 40,000 to 400,000 euros ". 50.3 of Law 11/2007, of October 26, on Libraries of the Basque Country and article 54.3 of Law 16/2003, of December 22, of47 KB (7,616 words) - 14:35, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)aggravating circumstance according to Article 83(2)(i) or as a separate violation according to Article 83(5)(e) or Article 83(6). Since the situation at hand71 KB (11,552 words) - 13:40, 12 January 2024
- OGH - 6Ob35/21x (category Article 4(1) GDPR)constitute personal data under Article 4(1) GDPR? If so, do they qualify as special categories of personal data under Article 9 GDPR? Is the defendant obliged27 KB (4,090 words) - 09:54, 10 September 2021
- ICO - FS50819531 (category Article 4(1) GDPR)personal data pursuant to Section 3(2) of the Data Protection Act (DPA) and Article 4(1) GDPR. Pursuant to the FOIA and the GDPR, the ICO balanced the right3 KB (212 words) - 16:21, 7 March 2022
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- UODO (Poland) - DKN.5131.5.2020 (category Article 83(3) GDPR)subjects, according to Article 33(1) GDPR and Article 34(1) GDPR? The PUODO held that the insurance company infringed the GDPR provisions, failing to notify47 KB (7,608 words) - 10:00, 17 November 2023
- AEPD (Spain) - PS/00214/2022 (category Article 6(1) GDPR)legal bases of contract (Article 6(1)(b) GDPR), legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR) and determined that131 KB (20,916 words) - 12:38, 13 December 2023
- BVwG - W214 2233132-1/27E (category Article 15 GDPR)also met. 3.3. In the matter 3.3.1. Legal situation: Article 12 of Regulation (EU) 2016/679 of the European Parliament and of the CouncilArticle 12, of Regulation87 KB (14,194 words) - 10:07, 15 February 2024
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results73 KB (11,604 words) - 16:57, 12 December 2023
- HDPA (Greece) - 55/2021 (category Article 33 GDPR)measures to security of processing, in accordance with Article 32 GDPR, in connection with Article 24 GDPR, as the controller did not take into account the risks65 KB (10,533 words) - 10:28, 27 January 2022
- APD/GBA (Belgium) - 63/2020 (category Article 12(4) GDPR)(algemene verordening gegevensbescherming), hierna AVG; Gelet op de wet van 3 december 2017 tot oprichting van de Gegevensbeschermingsautoriteit, hierna20 KB (2,982 words) - 17:00, 12 December 2023
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- AEPD (Spain) - 0098/2022 (category Article 6(1)(e) GDPR)under Article 36 GDPR) regarding the compliance of the envisaged processing with the GDPR. According to the Commission, the legal basis was Article 6(1)(e)56 KB (8,102 words) - 13:57, 1 February 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)(see Article 19.2, Article 79.3 of the Basic Law) and ensures this protection also with regard to the Union Treaties (see Article 23.1 sentence 3 of the127 KB (21,367 words) - 16:00, 22 March 2022
- GHAL - 200.266.445 (category Article 5 GDPR)the data in the IR and EVR must be assessed on the basis of the GDPR . Article 21 (1) GDPR stipulates that a data subject has the right to object to the15 KB (2,380 words) - 13:35, 5 July 2022
- Datatilsynet (Norway) - 21/01057 (category Article 57(1) GDPR)in Article 6 GDPR. If the information also includes sensitive data specified in Article 9(1) GDPR, there must be a basis for processing in Article 9(2)17 KB (2,399 words) - 16:20, 6 December 2023
- VG Potsdam - VG 3 K 1458/19 (category Article 17 GDPR)the alert on the SIS system under Article 17(1)(d) GDPR. The reason for the data subject invoking the GDPR is that Article 53(1) Regulation (EU) 2018/186123 KB (3,560 words) - 14:17, 21 February 2024
- CE - N° 433311 (category Article 5(1)(e) GDPR)company for faulty website security (article 32 GDPR) and violation of the storage limitation principle (article 5(1)(e) GDPR). After a complaint in 2018, the18 KB (2,677 words) - 09:50, 10 September 2021
- APD/GBA (Belgium) - 10/2019 (category Article 5(1)(b) GDPR)logically been taken up in Article 5(1)(b) of the GDPR under the Principles relating to the processing of personal data (Chapter II). Article 5(1)(b) of the RGPD32 KB (5,190 words) - 16:51, 12 December 2023
- AEPD (Spain) - E/03003/2020 (category Article 32(1) GDPR)this data breach a violation of Article 32(1) GDPR? The AEPD concluded that there was no violation of Article 32(1) GDPR, because the company had implemented21 KB (3,039 words) - 13:39, 13 December 2023
- DSB (Austria) - D130.206/0006-DSB/2019 (category Article 3(3) GDPR)in line with Article 13 GDPR. On the DSB's request, the controller declared R*** Hotels GmbH as its representative under Article 27 GDPR and sent a reply40 KB (6,007 words) - 13:59, 12 May 2023
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)within the meaning of Article 26 GDPR, as determined in section 2.3. 135. The legal provision on data protection by design, Article 25 GDPR, states expressly82 KB (12,100 words) - 17:01, 12 December 2023
- AEPD (Spain) - PS/00339/2019 (category Article 5(1)(f) GDPR)against the respondent, for the alleged infringement of Article 6 of the RGPD, typified in Article 83.5 of the RGPD. In view of the foregoing, the following18 KB (2,781 words) - 14:30, 13 December 2023
- AEPD (Spain) - PS/00474/2020 (category Article 21 GDPR)data subject has exercised their right to object under Article 21 GDPR. In the same way, Article 48(1)(b) of the Spanish General Telecommunications Act38 KB (5,945 words) - 12:14, 9 June 2021
- Datatilsynet (Norway) - 20/01865 (category Article 2 GDPR)under Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet19 KB (2,942 words) - 09:03, 14 September 2023
- subject's data under Article 6(1)(c) GDPR. Thus, the data subject was entitled to have the controller delete his personal data per Article 17(1)(d), which allows33 KB (5,254 words) - 13:33, 12 May 2023
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(3) GDPR)related to in-game chat messages. 3. Reasons for the decision of the DPA 3.1. It follows from Article 15 of the GDPR that the data subject has the right26 KB (3,820 words) - 16:22, 6 December 2023
- OLG Köln - 20 U 295/21 (category Article 15(3) GDPR)found that the right to a copy under Article 15(3) GDPR is independent from the right to access under Article 15(1) GDPR and is to be construed extensively42 KB (6,689 words) - 08:30, 21 November 2022
- DSB (Austria) - 2020-0.303.727 (category Article 17(1) GDPR)and Article 85 GDPR. In June 2019, the complainant requested erasure of her personal data from the respondent's website, claiming that an article on that21 KB (3,266 words) - 13:51, 12 May 2023
- APD/GBA (Belgium) - 18/2020 (category Article 5 GDPR)therefore of the opinion that no breach of Article 5.2 of the GDPR, Article 24.1 of the GDPR and Article 33 of the GDPR can be established. - As regards the55 KB (8,810 words) - 16:55, 12 December 2023
- AEPD (Spain) - PS/00201/2019 (category Article 4(1) GDPR)data had taken place, meaning GDPR obligations did not apply. Are these magnetic cards personal data within Article 4(1) GDPR? If so, did the MCP infringe54 KB (9,019 words) - 14:10, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 918/154/2019 (category Article 17(1) GDPR)was outdated and was no longer of importance to society. Pursuant to Article 17(1) GDPR, the data subject had requested Google LLC (the controller) to remove26 KB (4,072 words) - 12:18, 27 March 2024
- CPDP (Bulgaria) - PNN-01-433/2019 (category Article 6(1)(a) GDPR)for processing personal data without a legal ground as required by Article 6(1) GDPR, after hiring a handwriting expert to determine that an alleged signature18 KB (2,987 words) - 16:49, 6 December 2023
- AEPD (Spain) - PS/00079/2020 (category Article 6(1) GDPR)of Article 6(1) GDPR? The Spanish DPA held that the documentation in the file provides evidence that G.L.P. Instalaciones 86, S.L violated Article 6(1)20 KB (3,301 words) - 13:57, 13 December 2023
- AP (The Netherlands) - 10.12.2020 (Booking.com) (category Article 33(1) GDPR)pursuant to Article 55 In section 3.3 it was established that Booking is the data controller. In section 3.1, the AP established that, pursuant to Article 56 of77 KB (12,915 words) - 17:15, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9304448 (category Article 5(1)(b) GDPR)principles of purpose limitation and data minimization under Article 5(1)(b) and (c) GDPR. A request of civic access was presented to the Udine City Council13 KB (2,045 words) - 15:48, 6 December 2023
- AEPD (Spain) - PS/00129/2022 (category Article 83(5) GDPR)council for an infringement of Article 32 GDPR. The AEPD dropped the case due to the time limitations outlined in Article 72 and 73 LOGPD. The access to22 KB (3,420 words) - 12:59, 13 December 2023
- AEPD (Spain) - PS/00219/2019 (category Article 5(1)(d) GDPR)infractions of article 48 of Law 9/2014, of May 9, General of Telecommunications (hereinafter LGT), in accordance with the provisions of the article 84.3 of the37 KB (5,785 words) - 14:11, 13 December 2023
- AEPD (Spain) - PS/00182/2020 (category Article 6(1) GDPR)Resolution was notified on September 28, 2020, by alleged violation of article 6.1 of the RGPD, typified in article 83.5 of the RGPD, proposing a fine of21 KB (3,154 words) - 14:07, 13 December 2023
- AEPD (Spain) - EXP202105644 (category Article 5(1)(f) GDPR)controller €80,000: €50,000 for the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. The original fine of €80,000 was reduced27 KB (4,121 words) - 15:06, 13 December 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 17(3)(d) GDPR) (section Article 17(1)(d) GDPR)seriously impair the achievement of purposes pursuant to Article 89(1) GDPR. In principle, Article 89(3) GDPR contains an opening clause. This provision was also31 KB (4,648 words) - 13:56, 12 May 2023
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled27 KB (4,216 words) - 13:26, 8 January 2024
- CNIL (France) - SAN-2023-082 (category Article 5(2) GDPR)obligations in accordance with Article 26 of the GDPR. 1.3. Processing of personal data included in the scope of this methodology 1.3.1. Only processing of personal46 KB (7,106 words) - 17:06, 6 December 2023
- AEPD (Spain) - PS/00148/2019 (category Article 6 GDPR)minutes 3:11:51 and 3:11:57; The video (2) NUM001, between minutes 3:12:06 and 3:12:28; The video (3) NUM002, between the minutes 3:12:54 and 3:13:04; The48 KB (7,550 words) - 14:05, 13 December 2023
- AEPD (Spain) - PS/00040/2020 (category Article 15 GDPR)for processing on 03/28/2019. Appealed, on appeal RR 354/2019 was resolved on 07/09/2019 being dismissed, highlights, in fact “On May 3, 2019, the affected38 KB (6,303 words) - 13:50, 13 December 2023
- Datatilsynet (Norway) - 20/02147 (category Article 5 GDPR)the lack of security routines, thus breaching Article 32(1)(b) cf. Article 5 GDPR, Article 35 and Article 24(1), respectively. Teachers at two junior high24 KB (3,591 words) - 18:57, 5 March 2022
- AEPD (Spain) - PS/00254/2019 (category Article 4(12) GDPR)infringement of Article 32.1 of the GDPR typified as a serious infringement in Article 73 f) of the LOPDGDD and in Article 83.4 of the GDPR. For its part39 KB (6,341 words) - 14:23, 13 December 2023
- AEPD (Spain) - PS/00405/2019 (category Article 6(1) GDPR)significant (Article 83(2)(b) GDPR). - basic personal identifiers were affected (name, identification number, the line identifier) (Article 83(2)(g) GDPR). The24 KB (3,887 words) - 14:34, 13 December 2023
- CNIL (France) - SAN-2019-001 (category Article 4(11) GDPR)comprehensible character, within the meaning of Article 12 of the GDPR, of the information provided for in Article 13 of the Regulation must be assessed. The90 KB (14,556 words) - 17:08, 6 December 2023
- AEPD (Spain) - PS/00433/2020 (category Article 58(2)(c) GDPR)authority ofcontrol pursuant to Article 58 (2), or failure to provide access in breachof article 58, paragraph 1. "Organic Law 3/2018, on the Protection of23 KB (3,592 words) - 14:40, 13 December 2023
- CNIL (France) - SAN-2023-018 (category Article 31 GDPR)DPO and to cooperate with the DPA, therefore violating Article 31 GDPR and Article 37(1)(a) GDPR. On 2 June 2021, the French DPA (“CNIL”) informed a French22 KB (3,384 words) - 13:25, 24 January 2024
- AEPD (Spain) - PS/00275/2019 (category Article 5(1)(f) GDPR)Vodafone on December 3 of the same year, for alleged infringement of Article 5.1.f) of the GDPR, typified in article 83.5 of the GDPR, proposing a fine of21 KB (3,335 words) - 14:25, 13 December 2023
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA was206 KB (30,485 words) - 09:54, 14 December 2023
- AEPD (Spain) - PS/00381/2019 (category Article 5(1)(f) GDPR)breach of Article 5(1)(f) GDPR. Was the publication of the census copies a breach of the data integrity and confidentiality principle under Article 5(1)(f)22 KB (3,479 words) - 14:33, 13 December 2023
- GHAL - 200.256.387 (category Article 17(3)(b) GDPR)virtue of Article 17(3)(b) GDPR. Indeed, it further is justified that the task carried out in the public interest under Article 6(1)(e) GDPR does not constitute27 KB (4,289 words) - 07:57, 7 March 2022
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)the GDPR is the provisions directly imposing obligations on processors. [...] In this regard, the [EDPS] considers that Article 28(3) of the GDPR, while55 KB (9,079 words) - 16:57, 6 December 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR. The complainants are clients52 KB (8,603 words) - 16:55, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 38(3) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg56 KB (8,326 words) - 16:57, 6 December 2023
- UODO (Poland) - DKE.561.11.2020 (category Article 34(4) GDPR)(2), Article 60, Article 101, Article 101a and Article 103 of the Act of 10 May 2018 on personal data protection (Journal of Laws of 2019, item 1781) and46 KB (7,322 words) - 09:51, 17 November 2023
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)made to the GDPR, it follows that the "consent" provided for in Article 5, paragraph 3, of the "ePrivacy" directive as transposed in article 82 of the "Informatique82 KB (13,428 words) - 17:02, 6 December 2023
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- APD/GBA (Belgium) - 24/2021 (category Article 7(3) GDPR)the basis of article 6.1 e) GDPR read together with articles 5.2 GDPR and 24.1 GDPR. 3) Violation of Articles 12.1, 12.6, 13.1 and 13.2 GDPR: the Inspection110 KB (18,238 words) - 16:56, 12 December 2023
- DSB (Austria) - 2020-0.743.659 (category Article 4(15) GDPR)permission in Article 6 (1) (c) GDPR and argues that it is the Viennese in accordance with Article 5 (3) of the EpiG in conjunction with Article 1 (2) (e)50 KB (8,015 words) - 13:52, 12 May 2023
- OGH - 6Ob159/20f (category Article 12(1) GDPR)under Article 15 GDPR to the defendant and requested i.a. information on concrete recipients of their personal data under Article 15(1)(c) GDPR. The defendant22 KB (3,310 words) - 07:44, 5 October 2021
- AEPD (Spain) - EXP202105669 (category Article 5(1)(f) GDPR)violation of article 5.1.f) of the GDPR, typified in article 83.5 of the GDPR, a warning sanction and for a violation of article 32 of the GDPR, typified45 KB (6,998 words) - 12:58, 13 December 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)accordance with Article 60(3) GDPR. Ten DPAs (AT, DE, ES, FI, FR, HU, IT, NL, NO, SE) raised objections, in accordance with Article 60(4) GDPR, to the Draft468 KB (51,340 words) - 14:10, 30 January 2023
- Garante per la protezione dei dati personali (Italy) - 9779057 (category Article 4(1) GDPR)without references to names. Moreover, (2) it included health data (Article 4(15) GDPR) as the newsletters were send to patients of the respected medical63 KB (9,916 words) - 11:28, 16 August 2022
- CNIL (France) - SAN-2020-018 (category Article 15(3) GDPR) (section Violations of the obligations to inform as prescribed by Article 12 and 13 GDPR:)in violation of Article 13 GDPR. The questionnaire to subscribe to Nestor did not include all the information required by Article 13 GDPR: there was no information69 KB (11,007 words) - 17:10, 6 December 2023
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)violations of Articles 5(1)(c) and 6 GDPR and Article 29(1) of Law 125(I)/2018. Concerning the violation of Article 29(1) of Law 125(I)/2018, the DPA took31 KB (4,973 words) - 16:50, 6 December 2023
- BayLfD (Bavaria) - LDA-1085.1-12159/20-IDV (category Article 77 GDPR)exercise his or her rights (Article 58(2)(c) GDPR), the power to impose a fine under Article 83 GDPR (Article 58(2)(i) GDPR) does not serve to safeguard15 KB (2,168 words) - 13:06, 14 September 2021
- Personvernnemnda (Norway) - 2021-13 (20/01874) (category Article 6(1) GDPR)«Guidelines 3/2019 on processing of personal data through video devices» points 3.1.1 to 3.1.3. The audit indicates that the camera in zone 3 films the area48 KB (7,804 words) - 18:49, 5 March 2022
- AEPD (Spain) - EXP202204530 (category Article 6(1) GDPR)violation of article 6.1 of the RGPD, typified in article 83.5.a) of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 3/9 The proposed26 KB (3,971 words) - 13:26, 13 December 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)purpose limitation in accordance with Article 5 Paragraph 1 Letter b GDPR (Paal/Pauly/Paal, 3rd edition 2021, GDPR Article 15 Rn. 24). The plaintiff has a right32 KB (5,093 words) - 16:07, 11 September 2022
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)the processing is based on Article 6(1)(a) or on Article 9, (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the69 KB (11,315 words) - 13:30, 19 January 2022
- AEPD (Spain) - EXP202201721 (category Article 6(1) GDPR)violated Article 6 and Article 32 GDPR. The DPA seems to consider the authentication procedure itself as "processing" and therefore Article 32 GDPR applies79 KB (12,408 words) - 13:24, 13 December 2023
- Personvernnemnda (Norway) - 2022-12 (20/01589) (category Article 15 GDPR)its powers under Article 58(1) GDPR against the municipality (the controller). Presumably, the parent of the data subject used Section 28 of the Public Administrative24 KB (3,609 words) - 09:07, 20 January 2023
- Datatilsynet (Norway) - 20/02274 (category Article 5(1)(a) GDPR)fundamental principles of the GDPR, notably Article 5(1)(a) and (e) GDPR. The DPA found violations of various provisions of the GDPR. It held that the controller47 KB (7,661 words) - 18:54, 5 March 2022
- APD/GBA (Belgium) - 19/2020 (category Article 5(1)(b) GDPR)1 f) GDPR) (and the obligations arising from it – Article 32 GDPR) and the principle of purpose (Article 5 § 1 b) GDPR) which the principle of security39 KB (6,246 words) - 16:55, 12 December 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)uncensored form” as intended by the court, i.e. without that 3.20 3.21 3.22 3.23 3.24 3.25 3.26 3.27 3.28 essential information in the deeds had been blacked out103 KB (17,620 words) - 10:13, 29 November 2023
- DVI (Latvia) - SIA "TET" (category Article 5(1)(a) GDPR)violation of Article 5(1)(a), (b), (d) and (e) GDPR. Furthermore, there was no legal basis for these processing operations under Article 6(1) GDPR. The DPA114 KB (17,942 words) - 15:46, 2 November 2022
- APD/GBA (Belgium) - 42/2020 (category Article 2(1) GDPR)the file (Article 95, §2, 3 ° WOG) 7. On 7 August 2019, a copy of the file will be sent to the defendants. Page 3 Substance decision 35/2020 - 3/11 8. On30 KB (4,871 words) - 16:58, 12 December 2023
- Datatilsynet (Denmark) - 2019-31-1713 (category Article 23 GDPR)months after the request was made. According to Article 12(3) GDPR the response has to be the latest within 3 months. The DPA considered that it had no competence33 KB (5,177 words) - 16:23, 6 December 2023
- OLG Bremen - 1 W 18/21 (category Article 82 GDPR)damages were not fully presented. Article 82 GDPR presupposes damage. The asserted mere breach of the provisions of the GDPR is not sufficient for a claim7 KB (945 words) - 13:54, 20 September 2021
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)that “Recital 65 of the GDPR also includes the exception of the legal defense as provided for in article 17.3.e of the GDPR to the right to erasure",37 KB (5,765 words) - 09:53, 14 December 2023
- UODO (Poland) - DKN.5131.7.2020 (category Article 33(3) GDPR)breach and had failed to do so within the timeframe set out in Article 33(1) of the GDPR, meaning that the company had breached this provision. Consequently50 KB (8,066 words) - 10:00, 17 November 2023
- AEPD (Spain) - PS/00335/2019 (category Article 6(1)(a) GDPR)subjects infringes Article 6 (1) (a) GDPR. The AEPD fined the data processor in an amount of 4,000 Euro for the violation of Article 6 (1) (a) GDPR. Since the21 KB (3,281 words) - 14:30, 13 December 2023
- AEPD (Spain) - PS/00220/2020 (category Article 5(1)(d) GDPR)significant negligent action (Article 83(2)(b) GDPR) and that basic personal identifiers were affected (Article 83(2)(g) GDPR). The economic volume of the28 KB (4,295 words) - 14:11, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8393/161/2019 (category Article 5(1)(c) GDPR)with Article 5 (1) (a) and Article 6 (1) (f) GDPR. Thus, the controller failed to comply with the accountability principle under Article 5 (2) GDPR. Second111 KB (17,604 words) - 13:08, 3 March 2024
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- abusive multiple evaluations. 3.2.3. To an objection by the BF according to Art 21 GDPR According to Article 21 Paragraph 1 GDPR, every person concerned has30 KB (4,834 words) - 13:14, 10 November 2021
- Datatilsynet (Norway) - 20/02375 (category Article 6(1)(f) GDPR)rating, breaching Article 6(1) GDPR, and required the company to implement a policy for conducting credit ratings per Article 24 GDPR. A person lodged a40 KB (5,943 words) - 18:54, 5 March 2022
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)also be subject to the provisions of Article 6.1(e) DSGVO in conjunction with Article 6.1(b) DSGVO. Article 2, 28.2 no. 2 BayDSG without the consent of31 KB (5,184 words) - 17:19, 15 April 2023
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- OGH - 6Ob127/20z (category Article 4(1) GDPR)held that a lawsuit under Article 79 GDPR regarding the alleged violation of Article 15 GDPR is indeed feasible. Article 79 GDPR is not limited to certain34 KB (5,408 words) - 13:57, 20 September 2021
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- GHDHA - 200.274.807 / 01 (category Article 6(1)(f) GDPR)her life. Her objection to processing follows from Article 21(1) GDPR. ING argues that Article 21(1) GDPR cannot be relied on in this case because it applies29 KB (4,710 words) - 12:25, 4 October 2021
- LG Essen - 6 O 190/21 (category Article 33 GDPR)violated Article 34(2) GDPR, because he only informed the data subject of the alleged data loss. However, the information obligations of Article 34 GDPR provide28 KB (4,596 words) - 18:30, 18 November 2021
- AEPD (Spain) - PS/00464/2020 (category Article 32(1) GDPR)such data. 3. Adherence to a code of conduct approved in accordance with article 40 or to a certification mechanism approved under article 42 may serve29 KB (4,300 words) - 14:41, 13 December 2023
- DSB (Austria) - D123.768/0004-DSB/2019 (category Article 4(4) GDPR)CFR Art8 para 11 CFR Art11 para 1 ECHR Art10 para 1 GDPR Art4 no 2 GDPR Art4 no 7 GDPR Art85 para 1 GDPR Art85 para 2 Text GZ: DSB-D123.768/0004-DSB/201929 KB (4,637 words) - 13:57, 12 May 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments60 KB (9,713 words) - 13:07, 26 March 2024
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)that a controller is allowed to reject a request to access under Article 12(5)(b) GDPR as "excessive" if the request's sole purpose is to verify the validity40 KB (6,325 words) - 16:12, 18 May 2022
- Garante per la protezione dei dati personali (Italy) - 9547248 (category Article 17(1)(a) GDPR)adopt corrective measures as per Article 58(2) GDPR, and that, although there was a violation of Articles 5(1)(a) and (e) GDPR, “the circumstances referred22 KB (3,235 words) - 15:55, 6 December 2023
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)force of the GDPR, the controller also sent him a separate revocation letter referring to the operational reasons under Article 38(3) GDPR, second sentence40 KB (6,019 words) - 14:13, 28 November 2023
- CNIL (France) - SAN-2020-056 (category Article 5(1)(d) GDPR)down in Article 28 of the GDPR. The Commission wonders about such a qualification in the light of the definition of a subcontractor given in Article 4.8 of43 KB (6,847 words) - 17:11, 6 December 2023
- APD/GBA (Belgium) - 72/2020 (category Article 7(3) GDPR)juncto 7.3 of the RGPD; - that it is not necessary to pronounce one of the measures provided for in Article 100, §1 of the ACL. Pursuant to Article 108, §34 KB (5,677 words) - 17:00, 12 December 2023
- CNIL (France) - SAN-2020-008 (category Article 5(1)(e) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9795350 (category Article 5(1)(a) GDPR)required by Article 12 GDPR. The DPA clarified that the right of information and the right of access are distinct. An access request under Article 15 GDPR is not90 KB (14,651 words) - 08:07, 5 September 2022
- CNIL (France) - SAN-2020-015 (category Article 32(1) GDPR)private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA29 KB (4,374 words) - 16:03, 19 January 2024
- APD/GBA (Belgium) - 03/2021 (category Article 5(1)(b) GDPR)concludes that the infringement of Article 5.1.b) in conjunction with Article 6.4. GDPR, and Article 6.1. AVG has been proven. 28. Despite the fact that it appears32 KB (4,880 words) - 16:50, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 5(1)(a) GDPR)for fraud prevention under Article 6(1)(f) GDPR. Did the company’s policy breach Article 6 or any other articles of the GDPR? The Garante held that the33 KB (5,342 words) - 15:52, 6 December 2023
- AEPD (Spain) - PS/00291/2019 (category Article 6(1)(a) GDPR)information received from MEDISALUD, dated February 28, 2019, in accordance with article 65.4 of Organic Law 3/2018, dated December 5, on the Protection of Personal33 KB (5,396 words) - 14:26, 13 December 2023
- AP (The Netherlands) - 04.11.2019 (category Article 32 GDPR)payment to be appropriate. 3. Findings 3.1 Findings prior to the on-site visit of 18 June 2018 Menzis sent documents to the AP on 3 and 29 May 2018 to demonstrate36 KB (5,914 words) - 17:13, 12 December 2023
- RvS - 201901006/1/A2 (category Article 79 GDPR)envisaged as follows. 17. In paragraph 3.3. Legal Protection' of the AVG Implementation Act, Article 34 reads as follows: Article 34. Applicability of the General34 KB (5,179 words) - 07:10, 7 April 2020
- AKI (Estonia) - 12.10.2023 (category Article 44 GDPR)Estonia. The Estonian DPA started an investigation in the context of Article 60 GDPR. The Estonian DPA found that the controller unlawfully transferred personal10 KB (1,381 words) - 10:27, 13 December 2023
- AEPD (Spain) - PS/00245/2019 (category Article 5(1)(a) GDPR)Articles 5(1)(a) GDPR and 13 GDPR. On the other hand, they disagreed with the infringement of Article 5(1)(a) GDPR in relation to Article 9(1) GDPR with regard116 KB (18,941 words) - 14:21, 13 December 2023
- APD/GBA (Belgium) - 42/2022 (category Article 6(1)(f) GDPR)dismissal policy of the Disputes Chamber. 5 Article 15.3 GDPR: “The right to obtain a copy referred to in paragraph 3 is without prejudice to the rights and13 KB (1,908 words) - 08:54, 29 June 2023
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)that the controller had not violated Article 45 GDPR nor any of the subsequent Articles from Chapter V of the GDPR. The AEPD took into account that the44 KB (6,642 words) - 10:34, 13 December 2023
- HDPA (Greece) - 11/2024 (category Article 17 GDPR)60 of the GDPR does not apply established by the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR36 KB (5,761 words) - 17:19, 22 April 2024
- APD/GBA (Belgium) - 75/2023 (category Article 12(3) GDPR)paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the77 KB (11,604 words) - 08:55, 29 June 2023
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD typified in Article 83.5.a) of the RGPD and considered very serious, for the purposes of prescription, in Article 72.139 KB (6,623 words) - 14:08, 13 December 2023
- HDPA (Greece) - 51/2022 (category Article 4(1) GDPR)enhanced rights provided for by the GDPR are met. 3. The European Data Protection Board has issued guidelines No. 3/2019, regarding the processing of personal13 KB (1,901 words) - 08:43, 9 November 2022
- AEPD (Spain) - PS/00172/2020 (category Article 6(1) GDPR)transferred the defendant, in accordance with the provisions of article 65.4 of the Law Organic 3/2018, of December 5, Protection of Personal Data and guarantee38 KB (6,160 words) - 14:06, 13 December 2023
- IMY (Sweden) - DI-2020-10518 (category Article 12(3) GDPR)Klarna violate Article 15 of the GDPR? The DPA considered that Klarna failed to process the request within the timeframe required by Article 12(3) and without18 KB (2,003 words) - 15:22, 6 December 2023
- AEPD (Spain) - PS/00099/2022 (category Article 5(1)(f) GDPR)controller with €10,000 for the violation of Article 5(1)(f) GDPR and €25,000 for the violation of Article 32 GDPR. There is a pattern in the Spanish DPA resolutions38 KB (5,920 words) - 12:43, 13 December 2023
- CNPD (Portugal) - Deliberação 984/2018 (category Article 5(1)(f) GDPR)Protection Committee, foreseen in theSection 3 of Chapter VIl of the GDPR, must, under the terms of paragraph 3 of article 68 of theregulation, be “composed of40 KB (5,935 words) - 16:55, 6 December 2023
- CE - N° 430810 (category Article 6(1)(a) GDPR)---------- Article 1: The intervention of the PDU - What to choose is allowed. Article 2: The request of the company Google LLC is rejected. Article 3: This42 KB (6,800 words) - 09:50, 10 September 2021
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)envisaged as follows. 22. In paragraph 3.3. Legal Protection' of the AVG Implementation Act, Article 34 reads as follows: Article 34. Applicability of the General37 KB (5,721 words) - 12:41, 16 September 2021
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)(articles 12 and 14 of the GDPR); A breach of his right of access (article 15 of the GDPR); A breach of Article 28 of the GDPR with regard to its status72 KB (11,389 words) - 08:59, 20 August 2021
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)principleof data minimization within the meaning of Article 5 (1) point c) GDPR.3. Breaches of the GDPR and the complainant's requests68. The Disputes Chamber41 KB (6,354 words) - 16:59, 12 December 2023
- APD/GBA (Belgium) - 33/2020 (category Article 12(3) GDPR)commit a breach of Article 12(3) GDPR? Did the controller fail to uphold its responsibilities under Article 24 GDPR? No lawful basis for processing: The39 KB (6,551 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00430/2018 (category Article 4(7) GDPR)( *** POSITION 1) for an infraction of Article 6.1.f) of the GDPR, in accordance with Article 83.5 of the GDPR ”. In the face of it, no allegations have40 KB (6,508 words) - 14:39, 13 December 2023
- BAC (Bulgaria) - 2606/2021 (category Article 4(12) GDPR)CPDP issued NRA an order under Article 58(2)(d) supra Article 57(1)(a) and Article 83(2)(a), (c), (d), (f) and (g) of the GDPR for undertaking suitable technical13 KB (1,761 words) - 09:58, 14 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)refer to ‘consent’ in the light of GDPR and thus the condition for a valid consent (Article 7 GDPR) must be met. 3° This consent relates to the purpose67 KB (10,544 words) - 09:24, 10 September 2021
- HDPA (Greece) - 20/2022 (category Article 12(3) GDPR)violation of article 17 in combination with article 21 par. 3 and article 12 paragraph 3 of the GDPR and article 25 paragraph 1 of the GDPR. For its judgment16 KB (2,374 words) - 11:46, 18 August 2022
- AEPD (Spain) - PS/00200/2019 (category Article 5(1)(f) GDPR)for a violation of Article 5.1.f) of the RGPD, in relation to ArticleC / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 3 3/55 of the LOPDGDD14 KB (2,163 words) - 14:10, 13 December 2023
- AEPD (Spain) - PS/00274/2019 (category Article 5(1)(f) GDPR)thearticle 5.1.f), in relation to article 6.1 of the RGPD.The violation of article 5.1.f) of the RGPD is typified in article 83.5.a)of the RGPD. The LOPDGDD37 KB (5,700 words) - 14:24, 13 December 2023