Search results
From GDPRhub
- Article 30 GDPR (category GDPR Articles) (section (4) Provision of the ROPA to supervisory authority)applicability of Article 49(1) GDPR, the documentation of suitable safeguards (Article 30(2)(c) GDPR). See commentary under Article 30(1)(e) GDPR. The processor's31 KB (3,327 words) - 15:31, 5 June 2023
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 5 GDPR (category GDPR Articles)consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- such as profiling (see also Article 4(4) GDPR); Restriction (marking for limited further processing, see also Article 4(3) GDPR), such as deactivation of125 KB (16,328 words) - 16:01, 8 March 2024
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)listed in Article 83(4), (5) and (6) GDPR. This specifically refers to violations of Articles 8, 11, 25 to 39, 41(4), 42, 43 of the GDPR (paragraph 4), Articles55 KB (7,622 words) - 14:04, 7 November 2023
- Article 32 GDPR (category GDPR Articles) (section (4) Natural persons acting under the authority of the controller or the processor)evaluating the effectiveness of security measures (Article 32(1)(d) GDPR). According to Article 4(5) GDPR, "pseudonymisation" means the processing of personal41 KB (5,197 words) - 12:17, 17 April 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- GDPR are Article 4(7) GDPR (definition of controller), Article 4(8) GDPR (definition of processor), Article 4(16) GDPR (definition of main establishment)55 KB (7,446 words) - 22:28, 1 April 2024
- Article 88 GDPR (category Article 88 GDPR)opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- meaning of Article 4(7) and (8) GDPR can be liable for compensation. A claim for damages first requires an infringement of the GDPR. Article 82 GDPR does not33 KB (4,215 words) - 09:57, 19 March 2024
- Article 49 GDPR (category GDPR Articles)paragraph 1 of this Article in the records referred to in Article 30. → You can find all related decisions in Category:Article 49 GDPR EDPB, ‘Guidelines29 KB (3,500 words) - 08:54, 27 March 2023
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)controller (as defined under Article 4(7) GDPR) and a processor (as defined under Article 4(8) GDPR). As noted above, Article 79 GDPR imposes a two-stage cumulative31 KB (3,550 words) - 11:11, 29 November 2023
- Article 72 GDPR (category Article 72 GDPR)dispute resolution under Article 65(3)(1) GDPR and for consistency decisions in the urgency procedure under Article 66(4) GDPR is necessary, as these are22 KB (2,266 words) - 08:26, 17 October 2023
- incompatible with the office. Article 52(4) GDPR and Article 52(6) GDPR establish the framework for SAs financial governance. Article 52(4) GDPR stipulates that SAs47 KB (5,594 words) - 22:45, 1 April 2024
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- Regulation (GDPR): A Commentary, Article 53 GDPR, p. 888 (Oxford University Press 2020). Boehm, in Kühling, Buchner, DS-GVO BDSG, Article 54 GDPR, margin numbers29 KB (2,894 words) - 23:06, 1 April 2024
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)and (3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5) GDPR)32 KB (3,730 words) - 08:43, 7 March 2024
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 37 GDPR (category GDPR Articles) (section (4) Other circumstances in which to designate a data protection officer)categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- performance. Article 7 GDPR regulates the "conditions for consent". It specifies the definition of consent set out in Article 4(11) GDPR and, by integrating31 KB (3,489 words) - 16:00, 8 March 2024
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 25 GDPR (category GDPR Articles)Protection Regulation (GDPR): A Commentary, Article 25 GDPR, p. 577 (Oxford University Press 2020). EDPB, 'Guidelines 4/2019 on Article 25 Data Protection43 KB (4,675 words) - 06:43, 16 June 2023
- Article 26 GDPR (category GDPR Articles)provisions such as Article 30(4) for the record of processing or Article 40(11) for the register of approved codes of conduct, Article 26 does not explicitly37 KB (3,915 words) - 12:49, 24 May 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 97 GDPR (category Article 97 GDPR)recitals for Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out16 KB (778 words) - 08:24, 19 October 2023
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- in Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- Article 8 GDPR (category GDPR Articles)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- Article 59 GDPR (category GDPR Articles)Marsch, DS-GVO/BDSG, Article 59 GDPR, margin numbers 4 and 5 (Nomos 2022). Ziebarth, in Sydow, Marsch, DS-GVO/BDSG, Article 59 GDPR, margin number 8 (Nomos15 KB (718 words) - 15:31, 19 October 2023
- burdens. This reading of Article 31 GDPR is supported by the language of Article 83(4)(a) GDPR which categorises Article 31 GDPR as an 'obligation' of the22 KB (2,042 words) - 14:29, 20 November 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 67 GDPR (category Article 67 GDPR)Category:Article 67 GDPR See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available here). See EDPB, 2019 Annual Report, Section 4.3.1 (available15 KB (810 words) - 16:13, 2 November 2023
- 62(7) GDPR, the reference to the EDPB is mandatory. The authority addressed under Article 66(1)-(2) GDPR is the CSA within the meaning of Article 4(22) GDPR20 KB (1,590 words) - 16:11, 2 November 2023
- Article 76 GDPR (category Article 76 GDPR)Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p.15 KB (787 words) - 08:17, 19 October 2023
- Article 19 GDPR (category GDPR Articles)disclosed to per Article 4(9) GDPR. Article 19 does not establish any specific time requirement for notification. However, since the purpose of Article 19 is to19 KB (1,436 words) - 12:35, 12 May 2023
- Article 69 GDPR (category Article 69 GDPR)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- Article 60 GDPR (category GDPR Articles) (section (4) Objection by supervisory authority concerned (CSA) and procedure where it is not followed)resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 43 GDPR (category GDPR Articles)Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- Article 74 GDPR (category Article 74 GDPR)decisions in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C15 KB (808 words) - 09:44, 17 October 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))a "filing system" within the meaning of Article 4(6) GDPR. See also Article 2(1) GDPR on the scope of the GDPR when it comes to non-automated filing systems73 KB (9,896 words) - 15:46, 18 March 2024
- Article 16 GDPR (category GDPR Articles)please refer to Article 19 GDPR. If the controller declines to rectify the data, they must provide reasons for their decision (Article 12(4) GDPR). The data23 KB (2,489 words) - 23:24, 6 March 2024
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- 64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A19 KB (1,525 words) - 08:18, 19 October 2023
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- right to data protection. Article 51 GDPR is closely connected to Article 4(21) (definition of SA), Article 52 (independence), Article 53 (General conditions27 KB (2,604 words) - 14:24, 16 January 2024
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 61 GDPR (category Article 61 GDPR) (section (4) Conditions for a refusal to comply with an assistance request)standards of clarity (Article 61(3) GDPR). Requests are imperative and, subject to specific exceptions (Article 61(4) and (5) GDPR), must be fulfilled and24 KB (2,181 words) - 11:46, 15 January 2024
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))subject (Article 12(2) GDPR), respond and communicate the measures taken (Article 12(3) and (4) GDPR), the principle of freedom from costs (Article 12(5)61 KB (8,488 words) - 15:47, 18 March 2024
- Member State in relation to damage referred to in Article 62(4) GDPR. According to Article 62(7) GDPR, if the lead SA does not invite the SA to take part22 KB (1,915 words) - 13:46, 15 January 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- Article 73 GDPR (category Article 73 GDPR)simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- further discussed, in Article 4(1) GDPR. Any information that relates to an identified or identifiable natural person falls under the GDPR, this also includes34 KB (4,652 words) - 12:07, 12 November 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 42 GDPR (category GDPR Articles) (section (3-4) Certification as a voluntary act that does not reduce compliance obligations)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- on Article 36(4), it is still disputed whether the outcome of the procedure rather resembles that of Article 58(3)(a) GDPR or Article 58(3)(b) GDPR. See31 KB (3,646 words) - 08:51, 21 July 2023
- clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Category:Article 11 GDPR Georgieva, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 11 GDPR, p. 39520 KB (1,854 words) - 16:32, 8 March 2024
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- can carry out a notification in phases under Article 33(4) GDPR (see below). Under Article 33(3)(b) GDPR, the supervisory authority must be given the contact54 KB (6,536 words) - 08:22, 16 June 2023
- Article 22 GDPR (category GDPR Articles) (section (4) Qualified prohibition of using special categories of data)and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- Article 47 GDPR (category GDPR Articles)other DPAs concerned. The BCR Lead the submits, following Article 64(1) GDPR and Article 64(4) GDPR, a draft decision to the EDPB. The EDPB, in turn, issues29 KB (2,823 words) - 15:15, 28 April 2022
- complaint under Article 77(1) GDPR on behalf of the data subject and to represent the them before all supervisory authorities (“SA”) (Article 4(21) GDPR). Secondly26 KB (2,575 words) - 15:50, 9 November 2023
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- Article 90 GDPR (category Article 90 GDPR)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- Article 65 GDPR (category GDPR Articles) (section (4) Supervisory authorities (SAs) prohibited to adopt any measure during the procedure)lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- Article 78 GDPR (category GDPR Articles) (section (4) Information on preceding EDPB opinion or decision)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- Article 55 GDPR (category GDPR Articles)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 89 GDPR (category Article 89 GDPR) (section (4) Derogations do not Extend to Other Purposes that Require the Same Processing)that purpose. Article 89(4) GDPR makes it clear that the derogations to the GDPR are only available for processing specified in Article 89 GDPR, and not for29 KB (3,695 words) - 13:44, 21 March 2024
- to § 14(1)(1)(6) BDSG the BfDI is responsible for complaints under Article 77 GDPR. The BfDI has to inform the complainant about the ongoing procedure3 KB (297 words) - 14:49, 1 December 2020
- Article 1 GDPR (category GDPR Articles)about the scope of the term 'personal data' under Article 4(1) GDPR. Non-EU citizens can rely on the GDPR as its application is generally independent of nationality28 KB (3,831 words) - 16:21, 14 March 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- Article 54 GDPR (category GDPR Articles)provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- in Category:Article 3 GDPR EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 4 (available here)37 KB (4,635 words) - 13:29, 24 October 2023
- refusal to take action on a data subject’s request (Article 12(4)). The first sentence of Article 20(3) GDPR clarifies that the exercise of the right to data40 KB (5,349 words) - 07:05, 1 June 2023
- APD/GBA (Belgium) - 15/2023 (category Article 4(11) GDPR)(1) and Article 25 (1) of the GDPR; c. infringement of Article 30(1),(3) and (4) of the GDPR; and d. violation of Article 38(1) and (3) and Article 39 of105 KB (15,883 words) - 15:05, 8 March 2023
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the113 KB (12,773 words) - 15:20, 6 December 2023
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- BlnBDI (Berlin) - C-807/21 - Deutsche Wohnen (category Article 83 GDPR)necessary. For the intentional infringement of Article 25(1) GDPR and Article 5(1)(a), (c), and (e) GDPR, the authority imposed a pecuniary penalty of €147 KB (936 words) - 16:39, 12 December 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the131 KB (14,752 words) - 08:36, 5 July 2023
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.121 KB (13,722 words) - 15:16, 5 July 2023
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the115 KB (12,842 words) - 08:38, 5 July 2023
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- BVwG - W258 2217446-1 (category Article 4(1) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO, ordered79 KB (12,652 words) - 09:41, 10 September 2021
- APD/GBA (Belgium) - 01/2021 (category Article 60 GDPR)various GDPR violations (including the principles of legality, transparency and fairness, minimisation and security among others). In total, 4 complaints19 KB (2,707 words) - 16:50, 12 December 2023
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)of a copy, that "Article 15(1) of the GDPR restricts the right of access to personal data within the meaning of Article 4(1) of the GDPR and additional information51 KB (8,592 words) - 07:03, 2 November 2021
- HDPA (Greece) - 30/2020 (category Article 4(1) GDPR)powers under Article 58(2) GDPR and impose on the respondent the responsibility to restore the fulfilment of Article 5(1)(a) GDPR and of Article 5(1)(b-f)20 KB (2,519 words) - 15:36, 6 December 2023
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)Pursuant to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not36 KB (5,810 words) - 13:09, 21 January 2022
- GDPR, Article 9 GDPR, Article 10 GDPR, Article 30 GDPR and Article 34 GDPR, as well as the provision of the PDPA governing processing of personal data10 KB (1,440 words) - 08:54, 17 January 2020
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(1)(c) GDPR)Protection Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and48 KB (7,442 words) - 10:24, 12 September 2022
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed60 KB (9,144 words) - 16:17, 22 March 2022
- exemption is based on Article 85(2) GDPR. According to Article 26(3) of the 2018 Act, certain GDPR provisions (listed in Article 26(9)) will not apply14 KB (2,011 words) - 15:42, 25 November 2020
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 83(4)(a) GDPR)paragraph 3, all of article 35, and paragraph a) of paragraph 4 of article 83, all GDPR, with a fine of up to €20,000,000 or up to 4% of annual turnover163 KB (27,222 words) - 16:54, 6 December 2023
- AEPD (Spain) - PS/00451/2019 (category Article 6(1)(f) GDPR)regard to article 83.2 (k) of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k)26 KB (4,231 words) - 14:44, 13 December 2023
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)provided for in Article 5(1)(a), (e) and (f), Article 5(2), Article 24(1) and (2), Article 28(3), Article 30(1)(d) and (f) and Article 32(1) of the General58 KB (9,357 words) - 10:02, 17 November 2023
- APD/GBA (Belgium) - 26/2021 (category Article 6 GDPR)Decision 26/2021 - 4/4 This interim decision can be appealed within 30 days of its notification registered with the Marktenhof (article 108, § 1, of the8 KB (1,156 words) - 16:56, 12 December 2023
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(a) GDPR)compatible by virtue of a legal provision (see Article 6.4. of the RGPD). Based on the criteria in section 6.4 of the EDR: there is no link between the two35 KB (5,853 words) - 16:58, 12 December 2023
- the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European25 KB (3,812 words) - 10:03, 20 August 2021
- Protection Act 2019 sets exceptions in Article 9(1) GDPR, Article 15 GDPR, Article 16 GDPR, Article 18 GDPR and Article 21 GDPR for scientific or historical research10 KB (1,037 words) - 14:52, 10 July 2020
- defendant within the meaning of Article 4 of the GDPR. The defendant is therefore a controller within the meaning of Art. 4 No. 7 GDPR. b. 44 The Senate is convinced51 KB (8,215 words) - 09:55, 13 May 2022
- DSB (Austria) - Austrian Postal Service (category Article 6(1)(f) GDPR)"special categories of data" under Article 9 GDPR. What is the relationship between national laws (like § 151 GewO) and GDPR? Is a prediction of a political8 KB (611 words) - 16:12, 6 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 30 GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))violated Article 30(1) GDPR, as it should have kept more detailed records of processing activities. Data protection impact assessment - Article 35 GDPR The429 KB (58,279 words) - 09:12, 2 November 2022
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)enshrined in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not270 KB (43,335 words) - 12:39, 13 December 2023
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller120 KB (19,650 words) - 09:00, 6 April 2022
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)accordance with Article 60(3) GDPR. Ten DPAs (AT, DE, ES, FI, FR, HU, IT, NL, NO, SE) raised objections, in accordance with Article 60(4) GDPR, to the Draft468 KB (51,340 words) - 14:10, 30 January 2023
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9860529 (category Article 9 GDPR)right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,354 words) - 15:45, 6 December 2023
- communication service. Therefore, TikTok had to obtain valid consent (Article 4(11) GDPR) from users before using the identifiers. The DPA stated that it should73 KB (11,864 words) - 17:03, 6 December 2023
- Rb. Rotterdam - C/10/576074/HA RK 19-694 (category Article 15(3) GDPR)assessment framework 4.4. The right of access previously laid down in Article 12 of the Privacy Directive 95/46 has now been included in Article 15 of the AVG15 KB (2,504 words) - 16:27, 10 March 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(1)(a) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read in131 KB (22,429 words) - 16:57, 12 December 2023
- democratic legitimation necessary under Article 23(1) second sentence in conjunction with Article 20(1) and (2) and Article 79(3) of the Basic Law. Since data18 KB (1,831 words) - 13:49, 3 November 2022
- Rb. Rotterdam - C/10/576091/HA RK 19-701 (category Article 15(3) GDPR)the documents or files containing their personal data under Article 15(3) GDPR and Article 12 of the ePrivacy Directive. However, there is a right to a14 KB (2,154 words) - 16:27, 10 March 2022
- AEPD (Spain) - EXP202206626 (category Article 5(1)(c) GDPR)accordance with article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 The GDPR defines35 KB (5,475 words) - 13:21, 13 December 2023
- APD/GBA (Belgium) - 08/2019 (category Article 12(4) GDPR)violated Articles 12(3), (4), 13(2)(b), 30(1)(d) and (g) of the GDPR and issued a warning by virtue of Article 58(2)(b) of the GDPR. Due to the anonimisation24 KB (3,843 words) - 16:51, 12 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)under Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR143 KB (24,273 words) - 15:59, 10 March 2022
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)pursuant to Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR)121 KB (20,412 words) - 15:58, 10 March 2022
- BVwG - W258 2227269-1/14E (category Article 4(7) GDPR)violating Article 5(1) GDPR Article 6 (1) GDPR Article 6(4) GDPR Article 9 GDPR Article 14 GDPR Article 30 GDPR Article 35 GDPR and Article 36 GDPR. The fine47 KB (7,345 words) - 09:41, 10 September 2021
- AEPD (Spain) - EXP202209511 (category Article 6(1) GDPR)following the mandatory legal requirements to do so, violating Article 6(1) and Article 13 GDPR. A resident has installed, without the authorization of the22 KB (3,257 words) - 13:28, 13 December 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)this case under Article 6(1)(a) or 6(1)(c)? If Article 6(1)(a) applies, do the requirements for parental consent under Article 8 GDPR also apply? Did the48 KB (7,926 words) - 16:56, 12 December 2023
- Datatilsynet (Norway) - 20/03293 (category Article 30 GDPR)Privacy Ordinance article 58 no. 2. 4.2 Requirements for treatment protocol Pursuant to Article 30 of the Privacy Regulation (and Article 24 of Directive18 KB (2,525 words) - 08:44, 11 July 2022
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- VG Wiesbaden - 6 K 788/20.WI (category Article 4(4) GDPR)conditions of Article 6 (1) of the GDPR. This follows both from Article 21(1)(1)(2) of the GDPR, which refers to Article 6(1)(1)(e) and (f) of the GDPR as a possible52 KB (8,534 words) - 12:58, 15 December 2021
- Garante per la protezione dei dati personali (Italy) - 9529527 (category Article 30 GDPR)several violations of the GDPR. Firstly, the USL had not documented its processing activities as required by Article 30 GDPR, despite the two years between55 KB (8,833 words) - 15:54, 6 December 2023
- AZOP (Croatia) - Decision 30-12-2021 (category Article 5(1)(a) GDPR)had a legal basis under Article 6(1) GDPR to publish the data subject’s personal data, and did not violate Article 5(1)(a) GDPR. In the decision, the Croatian16 KB (2,411 words) - 15:44, 30 October 2023
- Digitaliseringsstyrelsen - Decision against Google of 30 October 2023 (category Article 4(11) GDPR)definition of the concept of consent in the data protection regulation article 4, No. 11. Article 4 of the Data Protection Regulation, no. 11 states that consent52 KB (8,025 words) - 05:01, 23 November 2023
- BVwG - W176 2244407-1/18E (category Article 15(4) GDPR)in Article 23 GDPR. Restrictions on the right to information under Art. 15 GDPR result in particular from the express provision in Art. 15 (4) GDPR that48 KB (7,816 words) - 11:04, 29 July 2022
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SEVENTH: Notification of the aforementioned45 KB (7,135 words) - 13:08, 13 December 2023
- APD/GBA (Belgium) - 11/2019 (category Article 6(4) GDPR)all the requirements, so that there is a violation of Article 30(1)(d) of the DSR and Article 30(1)(g) of the DSR. As regards technical and organisational24 KB (3,844 words) - 16:51, 12 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)none of the exceptions in Article 82 of the Data Protection Act were applicable, and Apple had to obtain consent (Article 4(11) GDPR) before using the identifiers82 KB (13,463 words) - 17:03, 6 December 2023
- Datatilsynet (Denmark) - 2018-423-0018 (category Article 30 GDPR)responsibility under Article 26 GDPR. Categories of data subjects and categories of personal data Pursuant to Article 30 (I) (1) (c) GDPR, a list must contain21 KB (3,119 words) - 16:22, 6 December 2023
- LG Bonn - 29 OWi 1/20 (category Article 83(4) GDPR)states that the party concerned violated Article 83(4)(a) GDPR in conjunction with [Article 32(1) GDPR. Article 32 (1) GDPRby failing, at least with gross58 KB (9,577 words) - 08:06, 16 September 2021
- APD/GBA (Belgium) - 136/2023 (category Article 30(1) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 30(1) GDPR)35.7 of the GDPR; Under Article 100, §ler, 5° of the LCA, to impose a reprimand for violations of Articles 30.1.a} and 30.1.d} of the GDPR. 6. The Contentious83 KB (13,694 words) - 09:53, 14 December 2023
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)according to article 4.1 of the GDPR, are a Personal data and its protection, therefore, is the subject of said Regulation. In the article 4.2 of the GDPR defines74 KB (11,726 words) - 13:02, 13 December 2023
- APD/GBA (Belgium) - 41/2020 (category Article 12 GDPR)data concerning those other persons. On Article 12(4) GDPR: the defendant was found in breach of Article 12(4) GDPR for not mentioning the possibility to7 KB (890 words) - 16:58, 12 December 2023
- CNIL (France) - SAN-2023-025 (category Article 30 GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- AP (The Netherlands) - 11.03.2021 (category Article 4 GDPR)this processing could be based on the Article 6(1)(c) “compliance with a legal obligation” or Article 6(1)(e) GDPR “the performance of a task carried out5 KB (613 words) - 17:06, 12 December 2023
- AEPD (Spain) - PS/00273/2019 (category Article 30(1) GDPR)to article 4.1 of the RGPD, is a piece of information personal and their protection, is therefore the subject of the said Regulation. In Article 4(2) of16 KB (2,359 words) - 14:24, 13 December 2023
- AEPD (Spain) - PS/00397/2019 (category Article 30(1) GDPR)according to Article 12 GDPR and Article 13 GDPR and to maintain a record of the processing activities under its responsibility according to Article 30(1) GDPR18 KB (2,741 words) - 14:34, 13 December 2023
- APD/GBA (Belgium) - 16/2020 (category Article 30(1) GDPR)with Article 30(1) GDPR, despite employing fewer than 250 persons, because of the risk to the rights and freedoms of the data subject (article 30(5) GDPR)3 KB (316 words) - 16:55, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)the inspected with section 4 of chapter 4 of the GDPR. 3. […] the inspectorate [is active in the field of transport] […]. 4. The controlled has approximately66 KB (9,458 words) - 19:42, 4 September 2021
- HDPA (Greece) - 23/2020 (category Article 4(1) GDPR)principle of proportionality (Article 8(1) CFR, Article 9A Greek Constitution, Recital 64 GDPR), underlined that the GDPR totally respects all fundamental9 KB (1,089 words) - 15:35, 6 December 2023
- LG Feldkirch - 57 Cg 30/19b - 15 (category Article 9(1) GDPR)the GDPR, as the data falls under Article 9 GDPR and awarded € 800 in emotional damages. The Austrian Business Code cannot override Article 9 GDPR. There69 KB (11,077 words) - 16:48, 7 March 2022
- DSB (Austria) - 2020-0.191.240 (category Article 4(1) GDPR)follows The appeal is dismissed as unfounded. Legal basis: Article 51(1), Article 57(1)(f) and Article 77(1) of Regulation (EU) 2016/679 (the basic data protection66 KB (10,546 words) - 13:50, 12 May 2023
- Court of Appeal of Brussels - 2022/AR/292 (category Article 30 GDPR)companies that use the TC-string? (Article 4(1) GDPR) 2) a) Is IAB a (joint) controller (Article 4(7) GDPR and Article 24(1) GDPR)? b) Does it matter whether6 KB (675 words) - 09:55, 14 December 2023
- TGI Paris - N° 14/07224 (category Article 5(1)(d) GDPR)* clause n ° 12 regarding - of article 6 and article 32 / II of the Data Protection Act for all contracts, - of article L.132-1 of the Consumer Code in392 KB (67,730 words) - 15:27, 17 March 2022
- EDPB - Binding Decision 1/2021 - 'WhatsApp' (category Article 4(24) GDPR) (section Additional infringement of Article 13(2)(e) GDPR)infringements of Article 12, 13 and 14 of the GDPR only. A limited assessment which, according to Hungarian and Italian DPAs, was faulty. Article 13(2)(e) GDPR provides29 KB (4,384 words) - 16:00, 6 December 2023
- APD/GBA (Belgium) - 24/2021 (category Article 30 GDPR)and transparency (Article 5.1 a) GDPR), purpose limitation (Article 5.1 b) GDPR) and minimum data processing (Article 5.1 c) GDPR); 4) the legal basis for110 KB (18,238 words) - 16:56, 12 December 2023
- APD/GBA (Belgium) - 06/2019 (category Article 5(1)(c) GDPR)(e) and 13(2)(a) GDPR. Thus, it ordered the controller to comply with the GDPR. In addition it fined € 10,000 under Article 58(2)(i) GDPR for the violation20 KB (3,137 words) - 16:51, 12 December 2023
- AP (The Netherlands) - 24.03.2020 (category Article 4(15) GDPR)unlawfully. 2.4 Administrative fine Pursuant to Article 58, paragraph 2, preamble, in conjunction with Article 83, paragraph 4, of the GDPR and article 14, third48 KB (7,461 words) - 17:04, 12 December 2023
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)with the principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of61 KB (10,257 words) - 10:15, 1 November 2023
- AEPD (Spain) - PS/00369/2019 (category Article 30(1) GDPR)inform the affected parties as provided for in Article 12 GDPR and Article 13 GDPR. According to Article 30(1) GDPR a record must be kept by the responsible28 KB (4,371 words) - 14:33, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8393/161/2019 (category Article 30 GDPR)with Article 5 (1) (a) and Article 6 (1) (f) GDPR. Thus, the controller failed to comply with the accountability principle under Article 5 (2) GDPR. Second111 KB (17,604 words) - 13:08, 3 March 2024
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 12(4) GDPR)the rights of the data subject, violated Article 12 of the Decree. Article 15 (4), Article 15 (1) and Article 18 (1) (c) respectively. The Obliged - a60 KB (9,820 words) - 10:08, 17 November 2023
- Recitals GDPR (section Recitals from the GDPR)monitor the functioning of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC. In its adequacy decisions, the Commission182 KB (24,065 words) - 13:40, 9 July 2021
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)they are processed (article 5.1 e) of the GDPR). 8.1.4. As for breaches of Articles 5.2. and 24 of the GDPR 88. Article 24.1 of the GDPR which covers Chapter127 KB (21,484 words) - 17:01, 12 December 2023
- BVwG - W101 2132183-1 and W101 2132039-1 (category Article 4(1) GDPR) (section Use of online tools to provide access in line with Article 12 GDPR)personal data and information under Article 15 GDPR in his Google account, Google has not violated Article 15 GDPR concerning this data/information. As107 KB (17,615 words) - 09:42, 10 September 2021
- AEPD (Spain) - PS/00129/2022 (category Article 83(5) GDPR)RGPD, and for the violation of article 32 of the RGPD, classified in the article 83.4 of the GDPR. The aforementioned initiation agreement was notified22 KB (3,420 words) - 12:59, 13 December 2023
- HDPA (Greece) - 4/2022 (category Article 5(1)(a) GDPR)under Article 35(7) GDPR, for not complying with the principle of transparency under Article 5(1) GDPR and for not anonymising the data under Article 25(1)11 KB (1,274 words) - 10:37, 23 February 2022
- APD/GBA (Belgium) - 73/2020 (category Article 30 GDPR)to keep a register of processing activities of Article 30 GDPR and storage limitation Article 5(1)(e) GDPR. 6) Digital meters The data subject complains93 KB (14,040 words) - 17:00, 12 December 2023
- DSB (Austria) - D122.844/0006-DSB/2018 (category Article 12(5) GDPR)under Article 15 GDPR and demanded free access to the historic bank transaction data. The bank argued that this would be a misuse of Article 15 GDPR and19 KB (2,936 words) - 13:55, 12 May 2023
- APD/GBA (Belgium) - 72/2020 (category Article 5(1)(b) GDPR)measures provided for in Article 100, §1 of the ACL. Pursuant to Article 108, § 1 ACL, this decision may be appealed within 30 days. days, as of the notification34 KB (5,677 words) - 17:00, 12 December 2023
- APD/GBA (Belgium) - 03/2021 (category Article 6(4) GDPR)fulfilled. The school breaches Article 6(1)(b) in combination with Article 6(4) and Article 6(1) Articles 24 and 25 GDPR Furthermore, as the school continued32 KB (4,880 words) - 16:50, 12 December 2023
- APD/GBA (Belgium) - 11/2024 (category Article 5(2) GDPR)established in Article 12(3) and (4) GDPR. Therefore, the Belgian DPA found the controller to have breached Article 15 GDPR in conjunction with Article 12(3) and26 KB (3,856 words) - 08:51, 19 March 2024
- RvS - 201905347/1/A3 (category Article 6(4) GDPR)decision of the Minister is no longer based on Article 17(3) GDPR. Instead the decision is based on Article 6(4) GDPR. However the Minister did not explain well25 KB (3,824 words) - 22:46, 10 October 2020
- APD/GBA (Belgium) - 20/2023 (category Article 2(4) GDPR)objection for data processing under Article 21 GDPR and the principle of liability under Article 2(4) GDPR and Article 24 GDPR. The complainant, the data subject14 KB (1,883 words) - 16:59, 20 March 2023
- Garante per la protezione dei dati personali (Italy) - 9269618 (category Article 5(1)(f) GDPR)an appropriate level of security, as required by article 32, read in conjunction with article 33 GDPR. The Garante examined the notification by the university34 KB (4,967 words) - 15:46, 6 December 2023
- APD/GBA (Belgium) - 137/2022 (category Article 12(4) GDPR)the DPA held that it had violated Article 12(3) GDPR (the controller failed to answer within a month), Article 12(4) GDPR (The controller failed to provide14 KB (1,946 words) - 08:50, 29 June 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)completely determined by it. This already follows from Article 1.3, Article 20.3 and Article 93.1 No. 4a of the Basic Law. According to these, the commitment133 KB (21,944 words) - 15:59, 22 March 2022
- AEPD (Spain) - EXP202105680 (category Article 9 GDPR)very serious in article 72.1. e) from the LOPDGDD, with 10,000 euros. -article 13 of the GDPR, in accordance with article 83.5 b) of the GDPR, and for the66 KB (10,558 words) - 13:14, 13 December 2023
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 1885 KB (13,724 words) - 16:52, 12 December 2023
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 12(5) GDPR)the same search results on the basis of Article 12 (4) GDPR has been rejected by Google . Article 21 (1) of the GDPR provides that a data subject has the34 KB (5,811 words) - 09:44, 8 December 2020
- Garante per la protezione dei dati personali (Italy) - 9269629 (category Article 5(1)(f) GDPR)Consequently, based on Article 83(5)(a) GDPR, the hospital was fined to pay a fine of EUR 30.000,00 for violation of Article 5(1)(f) GDPR. Corrective measures38 KB (5,724 words) - 15:47, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 5(1)(a) GDPR)(referred to in Article 9 of the GDPR) or of "personal data relating to criminal convictions and offenses" (referred to in Article 10 of the GDPR)" ( note cit49 KB (7,758 words) - 15:44, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542155 (category Article 5(2) GDPR)of Bologna for violation of Articles 5(2)(f) and 9 GDPR. On the basis of Articles 58(2)(i) and 83 GDPR, the Garante imposed a fine of € 18 000 on the Local26 KB (4,162 words) - 15:54, 6 December 2023
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG, le règlement s'applique96 KB (15,396 words) - 16:50, 12 December 2023
- CJEU - C-601/20 - SOVIM (category Article 5(1)(b) GDPR)Questions referred Question 1 Is Article 1(15)(c) of Directive (EU) 2018/843, amending the first subparagraph of Article 30(5) of Directive (EU) 2015/8499 KB (1,176 words) - 13:29, 5 January 2024
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results73 KB (11,604 words) - 16:57, 12 December 2023
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(1) GDPR)February 4, 2020) external, unauthorized access from a total of two IP addresses 28 reservations for a total of 30 documents, four times (30 and 31 January67 KB (10,492 words) - 10:11, 17 November 2023
- Datatilsynet (Norway) - 20/01949 (category Article 30 GDPR)transparency, cf. Article 5(1)(a), and accuracy, cf. Article (5)(1)(d), they hadn't recorded the processing activity as required in Article 30, hadn't conducted49 KB (7,572 words) - 16:14, 6 December 2023
- UODO (Poland) - DKN.5112.13.2020 (category Article 5(1)(a) GDPR)in line with the principle of lawfulness in Article 5(1)(a) GDPR, as none of the conditions of Article 6 GDPR were satisfied. The data disclosed in the land60 KB (9,755 words) - 09:58, 17 November 2023
- Datatilsynet (Norway) - 20/02291 (category Article 5(1)(f) GDPR)patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital45 KB (6,645 words) - 14:40, 28 March 2022
- NAIH (Hungary) - NAIH/2020/974/4 (category Article 5(1)(a) GDPR)breach of the General Data Protection Regulation5. Article 5 (1) (a), Article 5 (2) and Article 13 Article 1 (1) to (2). III.3. JogkövetkezményekIII.3.1. The67 KB (10,815 words) - 10:11, 17 November 2023
- OLG Koln - 15 U 45/23 (category Article 16 GDPR)database. The request for erasure under Article 17(1) GDPR is not applicable, because under Article 17(3)(e) GDPR, the processing was necessary for the defence26 KB (4,187 words) - 14:46, 8 May 2024
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)meaning of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2.113 KB (17,325 words) - 08:50, 19 March 2024
- Garante per la protezione dei dati personali (Italy) - 9356568 (category Article 36 GDPR)processing. In accordance with Article 36 GDPR, the Garante must decide on the adequacy of the intended processing under the GDPR. After careful examination71 KB (11,426 words) - 15:49, 6 December 2023
- CNIL (France) - SAN-2023-018 (category Article 31 GDPR)DPO and to cooperate with the DPA, therefore violating Article 31 GDPR and Article 37(1)(a) GDPR. On 2 June 2021, the French DPA (“CNIL”) informed a French22 KB (3,384 words) - 13:25, 24 January 2024
- APD/GBA (Belgium) - 25/2020 (category Article 30 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2021-004 (category Article 7 GDPR)the CNIL informing of their plan for compliance. After the CNIL's answer, on 30 March 2021 Google delivered to the CNIL the necessary information showing8 KB (901 words) - 17:11, 6 December 2023
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)meaning of Article 4. The Dispute Resolution Chamber notes that consulting personal data does constitute processing within the meaning of Article 4(2) of the90 KB (14,937 words) - 12:35, 3 August 2022
- APD/GBA (Belgium) - 42/2020 (category Article 4(7) GDPR)that regard on that article 2.1) GDPR read in conjunction with recital 15 of the GDPR, although an exclusion from the scope of the GDPR provides for files30 KB (4,871 words) - 16:58, 12 December 2023
- obligations under Article 6, §2, al. 5 and Article 9 of the Camera Act 1 2. there is a serious indication that article 6, § 2, al. 4 of the aforementioned35 KB (5,303 words) - 17:01, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542071 (category Article 5(1)(a) GDPR)Garante for the protection of personal data, approved by resolution No. 98 of 4/4/2019, published in G.U. No. 106 of 8/5/2019 and in www.gpdp.it, web doc. No25 KB (3,961 words) - 15:54, 6 December 2023
- APD/GBA (Belgium) - 157/2023 (category Article 21(2) GDPR)answered in accordance with the requirements of Article 12 GDPR and within the time limit set in Article 12(3) GDPR. As the complainant continued to receive marketing17 KB (2,723 words) - 16:34, 26 January 2024
- Garante per la protezione dei dati personali (Italy) - 9429195 (category Article 32 GDPR)the different violations described above. The fine was applied pursuant pre-GDPR legislation, owing to the fact that the breaches and the following notification27 KB (4,203 words) - 15:49, 6 December 2023
- AEPD (Spain) - PS/00183/2022 (category Article 5(1)(d) GDPR)of rectification of Article 16 GDPR and Article 14 of LOPDGDD, the national data protection law, the DPA stated that Article 12(4) LOPDGDD obliges the63 KB (10,203 words) - 13:01, 13 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)the GDPR sees in Individual provisions stipulate a risk-based approach (e.g. Art. 24 Para. 1 and Para. 2, Art. Article 25(1), Article 30(5), Article 32(1)158 KB (26,392 words) - 08:25, 7 June 2023
- DSB (Austria) - D550.038/0003-DSB/2018 (category Article 5(1)(a) GDPR)1 No. 4 DSG 3) a) Section 52 para. 2 no. 7 DSG 2000 in conjunction with § 69 (5) DSG b) Art. 62 Para. 1 No. 4 DSG 4) a) Section 52 para. 2 no. 4 DSG 200031 KB (5,161 words) - 14:02, 12 May 2023
- BVwG - W211 2225136-1 (category Article 5 GDPR)objected to its processing pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore39 KB (6,244 words) - 09:40, 10 September 2021
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)that the controller had not violated Article 45 GDPR nor any of the subsequent Articles from Chapter V of the GDPR. The AEPD took into account that the44 KB (6,642 words) - 10:34, 13 December 2023
- AP (The Netherlands) - AWB-21 3909 (category Article 15(1) GDPR)possible. 1 Article 6:2, preamble and under b, in conjunction with Article 7:1, first paragraph, preamble and under f, of the Awb 2 Article 6:12, second19 KB (3,027 words) - 17:13, 12 December 2023
- CNIL (France) - MED-2019-025 (category Article 30(1) GDPR)obligation to create a record of processing activities, as required by Article 30(1) GDPR. As a consequence, the CNIL addressed a formal notice to the data23 KB (3,471 words) - 17:07, 6 December 2023
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant45 KB (6,780 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00006/2022 (category Article 12 GDPR)violation of the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned54 KB (8,870 words) - 10:43, 13 December 2023
- UODO (Poland) - ZSOŚS.421.25.2019 (category Article 30(1)(d) GDPR)processing activities (Article 30 of Regulation 2016/679), procedures regarding reporting data breaches to the supervisory body (Article 33 (3) of Regulation156 KB (25,012 words) - 10:01, 17 November 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)(definition) Article 4.1: Data subject (definition) Article 4.2: Processing (definition) Article 4.3: Restriction of processing (definition) Article 4.4 : Profiling9 KB (1,251 words) - 12:15, 8 May 2023
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)according to article 4.1 of the RGPD, is data personal protection and their protection, therefore, is the object of said Regulation. Article 4.2 of the RGPD47 KB (7,616 words) - 14:35, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 5(1) GDPR)assignment, for the activities of DPO, pursuant to Article 19, paragraphs 4 and 10 of Legislative Decree 30 March 2001, n. 165, for a period of three years57 KB (9,144 words) - 15:55, 6 December 2023
- Rb. Limburg - C/03/278775 / HA RK 20-119 (category Article 35 GDPR)Pursuant to Article 21(1) of the GDPR, persons such as [the claimant] can object to the processing of their personal data on the basis of Article 6(1)(e) or16 KB (2,580 words) - 10:43, 23 September 2020
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)assessment against the GDPR A. Identification of the controllers involved (Article 4.7 GDPR) 24. In accordance with Article 4.7 GDPR, it must be the controller82 KB (13,250 words) - 16:57, 12 December 2023
- AKI (Estonia) - 2.1.-3/19/4304 (category Article 15(1) GDPR)latter of the possibility to exercise their right of access according to Article 15 GDPR, regardless of the fact that the data controller is a public or private13 KB (2,032 words) - 10:30, 13 December 2023
- AEPD (Spain) - PS/00315/2020 (category Article 28 GDPR)CIF A76539030, for a violation of article 28.3.g) of the RGPD, in accordance with article 83.4 b) of the RGPD, and article 74.k) of the LOPDGDD, with the62 KB (10,401 words) - 14:35, 21 November 2023
- Personvernnemnda (Norway) - PVN-2023-04 (category Article 16 GDPR)data according with Article 16 GDPR as the information was not per se incorrect and thus the first condition under Article 16 GDPR was not met. Given that18 KB (2,845 words) - 10:07, 17 November 2023
- Gerechtshof Amsterdam - 200.258.736/01 (category Article 15 GDPR)the further productions B-30 to B-41 inclusive were received at the Registry of the Court of Appeal by [the appellants]. 1.4 On 2 August 2019 a statement41 KB (7,150 words) - 12:30, 4 October 2021
- AEPD (Spain) - EXP202210237 (category Article 6(1) GDPR)fact that the processing of the controller relied on Article (6)(1)(b) GDPR and Article 6(1)(c) GDPR as legal basis affects the holding of the DPA since32 KB (4,780 words) - 10:44, 13 December 2023
- AEPD (Spain) - PS/00024/2019 (category Article 5(1)(f) GDPR)the principle of confidentiality, namely Article 5(1)(f) GDPR, and thus, it did not comply with Article 5(2) GDPR referred as the principle of "proactive53 KB (8,593 words) - 13:47, 13 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- APD/GBA (Belgium) - 51/2023 (category Article 5(1)(b) GDPR)obligation under Article 37(7) GDPR. The DPA ordered the controller to comply with his obligations under Article 13(1)(b) GDPR and Article 37(7) GDPR and to publish18 KB (2,611 words) - 12:45, 16 June 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)finding under article 15 of the GDR instead of the provisions of article 15 of the GDR. 36, § 4 and § 5 as well as Article 38, § 1 of the Law of 30 July 201852 KB (8,603 words) - 16:55, 12 December 2023
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines75 KB (12,421 words) - 13:23, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 5(1)(f) GDPR)reviewe the security of the data processed by the processor under Article 28(3)(a) and (h) GDPR. For these reasons, the responsibility of the security incident50 KB (8,001 words) - 15:52, 6 December 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD typified in Article 83.5.a) of the RGPD and considered very serious, for the purposes of prescription, in Article 72.139 KB (6,623 words) - 14:08, 13 December 2023
- This article was repealed by Ministerial Decree of 18 October 2020, Article 5 of which reads as follows of Article 4 of the Ministerial Decree of 30 June206 KB (30,485 words) - 09:54, 14 December 2023
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)the processing is based on Article 6(1)(a) or on Article 9, (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the69 KB (11,315 words) - 13:30, 19 January 2022
- over the right to access Article 15 GDPR. A citizen requested a copy of his personal data from a controller under Article 15 GDPR. The controller requested15 KB (2,321 words) - 16:01, 22 March 2022
- AEPD (Spain) - PS/00239/2022 (category Article 15 GDPR)of article 17 of the GDPR. X Classification of the infringement of article 17 of the GDPR The aforementioned infringement of article 17 of the GDPR supposes60 KB (9,630 words) - 12:34, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)controller for the purposes of Article 4(7) GDPR, and Company A was the processor for the purposes of Article 4(8) GDPR. The DPA found that both Companies55 KB (9,079 words) - 16:57, 6 December 2023
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)processing of personal data within the meaning of Article 4 GDPR and is it justified on the basis of Article 6 GDPR? Can the controller raise the argument that73 KB (11,238 words) - 16:59, 12 December 2023
- AEPD (Spain) - PS/00235/2019 (category Article 6(1)(a) GDPR)twenty thousand euros), under¬ Article 6.1 (a) and Article 5.1 (a) of the GDPR, under consideration as ‘very serious’, in¬ Article 71 (1) (a) and (b), respectively24 KB (4,074 words) - 14:21, 13 December 2023
- AEPD (Spain) - PS/00253/2020 (category Article 5(1)(c) GDPR)(hereinafter, LPA- CAP), for the alleged violation of Article 5.1.c) of the RGPD, typified in Article 83.5 of the GDPR. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid22 KB (3,562 words) - 14:22, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9698724 (category Article 5(1)(a) GDPR)Guarantor or to ask to be heard by the Authority (Article 166, paragraphs 6 and 7, of the Code; as well as Article 18, paragraph 1, of Law no. . 689 of 11/24/1981)83 KB (13,648 words) - 11:30, 16 August 2022
- Norges Høyesterett - 2021-2403-A (category Article 4(11) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- UODO (Poland) - ZSPR.421.19.2019 (category Article 4(1) GDPR)connection with Article 31, Article 58(1)(e) and (f) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament29 KB (4,698 words) - 10:02, 17 November 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)and 13 GDPR? Is the information provided to data subjects throughout the subscription process in compliance with the provisions of Article 13 GDPR? Does48 KB (7,404 words) - 17:09, 6 December 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.00085 KB (12,340 words) - 15:30, 19 August 2022
- Garante per la protezione dei dati personali (Italy) - 9440075 (category Article 5(1)(a) GDPR)art. 5 and 6 of the GDPR? The DPA held that Regione Campania violated art 5(1)(a)(c), art. 6(1)(c)(e), art. 6(2) and art. 6(3)(b) GDPR, and concluded that27 KB (4,339 words) - 15:50, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9524194 (category Article 58(2)(f) GDPR)informed of this provision. Pursuant to Article 78 of the Regulation, as well as to Article 152 of the Code and Article 10 of Legislative Decree no. 150 of9 KB (1,280 words) - 15:53, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 4 GDPR)accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently144 KB (23,155 words) - 15:46, 6 December 2023
- Rb. Overijssel - AK 20 1535 (category Article 17(1)(a) GDPR)inviolable. Article 17, paragraph 1, preamble and under d, of the GDPR therefore does not give the claimant a right to erasure. Article 21 of the GDPR 7. On23 KB (3,225 words) - 11:52, 4 October 2021
- Garante per la protezione dei dati personali (Italy) - 9779057 (category Article 4(1) GDPR)without references to names. Moreover, (2) it included health data (Article 4(15) GDPR) as the newsletters were send to patients of the respected medical63 KB (9,916 words) - 11:28, 16 August 2022
- CNIL (France) - SAN-2021-003 (category Article 4(1) GDPR)drones equipped with cameras a personal personal data in the sense of Article 4 GDPR ? Did the Ministry of Interior comply with the French Data Protection39 KB (6,015 words) - 17:11, 6 December 2023
- APD/GBA (Belgium) - 33/2020 (category Article 5 GDPR)by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit39 KB (6,551 words) - 16:56, 12 December 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)out in Article 6 (1) of the GDPR In addition, there is a circumstance within the meaning of Article 9 (2) of the GDPR. (45) Article 9 (2) of the GDPR does72 KB (11,159 words) - 10:09, 17 November 2023
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)point 4.7. of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision79 KB (12,260 words) - 17:00, 12 December 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI and article 4 paragraph 1 SUWI106 KB (14,502 words) - 17:09, 12 December 2023
- AN - 578/2021 (category Article 5(1)(d) GDPR)particular, the following: 4. The processing of personal data violating the principles and guarantees established in article 5 of Regulation (EU) 2016/67926 KB (4,277 words) - 09:18, 26 July 2021
- CJEU - C-77/21 - Digi (category Article 6(4) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing49 KB (7,800 words) - 09:22, 5 January 2024
- AEPD (Spain) - PS/00200/2020 (category Article 6(1) GDPR)punishable under Article 83(4)(a) GDPR. Assessing the circumstances that modify the responsibility contemplated in Article 83(2) GDPR, in this case, the30 KB (4,833 words) - 14:10, 13 December 2023
- AEPD (Spain) - PS/00502/2020 (category Article 21 GDPR)registered on the Robinson List in breach of Article 48(1)(b) LGT and Article 21 GDPR in conjunction with Article 23(4) LOPDGDD. Avilon Center SL made an voluntary23 KB (3,590 words) - 14:45, 13 December 2023
- UODO (Poland) - DKN.5112.7.2020 (category Article 5(1)(a) GDPR)Justification . Pursuant to Article 78 paragraph 1, Article 79 paragraph 1 point 1 and Article 84 paragraph 1 point 1-4 of the Act of 10 May 2018 on the29 KB (4,687 words) - 09:56, 17 November 2023
- Datatilsynet (Denmark) - 2019-31-1713 (category Article 23 GDPR)telecommunication act is lex specialis to the general provision on storage in Article 5 (1)(e) GDPR. On June 2, 2020, the DPA decided on the case, which involved TDC33 KB (5,177 words) - 16:23, 6 December 2023
- complainant's property. On 30 March 2021, the complaint was dismissed by the Front-line Service of the DPA, on the basis of Article 58 and 60 of the Act of12 KB (1,431 words) - 16:45, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9451734 (category Article 9(4) GDPR)to ask to be heard by the Authority, within 30 days (Article 166, paragraphs 6 and 7, of the Code, and Article 18, paragraph 1, by Law No. 689 of 24/11/1981)24 KB (3,697 words) - 15:52, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9685922 (category Article 5(1)(f) GDPR)processing carried out is in violation of Article 5(1)(f) GDPR, Article 25(1) GDPR, Article 32 GDPR and Article 35 GDPR. Especially, the controller cannot exclude119 KB (19,123 words) - 11:29, 16 August 2022
- Garante per la protezione dei dati personali (Italy) - 9445324 (category Article 5(1)(a) GDPR)to ask to be heard by the Authority, within 30 days (Article 166, paragraphs 6 and 7 of the Code, and Article 18, paragraph 1, by Law No. 689 of 24/11/1981)19 KB (2,989 words) - 15:51, 6 December 2023
- AEPD (Spain) - EXP202201987 (category Article 15 GDPR)under Article 15 GDPR, in a timely manner as well as in clear and transparent form. Second, the DPA looked at the right to erasure under Article 17 GDPR21 KB (3,290 words) - 10:50, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861827 (category Article 5(1)(a) GDPR)violated Article 12 GDPR, as it did not facilitate the data subject´s exercise of their rights, especially the right to erasure under Article 17 GDPR. In view87 KB (14,525 words) - 15:45, 6 December 2023
- AKI (Estonia) - 2.1.-3/20/4479 (category Article 5(1)(c) GDPR)representation does not replace Article 9 (2) (a) and (c) consent of the data subject in accordance with Article 7. Article 7 (1) of the ECHR provides that28 KB (4,474 words) - 10:31, 13 December 2023
- Datatilsynet (Denmark) - 2018-7320-0166 (category Article 5(1)(c) GDPR)accordance with Article 12 (2) of the Data Protection Regulation. 6 and Article 5 (2). 1 (c). The Data Inspectorate has hereby emphasized that Article 12 (2) of18 KB (2,773 words) - 16:22, 6 December 2023
- BVwG - W274 2232028-1/3E (category Article 5 GDPR)is only determined by Article 5 et seqq. GDPR. A violation of Article 13 or 14 GDPR can be fined under Article 83(5) GDPR but it does not affect the lawfulness32 KB (5,232 words) - 09:40, 10 September 2021
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- AEPD (Spain) - PS/00245/2019 (category Article 5(1)(a) GDPR)Articles 5(1)(a) GDPR and 13 GDPR. On the other hand, they disagreed with the infringement of Article 5(1)(a) GDPR in relation to Article 9(1) GDPR with regard116 KB (18,941 words) - 14:21, 13 December 2023
- AEPD (Spain) - PS/00385/2020 (category Article 6(1)(a) GDPR)their privacy policy in line with Article 6(1)(a) GDPR within a month. The AEPD also held that URLs 1-4 breached Article 22(2) of the Law 34/2002 (LSSI)55 KB (8,967 words) - 14:33, 13 December 2023
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 90. In addition, a controller102 KB (15,787 words) - 07:39, 6 September 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)obligation of the controller (Article 6 (1) (c)) or to perform a public interest task or exercise public authority paragraph (e)). Article 6 (3) of the Data Protection41 KB (6,555 words) - 08:37, 4 March 2024
- Garante per la protezione dei dati personali (Italy) - 9361186 (category Article 5(1)(c) GDPR)powers delegated to the Guarantor. Pursuant to Article 78 of the RGPD, Article 152 of the Code and Article 10 of Legislative Decree no. 150/2011, an appeal31 KB (5,041 words) - 15:49, 6 December 2023
- RvS - 201906880/1/A3 (category Article 5 GDPR)on Article 6(1)(c) GDPR. In particular, the appellant argued that pursuant to Article 6(3) GDPR, a public interest task under Article 6(1)(c) GDPR must40 KB (6,464 words) - 09:58, 7 July 2021
- Court of Appeal of Brussels - 2020/AR/1111 (category Article 3(1) GDPR)ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of37 KB (5,919 words) - 08:54, 20 August 2021
- Garante per la protezione dei dati personali (Italy) - 9435807 (category Article 5(1)(a) GDPR)provided for by Article 83, paragraphs 4 and 5, of the Regulation. 4. ORDER INJUNCTION FOR THE APPLICATION OF THE PECUNIARY ADMINISTRATIVE SANCTION 4.1. Information58 KB (9,448 words) - 15:50, 6 December 2023
- HDPA (Greece) - 56/2021 (category Article 13 GDPR)accordance with Article 13(58i2) of the GDPR in conjunction with Article 83(1)(a) of the GDPR. 5 of the GDPR, and with Article 21(5) of the GDPR, and with Article54 KB (8,916 words) - 15:22, 22 February 2022
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 5(1)(a) GDPR)on the basis of Article 9 (2) (B) GDPR in conjunction with Article 32 GDPR" (see note cited, p. 4) (see footnote cit., p. 5-8). 1.6. On 4.8.2020, at the33 KB (5,342 words) - 15:52, 6 December 2023
- AEPD (Spain) - PS/00062/2020 (category Article 13 GDPR)breach Article 13 GDPR even if the contact form is not operational? The Spanish DPA (AEPD) held that the defendant, PSI, violated Article 13 GDPR by failing44 KB (7,162 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00117/2022 (category Article 4(11) GDPR)LPACAP), for the alleged violation of article 6 of the RGPD, typified in article 83.5 of the GDPR. SIXTH: On June 30, 2022, the claimed party presented a30 KB (4,623 words) - 12:58, 13 December 2023
- APD/GBA (Belgium) - 05/2021 (category Article 5(1)(f) GDPR)of 25,000 euros (Article 83, paragraph 2 GDPR; Article 100, §1, 13 ° WOG and Article 101 WOG). 18 55. Taking into account article 83 GDPR and the case law60 KB (9,281 words) - 16:50, 12 December 2023
- AP (The Netherlands) - z2018-02009 (category Article 32 GDPR)(hereinafter: the GDPR) applies on 25 May 2018 become. The GDPR imposes the same obligation in Article 32, paragraph 1, as it applied under Article 13 6. The UWV33 KB (5,112 words) - 17:10, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9860461 (category Article 9 GDPR)privacy. Health data are special categories of data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,409 words) - 15:44, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9860487 (category Article 9 GDPR)right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,352 words) - 15:44, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9860513 (category Article 9 GDPR)right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,324 words) - 15:45, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542096 (category Article 12(3) GDPR)a violation of Article 12(3) in relation to Article 15 GDPR. The Garante hence applied an administrative fine as per Article 83(5) GDPR. The amount of21 KB (3,092 words) - 15:54, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9524175 (category Article 5(1)(a) GDPR)Guarantor no. 1/2019 are met. Pursuant to Article 78 of the Regulation, Article 152 of the Code and Article 10 of Legislative Decree no. 150 of 1 September20 KB (3,133 words) - 15:53, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9446730 (category Article 5(1)(e) GDPR)computer was accessed (16.5.2018) (note 1.3.2019, p. 4-5). 1.4. On 17 May 2019, pursuant to Article 166, paragraph 5, of the Code, the Office notified the34 KB (5,420 words) - 15:51, 6 December 2023
- AEPD (Spain) - PS/00025/2019 (category Article 6(1) GDPR)protection of article 11 of Royal Decree-Law 5/2018, once admitted toC / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 4 4/30processing the88 KB (14,301 words) - 13:48, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4282/161/21 (category Article 5(1)(f) GDPR)controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result, the DPA issued56 KB (8,980 words) - 08:47, 4 March 2024
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- AEPD (Spain) - PS/00365/2019 (category Article 31 GDPR)infringement of Article 31 GDPR in conjunction with Article 58(1)(e) GDPR. The AEPD, therefore, agreed to impose a penalty of € 20000 under Article 83(5)(e) GDPR86 KB (14,295 words) - 14:32, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)23Investigation report, page 34, point 4.4.8.1. 24Investigation report, page 34, point 4.4.8.2.1.1 25Investigation report, page 34, point 4.4.8.2.2.1 _______________82 KB (11,472 words) - 16:58, 6 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- AKI (Estonia) - 2.1-1/19/4627 (category Article 6 GDPR)commercial register by law, this does not mean that these data may be Page 4 4 (4) re-use and disclose for any purpose. Data that can be unrestricted reused16 KB (2,456 words) - 10:29, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9685947 (category Article 28 GDPR)therefore lack the implementation of such adequate safeguards and violate Article 32 GDPR. In this regard, the controller has not received any communications115 KB (18,595 words) - 11:30, 16 August 2022
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 37(7) GDPR)Protection Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned56 KB (8,326 words) - 16:57, 6 December 2023
- AEPD (Spain) - PS/00141/2020 (category Article 6(1)(a) GDPR)Judiciales (JAVA). JAVA infringed Article 6(1)(a) GDPR by publishing illegal recordings on its website and also infringed Article 22(2) LSSI due to its cookie26 KB (4,150 words) - 14:05, 13 December 2023
- UODO (Poland) - DKN.5131.6.2020 (category Article 34(4) GDPR)as Article 57 (1) (a), Article 58 (2) (e) and (i), Article 83 (1) - (3) and Article 83 (4) (a) in connection with Article 33 (1) and Article 34 (1), (2)66 KB (10,785 words) - 10:00, 17 November 2023
- NAIH (Hungary) - NAIH/2020/2729/15 (category Article 5(1)(b) GDPR)the existence or absence of a decision in accordance with Article 46, Article 47 or Article 49 (1). in the case of the transmission referred to in the58 KB (9,071 words) - 10:12, 17 November 2023
- AEPD (Spain) - E/08501/2019 (category Article 33 GDPR)NIFA08663619 with address in C/ PINTOR SOROLLA 2-4 - 46002 VALENCIA(VALENCIA) In accordance with the provisions of article 50 of the LOPDGDD, the present resolution20 KB (3,029 words) - 13:42, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445180 (category Article 5(1)(a) GDPR)future incoming communications" (note cit., p. 6). 1.4. On 10 September 2019, pursuant to Article 166, paragraph 5, of the Code, the Office notified the34 KB (5,414 words) - 15:50, 6 December 2023
- AEPD (Spain) - TD/00317/2019 (category Article 12 GDPR)es28001 - Madridsedeagpd.gob.es Page 2 2/6THIRD: On October 30, 2019, in accordance with article 65.4 ofOrganic Law 3/2018, of December 5, on the Protection18 KB (2,591 words) - 14:47, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 7(4) GDPR)time tracking system, due to a lack of compatibility with Article 7(4) and Article 35(9) of GDPR. KEO PLC decided to upgrade its ERP system, whose upgrade56 KB (8,913 words) - 16:52, 6 December 2023
- AEPD (Spain) - PS/00148/2019 (category Article 6 GDPR)violation of Article 7.3 of Organic Law 15/1999, of December 13, of Protection of Personal Data (hereinafter LOPD), typified in the Article 44.4.b) of the48 KB (7,550 words) - 14:05, 13 December 2023
- AKI (Estonia) - 18.02.2022 (category Article 5(1) GDPR)issues a reprimand under Article 58(2)(b) GDPR. After this, the DPA draws attention to the fact that pursuant of Article 5(1)(a) GDPR, data must be processed42 KB (5,838 words) - 10:27, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9538748 (category Article 5(1)(f) GDPR)pursuant to Article 58, paragraph 2, of the Regulation, with this measure. Pursuant to Article 78 of the Regulation, Article 152 of the Code and Article 10 of24 KB (3,672 words) - 15:54, 6 December 2023
- HDPA (Greece) - 20/2020 (category Article 4(15) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9446659 (category Article 5(1)(a) GDPR)powers delegated to the Guarantor. Pursuant to Article 78 of the RGPD, Article 152 of the Code and Article 10 of Legislative Decree no. 150/2011, this measure25 KB (3,911 words) - 15:51, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9440000 (category Article 5(1)(c) GDPR)delegated to the Guarantor, are met. Pursuant to Article 78 of the Regulation, Article 152 of the Code and Article 10 of Legislative Decree no. 150 of 1 September24 KB (3,852 words) - 15:50, 6 December 2023
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- AEPD (Spain) - PS/00215/2020 (category Article 5(1)(c) GDPR)installing surveillance cameras in public spaces without a lawful basis under Article 6 GDPR. An individual lodged a complaint with the Spanish DPA (AEPD) arguing18 KB (2,721 words) - 14:11, 13 December 2023
- AZOP (Croatia) - Decision 04-07-2022 (category Article 6(1) GDPR)space. The DPA found a violation of Article 6(1) GDPR and ordered the controller, pursuant to Article 58(2)(d) GDPR, to adjust the location of the cameras14 KB (2,038 words) - 15:20, 30 October 2023
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)obtained from them, as required under Article 14(1)(a) AVG and Article 14(2)(c)(e) and point (f) AVG; c. article 12 j° article 14 AVG, in view of the defendant62 KB (10,509 words) - 16:58, 12 December 2023
- APD/GBA (Belgium) - 140/2022 (category Article 16 GDPR)of his right to rectification, as referred to in Article 16 of the GDPR. 5. Pursuant to Article 12.3 GDPR, the controller must inform the data subject without17 KB (2,477 words) - 08:51, 29 June 2023
- AEPD (Spain) - PS/00116/2020 (category Article 13 GDPR)"slight" in article 38.4 g), of the aforementioned Law, which may be sanctioned with a fine of up to € 30,000, in accordance with Article 39 of the aforementioned16 KB (2,380 words) - 14:01, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861249 (category Article 5(1)(a) GDPR)should have applied Article 35 GDPR. In light of the above, the Italian DPA used its corrective powers under Article 58(2)(c) and 83 GDPR and fined the controller87 KB (14,104 words) - 15:45, 6 December 2023
- AEPD (Spain) - EXP202201721 (category Article 83(4)(a) GDPR)violated Article 6 and Article 32 GDPR. The DPA seems to consider the authentication procedure itself as "processing" and therefore Article 32 GDPR applies79 KB (12,408 words) - 13:24, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.010.045 (category Article 5(1)(c) GDPR)that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines74 KB (12,375 words) - 10:07, 4 October 2023
- AEPD (Spain) - PS/00351/2019 (category Article 58(2)(c) GDPR)regard to Article 83 (2) (k) of the GDPR, Article 76 of the GDPR, ‘Sanctions and remedial measures’, provides: ‘2. In accordance with Article 83 (2) (k)17 KB (2,739 words) - 14:31, 13 December 2023
- CNIL (France) - MED-2019-027 (category Article 24(1) GDPR)Criminal Procedure, in particular Article 9 thereof; Having regard to the Highway Code, in particular Article L. 130-9, paragraph 4 thereof; Having regard to Law21 KB (3,274 words) - 17:08, 6 December 2023
- Court of Appeal of Brussels - 2019/AR/1006 (category Article 16 GDPR)accordance with Article 4(1) GDPR, according to the DPA. The Court of Appeal of Brussels held that, in accordance with Article 16 GDPR, the data subject59 KB (9,290 words) - 09:10, 5 May 2024
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)the meaning of Art. 4 No. 1 GDPR has a right to information from the person responsible within the meaning of Art. 4 No. 7 GDPR with regard to the processed32 KB (5,093 words) - 16:07, 11 September 2022
- Personvernnemnda (Norway) - PVN-2023-03 (category Article 55 GDPR)unclear, cf. the preparations for the act, Prop. 56 LS (2017-2018) points 4.4.7 and 4.5.7. The question has not previously been put to the fore, and there is19 KB (2,858 words) - 10:06, 17 November 2023
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(4) GDPR)the right of access under Article 15(4) of the GDPR or section 22 of the DDPA can be invoked. It follows from Article 15 (4), that the right to obtain26 KB (3,820 words) - 16:22, 6 December 2023
- HDPA (Greece) - 5/2023 (category Article 6(4) GDPR)fairness and transparency established in Article 5(1)(a) GDPR. Moreover, the DPA found a violation of Article 13 GDPR, since the controller did not correctly5 KB (578 words) - 05:32, 26 April 2023
- AP (The Netherlands) - 25.11.2021 (category Article 5(1)(a) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- AEPD (Spain) - PS/00254/2019 (category Article 4(12) GDPR)infringement of Article 32.1 of the GDPR typified as a serious infringement in Article 73 f) of the LOPDGDD and in Article 83.4 of the GDPR. For its part39 KB (6,341 words) - 14:23, 13 December 2023
- AEPD (Spain) - EXP202202898 (category Article 6(1) GDPR)NIF B67421867, for a infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR, with a a fine of 30,000 euros (thirty thousand euros)34 KB (5,358 words) - 13:16, 13 December 2023
- UODO (Poland) - DKE.561.16.2020 (category Article 31 GDPR)Protection, pursuant to Article 83(3) and Article 83(4)(a) and Article 83(5)(e) of Regulation 2016/679, in conjunction with Article 103 of the Personal Data28 KB (4,490 words) - 09:51, 17 November 2023
- GHSHE (Netherlands) - 200.274.447 01 (category Article 5 GDPR)pay to [the employee] compensation/amount, pursuant to Article 7:683(4) in conjunction with Article 7:682(6) of the Dutch Civil Code, equal to the gross60 KB (10,118 words) - 15:12, 5 October 2021
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant84 KB (12,933 words) - 16:46, 12 December 2023
- ANSPDCP (Romania) - S.C. Viva Credit IFN S.A. (category Article 12(4) GDPR)a violation of GDPR Art. 17 and Art. 12(3) & (4). The National Supervisory Authority found that there had been a violation of the GDPR and imposed a fine4 KB (565 words) - 15:20, 13 December 2023
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- APD/GBA (Belgium) - 48/2021 (category Article 5(1)(a) GDPR)(listed in Article 57 of the GDPR) including that of dealing with complaints (article 57.1.f) of the GDPR) as well as a number of powers (article 58 of the43 KB (6,670 words) - 16:58, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3021/452/2017 (category Article 15(4) GDPR) (section Application of Articles 12 and 15 GDPR to call records)(2016/679) Article 5 (1) (a), Article 12 (1), (2) and (6) , Article 13, Article 15 (1) (h), (3) and (4), Article 58 (2) (c) and (d) subparagraphs Article 34 (1)41 KB (6,220 words) - 09:48, 17 November 2023
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 5(1)(b) GDPR)according to Article 4, point 11, as well as the Restrictions according to Article 7 GDPR. (149) According to Article 5 (1) point b) of the GDPR, personal140 KB (23,189 words) - 08:25, 20 February 2024
- AEPD (Spain) - PS/00299/2019 (category Article 7 GDPR)a san-tion of 30,000 euros (thirty thousand euros), for violation of article 22.2) of the LawLSSI, typified as “slight” in article 38.4.g) of the aforementioned21 KB (3,202 words) - 14:54, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9778094 (category Article 5(1)(a) GDPR)the processing of personal data of the data subject (Article 5(1)(a) GDPR; Article 6 and Article 8 of the Italian Legislative Decree No. 101 of August66 KB (10,708 words) - 11:29, 16 August 2022
- NAIH (Hungary) - NAIH/2020/5911/7 (category Article 12 GDPR)on the basis of the notification, Article 57 (1) f) of the General Data Protection Regulation and Article 38. § Article 1Regulation (EU) 2016/679 of the9 KB (1,337 words) - 10:13, 17 November 2023
- AEPD (Spain) - PS/00214/2022 (category Article 6(1) GDPR)legal bases of contract (Article 6(1)(b) GDPR), legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR) and determined that131 KB (20,916 words) - 12:38, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445567 (category Article 5(1)(a) GDPR)commensurate with the circumstances of the specific case (Article 58, paragraph 2, letter i) of the Regulation). 4. Injunction order. Pursuant to art. 58, par. 216 KB (2,471 words) - 15:51, 6 December 2023
- NAIH (Hungary) - NAIH/2020/2000/5 (category Article 5(1)(a) GDPR)of a Commission decision on adequacy , or in Article 46, Article 47 or the second subparagraph of Article 49 (1) (a) the period for which the personal24 KB (3,815 words) - 10:11, 17 November 2023
- NAIH (Hungary) - NAIH/2020/34/3 (category Article 12(2) GDPR)right of access under Article 15 GDPR? By denying the complainant access, did the respondent infringe Articles 12(1) or 12(2) GDPR? The NAIH that the complainant's48 KB (7,727 words) - 10:11, 17 November 2023
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled27 KB (4,216 words) - 13:26, 8 January 2024
- AEPD (Spain) - EXP202103039 (category Article 13 GDPR)pursuant to Article 13 GDPR. In the present case, the controller omitted this obligation. The DPA therefore held that the controller violated Article 13 GDPR22 KB (3,385 words) - 13:35, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509558 (category Article 5(1)(a) GDPR)Regulation (Article 85) and the Code (Articles 136 et seq.); h) the adoption of suitable measures to eliminate the consequences of the violation (Article 83, paragraph24 KB (3,667 words) - 15:53, 6 December 2023
- AEPD (Spain) - PS/00123/2020 (category Article 5(1)(f) GDPR)for the alleged violation of Article 5.1.f) of the RGPD, in relation to article 5 of the LOPDGDD, as indicated in article 83.5 a) of the RGPD. The telematic21 KB (3,254 words) - 14:02, 13 December 2023
- Commissioner (Cyprus) - Α/Π 68/2017 (category Article 32(4) GDPR)that Cyprus Police was responsible for a violation of Article 32 par.1(b) & (d) and par.(4) GDPR, as a result of the acts and/or omissions of the Police6 KB (649 words) - 16:51, 6 December 2023
- AEPD (Spain) - PS/00422/2018 (category Article 2 GDPR)RETAIL S.L. for alleged infringement of Article 5.1 f) of the GDPR, in accordance with Article 83.5.a) of the GDPR- Initiate sanctioning procedure against25 KB (3,933 words) - 14:37, 13 December 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 83(4)(a) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- HDPA (Greece) - 20/2022 (category Article 12(3) GDPR)violation of article 17 in combination with article 21 par. 3 and article 12 paragraph 3 of the GDPR and article 25 paragraph 1 of the GDPR. For its judgment16 KB (2,374 words) - 11:46, 18 August 2022
- AP (The Netherlands) - 04.11.2019 (category Article 32 GDPR)companies Menzis and VGZ € 50.000 for insufficient security measures under Article 32 GDPR. Translated summary by the AP (The Netherlands): In 2018, the Authority36 KB (5,914 words) - 17:13, 12 December 2023
- AEPD (Spain) - EXP202206542 (category Article 5(1) GDPR)NIF ***NIF.1, in accordance with article 58.2.d) of the GDPR, for a violation of article 13 of the GDPR typified in article 83.5.b) of the aforementioned24 KB (3,749 words) - 13:19, 13 December 2023
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)requests for information according to Article 15(1) GDPR. The ‘Business secrecy’ exception only applied to Article 15(4) GDPR, where a data subject would request59 KB (9,623 words) - 17:03, 6 December 2023
- BVwG - W214 2233132-1/27E (category Article 15 GDPR)2023 standard B-VG Art 133 Paragraph 4 DSG §24 DSG §4 GDPR Art 12 GDPR Art 15 GDPR Art 15 Paragraph 1 litc GDPR Art77 UWG §26b paragraph 1 B-VG Art. 13387 KB (14,194 words) - 10:07, 15 February 2024
- AEPD (Spain) - E/00113/2019 (category Article 4(11) GDPR)unequivocal consent to the processing of his personal data according to Article 4(11) GDPR. The AEPD noted that to determine whether FEDA, having regard to the27 KB (4,497 words) - 13:38, 13 December 2023
- HDPA (Greece) - 20/2021 (category Article 17(1) GDPR)unanimously considers that in accordance with Article 17 in in conjunction with Article 21 para. 3 of the GCP and Article 25 para. 1 of the GCP the conditions for20 KB (2,936 words) - 14:58, 22 November 2021
- Rb. Amsterdam - C/13/692003/HA RK 20-302 (category Article 15(1) GDPR)be regarded as the controller within the meaning of Article 4 under 7 GDPR. The legal framework 4.4. [Applicants] argue that Uber has infringed their right30 KB (4,797 words) - 10:03, 19 May 2021
- IP - 0712-1/2020/1408 (category Article 15 GDPR)person, using Article 15 as their basis. The Slovenian DPA (IP) was asked for an opinion concerning the scope of GDPR Article 15. Within the GDPR, an individual10 KB (1,575 words) - 13:37, 10 August 2021
- Tietosuojavaltuutetun toimisto (Finland) - 6652/154/19 (category Article 17(3)(b) GDPR)necessary according to Article 17(3)(b) GDPR and Article 17(3)(e) GDPR. The controller stated that, according to Chapter 8 Section 1(2)(4) of the Finnish Criminal19 KB (2,951 words) - 12:30, 23 April 2024
- Court of Appeal of Brussels - 2022/AR/953 (category Article 4(11) GDPR)the DPA to issue a referral in order to open an ex officio investigation (Article 63(1) of the Law establishing the Belgian DPA). This referral needs to indicate7 KB (681 words) - 10:43, 15 January 2024
- AEPD (Spain) - PS/00070/2019 (category Article 4(11) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)consent by the data subject in accordance with Article 6 juncto Article 7 of the Regulation? 4° Must Article 17.2 of the General Data Protection Regulation67 KB (10,544 words) - 09:24, 10 September 2021
- UODO (Poland) - DKE.561.2.2020 (category Article 58(1)(e) GDPR)connection with Article 31, Article 58(1)(e) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament and of27 KB (4,390 words) - 09:50, 17 November 2023
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(a) GDPR)directly on the basis of the GDPR, not the register assessed on the basis of Article 30(1) of the GDPR. II.3. Article 6(1)(f) of the GDPR 49. Above, the Disputes43 KB (6,274 words) - 08:57, 29 June 2023
- Datatilsynet (Denmark) - 2020-432-0034 (category Article 5 GDPR)has taken place in accordance with Article 5 (1) of the Data Protection Regulation. Article 32 (1) (f) and Article 35. Below is a more detailed review40 KB (6,369 words) - 16:39, 6 December 2023
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)(definition) Article 4.1: Data subject (definition) Article 4.2: Processing (definition) Article 4.3: Restriction of processing (definition) Article 4.4: Profileing9 KB (1,168 words) - 15:30, 6 December 2023
- UODO (Poland) - DKE.561.11.2020 (category Article 34(4) GDPR)(2), Article 60, Article 101, Article 101a and Article 103 of the Act of 10 May 2018 on personal data protection (Journal of Laws of 2019, item 1781) and46 KB (7,322 words) - 09:51, 17 November 2023
- HDPA (Greece) - 2/2023 (category Article 4(7) GDPR)protected by article 5 par. 1 item a) GDPR, in conjunction with Article 13 GDPR and b) directs a reprimand, according to article 58 par. 2 b) GDPR, to the complained31 KB (5,021 words) - 16:15, 18 July 2023
- NAIH (Hungary) - NAIH/2020/32/4 (category Article 5(1) GDPR)pursuant to Article 4(2) of the GDPR, and the applicant operating and managing the Facebook page is a controller pursuant to Article 4(7) of the GDPR, given75 KB (12,586 words) - 10:10, 17 November 2023
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)perpetrator (Article 83(2) GDPR). Lastly, the amount of the fine shall not exceed the maximum amounts provided for in Articles 83(4) (5) and (6) GDPR. The quantification31 KB (4,973 words) - 16:50, 6 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)that a controller is allowed to reject a request to access under Article 12(5)(b) GDPR as "excessive" if the request's sole purpose is to verify the validity40 KB (6,325 words) - 16:12, 18 May 2022
- decision stated: - Pursuant to Article 100, §1, 9 WOG, to order processing in accordance with with Articles 5.1.f, 5.2, 24 and 32 GDPR, in which in particular24 KB (3,393 words) - 09:25, 10 September 2021
- OGH - 6Ob159/20f (category Article 12(1) GDPR)under Article 15 GDPR to the defendant and requested i.a. information on concrete recipients of their personal data under Article 15(1)(c) GDPR. The defendant22 KB (3,310 words) - 07:44, 5 October 2021
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)year 2005-2006, 29 708, no. 19 (p. 523) Article 4:32 The obligation from this article is taken over from Article 52 of the Wfd. Under Section 14(2) of the91 KB (15,371 words) - 15:11, 5 October 2021
- Garante per la protezione dei dati personali (Italy) - 9468523 (category Article 5(1) GDPR)genetic, psychic, economic, cultural or social identity "(Article 4, par. 1, 1, of the GDPR). The processing of personal data must also take place in compliance22 KB (3,488 words) - 15:52, 6 December 2023
- BVerfG - 1 BvR 2853/19 (category Article 82 GDPR)infringement in the context of Article 82(1) of the GDPR. cc) The answer to the legal question of how Article 82 (1) of the GDPR is to be interpreted against19 KB (3,209 words) - 13:08, 15 September 2021
- AEPD (Spain) - EXP202100282 (category Article 6(1) GDPR)systems of credit information dated March 30, April 22, and May 7, 2021. SECOND: In accordance with article 65.4 of Organic Law 3/2018, of 5 December, Protection27 KB (4,108 words) - 13:32, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- RvS - 201905319/1/A3 (category Article 12(6) GDPR)Act and, subsequently, the GDPR. Request for compensation in case his data is processed unlawfully is also in line with the GDPR. The facts that this may21 KB (3,337 words) - 10:08, 16 December 2020
- GHAL - 200.186.790/01 (category Article 6(1)(b) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- AEPD (Spain) - PS/00430/2020 (category Article 4(11) GDPR)his/her consent. The DPA first outlined Article 6(1)(a) and (b) GDPR, Articles 4(11) GDPR on consent, as well as Article 6 of the Spanish Data Protection Law31 KB (4,738 words) - 14:39, 13 December 2023
- HDPA (Greece) - 22/2023 (category Article 12(2) GDPR)reprimand in accordance with Article 58(2)(b) GDPR for these established violations. The DPA issued an order, as per Article 15(4)(b) of the Greek Law 4624/20195 KB (616 words) - 09:37, 24 October 2023
- under Article 6(1)(f) GDPR is not a valid legal basis for the processing of cookies. The Italian DPA also held that the controller violated Article 122 of57 KB (9,084 words) - 15:11, 13 July 2022
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)2020 – confirmed the GDPR violations and issued a reprimand to the FPS Finance (pursuant to the Belgian Data Protection Act of 30 July 2018, the DPA is124 KB (18,772 words) - 17:01, 12 December 2023
- GHDHA - 200.274.807 / 01 (category Article 6(1)(f) GDPR)her life. Her objection to processing follows from Article 21(1) GDPR. ING argues that Article 21(1) GDPR cannot be relied on in this case because it applies29 KB (4,710 words) - 12:25, 4 October 2021
- Persónuvernd (Island) - 2022020363 (category Article 5 GDPR)and thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing142 KB (22,881 words) - 12:42, 16 January 2024
- Personvernnemnda (Norway) - PVN-2022-19 (category Article 17(1)(a) GDPR)services did not violate the data subject's right to erasure under Article 17 GDPR when refused to delete information on the data subject's ethnicity,23 KB (3,547 words) - 10:05, 17 November 2023
- AEPD (Spain) - PS/00209/2019 (category Article 57(1) GDPR)powers of investigation conferred on the supervisory authorities in Article 57 (1) of the GDPR.Thus, on 31/10/18, an information injunction was sent to the entity26 KB (4,212 words) - 14:10, 13 December 2023
- BVwG (Austria) - W211 2268942-1 (category Article 55(3) GDPR)permissible in accordance with Article 133, Paragraph 4, B-VG.The revision is permitted in accordance with Article 133, Paragraph 4, B-VG. text Reasons for the75 KB (12,118 words) - 15:46, 14 February 2024
- Helsingin hallinto-oikeus (Finland) - H5259/2022 (category Article 6 GDPR)the social and health authority of a city to had breached Article 6 GDPR and Article 10 GDPR by requesting data subjects to provide it with personal data43 KB (6,678 words) - 08:41, 4 March 2024
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)(Articles 83(4) and (5) GDPR) 7.36 The infringement of Article 5(1)(f) GDPR falls within Article 83(5)(a) GDPR, whereas Article 32 falls within Article 83(4)(a)130 KB (21,195 words) - 13:52, 25 April 2021
- AEPD (Spain) - EXP202105923 (category Article 5(1)(d) GDPR)controller violated Article 5(1)(d) GDPR ("accuracy"), but a more natural conclusion would be to find a violation of Article 32(1)(d) GDPR ("adoption of adequate26 KB (3,846 words) - 12:42, 13 December 2023
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)breach of the obligation to inform pursuant to Article 14 of the GDPR 20. According to Article 14 of the GDPR: 1. Where personal data has not been collected48 KB (7,525 words) - 17:02, 6 December 2023
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)"lifting". (4.2) Exclusions (4.2.1) GDPR and AO restrictions 145 According to Art. 15 Para. 1 GDPR, the person concerned (Art. 4 No. 1 GDPR) has a right97 KB (16,519 words) - 09:57, 22 February 2023
- AEPD (Spain) - PS/00483/2020 (category Article 5(1)(f) GDPR)confidentiality established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there32 KB (4,834 words) - 14:43, 13 December 2023
- AEPD (Spain) - PS/00389/2019 (category Article 5 GDPR)of which are typified in article 83.4.a). V The violation of articles 32, 33 and 34 of the RGPD are criminalized in Article 83.4(a) of the said GPRS in the31 KB (4,819 words) - 14:34, 13 December 2023
- EWHC (UK) - Johnson v Eastlight Community Homes Ltd (category Article 82 GDPR)principles to the GDPR; (b) The effect (if any) of the remaining claims Article 5(1)(f) GDPR (the data security principle), the Article 8 claim and46 KB (7,676 words) - 10:45, 7 December 2021
- NAIH (Hungary) - NAIH/2020/193/8 (category Article 12(4) GDPR)been deleted by the employer upon request pursuant to Article 16, Article 17 and Article 5(1)(d) GDPR (inaccuracy of personal data). Therefore, the employer58 KB (9,413 words) - 10:11, 17 November 2023
- VG Potsdam - VG 3 K 1458/19 (category Article 17 GDPR)the alert on the SIS system under Article 17(1)(d) GDPR. The reason for the data subject invoking the GDPR is that Article 53(1) Regulation (EU) 2018/186123 KB (3,560 words) - 14:17, 21 February 2024
- AEPD (Spain) - EXP202315744 (category Article 17 GDPR)provisions of article 55 of the RGPD, the Spanish Agency for Data Protection is competent to perform the functions assigned to it in its article 57, among20 KB (3,052 words) - 08:17, 16 April 2024
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)Hague October 4, 2022, ECLI:NL:GHDHA:2022:2100, para. 3.1-3.13. 4 Conclusion 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Exhibit 4 to the introductory103 KB (17,620 words) - 10:13, 29 November 2023
- OLG Stuttgart - 9 U 34/21 (category Article 82 GDPR)data breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal60 KB (10,254 words) - 11:22, 22 December 2021
- AEPD (Spain) - PS/00448/2020 (category Article 5(1)(f) GDPR)for infringing the following provisions: -Article 17 GDPR – Right to Erasure - €50000 fine -Article 32 GDPR – Failure to implement appropriate technical45 KB (7,217 words) - 14:40, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)lawfulness, the Litigation Chamber concludes that Article 5.1.a. of the GDPR in conjunction with Article 6 of the GDPR have not been complied with with regard to37 KB (5,765 words) - 09:53, 14 December 2023
- BVwG - W211 2210458-1/10 (category Article 4(7) GDPR)lit. a GDPR and Article 62.1 no. 4 DPA and Article 52.2 nos. 4 and 7 DPA 2000. The defendant's general assertions, in particular regarding the coverage92 KB (15,435 words) - 16:00, 22 March 2022
- UODO (Poland) - DKE.561.13.2020 (category Article 31 GDPR)Protection, pursuant to Article 83(3) and Article 83(4)(a) and Article 83(5)(e) of Regulation 2016/679, in conjunction with Article 103 of the Personal Data27 KB (4,446 words) - 09:51, 17 November 2023
- CNIL (France) - Google Analytics (no case number) (category Article 4(7) GDPR)be personal data per Article 4 GDPR. The CNIL then assessed whether the transfers of the data to the US comply with Article 44 GDPR. It considered whether40 KB (5,904 words) - 16:51, 24 February 2022
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)the definitions of the legal concepts that the RGPD indicates in article 4: Article 4 GDPR. Definitions For the purposes of this Regulation, the following287 KB (48,336 words) - 13:53, 13 December 2023
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445550 (category Article 15 GDPR)amount of the fine under Article 83(2) GDPR. The data subjects complains about the violation of its right of access (Article 15 GDPR) by the Istituto Nazionale22 KB (3,478 words) - 15:51, 6 December 2023
- AEPD (Spain) - PS/00120/2020 (category Article 13 GDPR)6www.aepd.es28001 - Madridsedeagpd.gob.es Page 4 4/11FOUNDATIONS OF LAWIBy virtue of the powers that article 58.2 of the RGPD recognizes to each authoritycontrol31 KB (4,808 words) - 14:01, 13 December 2023
- AEPD (Spain) - PS/00390/2019 (category Article 83(4) GDPR)criminal proceedings for the alleged violation of Article 32 of the GDPR, as defined in Article 83.4 of the GDPR. FOURTH:Notified of the abovementioned agreement12 KB (1,838 words) - 14:34, 13 December 2023
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph28 KB (4,527 words) - 15:58, 26 April 2022
- CNIL (France) - SAN-2023-016 (category Article 5(1)(b) GDPR)breached Article 5(1)(b) GDPR. Therefore, the DPA handed down a 'call to order' against the joint controllers for breaching Article 5(1)(b) GDPR, and no27 KB (4,166 words) - 17:06, 6 December 2023
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)the general data protectionArticle 5 (1) (a), Article 5 (2), Article 12 (1) and (4) ofArticle 14, Article 15 and Article 21 (4).1.3. The Authority condemns192 KB (30,170 words) - 10:11, 17 November 2023
- Datatilsynet (Norway) - 21/02873 (category Article 4(16) GDPR)in Article 12(5) GDPR, Article 15(4) GDPR or Article 16 of the Norwegian Personal Data Act were applicable. The DPA ordered the controller (Article 58(2)(d)13 KB (1,583 words) - 16:20, 6 December 2023
- AEPD (Spain) - PS/00128/2020 (category Article 4(13) GDPR)with article 4.1 of the RGPD. As for the fingerprint, it is also data that must be qualified. two as biometric data and in accordance with article 4.14 of39 KB (5,912 words) - 14:02, 13 December 2023
- 3.2.3. To an objection by the BF according to Art 21 GDPR According to Article 21 Paragraph 1 GDPR, every person concerned has the right to object at any30 KB (4,834 words) - 13:14, 10 November 2021
- AEPD (Spain) - EXP202211953 (category Article 5(1)(a) GDPR)adequate information under Article 13 GDPR, and for the processing of personal data in a manner contrary to Article 5(1)(a) of the GDPR. A data subject submitted85 KB (13,042 words) - 12:42, 13 December 2023
- AZOP (Croatia) - Decision 16-11-2021 (category Article 4(1) GDPR)wearing a protective mask did not consitute personal data according to Article 4(1) GDPR because it was impossible for the average person to identify the individual12 KB (1,882 words) - 15:24, 30 October 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- AEPD (Spain) - PS/00326/2020 (category Article 37(1)(a) GDPR)under this article. " III Article 73 of the LOPDDG indicates: "Violations considered serious "Based on what is established in article 83.4 of Regulation14 KB (1,992 words) - 14:29, 13 December 2023
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)with Article 4 WOG. 17. First, it is clear that the content of the disputed e-mail messages constitute personal data within the meaning of Article 4.1. AVG39 KB (6,247 words) - 09:14, 15 November 2023
- AEPD (Spain) - EXP202200436 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: Notification of the aforementioned start-up8 KB (1,143 words) - 13:02, 13 December 2023
- UODO (Poland) - ZSZZS.440.768.2018 (category Article 5(1)(c) GDPR)connection with Article 5 paragraph 1 point c, Article 9 paragraph 1, Article 58 paragraph 2 point f, point g and point i and with Article 83 paragraph 232 KB (5,139 words) - 10:02, 17 November 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)17(1)(c) GDPR, by its logical and systematic context, also applies to the right to object under Article 21(6) GDPR. Pursuant to Article 21(6) GDPR, where personal31 KB (4,648 words) - 13:56, 12 May 2023
- AN - SAN 3073/2022 (category Article 5(1)(c) GDPR)union enshrined in Article 7 of the Spanish Constitution. Therefore, such processing would be lawful in accordance with Article 6(1) GDPR. Share your comments34 KB (5,374 words) - 14:21, 24 November 2022
- AEPD (Spain) - PS/00172/2020 (category Article 6(1) GDPR)claim, a transferred the defendant, in accordance with the provisions of article 65.4 of the Law Organic 3/2018, of December 5, Protection of Personal Data38 KB (6,160 words) - 14:06, 13 December 2023
- AZOP (Croatia) - Decision 17-05-2022 (redirect from AZOP (Croatia) - Usž-27/22-4) (category Article 6 GDPR)consent, in line with Article 6(1)(a) GDPR. The Court recalled that Article 31 of the Croatian Law on the Implementation of the GDPR stipulates that the15 KB (2,261 words) - 15:55, 30 October 2023
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)paragraph 1a Basic Law Article 5(1), first sentence VIG § 1, § 2, § 3, § 4 para. 4, § 5 para. 1, para. 4 p. 1, § 6 para. 1, para. 3, para. 4 Regulation (EU) 2017/62540 KB (6,397 words) - 08:03, 21 March 2022
- AEPD (Spain) - E/07449/2019 (category Article 13 GDPR)accordance with the provisions of Article 37.2 of the LOPD, in the wording given by Article 82 of Law 62/2003, of 30 December, on fiscal, administrative11 KB (1,680 words) - 13:41, 13 December 2023
- CE - 437808 (category Article 83 GDPR)Secondly, under Article 83 of the GDPR: "1. Each supervisory authority shall ensure that administrative fines imposed under this article for violations13 KB (1,928 words) - 09:51, 10 September 2021
- AEPD (Spain) - PS/00430/2018 (category Article 4(7) GDPR)( *** POSITION 1) for an infraction of Article 6.1.f) of the GDPR, in accordance with Article 83.5 of the GDPR ”. In the face of it, no allegations have40 KB (6,508 words) - 14:39, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)provided for in Article 12.3 of the GDPR, nor informed the claimants of a possible reason for its inaction as required by article 12.4 of the GDPR. It also considers76 KB (11,147 words) - 16:58, 6 December 2023
- Court of Appeal of Brussels - 2023/AR/801 (category Article 96 GDPR)Appeal considered that Article 96 GDPR does not provide a time limit for the validity of international agreements concluded prior GDPR and that a ban on some11 KB (1,467 words) - 09:40, 6 July 2023
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a decision107 KB (17,697 words) - 16:52, 12 December 2023
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)accountability pursuant to Article 5(2) UK GDPR because it failed to demonstrate compliance with Article 5(1)(a) and (c) UK GDPR principles of lawfulness129 KB (17,281 words) - 14:57, 10 April 2024
- APD/GBA (Belgium) - 19/2020 (category Article 5(1)(b) GDPR)1 f) GDPR) (and the obligations arising from it – Article 32 GDPR) and the principle of purpose (Article 5 § 1 b) GDPR) which the principle of security39 KB (6,246 words) - 16:55, 12 December 2023
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- AG Pankow - 4 C 199/21 (category Article 15 GDPR)according to Article 82 GDPR. The District Court rejected the claim of the data subject. It held that the controller did not violate Article 15(1) GDPR. It found17 KB (2,569 words) - 07:15, 17 May 2022
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)(articles 12 and 14 of the GDPR); A breach of his right of access (article 15 of the GDPR); A breach of Article 28 of the GDPR with regard to its status72 KB (11,389 words) - 08:59, 20 August 2021
- AEPD (Spain) - PS/00054/2020 (category Article 5(1)(c) GDPR)may be recorded of the data processing, in violation of Article 13 and Article 5 (1) (c) GDPR. The complainant lodged a complaint with the AEPD about the37 KB (6,022 words) - 13:52, 13 December 2023
- AEPD (Spain) - E/03003/2020 (category Article 32(1) GDPR)this data breach a violation of Article 32(1) GDPR? The AEPD concluded that there was no violation of Article 32(1) GDPR, because the company had implemented21 KB (3,039 words) - 13:39, 13 December 2023
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)disregarded the provisions of Article 5-1 e) of the GDPR. C. On the breach of the obligation to inform people 65. Article 13 of the GDPR requires the data controller61 KB (10,028 words) - 17:09, 6 December 2023
- company "bieNNova" infringed Article 21 LSSI (Ley de Servicios de Sociedad de la Información y de Comercio Electronico). Article 21 establishes that it is14 KB (2,070 words) - 13:43, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9795350 (category Article 5(1)(a) GDPR)required by Article 12 GDPR. The DPA clarified that the right of information and the right of access are distinct. An access request under Article 15 GDPR is not90 KB (14,651 words) - 08:07, 5 September 2022
- CNIL (France) - SAN-2023-082 (category Article 9(4) GDPR)etc.). 2.4.1.9. These documents must include all of the information provided for in Article 14 of the GDPR. 2.4.2. Exercise of people’s rights 2.4.2.1. The46 KB (7,106 words) - 17:06, 6 December 2023
- AEPD (Spain) - EXP202105669 (category Article 5(1)(f) GDPR)violation of article 5.1.f) of the GDPR, typified in article 83.5 of the GDPR, a warning sanction and for a violation of article 32 of the GDPR, typified45 KB (6,998 words) - 12:58, 13 December 2023
- AEPD (Spain) - EXP202201247 (category Article 4(11) GDPR)hereinafter, LPACAP), for the alleged violation of article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid17 KB (2,350 words) - 13:17, 13 December 2023
- HDPA (Greece) - 39/2020 (category Article 4(7) GDPR)under the GDPR and needs to establish a valid legal basis to process personal data. Unsolicited political communication is regulated with Article 11 L. 3471/200656 KB (7,755 words) - 15:39, 6 December 2023
- Council of State - 251.378 (category Article 28(1) GDPR)ruling and the GDPR; breach of Article 28 GDPR (the choice of a the processor does not provide sufficient guarantees); breach of Article 32 GDPR (lack of appropriate40 KB (6,324 words) - 15:34, 1 September 2021
- AEPD (Spain) - EXP202208230 (category Article 28(2) GDPR)violation of article 28.2 typified in Article 83.4 a) GDPR. SIXTY THOUSAND EUROS (€60,000) for alleged violation of article 28.3 typified in Article 83.4 a) GDPR45 KB (6,904 words) - 13:12, 13 December 2023
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)pieces also creates aprocessing of personal data within the meaning of Article 4 (2) GDPR.32. However, the Disputes Chamber cannot accept any abuse in this41 KB (6,354 words) - 16:59, 12 December 2023
- HDPA (Greece) - 9/2024 (category Article 5(1)(a) GDPR)and the GDPR, in particular with regard to the competence, tasks and powers of data protection authorities ). 4. In article 4 par. 7 of the GDPR, a data102 KB (17,186 words) - 13:46, 26 April 2024
- AEPD (Spain) - E/01090/2021 (category Article 4(9) GDPR)of the Spanish Agency for Data Protection. II The RGPD defines in its article 4: "1)" personal data ": any information about an identified natural person17 KB (2,544 words) - 13:39, 13 December 2023
- HDPA (Greece) - 12/2024 (category Article 17 GDPR)according to which data subjects may request delisting as under Article 17.1 GDPR. 30. The GDPR therefore changes the burden of proof, providing a presumption37 KB (5,933 words) - 16:53, 19 April 2024
- where, after a data subject makes a complaint under section 165 or Article 77 of the GDPR, the Commissioner- (a) fails to take appropriate steps to respond12 KB (1,722 words) - 14:39, 21 December 2023
- HDPA (Greece) - 11/2024 (category Article 17 GDPR)classified content (index) of the Google search engine. 4. Because according to Article 17 para. 1 of the GDPR, "the data subject has the right to request from36 KB (5,761 words) - 17:19, 22 April 2024
- the terms required by article 22.2. ”, which may be sanctioned nothing with a fine of up to € 30,000, in accordance with article 39 of the aforementioned34 KB (5,222 words) - 12:58, 13 December 2023
- AEPD (Spain) - PS/00410/2019 (category Article 7 GDPR)in the terms required by article 22.2. ”, and may be sanctionednothing with a fine of up to € 30,000, in accordance with article 39 of the aforementioned15 KB (2,192 words) - 14:36, 13 December 2023
- AEPD (Spain) - PS/00003/2020 (category Article 5(1)(c) GDPR)of public space respect Article 5 (1) (c) GDPR? The AEPD held that the installation of a video surveillance system under Article 22 LOPDGDD must always50 KB (7,524 words) - 13:44, 13 December 2023
- DSB (Austria) - 2020-0.083.190 (category Article 82(6) GDPR)amended; Article 82 para 6 of Regulation (EU) 2016/679 (Basic Data Protection Regulation - DSGVO), OJ L 207, 30.12.2009, p. 1. No. L 119 of 4.5.2016, p8 KB (961 words) - 13:48, 12 May 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)violation of article 32, paragraph 1, GDPR and article 13, paragraph 1, sub, GDPR BZ should end these violations as soon as possible. article58, paragraph2179 KB (22,957 words) - 17:07, 12 December 2023
- VG Regensburg - RN 9 K 19.1061 (category Article 2 GDPR)under Article 77(1) GDPR and subsequently the right of judicial remedy against the supervisory authority under Article 78(1) GDPR. Article 79 (1) GDPR provides94 KB (15,537 words) - 09:09, 25 August 2020
- LfDI (Baden-Württemberg) - O 1018/115 (category Article 32(1)(a) GDPR)for indirect determinability: BeckOK Datenschutzrecht Wolff/Brink, DSGVO Article 4 marginal no. 17). Contrary to its obligation as the responsible body, Knuddels13 KB (1,926 words) - 10:22, 17 November 2023
- Datatilsynet (Norway) - 20/02225 (category Article 5(2) GDPR)dissuasive" as per Article 83(1). In addition to a breach of Article 6(1)(f), the lack of organisational measures pursuant to Article 5(2) was weighted45 KB (7,286 words) - 18:55, 5 March 2022