Search results
From GDPRhub
- Article 33 GDPR (category GDPR Articles) (section (3) Minimal requirements of the controller's notification.)respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences54 KB (6,536 words) - 08:22, 16 June 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- commentary under Article 33(3)(a) GDPR. Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 34 GDPR, margin number 11 (C.H. Beck 2020, 3rd Edition). In our37 KB (3,962 words) - 15:20, 16 June 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor should72 KB (9,140 words) - 13:12, 2 June 2023
- Datenschutz-Grundverordnung, Article 7 GDPR, margin number 80 (C.H. Beck, 2nd Edition 2018). Stemmer, in Wolff, Brink, BeckOK Datenschutzrecht, Article 7 GDPR, margin number31 KB (3,489 words) - 16:00, 8 March 2024
- further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- (see Article 52 GDPR) and shall be provided with various competencies (Articles 55, 56 GDPR), tasks (Article 57 GDPR) and powers (Article 58 GDPR). For125 KB (16,328 words) - 16:01, 8 March 2024
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- additional benefit of Article 14(1)(d) GDPR may be questionable, if one agrees that Article 14(1)(c) (see commentary on Article 13(1)(c) GDPR) already requires47 KB (5,644 words) - 17:49, 5 March 2024
- Article 2 GDPR (category GDPR Articles) (section (c) Processing by a natural person in the course of purely personal or household activity)Kühling/Buchner, DSGVO, Article 2 GDPR, margin number 15 (C.H. Beck 2020, 3rd edition). Bäcker, in Wolff, Brink, BeckOK Datenschutzrecht, Article 2 GDPR, margin number34 KB (4,652 words) - 12:07, 12 November 2023
- Article 30 GDPR (category GDPR Articles) (section (c) Categories of data subjects and of personal data)requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- Article 32 GDPR (category GDPR Articles) (section (c) Ability to restore availability and access to personal data in a timely manner)BDSG, Article 32 GDPR, margin number 28 (C.H. Beck 2020, 3rd Edition). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number 29 (C.H. Beck41 KB (5,197 words) - 12:17, 17 April 2024
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- Article 70 GDPR (category Article 70 GDPR) (section (3) Forwarding the opinions, guidelines, and recommendations)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 76 GDPR (category Article 76 GDPR)decisions in Category:Article 76 GDPR Dix, in Kühling, Buchner, DS-GVO BDSG, Article 76 GDPR, margin number 1 (C.H. Beck 2020, 3rd edition). Docksey, in15 KB (787 words) - 08:17, 19 October 2023
- Article 37 GDPR (category GDPR Articles) (section (c) Special category or data relating to criminal convictions and offences)categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- decisions in Category:Article 26 GDPR Petri, in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 26 GDPR, margin number 12 (C.H. Beck 2019).37 KB (3,915 words) - 12:49, 24 May 2023
- Article 42 GDPR (category GDPR Articles) (section (3-4) Certification as a voluntary act that does not reduce compliance obligations)or processor should be approved pursuant to Article 58(3) GDPR, or by the EDPB pursuant to Article 63 GDPR. Where such an approval takes place through27 KB (2,452 words) - 14:26, 28 July 2023
- Article 89 GDPR (category Article 89 GDPR) (section (3) Derogations are Possible for Archiving Purposes in the Public Interest)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- Article 97 GDPR (category Article 97 GDPR)years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the16 KB (778 words) - 08:24, 19 October 2023
- consent under Article 7(3), object under Article 21 GDPR or if the processing is in fact compliant with the principles of Article 5(1) GDPR. Simply listing71 KB (9,532 words) - 13:30, 6 March 2024
- Regulation (GDPR), Article 82 GDPR, p. 1162, 1164, 1175. (Oxford University Press 2020); Quaas, in BeckOK DatenschutzR, Article 82 GDPR, margin number 3 (C.H. Beck33 KB (4,215 words) - 09:57, 19 March 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)out pursuant to Article 83(1) GDPR. This part of Article 83 concerns the principle of "unity of action" (see above). With Article 83(3) GDPR, the legislator55 KB (7,622 words) - 14:04, 7 November 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 6 (C.H. Beck20 KB (1,347 words) - 14:21, 17 October 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- Article 69 GDPR (category Article 69 GDPR)BDSG, Article 69 GDPR, margin number 4 (C.H. Beck 2020, 3rd edition). Dix in Kühling, Buchner, DS-GVO BDSG, Article 69 GDPR, margin number 5 (C.H. Beck18 KB (1,327 words) - 12:36, 14 December 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- Article 59 GDPR (category GDPR Articles)BDSG, Article 59 GDPR, margin number 4 (C.H. Beck 2020). Boehm, in Kühling, Buchner, DS-GVO BDSG, Article 59 GDPR, margin number 7 (C.H. Beck 2020, 3rd Edition)15 KB (718 words) - 15:31, 19 October 2023
- Article 19 GDPR (category GDPR Articles)relying on another legal basis under Article 6 GDPR, or can use either of the exceptions under Article 17(3) GDPR, the processing can carry on. The controller19 KB (1,436 words) - 12:35, 12 May 2023
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 93 GDPR (category Article 93 GDPR) (section (3) Urgency procedure under Article 8 of Regulation (EU) No. 182/2011)organisation), Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats17 KB (1,096 words) - 08:19, 19 October 2023
- Article 73 GDPR (category Article 73 GDPR)Datenschutzrecht, Article 73 GDPR, margin number 3 (C.H. Beck 2019, 1st edition). Nguyen, in Gola, DS-GVO, Article 73 GDPR, margin number 2 (C.H. Beck 201819 KB (1,530 words) - 14:23, 12 October 2023
- Article 74 GDPR (category Article 74 GDPR)Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C.H. Beck15 KB (808 words) - 09:44, 17 October 2023
- Regulation, Article 68 GDPR, margin number 3 (C.H. Beck 2023, 1st edition). Albrecht in Ehmann, Selmayr, Article 68 GDPR, margin number 1 (C.H. C.H. Beck 201820 KB (1,632 words) - 10:01, 11 October 2023
- Article 16 GDPR (category GDPR Articles)dnung, Article 16 GDPR, margin number 18 (C.H. Beck 2018, 2nd Edition). For further information, please refer to Article 18 GDPR. CJEU, Case C-434/16,23 KB (2,489 words) - 23:24, 6 March 2024
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 38 GDPR (category GDPR Articles) (section (3) Independence, no retaliation, direct communication with management)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 66 GDPR (category Article 66 GDPR) (section (3) Adoption of a final decision of the EDPB without provisional measures)derogation from Article 64(3) and Article 65(2), an urgent opinion or an urgent binding decision referred to in paragraphs 2 and 3 of this Article shall be adopted20 KB (1,590 words) - 16:11, 2 November 2023
- Article 64 GDPR (category Article 64 GDPR) (section (3) Conditions for the adoption of the opinion and timeline)Regulation; (c) aims to approve the criteria for accreditation of a body pursuant to Article 41(3) or a certification body pursuant to Article 43(3); (d) aims23 KB (2,079 words) - 16:07, 2 November 2023
- Article 46 GDPR (category GDPR Articles) (section (c) Standard data protection clauses adopted by the Commission under Article 93(2))access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)Gola, DS-GVO, Article 4 GDPR, margin number 106 (C.H. Beck 2018). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November25 KB (2,418 words) - 14:11, 24 May 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)BDSG, Article 92 GDPR, margin number 8 (C.H. Beck 2020, 3rd Edition). Herbst in Kühling, Buchner, DS-GVO BDSG, Article 92 GDPR, margin number 13 (C.H. Beck19 KB (1,525 words) - 08:18, 19 October 2023
- Article 98 GDPR (category Article 98 GDPR)Regulation. Noting that a broader reading of Article 98 GDPR is supported by the wording of Article 2(3) GDPR, which provides that: 'For the processing of15 KB (943 words) - 09:58, 8 November 2023
- Article 77 GDPR (category GDPR Articles)subject (Article 57(3) GDPR). Pötters, Werkmeister in Gola, DS-GVO, Article 77 GDPR, margin number 4 (C.H. Beck 2022, 3rd edition). CJEU - C-132/21 - Nemzeti33 KB (3,641 words) - 09:51, 19 March 2024
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 60 GDPR (category GDPR Articles) (section (3) Duty of lead supervisory authority (LSA) to communicate the relevant information and submit a draft decision)resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- Article 72 GDPR (category Article 72 GDPR)DS-GVO BDSG, Article 72 GDPR, margin number 5 (C.H. Beck 2020, 3rd edition). Nguyen in Gola, DS-GVO, Article 72 GDPR, margin numbers 1-2 (C.H. Beck 201822 KB (2,266 words) - 08:26, 17 October 2023
- processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e) GDPR)31 KB (3,646 words) - 08:51, 21 July 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)and (3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5)32 KB (3,730 words) - 08:43, 7 March 2024
- which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Category:Article 11 GDPR Georgieva, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 11 GDPR, p. 39520 KB (1,854 words) - 16:32, 8 March 2024
- use of trusted third party verification services. Article 8(3) GDPR makes it clear that Article 8(1) GDPR only refers to consent, not to the object of the19 KB (1,335 words) - 13:56, 24 October 2023
- Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p29 KB (2,823 words) - 15:15, 28 April 2022
- DSGVO, Article 81 GDPR, margin number 3 (Jan Sramek 2021). Bergt in Kühling, Buchner, DS-GVO BDSG, Article 81 GDPR, margin number 5 (C.H. Beck 2020, 3rd edition)27 KB (2,619 words) - 14:52, 16 November 2023
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 90 GDPR (category Article 90 GDPR)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- Datenschutzrecht, Article 80 GDPR, margin number 5 (C.H. Beck 2019); Bergt in Kühling, Buchner, DS-GVO BDSG, Article 80 GDPR, margin number 4 (C.H. Beck 2020, 3rd edition)26 KB (2,575 words) - 15:50, 9 November 2023
- opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)under Article 79 GDPR – or both. This flexibility allows for parallel proceedings under both Article 77 GDPR and under Article 79 GDPR. As the GDPR foresees31 KB (3,550 words) - 11:11, 29 November 2023
- Article 41 GDPR (category GDPR Articles) (section (c) Established procedures and structures for complaints handling)clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- to Article 57 GDPR and for their powers please refer to Article 58 GDPR. See Recital 122 GDPR. In this respect, reference should be made to Case C‑288/1229 KB (2,894 words) - 23:06, 1 April 2024
- Article 78 GDPR (category GDPR Articles) (section (3) Competent courts and national procedural requirements)BDSG, Article 78 GDPR, margin number 6 (C.H. Beck 2020, 3rd edition); Körffer in Paal, Pauly, DS-GVO BDSG, Article 78 GDPR, margin numbers 3-5, (C.H. Beck30 KB (3,874 words) - 10:46, 7 December 2023
- all related decisions in Category:Article 3 GDPR EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1)37 KB (4,635 words) - 13:29, 24 October 2023
- limit the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- Article 49 GDPR (category GDPR Articles) (section (c) Necessary for the Conclusion or Performance of a Contract Concluded in the Interest of the Data Subject)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- Kühling, Buchner, DS-GVO BDSG, Article 35 GDPR, margin number 18 (C.H. Beck 2020, 3rd Edition). Furthermore, Article 39(1)(c) assigns the duty to the DPO52 KB (7,297 words) - 08:05, 18 July 2023
- Article 43 GDPR (category GDPR Articles)Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU, Case C‑28/08, European22 KB (2,177 words) - 10:01, 19 March 2024
- Article 65 GDPR (category GDPR Articles) (section (c) Decision after an opinion of the EDPB not requested or followed by supervisory authority (SA))lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- Article 54 GDPR (category GDPR Articles) (section (c) The rules and procedures for the appointment of SA members)provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- Article 61 GDPR (category Article 61 GDPR) (section (3) Requirements of an assistance request and limitation of utilization of requested information)standards of clarity (Article 61(3) GDPR). Requests are imperative and, subject to specific exceptions (Article 61(4) and (5) GDPR), must be fulfilled and24 KB (2,181 words) - 11:46, 15 January 2024
- EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph 3, or other information43 KB (5,641 words) - 14:58, 28 April 2022
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- refusal to take action on a data subject’s request (Article 12(4)). The first sentence of Article 20(3) GDPR clarifies that the exercise of the right to data40 KB (5,349 words) - 07:05, 1 June 2023
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- complaint with the CNIL regarding an alleged infringement of the GDPR. According to Article 10 of the Decree n°2019-536, the complaint will be deemed rejected8 KB (824 words) - 22:52, 27 February 2024
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(1)(c) GDPR)Protection Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and 35, para48 KB (7,442 words) - 10:24, 12 September 2022
- LG Köln - 33 O 376/22 (category Article 46(2)(c) GDPR)protection within the meaning of Article 45 of the GDPR and without appropriate safeguards within the meaning of Article 46 of the GDPR. Furthermore, the plaintiff66 KB (9,990 words) - 12:30, 29 January 2024
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- HDPA (Greece) - 33/2020 (category Article 17(3)(e) GDPR)violation of Articles 5,15 GDPR, 33 Law 4624/2019. Thus, the HDPA, making use of its corrective powers of Article 58(2)c GDPR, ordered the College to provide20 KB (2,270 words) - 15:37, 6 December 2023
- UODO (Poland) - DKN.5131.6.2020 (category Article 33(1) GDPR)as Article 57 (1) (a), Article 58 (2) (e) and (i), Article 83 (1) - (3) and Article 83 (4) (a) in connection with Article 33 (1) and Article 34 (1), (2)66 KB (10,785 words) - 10:00, 17 November 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(1)(a) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- CNIL (France) - SAN-2020-014 (category Article 33 GDPR)breach of Article 32 of the GDPR has occurred. B. On the failure to notify the data breach to the CNIL 32. Pursuant to Article 33 (1) of the GDPR, in the26 KB (4,050 words) - 17:10, 6 December 2023
- BVwG - W258 2217446-1 (category Article 17(3) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO,79 KB (12,652 words) - 09:41, 10 September 2021
- HDPA (Greece) - 28/2023 (category Article 58(2) GDPR)council in Greece to cease their processing activities, under Article 58(2) GDPR and Article 15(8) of Law 4624/2019, because of an unresolved data breach9 KB (1,211 words) - 20:32, 8 January 2024
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(c) GDPR)data in violation of the Privacy Ordinance, Article 5 (1) (a) and (c), Article 6, Article 12 (1) and Article 13. The Authority requested in the notification31 KB (5,018 words) - 18:44, 5 March 2022
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)Breyer, C-582/14, EU:C:2016:779, paras 45–46. 10 ECJ judgment M.I.C.M, C-597/19, EU:C:2021:492, paragraphs 102–104 and Breyer judgment, C-582/14, EU:C:2016:779121 KB (13,722 words) - 15:16, 5 July 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- APD/GBA (Belgium) - 33/2020 (category Article 5(1)(c) GDPR)by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit39 KB (6,551 words) - 16:56, 12 December 2023
- Datatilsynet (Denmark) - 2020-442-8866 (category Article 34(3)(c) GDPR)plastic applied the text "shredding". 4.2. Article 33 of the Data Protection Regulation It follows from Article 33 (1) of the Data Protection Regulation 120 KB (3,045 words) - 16:40, 6 December 2023
- AEPD (Spain) - PS/00152/2020 (category Article 33 GDPR)foundation was responsible for violating Article 33 GDPR, and issued it with a warning pursuant to Article 58(2)(b) GDPR. The AEPD did not find the former Secretary27 KB (4,243 words) - 14:06, 13 December 2023
- HDPA (Greece) - 35/2023 (category Article 33(1) GDPR)authority under Article 33 GDPR. First, the Hellenic Data Protection Authority established the violation of Article 5(1)(a) and (f) GDPR, committed through52 KB (8,460 words) - 10:54, 10 January 2024
- HDPA (Greece) - 36/2022 (category Article 33 GDPR)the Article 33 GDPR. The DPA also ordered the controller to communicate the data breach to the affected data subjects pursuant to Article 34 GDPR. The11 KB (1,522 words) - 09:35, 13 September 2022
- Garante per la protezione dei dati personali (Italy) - 9445796 (category Article 5(1)(c) GDPR)of the GDPR mentioned in Article 5, namely the limitation of purpose and the minimization of data, as well as the national legislation (d.lgs. 33/2013)16 KB (2,430 words) - 15:51, 6 December 2023
- AEPD (Spain) - PS/00179/2020 (category Article 33 GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 33 GDPR)theRundfunk etc. , C-465/00, C-138/01 and C-139/01, EU: C: 2003: 294, paragraph 65, and of 1 May 2014, GoogleSpain and Googie. C-131/12, EU: C: 2014: 317, paragraph61 KB (9,412 words) - 16:52, 6 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 28(3) GDPR)data breach and at least the data and measures referred to in Article 33(3)(b), (c) and (d). 3. The communication to the person concerned referred to in paragraph35 KB (5,526 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00268/2022 (category Article 33 GDPR)infringement of Article 5.1.f) of the RGPD, Article 33 of the RGPD, Article 25 of the RGPD and Article 32 of the RGPD, typified in Article 83.5 of the RGPD63 KB (9,551 words) - 12:33, 13 December 2023
- ANSPDCP (Romania) - 03.11.2023 (redirect from ANSPDCP (Romania) - 3.11.2023) (category Article 33 GDPR)violation of Article 33 GDPR. The DPA imposed a fine of EUR 3,0000 for breach of Article 32 GDPR and a warning for breach of Article 33 GDPR. Also, the DPA6 KB (766 words) - 15:14, 13 December 2023
- AEPD (Spain) - PS/00389/2019 (category Article 33 GDPR)contain at least the information and measures referred to in Article 33(3)(b), (c) and (d). 3. The communication to the person concerned referred to in paragraph31 KB (4,819 words) - 14:34, 13 December 2023
- BAC (Bulgaria) - 2606/2021 (category Article 33 GDPR)CPDP issued NRA an order under Article 58(2)(d) supra Article 57(1)(a) and Article 83(2)(a), (c), (d), (f) and (g) of the GDPR for undertaking suitable technical13 KB (1,761 words) - 09:58, 14 December 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)for more details. Article 2: Material scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal data9 KB (1,251 words) - 12:15, 8 May 2023
- GHAL - 200.307.462 (category Article 10 GDPR)the data under Article 10 GDPR. The Court rejected an argument from Brein that article 6:162 BW could be used besides Articles 32 and 33 UAVG to provide28 KB (4,573 words) - 10:04, 14 December 2023
- Garante per la protezione dei dati personali (Italy) - 9304448 (category Article 5(1)(c) GDPR)principles of purpose limitation and data minimization under Article 5(1)(b) and (c) GDPR. A request of civic access was presented to the Udine City Council13 KB (2,045 words) - 15:48, 6 December 2023
- Datatilsynet (Denmark) - 2020-441-4364 (category Article 33 GDPR)to the description requirement in Article 33, para. 3. 3.3. Article 34 of the Data Protection Regulation and Article 5 (1) 1, letter a. Assessment of the33 KB (5,347 words) - 16:39, 6 December 2023
- Datatilsynet (Denmark) - 2019-441-1581 (category Article 34 GDPR)and at least contain the information and measures referred to in Article 33 (2). 3 (b), (c) and (d). The deadline for compliance is January 7, 2020 . The24 KB (3,365 words) - 16:37, 6 December 2023
- AEPD (Spain) - PS/00028/2022 (category Article 33 GDPR)information that it deems pertinent, in accordance with Article 89.2 of the LPACAP. C.C.C. INSPECTOR/INSTRUCTOR C/ Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd58 KB (9,301 words) - 12:39, 13 December 2023
- ANSPDCP (Romania) - Actamedica SRL (category Article 12(3) GDPR)regards to the security incident, in breach of Article 33 GDPR, for which the controller was fined RON 4,918.3 (approximately €1,000). Furthermore, the DPA7 KB (900 words) - 15:23, 13 December 2023
- UODO (Poland) - DKN.5131.7.2020 (category Article 33(3) GDPR)breach and had failed to do so within the timeframe set out in Article 33(1) of the GDPR, meaning that the company had breached this provision. Consequently50 KB (8,066 words) - 10:00, 17 November 2023
- UODO (Poland) - DKN.5131.5.2020 (category Article 33(1) GDPR)subjects, according to Article 33(1) GDPR and Article 34(1) GDPR? The PUODO held that the insurance company infringed the GDPR provisions, failing to notify47 KB (7,608 words) - 10:00, 17 November 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 33(1) GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023
- HDPA (Greece) - 55/2021 (category Article 33 GDPR)Ministry of Tourism violated Article 33 GDPR by failing to report the aforementioned data breach, and Article 37(1) GDPR by not appointing a DPO (at the65 KB (10,533 words) - 10:28, 27 January 2022
- AEPD (Spain) - EXP202104006 (category Article 33 GDPR)A80907397, for the alleged violation of Article 32 of the RGPD, typified in the Article 83.4 of the GDPR. SECOND: APPOINT C.C.C. as instructor. and, as secretary31 KB (4,578 words) - 12:11, 6 March 2024
- UODO (Poland) - DKN.5131.31.2021 (category Article 28(3) GDPR)violated Article 33(1) GDPR by failing to inform the DPA of the data breach. Second, the DPA held that the controller violated Article 28(1), (3) and (9)105 KB (17,237 words) - 09:22, 10 May 2023
- Garante per la protezione dei dati personali (Italy) - 9269618 (category Article 33 GDPR)2-ter, paragraphs 1 and 3, of the Code and art. 6, par. 1, lett. c) and e), par. 2 and par. 3, lett. b) of the Regulations; c) in violation of the "more34 KB (4,967 words) - 15:46, 6 December 2023
- APD/GBA (Belgium) - 170/2023 (category Article 33 GDPR)accordance with Article 33 GDPR to the Belgian DPA. Nonetheless, there were suspicions that the controller did not comply with Article 32 GDPR. Especially24 KB (3,525 words) - 15:29, 26 January 2024
- AP (The Netherlands) - 10.12.2020 (Booking.com) (category Article 33(1) GDPR)referred to in Article 33(1) of the AVG.15 15 File note 1, Notification of personal data breach 7-2-2019. P 5. 3.4.3 Assessment Article 33(1) of the AVG77 KB (12,915 words) - 17:15, 12 December 2023
- APD/GBA (Belgium) - 05/2021 (category Article 33 GDPR)Joined cases C-293/12 and C-594/12, ECLI: EU: C: 2014: 238, r.o. 27. Decision on the merits 05/2021 - 15/22 39. Article 33 (1) of the GDPR states: “If there60 KB (9,281 words) - 16:50, 12 December 2023
- AEPD (Spain) - EXP202200399 (category Article 33 GDPR)this an aggravating factor. Finally, the DPA found that a violation of Article 33 GDPR. The DPA stated that the controller knew it had suffered a data breach10 KB (1,343 words) - 13:13, 13 December 2023
- DSB (Austria) - 2021-0.586.257 (category Article 46(2)(c) GDPR)question if Google LLC violated Articles 5 et seqq. GDPR in connection with Article 28(3)(a) and Article 29 GDPR. The DSB fully upheld the complaint with regard108 KB (17,097 words) - 13:52, 12 May 2023
- AP (The Netherlands) - 16.06.2020 (category Article 33(1) GDPR)2020 [CONFIDENTIAL] 3.3 Report obligation in connection with personal data on AP 3.3.1 Breach of Personal Data On the basis of Article 33, first paragraph54 KB (8,224 words) - 17:07, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9440000 (category Article 5(1)(c) GDPR)violation of Article 6, paragraph 1, letter c) and e), paragraph 2 and paragraph 3, letter b), of the Regulation and Article 19, paragraph 3, of the Code24 KB (3,852 words) - 15:50, 6 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 35(1) GDPR)regulation[1] article 5, subsection 2, cf. Article 5, subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1117 KB (18,075 words) - 10:19, 12 September 2022
- ANSPDCP (Romania) - 12.01.2023 (category Article 33 GDPR)(controller) notified the Romanian DPA of two data breaches in line with Article 33 GDPR. Following the notifications, the DPA launched an investigation which5 KB (613 words) - 15:13, 13 December 2023
- AEPD (Spain) - E/08452/2019 (category Article 33 GDPR)found that there had been a “personal data breach” pursuant to Article 4 (12) of the GDPR as a result of the publication on the municipal website regarding11 KB (1,651 words) - 13:42, 13 December 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)pénalité), C-439/19, EU:C:2021:504, paragraph 61, judgment Nowak, C-434/16, EU:C:2017:994, paragraph 33 and judgment Rijkeboer, C-553/07, EU:C:2009:293,131 KB (14,752 words) - 08:36, 5 July 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg81 KB (11,895 words) - 16:58, 6 December 2023
- AEPD (Spain) - E/08158/2019 (category Article 33 GDPR)The AEPD approved a transport hub's compliance with Articles 32 and 33 GDPR after having used its investigation powers. After a security guard of Madrid’s14 KB (2,108 words) - 13:41, 13 December 2023
- AEPD (Spain) - E/08501/2019 (category Article 33 GDPR)supervisory authority, and in accordance with the provisions of Article 47 of Organic Law 3/2018, of December 5, on Personal Data Protection and Guarantee20 KB (3,029 words) - 13:42, 13 December 2023
- APD/GBA (Belgium) - 07/2021 (category Article 33 GDPR)infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been72 KB (11,208 words) - 16:51, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9361186 (category Article 5(1)(c) GDPR)the Municipality lawful in accordance with Articles 5(1)(c), 6(1)(c), (e), 6(2), and 6(3)(b) GDPR? The DPA held that the disclosure of the personal data31 KB (5,041 words) - 15:49, 6 December 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could be asserted by way39 KB (6,362 words) - 14:01, 22 June 2023
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 4(11) GDPR)addresses that the Medical List does today, cf. GDPR Article 4, No. 11, Article 6 No. 1 letter a, Article 7 and Article 9 No. 2 letter a If current practice is144 KB (23,058 words) - 18:48, 5 March 2022
- AEPD (Spain) - E/08205/2019 (category Article 33 GDPR)supervisory authority, and in accordance with the provisions of Article 47 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and the17 KB (2,577 words) - 13:42, 13 December 2023
- AEPD (Spain) - E/05724/2019 (category Article 33 GDPR)supervisory authority, and in accordance with the provisions of Article 47 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and the14 KB (2,124 words) - 13:40, 13 December 2023
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)three years, which was in violation of Article 12(3) GDPR. The DPA also determined a violation of Article 17(1)(a) GDPR, because data subject's e-mail accounts59 KB (9,623 words) - 17:03, 6 December 2023
- AEPD (Spain) - PS/00254/2019 (category Article 33(1) GDPR)infringement of Article 32.1 of the GDPR typified as a serious infringement in Article 73 f) of the LOPDGDD and in Article 83.4 of the GDPR. For its part39 KB (6,341 words) - 14:23, 13 December 2023
- CNIL (France) - SAN-2020-015 (category Article 33(1) GDPR)private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA29 KB (4,374 words) - 16:03, 19 January 2024
- UODO (Poland) - DKN.5101.25.2020 (category Article 33(1) GDPR)contain at least the information and measures referred to in Art. 33 paragraph. 3 lit. b), c) and d) of Regulation 2016/679 (see table), that is: a) the name63 KB (10,088 words) - 09:52, 17 November 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)controller (Article 24 GDPR), security of processing (Article 32 GDPR) and reporting a personal data breach to the supervisory authority (Article 33 GDPR) 79.82 KB (13,250 words) - 16:57, 12 December 2023
- HDPA (Greece) - 44/2019 (category Article 33 GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)subjects required by Article 12.2. of the GDPR. 8.1.3. As for the breach of the principle of minimization (article 5.1 c) of the GDPR) 8.1.3.1. In view of the127 KB (21,484 words) - 17:01, 12 December 2023
- CNIL (France) - SAN-2020-008 (category Article 17(1)(c) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 46(2)(c) GDPR)II.3.3. Regarding the scope of Art. 44 ff GDPR: If the following three requirements are met, there is a transfer and Chapter V (Art. 44 ff) GDPR is applicable158 KB (26,392 words) - 08:25, 7 June 2023
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)pénalité), C-439/19, EU:C:2021:504, paragraph 61, judgment Nowak, C-434/16, EU:C:2017:994, paragraph 33 and judgment Rijkeboer, C-553/07, EU:C:2009:293,113 KB (12,773 words) - 15:20, 6 December 2023
- AEPD (Spain) - PS/00274/2020 (category Article 21 GDPR)Raise Marketing violated the data subject's right to object (Article 21 GDPR and Article 23 LOPDGDD). The DPA fined Raise Marketing €1500 for this violation16 KB (2,544 words) - 14:25, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9429195 (category Article 32 GDPR)force of Legislative Decree 101/2018), in relation to Articles 33 and 154, paragraph 1, lett. c) of the same Code; NOTING that, by examining the documents27 KB (4,203 words) - 15:49, 6 December 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- AEPD (Spain) - PS/00104/2020 (category Article 5(1)(f) GDPR)appear in the name of C.C.C. C/ Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 4/14 2. That, thanks to friendly talks with C.C.C., the complainant36 KB (6,022 words) - 13:59, 13 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))operation of the TCF (Article 14.5.b GDPR); c. the acquisition of these data is not prescribed by law (Article 14.5.c of the GDPR); and d. the personal429 KB (58,279 words) - 09:12, 2 November 2022
- Tietosuojavaltuutetun toimisto (Finland) - 918/154/2019 (category Article 58(2)(c) GDPR)judgments of the European Court of Justice C-131/12 and C-136/17 In the judgments of the EU Court C-131/12 and C-136/17, it has been stated that the processing26 KB (4,072 words) - 12:18, 27 March 2024
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)but have requested a judgment, is incomprehensible. 3.29 3.30 3.31 3.32 3.33 6.9 3.34 3.35 3.36 3.37 The contested consideration of the court from para103 KB (17,620 words) - 10:13, 29 November 2023
- Datatilsynet (Norway) - 20/01865 (category Article 2 GDPR)under Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet19 KB (2,942 words) - 09:03, 14 September 2023
- UODO (Poland) - DKN.5130.1354.2020 (category Article 28(3)(h) GDPR)expressed in Article 5 (1 ) (a)) f, and reflected in the obligations set out in Article 24 (1), Article 25 (1), Article 32 (1 ) (b ) and (d) and Article 32 (2)74 KB (11,513 words) - 09:58, 17 November 2023
- Datatilsynet (Norway) - 20/01516 (category Article 5 GDPR)to the public, violating Article 24 GDPR. The decision discusses as well, the relationship between directive 95/46/EC and GDPR. The DPA highlighted that26 KB (3,885 words) - 08:43, 7 May 2022
- APD/GBA (Belgium) - 18/2020 (category Article 5 GDPR)therefore of the opinion that no breach of Article 5.2 of the GDPR, Article 24.1 of the GDPR and Article 33 of the GDPR can be established. - As regards the55 KB (8,810 words) - 16:55, 12 December 2023
- BVwG - W214 2233132-1/27E (category Article 15(1)(c) GDPR)also met. 3.3. In the matter 3.3.1. Legal situation: Article 12 of Regulation (EU) 2016/679 of the European Parliament and of the CouncilArticle 12, of Regulation87 KB (14,194 words) - 10:07, 15 February 2024
- VGH Baden-Württemberg - 1 S 397/19 (category Article 23(1)(c) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 17(1)(c) GDPR) (section Article 17(1)(c) GDPR)seriously impair the achievement of purposes pursuant to Article 89(1) GDPR. In principle, Article 89(3) GDPR contains an opening clause. This provision was also31 KB (4,648 words) - 13:56, 12 May 2023
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- VDAI (Lithuania) - VDAI vs UAB Prime Leasing (category Article 32(1)(a) GDPR)complied with the requirements of Article 33(3) of the GDPR following the occurrence of the PDB (Article 83(2)(c) of the GDPR). The Company, as data controller37 KB (4,319 words) - 09:20, 17 November 2023
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)of an infringement of the Article 5(1)(a) GDPR principle of fairness, and infringements of the Article 5(1)(b) and (c) GDPR principles of purpose limitation289 KB (33,568 words) - 15:00, 1 February 2023
- entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 651 KB (8,215 words) - 09:55, 13 May 2022
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 33(1) GDPR)reasons the Italian DPA, with the power conferred by Article 58(2)(d) and (f) and Article 83(3) and (5) GDPR, imposed to Fastweb multiple corrective measures131 KB (21,014 words) - 15:55, 6 December 2023
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(1) GDPR)fine are set out in Article 83 of the General Data Protection Regulation. contained in Article. In the event of a breach of Article 5 of the General Data67 KB (10,492 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(c) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- OLG Stuttgart - 9 U 34/21 (category Article 82 GDPR)data breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal60 KB (10,254 words) - 11:22, 22 December 2021
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 4 GDPR)minimisation under Article 5(1)(b) and (c) GDPR, the EDPB decides this objection does not meet the requirements of Article 4(24) GDPR. On the objections53 KB (8,413 words) - 14:10, 30 January 2023
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- HDPA (Greece) - 47/2022 (category Article 28(3) GDPR)data subject (Article 26 GDPR). The processing by the processor must, in accordance with the provisions of article 28 paragraph 3 of the GDPR, be governed25 KB (3,943 words) - 14:32, 28 September 2022
- Garante per la protezione dei dati personali (Italy) - 9538748 (category Article 5(1)(f) GDPR)pursuant to Article 58, paragraph 2, of the Regulation, with this measure. Pursuant to Article 78 of the Regulation, Article 152 of the Code and Article 10 of24 KB (3,672 words) - 15:54, 6 December 2023
- APD/GBA (Belgium) - 15/2021 (category Article 15(3) GDPR)and others / Kadi, C ‑ 584/10 P, C ‑ 593/10 P and C ‑ 595/10 P,ECLI: EU: C: 2013: 518, points 98 and 99.15 CJEU, September 10, 2013, C-383/13 PPU, case G85 KB (13,724 words) - 16:52, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9779057 (category Article 4(1) GDPR)in the field in the field called "carbon copy" (C.C.) instead of the "blind carbon copy" field (C.C.N.) . With reference to this matter, the Hospital63 KB (9,916 words) - 11:28, 16 August 2022
- AEPD (Spain) - EXP202100764 (category Article 5(1)(f) GDPR)the alleged violation of Article 5.1.f) of the RGPD and Article 32 of the RGPD, typified in Article 83.4 of the RGPD and Article 83.5 of the RGPD. The initiation34 KB (5,184 words) - 13:22, 13 December 2023
- Norway, and not the GDPR. The DPA does, however, refer to corresponding Articles in the GDPR: Articles 5(1)(b) and (c), as well as Article 17. Share blogs43 KB (6,983 words) - 09:09, 21 August 2022
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 6(1)(c) GDPR)obligations arising from article 12.3 and 4 of the GDPR (methods for exercising the data subject's rights) and Article 15.1.b) and c) 5 of the GDPR (right of access76 KB (11,147 words) - 16:58, 6 December 2023
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)violating Article 5(1)(c) and Article 5(1)(e) GDPR. The DPA of Berlin fined Deutsche Wohnen SE for violating Article 5(1)(c) and Article 5(1)(e) GDPR, because36 KB (5,810 words) - 13:09, 21 January 2022
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 6(1)(c) GDPR)reviewe the security of the data processed by the processor under Article 28(3)(a) and (h) GDPR. For these reasons, the responsibility of the security incident50 KB (8,001 words) - 15:52, 6 December 2023
- CNPD (Luxembourg) - Délibération n°37FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg26 KB (3,862 words) - 17:41, 25 June 2022
- under Article 82 UK-GDPR and sections 168 and 169 of the Data Protection Act (DPA) 2018. The defendant applied for the claim to be struck out under 3.4(2)(a)61 KB (8,986 words) - 08:40, 22 February 2022
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read131 KB (22,429 words) - 16:57, 12 December 2023
- Norges Høyesterett - 2021-2403-A (category Article 4(11) GDPR)Privacy Regulation (GDPR) article 6 no. 1 letter f. GDPR applies according to the Personal Data Act § 1 as Norwegian law. Legelisten.no (3) Legelisten.no is46 KB (7,024 words) - 06:18, 6 March 2022
- AEPD (Spain) - PS/00187/2020 (category Article 5(1)(f) GDPR)by the alleged violation of Article 32 of the RGPD, Article 5.1.f) of the RGPD, Article 25 of the RGPD, typified in Article 83.5 of the RGPD. FOURTH: On51 KB (7,770 words) - 14:08, 13 December 2023
- Datatilsynet (Norway) - 17/01281 (category Article 6(1)(f) GDPR)private film footage to D and C after B had moved from the home. She made false allegations about A, which D and C adopted. D and C then used the film footage38 KB (6,275 words) - 16:13, 6 December 2023
- HDPA (Greece) - 11/2024 (category Article 17 GDPR)the data subject must delete the personal data in accordance with Article 17(1)(c) GDPR unless it is able to demonstrate that there are "compelling and legitimate36 KB (5,761 words) - 17:19, 22 April 2024
- VG Mainz - 1 K 584/19.MZ (category Article 9(1) GDPR)measures pursuant to Article 58 (2) (d) DSGVO were announced - this error would in any case have been remedied pursuant to Article 45 (1) no. 3 VwVfG by the fact58 KB (9,665 words) - 08:51, 25 November 2020
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)more personal data than strictly necessary within the meaning of Article 5(1)(c) of the GDPR. The FPS Finance therefore does not comply with the data minimization124 KB (18,772 words) - 17:01, 12 December 2023
- AP (The Netherlands) - 23.09.2021 (redirect from AP (The Netherlands) - Transavia Airlines C.V.) (category Article 32(1) GDPR)this procedure from other European supervisors. 3.3 Appropriate Security Measures 3.3.1 Introduction Article32 of the AVG are the requirements concerning66 KB (8,861 words) - 17:08, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542096 (category Article 12(3) GDPR)a violation of Article 12(3) in relation to Article 15 GDPR. The Garante hence applied an administrative fine as per Article 83(5) GDPR. The amount of21 KB (3,092 words) - 15:54, 6 December 2023
- Personvernnemnda (Norway) - 2021-18 (20/02059) (category Article 17(1)(c) GDPR)around the processing of personal data subject to Article 10 GDPR. Pursuant to Article 6(1)(f) GDPR, the Privacy Appeals Board conducted a balancing test36 KB (5,859 words) - 06:40, 6 July 2022
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)pénalité), C-439/19, EU:C:2021:504, paragraph 61, judgment Nowak, C-434/16, EU:C:2017:994, paragraph 33 and judgment Rijkeboer, C-553/07, EU:C:2009:293,115 KB (12,842 words) - 08:38, 5 July 2023
- APD/GBA (Belgium) - 149/2023 (category Article 7(3) GDPR)meaning of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2.113 KB (17,325 words) - 08:50, 19 March 2024
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)DSGVO/BDSG , Article 15 paragraph 33; Schaffland/Holthaus in Schaffland/Wiltfang, GDPR, Article 15 GDPR paragraph 44; loc. A. Härting, CR 2019, 219). 136 (3) In97 KB (16,519 words) - 09:57, 22 February 2023
- AEPD (Spain) - E/00739/2021 (category Article 12(5) GDPR)exercising their rights in bad faith. The AEPD brought forward Article 12(5) GDPR, as well as Article 7 of the Spanish Civil Code, that states that rights must29 KB (4,607 words) - 13:38, 13 December 2023
- AEPD (Spain) - E/03884/2020 (category Article 2(1) GDPR)outside the material scope of the GDPR. Also, with regards to the definition of personal data from Article 4(1) GDPR, the DPA did not reach a firm conclusion56 KB (8,737 words) - 09:35, 26 May 2021
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)additional submissions regarding Article 83(3) GDPR (“Meta IE Submissions on Article 83(3) GDPR”). December 2021 On3December2021,theIESAshareditsDraftDecisionwiththeCSAs276 KB (38,206 words) - 09:46, 20 January 2023
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)more details. Article 2: Substantive scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal9 KB (1,168 words) - 15:30, 6 December 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)this case under Article 6(1)(a) or 6(1)(c)? If Article 6(1)(a) applies, do the requirements for parental consent under Article 8 GDPR also apply? Did the48 KB (7,926 words) - 16:56, 12 December 2023
- Datatilsynet (Denmark) - 2019-441-1578 (category Article 34 GDPR)and at least contain the information and measures referred to in Article 33 (2). 3 (b), (c) and (d). The deadline for compliance is January 7, 2020 . The21 KB (2,901 words) - 16:37, 6 December 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)purpose limitation in accordance with Article 5 Paragraph 1 Letter b GDPR (Paal/Pauly/Paal, 3rd edition 2021, GDPR Article 15 Rn. 24). The plaintiff has a right32 KB (5,093 words) - 16:07, 11 September 2022
- RvS - 201901006/1/A2 (category Article 79 GDPR)currently enshrined in Article 47 of the Charter (judgments of the Court of Justice of 18 March 2010, C-317/08, C-318/08, C-319/08 and C-320/08, Alassini and34 KB (5,179 words) - 07:10, 7 April 2020
- Garante per la protezione dei dati personali (Italy) - 9446730 (category Article 58(2)(c) GDPR)to the GDPR, imposed a fine in the amount of € 10.000 and ordered Cavauto srl. to communicate the proposed changes in view of compliance with GDPR. The Italian34 KB (5,420 words) - 15:51, 6 December 2023
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)currently enshrined in Article 47 of the Charter (judgments of the Court of Justice of 18 March 2010, C-317/08, C-318/08, C-319/08 and C-320/08, Alassini and37 KB (5,721 words) - 12:41, 16 September 2021
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- Datatilsynet (Norway) - 20/01879 (category Article 24 GDPR)highly sensitive personal data exposed, thus breaching Article 32(1)(b) GDPR and Article 32(2), cf. Article 24. An employee in a municipal health care center30 KB (4,302 words) - 18:53, 5 March 2022
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA was206 KB (30,485 words) - 09:54, 14 December 2023
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose52 KB (7,520 words) - 13:13, 20 July 2021
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)within the meaning of Article 26 GDPR, as determined in section 2.3. 135. The legal provision on data protection by design, Article 25 GDPR, states expressly82 KB (12,100 words) - 17:01, 12 December 2023
- Personvernnemnda (Norway) - PVN-2023-05 (category Article 6(1) GDPR)the municipality still breached Article 13 GDPR, they did have a valid legal basis for processing under Article 6(1)(c) GDPR. On October 14, 2019, a kindergarten34 KB (5,375 words) - 10:07, 17 November 2023
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- APD/GBA (Belgium) - 24/2021 (category Article 7(3) GDPR)the basis of article 6.1 e) GDPR read together with articles 5.2 GDPR and 24.1 GDPR. 3) Violation of Articles 12.1, 12.6, 13.1 and 13.2 GDPR: the Inspection110 KB (18,238 words) - 16:56, 12 December 2023
- AEPD (Spain) - TD/00185/2019 (category Article 17 GDPR)effect, the judgment in eDate Advertisin and Others, C-509/09 and C-161/10, EU:C2011:685, paragraph 45).C/ Jorge Juan 6www.aepd.es28001 - Madridsedeagpd.gob17 KB (2,620 words) - 14:51, 13 December 2023
- TGI Paris - N° 14/07224 (category Article 5(1)(c) GDPR)articles L.111-1, L.111-2, L.111-3, L.221- 15, L.224-30, L.224-29, L.224-33, L.212-1, L.212-3, L.2141-1, L.211-1, L.232-1, R.631-3, L.621-1, L.621-2, L.621-7392 KB (67,730 words) - 15:27, 17 March 2022
- Datatilsynet (Norway) - 20/01949 (category Article 6(1)(c) GDPR)the processing, together with the Privacy Ordinance Article 6 No. 1 letter c or e, cf. Article 6 No. 3, as of Arendal municipality is stated as a basis for49 KB (7,572 words) - 16:14, 6 December 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)accordance with Article 60(3) GDPR. Ten DPAs (AT, DE, ES, FI, FR, HU, IT, NL, NO, SE) raised objections, in accordance with Article 60(4) GDPR, to the Draft468 KB (51,340 words) - 14:10, 30 January 2023
- Datatilsynet (Denmark) - 2018-32-0232 (category Article 5(1)(c) GDPR)in the plublic interest, under the data minimisation principle and Article 6(1)(e) GDPR. A citizen requested the deletion of their personal data into the13 KB (1,990 words) - 16:22, 6 December 2023
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)provided for in Article 5(1)(a), (e) and (f), Article 5(2), Article 24(1) and (2), Article 28(3), Article 30(1)(d) and (f) and Article 32(1) of the General58 KB (9,357 words) - 10:02, 17 November 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)statute-barred is therefore sufficient legal reasons. c) A right to information from § 3 para. 3 and 4 VVG is also ruled out. This only refers to missing40 KB (6,325 words) - 16:12, 18 May 2022
- Garante per la protezione dei dati personali (Italy) - 9269629 (category Article 5(1)(f) GDPR)Consequently, based on Article 83(5)(a) GDPR, the hospital was fined to pay a fine of EUR 30.000,00 for violation of Article 5(1)(f) GDPR. Corrective measures38 KB (5,724 words) - 15:47, 6 December 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(3) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 1011/161/22 (category Article 5(1)(c) GDPR)reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA also ordered the controller to erase the15 KB (2,137 words) - 20:18, 27 March 2024
- Datatilsynet (Denmark) - 2019-431-0045 (category Article 6(3) GDPR)instruction, under Article 28(1) GDPR. Thus, it has not been decided on whether or not MaCom could process information in accordance with Article 6(3)(a), (1)(a)14 KB (2,119 words) - 16:36, 6 December 2023
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)the GDPR. According to the defendant, this partner is thus not processor within the meaning of Article 4 (8) GDPR. Consequently, Article 28 (3) GDPR does113 KB (18,732 words) - 16:50, 12 December 2023
- BVerfG - 1 BvR 2853/19 (category Article 82 GDPR)of 6 October 1982, C.I.L.F.I.T., C-283/81, EU:C:1982:335, para. 21; judgment of 15 September 2005, C-495/03, EU:C:2005:552, para. 33; judgment of 6 December19 KB (3,209 words) - 13:08, 15 September 2021
- Datatilsynet (Norway) - 20/02291 (category Article 5(1)(f) GDPR)patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital45 KB (6,645 words) - 14:40, 28 March 2022
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- Tietosuojavaltuutetun toimisto (Finland) - 60/171/2020 (category Article 5(1)(a) GDPR)aforementioned data subjects would involve disproportionate effort under Article 34(3)(c) GDPR, the data controller gave public notice on its website informing8 KB (1,064 words) - 09:48, 17 November 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)(see Article 19.2, Article 79.3 of the Basic Law) and ensures this protection also with regard to the Union Treaties (see Article 23.1 sentence 3 of the127 KB (21,367 words) - 16:00, 22 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(3) GDPR)above, the restricted panel concludes that Article 38.3 of the GDPR does not have been respected by the inspected. C. On the failure to provide information66 KB (9,458 words) - 19:42, 4 September 2021
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)proportionality requisite to the minimisation principle from Article 5(2)(c) GDPR. Also, according to Article 89(3) LOPDGDD, the use of audio recording systems in the74 KB (11,726 words) - 13:02, 13 December 2023
- UODO (Poland) - DKE.561.2.2020 (category Article 58(1)(e) GDPR)connection with Article 31, Article 58(1)(e) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament and of27 KB (4,390 words) - 09:50, 17 November 2023
- CNIL (France) - SAN-2021-003 (category Article 4(1) GDPR)data laid down by Article 4(1) and (2) GDPR. The DPA then quotes ECJ, 11 December 2014, Ryneš, case C-212/13 (point 22), EDPB Guidelines 3/2019 on processing39 KB (6,015 words) - 17:11, 6 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments60 KB (9,713 words) - 13:07, 26 March 2024
- VG Potsdam - VG 3 K 1458/19 (category Article 17 GDPR)the alert on the SIS system under Article 17(1)(d) GDPR. The reason for the data subject invoking the GDPR is that Article 53(1) Regulation (EU) 2018/186123 KB (3,560 words) - 14:17, 21 February 2024
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)accountability pursuant to Article 5(2) UK GDPR because it failed to demonstrate compliance with Article 5(1)(a) and (c) UK GDPR principles of lawfulness129 KB (17,281 words) - 14:57, 10 April 2024
- AEPD (Spain) - EXP202104873 (category Article 5(1)(f) GDPR)for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned24 KB (3,512 words) - 10:43, 13 December 2023
- AEPD (Spain) - EXP202202937 (category Article 12 GDPR)identify the data subject and it shall justify the reasons, as per Article 12(3) GDPR. AEPD stated that, with the documentation provided, the data subject26 KB (3,997 words) - 18:59, 26 February 2024
- APD/GBA (Belgium) - 11/2024 (category Article 12(3) GDPR)established in Article 12(3) and (4) GDPR. Therefore, the Belgian DPA found the controller to have breached Article 15 GDPR in conjunction with Article 12(3) and26 KB (3,856 words) - 08:51, 19 March 2024
- HDPA (Greece) - 9/2024 (category Article 5(1)(a) GDPR)with article 21 of the GDPR, oppose the processing for direct marketing purposes, with a statement which, based on the article 21 para. 3 of the GDPR must102 KB (17,186 words) - 13:46, 26 April 2024
- Datatilsynet (Norway) - 20/02191 (category Article 5(1)(f) GDPR)processing special categories of data, cf. Article 32(1)(b) GDPR, Article 32(1)(d), Article 24 and Article 35, cf. Article 5. In May 2019, a municipality reported38 KB (5,967 words) - 11:48, 7 May 2022
- AKI (Estonia) - 2.1.-3/20/4479 (category Article 5(1)(c) GDPR)representation does not replace Article 9 (2) (a) and (c) consent of the data subject in accordance with Article 7. Article 7 (1) of the ECHR provides that28 KB (4,474 words) - 10:31, 13 December 2023
- APD/GBA (Belgium) - 28/2020 (category Article 17(1)(c) GDPR)be erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement27 KB (4,363 words) - 16:56, 12 December 2023
- APD/GBA (Belgium) - 48/2021 (category Article 5(1)(a) GDPR)(listed in Article 57 of the GDPR) including that of dealing with complaints (article 57.1.f) of the GDPR) as well as a number of powers (article 58 of the43 KB (6,670 words) - 16:58, 12 December 2023
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results73 KB (11,604 words) - 16:57, 12 December 2023
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant84 KB (12,933 words) - 16:46, 12 December 2023
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)obtained from them, as required under Article 14(1)(a) AVG and Article 14(2)(c)(e) and point (f) AVG; c. article 12 j° article 14 AVG, in view of the defendant62 KB (10,509 words) - 16:58, 12 December 2023
- The DPA first requested an overview of such processing (equivalent to Article 30 GDPR) for purposes related to the Norwegian Execution of Sentences Act, details16 KB (2,010 words) - 14:32, 8 November 2022
- UODO (Poland) - ZSPR.421.3.2018 (category Article 14 GDPR)obligation by providing the information required under Art. 14 (1) – (3) of the GDPR only in relation to the persons whose e-mail addresses it had at its52 KB (8,444 words) - 10:01, 17 November 2023
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines75 KB (12,421 words) - 13:23, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)portability; (c) where the processing is based on Article 6(1)(a) or on Article 9, (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a),69 KB (11,315 words) - 13:30, 19 January 2022
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)information obligation provided for a / 'article 14, §5, (c) of the GDPR. (...) Pursuant to article 14, §5, (c) of the GDPR, the responsibility for processing72 KB (11,389 words) - 08:59, 20 August 2021
- Rb. Amsterdam - C/13/692003/HA RK 20-302 (category Article 15(1) GDPR)All this is in violation of Article 22 GDPR. The requirements of proportionality and subsidiarity have also not been met. 3.3. Furthermore, prior to the30 KB (4,797 words) - 10:03, 19 May 2021
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)violation of article 21 of the LSSICE, classified as serious in article 38.3.d) and c) of said rule, for the alleged infringement of article 48.1.b) of the287 KB (48,336 words) - 13:53, 13 December 2023
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)implement 1See e.g. PVN 2019-09 2FOR-2018-07-02-1107. 3 Prop. 56 LS (2017-2018), point 31.3.3.3 4controlling measures in their business. Regulations on49 KB (7,646 words) - 07:56, 7 March 2022
- statutory legal obligation as stipulated under Article 6(1)(c) GDPR, in this case prescribed by Article 229 of the Act on Road Traffic Safety. The Court16 KB (2,404 words) - 15:46, 30 October 2023
- GHSHE (Netherlands) - 200.274.447 01 (category Article 5 GDPR)costs at law. 3.3. In the first instance, [the employee] put forward a substantiated defense seeking the rejection of Trigion's requests. 3.3.1. In the event60 KB (10,118 words) - 15:12, 5 October 2021
- AEPD (Spain) - TD/00005/2020 (category Article 17 GDPR)processing of in accordance with Article 6(1)(a) or Article 9(2)(a) (a), and this is not based on any other legal basis; (c) the data subject opposes the23 KB (3,780 words) - 14:49, 13 December 2023
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)at least the information and measures referred to in article 33, paragraph 3, points b), c) and d). 3. The communication to the data subject referred to56 KB (9,069 words) - 17:02, 6 December 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.00085 KB (12,340 words) - 15:30, 19 August 2022
- AEPD (Spain) - PS/00464/2020 (category Article 32(1) GDPR)The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. Article 32 of the RGPD "Security of treatment", establishes that: "129 KB (4,300 words) - 14:41, 13 December 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)the context of the implementation of Article 8(3) of the Charter of Fundamental Rights of the European Union. 33. 33. The Litigation Chamber refers in this52 KB (8,603 words) - 16:55, 12 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)requirements of Article 13 of the Regulation. C. On the breach relating to cookies 69. Article 82 of the Data Protection Act (Article 32.II in a wording48 KB (7,404 words) - 17:09, 6 December 2023
- AEPD (Spain) - EXP202205791 (category Article 17 GDPR)provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the RGPD; and in article 47 of the LOPDGDD. C/ Jorge Juan, 6 www.aepd29 KB (4,648 words) - 12:38, 13 December 2023
- AEPD (Spain) - PS/00010/2020 (category Article 6(1)(a) GDPR)AEPD held that the telecoms company 's actions were a breach of Article 6(1) GDPR. Article 6(1) does not apply here because they failed to prove that they22 KB (3,523 words) - 13:45, 13 December 2023
- AEPD (Spain) - PS/00287/2020 (category Article 5(1)(f) GDPR)confidentiality established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there32 KB (4,837 words) - 14:26, 13 December 2023
- LAG Baden-Württemberg - Sa 11/18 (category Article 15 GDPR)information pursuant to Article 15 (1) of the GDPR relates to "personal data relating to an individual" pursuant to Article 4 No. 1 of the GDPR. In addition, the18 KB (2,724 words) - 08:24, 14 March 2022
- DPC (Ireland) - IN-21-3-1 (category Article 4 GDPR)controller had infringed Article 6(1) GDPR, in addition to violating the principle of data minimisation in Article 5(1)(c) GDPR. Concerning the second issue20 KB (3,069 words) - 18:48, 24 January 2023
- Gerechtshof Amsterdam - 200.251.466/01 (category Article 21 GDPR)proceedings. 3.6.3. There is no dispute between the parties that the credit registration is based on article 4:32 Wft. This article implements Article 8 of Directive19 KB (3,021 words) - 15:48, 15 March 2022
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph28 KB (4,527 words) - 15:58, 26 April 2022
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)December 2017, C ‑ 434/16, ECLI: EU: C: 2017: 994) and Breyer (CJEU 19 October 2016, C-582/14, ECLI: EU: C: 2016: 779) 16 Recital 26 of the GDPR: The principles79 KB (12,260 words) - 17:00, 12 December 2023
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- APD/GBA (Belgium) - 33/2022 (category Article 12(3) GDPR)Articles 12.3 and 12.4 of the GDPR, as well as Article 15.1 of the GDPR, which in this case justifies taking a decision on the basis of article 95, § 1, 5°26 KB (4,116 words) - 15:36, 30 March 2022
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 90. In addition, a controller102 KB (15,787 words) - 07:39, 6 September 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)security at all times”. 3.3.2Assessment From both article 13 of the Wb and article 32, first and second paragraph, of the GDPR it follows that the controller106 KB (14,502 words) - 17:09, 12 December 2023
- APD/GBA (Belgium) - 42/2020 (category Article 2(1) GDPR)of minimum data processing (Article 5.1. c) GDPR). 33. In order to check whether the third condition of Article 6.1 f) GDPR - the so-called "Balancing test"30 KB (4,871 words) - 16:58, 12 December 2023
- CJEU - C-33/22 - Österreichische Datenschutzbehörde (category Article 2(2)(a) GDPR)under national security as defined by Recital 16 GDPR, therefore, making Article 2(2)(a) GDPR applicable? 3) If question 2 is answered in the negative, does8 KB (1,127 words) - 08:53, 30 January 2024
- DSB (Austria) - 2023-0.603.142 (category Article 33(3) GDPR)side of Article 33, Paragraphs 1 and 3 of the GDPR.objective side of the crime of Article 33, Paragraphs 1 and 3 of the GDPR has been fulfilled. 2.3. On the76 KB (12,550 words) - 09:24, 28 February 2024
- AEPD (Spain) - PS/00110/2020 (category Article 7 GDPR)provisions of article 13 of Regulation (EU) 2016/679 and in the ar-C / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 3 3/10Article 11 of Organic32 KB (4,992 words) - 14:00, 13 December 2023
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)force of the GDPR, the controller also sent him a separate revocation letter referring to the operational reasons under Article 38(3) GDPR, second sentence40 KB (6,019 words) - 14:13, 28 November 2023
- Court of Appeal of Brussels - 2021/AR/205 (category Article 6 GDPR)processing plea 6: the right to object - Article 21(1) AVG plea 7: Article 12(3) TFEU - no infringement plea 8: Article 20 AVG-Right of transfer-the warning-not92 KB (14,873 words) - 09:03, 20 August 2021
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(c) GDPR)an infringement of Article 5 (1) a), b) and c) and (2) of the GDPR and Article 24 (1) of the GDPR; and - an infringement of article 8 of the law of 2143 KB (6,274 words) - 08:57, 29 June 2023
- BVwG - W211 2210458-1/10 (category Article 5(1)(c) GDPR)lit. a and c as well as Art. 6 para. 1 of the GDPR. To 2): c) Article 50b (2) DSG 2000 (for the period prior to 25 May 2018) (d) Article 13(3) DSG (for92 KB (15,435 words) - 16:00, 22 March 2022
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)par le biais de la page de fans Facebook en question ; b. Article 21(1) j° c. Article 12(3) T&C, le deuxième défendeur n'ayant pas respecté le droit à un96 KB (15,396 words) - 16:50, 12 December 2023
- HDPA (Greece) - 4/2023 (category Article 33 GDPR)for more details. Article 2: Material scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal data10 KB (1,249 words) - 12:16, 8 May 2023
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)(1) lit. d GDPR. The procedure was also compatible with the principle of purpose limitation within the meaning of Article 5 para. 1 lit. b GDPR. In September31 KB (5,184 words) - 17:19, 15 April 2023
- the CNIL 33. The rule for the territorial application of the requirements set out in Article 82 of the Data Protection Act is set out in Article 3, paragraph73 KB (11,864 words) - 17:03, 6 December 2023
- AEPD (Spain) - PS/00080/2022 (category Article 33 GDPR)circumstances in relation to Article 5 and Articles 32 and 33 GDPR. First, there was the duration of the infringement under Article 83(2)(a) GDPR; second, there was47 KB (7,265 words) - 10:05, 21 July 2022
- Garante per la protezione dei dati personali (Italy) - 9697724 (category Article 5(1)(c) GDPR)Region Lombardia violated Article 5(1)(a)(c) GDPR due to the dissemination not being necessary as well as Article 6(1)(c)(e) GDPR due to the absence of suitable77 KB (12,455 words) - 09:35, 15 September 2021
- AEPD (Spain) - EXP202200471 (category Article 5(1)(f) GDPR)the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. According to the national legislation (Article 76(2)(b) LOPDGDDon40 KB (6,014 words) - 13:21, 13 December 2023
- Rb. Midden-Nederland - C/16/530061 / KG ZA 21-617 (category Article 6(1)(f) GDPR)exceptions. The exception of article 32 sub c UAVG does not apply to her. Argument 3 3.33. BREIN also states that the exception of Article 32 sub d UAVG applies38 KB (6,263 words) - 16:40, 15 June 2022
- AEPD (Spain) - EXP202208091 (category Article 5(1)(f) GDPR)for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned40 KB (6,014 words) - 13:24, 13 December 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- CNPD (Portugal) - Deliberação 984/2018 (category Article 5(1)(c) GDPR)Protection Committee, foreseen in theSection 3 of Chapter VIl of the GDPR, must, under the terms of paragraph 3 of article 68 of theregulation, be “composed of40 KB (5,935 words) - 16:55, 6 December 2023
- Court of Appeal of Brussels - 2020/AR/1111 (category Article 3(1) GDPR)ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of37 KB (5,919 words) - 08:54, 20 August 2021
- Datatilsynet (Norway) - 21/03126 (category Article 33(1) GDPR)the deadline set out in Article 33(1) GDPR. 6. Datatilsynet’s Assessment 6.1. Findings of an Infringement of Article 33(1) GDPR 6.1.1. Introduction As noted133 KB (19,309 words) - 05:16, 24 March 2023
- APD/GBA (Belgium) - 03/2021 (category Article 5(1)(b) GDPR)account of the defendant (Article 6.1. f) GDPR). The other legal grounds included in Article 6.1. points a), b), c), d) and e) GDPR are in present case not32 KB (4,880 words) - 16:50, 12 December 2023
- BVwG - W274 2251055-1/5E (category Article 6(1)(f) GDPR)Paragraph 1 and 2 DSG, Article 5 Letters a and c GDPR as well as Article 6 Paragraph 1 Letters c and f GDPR, as well as Article 1 Paragraph 3 Z 1 ZaDiG 2018,137 KB (21,991 words) - 12:01, 20 September 2023
- APD/GBA (Belgium) - 57/2023 (category Article 13(1)(c) GDPR)violation of Article 5(1)(a), Article 12(1) and (2), Article 13(1)(c) and (2)(a) of the GDPR. II.4. Article 5 GDPR, Article 24 (1) GDPR and Article 25 (1) and99 KB (15,129 words) - 09:21, 31 May 2023
- CNIL (France) - SAN-2023-008 (category Article 5(1)(c) GDPR)5. Failure to comply with Article 12 GDPR Information is considered easily accessible, within the meaning of Article 12 GDPR, if it is provided to the10 KB (1,254 words) - 16:37, 8 January 2024
- Rb. Midden-Nederland - C/16/481957/KG ZA 19-357 (category Article 33 GDPR)portrait right. The paintiff also saw a violation of Articles 33, 35 and 36 of the GDPR, which the defendant has not contested. The Court found that the24 KB (3,863 words) - 16:19, 10 March 2022
- Korkein hallinto-oikeus (Finland) - KHO:2023:56 (category Article 5(1)(c) GDPR)Protection Regulation) Article 5, paragraph 1, subparagraph c, Article 25, Article 58, paragraph 2, subparagraph d, and Article 87, Section 29, subsection45 KB (5,016 words) - 14:14, 21 March 2024
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)market participants. Specifically, these are Sections 17(3), 3(5) ApBetrO, 43 AMG, 11(1) sentence 1 no. 3, no. 7 and no. 11 HWG, and Section 14(2) no. 1 BerufsO32 KB (5,236 words) - 16:00, 10 March 2022
- OGH - 6Ob127/20z (category Article 4(1) GDPR)held that a lawsuit under Article 79 GDPR regarding the alleged violation of Article 15 GDPR is indeed feasible. Article 79 GDPR is not limited to certain34 KB (5,408 words) - 13:57, 20 September 2021
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(c) GDPR)principleof data minimization within the meaning of Article 5 (1) point c) GDPR.3. Breaches of the GDPR and the complainant's requests68. The Disputes Chamber41 KB (6,354 words) - 16:59, 12 December 2023
- AEPD (Spain) - EXP202104896 (category Article 9(2) GDPR)violation of the articles: -6.1 of the GDPR, in accordance with article 83.5.a) of the GDPR and article 72.1.b) of the LOPDGDD. C/ Jorge Juan, 6 www.aepd.es 28001103 KB (17,238 words) - 13:27, 3 April 2023
- Garante per la protezione dei dati personali (Italy) - 9991064 (category Article 33 GDPR)Articles 32 to 36 GDPR, including those regarding the notification of personal data breaches. In particular, pursuant to Article 33(2) GDPR in the event of52 KB (8,196 words) - 15:46, 27 March 2024
- Datatilsynet (Norway) - 21/00480 (category Article 5(1)(f) GDPR)municipality €409,768 (NOK 4,000,000) for breaches of Article 5(1)(f) GDPR, Article 24 GDPR and Article 32 GDPR after a serious ransomware attack led to highly31 KB (4,380 words) - 06:12, 14 March 2023
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(c) GDPR)person concerned. ” 4.3.1- As regards respect for the principles of minimization and finality (article 5.1.c. and article 5.1.b of the GDPR) 24. In its capacity45 KB (6,780 words) - 16:57, 12 December 2023
- UODO (Poland) - DKN.5131.43.2022 (category Article 33 GDPR)the controller was in breach of Article 33(1) GDPR, Article 33(3) GDPR, Articles 34(1) and 34(2) GDPR, and Article 5(2) GDPR, Firstly, the Polish DPA held57 KB (9,261 words) - 08:13, 25 October 2023
- VGH München – 5 CS 19.2087 (category Article 6(1)(c) GDPR)sentence 1 lit. c, para. 3 sentence 1, Art. 86 GKG § 47 (1), § 52 (2), § 53 (2) no. 2, § 63 (3) sentence 1 no. 2, § 66 (3) sentence 3, § 68 (1) sentence40 KB (6,397 words) - 08:03, 21 March 2022
- AEPD (Spain) - PS/00006/2019 (category Article 6(1)(a) GDPR)contravene Articles 13(1), 6(1)(a) and 8 GDPR? The AEPD found that GRUP BC S.L violated Article 13(1), 6(1)(a) and 8 GDPR. Share your comments here! Share blogs27 KB (4,517 words) - 13:44, 13 December 2023
- UODO (Poland) - DKN.5131.11.2020 (category Article 33(1) GDPR)the Foundation. The DPA held that the Foundation violated Article 33(1), Article 34(1) GDPR by failing to notify the DPA of a personal data protection51 KB (8,179 words) - 12:07, 11 August 2021
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "182 KB (13,463 words) - 17:03, 6 December 2023
- LG Ravensburg - 2 O 228/22 (category Article 33 GDPR)under Article 34 GDPR or the data protection supervisory authority under Article 33 GDPR because the requirements of the legal definition in Article 4(12)26 KB (4,057 words) - 13:39, 11 April 2024
- Rb. Midden-Nederland - C/16/531572 / KG ZA 21-672 (category Article 4(1) GDPR)proceedings claimed on the basis of Article 1019h DCCP. GDPR Are the IP addresses personal data? Yes 3.3. Article 4 of the GDPR defines personal data as: “any59 KB (9,649 words) - 08:09, 20 October 2022
- Garante per la protezione dei dati personali (Italy) - 9778996 (category Article 6(1)(c) GDPR)(1)(c) and (1)(e) of Article 6 GDPR. The violation of Article 2-ter of the Code is a direct consequence of the violation of Articles 5 and 6 GDPR. Finally49 KB (7,883 words) - 15:12, 13 July 2022
- Datatilsynet (Norway) - 20/03046 (category Article 33(1) GDPR)Consequently, they did not adhere to Article 33(5) GDPR, nor Article 33(1). The Norwegian DPA held that Trumf had breached Article 33(1) for failing to notify them87 KB (13,389 words) - 08:08, 24 June 2022
- UODO (Poland) - DKN.5131.59.2022 (category Article 33(3) GDPR)should have notified the DPA under Article 33(1) GDPR and the data subjects affected by the breach under Article 34(1) GDPR. Regarding the corrective measure108 KB (17,728 words) - 07:57, 25 April 2024
- CPDP (Bulgaria) - PNN-01-33/2022 (category Article 32 GDPR)the GDPR introduces a prohibition on their processing (Article 9(1) GDPR), while allowing for explicit and limitative exceptions (Article 9(2) GDPR). In71 KB (11,948 words) - 17:01, 8 February 2023
- AEPD (Spain) - TD/00277/2020 (category Article 17 GDPR)search the following urls: 1. *** URL.1 2. *** URL.2 3. *** URL.3 SECOND: In accordance with article 65.4 of the LOPDGDD, which has provided for a mechanism40 KB (6,518 words) - 13:29, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9582723 (category Article 5 GDPR)interests in accordance with the provisions from article 5-bis "(article 5, paragraph 2, of legislative decree no. 33/2013). In relation to the profiles of competence24 KB (3,805 words) - 13:05, 19 May 2021
- UODO (Poland) - DKN.5131.16.2021 (category Article 33(3) GDPR)33(3)(b), Article 33(3)(c), and Article 33(3)(d), as Article 34(2) GDPR prescribes. Therefore, the DPA decided to impose an administrative fine pursuant to88 KB (14,432 words) - 10:31, 24 November 2021
- VG Hannover - 10 A 502/19 (category Article 5(1)(c) GDPR)which the person responsible is subject. In contrast to Article 6 (1) (b) GDPR, Article 6 (1) (c) GDPR with “legal obligation” does not mean a contractual41 KB (6,779 words) - 12:35, 24 November 2021
- UODO (Poland) - DKN.5131.42.2022 (category Article 33 GDPR)interfering with court decisions. The DPA found a breach of Article 33 GDPR and Article 34(1) and (2) GDPR resulting in a fine of €2,324. Share your comments here95 KB (15,337 words) - 16:38, 19 March 2024
- UODO (Poland) - DKN.5131.34.2021 (category Article 33(1) GDPR)contain at least the information and measures referred to in Art. 33 paragraph 3 it. b), c) and d) of Regulation 2016/679, i.e .: a) the name and contact61 KB (9,994 words) - 08:37, 14 September 2022
- APD/GBA (Belgium) - 66/2021 (category Article 4(3) GDPR)the request - thereby infringing Article 12(3) of the GDPR, as well as 11 §3, 11/1 §3, 11/2 §3 and 11/3 §3 of the Act of 3 August 2012. With regard to the88 KB (13,010 words) - 20:12, 30 December 2021
- UODO (Poland) - ZSOŚS.421.25.2019 (category Article 83(3) GDPR)violations (Article 33 of Regulation 2016/679), procedures for reporting data protection breaches to the supervisory authority (Article 33 (3) of Regulation156 KB (25,012 words) - 10:01, 17 November 2023
- APD/GBA (Belgium) - 10/2019 (category Article 5(1)(b) GDPR)logically been taken up in Article 5(1)(b) of the GDPR under the Principles relating to the processing of personal data (Chapter II). Article 5(1)(b) of the RGPD32 KB (5,190 words) - 16:51, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8393/161/2019 (category Article 5(1)(c) GDPR)with Article 5 (1) (a) and Article 6 (1) (f) GDPR. Thus, the controller failed to comply with the accountability principle under Article 5 (2) GDPR. Second111 KB (17,604 words) - 13:08, 3 March 2024
- LG München I - 33 O 5976/22 (category Article 6(1)(b) GDPR)on Article 6(1)(b) GDPR, as the disclosure was not necessary for the performance of the telecommunication contract. Concerning Article 6(1)(f) GDPR, the65 KB (9,647 words) - 11:40, 4 October 2023
- LG Deggendorf - 33 O 461/22 (category Article 82 GDPR)edition 2020, GDPR Art. 33 para. 81 acc. Art. 33 Para. I S. I GDPR, in the event of a violation of the protection of personal data, the person responsible66 KB (11,183 words) - 09:28, 12 July 2023
- UODO (Poland) - DKN. 5131.27.2022 (category Article 33(1) GDPR)recognized as personal data - it was not required to notify anyone (Article 33 (1) and Article 34 (3) (a) and (b)). ) ”Of Regulation 2016/2019. In addition, the80 KB (13,127 words) - 07:57, 14 September 2022
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)meaning of Article 5.1.c. AVG). 13. The transcript of the hearing is subsequently transmitted to the parties on 28 June 2023; in accordance with Article 54 of39 KB (6,247 words) - 09:14, 15 November 2023
- AEPD (Spain) - PS/00040/2020 (category Article 15 GDPR)the Junta de Extremadura. It adds that the representative of B.B.B. and C.C.C. Is daughter of both, and that the “mayor's office has already granted the38 KB (6,303 words) - 13:50, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542155 (category Article 5(2) GDPR)of Bologna for violation of Articles 5(2)(f) and 9 GDPR. On the basis of Articles 58(2)(i) and 83 GDPR, the Garante imposed a fine of € 18 000 on the Local26 KB (4,162 words) - 15:54, 6 December 2023
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)images to Instagram are: A.A.A., born 07/25/2005. B.B.B., born on 05/02/2006 C.C.C., born 11/19/2005 2. That, according to the Judicial Police, the video published47 KB (7,616 words) - 14:35, 13 December 2023
- UODO (Poland) - DKN.5131.49.2021 (category Article 33(1) GDPR)notified in accordance with Article 34 GDPR. Therefore, the DPA found that the controller violated Article 33(1) and Article 34(1) GDPR and imposed a fine of63 KB (10,380 words) - 08:26, 17 October 2023
- DSB (Austria) - DSB-D213.1759 (category Article 5(1)(c) GDPR)hereinafter: GDPR), OJ L 119, 4 May 2016, p. 1.: Article 4, Article 5 Paragraph 1 Letter c, Article 6, Article 12 Paragraph 3, Article 51 Paragraph 172 KB (11,993 words) - 14:21, 10 April 2024
- UODO (Poland) - DKN.5131.33.2021 (category Article 34(1) GDPR)the breach, pursuant to the obligation expressed in Article 34 GDPR, in conjunction with Article 12 GDPR. Based on this assessment, the DPA issued an administrative81 KB (13,351 words) - 14:48, 2 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 1150/161/2021 (category Article 33(1) GDPR)Protection Regulation. 3.2.3. Technical and organizational measures 3.2.3.1. Security of the patient information system 26.11.2017–13.3.2019 According to the153 KB (24,570 words) - 15:11, 26 March 2024
- UODO (Poland) - DKN.5110.12.2021 (category Article 33(1) GDPR)controller violated Article 33(1) GDPR by not notifying the DPA of the data breach. Consequently, the DPA issued a fine of approximately €3,492 (16,000 PLN)51 KB (8,343 words) - 14:16, 15 June 2022
- APD/GBA (Belgium) - 62/2022 (category Article 33(1) GDPR)controller violated Article 6 GDPR because it had no legal basis to disclose the email addresses. It reasoned that Article 6(1)(a) GDPR was not applicable58 KB (9,477 words) - 18:41, 1 June 2022
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)the light of Article 13 of the AVG. In this respect, the Inspectorate refers to column 3 of the table below.3 Column 1 Column 2 Column 3 Privacy policy107 KB (17,697 words) - 16:52, 12 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)2, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3133 KB (21,944 words) - 15:59, 22 March 2022
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)complaint lodged under Article 77 of the GDPR, or proceedings based on Article 78(1) of the GDPR, is not precluded by the GDPR or any other provision of59 KB (8,242 words) - 10:47, 17 March 2021
- Gerechtshof Amsterdam - 200.258.736/01 (category Article 15 GDPR)applicable (cf. Article 99(1) and (3) AVG). As of that date, the AVG is binding and directly applicable in every Member State (Article 99(3) AVG), i.e.: irrespective41 KB (7,150 words) - 12:30, 4 October 2021
- AP (The Netherlands) - 04.11.2019 (category Article 32 GDPR)payment to be appropriate. 3. Findings 3.1 Findings prior to the on-site visit of 18 June 2018 Menzis sent documents to the AP on 3 and 29 May 2018 to demonstrate36 KB (5,914 words) - 17:13, 12 December 2023
- APD/GBA (Belgium) - 101/2022 (category Article 33(1) GDPR)controller failed to respect its notification duty under Article 33(1) and Article 33(5). Article 34 was not vioated, as, the data subject was already informed88 KB (13,264 words) - 09:09, 29 June 2022
- VG Regensburg - RN 9 K 19.1061 (category Article 2 GDPR)Fundamental Rights (Article 8 (1) in conjunction with Article 8 (3) CFR) is protected by Article 77 (1) GDPR in conjunction with Article 77 (1) CFR. Art.94 KB (15,537 words) - 09:09, 25 August 2020
- LG München I - 5 O 5853/22 (category Article 5(1)(f) GDPR)violation of personal data. 57 (3) The content required under Article 34 Paragraph 2, 33 Paragraph 3 Letters b, c and d GDPR was also included. 58 (a) The31 KB (5,017 words) - 15:08, 20 October 2023
- Garante per la protezione dei dati personali (Italy) - 9698724 (category Article 5(1)(a) GDPR)Guarantor or to ask to be heard by the Authority (Article 166, paragraphs 6 and 7, of the Code; as well as Article 18, paragraph 1, of Law no. . 689 of 11/24/1981)83 KB (13,648 words) - 11:30, 16 August 2022
- GHAL - 200.186.790/01 (category Article 6(1)(c) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- ICO (UK) - Cabinet Office (category Article 33(1) GDPR)the GDPR and DPA 2018. They are obliged by Article 5(2) of the GDPR to adhere to the data processing principle set out in Article 5(1). 8. Article 5(1)(f)79 KB (10,566 words) - 10:48, 7 December 2021
- Rb. Gelderland - C/05/391171 / HA RK 21-135 (category Article 5(1)(c) GDPR)the other grounds from Article 6(1) of the GDPR do not apply. For example, according to [applicant], Article 6(1)(c) of the GDPR does not apply because56 KB (9,287 words) - 16:00, 26 January 2022
- APD/GBA (Belgium) - 110/2023 (category Article 5(2) GDPR)(documentation obligation Article 33, paragraph 5 GDPR and risk-based approach Article 32 GDPR) and the obligation to report to the GBA (Article 33 GDPR): the defendant66 KB (9,820 words) - 10:13, 13 September 2023
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 28(3) GDPR)by the GDPR, on the other, Article 28, paragraph 3 of the GDPR does not provide any indication regarding the obligation to conclude a deed of appointment49 KB (7,758 words) - 15:44, 6 December 2023
- AP (The Netherlands) - 14.01.2022 (category Article 5(1)(c) GDPR)2019 Pursuant to article 58, second paragraph, opening words and article 83, fifth paragraph, of the GDPR, read in in connection with article 14, third paragraph50 KB (7,656 words) - 17:05, 12 December 2023
- OLG Köln - 20 U 295/21 (category Article 15(3) GDPR)found that the right to a copy under Article 15(3) GDPR is independent from the right to access under Article 15(1) GDPR and is to be construed extensively42 KB (6,689 words) - 08:30, 21 November 2022
- UODO (Poland) - DKN.5131.3.2021 (category Article 33(1) GDPR)supervisory authority (i.e. Article 33 (1 ) of the GDPR) and to notify the data subjects of breach of (Article 34 (1-2) of the GDPR), it would be necessary129 KB (20,850 words) - 12:13, 7 July 2021
- Council of State - 251.378 (category Article 28(3) GDPR)ruling and the GDPR; breach of Article 28 GDPR (the choice of a the processor does not provide sufficient guarantees); breach of Article 32 GDPR (lack of appropriate40 KB (6,324 words) - 15:34, 1 September 2021
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller gives120 KB (19,650 words) - 09:00, 6 April 2022
- OLG Köln - 15 U 126/19 (category Article 17(3) GDPR)pursuant to Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR)121 KB (20,412 words) - 15:58, 10 March 2022
- Garante per la protezione dei dati personali (Italy) - 10002324 (category Article 33(1) GDPR)Garante found a violation of the processing principle under Article 5(1)(f) GDPR and Article 32 GDPR related to the security of processing which was compromised129 KB (20,678 words) - 08:25, 8 May 2024
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)Data Authority2019 53 3.3Penaltyforviolatingthesecurityofprocessing 53 3.3.1 Nature, seriousness and duration of the infringement 54 3.3.2 Negligent nature179 KB (22,957 words) - 17:07, 12 December 2023
- CNIL (France) - SAN-2023-018 (category Article 31 GDPR)DPO and to cooperate with the DPA, therefore violating Article 31 GDPR and Article 37(1)(a) GDPR. On 2 June 2021, the French DPA (“CNIL”) informed a French22 KB (3,384 words) - 13:25, 24 January 2024
- AEPD (Spain) - EXP202205820 (category Article 6 GDPR)the provisions of article 6 of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 14/20 Article 4 of the same GDPR defines "processing"61 KB (9,700 words) - 13:21, 13 December 2023
- Rb. Noord-Nederland - C/ 18/189406/HA ZA 19-6 (category Article 5(1)(f) GDPR)loss of control of personal data and a breach of Article 5(1)(f) GDPR, Article 6 GDPR and Article 32(2) GDPR. The first complainant is a company that is engaged105 KB (18,002 words) - 16:24, 10 March 2022
- Garante per la protezione dei dati personali (Italy) - 9828059 (category Article 5(1) GDPR)violated the principles of data protection and breached the GDPR (article 5(1)(a) and (c) and 6 GDPR) as well as the Legislative Decree no. 196 of 30 June 200329 KB (4,487 words) - 12:48, 16 June 2023
- Garante per la protezione dei dati personali (Italy) - 9789037 (category Article 5(1)(c) GDPR)materia di protezione dei dati personali”; and of Article 6(1)(c), Article 6(1)(e), Article 6(2) and Article 6(3)(b). The Italian DPA did not impose a fine because75 KB (11,970 words) - 15:39, 3 December 2022
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 5(1) GDPR)b) and c); 6, par. 1, lett. c) and e), par. 2 and par. 3, lett. b); 37, para. 1 and 7, of the GDPR; as well as art. 2-ter, paragraphs 1 and 3, of the57 KB (9,144 words) - 15:55, 6 December 2023
- Datatilsynet (Denmark) - 2020-442-8862 (category Article 33(3) GDPR)requirements of Article 34(2) and Article 33(3) GDPR. The DPA expressed serious criticism to the controller for violating Article 32(1) GDPR. Moreover, it24 KB (3,735 words) - 17:29, 23 February 2022
- Datainspektionen - DI-2019-9432 (category Article 33(1) GDPR)current personal data processing has violated Article 5 (1) (f), Article 32.1 and 32.2 and Article 33.1 and 33.5 of the Data Protection Regulation. The Data59 KB (8,959 words) - 11:43, 7 April 2022
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 38(3) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg56 KB (8,326 words) - 16:57, 6 December 2023
- Personvernnemnda (Norway) - 2021-17 (20/02389) (category Article 17(1)(c) GDPR)legal basis for their processing in article 6(1)(f) GDPR. However, according to article 17(1)(c) and article 21(1) GDPR, upon receiving an erasure request45 KB (7,396 words) - 18:49, 5 March 2022
- AEPD (Spain) - PS/00197/2020 (category Article 5(1)(c) GDPR)6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the Spanish Data129 KB (21,793 words) - 14:09, 13 December 2023
- IDPC (Malta) - COMP/138/2022 (category Article 15(3) GDPR)and 9(1) GDPR; b) the controller failed to adequately inform data subjects about the processing of their data, in violation of Article 14 GDPR; c) the controller7 KB (862 words) - 14:35, 23 May 2023
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)section 3.3 >>.<< 3.3. Informed manifestation of willThe GDPR reinforces the requirement that consent must be informed. In accordance with theArticle 5 of206 KB (32,869 words) - 14:36, 13 December 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 18(1)(c) GDPR)Under the conditions set out in Article 15 (1) and (3) of the GDPR, thereby infringing the GDPR Article 25 (1). III.3.2. Designed to handle requests to60 KB (9,820 words) - 10:08, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9955372 (category Article 5(1)(c) GDPR)workers. Therefore, the DPA found a violation of Article 5 GDPR, Article 6(1)(c) GDPR and Article 9 GDPR. The duration of the illegal data dissemination44 KB (6,633 words) - 15:46, 5 December 2023
- BVwG - W101 2132183-1 and W101 2132039-1 (category Article 15(3) GDPR) (section Use of online tools to provide access in line with Article 12 GDPR)personal data and information under Article 15 GDPR in his Google account, Google has not violated Article 15 GDPR concerning this data/information. As107 KB (17,615 words) - 09:42, 10 September 2021
- Datatilsynet (Denmark) - 2023-432-0016 (category Article 4(11) GDPR)fairness and transparency under Article 5(1)(a) GDPR, as well as the principle of data minimisation pursuant to Article 5(1)(c) GDPR, since they did not process46 KB (7,192 words) - 12:37, 19 December 2023
- with the obligations under Article 6, §2, al. 5 and Article 9 of the Camera Act 1 2. there is a serious indication that article 6, § 2, al. 4 of the aforementioned35 KB (5,303 words) - 17:01, 12 December 2023
- VG Gießen - 4 K 252/19.GI (category Article 4(10) GDPR)February 2018, 3 Bf 107/17, judgment of 8 February 2018, 3 Bf 107/17, judgment of 8 February 2018, 3 Bf 107/17, judgment of 8 February 2018, 3 Bf 107/17).35 KB (5,815 words) - 15:51, 17 March 2022
- OLG Frankfurt am Main - 13 U 206/20 (category Article 17(1) GDPR)by the plaintiff pursuant to Article 82(1) GDPR, since there have been violations of Article 6(1)(a) GDPR and Article 34 GDPR. The defendant also breached44 KB (7,334 words) - 09:02, 17 March 2022
- FG Berlin-Brandenburg - 16 K 16155/21 (category Article 79(2) GDPR)ordinary courts (Article 34 GG, Article 40(2) VwGO). Moreover, the Court considered the reference to Article 79(2) GDPR from Article 82(6) GDPR, and the fact19 KB (2,925 words) - 11:09, 27 July 2022
- LG Bielefeld - 19 O 147/22 (category Article 33 GDPR)and Section 2 of the German Civil Code in conjunction with Article 6 (1) GDPR and Article 17 GDPR, the plaintiff is also not entitled to an injunctive relief37 KB (5,986 words) - 14:50, 9 May 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)based on Article 6.1.f) of the GDPR, but not for all processing based on this article. […] 73 74Investigation report, page 22, point 4.4.2.3.3. WP 260 rev82 KB (11,472 words) - 16:58, 6 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)under Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR143 KB (24,273 words) - 15:59, 10 March 2022
- Court of Appeal of Brussels - 2019/AR/1006 (category Article 16 GDPR)incorrect applies Article 12.3 of the AVG. However, this is not correct. 33. Article 12.3 of the GDPR reads (in its relevant parts): ''Art. 12.3 The controller59 KB (9,290 words) - 09:10, 5 May 2024
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)controller for the purposes of Article 4(7) GDPR, and Company A was the processor for the purposes of Article 4(8) GDPR. The DPA found that both Companies55 KB (9,079 words) - 16:57, 6 December 2023
- Rb. Amsterdam - C/13/683377 / HA ZA 20-468 (category Article 5(1)(a) GDPR)obligation as referred to in Article 33 or 34 of the Wbp. 3. Telephone numbers for two-factor authentication (claim a.i.3) 11.60. Claim a.i.3 relates to the use243 KB (40,160 words) - 11:54, 5 April 2023
- APD/GBA (Belgium) - 75/2023 (category Article 12(3) GDPR)paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the77 KB (11,604 words) - 08:55, 29 June 2023
- Garante per la protezione dei dati personali (Italy) - 9842783 (category Article 5 GDPR)Italian DPA concluded that the controller breached Article 5 GDPR, Article 6 GDPR and Article 9 GDPR and Articles 2-ter as well as 2-septies (8) of the51 KB (8,159 words) - 00:03, 18 January 2023
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 35(3) GDPR)writing (cf. paragraphs 3 and 4 of article 28 of the GDPR), verification of the requirements set out in article 28 of the GDPR it must be substantive and163 KB (27,222 words) - 16:54, 6 December 2023
- CNIL (France) - SAN-2023-015 (category Article 12(3) GDPR)of Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 15 GDPR, Article 28 GDPR, Article 32 GDPR and Article 33 GDPR, as well as of Article L. 34-567 KB (10,546 words) - 13:55, 25 October 2023
- UODO (Poland) - DKN.5130.3114.2020 (category Article 24(1) GDPR)in Article 34(2) of Regulation 2016/679, i.e. it does not contain the information referred to in Article 34(2) in conjunction with Article 33(3)(c) of105 KB (16,833 words) - 13:48, 15 November 2021
- Datatilsynet (Norway) - 20/04401 (category Article 6(1) GDPR)implications. 5.3. Relevant practice related to the Personal Data Regulations § 4-3 - «factual need» According to the Personal Data Regulations § 4-3, credit assessment40 KB (5,988 words) - 19:04, 5 March 2022
- NAIH (Hungary) - NAIH-1855-4/2022 (category Article 5(2) GDPR)concerned the nature of the data protection incident, and at least Article 33(3)(b), (c) and (d) must be disclosed information and measures mentioned in50 KB (7,405 words) - 13:58, 28 November 2022
- FG Berlin-Brandenburg - 16 K 2059/21 (category Article 15(3) GDPR)that Article 15(1) and 15(3) GDPR do not contain two independent rights but a single right. Therefore, according to the court, Article 15(3) GDPR only117 KB (19,778 words) - 14:27, 13 April 2022
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)data, recorded in copies Article 6 (1) of the GDPR and, in the case of health data, Article 9 of the GDPR. Article 1 (1); (3) did not provide clear and72 KB (11,159 words) - 10:09, 17 November 2023
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)is maintained under Article 6.1 b) to f) of the GDPR and therefore in Article 6.1.c) invoked in the species. Article 6.1 of the GDPR in fact reproduces73 KB (11,238 words) - 16:59, 12 December 2023
- BVwG - W298 2269087-1 (category Article 83 GDPR)according to Article 9, paragraph 2, GDPR. The administrative violation would affect Article 5, paragraph one, letters a, b and c and Article 9, paragraph52 KB (8,464 words) - 11:50, 26 July 2023
- Garante per la protezione dei dati personali (Italy) - 9917728 (category Article 5(1)(c) GDPR)The DPA found violations of Articles 5(1)(a)(c)(f), 9, 25(1)(2) and issued a fine of 25,000 euros under Article 83. An advertising billboard depicted a first60 KB (9,523 words) - 08:00, 23 August 2023
- Garante per la protezione dei dati personali (Italy) - 9861356 (category Article 33 GDPR)Hospital notified the Italian DPA of a personal data breach pursuant to Article 33 GDPR. The hospital accidentally sent to all the patients involved in a clinical59 KB (9,485 words) - 13:30, 29 March 2023
- AEPD (Spain) - PS/00070/2019 (category Article 13(1)(c) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- APD/GBA (Belgium) - 99/2023 (category Article 5(1)(c) GDPR)the principles of lawfulness (article 6.1. of the GDPR) and minimization (article 5.1.c) of the GDPR) enshrined in the GDPR. 2. On May 25, 2023, the complainant33 KB (5,012 words) - 14:07, 26 July 2023
- AEPD (Spain) - EXP202213323 (category Article 5(1)(c) GDPR)Violation of article 35 of the GDPR................................................ ...................36 8.2. Violation of article 9 of the GDPR.........176 KB (27,432 words) - 07:43, 10 May 2024
- Personvernnemnda (Norway) - 2021-09 & PVN-2021-15 (20/01790) (category Article 5(1)(a) GDPR)the footage (3 seconds), that it did not show any faces or the theft itself, did not concern any personal data as per Article 9 GDPR or Article 10 and was40 KB (6,549 words) - 18:49, 5 March 2022
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)disregarded the provisions of Article 5-1 e) of the GDPR. C. On the breach of the obligation to inform people 65. Article 13 of the GDPR requires the data controller61 KB (10,028 words) - 17:09, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 4 GDPR)accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently144 KB (23,155 words) - 15:46, 6 December 2023
- OLG Köln - 6 U 58/23 (category Article 44 GDPR)adequacy decision in accordance with Article 45 Para. 3 GDPR nor appropriate guarantees in accordance with Article 46 GDPR is only permitted if it is necessary118 KB (19,824 words) - 10:49, 6 February 2024
- ANSPDCP (Romania) - 13.11.2023 (category Article 32(1)(b) GDPR)and 3 January 2022, Rompetrol Downstream SRL (the controller) notified the Romanian DPA of several data breaches, in accordance with Article 33 GDPR. Following6 KB (726 words) - 13:57, 22 November 2023
- ICO - Monetary Penalty on Marriott International Inc. (category Article 5(1)(f) GDPR)importance of monitoring to detecting 3 See,for exampleMarriott’s SecRepresentationparas2.2(b)-(c3.1(b)3.8-3.13and 3.25-3.29. ee 29 or responding to attacks241 KB (31,368 words) - 09:59, 9 May 2022
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)national court (Article 267 TFEU and C-567/20, EU: C:2022:352, paragraph 45 and case-law cited there). Question 1: Does Article 5(1)(b) GDPR allow a controller49 KB (7,800 words) - 09:22, 5 January 2024
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)arising from Article 15 of the GDPR. 3. On the breach relating to the obligation to respect the right of opposition (article 21 of the GDPR) 45. The rapporteur48 KB (7,525 words) - 17:02, 6 December 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 6(1)(c) GDPR)reasons, article 780, 3° of the Judicial Code, article 149 of the Constitution and article 6 of the ECHR - the pleas not explicitly stated. 17.3.3. The Procurement83 KB (13,694 words) - 09:53, 14 December 2023
- EWHC (UK) - Johnson v Eastlight Community Homes Ltd (category Article 82 GDPR)principles to the GDPR; (b) The effect (if any) of the remaining claims Article 5(1)(f) GDPR (the data security principle), the Article 8 claim and46 KB (7,676 words) - 10:45, 7 December 2021
- DSB (Austria) - 2022-0.083.310 (category Article 6(1)(c) GDPR)to Article 5 (1) (a) GDPR. In addition, there is a violation of the principle of data minimization pursuant to Article 5 Paragraph 1 Letter c GDPR. The52 KB (8,272 words) - 16:33, 18 January 2024
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- GHDHA - 200.290.360-01 (category Article 12(3) GDPR)legislative measure that serves one of the objectives listed in Article 23, namely Article 23(1)(i) GDPR. After all, the Court of first instance notes, “compliance35 KB (5,770 words) - 07:13, 4 April 2022
- Garante per la protezione dei dati personali (Italy) - 9791886 (category Article 35 GDPR)consultation. of the Guarantor pursuant to article 36 of the Regulation "(article 110 of the Code, article 9, paragraph 2, letter j) and par. 4 of the97 KB (15,437 words) - 11:27, 16 August 2022
- VG Cottbus - VG 4 K 1191/19 (category Article 6(1)(c) GDPR)is done using a water meter and its readout. Article 12(5) GDPR in conjunction with Article 18(1)(d) GDPR does not prevent the charging of an administrative75 KB (12,396 words) - 12:11, 30 March 2022
- BGH - VI ZB 39/18 (category Article 6(1)(c) GDPR)“legal obligation” or “public interest” according to Article 6(1)(c) GDPR and Article 6(1)(e) GDPR. Share your comment here! Share blogs or news articles53 KB (8,894 words) - 15:56, 22 March 2022
- Garante per la protezione dei dati personali (Italy) - 9685947 (category Article 28 GDPR)therefore lack the implementation of such adequate safeguards and violate Article 32 GDPR. In this regard, the controller has not received any communications115 KB (18,595 words) - 11:30, 16 August 2022
- Council of State - 253.677 (category Article 9 GDPR)(CSC N° 1/013/2020) is ordered. Article 3. The immediate execution of this judgment is ordered. Article 4. Exhibits A, B, C, D and the unredacted version85 KB (13,820 words) - 09:28, 2 March 2023
- NAIH (Hungary) - NAIH – 6427-1/2023 (category Article 5(1)(b) GDPR)were in violation of Article 5(1)(e) GDPR and Article 32 GDPR, but the DPA dismissed its previous finding of the Article 5(1)(b) GDPR violation. The DPA87 KB (14,360 words) - 08:30, 27 September 2023
- Datatilsynet (Norway) - 20/01893 (category Article 5(1)(c) GDPR)receiving disability pension, in breach of Article 5(1)(c), Article 5(1)(e), Article 6(1), and Article 9(2) GDPR. The Norwegian Public Service Pension Fund40 KB (5,895 words) - 15:30, 12 January 2022
- VG Wiesbaden - 6 L 738/21.WI (category Article 4(7) GDPR)so Article 48 GDPR does not apply. Moreover, the Court considered that none of the conditions referred to in Article 49(1) and Article 49(2) GDPR is fulfilled35 KB (5,925 words) - 09:07, 22 December 2021
- ICO (UK) - The Central Young Men’s Christian Association (category Article 5(1)(f) GDPR)the UK GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the UK GDPR. Article 5(2)54 KB (7,579 words) - 16:44, 7 May 2024
- GHARL - 21/00910 (category Article 6(1)(c) GDPR)minimization principle (Article 5(1)(c) GDPR), since the processing was based on a legal obligation pursuant to Article 6(1)(c) GDPR. Share your comments23 KB (3,625 words) - 15:11, 3 August 2022
- CNIL (France) - SAN-2020-056 (category Article 5(1)(d) GDPR)compliance with the data minimisation principle laid down in Article 5(1)(c) of the GDPR. 33. In addition, personal data concerning health will be processed43 KB (6,847 words) - 17:11, 6 December 2023
- LG Augsburg - 022 O 2669/22 (category Article 5(1)(f) GDPR)under Article 33 of the GDPR. (No. 37) (editorial principle) 3. Non-material damage that can be compensated for under Article 82 (1) of the GDPR must at26 KB (4,101 words) - 10:24, 13 March 2024
- APD/GBA (Belgium) - 19/2020 (category Article 5(1)(b) GDPR)1 f) GDPR) (and the obligations arising from it – Article 32 GDPR) and the principle of purpose (Article 5 § 1 b) GDPR) which the principle of security39 KB (6,246 words) - 16:55, 12 December 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)controller €3,940,000 for the violation of Article 5(1)(f) GDPR and Article 5(2) GDPR. The AEPD considered that the fine was proportional, since the GDPR establishes270 KB (43,335 words) - 12:39, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 35FR/2021 (category Article 5(1)(c) GDPR)information obligation set out in Article 13 GDPR and in breach of the principle of data minimisation set out in Article 5(1)(c) GDPR. The CNPD carried out an audit81 KB (11,748 words) - 10:59, 17 November 2021
- CNIL (France) - SAN-2023-082 (category Article 5(2) GDPR)obligations in accordance with Article 26 of the GDPR. 1.3. Processing of personal data included in the scope of this methodology 1.3.1. Only processing of personal46 KB (7,106 words) - 17:06, 6 December 2023
- APD/GBA (Belgium) - 136/2023 (category Article 38(3) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 5(1)(e) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- Garante per la protezione dei dati personali (Italy) - 9826417 (category Article 4(11) GDPR)withdrawal (Article 83, paragraph 2, letter c) of the Regulation); 4) as a mitigating factor to be taken into consideration when setting the fine (Article 83,90 KB (14,621 words) - 09:55, 7 December 2022
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)general data protectionArticle 5 (1) (a), Article 5 (2), Article 12 (1) and (4) ofArticle 14, Article 15 and Article 21 (4).1.3. The Authority condemns192 KB (30,170 words) - 10:11, 17 November 2023
- ICO (UK) - Emailmovers Limited (category Article 4(7) GDPR)of section 3 of the European Union (Withdrawal) Act 2018 ("UK GDPR"). 2. This notice explains the Commissioner's reasons for that opinion. 3. A Preliminary29 KB (4,150 words) - 12:48, 3 August 2021
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)made to the GDPR, it follows that the "consent" provided for in Article 5, paragraph 3, of the "ePrivacy" directive as transposed in article 82 of the "Informatique82 KB (13,428 words) - 17:02, 6 December 2023
- VwGH - Ro 2019/04/0229 (category Article 4(7) GDPR)30 DSG with Article 83 GDPR, to the CJEU for a preliminary ruling under Article 267 TFEU. This case law has a wide-ranging impact on GDPR-fines in Austria59 KB (8,848 words) - 12:41, 16 September 2021
- WSA Warszawa - II SA/Wa 607/20 (category Article 21(3) GDPR)it and the applicants, i.e. on the basis of Article 6(1)(b) GDPR. However, pursuant to Article 17(3)(e) GDPR, the right to request from the controller the47 KB (7,617 words) - 09:33, 26 November 2021
- APD/GBA (Belgium) - 115/2023 (category Article 35 GDPR)read Article 35 GDPR in line with Article 77 GDPR. The DPA interpreted the right to lodge a complaint with a supervisory authority under Article 77 GDPR20 KB (2,909 words) - 06:45, 14 September 2023
- FG Berlin-Brandenburg - 16 K 5148/20 (category Article 15(3) GDPR)interpretation of the GDPR. Second, the court argued with the drafting history of the GDPR which connects Article 15(3) GDPR to Article 20(1) GDPR, showing that45 KB (7,420 words) - 18:15, 12 March 2024
- VerfGH Saarland - VerfGH Lv 15/20 (category Article 6(1)(c) GDPR)basis of consent, Article 6 (1) (a) GDPR. In particular, Article 6 (1) (c) (legal obligation of the controller and Article 6 (1) (e) GDPR (public interest)66 KB (10,700 words) - 14:15, 20 September 2021
- OGH - 6 Ob 217/19h (category Article 82 GDPR)been changed. § 33 DSG 2000 contained a clear reversal of the burden of proof (only) for fault. § Article 33.3 of the DSG 2000 read "(3) The client may24 KB (3,888 words) - 13:22, 8 September 2021
- Garante per la protezione dei dati personali (Italy) - 9762945 (category Article 5(1)(a) GDPR)5(1)(a) and 5(1)(f) GDPR, as well as Article 9 GDPR related to the processing of special categories of personal data, and Article 32 GDPR on the security of32 KB (5,041 words) - 18:17, 26 April 2022
- Garante per la protezione dei dati personali (Italy) - 9991183 (category Article 5(1)(a) GDPR)the company. Lastly, The DPA found a breach of Article 5(1)(a) GDPR and Article 12 GDPR and Article 13 GDPR regarding the sharing of patient clinical data96 KB (15,258 words) - 16:36, 19 March 2024
- BAG - 2 AZR 296/22 (category Article 17(3)(e) GDPR)2019 - C-136/17 - [GC et al.] Rn. 57; Baker in Kühling/Buchner GDPR 3rd edition Art. 13 Rn. 68). Even if Article 17 Paragraph 3 Letter e of the GDPR did not49 KB (8,060 words) - 13:00, 5 September 2023
- Garante per la protezione dei dati personali (Italy) - 9747505 (category Article 5(1)(e) GDPR)selection process, taking the storage limitation principle under Article 5(1)(e) GDPR into consideration. A data subject had entered a public competition23 KB (3,581 words) - 17:29, 9 March 2022
- APD/GBA (Belgium) - 14/2023 (category Article 58(2)(c) GDPR)termination. Article 5(1)(c) was therefore also violated. The DPA concluded that Article 5(1)(a), 5(1)(c) and 6(1) were violated and pursuant Article 58(2)(c) ,33 KB (4,897 words) - 14:05, 1 March 2023
- Garante per la protezione dei dati personali (Italy) - 9980617 (category Article 5(1)(f) GDPR)defined in Article 4(15) GDPR. For the reasons stated above, the DPA found the controller in violation of Article 5 GDPR, Article 9 GDPR and Article 32 GDPR105 KB (17,072 words) - 13:27, 28 February 2024
- VwGH - 2021/04/0030-4 (category Article 5 GDPR)access under Article 15 GDPR and for violating the principles of data minimisation (Article 5(1)(c) GDPR), confidentiality (Article 5(1)(f) GDPR) and the controller’s92 KB (15,327 words) - 08:27, 10 May 2024
- APD/GBA (Belgium) - 105/2022 (category Article 55(3) GDPR)notion of personal data as defined in Article 4.1) GDPR, which are processed within the meaning of Article 2. 1 GDPR. Not just any whole or in part automated44 KB (6,420 words) - 11:00, 6 July 2022
- AG Pfaffenhofen a. d. Ilm - 2 C 133/21 (category Article 6(1)(a) GDPR)violated Article 14 and Article 15 GDPR, since the controller did not give exact information where they had obtained the email-address from (Article 14(2)(f)28 KB (4,447 words) - 16:37, 13 January 2022
- OLG Stuttgart - 2 U 257/19 (category Article 13 GDPR)are present (Article 13 paragraph 1 lit. a (2nd alternative), lit. b, d, e, f, Article 13 paragraph 2 lit. c, f and Article 13 paragraph 3). Since nothing52 KB (8,574 words) - 16:03, 10 March 2022
- BVwG - W252 2246581-1/6E (category Article 15(1)(h) GDPR)pursuant to Article 22 GDPR, but only 'light profiling' under Article 4(4) GDPR. Therefore, the controller claimed that Article 15(1)(h) GDPR did not apply31 KB (4,838 words) - 09:11, 30 August 2023
- APD/GBA (Belgium) - 73/2020 (category Article 5 GDPR)plain. The word "concise" in Article 12(1) GDPR, however, does not mean incomplete, all mandatory information from Article 13 GDPR must still be included. The93 KB (14,040 words) - 17:00, 12 December 2023
- Datatilsynet (Norway) - 18/04147 (category Article 5(1)(c) GDPR)violating Article 5(1) GDPR, Article 17(1)(a), Article 17(1)(d) and Article 25(1), cf. Article 5(1)(c), Article 5(1)(d), Article 5(1)(e) and Article 5(1)(f)47 KB (7,575 words) - 11:35, 18 November 2023
- OLG Köln - 15 U 108/23 (category Article 82 GDPR)European Court of Justice in the pending cases C-189/22, C-741/21, C-687/21, C-667/21, C-340 /21 and C-307/22. 24With regard to the parties' further submissions81 KB (13,415 words) - 09:47, 15 February 2024
- LG Hannover - 13 O 129/21 (category Article 82(3) GDPR)sense of Article 82(1) GDPR, because the controller unlawfully disclosed the data to its customers. The court also held that under Article 82 GDPR the violation28 KB (4,506 words) - 11:20, 4 November 2022
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)purpose constituted a breach of Article 5(1)(e) GDPR. Secondly, the CNIL indicated that the controller breached Article 13 GDPR by failing to include the right56 KB (8,757 words) - 14:12, 28 February 2024
- APD/GBA (Belgium) - 16/2023 (category Article 5(2) GDPR)violation of Article 5, paragraph 1, a) and Article 6, paragraph 1 of the GDPR; - With regard to defendant 2: to dismiss, pursuant to article 95, §1, 3° of the27 KB (3,881 words) - 14:40, 14 March 2023
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)provided for in Article 9 of the GDPR or Article 51 of the ZZLD. 30 Under Article 27 of the ZMVR, data recorded by the police pursuant to Article 68 of that110 KB (18,000 words) - 08:01, 5 June 2023
- APD/GBA (Belgium) - 49/2023 (category Article 6(1)(e) GDPR)scope of Article 9(1) GDPR. Since Article 9 GDPR was not applicable, the DPA examined the lawfulness of the processing under Article 6(1)(e) GDPR which was57 KB (8,705 words) - 11:48, 16 May 2023
- Commissioner (Cyprus) - 1.17.001.007.270 (category Article 5(1)(a) GDPR)rescission of X's membership, AAEA had violated Article 5(1)(a) GDPR, Article 6(1) GDPR and Article 9(1) GDPR. The Commissioner therefore decided to impose64 KB (10,097 words) - 08:07, 27 October 2021
- CNPD (Luxembourg) - Délibération n°13FR/2021 (category Article 12 GDPR)processing and right to data portability; c) where the processing is based on Article 6 (1) (a) or on Article 9, paragraph 2 (a), the existence of the right30 KB (4,164 words) - 11:12, 16 June 2021
- Datatilsynet (Norway) - 18/02140 (category Article 5(1)(f) GDPR)to enable two-factor authentication in their systems, cf. Article 5(1)(f) GDPR, cf. Article 32(1)(b). Second, the DPA fined the municipality about €15854 KB (8,041 words) - 12:50, 26 January 2022
- CNIL (France) - SAN-2022-024 (category Article 3 GDPR)offer services to data subjects in the EU (Article 3(2)(a) GDPR). The DPA concluded that Article 3(2)(b) GDPR was also not applicable. The DPA mentioned30 KB (4,714 words) - 10:34, 4 January 2023
- APD/GBA (Belgium) - 15/2023 (category Article 7(3) GDPR)(1) and Article 25 (1) of the GDPR; c. infringement of Article 30(1),(3) and (4) of the GDPR; and d. violation of Article 38(1) and (3) and Article 39 of105 KB (15,883 words) - 15:05, 8 March 2023
- AEPD (Spain) - PS/00245/2019 (category Article 5(1)(a) GDPR)Articles 5(1)(a) GDPR and 13 GDPR. On the other hand, they disagreed with the infringement of Article 5(1)(a) GDPR in relation to Article 9(1) GDPR with regard116 KB (18,941 words) - 14:21, 13 December 2023
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)are subject to the GDPR pursuant to Article 3(2)(a) of this Regulation. B. On the competence of the CNIL 22. Article 55(1) of the GDPR provides that "each59 KB (9,566 words) - 17:03, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9991020 (category Article 5(1)(f) GDPR)pursuant to Article 77 GDPR. The DPA did not consider the processor’s actions in determining that the controller violated Article 5(1)(f) and Article 32 GDPR62 KB (9,678 words) - 10:45, 13 March 2024
- CJEU - C-768/21 - TR v Land Hessen (category Article 57(1) GDPR)accordance with Article 8(3) of the Charter and Article 51(1) and 57(1)(a) GDPR, national DPAs are responsible for monitoring compliance with the GDPR (§35 of9 KB (1,244 words) - 13:31, 23 April 2024