Search results
From GDPRhub
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- Article 42 GDPR (category GDPR Articles) (section (7-8) What processing operations can be certified under the GDPR)to Article 35(7)(d) GDPR has been conducted, if applicable; and the technical and organizational measures put in place pursuant to Article 32 GDPR. However27 KB (2,452 words) - 14:26, 28 July 2023
- Article 36 GDPR (category GDPR Articles)See, Article 35(7)(a) GDPR. Furthermore, the DPO will need to act as contact point throughout the consultation process. See Article 39(1)(e) GDPR. With31 KB (3,646 words) - 08:51, 21 July 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 35(7) GDPR)in line with the GDPR. Further, the DPA held that the new documentation is not in line with Article 35(1) and 35(7), as well as Article 36(1). Thus, the117 KB (18,075 words) - 10:19, 12 September 2022
- HDPA (Greece) - 4/2022 (category Article 35(7) GDPR)under Article 35(7) GDPR, for not complying with the principle of transparency under Article 5(1) GDPR and for not anonymising the data under Article 25(1)11 KB (1,274 words) - 10:37, 23 February 2022
- DSB (Austria) - 2021-0.024.862 (category Article 35(7)(d) GDPR)that Article 36(1) GDPR provides for a duty to consult if two conditions are met. First, a data protection impact assessment under Article 35 GDPR must38 KB (5,821 words) - 13:39, 12 May 2023
- APD/GBA (Belgium) - 24/2021 (category Article 35(7) GDPR)especially: 1) Violation of article 4.11 GDPR read in conjunction with article 6.1 a) GDPR as well Articles 7.1 and 7.3 GDPR: the Inspection Service determines110 KB (18,238 words) - 16:56, 12 December 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 35(7) GDPR)carried out before (Article 35(1) of the GDPR) and was not carried out in a manner that complied with the criteria of Article 35(7), which considerably83 KB (13,694 words) - 09:53, 14 December 2023
- Persónuvernd (Island) - 2022020363 (category Article 35(7) GDPR)and thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing142 KB (22,881 words) - 12:42, 16 January 2024
- NIQB - Williams, Re Application for Judicial Review (2022) NIQB 12 (category Article 35(7) GDPR)United Kingdom Relevant Law: Article 5(1)(a) GDPR Article 6(1)(f) GDPR Article 9(2) GDPR Article 35(3) GDPR Article 35(7) GDPR Section 8 Data Protection Act3 KB (214 words) - 12:26, 2 March 2022
- APD/GBA (Belgium) - 48/2022 (category Article 35(7)(b) GDPR) (section 2. The legal basis (Articles 6 and 9 GDPR))13(2)(e), 35(1), 35(3) and 35(7)(b) GDPR. It also fined the medical service €20,000 for violation of Articles 5(1)(c), 6(1)(e), 9(2)(g), 35(3) and 35(7)(b) GDPR7 KB (874 words) - 16:47, 6 April 2022
- AP (The Netherlands) - Decision of 18 December 2023 (category Article 35(7) GDPR)be equivalent to a DPIA under Article 35 GDPR. For this reason, the AP held that the controller violated Article 35(1) GDPR. In this, the AP considered it55 KB (8,007 words) - 09:50, 24 January 2024
- APD/GBA (Belgium) - 165/2023 (category Article 35(7) GDPR)Articles 32(1) and 32(2) GDPR. The DPA also identified a breach of Article 35(1), Article 35(2), Article 35(3) and Article 35(7) GDPR since, even though the67 KB (9,908 words) - 11:09, 10 January 2024
- Tietosuojavaltuutetun toimisto (Finland) - 1150/161/2021 (category Article 35(7) GDPR)2016/679 Article 25 (1), Article 32 (1) and (2), Article 33 (1) and (5), Article 34 (1), Article 35 (1) and (7), Article 35 (3) (b), Article 58 (2), Article153 KB (24,570 words) - 15:11, 26 March 2024
- APD/GBA (Belgium) - 47/2022 (category Article 35(7) GDPR) (section 7. Data protection by default and data minimisation)the meaning of Article 9 of the GDPR must indeed be based on Article 9.2 of the GDPR, read in conjunction with Article 6.1 of the GDPR. 24 This has been207 KB (31,357 words) - 14:21, 8 June 2022
- Articles 4(11), 6(1)(a), 7 and 8 GDPR. For the definition of 'consent', see the more commentary under Article 6(1)(a) GDPR and Article 7 GDPR. For the definition125 KB (16,328 words) - 16:01, 8 March 2024
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- of enforcing the GDPR in Spain. Its head office is in Madrid. The requirement to have a data protection authority stems from Article 44 of the Spanish4 KB (386 words) - 15:29, 3 September 2021
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- Article 25 GDPR (category GDPR Articles)affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- Article 32 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))consent under Article 7(3), object under Article 21 GDPR or if the processing is in fact compliant with the principles of Article 5(1) GDPR. Simply listing71 KB (9,532 words) - 13:30, 6 March 2024
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 38 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- Article 64 GDPR (category Article 64 GDPR)data protection impact assessment pursuant to Article 35(4); (b) concerns a matter pursuant to Article 40(7) whether a draft code of conduct or an amendment23 KB (2,079 words) - 16:07, 2 November 2023
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Article 5 GDPR (category GDPR Articles)consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 7 GDPR (category GDPR Articles)Regulation (GDPR), Article 7 GDPR, p. 350 (Oxford University Press 2020). Heckmann, Paschke, in Ehmann, Selmayr, Datenschutz-Grundverordnung, Article 7 GDPR, margin31 KB (3,489 words) - 16:00, 8 March 2024
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)controller (as defined under Article 4(7) GDPR) and a processor (as defined under Article 4(8) GDPR). As noted above, Article 79 GDPR imposes a two-stage cumulative31 KB (3,550 words) - 11:11, 29 November 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- Article 26 GDPR (category GDPR Articles)related decisions in Category:Article 26 GDPR Petri, in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 26 GDPR, margin number 12 (C.H. Beck37 KB (3,915 words) - 12:49, 24 May 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)contrast to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not32 KB (3,730 words) - 08:43, 7 March 2024
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 74 GDPR (category Article 74 GDPR)Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C.H. Beck15 KB (808 words) - 09:44, 17 October 2023
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- Article 52 GDPR (category GDPR Articles)this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- Article 54 GDPR (category GDPR Articles)enforcement of the GDPR. For more information regarding the establishment of SAs, please refer to Article 51(1) GDPR and Article 52 GDPR in this Commentary34 KB (3,649 words) - 13:19, 30 October 2023
- Article 88 GDPR (category Article 88 GDPR)opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 59 GDPR (category GDPR Articles)DS-GVO BDSG, Article 59 GDPR, margin number 4 (C.H. Beck 2020). Boehm, in Kühling, Buchner, DS-GVO BDSG, Article 59 GDPR, margin number 7 (C.H. Beck 202015 KB (718 words) - 15:31, 19 October 2023
- Article 97 GDPR (category Article 97 GDPR)recitals for Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out16 KB (778 words) - 08:24, 19 October 2023
- Article 43 GDPR (category GDPR Articles) (section (6-7) Criteria for certification to be made public)Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- Article 8 GDPR (category GDPR Articles)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 76 GDPR (category Article 76 GDPR)Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p.15 KB (787 words) - 08:17, 19 October 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 67 GDPR (category Article 67 GDPR)Commission (covering Articles 64 to 66 GDPR). For the purposes of the pilot project, the SAs referred to in Article 51 GDPR and the EDPB shall be considered15 KB (810 words) - 16:13, 2 November 2023
- Article 19 GDPR (category GDPR Articles)States. → See Article 23 GDPR. → You can find all related decisions in Category:Article 19 GDPR. The obligation to notify under Article 19 should not be19 KB (1,436 words) - 12:35, 12 May 2023
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- Article 66 GDPR (category Article 66 GDPR)month to a request for mutual assistance (Article 61(8) GDPR) or to a request of joint operations (Article 62(7) GDPR). On 12 July 2021, the EDPB adopted an20 KB (1,590 words) - 16:11, 2 November 2023
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- meaning of Article 4(7) and (8) GDPR can be liable for compensation. A claim for damages first requires an infringement of the GDPR. Article 82 GDPR does not33 KB (4,215 words) - 09:57, 19 March 2024
- and, as a rule, acknowledged electronically (Article 61(7) GDPR) and free of charge (Article 61(7) GDPR). Finally, where the requested activity is not24 KB (2,181 words) - 11:46, 15 January 2024
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Member State in relation to damage referred to in Article 62(4) GDPR. According to Article 62(7) GDPR, if the lead SA does not invite the SA to take part22 KB (1,915 words) - 13:46, 15 January 2024
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Category:Article 11 GDPR Georgieva, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 11 GDPR, p. 39520 KB (1,854 words) - 16:32, 8 March 2024
- Article 75 GDPR (category Article 75 GDPR)Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 69 GDPR (category Article 69 GDPR)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 68 GDPR (category Article 68 GDPR)decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 16 GDPR (category GDPR Articles)requirements of Article 5(1)(d) GDPR are not complied with. In such cases, there is no need to exercise the rights under Article 16 GDPR - but also no harm23 KB (2,489 words) - 23:24, 6 March 2024
- Article 90 GDPR (category Article 90 GDPR)Belisario, GDPR e normativa privacy – Commentario, Article 90 GDPR, p. 662 (Wolters Kluwer 2018). Piltz in Gola DS-GVO, Article 90 GDPR, margin numbers 6-7 (C18 KB (1,599 words) - 12:26, 29 April 2022
- Article 73 GDPR (category Article 73 GDPR)simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- Article 70 GDPR (category Article 70 GDPR)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)proportionate (Article 7 and 8 EU Charter of Fundamental Rights) and in compliance with Article 6(2) and (3) GDPR. According to Article 6(3) GDPR, the legal108 KB (17,005 words) - 15:39, 18 March 2024
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A19 KB (1,525 words) - 08:18, 19 October 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- Article 47 GDPR (category GDPR Articles)Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p29 KB (2,823 words) - 15:15, 28 April 2022
- Article 72 GDPR (category Article 72 GDPR)within the meaning of Article 72(1) GDPR. The GDPR does not contain detailed content requirements for the RoP. Article 74(2) GDPR only stipulates that the22 KB (2,266 words) - 08:26, 17 October 2023
- Article 2 GDPR (category GDPR Articles)elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- Article 34 GDPR (category GDPR Articles)meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- pursuant to Article 77 GDPR. Lastly, the NPO may file a legal remedy under Article 79 GDPR against a controller or processor regarding a GDPR infringement26 KB (2,575 words) - 15:50, 9 November 2023
- Article 1 GDPR (category GDPR Articles)limit the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- Article 30 GDPR (category GDPR Articles)requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 33 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 33 GDPR, p. 642-643 (Oxford University Press 2020). According to Bensoussan, the drafting of Article 33 GDPR drew inspiration54 KB (6,536 words) - 08:22, 16 June 2023
- Article 78 GDPR (category GDPR Articles)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- Article 22 GDPR (category GDPR Articles)and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)of conduct complies with the GDPR, as per Article 40(7) GDPR. According to the terminology of Articles 40(7) and 40(8) GDPR, the EDPB’s opinion should identify44 KB (5,008 words) - 14:50, 28 July 2023
- the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 6 (available here). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’37 KB (4,635 words) - 13:29, 24 October 2023
- Article 65 GDPR (category GDPR Articles)lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- Article 55 GDPR (category GDPR Articles)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 41 GDPR (category GDPR Articles)clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 53 GDPR (category GDPR Articles)the SAs' tasks, please refer to Article 57 GDPR and for their powers please refer to Article 58 GDPR. See Recital 122 GDPR. In this respect, reference should29 KB (2,894 words) - 23:06, 1 April 2024
- in Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 35 GDPR)of the four component parts of Article 35(7) is set out in turn below, ie Articles 35(7)(a), 35(7)(b), 35(7)(c) and 35(7)(d). 89. Before identifying the129 KB (17,281 words) - 14:57, 10 April 2024
- Article 49 GDPR (category GDPR Articles)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- Article 89 GDPR (category Article 89 GDPR)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Overview of GDPR (section Article 7 CFR)of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- Article 20 GDPR (category GDPR Articles)consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- AEPD (Spain) - EXP202202960 (category Article 35 GDPR)violation of Article 35 of the GDPR, Article 32 of the GDPR and Article 13 of the GDPR, typified in Articles 83.5 of the RGPD and Article 83.4 of the RGPD149 KB (22,597 words) - 12:34, 3 April 2024
- AEPD (Spain) - EXP202213792 (category Article 35 GDPR)finding likely violations of Article 5(1)(c), 8, 9, 13 and 35 GDPR. The AEPD found a likely violation of Article 35 GDPR. Article 35 GPDR requires that a data178 KB (27,656 words) - 12:28, 7 May 2024
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 35(1) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- dsb.gv.at/dam/jcr:ee7b155a-0a1f-4d00-98e9-902314c7022d/Datenschutzbericht%202022.pdf Report: Europe’s governments are failing the GDPR by Brave, page 6 -11 KB (1,468 words) - 13:27, 14 May 2023
- BVwG - W258 2217446-1 (category Article 35 GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO,79 KB (12,652 words) - 09:41, 10 September 2021
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 28(7) GDPR)controller €400,000 pursuant of Article 83(4)(a) GDPR for the failure to conduct a DPIA in violation with Articles 35(1), 35(2), and 35(3)(b). The DPA stated that163 KB (27,222 words) - 16:54, 6 December 2023
- entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 651 KB (8,215 words) - 09:55, 13 May 2022
- APD/GBA (Belgium) - 31/2020 (category Article 35 GDPR)requirement for a DPIA under Article 35 GDPR: The Belgian DPA was satisfied that there was no infringement of Article 35 GDPR, and subsequently no obligation48 KB (7,926 words) - 16:56, 12 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)that a controller is allowed to reject a request to access under Article 12(5)(b) GDPR as "excessive" if the request's sole purpose is to verify the validity40 KB (6,325 words) - 16:12, 18 May 2022
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)processed on the basis of Article 6(1)(c) GDPR does not have the rights to erasure and objection contained in Article 17 and Article 21 GDPR respectively. This29 KB (4,605 words) - 17:00, 15 December 2021
- APD/GBA (Belgium) - 21/2022 (category Article 35 GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))violated Article 30(1) GDPR, as it should have kept more detailed records of processing activities. Data protection impact assessment - Article 35 GDPR The429 KB (58,279 words) - 09:12, 2 November 2022
- HDPA (Greece) - 50/2021 (category Article 35(9) GDPR)information in accordance with Article 13 GDPR. In addition, the HDPA found that the Ministry violated the obligation of Article 35(9) GDPR in relation to the expression5 KB (548 words) - 09:23, 12 October 2022
- CNPD (Portugal) - Deliberação 2021/1569 (category Article 83(7) GDPR)under Article 5 (1)(e)GDPR, the duty to provide information under Article 13 GDPR, and the obligation to carry out a DPIA under Article 35(3)(b) GDPR. The11 KB (1,491 words) - 16:54, 6 December 2023
- Rb. Rotterdam - C/10/576074/HA RK 19-694 (category Article 15(3) GDPR)the documents or files containing their personal data under Article 15(3) GDPR and Article 12 of the ePrivacy Directive. However, there is a right to a15 KB (2,504 words) - 16:27, 10 March 2022
- AKI (Estonia) - 2.1-3/20/347 (category Article 15(1) GDPR)the basis of § 35 (1) 9) of the PSA, but in refusing to comply with a request for information, § 35 (1) 5 ) and Point 10 of because § 35 section 1 subsection26 KB (4,193 words) - 10:30, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8393/161/2019 (category Article 35 GDPR)with Article 5 (1) (a) and Article 6 (1) (f) GDPR. Thus, the controller failed to comply with the accountability principle under Article 5 (2) GDPR. Second111 KB (17,604 words) - 13:08, 3 March 2024
- Datatilsynet (Norway) - 20/02147 (category Article 35 GDPR)the lack of security routines, thus breaching Article 32(1)(b) cf. Article 5 GDPR, Article 35 and Article 24(1), respectively. Teachers at two junior high24 KB (3,591 words) - 18:57, 5 March 2022
- APD/GBA (Belgium) - 42/2020 (category Article 4(7) GDPR)basis as provided in Article 6.1. GDPR. The Disputes Chamber will determine that the defendants rightly invoke Article 6.1. f) GDPR 7, since the verdict30 KB (4,871 words) - 16:58, 12 December 2023
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 7(4) GDPR)time tracking system, due to a lack of compatibility with Article 7(4) and Article 35(9) of GDPR. KEO PLC decided to upgrade its ERP system, whose upgrade56 KB (8,913 words) - 16:52, 6 December 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)assessment against the GDPR A. Identification of the controllers involved (Article 4.7 GDPR) 24. In accordance with Article 4.7 GDPR, it must be the controller82 KB (13,250 words) - 16:57, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861249 (category Article 35 GDPR)should have applied Article 35 GDPR. In light of the above, the Italian DPA used its corrective powers under Article 58(2)(c) and 83 GDPR and fined the controller87 KB (14,104 words) - 15:45, 6 December 2023
- AP (The Netherlands) - 7.04.2022 (category Article 35(2) GDPR)(possible) fraud. This resulted in a breach of Article 5(1)(a) GDPR and Article 6(1) GDPR in conjunction with Article 8 of the Dutch Personal Data Protection49 KB (7,201 words) - 17:06, 12 December 2023
- CJEU - C-683/21 - Nacionalinis visuomenės sveikatos centras (category Article 4(7) GDPR)asked whether the joint control of data in accordance with Article 4(7) and Article 26(1) GDPR must be interpreted 'exclusively' as involving deliberately9 KB (1,234 words) - 12:48, 25 January 2024
- HDPA (Greece) - 20/2020 (category Article 2(2)(a) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/35/2022 (category Article 5(1)(a) GDPR)a violation of Article 5(1)(b) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Generally, a controller20 KB (2,859 words) - 13:11, 13 March 2024
- BVwG - W258 2227269-1/14E (category Article 4(7) GDPR)violating Article 5(1) GDPR Article 6 (1) GDPR Article 6(4) GDPR Article 9 GDPR Article 14 GDPR Article 30 GDPR Article 35 GDPR and Article 36 GDPR. The fine47 KB (7,345 words) - 09:41, 10 September 2021
- Gerechtshof Amsterdam - 200.251.466/01 (category Article 21 GDPR)request under Article 21 GDPR can be made at any time and several times. It also found that a provisional measure can be granted under Article 21 GDPR if an urgent19 KB (3,021 words) - 15:48, 15 March 2022
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 12(5) GDPR)respecting the time limits as set out to in Article 12(5) of the GDPR and Article 35(2) of the Dutch GDPR Implementation Act? According to the court, the34 KB (5,811 words) - 09:44, 8 December 2020
- Garante per la protezione dei dati personali (Italy) - 9685922 (category Article 35 GDPR)processing carried out is in violation of Article 5(1)(f) GDPR, Article 25(1) GDPR, Article 32 GDPR and Article 35 GDPR. Especially, the controller cannot exclude119 KB (19,123 words) - 11:29, 16 August 2022
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)not completely determined by it. This already follows from Article 1.3, Article 20.3 and Article 93.1 No. 4a of the Basic Law. According to these, the commitment133 KB (21,944 words) - 15:59, 22 March 2022
- AEPD (Spain) - PS/00029/2020 (category Article 35(3)(b) GDPR)required by Article 35(3)(b). The AEPD also held that there had a been a violation of Article 32 because of a failure to comply with GDPR security measure44 KB (6,943 words) - 13:49, 13 December 2023
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9529527 (category Article 35 GDPR)several violations of the GDPR. Firstly, the USL had not documented its processing activities as required by Article 30 GDPR, despite the two years between55 KB (8,833 words) - 15:54, 6 December 2023
- Datatilsynet (Denmark) - 2020-432-0034 (category Article 35 GDPR)has taken place in accordance with Article 5 (1) of the Data Protection Regulation. Article 32 (1) (f) and Article 35. Below is a more detailed review of40 KB (6,369 words) - 16:39, 6 December 2023
- Gerechtshof Amsterdam - 200.258.736/01 (category Article 15 GDPR)pursuant to Section 35 of the Wbp (old). In this letter the following was written, insofar as relevant: "On the basis of Article 35 of the Personal Data41 KB (7,150 words) - 12:30, 4 October 2021
- APD/GBA (Belgium) - 82/2020 (category Article 35 GDPR)authentication via a third service provider cannot constitute a breach of Article 6 of the GDPR when it implies that the personal data of the data subjects are not124 KB (18,772 words) - 17:01, 12 December 2023
- Court of Appeal of Brussels - 2022/AR/292 (category Article 35 GDPR)companies that use the TC-string? (Article 4(1) GDPR) 2) a) Is IAB a (joint) controller (Article 4(7) GDPR and Article 24(1) GDPR)? b) Does it matter whether6 KB (675 words) - 09:55, 14 December 2023
- CNIL (France) - MED-2020-015 (category Article 35 GDPR)not fully meet the requirements of Article 35 of the RGPD. These facts constitute a failure to comply with Article 35 of the RGPD. 2. Failure to comply33 KB (5,322 words) - 17:08, 6 December 2023
- HDPA (Greece) - Opinion 2/2020 (category Article 35(1) GDPR)of Article 6(1)(e) GDPR -public interest and exercise of official authority vested in it, which falls within the exception of Article 9(2)(j) GDPR. It33 KB (5,266 words) - 15:32, 6 December 2023
- a breach of Article 35.7.b of the AVG. In connection with the assessment of risks to the rights and freedoms of data subjects (Article 35.7.c of the AVG)206 KB (30,485 words) - 09:54, 14 December 2023
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)Pursuant to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not36 KB (5,810 words) - 13:09, 21 January 2022
- Rb. Limburg - C/03/278775 / HA RK 20-119 (category Article 35 GDPR)subject may, if necessary, ask the court for an effective remedy (Article 79 GDPR and Article 35 UAVG). The court assesses whether the controller has demonstrated16 KB (2,580 words) - 10:43, 23 September 2020
- IP - 0610-376/2020/35 (category Article 13(1) GDPR)pursuant to Article 54 of ZVOP-1, points (a), (d) and (f) of Article 58 (2) of the General Regulation, Articles 29 and 32 of the ZIN and Article 221 ZUP,110 KB (17,995 words) - 11:15, 22 April 2021
- Rb. Noord-Holland - C/15/311101 / HA RK 20-227 (category Article 17(1) GDPR)bases its request on Article 17 paragraph 1 AVG in conjunction with Article 35 paragraph 1 UAVG in conjunction with Articles 7.3.8 and 7.3.17 Youth Act. 422 KB (3,333 words) - 13:22, 2 June 2021
- Court of Appeal of Brussels - 2022/AR/1085 (category Article 52 GDPR)protection authorities handle processing with a "high risk" in the sense of Article 35 GDPR. 7. In the case, the Disputes Chamber has determined that the processing30 KB (4,204 words) - 09:54, 14 December 2023
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)compliant with Articles 5 and 6 GDPR. According to Article 6 GDPR, when a controller did not rely on consent (Article 6(1)(a) GDPR), its processing should be49 KB (7,800 words) - 09:22, 5 January 2024
- AEPD (Spain) - E/02666/2020 (category Article 35 GDPR)fulfilled the duty of information in accordance with GDPR. The Spanish DPA considered that Article 35 GDPR applies in this case and thus a DPIA is necessary24 KB (3,690 words) - 13:39, 13 December 2023
- Datatilsynet (Norway) - 20/01949 (category Article 5 GDPR)conducted a risk assessment as per Article 32(2) or a Data Protection Impact Assessment as per Article 35(1) cf. 35(7) cf. the DPA's list over processing49 KB (7,572 words) - 16:14, 6 December 2023
- CNIL (France) - SAN-2023-0076 (category Article 35 GDPR)instance, the controller sought to rely upon Article 6(1)(e) GDPR and Article 9(2)(j) GDPR. Article 6(1)(e) GDPR establishes a lawful basis for the processing19 KB (2,826 words) - 17:01, 6 December 2023
- Datatilsynet (Norway) - 20/02191 (category Article 5(1)(f) GDPR)processing special categories of data, cf. Article 32(1)(b) GDPR, Article 32(1)(d), Article 24 and Article 35, cf. Article 5. In May 2019, a municipality reported38 KB (5,967 words) - 11:48, 7 May 2022
- Recitals GDPR (section Recitals from the GDPR)data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the182 KB (24,065 words) - 13:40, 9 July 2021
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- CNIL (France) - SAN-2022-020 (category Article 35(1) GDPR)the provisions of Article 32 of the GDPR. I. On the failure to carry out a data protection impact assessment 74. Article 35(1) of the GDPR provides that 'where59 KB (9,566 words) - 17:03, 6 December 2023
- HDPA (Greece) - 35/2023 (category Article 4(12) GDPR)personal data by bank to the data subject's wife under Article 5 (1) (a) GDPR and Article 5 (1) (f) GDPR. An additional €50,000 was added for the violation52 KB (8,460 words) - 10:54, 10 January 2024
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.121 KB (13,722 words) - 15:16, 5 July 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)32(1) and (2), Article 34(1), Article 35(1) and Article 35(3). or Art. 37 Para. 1 lit. b and lit. c GDPR), however, this circumstance does not mean that158 KB (26,392 words) - 08:25, 7 June 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8314/182/20 (category Article 5 GDPR)bankruptcy 7/2017. The applicant considers that the bankruptcy never became final because the bankruptcy was revoked pursuant to Chapter 7, Section 1329 KB (4,701 words) - 13:03, 3 March 2024
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- Norges Høyesterett - 2021-2403-A (category Article 7 GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- APD/GBA (Belgium) - 149/2023 (category Article 7(3) GDPR)to in Article 5(1) LRN, under which the controller did not fall in. Therefore, the controller breached Article 5(1)(a) GDPR and Article 6(1) GDPR, in conjunction113 KB (17,325 words) - 08:50, 19 March 2024
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the131 KB (14,752 words) - 08:36, 5 July 2023
- DSB (Austria) - 2020-0.550.322 (category Article 4(2) GDPR)other legal basis for processing under Article 6 GDPR, the controller had violated Article 5(1)(a) and Article 6(1) GDPR. Taking into account the low income26 KB (4,098 words) - 13:51, 12 May 2023
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- APD/GBA (Belgium) - 22/2020 (category Article 5(1)(f) GDPR)provisions of Article 5.1 of the AVG, but concerns the entire AVG. 31. The aforementioned follows from the merger of Article 5.2 of the AVG and Article 24.1 of35 KB (5,526 words) - 16:56, 12 December 2023
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)refers to Article2,member2,pointd)AVG.35. For the sake of completeness, it can be noted that in accordance with Article 55 (3) GDPR and Article4, §2, first41 KB (6,354 words) - 16:59, 12 December 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- requested access to the processing of his personal data as referred to in article 35 of the Wbp. According to [Appellant under 1], his personal data were processed19 KB (3,135 words) - 12:38, 16 September 2021
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4680/182/18 (category Article 9 GDPR)according to Article 9(2)(a) GDPR. On the basis of the information gathered, the DPA held that the controller had violated Article 9 GDPR. As a result49 KB (7,496 words) - 14:44, 24 January 2024
- DSB (Austria) - 2020-0.743.659 (category Article 4(15) GDPR)requirements of Article 9 GDPR. In the DSB held that the processing violated Articles 5, 6 and 9 GDPR: Consent under Articles 6(1)(a), 7 and 9(2)(a) GDPR cannot50 KB (8,015 words) - 13:52, 12 May 2023
- Tietosuojavaltuutetun toimisto (Finland) - 918/154/2019 (category Article 17(1) GDPR)was outdated and was no longer of importance to society. Pursuant to Article 17(1) GDPR, the data subject had requested Google LLC (the controller) to remove26 KB (4,072 words) - 12:18, 27 March 2024
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(a) GDPR)of the GDPR in conjunction with Article 24, paragraph 1 of the GDPR. 46. Based on Article 7, §2, fifth paragraph of the Camera Act and Articles 7, 8 and43 KB (6,274 words) - 08:57, 29 June 2023
- AKI (Estonia) - 12.10.2023 (category Article 44 GDPR)Estonia. The Estonian DPA started an investigation in the context of Article 60 GDPR. The Estonian DPA found that the controller unlawfully transferred personal10 KB (1,381 words) - 10:27, 13 December 2023
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 7(1) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the113 KB (12,773 words) - 15:20, 6 December 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)(definition) Article 4.5 : Pseudonymization (definition) Article 4.6 : Filing system (definition) Article 4.7 : Controller (definition) Article 4.8 : Processor9 KB (1,251 words) - 12:15, 8 May 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)processing was therefore in breach of Article 5(1)(a) and Article 6(1)(c) of the GDPR. The DPA also ruled out Article 6(1)(f) on the grounds of domestic law:76 KB (11,147 words) - 16:58, 6 December 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- APD/GBA (Belgium) - 48/2021 (category Article 5(1)(a) GDPR)(listed in Article 57 of the GDPR) including that of dealing with complaints (article 57.1.f) of the GDPR) as well as a number of powers (article 58 of the43 KB (6,670 words) - 16:58, 12 December 2023
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant84 KB (12,933 words) - 16:46, 12 December 2023
- HDPA (Greece) - 11/2024 (category Article 17 GDPR)to object to the GDPR does not limit the grounds on which data subjects may request erasure pursuant to Article 17 para. 1 of the GDPR. The data subject36 KB (5,761 words) - 17:19, 22 April 2024
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 1885 KB (13,724 words) - 16:52, 12 December 2023
- the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European25 KB (3,812 words) - 10:03, 20 August 2021
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)subject relied on the GDPR to anonymise and redact deeds which were key to the proceedings, on the basis of Article 5(1)(c) GDPR (data minimisation). In103 KB (17,620 words) - 10:13, 29 November 2023
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)complaint lodged under Article 77 of the GDPR, or proceedings based on Article 78(1) of the GDPR, is not precluded by the GDPR or any other provision of59 KB (8,242 words) - 10:47, 17 March 2021
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed60 KB (9,144 words) - 16:17, 22 March 2022
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing of data relating31 KB (4,648 words) - 13:56, 12 May 2023
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 7 GDPR)operations . 45 35. Although according to Guidelines 2/2019 on Article 6(1)(b) GDPR , processing cannot be rendered lawful by Article 6(1)(b) GDPR “simply because289 KB (33,568 words) - 15:00, 1 February 2023
- personal data, which has been replaced by the RGPD. 44. According to Article 4(7) of the GDPR, the controller is "the natural or legal person, public authority73 KB (11,864 words) - 17:03, 6 December 2023
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(a) GDPR)been taken up again at Article 5.1(b) of the GDPR under the Principles for the Processing of Personal Data (Chapter II). 16. Article 5.1(b) of the GDMP provides35 KB (5,853 words) - 16:58, 12 December 2023
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)(articles 12 and 14 of the GDPR); A breach of his right of access (article 15 of the GDPR); A breach of Article 28 of the GDPR with regard to its status72 KB (11,389 words) - 08:59, 20 August 2021
- Court of Appeal of Brussels - 2022/AR/723 (category Article 5(1)(c) GDPR)21(2) and 21(4) GDPR. Moreover, the DPA held that the controller violated Article 5(1)(a), 5(1)(c), 5(2), 6(1), 12(2), 21(2) and 21(4) GDPR. The controller8 KB (919 words) - 09:54, 14 December 2023
- APD/GBA (Belgium) - 72/2020 (category Article 7(3) GDPR)juncto 7.3 of the RGPD; - that it is not necessary to pronounce one of the measures provided for in Article 100, §1 of the ACL. Pursuant to Article 108,34 KB (5,677 words) - 17:00, 12 December 2023
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)Profileing (definition) Article 4.5: Aliasing (definition) Article 4.6: Archiving system (definition) Article 4.7: Processor (definition) Article 4.8: Executor (definition)9 KB (1,168 words) - 15:30, 6 December 2023
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled27 KB (4,216 words) - 13:26, 8 January 2024
- BVwG - W211 2210458-1/10 (category Article 4(7) GDPR)principles laid down in Article 5 GDPR. A legal basis supporting the lawfulness of the data processing within the meaning of Article 6.1 GDPR was not apparent92 KB (15,435 words) - 16:00, 22 March 2022
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)relation to the requirements prescribed by Article 12.1 of the GDPR (transparency obligation) and by Article 13 of the GDPR (right to information). The Head of82 KB (11,472 words) - 16:58, 6 December 2023
- AEPD (Spain) - EXP202204530 (category Article 6(1) GDPR)regulated in article 6 of the GDPR. The assumptions that allow the processing of personal data to be considered lawful listed in article 6.1 of the GDPR: 1. Treatment26 KB (3,971 words) - 13:26, 13 December 2023
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 90. In addition, a controller102 KB (15,787 words) - 07:39, 6 September 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)conjunction with Article 56(5), read in conjunction with Article 56(6), read in conjunction with Article 56(7), read in conjunction with Article 56(8). in conjunction131 KB (22,429 words) - 16:57, 12 December 2023
- Personvernnemnda (Norway) - 2021-18 (20/02059) (category Article 5(1)(d) GDPR)around the processing of personal data subject to Article 10 GDPR. Pursuant to Article 6(1)(f) GDPR, the Privacy Appeals Board conducted a balancing test36 KB (5,859 words) - 06:40, 6 July 2022
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI and article 4 paragraph 1106 KB (14,502 words) - 17:09, 12 December 2023
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)lawfulness, the Litigation Chamber concludes that Article 5.1.a. of the GDPR in conjunction with Article 6 of the GDPR have not been complied with with regard to37 KB (5,765 words) - 09:53, 14 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "182 KB (13,463 words) - 17:03, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8211/161/19 (category Article 83(7) GDPR)this from happening, in violation with Article 24(1), Article 24(2), and Article 25(1) GDPR. According to Article 24(4) of the Finish Data Protection Act42 KB (6,579 words) - 08:46, 27 January 2022
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results73 KB (11,604 words) - 16:57, 12 December 2023
- DSB (Austria) - 2020-0.816.655 (category Article 3 GDPR)pursuant to Article 14 - and not the right to information pursuant to Article 15 of the GDPR as alleged by the respondent - was alleged. However, Article 14 (1)28 KB (4,230 words) - 13:53, 12 May 2023
- Garante per la protezione dei dati personali (Italy) - 9542071 (category Article 5(1)(a) GDPR)documents or to ask to be heard by the Authority (Article 166, paragraphs 6 and 7, of the Code; as well as Article 18, paragraph 1, of Law no. 689 of 24/11/1981)25 KB (3,961 words) - 15:54, 6 December 2023
- NAIH (Hungary) - NAIH/2020/5553 (category Article 12(3) GDPR)request under Article 15 and with the one month deadline under Article 12(3). Was Google Ireland Ltd in breach of its obligations under GDPR Article 15(1) and27 KB (4,279 words) - 10:12, 17 November 2023
- AEPD (Spain) - E/00113/2019 (category Article 4(11) GDPR)timetable" "B.- In accordance with Article 67 of the GDPR, the Inspectorate of the AEPD, in accordance with Article E/0113/2019, carried out the following27 KB (4,497 words) - 13:38, 13 December 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)gross turnover per article sold. 35. On March 25, 2019, the plaintiff had his appeal substantiated by another attorney of record: 36. Article 9 of the DSGVO32 KB (5,236 words) - 16:00, 10 March 2022
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- AEPD (Spain) - PS/00127/2020 (category Article 13 GDPR)information duty included in Article 13 GDPR. Is this a violation of Article 13 GDPR? The AEPD held that there had been a violation of Article 13. According to the35 KB (5,363 words) - 14:02, 13 December 2023
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)breaches of articles 5-1-c), 5 -1 e), 13, 32 and 35-1 of the GDPR; no breach of Article 6 of the GDPR and of Directive 2002/58 / EC of the Parliament and61 KB (10,028 words) - 17:09, 6 December 2023
- Court of Appeal of Brussels - 2023/AR/801 (category Article 96 GDPR)Appeal considered that Article 96 GDPR does not provide a time limit for the validity of international agreements concluded prior GDPR and that a ban on some11 KB (1,467 words) - 09:40, 6 July 2023
- DSB (Austria) - 2021-0.101.211 (category Article 4(15) GDPR)to be qualified as a health data pursuant to Article(4)(15) GDPR and that the scope of protection of Article 9(2) must be taken into account as a standard37 KB (5,745 words) - 13:53, 12 May 2023
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)force of the GDPR, the controller also sent him a separate revocation letter referring to the operational reasons under Article 38(3) GDPR, second sentence40 KB (6,019 words) - 14:13, 28 November 2023
- Supreme Court - C.20.0323.N (category Article 4(11) GDPR)minimisation under Article 5(1)(c) GDPR, and contrary to the obligation to obtain the freely given consent of the data subject under Article 6(1)(a) GDPR, when refusal43 KB (6,749 words) - 07:07, 28 October 2021
- OGH - 6Ob127/20z (category Article 4(1) GDPR)held that a lawsuit under Article 79 GDPR regarding the alleged violation of Article 15 GDPR is indeed feasible. Article 79 GDPR is not limited to certain34 KB (5,408 words) - 13:57, 20 September 2021
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for37 KB (5,721 words) - 12:41, 16 September 2021
- APD/GBA (Belgium) - 04/2021 (category Article 7 GDPR)processing (Article 4, point 11, Article 6 (1) in conjunction with Article 7 GDPR) 121. With regard to the lawfulness of the processing (art. 6 GDPR), the defendant113 KB (18,732 words) - 16:50, 12 December 2023
- APD/GBA (Belgium) - 36/2021 (category Article 83(7) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 5(1)(a) GDPR)(referred to in Article 9 of the GDPR) or of "personal data relating to criminal convictions and offenses" (referred to in Article 10 of the GDPR)" ( note cit49 KB (7,758 words) - 15:44, 6 December 2023
- relation to contraventions of the UK-GDPR, section 168 DPA 2018 provides that "non-material damage" in Article 82 GDPR includes distress. In relation to breaches61 KB (8,986 words) - 08:40, 22 February 2022
- AP (The Netherlands) - 14.01.2022 (category Article 5(1)(c) GDPR)2019 Pursuant to article 58, second paragraph, opening words and article 83, fifth paragraph, of the GDPR, read in in connection with article 14, third paragraph50 KB (7,656 words) - 17:05, 12 December 2023
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- Garante per la protezione dei dati personali (Italy) - 9788429 (redirect from Garante per la protezione dei dati personali (Italy) - Provvedimento n. 248 del 7 luglio 2022)under Article 6(1)(f) GDPR is not a valid legal basis for the processing of cookies. The Italian DPA also held that the controller violated Article 122 of57 KB (9,084 words) - 15:11, 13 July 2022
- Datatilsynet (Norway)- 20/02254 (category Article 57(1)(a) GDPR)Communications Act § 2-7 b, which implement Article 5 (3) of the Communication Protection Directive, are lex specialis for the Privacy Regulation. Article 95 of the24 KB (3,498 words) - 16:14, 6 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)the European Union Article 7, Article 8 paragraph 1 and Article 11 European Convention on Human Rights Article 8 paragraph 1 and Article 10 paragraph 1 Regulation60 KB (9,713 words) - 13:07, 26 March 2024
- Court of Appeal of Brussels - 2020/AR/1333 (category Article 5(1)(a) GDPR)proportionate and complies with the article 83 of the GDPR. The Litigation Chamber fully complied with article 83.1 of the GDPR and principle of proportionality51 KB (7,792 words) - 11:43, 24 January 2022
- AEPD (Spain) - TD/00071/2020 (category Article 17 GDPR)6www.aepd.es28001 - Madridsedeagpd.gob.es Page 4 4/7with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and this is notbased on19 KB (2,948 words) - 14:50, 13 December 2023
- CdS - 202102631 (category Article 4(2) GDPR)line with Article 12(7) GDPR and the Article 29 Working Party Guidelines on Automated individual decision-making and profiling (paragraph 35). The appeal13 KB (1,771 words) - 11:44, 10 September 2021
- CdS - 202102630 (category Article 4(2) GDPR)line with Article 12(7) GDPR and the Article 29 Working Party Guidelines on Automated individual decision-making and profiling (paragraph 35). The appeal12 KB (1,766 words) - 11:44, 10 September 2021
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)(Articles 12 and 14 of the GDPR) - a breach of her right of access (article 15 of the GDPR) - a breach of Article 28 of the GDPR with regard to the quality127 KB (21,484 words) - 17:01, 12 December 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)BKR is covered by Article 6, clause 1 (c) of the AVG and not by Article 6, clause 6 (f) of the AVG. The BKR itself refers to Article 6, clause 1 (f) of91 KB (15,371 words) - 15:11, 5 October 2021
- AEPD (Spain) - 0098/2022 (category Article 6(1)(e) GDPR)assessment and an additional DPIA under Article 35 GDPR, in order to guarantee the adherence to the principles of Article 5 GDPR. First, the Spanish DPA stated56 KB (8,102 words) - 13:57, 1 February 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- GHSHE (Netherlands) - 200.274.447 01 (category Article 5 GDPR)account the provisions of Article 7:671b (8) opening words and under (b) of the Dutch Civil Code (old), on the basis of Article 7:671b (1) opening words and60 KB (10,118 words) - 15:12, 5 October 2021
- Court of Appeal of Brussels - 2021/AR/205 (category Article 6 GDPR)processing plea 6: the right to object - Article 21(1) AVG plea 7: Article 12(3) TFEU - no infringement plea 8: Article 20 AVG-Right of transfer-the warning-not92 KB (14,873 words) - 09:03, 20 August 2021
- decision stated: - Pursuant to Article 100, §1, 9 WOG, to order processing in accordance with with Articles 5.1.f, 5.2, 24 and 32 GDPR, in which in particular24 KB (3,393 words) - 09:25, 10 September 2021
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the115 KB (12,842 words) - 08:38, 5 July 2023
- Court of Appeal of Brussels - 2019/AR/1006 (category Article 16 GDPR)accordance with Article 4(1) GDPR, according to the DPA. The Court of Appeal of Brussels held that, in accordance with Article 16 GDPR, the data subject59 KB (9,290 words) - 09:10, 5 May 2024
- Tietosuojavaltuutetun toimisto (Finland) - 6722/154/2018 (category Article 17(1)(c) GDPR)subject's request to remove the search result link as per Article 58(2)(c) GDPR? Article 87 GDPR gives Member States the right to specify conditions for19 KB (3,000 words) - 13:07, 3 March 2024
- IP - 07121-1/2020/387 (category Article 9 GDPR)issued an opinion as foreseen under Article 58(3) GDPR on the issue of the health data sharing under Article 9 GDPR in the employer - employee context.12 KB (1,812 words) - 15:11, 17 March 2022
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches66 KB (9,458 words) - 19:42, 4 September 2021
- VG Mainz - 1 K 584/19.MZ (category Article 9(1) GDPR)The Administrative Court of Mainz (VG Mainz) held that Article 9 GDPR does not apply to a processor who captures special categories of data on camera,58 KB (9,665 words) - 08:51, 25 November 2020
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)and 13 GDPR? Is the information provided to data subjects throughout the subscription process in compliance with the provisions of Article 13 GDPR? Does48 KB (7,404 words) - 17:09, 6 December 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023
- AKI (Estonia) - 2.1.-3/20/4479 (category Article 5(1)(c) GDPR)representation does not replace Article 9 (2) (a) and (c) consent of the data subject in accordance with Article 7. Article 7 (1) of the ECHR provides that28 KB (4,474 words) - 10:31, 13 December 2023
- IMY (Sweden) - DI-2020-10518 (category Article 12(3) GDPR)Klarna violate Article 15 of the GDPR? The DPA considered that Klarna failed to process the request within the timeframe required by Article 12(3) and without18 KB (2,003 words) - 15:22, 6 December 2023
- Datatilsynet (Norway) - 20/01865 (category Article 2 GDPR)under Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet19 KB (2,942 words) - 09:03, 14 September 2023
- CE - N° 441065 (category Article 7 GDPR)installed by a city (Article 9(2)(g) GDPR), no provision on the necessity of the processing with regard to a health policy (Article 9(2)(g) GDPR), and the city5 KB (565 words) - 12:48, 16 September 2021
- HmbBfDI (Hamburg) - Vermerk: Abdingbarkeit von TOMs (category Article 6(1)(a) GDPR)32 GDPR) b. If Articles 6 and 7 GDPR prevent the need to take protective measures gene? The systematic argument, Art. 6 Para. 1 lit. a and 7 GDPR, which30 KB (4,562 words) - 15:27, 6 December 2023
- AEPD (Spain) - EXP202201746 (category Article 5(1)(f) GDPR)infringement of Article 32 GDPR. Therefore, the Spanish DPA issued a warning sanction for each violation of Article 5(1)(f) and Article 32 GDPR. AEPD highlighted62 KB (9,703 words) - 13:05, 13 December 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR. The complainants are clients52 KB (8,603 words) - 16:55, 12 December 2023
- APD/GBA (Belgium) - 127/2022 (category Article 35(1) GDPR)measures under Article 24 GDPR and 25 GDPR. However, the DPA considered that in this case, the violations of Article 5(1)(f) GDPR and 32 GDPR were sufficient14 KB (1,993 words) - 14:36, 14 September 2022
- Rb. Noord-Nederland - C/ 18/189406/HA ZA 19-6 (category Article 5(1)(f) GDPR)loss of control of personal data and a breach of Article 5(1)(f) GDPR, Article 6 GDPR and Article 32(2) GDPR. The first complainant is a company that is engaged105 KB (18,002 words) - 16:24, 10 March 2022
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 37(7) GDPR)meaningless the obligation of Article 37.7 of the GDPR. 23. In view of the above, the restricted panel concludes that Article 37.7 of the GDPR has no not respected81 KB (11,895 words) - 16:58, 6 December 2023
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)resulting from Article L. 34-5 of the CPCE and Article 7-1 of the GDPR. B. On the breaches relating to the exercise of rights 27. According to Article 12 of the59 KB (9,623 words) - 17:03, 6 December 2023
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)that the letter in question referred to Article 58(1)(a) of the GDPR and Article 5:16 in conjunction with Article 5:17 of the Awb does not make this any67 KB (11,415 words) - 17:15, 12 December 2023
- AEPD (Spain) - PS/00128/2020 (category Article 4(13) GDPR)breach of Article 13 GDPR? The AEPD held that the facts complained of involving the violation by the City Council of the provisions of Article 13 of the39 KB (5,912 words) - 14:02, 13 December 2023
- Tribunal da Relação de Coimbra - 4354/19.7T8CBR-A.C2 (category Article 4(1) GDPR)missions, applying all the exclusions provided for in article 2 of the GDPR. ”, Resulting from its article 3 under the heading“ National control authority ”that“The30 KB (4,858 words) - 09:58, 6 October 2021
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 4(11) GDPR)The heading of Article 6(1) and the wording “has given” in Article 6(1)(a) support this interpretation. It follows logically from Article 6 and Recital65 KB (9,767 words) - 16:22, 6 December 2023
- CJEU - C-61/22 - Landeshauptstadt Wiesbaden (category Article 35(10) GDPR)higher-ranking EU law, in particular (a) Article 77(3) TFEU (b) Articles 7 and 8 of the Charter (c) Article 35(10) of the GDPR and is it therefore invalid on one2 KB (126 words) - 09:15, 5 January 2024
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)be erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement27 KB (4,363 words) - 16:56, 12 December 2023
- IP - 07121-1/2020/195 (category Article 35 GDPR)protection impact assessment prior to the use of the drones, as provided in Article 35 GDPR. In addition, the IP clarified that the Civil Aviation Agency of the9 KB (839 words) - 14:07, 24 February 2022
- NSA - III OSK 1789/22 (category Article 5(1)(c) GDPR)18a section 1 and art. 35 section 3 point 5 of the Act on and art. 7 of the Constitution of the Republic of Poland; 7) art. 35 section 1 and 3 in connection74 KB (12,347 words) - 13:46, 9 October 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)out in Article 6 (1) of the GDPR In addition, there is a circumstance within the meaning of Article 9 (2) of the GDPR. (45) Article 9 (2) of the GDPR does72 KB (11,159 words) - 10:09, 17 November 2023
- APD/GBA (Belgium) - 15/2023 (category Article 7(1) GDPR)of Article 6(1)(e) are met. II.2. Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) and (2) of the AVG II.2.1. Article 5 (2) GDPR, Article105 KB (15,883 words) - 15:05, 8 March 2023
- Garante per la protezione dei dati personali (Italy) - 9356568 (category Article 36 GDPR)processing. In accordance with Article 36 GDPR, the Garante must decide on the adequacy of the intended processing under the GDPR. After careful examination71 KB (11,426 words) - 15:49, 6 December 2023
- Datainspektionen - DI-2019-7782 (category Article 35 GDPR)DI-2019-7782 4 (22) infringements of Article 5 (1) (a), Article 6 (1), Article 9 (2), Article 13, Article 35 and Article 36 of the Data Protection Ordinance52 KB (8,101 words) - 11:43, 7 April 2022
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)enshrined in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not270 KB (43,335 words) - 12:39, 13 December 2023
- HDPA (Greece) - 41/2022 (category Article 35(1) GDPR)thereby violating Article 13(2) GDPR. The investigated controllers did not comply with the storage limitation principle under Article 5(1) GDPR because the data14 KB (2,046 words) - 19:00, 21 September 2022
- Garante per la protezione dei dati personali (Italy) - 9451734 (category Article 5(1)(c) GDPR)to be heard by the Authority, within 30 days (Article 166, paragraphs 6 and 7, of the Code, and Article 18, paragraph 1, by Law No. 689 of 24/11/1981)24 KB (3,697 words) - 15:52, 6 December 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- CNIL (France) - SAN-2023-018 (category Article 31 GDPR)DPO and to cooperate with the DPA, therefore violating Article 31 GDPR and Article 37(1)(a) GDPR. On 2 June 2021, the French DPA (“CNIL”) informed a French22 KB (3,384 words) - 13:25, 24 January 2024
- CNIL (France) - SAN-2023-016 (category Article 5(1)(b) GDPR)breached Article 5(1)(b) GDPR. Therefore, the DPA handed down a 'call to order' against the joint controllers for breaching Article 5(1)(b) GDPR, and no27 KB (4,166 words) - 17:06, 6 December 2023
- ICO (UK) - Chief Constable West Midlands Police (category Article 34(3) GDPR)40 and 57(1)(2) of UK GDPR. ICO also recommended that WMP should take certain steps to ensure its compliance with the UK GDPR. Share your comments here18 KB (2,470 words) - 08:01, 10 May 2024
- CJEU - C-280/22 - Kinderrechtencoalitie Vlaanderen and Liga voor Mensenrechten v Belgian State (category Article 35 GDPR)valid and compatible with Article 16 TFEU and – as regards Article 3(5) and (6) – with Article 21 TFEU, as well as with Articles 7, 8 and 52 of the Charter7 KB (740 words) - 11:43, 7 September 2022
- DSB (Austria) - D550.038/0003-DSB/2018 (category Article 5(1)(a) GDPR)violates § Article 13 (3) in conjunction with Article 62 (1) 4 DSG and for the period prior to 25 May 2018 against Article 52 Paragraph 2 no. 7 in conjunction31 KB (5,161 words) - 14:02, 12 May 2023
- Datainspektionen - DI-2019-7024 (category Article 35 GDPR)risk of Page 7 The Data Inspectorate DI-2019-7024 7 (31) rights and freedoms of natural persons. This includes in accordance with Article 35 (3) b that an70 KB (11,103 words) - 11:43, 7 April 2022
- KamR Stockholm - Case No. 5888-20 (category Article 35 GDPR)data has infringed Article 5, Article 9, Article 35 and Article 36 of the Data Protection Regulation. These articles are covered by article 83.4 and 83.5 and62 KB (7,607 words) - 08:56, 7 October 2021
- IMY (Sweden) - IMY-2023-1647 (category Article 35(1) GDPR)Childrens and Education Board 300,000 SEK (around €26,524) for breaching Article 35(1) GDPR. The Board failed to conduct a data protection impact assesment prior5 KB (641 words) - 16:51, 5 December 2023
- Persónuvernd (Iceland) - 202112772 (category Article 35(1) GDPR)violation of Article 24(1) and (2) GDPR (responsibility of the controller), Article 25 GDPR (privacy by design and by default) or of Article 32 GDPR (obligation46 KB (7,050 words) - 09:55, 16 December 2021
- Garante per la protezione dei dati personali (Italy) - 9845156 (category Article 35 GDPR)violation of Article 35 GDPR. In light of the above violations, the DPA imposed an administrative fine of €55,000 (Article 58(2)(i) GDPR). In doing so128 KB (20,856 words) - 12:32, 14 March 2023
- Rb. Midden-Nederland - C/16/481957/KG ZA 19-357 (category Article 35 GDPR)through the courts, in violation of freedom of expression Article 7 of the Constitution and Article 10 of the ECHR. Judgment is therefore null and void. A]24 KB (3,863 words) - 16:19, 10 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 7684/171/22 (category Article 35 GDPR)the decision where it applied Article 35 GDPR in this case. This might imply that there was a confusion with Article 35 data protection impact assessment27 KB (4,068 words) - 10:13, 7 June 2023
- CNIL (France) - SAN-2020-015 (category Article 32(1) GDPR)private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA29 KB (4,374 words) - 16:03, 19 January 2024
- APD/GBA (Belgium) - 115/2023 (category Article 35 GDPR)from Article 35 GDPR, which is an article directed at controllers and uses it as a basis for evaluating the admissibility of complaints. Article 35 GDPR20 KB (2,909 words) - 06:45, 14 September 2023
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- AEPD (Spain) - PS/00052/2021 (category Article 35 GDPR)particulars of article 35, paragraph 1, and article 35, paragraph 3, letters a) to c), the list to be adopted at national level under Article 35(4) and the79 KB (12,680 words) - 17:31, 8 February 2022
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)disclosing personal data from a surveillance footage, thus breaching Article 5(1)(a) GDPR and Article 6. The company appealed to the Norwegian Privacy Appeals Board49 KB (7,646 words) - 07:56, 7 March 2022
- its Article 35, that the concept of personal data and the possibilities for processing and protection will be defined by the law. The same article reaffirms3 KB (332 words) - 13:31, 3 May 2023
- CE - N° 434376 (category Article 35 GDPR)French Council of State (Conseil d' Etat) clarified the application of Article 35 GDPR (data protection impact assessments). Several NGOs brought a complaint29 KB (4,372 words) - 16:07, 22 March 2022
- APD/GBA (Belgium) - 35/2024 (category Article 4(1) GDPR)accordance with Article 5.1.a) j° Article 6.1 of the GDPR, any processing of personal data have a legal basis. Article 6.1 of the GDPR stipulates that27 KB (4,006 words) - 10:14, 17 March 2024
- RvS - 202001436/1/A2 (category Article 15(3) GDPR)additions were complex in fact or in law. - Article 47 of the Charter and Article 6 of the ECHR 5.7. Article 47 of the Charter states that the right to21 KB (3,368 words) - 20:43, 26 July 2020
- Rb. Amsterdam - C/13/692003/HA RK 20-302 (category Article 15(1) GDPR)processing of their personal data pursuant to Article 12 (1) of the GDPR. 4.7. Pursuant to Article 15 (1) of the GDPR, the person whose personal data is being30 KB (4,797 words) - 10:03, 19 May 2021
- AP (The Netherlands) - z2018-02009 (category Article 32 GDPR)(hereinafter: the GDPR) applies on 25 May 2018 become. The GDPR imposes the same obligation in Article 32, paragraph 1, as it applied under Article 13 6. The UWV33 KB (5,112 words) - 17:10, 12 December 2023
- Personvernnemnda (Norway) - 2020-14 (19/00110) (category Article 6(1)(f) GDPR)Ordinance, cf. Article 4 no. 2. The search engine provider is responsible for the processing of personal data this connection, cf. Article 4 no. 7. This is also32 KB (5,120 words) - 18:48, 5 March 2022
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 7 GDPR)case to the Irish DPA (DPC) under article 56 GDPR, and in accordance with the procedure outlined in Article 60 GDPR. In response to the complaint Meta468 KB (51,340 words) - 14:10, 30 January 2023
- indication that art. 30 GDPR has not been complied with. There are serious indications that article 12.1 GDPR has not been complied with. 7. On December 16, 201935 KB (5,303 words) - 17:01, 12 December 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)violation of article 32, paragraph 1, GDPR and article 13, paragraph 1, sub, GDPR BZ should end these violations as soon as possible. article58, paragraph2179 KB (22,957 words) - 17:07, 12 December 2023
- LAG Düsseldorf - 12 Sa 186/19 (category Article 9 GDPR)entitled to a claim under Article 82 (1) GDPR, which he could also base on Article 823 (1) BGB in conjunction with Article 2 (1) and Article 1 (1) GG. The defendant120 KB (20,753 words) - 17:06, 7 March 2022
- Rb. Amsterdam - C/13/694440 / KG ZA 20-1118 (category Article 6(1)(c) GDPR)objection as referred to in Article 21 of the GDPR exists in the case of a BKR registration, does that mean that Article 35 of the GDPR Implementation Act plays19 KB (3,086 words) - 09:21, 7 April 2021
- Rb. Midden-Nederland - C/16/530061 / KG ZA 21-617 (category Article 35 GDPR)concerns Article 9 AVG instead of Article 10 AVG and Article 9 AVG does not apply to criminal personal data (see legal ground 4.23 and MvT to Article 22 UAVG)38 KB (6,263 words) - 16:40, 15 June 2022
- Garante per la protezione dei dati personali (Italy) - 9675440 (category Article 35 GDPR)pursuant to art. 35 of the Regulation. an impact assessment pursuant to art. 35 of the Regulation. an impact assessment pursuant to art. 35 of the Regulation180 KB (29,599 words) - 13:51, 28 July 2021
- Garante per la protezione dei dati personali (Italy) - 9828901 (category Article 7 GDPR)behalf of the controller, violating Article 27(4) GDPR. The DPA confirmed that the controller violated Article 35 GDPR for not having carried out a DPIA91 KB (14,709 words) - 13:02, 14 December 2022
- Rb. Amsterdam - C/13/693399 / HA RK 20-337 (category Article 35(2) GDPR)data subject. The court also concluded that Article 79 GDPR and Article 35 of the Dutch Act implementing the GDPR (UAVG) provide the data subject with access42 KB (6,332 words) - 15:00, 14 July 2021
- Rb. Oost-Brabant - C/01/356292 / KG ZA 20-141 (category Article 6(1)(e) GDPR)that the GDPR applies to the request for removal. The request shall be based on Article 21 in conjunction with Article 79 of the GDPR and Article 35(2) of18 KB (2,804 words) - 16:26, 10 March 2022
- Court of Appeal of Brussels - 2020/AR/1111 (category Article 3(1) GDPR)ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of37 KB (5,919 words) - 08:54, 20 August 2021
- Garante per la protezione dei dati personali (Italy) - 9963509 (category Article 35 GDPR)obligations related to the processing operations pursuant to Article 5(1)(a) GDPR and Article 14(5)(b) GDPR. In that case, the DPA recommended that the information51 KB (7,841 words) - 08:22, 21 December 2023
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph28 KB (4,527 words) - 15:58, 26 April 2022
- DSB (Austria) - DSB-D213.1759 (category Article 5(1)(c) GDPR)hereinafter: GDPR), OJ L 119, 4 May 2016, p. 1.: Article 4, Article 5 Paragraph 1 Letter c, Article 6, Article 12 Paragraph 3, Article 51 Paragraph 172 KB (11,993 words) - 14:21, 10 April 2024
- Personvernnemnda (Norway) - 2021-05 (20/02912) (category Article 17(1)(c) GDPR)emphasised: None of the personal data concerned information covered by Article 9 or 10 GDPR. The data subject was interviewed as part of his role in the business26 KB (4,299 words) - 18:49, 5 March 2022
- AEPD (Spain) - EXP202205791 (category Article 17 GDPR)observations. Firstly, the right to be forgotten can be found in Article 17 GDPR and Article 93 of the LOPDGDD, the Spanish data protection law. It establishes29 KB (4,648 words) - 12:38, 13 December 2023
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)montant de 10.000 € (article 83, paragraphe 2, de l'AVG ; article 100, §1, 13° WOG et article 101 WOG). 129. Compte tenu de l'article 83 AVG et de la jurisprudence1796 KB (15,396 words) - 16:50, 12 December 2023
- APD/GBA (Belgium) - 12/2019 (category Article 7 GDPR)the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a decision107 KB (17,697 words) - 16:52, 12 December 2023
- Rb. Amsterdam - C/13/687315 / HA RK 20-207 (category Article 35 GDPR)should have passed as per Article 12(3) GDPR. The plaintiffs have a right to filed a complaint before a court as per Article 35 GDPR. On that matter, the court82 KB (14,053 words) - 16:25, 25 March 2021
- Rb. Midden-Nederland - C/16/531572 / KG ZA 21-672 (category Article 35 GDPR)consulted before processing, pursuant to Article 36 GDPR. Fourth, the Court noted that, pursuant to Article 10 GDPR and Article 31 Implementation Act, the IP addresses59 KB (9,649 words) - 08:09, 20 October 2022
- Garante per la protezione dei dati personali (Italy) - 9920977 (category Article 35 GDPR)conformity with the data subject’s rights of information under Article 13 GDPR and Article 14 GDPR, the hospital should firstly make clear what the legal basis92 KB (14,476 words) - 08:25, 19 September 2023
- GHDHA - 200.291.947/01 (category Article 6(1)(f) GDPR)Appeal considered Article 35(2) of the Implementing Act of the GDPR (UAVG), which follows from the right to object, Article 21 GDPR. Article 35(2) UAVG stipulates41 KB (6,941 words) - 10:56, 17 November 2021
- Garante per la protezione dei dati personali (Italy) - 9703988 (category Article 35 GDPR)violation of Article 35 GDPR. Thus, the DPA fined the university a total of €200,000 for the violation of Articles. 5(1)(a), (c) and (e), 6, 9, 13, 25, 35, 44 and222 KB (35,993 words) - 09:52, 20 October 2021
- Garante per la protezione dei dati personali (Italy) - 9685994 (category Article 35 GDPR)processing, in violation of Article 32 GDPR, and failed to undertake a data protection impact assessment, in violation of Article 35. For the above reasons235 KB (38,572 words) - 10:19, 20 July 2022
- VG Potsdam - VG 3 K 1458/19 (category Article 17 GDPR)the alert on the SIS system under Article 17(1)(d) GDPR. The reason for the data subject invoking the GDPR is that Article 53(1) Regulation (EU) 2018/186123 KB (3,560 words) - 14:17, 21 February 2024
- Rb. Oost-Brabant - C/01/371762 / EX RK 21-90 (interim decision) (category Article 13 GDPR)obligations that follow from Article 12, 13, 14 and 26 GDPR, although this competence does not directly follow from Article 35 of the General Data Protection39 KB (6,439 words) - 06:19, 23 August 2022
- OGH - 6Ob35/21x (category Article 4(1) GDPR)constitute personal data under Article 4(1) GDPR? If so, do they qualify as special categories of personal data under Article 9 GDPR? Is the defendant obliged27 KB (4,090 words) - 09:54, 10 September 2021
- APD/GBA (Belgium) - 129/2023 (category Article 5(1)(f) GDPR)impact" for the purposes of Article 35 GDPR, and (2) "insufficient documentary evidence" that an "effective" infringement of the GDPR had taken place. In reaching20 KB (2,838 words) - 06:45, 20 September 2023
- Garante per la protezione dei dati personali (Italy) - 9791886 (category Article 35 GDPR)consultation. of the Guarantor pursuant to article 36 of the Regulation "(article 110 of the Code, article 9, paragraph 2, letter j) and par. 4 of the97 KB (15,437 words) - 11:27, 16 August 2022
- Garante per la protezione dei dati personali (Italy) - 9977020 (category Article 35 GDPR)constitute a valid legal basis in line with Article 6(1)(e) GDPR, Article 6(2) and (3) GDPR nor with Article 9(2)(g) GDPR. Making reference to case law of the315 KB (49,768 words) - 14:24, 8 February 2024
- Garante per la protezione dei dati personali (Italy) - 9995680 (category Article 5(1)(a) GDPR)processing lack any applicable conditions found in Article 9(2) GDPR and was found in breach of Article 5(2) GDPR. Additionally, the Garante reiterated that the105 KB (16,849 words) - 11:58, 11 April 2024
- HDPA (Greece) - 39/2020 (category Article 4(7) GDPR)under the GDPR and needs to establish a valid legal basis to process personal data. Unsolicited political communication is regulated with Article 11 L. 3471/200656 KB (7,755 words) - 15:39, 6 December 2023
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)(1) lit. d GDPR. The procedure was also compatible with the principle of purpose limitation within the meaning of Article 5 para. 1 lit. b GDPR. In September31 KB (5,184 words) - 17:19, 15 April 2023
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant45 KB (6,780 words) - 16:57, 12 December 2023
- VG Schwerin - 1 A 1254/20 SN (category Article 4(7) GDPR)his claim on Article 78(1) of the GDPR in conjunction with Article 57 of the GDPR. Article 57 of the GDPR. The scope of Article 57 of the GDPR is indeed open37 KB (6,156 words) - 10:12, 26 May 2021
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg56 KB (8,326 words) - 16:57, 6 December 2023
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)and transferred to the Disputes Chamber pursuant to article 62, § 1 j° article 92, 1° WOG. 10. On 7 February 2020, the Disputes Chamber invites the parties39 KB (6,247 words) - 09:14, 15 November 2023
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(1) GDPR)to the right of access under Article 15(4) of the GDPR or section 22 of the DDPA can be invoked. It follows from Article 15 (4), that the right to obtain26 KB (3,820 words) - 16:22, 6 December 2023
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose52 KB (7,520 words) - 13:13, 20 July 2021
- APD/GBA (Belgium) - 77/2023 (category Article 5(1)(a) GDPR)storage (Article 5.1.b, 5.1.c, 5.1.d and 5.1.e of the GDPR); - Violation of the principle of legality (article 5.1.a of the GDPR); - Violation of Article 10150 KB (22,339 words) - 09:50, 21 June 2023
- UODO (Poland) - DKN.5101.25.2020 (category Article 5(1)(f) GDPR)the media reports referred to in the article available under the above-mentioned address. In the indicated article, marked with the publication date [.63 KB (10,088 words) - 09:52, 17 November 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)under Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR143 KB (24,273 words) - 15:59, 10 March 2022
- Rb. Den Haag - C/09/550982/HA ZA 18/388 (category Article 35 GDPR)particular with Article 8 of the ECHR, Articles 7 and 8 of the Charter and/or Article 17 of the ICCPR; and/or Article 6 and/or Article 13 of the ECHR;128 KB (21,722 words) - 16:14, 10 March 2022
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium42 KB (6,689 words) - 08:30, 21 November 2022
- Persónuvernd (Iceland) - 2022050940 (category Article 35 GDPR)under Article 15 GDPR. The company also believed that it was not obliged to carry out a data protection impact assessment under Article 35 GDPR due to31 KB (4,851 words) - 05:33, 9 May 2023
- AEPD (Spain) - PS/00050/2021 (category Article 35 GDPR)reduced to €16,000 because of voluntary payment, for a violation of Article 35 GDPR. Share your comments here! Share blogs or news articles here! The decision81 KB (13,036 words) - 14:28, 24 November 2022
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)violation of article 5.1.f) of the GDPR (LCEur 2016, 605) , typified in article 83.5.a) of the GDPR, a penalty of warning, of in accordance with article 77 of195 KB (30,495 words) - 12:40, 13 December 2023
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)opening clause in Article 86 GDPR if the disclosure involves personal data? The court held that the VIG complies with Article 86 GDPR: The provisions of40 KB (6,397 words) - 08:03, 21 March 2022
- NAIH (Hungary) - NAIH-5114-35/2022 (category Article 5(1)(e) GDPR)legitimate interest. Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data management in this case. GDPR Article 4, point 1: "personal data":146 KB (22,679 words) - 15:52, 3 May 2023
- AEPD (Spain) - PS/00070/2019 (category Article 7 GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- AEPD (Spain) - EXP202213323 (category Article 5(1)(c) GDPR)Violation of article 35 of the GDPR................................................ ...................36 8.2. Violation of article 9 of the GDPR.........176 KB (27,432 words) - 07:43, 10 May 2024
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller120 KB (19,650 words) - 09:00, 6 April 2022
- CNIL (France) - SAN-2021-003 (category Article 4(1) GDPR)drones equipped with cameras a personal personal data in the sense of Article 4 GDPR ? Did the Ministry of Interior comply with the French Data Protection39 KB (6,015 words) - 17:11, 6 December 2023
- Rb. Midden-Nederland - C/16/502323 / HA RK 20-122 (category Article 15 GDPR)assessment Scope of right of access according to Article 15 GDPR 3.1. The purpose of Article 15 of the GDPR is to enable a data subject to become aware of21 KB (2,968 words) - 10:13, 6 May 2021
- Datatilsynet (Denmark) - 2023-432-0016 (category Article 4(11) GDPR)with Article 9(2)(a) GDPR and Article 6(1)(a) GDPR. Thus, the Danish DPA held that the processing was also not following the principles of Article 5(1)46 KB (7,192 words) - 12:37, 19 December 2023
- CNIL (France) - SAN-2023-082 (category Article 5(2) GDPR)requirements of Article 28 of the GDPR. 4.4. Furthermore, subcontractors: must appoint, where applicable, a data protection officer in accordance with Article 37 of46 KB (7,106 words) - 17:06, 6 December 2023
- HDPA (Greece) - 12/2022 (category Article 5(1)(a) GDPR)lawfulness, fairness and transparency under Article 5(1)(a) GDPR, and the principle of accountability under Article 5(2) GDPR. Additionally, the HDPA held that the46 KB (7,390 words) - 08:07, 1 April 2022
- Rb. Den Haag - C-09-608582-HA RK 21-101 (category Article 6(1)(f) GDPR)paragraphs 1 and 2 GDPR). In this context, Defam is the controller (Article 4(7) of the GDPR). Article 6(1) of the GDPR provides that processing of personal data31 KB (4,916 words) - 10:19, 25 January 2022
- VG Stuttgard - 4 K 836/21 (category Article 2 GDPR)according to Article 16 GDPR, because the certificate is not contained in a filing system or automated storage and therefore, pursuant to Article 2 GDPR, outside17 KB (2,592 words) - 14:22, 5 October 2022
- Garante per la protezione dei dati personali (Italy) - 9909907 (category Article 5 GDPR)14 and 19). Therefore, with reference to the aforementioned points 7.2; 7.3; 7.4; 7.5, in consideration of the elements provided by the Company and accepting122 KB (19,640 words) - 08:16, 3 August 2023
- Court of Appeal of Brussels - 2020/AR/329 (category Article 57(1)(f) GDPR)submits that Article 77 AVG 2, interpreted in the light of Articles 1, 51(1) and 57 AVG, recitals 7, 10 and 141 AVG, Article 8 Charter and Article 16 TFEU,48 KB (7,560 words) - 09:03, 20 August 2021
- VG Osnabrück - 1 B 72/21 (category Article 6(1)(c) GDPR)meaning of Article 6 Paragraph 3 in conjunction with Paragraph 1 Letter c) or Letter e) GDPR, whereby according to Article 85 Paragraph 1, 2 GDPR the protection34 KB (5,527 words) - 13:49, 12 April 2022
- NSS - 10 As 190/2020 - 39 (category Article 83(7) GDPR)body within the meaning of Article 83(7) GDPR. In interpreting what amounts to a public authority or body under Article 83(7) GDPR, the NSS held that such34 KB (5,374 words) - 04:32, 28 April 2022
- Garante per la protezione dei dati personali (Italy) - 9875254 (category Article 35 GDPR)scientific research purposes pursuant to Article 9(2)(j) GDPR, provided that appropriate safeguards under Article 89(1) GDPR are in place. These safeguards (e92 KB (14,614 words) - 06:12, 26 April 2023
- Persónuvernd (Iceland) - 2020061979 (category Article 38 GDPR)5. Paragraph 1 Article 41, paragraphs 1 and 3 Article 46 Act no. 90/2018, cf. point e, paragraph 1 Article 58, paragraphs 1 and 5 Article 83 of regulation33 KB (5,086 words) - 13:03, 7 September 2022
- GHAL - 200.256.387 (category Article 6(1)(c) GDPR)certain data to be delete. It brought a legal action based on Article 17 GDPR and Article 21 GDPR, read in conjunction with the Dutch Data Protection Act (Wet27 KB (4,289 words) - 07:57, 7 March 2022
- GHAL - 200.307.462 (category Article 10 GDPR)assessment pursuant to Article 35 of the GDPR and, depending on the outcome, also have to consult the AP beforehand (Article 36 of the GDPR). In addition, as28 KB (4,573 words) - 10:04, 14 December 2023
- VG Regensburg - RN 9 K 19.1061 (category Article 2 GDPR)under Article 77(1) GDPR and subsequently the right of judicial remedy against the supervisory authority under Article 78(1) GDPR. Article 79 (1) GDPR provides94 KB (15,537 words) - 09:09, 25 August 2020
- Personvernnemnda (Norway) - 2021-17 (20/02389) (category Article 6(1)(f) GDPR)legal basis for their processing in article 6(1)(f) GDPR. However, according to article 17(1)(c) and article 21(1) GDPR, upon receiving an erasure request45 KB (7,396 words) - 18:49, 5 March 2022
- OLG Stuttgart - 2 U 257/19 (category Article 13 GDPR)Data Protection Regulation. Pursuant to Article 8 (3) no. 2 UWG in conjunction with § Article 8 (1) and Article 3a UWG authorise competition associations52 KB (8,574 words) - 16:03, 10 March 2022
- VG Ansbach - 14 K 19.01274 (category Article 77 GDPR)the GDPR also applied to facts before the above-mentioned date. The Court noted that the entry-into-force of the GDPR according to Article 99 GDPR represents33 KB (5,554 words) - 11:06, 19 November 2021
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)controller for the purposes of Article 4(7) GDPR, and Company A was the processor for the purposes of Article 4(8) GDPR. The DPA found that both Companies55 KB (9,079 words) - 16:57, 6 December 2023
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- GHDHA - 200.290.360-01 (category Article 12(3) GDPR)legislative measure that serves one of the objectives listed in Article 23, namely Article 23(1)(i) GDPR. After all, the Court of first instance notes, “compliance35 KB (5,770 words) - 07:13, 4 April 2022
- Rb. Zeeland-West-Brabant - AWB- 20 9345 (category Article 15 GDPR)Youth Act Article 7.3.1, first paragraph reads as follows: The provisions of this paragraph, with the exception of Articles 7.3.4, 7.3.5, 7.3.6 and 7.3.16,15 KB (1,886 words) - 15:03, 21 July 2021
- paragraph of Article 2, ZKme-1 (point a) of the third paragraph of Article 5, the first paragraph of Article 139, the second paragraph of Article 143 of the30 KB (4,951 words) - 10:08, 8 March 2023
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 5(1)(f) GDPR)Guarantor or to ask to be heard by the Authority (Article 166, paragraphs 6 and 7, of the Code; as well as Article 18, paragraph 1, of Law no. 689 of 24/11/1981)50 KB (8,001 words) - 15:52, 6 December 2023
- AEPD (Spain) - PS/00040/2020 (category Article 15 GDPR)from the Law: "Article 36. Taxpayers 1. They are taxpayers, as taxpayers, natural or legal persons, and the entities referred to in article 35.4 of Law 58/200338 KB (6,303 words) - 13:50, 13 December 2023
- GHAMS - 200.295.747/01 (category Article 15(1)(h) GDPR)time limits specified in Article 12(3) of the Regulation (...) Article 35 1. If the decision on a request referred to in Article 34 was taken by a body other80 KB (13,304 words) - 13:05, 12 April 2023
- VG Ansbach - AN 14 K 19.01274 (category Article 77 GDPR)judicial review under Article 78 GDPR. The disputed infringement occurred before the GDPR came into legal force according to Article 99 GDPR. Therefore, the35 KB (5,807 words) - 14:24, 12 October 2022
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)the data subject (Article 12 AVG), right to rectification (Article 16 AVG), data protection by design and default settings (Article 25 AVG) and the duty90 KB (14,937 words) - 12:35, 3 August 2022
- IMY (Sweden) - DI-2021-1905 (category Article 5(1)(f) GDPR)Swedish DPA fined Trygg-Hansa SEK 35 million (around €3 million) for breaching Article 5(1) GDPR and Article 32 GDPR. In April 2022, Moderna Försäkringar60 KB (7,023 words) - 08:49, 15 September 2023
- LSG Hamburg - L 3 R 7/21 (category Article 16 GDPR)completeness in Article 16 GDPR is to be understood relatively and not absolutely. Personal data is therefore only incomplete in the sense of Article 16 GDPR if it15 KB (2,275 words) - 17:21, 25 January 2022
- violation of Article 5.1.c) of the GDPR, Article 6 of the GDPR, Article 9 of the GDPR, Article 12 of the GDPR, Article 35 of the RGPD, Article 13 of the RGPD337 KB (50,591 words) - 15:29, 5 August 2021
- AKI (Estonia) - 2.1.-1/22/1396 (category Article 5 GDPR)basis in line with Article 13(1)(d) GDPR. The DPA stated that it would impose a fine on the controller, pursuant to Article 58(2)(i) GDPR, if latter does34 KB (5,305 words) - 08:40, 29 June 2023
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)as required by article 6 of the RGPD. The data processing carried out violates article 6 of the RGPD conduct that is subsumed in article 83.5 of the RGPD47 KB (7,616 words) - 14:35, 13 December 2023
- AEPD (Spain) - PS/00099/2022 (category Article 5(1)(f) GDPR)controller with €10,000 for the violation of Article 5(1)(f) GDPR and €25,000 for the violation of Article 32 GDPR. There is a pattern in the Spanish DPA resolutions38 KB (5,920 words) - 12:43, 13 December 2023
- CNIL (France) - SAN-2020-008 (category Article 5(1)(e) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- NAIH (Hungary) - NAIH-642-4/2022 (category Article 7(2) GDPR)Hungarian Forints (around €7,80) for the breach of Articles 5(1)(b)(c) GDPR, 6(1) GDPR, 12(1) GDPR, 7(2) GDPR, 9(1) GDPR, 13 GDPR and 14 GDPR. Independent of any73 KB (11,498 words) - 15:22, 29 August 2023
- AEPD (Spain) - EXP202104693 (category Article 6(1) GDPR)N4004237F, for the alleged infringement of article 35 of the GDPR, typified in article 83.4.a) of the GDPR and article 73.t) of the LOPDGDD” "For the purposes143 KB (23,267 words) - 08:54, 16 May 2023
- Rb. Midden-Nederland - UTR 20/1703 (category Article 15(1) GDPR)access to his personal data pursuant to Article 35 of the Personal Data Protection Act, the predecessor of the GDPR. The controller provided an overview of21 KB (3,360 words) - 15:38, 3 June 2022
- DSB (Austria) - 2022-0.930.971 (category Article 89 GDPR)in accordance with Article 32 Paragraph 1 GDPR by the applicant in an appropriate manner in accordance with Article 32 Paragraph 1 GDPR to be secured, e31 KB (4,726 words) - 08:13, 16 November 2023
- AEPD (Spain) - PS/00223/2021 (category Article 17 GDPR)opposes the treatment in accordance with Article 21 (2); (…) >> Article 21.2 of the RGPD states the following: << Article 21 Right of opposition (...) 2. When30 KB (4,594 words) - 07:25, 22 June 2022
- APD/GBA (Belgium) - 18/2023 (category Article 5(1)(a) GDPR)could constitute a violation of Article 5.1.a and Article 6.1 of the GDPR. - pursuant to Article 58.2.c) of the GDPR and Article 95, §1, 5° of the LCA, to order29 KB (4,332 words) - 13:51, 21 March 2023
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 7 GDPR)accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently144 KB (23,155 words) - 15:46, 6 December 2023
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)which the person responsible is subject. In contrast to Article 6 (1) (b) GDPR, Article 6 (1) (c) GDPR with “legal obligation” does not mean a contractual41 KB (6,779 words) - 12:35, 24 November 2021
- NAIH (Hungary) - NAIH-4137- 8/2022 (category Article 5(1)(a) GDPR)data are part of a filing system, in line with Article 2(1) GDPR. Article 4(6) GDPR defines a filing system as "any structured set of personal data, which75 KB (11,860 words) - 13:16, 19 October 2022
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)the alleged violation of article 28 of the RGPD in relation to the Article 24 of the RGPD punishable in accordance with article 83.4 of the RGPD, for the287 KB (48,336 words) - 13:53, 13 December 2023
- PHR - 22/01253 (category Article 15 GDPR)from Section 7.7.5 of the Dutch Civil Code, in particular Art. 7:446 para. 4, art. 7:464 par. 1 (in conjunction with art. 7:446 par. 2), art. 7:456 and art241 KB (42,617 words) - 14:14, 13 September 2022
- APD/GBA (Belgium) - 05/2021 (category Article 5(1)(f) GDPR)of 25,000 euros (Article 83, paragraph 2 GDPR; Article 100, §1, 13 ° WOG and Article 101 WOG). 18 55. Taking into account article 83 GDPR and the case law60 KB (9,281 words) - 16:50, 12 December 2023
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 7 GDPR)of Articles 6, 7 and 12 of the GDPR. In the contested decision, the Belgian DPA found the infringement of Article 6, 7, 12, 13 and 24 GDPR sufficiently proven67 KB (10,544 words) - 09:24, 10 September 2021
- VSRS - II Ips 23/2020 (category Article 17 GDPR)and the right to forget is also protected under Article 7 (respect for private and family life) and Article (protection of personal data) of the Charter of55 KB (9,115 words) - 09:22, 7 June 2022
- IP - 07121-1/2020/199 (category Article 6(1)(e) GDPR)defined and prescribed by the General Regulation in Article 35. The first paragraph of Article 35 states that "[t] processing, in particular using new15 KB (1,752 words) - 14:07, 24 February 2022
- BGH - VI ZR 692/20 (category Article 6(1)(f) GDPR)erasure pursuant to Article 17(1) GDPR were not fulfilled. First, the processing was not unlawful pursuant to Article 17(1)(d) GDPR. As the processing was40 KB (6,622 words) - 13:32, 21 April 2022
- IP - 07121-1/2021/597 (category Article 2(2) GDPR)Directive 95/46 / EC (hereinafter: the General Regulation), point 7 of the first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette of6 KB (911 words) - 16:58, 13 April 2021
- LG Leipzig - 03 O 1268/21 (category Article 15(3) GDPR)right of access pursuant to Article 15 GDPR, in particular to provide a copy of the personal data pursuant to Article 15(3) GDPR, as well as their right to19 KB (3,155 words) - 10:17, 21 April 2022
- AEPD (Spain) - TD/00277/2020 (category Article 17 GDPR)of these data (hereinafter, GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish40 KB (6,518 words) - 13:29, 13 December 2023
- RvS - 201901832/1/A3 (category Article 4(7) GDPR)General Administrative Law Act. Book 7 of the Dutch Civil Code Article 7:457 1. Without prejudice to the provisions of Article 448(3), second sentence, the counsellor19 KB (3,012 words) - 15:09, 17 March 2022
- CNPD (Portugal) - Deliberaçao 2024/137 (category Article 7(3) GDPR)provisions of Article 3o , Article 4(2) and Article 6(1)(b), all of the GDPR Implementing Law. 57. Under the terms of Article 55(1) of the GDPR, supervisory49 KB (7,923 words) - 14:36, 3 April 2024
- OGH - 6Ob19/23x (category Article 15(1)(c) GDPR)owed on the basis of Article 15 (4) GDPR. Objected that the information provided to the plaintiff met the requirements of Article 15 GDPR. The marketing classifications33 KB (4,912 words) - 13:56, 10 May 2023
- Datatilsynet (Norway) - 20/01626 (category Article 5(1)(a) GDPR)processing as per Article 5(1)(b), nor legal grounds as per Article 6. In sum, the DPA found that NIF had breached Article 5(1)(a), (c) and (f), Article 6, and Article50 KB (8,081 words) - 18:52, 5 March 2022
- Persónuvernd (Iceland) - 2020010642 (category Article 5(1)(a) GDPR)carried out in the public interest (Article 9(5) of the Icelandic Data Protection Act no. 90/2018 , and Article 6(1)(e) GDPR). The Municipality further argued28 KB (4,334 words) - 07:57, 5 October 2021
- AEPD (Spain) - PS/00214/2022 (category Article 6(1) GDPR)established in article 6 of the GDPR and in articles 7 of the GDPR and 7 of the LOPDGDD. Article 7 "Conditions for consent" of the GDPR: "one. When the131 KB (20,916 words) - 12:38, 13 December 2023
- Rb. Rotterdam - C/10/583910/KG ZA 19-1062 (category Article 4(2) GDPR)Recital 1 GDPR and Recital 4 GDPR and the definition of processing under Article 4(2) GDPR. Then, it noted that according to Article 9 GDPR and Recital 35 GDPR31 KB (5,039 words) - 16:28, 10 March 2022
- Datainspektionen - DI-2018-9274 (category Article 5(1)(b) GDPR)in a manner contrary to Article 5 (1)(a) GDPR. For a deeper understanding of the right to request delisting under Article 17 GDPR, the following case and96 KB (12,267 words) - 11:43, 7 April 2022
- Korkein hallinto-oikeus (Finland) - KHO:2023:56 (category Article 5(1)(c) GDPR)Protection Regulation) Article 5, paragraph 1, subparagraph c, Article 25, Article 58, paragraph 2, subparagraph d, and Article 87, Section 29, subsection45 KB (5,016 words) - 14:14, 21 March 2024
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 5(1)(f) GDPR)processing listed inArticle 7 of that Directive or Article 6 of that Regulation (cf. decisions of 20 May 2003, Osterreichischer (Article 6 (1) of the Rules61 KB (9,412 words) - 16:52, 6 December 2023
- AP (The Netherlands) - 23.09.2021 (category Article 32(1) GDPR)which led to a (sensitive) data breach, in violation of Article 32(1) and Article 32(2) GDPR In Oktober 2019, a malicious third party gained unauthorized66 KB (8,861 words) - 17:08, 12 December 2023
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)is maintained under Article 6.1 b) to f) of the GDPR and therefore in Article 6.1.c) invoked in the species. Article 6.1 of the GDPR in fact reproduces73 KB (11,238 words) - 16:59, 12 December 2023
- RvS - 201901006/1/A2 (category Article 79 GDPR)of the Wbp and that this would also be contrary to the AVG. Article 82 of the AVG 12. Article 82 of the AVG reads as follows: 1. Any person who has suffered34 KB (5,179 words) - 07:10, 7 April 2020
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)obtained from them, as required under Article 14(1)(a) AVG and Article 14(2)(c)(e) and point (f) AVG; c. article 12 j° article 14 AVG, in view of the defendant62 KB (10,509 words) - 16:58, 12 December 2023
- Rb. Amsterdam - C/13/722086 / KG ZA 22-759 AB/MB (category Article 17 GDPR)request from the data subject according to Article 21 GDPR. The court stated that under Article 21(1) GDPR, a data subject has the right to object to processing12 KB (1,749 words) - 08:32, 31 October 2022
- ICO - Monetary Penalty on Marriott International Inc. (category Article 5(1)(f) GDPR)Recital 7. 7 See, i particular, Recitals 11, 148, 150, and Article 5, Chapter IV and Article 83. The relevant obligations 2.5. Chapter 1 GDPR sets out241 KB (31,368 words) - 09:59, 9 May 2022
- APD/GBA (Belgium) - 50/2024 (category Article 17(3)(e) GDPR)facie cannot be accommodated in any of the situations that 7 are listed in article 35.3GDPR. The latter are characterized by the “large-scale” or “systematic”14 KB (1,990 words) - 14:50, 10 April 2024
- APD/GBA (Belgium) - 136/2023 (category Article 5(1)(f) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the77 KB (11,604 words) - 08:55, 29 June 2023
- Council of State - 253.677 (category Article 9 GDPR)examination of the prices and costs as referred to in Article 36. referred to in Article 36." Article 35 of the same Royal Decree provides as follows: "The85 KB (13,820 words) - 09:28, 2 March 2023
- OGH - 6Ob56/21k (category Article 2(2)(c) GDPR)obliged to comply with the GDPR provisions as a processor, while the controller could invoke the exemption of Article 2(2)(c) GDPR. The court then refers to127 KB (21,056 words) - 08:17, 19 August 2021
- UODO (Poland) - ZSPR.440.331.2019.PR.PAM (category Article 15(1) GDPR)with complete information pursuant to Article 15(1) GDPR. Therefore, using its power laid down in Article 58(2)(c) GDPR, the DPA ordered the controller to28 KB (4,389 words) - 16:10, 21 December 2021
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)aggravating circumstance according to Article 83(2)(i) or as a separate violation according to Article 83(5)(e) or Article 83(6). Since the situation at hand71 KB (11,552 words) - 13:40, 12 January 2024
- BVwG - W298 2269087-1 (category Article 83 GDPR)processing under Article 9 (2) GDPR. The complainant was accused of having, as the person responsible within the meaning of Article 4, Item 7, GDPR, on September52 KB (8,464 words) - 11:50, 26 July 2023
- VG Mainz - 1 K 473/19.MZ (category Article 15(1) GDPR)regional public authorities respond adequately to the requests under Article 15 GDPR? The court denies admissibility of the claim and dismisses it. It was31 KB (4,898 words) - 11:49, 19 April 2021
- Personvernnemnda (Norway) - 2021-09 & PVN-2021-15 (20/01790) (category Article 5(1)(a) GDPR)of personal data from a surveillance footage, thus breaching Article 5(1)(a) GDPR and Article 6. The complainant argued that the size of the administrative40 KB (6,549 words) - 18:49, 5 March 2022
- IP (Slovenia) - 0603-98/2022/6 (category Article 5(2) GDPR)first paragraph of Article 91 of ZVOP 1 and when applying the second paragraph of Article 26 of ZP 1, the first paragraph of Article 21 of ZP 1 and the25 KB (4,035 words) - 13:16, 26 July 2023
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)purpose constituted a breach of Article 5(1)(e) GDPR. Secondly, the CNIL indicated that the controller breached Article 13 GDPR by failing to include the right56 KB (8,757 words) - 14:12, 28 February 2024
- UODO (Poland) - DKN.5131.5.2020 (category Article 33(1) GDPR)subjects, according to Article 33(1) GDPR and Article 34(1) GDPR? The PUODO held that the insurance company infringed the GDPR provisions, failing to notify47 KB (7,608 words) - 10:00, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9677521 (category Article 5(1)(a) GDPR)excerpt, on the website of the Guarantor pursuant to Article 166, paragraph 7, of the Code "(Article 16, paragraph 1, of the Guarantor Regulation no. 1/2019)56 KB (8,926 words) - 14:57, 14 July 2021
- APD/GBA (Belgium) - 07/2021 (category Article 5(1) GDPR)infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been72 KB (11,208 words) - 16:51, 12 December 2023
- APD/GBA (Belgium) - 115/2022 (category Article 5(1)(c) GDPR)/13 of the GDPR are processed, their processing must find a basis in article 9.2 of the GDPR read in conjunction with Article 6.1. of the GDPR. 29. Since42 KB (6,237 words) - 11:23, 5 August 2022
- AP (The Netherlands) - 25.11.2021 (category Article 5(1)(a) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- Rb. Midden-Nederland - C/16/526196/ HA RK / 21-01 (category Article 6 GDPR)under article 6 GDPR. However, the Court concluded that an immediate notification sent to the data subject was not necessary under article 34 GDPR. In particular34 KB (5,483 words) - 11:58, 5 December 2022
- It ordered the Finnish Police to bring processing into compliance with the GDPR and to notify identifiable data subjects of this breach. On March 31, 202128 KB (4,390 words) - 07:25, 14 October 2021
- VGH München - 4 ZB 23.1056 (category Article 6(1)(e) GDPR)processing of personal data on the basis of Article 6(1)(e) GDPR, and the requirement of Article 6(3)(b) GDPR was satisfied, too. Also, the VGH held it to26 KB (4,050 words) - 14:05, 31 October 2023
- Datatilsynet (Norway) - 20/02376 (category Article 24(1) GDPR)for conducting risk assessments. Both Article 24 and Article 32 GDPR impose such an obligation. Considering the individual case a thorough assessment would38 KB (5,620 words) - 07:40, 4 October 2021
- AKI (Estonia) - 2.1.-1/22/2643 (category Article 4(1) GDPR)accordance with Article 4(1) GDPR. Personal data may only be processed if there is a valid legal basis referred to in Article 6(1) GDPR. As a general rule12 KB (1,754 words) - 10:51, 3 January 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 37(7) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- Rb. Amsterdam - KG ZA 23-440 (category Article 17 GDPR)controller. The data subject objected the CKI registrations on the basis of Article 21 GDPR, explaining that it had an impact on a loan he was taking out for a12 KB (1,771 words) - 13:53, 18 July 2023
- BVwG - W252 2248630-1 (category Article 7(4) GDPR)the controller’s appeal. Pursuant to Article 4(11) GDPR, consent must be freely given. In light of Article 7(4) GDPR, this is clearly not the case when the28 KB (4,614 words) - 08:06, 4 August 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3843/163/20 (category Article 5(1)(a) GDPR)the DPA held that the controller had violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 6 GDPR and Section 3 of the Finnish Act on the Protection39 KB (6,038 words) - 17:39, 29 April 2024
- ICO (UK) - Emailmovers Limited (category Article 4(7) GDPR)also Recital 32. 10. The conditions for "consent" are set out in UK GDPR Art 7. Article 7(1) states, relevantly: "1. Where processing is based on consent,29 KB (4,150 words) - 12:48, 3 August 2021
- HDPA (Greece) - 38/2023 (category Article 2(1) GDPR)ACCORDING TO LAW 7 1. Because, from the provisions of Articles 51 and 55 of the General Data Protection Regulation 2016/679 (GDPR) and Article 9 of Law 4624/201923 KB (3,704 words) - 18:18, 23 April 2024
- VwGH - Ro 2020/04/0031-9 (category Article 6(1)(f) GDPR)interference with the fundamental rights of the data subject under Article 7 CFR and Article 8 CFR. The processing of such data can significantly harm the interests74 KB (10,458 words) - 14:49, 27 March 2024
- Garante per la protezione dei dati personali (Italy) - 9988614 (category Article 9 GDPR)provided to the interested parties based on Article 13 GDPR and to non-contactable persons based on Article 14 GDPR. The information notice includes the right115 KB (18,087 words) - 14:11, 17 April 2024
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)breach of the obligation to inform pursuant to Article 14 of the GDPR 20. According to Article 14 of the GDPR: 1. Where personal data has not been collected48 KB (7,525 words) - 17:02, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9994882 (category Article 5(1)(f) GDPR)elements according to Article 83 GDPR, the DPA imposed a fine in the amount of €18,000 for a violation of Article 5, 9, 32 GPDR and Article 157 of the Italian44 KB (6,958 words) - 13:31, 23 April 2024
- OLG Frankfurt am Main - 13 U 206/20 (category Article 17(1) GDPR)by the plaintiff pursuant to Article 82(1) GDPR, since there have been violations of Article 6(1)(a) GDPR and Article 34 GDPR. The defendant also breached44 KB (7,334 words) - 09:02, 17 March 2022
- APD/GBA (Belgium) - 95/2023 (category Article 4(1) GDPR)whether compliance with Article 6 of the GDPR alone should be checked or whether, in presence of data covered by Article 9.1. of the GDPR (i.e. data qualified27 KB (3,839 words) - 13:12, 18 July 2023
- OLG Karlsruhe - 12 U 305/21 (category Article 12 GDPR)among other things, on Article 15 GDPR. The court of first instance decided to reject the claim and argued that Article 15 GDPR only provides data subjects38 KB (6,239 words) - 10:47, 15 February 2023
- AP (The Netherlands) - 10.12.2020 (Booking.com) (category Article 33(1) GDPR)extent to which the factors mentioned in Article 7 give rise to such an increase or decrease. Pursuant to Article 7, the AP, without prejudice to Articles77 KB (12,915 words) - 17:15, 12 December 2023
- CNIL (France) - SAN-2023-009 (category Article 7(1) GDPR)violation of Article 7(1) GDPR. D. On the breach of the obligations of information and transparency 81. Article 12, paragraph 1, of the GDPR provides that:78 KB (12,701 words) - 10:11, 28 June 2023
- VSRS - VSRS Sodba IV Ips 2/2021 (category Article 83 GDPR)administrative fine under Article 83 of the GDPR. For violations of Article 6 of the GDPR, the fifth paragraph of Article 83 of the GDPR prescribes an administrative30 KB (4,982 words) - 14:27, 17 September 2021
- APD/GBA (Belgium) - 73/2020 (category Article 37(7) GDPR)Pursuant to Article 37(5) GDPR, the DPO should be designated, inter alia, on the basis of their in data protection law and practice. Article 37(7) GDPR provides93 KB (14,040 words) - 17:00, 12 December 2023
- OLG Stuttgart - 9 U 34/21 (category Article 82 GDPR)data breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal60 KB (10,254 words) - 11:22, 22 December 2021
- DSB (Austria) - 2021-0.432.224 (category Article 4(11) GDPR)day) a complaint under Art. 77 GDPR because of the "Unlawful obtaining of consent to data transfer (violation of Art. 7 GDPR)” and requested a declaration33 KB (5,026 words) - 12:07, 2 March 2022
- LfDI (Baden-Württemberg) - 4 Sa 70/20 (category Article 7(4) GDPR)applied Article 9(2)(a) GDPR, according to which the data subject could have voluntarily disclosed their health data defined in Article 4(15) GDPR to the29 KB (4,815 words) - 08:48, 11 November 2022
- Rb. Gelderland - C/05/393140 / HA RK 21-165 (category Article 14 GDPR)under Article 14 GDPR, comply with his access request pursuant to Article 15 GDPR, and to erase his personal data pursuant to Article 17(1)(c) GDPR. The23 KB (3,640 words) - 11:43, 24 March 2022
- FG Nürnberg - 3 K 596/22 (category Article 6(1) GDPR)legislator used the open clause of Article 6(1)(c) and (e) GDPR, in combination with Article 6(2) and Article 6(3) GDPR, to create a legal basis for the38 KB (6,277 words) - 08:12, 18 May 2023
- APD/GBA (Belgium) - 25/2020 (category Article 7 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- BVwG - W256 2214855-1/6E (category Article 6(1)(f) GDPR)accordance with Art. 35 (1) Previous search termGDPR Next search term (see on the necessity of a data protection impact assessment Art. 35 (1) Data Protection27 KB (4,149 words) - 16:02, 22 March 2022
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- VGH Kassel - 10 E 1898/22 (category Article 7(1) GDPR)Federal Statistical Office in the violations of Articles 5-7, 9, 12-15, 24-26, 28-30, 32, 33, 35, 40, 44-47 DS-GVO due to any disclosure of personal data10 KB (1,302 words) - 16:28, 24 January 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.00085 KB (12,340 words) - 15:30, 19 August 2022
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)point 4.7. of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision79 KB (12,260 words) - 17:00, 12 December 2023