Search results
From GDPRhub
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- APD/GBA (Belgium) - 73/2020 (category Article 37(5) GDPR)that the defendant has acted in violation of Article 37.5 and Article 37.7 AVG. On the basis of article 37.5, the officer must be appointed, under more,93 KB (14,040 words) - 17:00, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 36FR/2021 (category Article 38(1) GDPR)obligation to appoint the DPO based on his/her professional qualities (Article 37(5) GDPR): according to the CNPD, this objective is met if the DPO to have8 KB (868 words) - 07:39, 12 November 2021
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))rights under the GDPR, when relevant information is provided. Article 13 GDPR embodies the principle of transparency in Article 5(1)(a) GDPR, outlining the71 KB (9,532 words) - 13:30, 6 March 2024
- APD/GBA (Belgium) - 48/2022 (category Article 5(1)(c) GDPR) (section 2. The legal basis (Articles 6 and 9 GDPR))of competence of the airport's DPO and did not find a violation of Article 37(5) GDPR. Regarding the independance of the DPO, the DPA considered that the7 KB (874 words) - 16:47, 6 April 2022
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg81 KB (11,895 words) - 16:58, 6 December 2023
- (see Article 52 GDPR) and shall be provided with various competencies (Articles 55, 56 GDPR), tasks (Article 57 GDPR) and powers (Article 58 GDPR). For125 KB (16,328 words) - 16:01, 8 March 2024
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 32 GDPR (category GDPR Articles)non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the41 KB (5,197 words) - 12:17, 17 April 2024
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 12 GDPR (category GDPR Articles) (section (5) Free of charge and manifestly unfounded or excessive requests)are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)under Article 79 GDPR – or both. This flexibility allows for parallel proceedings under both Article 77 GDPR and under Article 79 GDPR. As the GDPR foresees31 KB (3,550 words) - 11:11, 29 November 2023
- Article 72 GDPR (category Article 72 GDPR)from the fact that, according to Article 68(3) GDPR, the Commission is not a member of the EDPB. Secondly, Article 68(5) GDPR explicitly states that the Commission22 KB (2,266 words) - 08:26, 17 October 2023
- accountability obligation enshrined in Article 5(2) GDPR. This theory is not totally convincing. In light of Article 5(2) GDPR, a reversal of burden of proof for33 KB (4,215 words) - 09:57, 19 March 2024
- Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number 20 (C.H. Beck29 KB (2,951 words) - 14:19, 25 July 2023
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 5 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 5 GDPR, p. 315 (Oxford University Press 2020). Frenzel, in Paal, Pauly, DS-GVO BDSG, Article 5 GDPR, margin numbers51 KB (6,355 words) - 08:25, 18 April 2024
- APD/GBA (Belgium) - 24/2021 (category Article 6 GDPR)fairness and transparency (Article 5.1 a) GDPR), purpose limitation (Article 5.1 b) GDPR) and minimum data processing (Article 5.1 c) GDPR); 4) the legal basis110 KB (18,238 words) - 16:56, 12 December 2023
- Article 90 GDPR (category Article 90 GDPR)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- pursuant to Article 77 GDPR. Lastly, the NPO may file a legal remedy under Article 79 GDPR against a controller or processor regarding a GDPR infringement26 KB (2,575 words) - 15:50, 9 November 2023
- Article 47 GDPR (category GDPR Articles)Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p29 KB (2,823 words) - 15:15, 28 April 2022
- Article 55 GDPR (category GDPR Articles)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 26 GDPR (category GDPR Articles)protection principles (Article 5), determination of the legal basis for processing (Article 6), implementation of security measures (Article 32), notification37 KB (3,915 words) - 12:49, 24 May 2023
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 6 (available here). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’37 KB (4,635 words) - 13:29, 24 October 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 97 GDPR (category Article 97 GDPR)recitals for Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out16 KB (778 words) - 08:24, 19 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 59 GDPR (category GDPR Articles)Marsch, DS-GVO/BDSG, Article 59 GDPR, margin numbers 4 and 5 (Nomos 2022). Ziebarth, in Sydow, Marsch, DS-GVO/BDSG, Article 59 GDPR, margin number 8 (Nomos15 KB (718 words) - 15:31, 19 October 2023
- Article 74 GDPR (category Article 74 GDPR)Articles 64(5), 65(5), 64(7) and 64(8) GDPR. Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 74 GDPR, p. 1099 (Oxford15 KB (808 words) - 09:44, 17 October 2023
- Article 76 GDPR (category Article 76 GDPR)Regulation (GDPR), Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article15 KB (787 words) - 08:17, 19 October 2023
- Article 67 GDPR (category Article 67 GDPR)Commission (covering Articles 64 to 66 GDPR). For the purposes of the pilot project, the SAs referred to in Article 51 GDPR and the EDPB shall be considered15 KB (810 words) - 16:13, 2 November 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 7 GDPR (category GDPR Articles)accountability in Article 5(2) GDPR, paragraph (2) specifies further requirements in the general principle of transparency under Article 5(1)(a) GDPR, paragraph31 KB (3,489 words) - 16:00, 8 March 2024
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 19 GDPR (category GDPR Articles)States. → See Article 23 GDPR. → You can find all related decisions in Category:Article 19 GDPR. The obligation to notify under Article 19 should not be19 KB (1,436 words) - 12:35, 12 May 2023
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- to in Article 42(5) and approved by the supervisory authority which is competent pursuant to Article 55 or 56 or by the Board pursuant to Article 63; (c)22 KB (1,634 words) - 14:40, 28 July 2023
- APD/GBA (Belgium) - 110/2023 (category Article 5(2) GDPR)breach of the principle of accountability under Article 5(2) GDPR and Article 33(5) GDPR. Article 5(2) GDPR establishes the principle of accountability which66 KB (9,820 words) - 10:13, 13 September 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 69 GDPR (category Article 69 GDPR)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 8 GDPR (category GDPR Articles)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- Article 16 GDPR (category GDPR Articles)However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article23 KB (2,489 words) - 23:24, 6 March 2024
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 73 GDPR (category Article 73 GDPR)simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A19 KB (1,525 words) - 08:18, 19 October 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Article 25 GDPR (category GDPR Articles)affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- 64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- Article 66 GDPR (category Article 66 GDPR)month to a request for mutual assistance (Article 61(8) GDPR) or to a request of joint operations (Article 62(7) GDPR). On 12 July 2021, the EDPB adopted an20 KB (1,590 words) - 16:11, 2 November 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)limited to, security of processing (Article 32(1) GDPR) and the general principles of processing set out in Article 5 GDPR. In confirming the above interpretation20 KB (1,854 words) - 16:32, 8 March 2024
- Article 61 GDPR (category Article 61 GDPR) (section (5) Response by the requested supervisory authority (SA))standards of clarity (Article 61(3) GDPR). Requests are imperative and, subject to specific exceptions (Article 61(4) and (5) GDPR), must be fulfilled and24 KB (2,181 words) - 11:46, 15 January 2024
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- ng, Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters22 KB (1,915 words) - 13:46, 15 January 2024
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- Article 42 GDPR (category GDPR Articles) (section (5-6) Certification can be cssued through a certification body or by the competent supervisory authority)(Articles 42(7) GDPR, 43(5), and 58(2)(h) GDPR). According to the EDPB, where a DPA is to conduct certification pursuant to Article 42(5) GDPR, it will have27 KB (2,452 words) - 14:26, 28 July 2023
- controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- Article 70 GDPR (category Article 70 GDPR)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)Category:Article 83 GDPR The wording “infringements of this Regulation” in Article 83(1) GDPR is slightly imprecise. In fact, Article 83(5)(d) GDPR also provides55 KB (7,622 words) - 14:04, 7 November 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- Article 36 GDPR (category GDPR Articles) (section (5) Member state law may provide for stricter requirements)BDSG, Article 36 GDPR, margin number 5 (C.H. Beck 2020, 3rd Edition). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 36 GDPR, margin number 5 (C.H. Beck31 KB (3,646 words) - 08:51, 21 July 2023
- clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)protection law as enshrined in Article 5 GDPR must be complied with, and that the rights of the data subjects as found in the GDPR must also be available under25 KB (2,482 words) - 10:04, 19 March 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)(3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5) GDPR)32 KB (3,730 words) - 08:43, 7 March 2024
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))subject (Article 12(2) GDPR), respond and communicate the measures taken (Article 12(3) and (4) GDPR), the principle of freedom from costs (Article 12(5) GDPR)61 KB (8,488 words) - 15:47, 18 March 2024
- Article 49 GDPR (category GDPR Articles) (section (5) Limitation of Transfers Based on Important Reasons of Public Interest)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- Article 88 GDPR (category Article 88 GDPR)opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- Article 53 GDPR (category GDPR Articles)DS-GVO BDSG, Article 53 GDPR, margin number 5 (C.H. Beck 2020, 3rd Edition). Polenz, in Simitis, Hornung, Spiecker, Datenschutzrecht, Article 53 GDPR, margin29 KB (2,894 words) - 23:06, 1 April 2024
- Article 34 GDPR (category GDPR Articles)meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 65 GDPR (category GDPR Articles) (section (5) Notification and publication of the decision of the EDPB)lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- Article 2 GDPR (category GDPR Articles)elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)violation of article 5.1.f) of the GDPR (LCEur 2016, 605) , typified in article 83.5.a) of the GDPR, a penalty of warning, of in accordance with article 77 of195 KB (30,495 words) - 12:40, 13 December 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 78 GDPR (category GDPR Articles)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- Article 89 GDPR (category Article 89 GDPR)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- Regulation (GDPR): A Commentary, Article 33 GDPR, p. 642-643 (Oxford University Press 2020). According to Bensoussan, the drafting of Article 33 GDPR drew inspiration54 KB (6,536 words) - 08:22, 16 June 2023
- Article 1 GDPR (category GDPR Articles)limit the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- Article 22 GDPR (category GDPR Articles)and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- legitimate purpose(s) (Article 5(1)(b)); lawfulness of processing (Article 6); adequate, relevant and limited to what is necessary data (Article 5(1)(c)); limited52 KB (7,297 words) - 08:05, 18 July 2023
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- Article 54 GDPR (category GDPR Articles)enforcement of the GDPR. For more information regarding the establishment of SAs, please refer to Article 51(1) GDPR and Article 52 GDPR in this Commentary34 KB (3,649 words) - 13:19, 30 October 2023
- with the support of the EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph43 KB (5,641 words) - 14:58, 28 April 2022
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- Article 20 GDPR (category GDPR Articles)consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- HDPA (Greece) - 37/2020 (category Article 4(7) GDPR)regulated in article 11 of Law 3471/2006 for the protection of personal data in the field of electronic communications. According to this article, such communication14 KB (2,127 words) - 15:37, 6 December 2023
- HDPA (Greece) - 20/2020 (category Article 37(1) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)conjunction with Article 56(5), read in conjunction with Article 56(6), read in conjunction with Article 56(7), read in conjunction with Article 56(8). in conjunction131 KB (22,429 words) - 16:57, 12 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA429 KB (58,279 words) - 09:12, 2 November 2022
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)merits 37/2021 - 10/15 condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the45 KB (6,780 words) - 16:57, 12 December 2023
- CJEU - C‑37/20 and C‑601/20, - WM and Sovim SA v Luxembourg Business Registers (category Article 5(1) GDPR)infringement of several provisions of the GDPR, in particular a number of fundamental principles set out in Article 5(1) thereof. In the alternative, Sovim8 KB (983 words) - 15:16, 27 March 2024
- AEPD (Spain) - EXP202100300 (category Article 16 GDPR)included within the framework of data protection. Therefore, Article 16 GDPR cannot be applied. Article 16 refers to inaccurate personal data, not to the rectification16 KB (2,362 words) - 13:37, 13 December 2023
- AEPD (Spain) - PS/00326/2020 (category Article 37(1)(a) GDPR)obligation imposed on public authorities under Article 37(1) GDPR. This obligation is also within Article 34(1) and (3) of the Spanish data protection law14 KB (1,992 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00329/2020 (category Article 37 GDPR)having appointed a data protection officer, thus breaching Article 37 GDPR. After the GDPR came into force, the Burgos city Council did not appoint a DPO13 KB (2,002 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00251/2020 (category Article 37(1)(b) GDPR)company result in a breach of Article 37 GDPR? The Spanish DPA (AEPD) found that Conseguridad SL had violated Article 37(1)(b) GDPR by not having designated15 KB (2,245 words) - 14:22, 13 December 2023
- AEPD (Spain) - PS/00257/2020 (category Article 37 GDPR)for more than two years after the entry into force of the GDPR. This breached Article 37 GDPR. Ayuntamiento de Arroyomolinos was found lacking a Data Protection18 KB (2,737 words) - 14:23, 13 December 2023
- AEPD (Spain) - PS/00417/2019 (category Article 37 GDPR)stating that it is not included among the assumptions of Article 37 GDPR nor among the ones in Article 34 of the Spanish Law on Personal Data Protection (LOPDGDD)16 KB (2,298 words) - 14:36, 13 December 2023
- LAG Baden-Württemberg - 17 Sa 37/20 (category Article 6(1)(f) GDPR)misuse suffice to claim damages under Article 82 GDPR? The court held that neither §26(1) BDSG nor Article 6(1)f GDPR legitimize the processing of employee4 KB (398 words) - 14:25, 17 September 2021
- CNPD (Luxembourg) - Délibération n°37FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg26 KB (3,862 words) - 17:41, 25 June 2022
- Rb. Amsterdam - C/13/696660/HA RK - 21-37 (category Article 79(2) GDPR)been stated nor has it been proven. 3.11. The GDPR also has a jurisdiction regulation. Article 79(2) of the GDPR provides that proceedings against a controller18 KB (2,617 words) - 08:23, 2 September 2021
- HDPA (Greece) - 50/2021 (category Article 5(1)(a) GDPR)information in accordance with Article 13 GDPR. In addition, the HDPA found that the Ministry violated the obligation of Article 35(9) GDPR in relation to the expression5 KB (548 words) - 09:23, 12 October 2022
- Court of Appeal of Brussels - 2022/AR/292 (category Article 5(1)(f) GDPR)companies that use the TC-string? (Article 4(1) GDPR) 2) a) Is IAB a (joint) controller (Article 4(7) GDPR and Article 24(1) GDPR)? b) Does it matter whether6 KB (675 words) - 09:55, 14 December 2023
- CNIL (France) - SAN-2023-018 (category Article 37(1)(a) GDPR)data protection officer pursuant to Article 37(1)(a) of the GDPR 13. In law, Article 37, paragraph 1, a) of the GDPR provides that “The controller and the22 KB (3,384 words) - 13:25, 24 January 2024
- APD/GBA (Belgium) - 51/2023 (category Article 5(1)(b) GDPR)obligation under Article 37(7) GDPR. The DPA ordered the controller to comply with his obligations under Article 13(1)(b) GDPR and Article 37(7) GDPR and to publish18 KB (2,611 words) - 12:45, 16 June 2023
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 5(1) GDPR)DPO by May 25, 2018, as required for all public bodies according to art. 37 GDPR. The Italian DPA noted that MISE failed to appoint a DPO by the established57 KB (9,144 words) - 15:55, 6 December 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 5(1)(e) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg56 KB (8,326 words) - 16:57, 6 December 2023
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- AEPD (Spain) - TD/00183/2021 (category Article 15 GDPR)free circulation of these data (hereinafter, GDPR); and in article 47 of the Law Organic 3/2018, of December 5, Protection of Personal Data and guarantee20 KB (3,087 words) - 13:30, 13 December 2023
- AEPD (Spain) - PS/00285/2020 (category Article 37 GDPR)federation had violated Article 37 GDPR for not having appointed a DPO. They also held that the federation had violated Article 13 for not having provided19 KB (2,923 words) - 14:26, 13 December 2023
- HDPA (Greece) - 55/2021 (category Article 37(1) GDPR)Ministry of Tourism violated Article 33 GDPR by failing to report the aforementioned data breach, and Article 37(1) GDPR by not appointing a DPO (at the65 KB (10,533 words) - 10:28, 27 January 2022
- AEPD (Spain) - PS/00197/2020 (category Article 5(1)(b) GDPR)Articles 6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the Spanish129 KB (21,793 words) - 14:09, 13 December 2023
- APD/GBA (Belgium) - 11/2019 (category Article 5(1)(b) GDPR)(Articles 37.5. and 37.7. of the DGPS) 10/11The Inspection Service notes that the defendant has not complied with the obligations imposed by Articles 37.5. and24 KB (3,844 words) - 16:51, 12 December 2023
- APD/GBA (Belgium) - 08/2019 (category Article 12(3) GDPR)(Articles 37.5. and 37.7. of the DGPS) 10/11The Inspection Service notes that the defendant has not complied with the obligations imposed by Articles 37.5. and24 KB (3,843 words) - 16:51, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/1111 (category Article 3(1) GDPR)ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of37 KB (5,919 words) - 08:54, 20 August 2021
- Supreme Administrative Court (Portugal) - 0856/20.0BELRA (category Article 4(1) GDPR)with the concept of "personal data", currently translated into Article 4(1) of the GDPR. With the amendment of 2013 and the introduction of a new exception6 KB (657 words) - 10:02, 6 October 2021
- AEPD (Spain) - PS/00129/2022 (category Article 83(5) GDPR)violation of article 5.1.f) of Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter RGPD), typified in the article 83.5 of the RGPD22 KB (3,420 words) - 12:59, 13 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)they are processed (article 5.1 e) of the GDPR). 8.1.4. As for breaches of Articles 5.2. and 24 of the GDPR 88. Article 24.1 of the GDPR which covers Chapter127 KB (21,484 words) - 17:01, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3216/452/17 (category Article 5(1)(a) GDPR)violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR. As a result, and in accordance with Article 58(2)(d) GDPR, the60 KB (9,117 words) - 14:46, 24 January 2024
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)of the GDPR: art. 5.1 a, 12.1, 13, 14, 6, 7, 5.1.c in conjunction with 25, 5.2, 28.3, 31, 37 and 38 AVG. 63. With regard to Article 5 (1) (a) GDPR, the defendant113 KB (18,732 words) - 16:50, 12 December 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the AEPD602 KB (102,229 words) - 14:21, 13 December 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)protection (Article 37 GDPR) and the position of the official for data protection (Article 38 GDPR); • compliance with the obligation to cooperate (Article 31 GDPR82 KB (13,250 words) - 16:57, 12 December 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 5(1)(f) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- Garante per la protezione dei dati personali (Italy) - 9361186 (category Article 5(1)(c) GDPR)(pursuant to Article 166, paragraph 5, of the Code), communicating the initiation of the procedure for the adoption of the measures referred to in Article 58, paragraph31 KB (5,041 words) - 15:49, 6 December 2023
- AEPD (Spain) - PS/00474/2020 (category Article 21 GDPR)euros) for the violation of Article 48.1.b) of the LGT, in relation to Article 21 of the RGPD, classified as serious in Article 77.37 of the LGT, and order the38 KB (5,945 words) - 12:14, 9 June 2021
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- VG Potsdam - VG 3 K 1458/19 (category Article 17 GDPR)the alert on the SIS system under Article 17(1)(d) GDPR. The reason for the data subject invoking the GDPR is that Article 53(1) Regulation (EU) 2018/186123 KB (3,560 words) - 14:17, 21 February 2024
- Recitals GDPR (section Recitals from the GDPR)set out in Article 5 of the Treaty on European Union (TEU). In accordance with the principle of proportionality as set out in that Article, this Regulation182 KB (24,065 words) - 13:40, 9 July 2021
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- AEPD (Spain) - E/03884/2020 (category Article 2(1) GDPR)outside the material scope of the GDPR. Also, with regards to the definition of personal data from Article 4(1) GDPR, the DPA did not reach a firm conclusion56 KB (8,737 words) - 09:35, 26 May 2021
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)processing of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case84 KB (12,933 words) - 16:46, 12 December 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 83(5)(a) GDPR)therefore violated Articles 9(1) GDPR out of negligence. The DPA fined the controller €1,600,000 pursuant of Article 83(5)(a) GDPR and considered this a high163 KB (27,222 words) - 16:54, 6 December 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the131 KB (14,752 words) - 08:36, 5 July 2023
- AEPD (Spain) - 0098/2022 (category Article 6(1)(e) GDPR)assessment and an additional DPIA under Article 35 GDPR, in order to guarantee the adherence to the principles of Article 5 GDPR. First, the Spanish DPA stated56 KB (8,102 words) - 13:57, 1 February 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- proper manner. According to the DPA, the controller violated Article 15 GDPR and Article 13 LOPDGDD which establish that the data subject has the right18 KB (2,786 words) - 12:38, 13 December 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)of article 32, paragraph 1, GDPR further elaborated in article 32, paragraph 2, subaenk, VIS Regulation. 2.5AccessrightstoNVISandstaffprofiles 2.5.1Legal179 KB (22,957 words) - 17:07, 12 December 2023
- AEPD (Spain) - TD/00251/2021 (category Article 15 GDPR)of these data (hereinafter, GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish20 KB (3,142 words) - 13:31, 13 December 2023
- NAIH (Hungary) - NAIH/2020/2729/15 (category Article 5(1)(b) GDPR)captures activities of employees without their knowledge compliant with Article 5 GDPR? The DPA concluded that the video surveillance system introduced by58 KB (9,071 words) - 10:12, 17 November 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- Datatilsynet (Denmark) - 2019-431-0045 (category Article 6(1) GDPR)instruction, under Article 28(1) GDPR. Thus, it has not been decided on whether or not MaCom could process information in accordance with Article 6(3)(a), (1)(a)14 KB (2,119 words) - 16:36, 6 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)rights of freedom of opinion and freedom of the press under Article 5.1 of the Basic Law and Article 10 of the European Convention on Human Rights. The significance133 KB (21,944 words) - 15:59, 22 March 2022
- AEPD (Spain) - TD/00013/2021 (category Article 12(6) GDPR)of these data (hereinafter, GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish19 KB (3,027 words) - 14:48, 13 December 2023
- AEPD (Spain) - EXP202203606 (category Article 17(1)(a) GDPR)free circulation of these data (hereinafter GDPR); and in article 47 of the Law Organic 3/2018, of December 5, on the Protection of Personal Data and guarantee22 KB (3,264 words) - 13:29, 13 December 2023
- costs that the right to freely request inspection is infringed. 5.3. The argument fails. 5.4. 5.4. [appellant under 1] has also requested compensation for exceeding19 KB (3,135 words) - 12:38, 16 September 2021
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)more personal data than strictly necessary within the meaning of Article 5(1)(c) of the GDPR. The FPS Finance therefore does not comply with the data minimization124 KB (18,772 words) - 17:01, 12 December 2023
- AEPD (Spain) - EXP202201987 (category Article 15 GDPR)under Article 15 GDPR, in a timely manner as well as in clear and transparent form. Second, the DPA looked at the right to erasure under Article 17 GDPR21 KB (3,290 words) - 10:50, 13 December 2023
- basis under Article 6 GDPR to collect and process vehicle registration numbers. The legal basis is a statutory obligation prescribed by Article 229 of the16 KB (2,404 words) - 15:46, 30 October 2023
- AEPD (Spain) - PS/00060/2020 (category Article 83(5)(e) GDPR)personal data under Article 15 GDPR? The Spanish DPA held that the airline company had not complied with the right to access in Article 15 GDPR when it refused23 KB (3,695 words) - 13:53, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)obligation of the controller (Article 6 (1) (c)) or to perform a public interest task or exercise public authority paragraph (e)). Article 6 (3) of the Data Protection41 KB (6,555 words) - 08:37, 4 March 2024
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)pursuant to Article 100, §1, 5° WOG, to order a disqualification for the violation of Article 5.1, a), Article 5.2, Article 6, Article 12.1, Article 14.1 a)102 KB (15,787 words) - 07:39, 6 September 2023
- AEPD (Spain) - TD/00263/2020 (category Article 13 GDPR)free circulation of these data (hereinafter, GDPR); and in article 47 of the Law Organic 3/2018, of December 5, Protection of Personal Data and guarantee22 KB (3,544 words) - 14:48, 13 December 2023
- AEPD (Spain) - TD/00044/2021 (category Article 17 GDPR)of these data (hereinafter, GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish22 KB (3,465 words) - 13:30, 13 December 2023
- AEPD (Spain) - EXP202202183 (category Article 6(1) GDPR)provided for in Article 15 GDPR and Article 13 LOPDGDD was exercised. Secondly, the DPA noted that a valid legal basis under Article 6(1) GDPR is required22 KB (3,432 words) - 12:37, 13 December 2023
- APD/GBA (Belgium) - 56/2021 (category Article 5(2) GDPR)addition to the violation of Article 32 GDPR, the Chamber found that the financial institution had violated: Article 25 GDPR on data protection by design5 KB (671 words) - 17:03, 12 December 2023
- HDPA (Greece) - 61/2022 (category Article 5(1)(a) GDPR)information provided to data subjects was less than that required by the GDPR, and the information was not provided in an intelligible and easily accessible6 KB (663 words) - 15:31, 6 December 2023
- AEPD (Spain) - EXP202203996 (category Article 15 GDPR)circulation of these data (hereinafter GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish26 KB (4,017 words) - 12:37, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 7285/183/18 (category Article 5(1)(a) GDPR)fairness of processing (Article 5(1)(a) GDPR), data minimisation (Article 5(1)(c) GDPR), and data protection by default (Article 25(2) GDPR). The DPA suggested73 KB (11,237 words) - 05:34, 21 July 2022
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)DPA under Article 100 § 1, 6, 10 and 12 of the LCA. The complainant y also denounces a breach of Article 5.1. c) and Article 5.1. e) of the GDPR. 18. The73 KB (11,604 words) - 16:57, 12 December 2023
- AEPD (Spain) - EXP202202937 (category Article 12 GDPR)(hereinafter referred to as GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish26 KB (3,997 words) - 18:59, 26 February 2024
- Norges Høyesterett - 2021-2403-A (category Article 5(1)(a) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- APD/GBA (Belgium) - 54/2021 (category Article 5 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)breach of Article 6 GDPR, in that the processing was not necessary for its legal obligation. In addition, the chamber found a breach of Article 5 GDPR, in that73 KB (11,238 words) - 16:59, 12 December 2023
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further49 KB (7,800 words) - 09:22, 5 January 2024
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)organization (definition) Article 5.1 : Principles of data processing Article 5.1.a : Principle of legality, objectivity and transparency Article 5.1.b : Principle9 KB (1,251 words) - 12:15, 8 May 2023
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled27 KB (4,216 words) - 13:26, 8 January 2024
- AEPD (Spain) - EXP202205932 (category Article 83(5) GDPR)basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful32 KB (4,952 words) - 13:11, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.00085 KB (12,340 words) - 15:30, 19 August 2022
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 651 KB (8,215 words) - 09:55, 13 May 2022
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)organization (definition) Article 5.1: Data processing principles Article 5.1.a: Principle of legality, objectivity and transparency Article 5.1. b: Principle of9 KB (1,168 words) - 15:30, 6 December 2023
- DSB (Austria) - 2021-0.586.257 (category Article 5 GDPR)question if Google LLC violated Articles 5 et seqq. GDPR in connection with Article 28(3)(a) and Article 29 GDPR. The DSB fully upheld the complaint with108 KB (17,097 words) - 13:52, 12 May 2023
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)the GDPR sees in Individual provisions stipulate a risk-based approach (e.g. Art. 24 Para. 1 and Para. 2, Art. Article 25(1), Article 30(5), Article 32(1)158 KB (26,392 words) - 08:25, 7 June 2023
- TGI Paris - N° 14/07224 (category Article 5(1)(d) GDPR)all contracts; * clause n ° 5 regarding - of article 6/1 °, 2 ° & 3 ° of the Data Protection Act for all contracts, - Article 32 / I of the Data Protection392 KB (67,730 words) - 15:27, 17 March 2022
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 1885 KB (13,724 words) - 16:52, 12 December 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)cites Articles 5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing31 KB (4,648 words) - 13:56, 12 May 2023
- AEPD (Spain) - PS/00057/2020 (category Article 7 GDPR)of the cases of compulsory designation included (i) in article 37.1RGPD, as well as (ii) in article 34 of the Organic Law on Data Protection andguarantee31 KB (4,757 words) - 13:52, 13 December 2023
- UODO (Poland) - DKE.561.11.2020 (category Article 34(4) GDPR)(2), Article 60, Article 101, Article 101a and Article 103 of the Act of 10 May 2018 on personal data protection (Journal of Laws of 2019, item 1781) and46 KB (7,322 words) - 09:51, 17 November 2023
- CJEU - C-46/23 - Újpest Önkormányzat Polgármesteri Hivatala (category Article 17 GDPR)corrective powers under Article 58(2) GDPR, namely 58(2)(d) and (g) GDPR, may be exercised by the DPA on its own motion. Article 58(2)(c) GDPR, on the other hand6 KB (683 words) - 15:27, 27 March 2024
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 5(1)(f) GDPR)infringements of Article 5(1)(f), Article 24, and Article 32 GDPR, and to the objection of the IT SA on the possible infringement of Article 5(2) GDPR, the EDPB183 KB (30,819 words) - 09:50, 20 January 2023
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(a) GDPR)been taken up again at Article 5.1(b) of the GDPR under the Principles for the Processing of Personal Data (Chapter II). 16. Article 5.1(b) of the GDMP provides35 KB (5,853 words) - 16:58, 12 December 2023
- AP (The Netherlands) - 04.11.2019 (category Article 32 GDPR)on the date of this resolution. 6. Decision In view of the above and Article 5:37 of the General Administrative Law Act, the General Administrative Law36 KB (5,914 words) - 17:13, 12 December 2023
- AEPD (Spain) - E/07449/2019 (category Article 13 GDPR)A.A.A.. In accordance with the provisions of Article 37.2 of the LOPD, in the wording given by Article 82 of Law 62/2003, of 30 December, on fiscal, administrative11 KB (1,680 words) - 13:41, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)relation to the requirements prescribed by Article 12.1 of the GDPR (transparency obligation) and by Article 13 of the GDPR (right to information). The Head of82 KB (11,472 words) - 16:58, 6 December 2023
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)opening clause in Article 86 GDPR if the disclosure involves personal data? The court held that the VIG complies with Article 86 GDPR: The provisions of40 KB (6,397 words) - 08:03, 21 March 2022
- APD/GBA (Belgium) - 48/2021 (category Article 5(1)(a) GDPR)defendant on the basis of Article 100.1, 5 ° LCA given the breach noted in Article 6 of the GDPR combined with Article 5.1.a) of GDPR; - To dismiss the remainder43 KB (6,670 words) - 16:58, 12 December 2023
- AEPD (Spain) - EXP202202928 (category Article 12 GDPR)with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the GDPR; and in article 47 of the LOPDGDD. SECOND: In accordance14 KB (2,003 words) - 12:37, 13 December 2023
- AEPD (Spain) - PS/00334/2020 (category Article 6(1) GDPR)(hereinafter, LPACAP), for the alleged violation of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: Once the aforementioned commencement16 KB (2,328 words) - 14:30, 13 December 2023
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD typified in Article 83.5.a) of the RGPD and considered very serious, for the purposes of prescription, in Article 72.139 KB (6,623 words) - 14:08, 13 December 2023
- AEPD (Spain) - PS/00076/2021 (category Article 6(1) GDPR)procedure to the claimed, by the alleged violation of Article 6 of the RGPD, typified in Article 83.5 b) of the RGPD. SIXTH: Notified the initiation agreement15 KB (2,292 words) - 13:56, 13 December 2023
- AEPD (Spain) - TD/00277/2020 (category Article 17 GDPR)of these data (hereinafter, GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish40 KB (6,518 words) - 13:29, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose52 KB (7,520 words) - 13:13, 20 July 2021
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- CNIL (France) - SAN-2023-082 (category Article 5(2) GDPR)personal data and on the free movement of such data (the GDPR) provides, in particular in Article 5, point 2, that the data controller must be able to demonstrate46 KB (7,106 words) - 17:06, 6 December 2023
- AEPD (Spain) - EXP202203923 (category Article 12 GDPR)with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the GDPR; and in article 47 of the LOPDGDD. SECOND: In accordance14 KB (2,139 words) - 10:50, 13 December 2023
- AEPD (Spain) - PS/00274/2020 (category Article 21 GDPR)Raise Marketing violated the data subject's right to object (Article 21 GDPR and Article 23 LOPDGDD). The DPA fined Raise Marketing €1500 for this violation16 KB (2,544 words) - 14:25, 13 December 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)purposes in Article 73, sections j), k) and p) of the LOPDGDD, for violation of article 44 of the RGPD typified in accordance with article 83.5.c) of the287 KB (48,336 words) - 13:53, 13 December 2023
- AEPD (Spain) - TD/00133/2020 (category Article 12 GDPR)has been received. Does the GDPR allow the data controller to ignore a request for erasure? The AEPD found that Article 12 GDPR does not allow the data controller18 KB (2,721 words) - 14:51, 13 December 2023
- AP (The Netherlands) - 14.01.2022 (category Article 5(1)(c) GDPR)2019 Pursuant to article 58, second paragraph, opening words and article 83, fifth paragraph, of the GDPR, read in in connection with article 14, third paragraph50 KB (7,656 words) - 17:05, 12 December 2023
- OLG Frankfurt am Main - 13 U 206/20 (category Article 17(1) GDPR)by the plaintiff pursuant to Article 82(1) GDPR, since there have been violations of Article 6(1)(a) GDPR and Article 34 GDPR. The defendant also breached44 KB (7,334 words) - 09:02, 17 March 2022
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- AEPD (Spain) - PS/00320/2020 (category Article 83(5) GDPR)described violates article 6.1. of the RGPD and is subsumable in the sanctioning type of the article 83.5.a, of the RGPD. IV Article 72.1.b) of the LOPDGDD18 KB (2,736 words) - 14:28, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 42FR/2021 (category Article 37(1) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg35 KB (4,974 words) - 10:52, 2 December 2021
- CNPD (Luxembourg) - 10FR/2023 (category Article 37(1)(a) GDPR)DPA, as provided by Article 37(1)(a) GDPR and Article 37(7) GDPR. The DPA noted that pursuant to the entry into force of the GDPR, public bodies were obliged23 KB (3,112 words) - 11:34, 3 January 2024
- APD/GBA (Belgium) - 37/2024 (category Article 6(1)(a) GDPR)criterion B.6 in the Dispute Chamber's policy of dismissal. Decision 37/2024 — 5/6 5 cookie banners (“Cookie Banner Taskforce”), in which the supervisory16 KB (2,159 words) - 16:19, 13 March 2024
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)this was precisely not the case. 37. The restricted panel therefore considers that a breach of Article 5 (1) (a) of the GDPR has occurred. 38. It notes, however48 KB (7,404 words) - 17:09, 6 December 2023
- AEPD (Spain) - EXP202101314 (category Article 15 GDPR)of these data (hereinafter, GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish18 KB (2,693 words) - 13:31, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9777996 (category Article 5 GDPR)transparency" (Article 5(1)(a) GDPR). The DPA further held that the controller violated the principle of "purpose limitation" (Article 5(1)(b)). The DPA4 KB (366 words) - 13:58, 15 June 2022
- Garante per la protezione dei dati personali (Italy) - 9979112 (category Article 37(7) GDPR)procedure under Article 58(2) GDPR. The DPA also invited the controller to provide its defence in writing. The Italian DPA noted that Article 37(7) GDPR not only34 KB (5,295 words) - 10:52, 21 February 2024
- AEPD (Spain) - PS/00314/2021 (category Article 37 GDPR)making your data public contact and communicate them to the AEPD (article 37 RGPD). Article 37 RGPD, paragraphs 1 and 7 refer to these obligations and establish24 KB (3,489 words) - 12:05, 10 November 2021
- DSB (Austria) - D122.844/0006-DSB/2018 (category Article 12(5) GDPR)coming into force of the GDPR on 25. 5. 2018. Can a controller charge for access to historic account data under Article 15 GDPR? Is GDPR applicable to a case19 KB (2,936 words) - 13:55, 12 May 2023
- HDPA (Greece) - 29/2023 (category Article 5(1)(c) GDPR)controller had violated Article 5(1)(c) GDPR and Article 15 GDPR. Firstly, the HDPA found that the controller violated Article 5(1)(c) GDPR because its transmission21 KB (3,334 words) - 09:12, 25 October 2023
- CNPD (Luxembourg) - Délibération n°43FR/2021 (category Article 37(1) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a not-for-profit20 KB (2,865 words) - 10:43, 7 December 2021
- AZOP (Croatia) - Decision 29-06-2022 (bank) (category Article 5 GDPR)the principles of lawfulness and fairness of Article 5 GDPR and without a legal basis under Article 6 GDPR. A bank (the controller) organized prize games20 KB (3,166 words) - 15:36, 30 October 2023
- AEPD (Spain) - TD/00071/2020 (category Article 17 GDPR)in accordance with the provisions of section 2 of article 56 inin relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of theEuropean19 KB (2,948 words) - 14:50, 13 December 2023
- AEPD (Spain) - PS/00079/2020 (category Article 83(5)(a) GDPR)of Article 6(1) GDPR? The Spanish DPA held that the documentation in the file provides evidence that G.L.P. Instalaciones 86, S.L violated Article 6(1)20 KB (3,301 words) - 13:57, 13 December 2023
- AEPD (Spain) - EXP202202889 (category Article 12 GDPR)with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the GDPR; and in article 47 of the LOPDGDD. SECOND: In accordance20 KB (3,077 words) - 10:46, 13 December 2023
- APD/GBA (Belgium) - 05/2021 (category Article 5(1)(f) GDPR)arises from Article 5.2 and Article 24 GDPR where it is up to the defendant to demonstrate that they also acts in accordance with article 5.1. f GDPR namely:60 KB (9,281 words) - 16:50, 12 December 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)fail to adhere to the data transparency (Article 5(1)(a) GDPR) and the data minimisation (Article 5(1)(c) GDPR) principles? Was the defendant required to48 KB (7,926 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00182/2020 (category Article 6(1) GDPR)(hereinafter, LPACAP), for the alleged violation of Article 6.1 of the RGPD, typified in Article 83.5 of the RGPD. FIFTH: Once the aforementioned commencement21 KB (3,154 words) - 14:07, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9773950 (category Article 5(1)(e) GDPR)transparency, storage limitation and accountability of Article 5(1) GDPR, Article 24 and Article 25. The DPA clarified that information on video surveillance34 KB (5,239 words) - 10:47, 28 June 2022
- AEPD (Spain) - EXP202204501 (category Article 5(1)(f) GDPR)communication or access to said data.” III Violation of article 5.1 f) of the GDPR Article 5.1.f) of the GDPR, Principles relating to processing, states the following:57 KB (8,604 words) - 15:40, 20 March 2024
- HDPA (Greece) - 2/2024 (category Article 37 GDPR)amount of 5. 000 euros, for violation of Article 31 GDPR, and an administrative fine for a total of 20,000 euros, for violation of Article 37 GDPR. Share5 KB (610 words) - 16:00, 26 February 2024
- AEPD (Spain) - PS/00006/2022 (category Article 12 GDPR)violation of the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned54 KB (8,870 words) - 10:43, 13 December 2023
- AEPD (Spain) - EXP202205820 (category Article 6 GDPR)violating the provisions of article 6 of the GDPR, which supposes the commission of an infraction typified in article 83.5 of the GDPR, which provides the following:61 KB (9,700 words) - 13:21, 13 December 2023
- HDPA (Greece) - 13/2024 (category Article 5(1)(a) GDPR)processing under Article 9 GDPR. Second, the HDPA also found a violation of the principle of lawfulness under Article 5(1a) of the GDPR. It found that the12 KB (1,511 words) - 16:01, 10 April 2024
- ICO - FS50895772 (category Article 5(1)(a) GDPR)principles relating to the processing of personal data set out in Article 5 of the GDPR. The Cabinet Office could rely on that section of the regulation5 KB (526 words) - 09:34, 7 July 2020
- Garante per la protezione dei dati personali (Italy) - 9920578 (category Article 5(1)(e) GDPR)by default, under Article 5(1)(c) GDPR and Article 5(1)(e) GDPR, Article 5(2) GDPR together with Article 24 GDPR and Article 25 GDPR. The DPA stated that92 KB (14,784 words) - 08:49, 27 September 2023
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- AEPD (Spain) - PS/00368/2020 (category Article 21 GDPR)company, Iberdrola Clientes, S.A.U for infringing Article 21 GDPR, Article 48(1)(b) LGT, and Article 23(4) LOPDGDD. The initial proposed fine was €1000021 KB (3,137 words) - 14:33, 13 December 2023
- AEPD (Spain) - PS/00003/2021 (category Article 5(1)(c) GDPR)infringement of article 5.1.c) of the RGPD, typified in article 83.5.a) and qualified as very serious for prescription purposes in article 72.1.a) of the115 KB (18,312 words) - 11:58, 16 March 2022
- AEPD (Spain) - PS/00308/2020 (category Article 5(1)(a) GDPR)third party, breach Article 6(1) GDPR? The Spanish DPA (AEPD) referred to the principle of lawfulness, fairness and transparency (Article 5(1)(a)), as well25 KB (4,016 words) - 14:27, 13 December 2023
- AEPD (Spain) - TD/00054/2020 (category Article 12 GDPR)set out in Article 15(1) of Regulation (EU) 2016/679 which are not be included in the remote access system. 3. For the purposes of Article 12(5) of Regulation22 KB (3,500 words) - 14:50, 13 December 2023
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller gives120 KB (19,650 words) - 09:00, 6 April 2022
- IP - 07121-1/2021/577 (category Article 37 GDPR)question regarding the DPO appointed by the controller in accordance with Article 37 of the General Regulation, the IP emphasizes that the controller must7 KB (978 words) - 10:41, 6 May 2021
- AEPD (Spain) - PS/00132/2020 (category Article 83(5) GDPR)Procedure"), LPACAP), for the alleged violation of Article 6.1 of the GRPD, as defined in Article 83.5 of the RGPD. FOURTH: Once the above-mentioned agreement24 KB (3,939 words) - 14:03, 13 December 2023
- AEPD (Spain) - PS/00235/2020 (category Article 6(1) GDPR)(hereinafter, LPACAP), for the alleged violation of Article 6.1 of the RGPD, typified in Article 83.5 of the RGPD. FIFTH: Once the aforementioned start-up24 KB (3,766 words) - 14:21, 13 December 2023
- CNIL (France) - SAN-2022-020 (category Article 5(1)(e) GDPR)obligations arising from Article 5(1)(e) of the GDPR. D. On the breach of the transparency obligation 36. Article 12(1) of the GDPR provides that "the controller59 KB (9,566 words) - 17:03, 6 December 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)subject relied on the GDPR to anonymise and redact deeds which were key to the proceedings, on the basis of Article 5(1)(c) GDPR (data minimisation). In103 KB (17,620 words) - 10:13, 29 November 2023
- AEPD (Spain) - PS/00198/2020 (category Article 6(1) GDPR)measurespre-contractual;(…) "The offense is typified in Article 83.5 of the RGPD, which considers as such:"5 . Violations of the following provisions will be24 KB (3,769 words) - 14:10, 13 December 2023
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)provided for in Article 5(1)(a), (e) and (f), Article 5(2), Article 24(1) and (2), Article 28(3), Article 30(1)(d) and (f) and Article 32(1) of the General58 KB (9,357 words) - 10:02, 17 November 2023
- OLG Stuttgart - 9 U 34/21 (category Article 82 GDPR)data breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal60 KB (10,254 words) - 11:22, 22 December 2021
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 5 GDPR)infringement of Article 6(1) GDPR (440), and to take into account the additional infringement of the principle of fairness in Article 5(1)(a) GDPR in its adoption468 KB (51,340 words) - 14:10, 30 January 2023
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)resulting from Article L. 34-5 of the CPCE and Article 7-1 of the GDPR. B. On the breaches relating to the exercise of rights 27. According to Article 12 of the59 KB (9,623 words) - 17:03, 6 December 2023
- GHSHE (Netherlands) - 200.274.447 01 (category Article 5 GDPR)compelling reasons within the meaning of Article 9 of the protocol on monitoring systems. That article reads as follows: "Article 9 Articles 05 to 08 do not affect60 KB (10,118 words) - 15:12, 5 October 2021
- BVwG - W176 2244407-1/18E (category Article 15(4) GDPR)in Article 23 GDPR. Restrictions on the right to information under Art. 15 GDPR result in particular from the express provision in Art. 15 (4) GDPR that48 KB (7,816 words) - 11:04, 29 July 2022
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)provided for in Article 9 of the GDPR or Article 51 of the ZZLD. 30 Under Article 27 of the ZMVR, data recorded by the police pursuant to Article 68 of that110 KB (18,000 words) - 08:01, 5 June 2023
- AEPD (Spain) - PS/00140/2022 (category Article 37(1) GDPR)established by article 37.1 of the GDPR. In relation to these assumptions, we must emphasize the provisions of section b of article 37.1 of the GDPR establishes151 KB (23,196 words) - 05:40, 9 May 2023
- Persónuvernd- nr. 2019/232 (category Article 5(1) GDPR)administrative matter in Article 14. Act no. 37/1993 does not apply to the case in question. In the first paragraph. Article 15 Act no. 37/1993 states, among21 KB (3,242 words) - 16:07, 10 March 2022
- AEPD (Spain) - PS/00058/2020 (category Article 5(1)(f) GDPR)for the alleged violation of article 5.1f) of the RGPD in relation to the Article 5 of the LOPDGDD, typified in article 83.5 a) of the RGPD. C / Jorge Juan28 KB (4,619 words) - 13:53, 13 December 2023
- OLG Frankfurt am Main - 16 W 37/20 (category Article 6(1)(f) GDPR)Pursuant to Article 2(1) GDPR, the Regulation applies to the wholly or partially automated processing of personal data. According to Article 4(2) GDPR, the term59 KB (9,603 words) - 14:03, 20 September 2021
- AEPD (Spain) - PS/00278/2020 (category Article 5(1)(a) GDPR)images, in violation of Article 5(1)(a) GDPR? The Spanish DPA (AEPD) found that the defendant's conduct violated Article 5(1)(a) GDPR, as a broader principle28 KB (4,592 words) - 14:25, 13 December 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)agreements Article 12 (1) of the GDPR 17 IV.5. Legal consequences (72) The Authority finds that the Client has infringed Article 5 (1) (c) GDPR, Article 6 Article72 KB (11,159 words) - 10:09, 17 November 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches66 KB (9,458 words) - 19:42, 4 September 2021
- CNIL (France) - SAN-2023-016 (category Article 5(1)(b) GDPR)breached Article 5(1)(b) GDPR. Therefore, the DPA handed down a 'call to order' against the joint controllers for breaching Article 5(1)(b) GDPR, and no27 KB (4,166 words) - 17:06, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)processing was therefore in breach of Article 5(1)(a) and Article 6(1)(c) of the GDPR. The DPA also ruled out Article 6(1)(f) on the grounds of domestic law:76 KB (11,147 words) - 16:58, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)processing operations should not be disproportionate.5 disproportionate.5 16. Article 5(1)(b) of the GDPR provides that personal data must be be "collected69 KB (11,315 words) - 13:30, 19 January 2022
- AEPD (Spain) - PS/00006/2019 (category Article 6(1)(a) GDPR)contravene Articles 13(1), 6(1)(a) and 8 GDPR? The AEPD found that GRUP BC S.L violated Article 13(1), 6(1)(a) and 8 GDPR. Share your comments here! Share blogs27 KB (4,517 words) - 13:44, 13 December 2023
- accordance with Article 38.3 of the AVG 5. On 5 October 2021, the Disputes Chamber decided on the basis of article 95, §1, 1°and article 98 of the CPC that206 KB (30,485 words) - 09:54, 14 December 2023
- AEPD (Spain) - EXP202202000 (category Article 17 GDPR)information correctly published at the time. The DPA noted that under Article 17(3)(b) GDPR, personal data shall not be erased if their processing is necessary20 KB (3,107 words) - 10:49, 13 December 2023
- LG Münster I - ECLI:DE:LGMS:2023:0704.16O238.22.00 (category Article 6(1)(f) GDPR)personal data under Article 17(1)(d) GDPR, and ordered the controller to pay the data subject €579.17 in damages under Article 82(1) GDPR. Share your comments28 KB (4,215 words) - 15:09, 6 December 2023
- Persónuvernd (Iceland) - Case no. 2021112113 (category Article 5(1) GDPR)Paragraph 2 Article 5 Act no. 90/2018. As regards the complainant's reference to paragraph 1. Article 7 Information Act also refers to paragraph 2. Article 4 of25 KB (3,986 words) - 08:54, 16 February 2023
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 5(1)(a) GDPR) (section 5. Justification for Datatilsynet's decision)the data subject's consent in Article 4(11), and the basic principle of legality, reasonableness and transparency in Article 5(1)(a). Furthermore, Datatilsynet65 KB (9,767 words) - 16:22, 6 December 2023
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)in his e-mail dated 5 July 2019. By doing so, the data subject invokes his right under Article 17 of the AVG. 27. Pursuant to Article 17(1)(c) AVG, the data27 KB (4,363 words) - 16:56, 12 December 2023
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph28 KB (4,527 words) - 15:58, 26 April 2022
- AEPD (Spain) - EXP202205791 (category Article 17 GDPR)observations. Firstly, the right to be forgotten can be found in Article 17 GDPR and Article 93 of the LOPDGDD, the Spanish data protection law. It establishes29 KB (4,648 words) - 12:38, 13 December 2023
- AP (The Netherlands) - 25.11.2021 (category Article 5(1)(a) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9685994 (category Article 5(1)(c) GDPR)it had found violations of Articles 5(1)(a)(c)(e), 13, 22(3), 25, 30(1)(c)(f)(g), 32, 35, 37(7), and 88 of the GDPR. In defensive briefs, UK Roofoods contended235 KB (38,572 words) - 10:19, 20 July 2022
- LG Essen - 6 O 190/21 (category Article 33 GDPR)violated Article 34(2) GDPR, because he only informed the data subject of the alleged data loss. However, the information obligations of Article 34 GDPR provide28 KB (4,596 words) - 18:30, 18 November 2021
- Datatilsynet (Denmark) - 2021-432-0063 (category Article 32(1) GDPR)about one party to a proceeding with another party, in violation of Article 32(1) GDPR. The Agency of Family Law (the controller) is a public authority that35 KB (5,141 words) - 14:34, 28 September 2022
- IP - 07120-1/2020/25 (category Article 4(5) GDPR)particularly emphasizes the inadequacy of the provisions of Article 4, paragraphs 1 and 2 and Article 5, paragraphs 1 and 2 of the Arrangement, since, as stated24 KB (3,577 words) - 15:31, 14 April 2021
- AP (The Netherlands) - z2018-02009 (category Article 32 GDPR)DPA 5. The General Data Protection Regulation (hereinafter: the GDPR) applies on 25 May 2018 become. The GDPR imposes the same obligation in Article 3233 KB (5,112 words) - 17:10, 12 December 2023
- APD/GBA (Belgium) - 42/2020 (category Article 2(1) GDPR)of minimum data processing (Article 5.1. c) GDPR). 33. In order to check whether the third condition of Article 6.1 f) GDPR - the so-called "Balancing test"30 KB (4,871 words) - 16:58, 12 December 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- Communications Act (ZEKom-1), the GDPR and the Data Protection Act (ZVOP-1). The principles of Article 5 of the GDPR must be followed and attention must29 KB (4,524 words) - 14:47, 17 March 2022
- Korkein hallinto-oikeus (Finland) - KHO:2023:56 (category Article 5(1)(c) GDPR)Protection Regulation) Article 5, paragraph 1, subparagraph c, Article 25, Article 58, paragraph 2, subparagraph d, and Article 87, Section 29, subsection45 KB (5,016 words) - 14:14, 21 March 2024
- CNIL (France) - SAN-2020-015 (category Article 32(1) GDPR)private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA29 KB (4,374 words) - 16:03, 19 January 2024
- LfDI (Baden-Württemberg) - 4 Sa 70/20 (category Article 4(15) GDPR)applied Article 9(2)(a) GDPR, according to which the data subject could have voluntarily disclosed their health data defined in Article 4(15) GDPR to the29 KB (4,815 words) - 08:48, 11 November 2022
- Garante per la protezione dei dati personali (Italy) - 9675440 (category Article 5(1)(c) GDPR)(Garante) held that Foodinho had violated Articles 5(1)(a), (c) and (e), 13, 22, 25, 30, 32, 35 and 37 of the GDPR through its use of algorithms to manage riders180 KB (29,599 words) - 13:51, 28 July 2021
- provided for in Article 163 of the Code, in relation to Article 37, for failure to notify the Garante; - lastly, the breach provided for by Article 164-bis, paragraph31 KB (5,020 words) - 11:07, 1 June 2022
- ANSPDCP (Romania) - Fine against Societatea Civilă Medicală Policlinica Tommed (category Article 5(1)(a) GDPR)the controller violated Article 5(1)(a), Article 5(1)(b), Article 5(1)(f), and Article 5(2), in conjunction with Article 9 GDPR. First, the DPA held that5 KB (528 words) - 16:11, 15 December 2021
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)that the letter in question referred to Article 58(1)(a) of the GDPR and Article 5:16 in conjunction with Article 5:17 of the Awb does not make this any different67 KB (11,415 words) - 17:15, 12 December 2023
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)made to the GDPR, it follows that the "consent" provided for in Article 5, paragraph 3, of the "ePrivacy" directive as transposed in article 82 of the "Informatique82 KB (13,428 words) - 17:02, 6 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 5(1)(f) GDPR)observations, which, in accordance with Article 54(1)(b), (3) and (4), (4) and (4), (5) and (5), (5) and (5), (5) and (5), (5) and (6). 2 of the Rules of Procedure35 KB (5,526 words) - 16:56, 12 December 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)Court found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw32 KB (5,236 words) - 16:00, 10 March 2022
- with the obligations under Article 6, §2, al. 5 and Article 9 of the Camera Act 1 2. there is a serious indication that article 6, § 2, al. 4 of the aforementioned35 KB (5,303 words) - 17:01, 12 December 2023
- LG Augsburg - 022 O 2669/22 (category Article 5(1)(f) GDPR)Articles 5, 13, 14 GDPR), also the defendant clearly and in ease language pointed to the default settings, so no breach of Article 25 GDPR or Article 32 GDPR26 KB (4,101 words) - 10:24, 13 March 2024
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- APD/GBA (Belgium) - 72/2020 (category Article 5(1)(b) GDPR)membership are in principle prohibited (article 9.1 of the RGPD). The second paragraph of the However, the same article provides for a series of exceptions34 KB (5,677 words) - 17:00, 12 December 2023
- Datatilsynet (Denmark) - 2021-31-5553 (category Article 5(1)(a) GDPR)6(1)(a) GDPR and 4(11) GDPR and did therefore violate Articles 5(2) and 5(1)(a) GDPR. The DPA ordered the controller pursuant to Article 58(2)(d) GDPR to ensure32 KB (4,997 words) - 14:09, 22 February 2023
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(a) GDPR)vehicles. Article 5(1)(c) GDPR - “minimum data processing” principle 37. The principle of data minimum processing as set out in Article 5(1)(c) GDPR states43 KB (6,274 words) - 08:57, 29 June 2023
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)force of the GDPR, the controller also sent him a separate revocation letter referring to the operational reasons under Article 38(3) GDPR, second sentence40 KB (6,019 words) - 14:13, 28 November 2023
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)this regard within the meaning of Article 2 (2) point d) GDPR. Whichcertain officials of the defendant under Article 5, §2 of the Second Ordinanceare appointed41 KB (6,354 words) - 16:59, 12 December 2023
- RvS - 201901006/1/A2 (category Article 79 GDPR)and annulled that decision, in so far as it did not award any compensation. 5. 5. [Appellant] claims to be entitled to higher compensation than € 300.00.34 KB (5,179 words) - 07:10, 7 April 2020
- Persónuvernd (Iceland) - 2020061979 (category Article 38 GDPR)Number 5. Paragraph 1 Article 41, paragraphs 1 and 3 Article 46 Act no. 90/2018, cf. point e, paragraph 1 Article 58, paragraphs 1 and 5 Article 83 of regulation33 KB (5,086 words) - 13:03, 7 September 2022
- Court of Appeal of Brussels - 2021/AR/205 (category Article 6 GDPR)reference to Article 3.5 of an artist's contract (document 2 of the The applicants rely - among other things with reference to Article 3.5 of an artist's92 KB (14,873 words) - 09:03, 20 August 2021
- Persónuvernd - 2020010373 (category Article 5(1)(f) GDPR)Icelandic DPA was of the opinion that the exchange was GDPR compliant, so long as: - Article 5(1)(c) was upheld, ie the purpose for the processing was22 KB (3,406 words) - 10:37, 2 July 2020
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)meaning of Article 5.1.c. AVG). 13. The transcript of the hearing is subsequently transmitted to the parties on 28 June 2023; in accordance with Article 54 of39 KB (6,247 words) - 09:14, 15 November 2023
- AP (The Netherlands) - 10.12.2020 (locatefamily.com) (category Article 27(1) GDPR)penalty payments pursuant to Article 58(2) opening words and under (d) of the AVG, Article 16(1) of the UAVG and Article 5:32(1) of the Awb. This means38 KB (6,339 words) - 17:14, 12 December 2023
- IP (Slovenia) - 0603-98/2022/6 (category Article 5(2) GDPR)first paragraph of Article 91 of ZVOP 1 and when applying the second paragraph of Article 26 of ZP 1, the first paragraph of Article 21 of ZP 1 and the25 KB (4,035 words) - 13:16, 26 July 2023
- APD/GBA (Belgium) - 11/2022 (category Article 5(1)(a) GDPR)interpreted Article 5.3 of the Directive Privacy and electronic communications using the GDPR, specifically on the basis of Article 4.11, Article 6.1.a GDPR (consent92 KB (13,989 words) - 14:56, 3 February 2022
- DSB (Austria) - D130.206/0006-DSB/2019 (category Article 5(1)(a) GDPR)- the rectification of the violation of Article 13 GDPR would also rectify the violation of Article 5(1)(a) GDPR (principle of transparency) and therefore40 KB (6,007 words) - 13:59, 12 May 2023
- APD/GBA (Belgium) - 33/2020 (category Article 5 GDPR)by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit39 KB (6,551 words) - 16:56, 12 December 2023
- obligations relating to cookies 53. According to Article 82 of the Data Protection Act, transposing Article 5(3) of the ePrivacy Directive, "any subscriber73 KB (11,864 words) - 17:03, 6 December 2023
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)present (see Schantz, in: BeckOK Datenschutzrecht, 37th Ed., As of May 1st, 2020, Article 5 GDPR, Rn. 5) .27 The collection and processing of the date of41 KB (6,779 words) - 12:35, 24 November 2021
- EDPS - 2020-1013 (category Article 6 GDPR)of consent under Article 3(15) Regulation 2018/1725, nor did they meet the requirements of Article 37 Regulation 2018/1725 and Article 5(3) ePrivacy Directive66 KB (10,349 words) - 08:54, 19 January 2022
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)accountability pursuant to Article 5(2) UK GDPR because it failed to demonstrate compliance with Article 5(1)(a) and (c) UK GDPR principles of lawfulness129 KB (17,281 words) - 14:57, 10 April 2024
- OLG Köln - 20 U 295/21 (category Article 12(5) GDPR)invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium42 KB (6,689 words) - 08:30, 21 November 2022
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for37 KB (5,721 words) - 12:41, 16 September 2021
- AEPD (Spain) - PS/00044/2020 (category Article 13 GDPR)of article Article 24.1, and in relation to the obligations referred to in the previous section, The information obligation provided for in Article 5 of39 KB (6,270 words) - 13:51, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9827446 (category Article 5(1)(a) GDPR)discipline (Article 9(2)(i) GDPR) and not in the consent of the data subject. The Italian DPA held that the infringement of Article 5(1)(a) GDPR and Article 5(1)(b)70 KB (11,425 words) - 13:47, 7 December 2022
- APD/GBA (Belgium) - 188/2022 (category Article 5(1) GDPR)stipulated in Article 5 (1) GDPR. Although Article 5(1) and (2) GDPR are closely related means any violation of the accountability of Article 5 (2) GDPR is not95 KB (14,325 words) - 14:27, 25 January 2023
- AEPD (Spain) - PS/00223/2021 (category Article 17 GDPR)violation of Article 48.1.b) of the LGT, classified as serious in the Article 77.37 of the LGT. Likewise, in accordance with the provisions of article 85.2 of30 KB (4,594 words) - 07:25, 22 June 2022
- CNIL (France) - SAN-2020-056 (category Article 5(1)(d) GDPR)to compliance with transparency obligations (Articles 5.1.a) and 12 to 14 of the GDPR), Article 5 of the draft decree specifies, on the one hand, that data43 KB (6,847 words) - 17:11, 6 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "182 KB (13,463 words) - 17:03, 6 December 2023
- DSB (Austria) - DSB-D213.1759 (category Article 5(1)(c) GDPR)hereinafter: GDPR), OJ L 119, 4 May 2016, p. 1.: Article 4, Article 5 Paragraph 1 Letter c, Article 6, Article 12 Paragraph 3, Article 51 Paragraph 172 KB (11,993 words) - 14:21, 10 April 2024
- CNIL (France) - SAN-2021-003 (category Article 4(1) GDPR)drones equipped with cameras a personal personal data in the sense of Article 4 GDPR ? Did the Ministry of Interior comply with the French Data Protection39 KB (6,015 words) - 17:11, 6 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)under Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR143 KB (24,273 words) - 15:59, 10 March 2022
- OGH - 6Ob127/20z (category Article 4(1) GDPR)held that a lawsuit under Article 79 GDPR regarding the alleged violation of Article 15 GDPR is indeed feasible. Article 79 GDPR is not limited to certain34 KB (5,408 words) - 13:57, 20 September 2021
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)breach of the obligations of Article L. 34-5 of the Postal and Electronic Communications Code 11. According to article L. 34-5 of the CPCE: " Direct prospecting48 KB (7,525 words) - 17:02, 6 December 2023
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)required by article 6 of the RGPD. The data processing carried out violates article 6 of the RGPD conduct that is subsumed in article 83.5 of the RGPD47 KB (7,616 words) - 14:35, 13 December 2023
- CE - 433555 (category Article 15 GDPR)The Court finds this process compliant with Article 15 GDPR, on the right of access, and Article 23 GDPR on restrictions to the rights of data subject15 KB (2,307 words) - 11:13, 20 May 2021
- NSS - 10 As 190/2020 - 39 (category Article 32 GDPR)been a violation of Article 32 GDPR, the DPA or the court could not have issued a fine against it. Indeed, under § 62(5) of the GDPR implementing act -34 KB (5,374 words) - 04:32, 28 April 2022
- AEPD (Spain) - PS/00070/2019 (category Article 5 GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- Persónuvernd - 2020010710 (category Article 5 GDPR)authority by the responsible party, cf. 5. tölul. Article 9 of the Act and item e of the first paragraph. Article 6 of the Regulation. In addition to the20 KB (3,127 words) - 09:53, 14 April 2021
- OGH - 6Ob87/21v (category Article 5(1)(c) GDPR)found no violation of Article 5(1)(c)(e) GDPR and a prevailing legitimate interest of the defendant according to Article 6(f) GDPR. It must be noted that38 KB (6,129 words) - 10:12, 10 September 2021
- Persónuvernd (Iceland) - 2020061965 (category Article 6(1)(c) GDPR)based on Article 6(1)(c) and Article 9(2)(h) GDPR. Article 6(1)(c) GDPR entitles a controller to process data due to a legal obligation whereas Article 9(2)(h)17 KB (2,649 words) - 16:40, 21 December 2022
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)complaint lodged under Article 77 of the GDPR, or proceedings based on Article 78(1) of the GDPR, is not precluded by the GDPR or any other provision of59 KB (8,242 words) - 10:47, 17 March 2021
- Digitaliseringsstyrelsen - Decision against Google of 30 October 2023 (category Article 4(11) GDPR)implementation and specify and supplement the GDPR. § 3(1) mentioned in this case corresponds to Article 5(3) of the ePrivacy Directive. In Denmark, the52 KB (8,025 words) - 05:01, 23 November 2023
- Datatilsynet (Norway) - 21/03656 (category Article 14(5)(c) GDPR)out in Article 14(5)(a) and Article 14(5)(c) GDPR. The DPA rejected the controller's views as it argued that the exceptions in Article 14(5) GDPR should63 KB (8,745 words) - 13:33, 27 April 2022
- HDPA (Greece) - 1/2024 (category Article 37 GDPR)DPA under Article 31 GDPR and Article 66 Greek Law 4624/2019, as well as the obligation to designate the DPO under Article 37 GDPR and Article 6 Greek Law6 KB (767 words) - 10:55, 28 February 2024
- UODO (Poland) - DKE.561.3.2020 (category Article 31 GDPR)protected (Article 32, Article 24 (1) and (2) of Regulation 2016/679). Has the Chief Surveyor of the country appointed a data protection officer (Article 37 of51 KB (8,322 words) - 09:51, 17 November 2023
- BGH - VI ZB 39/18 (category Article 6(1)(c) GDPR)democratic society as required under Article 23(1)(j) GDPR. Moreover, the exception provided for under Article 6(4) GDPR which allows processing for different53 KB (8,894 words) - 15:56, 22 March 2022
- AEPD (Spain) - PD-00207-2022 (category Article 12 GDPR)(hereinafter referred to as GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish19 KB (2,685 words) - 08:52, 30 January 2024
- Rb. Rotterdam - C/10/611345 / KG ZA 21-29 (category Article 6(1)(f) GDPR)regarded as processing personal data as referred to in the GDPR. Article 6 (1) of the GDPR sets out which conditions form a ground for the lawful processing23 KB (3,229 words) - 08:07, 10 May 2021
- OLG Hamm - 8 U 94/22 (category Article 5(1)(a) GDPR)principle of Fairness (Article 5(1)(a) GDPR), purpose limitation (Article 5(1)(b) GDPR) and data minimisation (Article 5(1)(c) GDPR) would not prevent the56 KB (9,184 words) - 15:04, 18 July 2023
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)montant de 10.000 € (article 83, paragraphe 2, de l'AVG ; article 100, §1, 13° WOG et article 101 WOG). 129. Compte tenu de l'article 83 AVG et de la jurisprudence1796 KB (15,396 words) - 16:50, 12 December 2023
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)to in Article 5(1) LRN, under which the controller did not fall in. Therefore, the controller breached Article 5(1)(a) GDPR and Article 6(1) GDPR, in conjunction113 KB (17,325 words) - 08:50, 19 March 2024
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 5(1)(a) GDPR)addresses that the Medical List does today, cf. GDPR Article 4, No. 11, Article 6 No. 1 letter a, Article 7 and Article 9 No. 2 letter a If current practice is144 KB (23,058 words) - 18:48, 5 March 2022
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)way of a finding under article 15 of the GDR instead of the provisions of article 15 of the GDR. 36, § 4 and § 5 as well as Article 38, § 1 of the Law of52 KB (8,603 words) - 16:55, 12 December 2023
- Rb. Gelderland - C/05/391171 / HA RK 21-135 (category Article 5(1)(c) GDPR)personal data in accordance with the basic principles of Article 5 of the GDPR. Article 5(1)(a) of the GDPR states that personal data must be processed in a manner56 KB (9,287 words) - 16:00, 26 January 2022
- APD/GBA (Belgium) - 18/2020 (category Article 5 GDPR)therefore of the opinion that no breach of Article 5.2 of the GDPR, Article 24.1 of the GDPR and Article 33 of the GDPR can be established. - As regards the55 KB (8,810 words) - 16:55, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4282/161/21 (category Article 5(1)(f) GDPR)controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result, the DPA issued56 KB (8,980 words) - 08:47, 4 March 2024
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)purpose constituted a breach of Article 5(1)(e) GDPR. Secondly, the CNIL indicated that the controller breached Article 13 GDPR by failing to include the right56 KB (8,757 words) - 14:12, 28 February 2024
- AP (The Netherlands) - 23.09.2021 (category Article 32(1) GDPR)which led to a (sensitive) data breach, in violation of Article 32(1) and Article 32(2) GDPR In Oktober 2019, a malicious third party gained unauthorized66 KB (8,861 words) - 17:08, 12 December 2023
- EWHC (UK)- QB- Soriano v Forensic News LLC (category Article 3(1) GDPR)conferred by article 79(2) of the GDPR. This is the relevant provision for the purposes of para 3.1(20) of CPR Practice Direction 3B. Article 79(2) provides:108 KB (18,178 words) - 11:57, 29 November 2021
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 5 GDPR)of an infringement of the Article 5(1)(a) GDPR principle of fairness, and infringements of the Article 5(1)(b) and (c) GDPR principles of purpose limitation289 KB (33,568 words) - 15:00, 1 February 2023
- CNIL (France) - CNIL2326891X (category Article 5(2) GDPR)should be designated pursuant to Article 37 GDPR, who should keep records of the processing activities under Article 30 GDPR. Moreover, the CNIL mandated that47 KB (7,402 words) - 12:43, 21 December 2023
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- First-tier Tribunal - 2023 UKFTT 778 GRC (category Article 5(1)(a) GDPR)available. 19. The Data Protection Principles are set out in the GDPR. Article 5(1) GDPR provides that personal data shall be processed lawfully, fairly28 KB (4,450 words) - 15:12, 20 October 2023
- Persónuvernd (Iceland) - 2020010642 (category Article 5(1)(a) GDPR)carried out in the public interest (Article 9(5) of the Icelandic Data Protection Act no. 90/2018 , and Article 6(1)(e) GDPR). The Municipality further argued28 KB (4,334 words) - 07:57, 5 October 2021
- The Dutch Court of Overijssel found that a GDPR infringement may not constitute a breach of acquisition contract. A window cleaning company (Plaintiff)19 KB (3,309 words) - 10:50, 23 April 2021
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments60 KB (9,713 words) - 13:07, 26 March 2024
- APD/GBA (Belgium) - 136/2023 (category Article 5(1)(f) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)principle, namely the breaches of articles 5-1-c), 5 -1 e), 13, 32 and 35-1 of the GDPR; no breach of Article 6 of the GDPR and of Directive 2002/58 / EC of the61 KB (10,028 words) - 17:09, 6 December 2023
- of GDPR Article 5(1)(a) (processing must be fair, lawful and satisfy a condition under Article 6), Article 5(1)(d) (data must be accurate), Article 10122 KB (20,830 words) - 10:42, 12 January 2022
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- HDPA (Greece) - 4/2023 (category Article 5(1)(a) GDPR)organization (definition) Article 5.1 : Principles of data processing Article 5.1.a : Principle of legality, objectivity and transparency Article 5.1.b : Principle10 KB (1,249 words) - 12:16, 8 May 2023
- CNPD (Luxembourg) - Délibération n°18FR/2021 (category Article 38(1) GDPR)investigation relates to Article 38.1 of the GDPR so that the explanations of the agent of the controlled under Article 37.2 of the GDPR are not relevant in57 KB (8,374 words) - 08:31, 16 June 2021
- relation to contraventions of the UK-GDPR, section 168 DPA 2018 provides that "non-material damage" in Article 82 GDPR includes distress. In relation to breaches61 KB (8,986 words) - 08:40, 22 February 2022
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)electoral rolls. In accordance with Article 14(5)(c) AVG, information must be provided in Article 14, paragraph 1 and Article 14(2) AVG are not mentioned when62 KB (10,509 words) - 16:58, 12 December 2023
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 5(1)(b) GDPR)according to Article 4, point 11, as well as the Restrictions according to Article 7 GDPR. (149) According to Article 5 (1) point b) of the GDPR, personal140 KB (23,189 words) - 08:25, 20 February 2024
- ICO - Monetary Penalty on Marriott International Inc. (category Article 5(1)(f) GDPR)1 GDPR sets out the general provisions. Article 5 of Chapter I GDPR sets out the principles relating to the processing of personal data. Article 5(1) lists241 KB (31,368 words) - 09:59, 9 May 2022
- CJEU - C-118/22 - Direktor na Glavna direktsia "Natsionalna politsia" pri MVR - Sofia (category Article 5(1)(e) GDPR)data subject argued that Article 5,13 and 14 LED (the roughly equivalent GDPR articles would be Article 5(1)(e), 13 and 15 GDPR) do not permit the police8 KB (1,080 words) - 10:11, 15 February 2024
- OLG Stuttgart - 2 U 257/19 (category Article 13 GDPR)Data Protection Regulation. Pursuant to Article 8 (3) no. 2 UWG in conjunction with § Article 8 (1) and Article 3a UWG authorise competition associations52 KB (8,574 words) - 16:03, 10 March 2022
- Persónuvernd (Island) - 2021051199 (category Article 14 GDPR)under the exemption carved out by the Icelandic GDPR (Article 19 of 90/2018) which states that Article 14 GDPR does not apply when an administrative authority30 KB (4,766 words) - 15:03, 29 September 2023
- OLG Dresden - 4 U 1278/21 (category Article 4(1) GDPR)personal data according to Article 4(1) GDPR, and that the data subject had a right to erasure pursuant to Article 17(1)(d) GDPR. According to the OLG Dresden31 KB (5,060 words) - 07:47, 16 March 2022
- AEPD (Spain) - A/00291/2017 (category Article 6(1)(a) GDPR)Protection, in accordance with the provisions of article 37. g) in relation to article 36 of the LOPD. II Article 3.j) of the LOPD specifies “sources accessible33 KB (5,107 words) - 14:56, 25 October 2022
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)controller for the purposes of Article 4(7) GDPR, and Company A was the processor for the purposes of Article 4(8) GDPR. The DPA found that both Companies55 KB (9,079 words) - 16:57, 6 December 2023
- CNIL (France) - SAN-2022-024 (category Article 3 GDPR)offer services to data subjects in the EU (Article 3(2)(a) GDPR). The DPA concluded that Article 3(2)(b) GDPR was also not applicable. The DPA mentioned30 KB (4,714 words) - 10:34, 4 January 2023
- VG Ansbach - 14 K 19.01274 (category Article 77 GDPR)the GDPR also applied to facts before the above-mentioned date. The Court noted that the entry-into-force of the GDPR according to Article 99 GDPR represents33 KB (5,554 words) - 11:06, 19 November 2021
- VGH München - BeckRS 2021, 36742 (category Article 9(2)(i) GDPR)13 (2) sentence 5 14. BayIfSMV also illegally interferes with the general personality rights (Article 2 (1) in conjunction with Article 1 (1) GG) of the33 KB (5,353 words) - 12:40, 26 January 2022
- APD/GBA (Belgium) - 117/2021 (category Article 9 GDPR)laid down in Article 5.2 GDPR entails that the controller can demonstrate that he complies with the obligations as described in the GDPR. IV. Publication35 KB (4,931 words) - 12:59, 9 November 2021
- Rb. Amsterdam - C/13/689705/HA RK 20-258 (category Article 15 GDPR)in the personal data it processes on the basis of Article 5 (1) (a) of the GDPR . 4.17. This article provides that personal data must be processed in a57 KB (9,498 words) - 20:42, 28 April 2021
- PHR - 22/01253 (category Article 15 GDPR)personal data in that assessment pursuant to Article 15(1) GDPR. However, Article 23(1)(i) GDPR and Article 41 UAVG provide the possibility of a restriction241 KB (42,617 words) - 14:14, 13 September 2022
- LG Köln - 13 K 278/21 (category Article 9(1) GDPR)controller responsible for violating Article 9 GDPR and ruled a compensation of €1,000 on the basis of Article 82(1) GDPR. The data subject was a federal civil35 KB (5,679 words) - 11:27, 2 August 2023
- UODO (Poland) - ZSOŚS.421.25.2019 (category Article 5(1)(e) GDPR)confidentiality of personal data (Article 5 (1) (f) of Regulation 2016/679) or rules for limiting data storage (Article 5 (1) (e) of Regulation 2016/679)156 KB (25,012 words) - 10:01, 17 November 2023
- APD/GBA (Belgium) - 07/2021 (category Article 5(1) GDPR)infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been72 KB (11,208 words) - 16:51, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 17FR/2021 (category Article 5(1)(c) GDPR)non-compliance with the requirements of Article 5.1.c) of the GDPR and non-compliance with the requirements of article 5.1.e) of the GDPR. 10. On February 28, 2020,44 KB (6,212 words) - 08:28, 16 June 2021
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)Authority. II.5.2. Established infringement of Article 5(1)(a) j° Article 6(1)(f) and Article 12(2) GDPR in conjunction with Article 17 (1) GDPR. II.5.2.1. Administrative77 KB (11,604 words) - 08:55, 29 June 2023
- LSG Niedersachsen-Bremen - L 16 SF 5/21 DS (category Article 77 GDPR)supported by the structure of Article 78 GDPR, which is strictly intertwined with Article 77 GDPR. Indeed, Article 78(2) GDPR provides the data subject with34 KB (5,655 words) - 14:08, 16 May 2023
- VGH München - 5 BV 20.2104 (category Article 2(2)(d) GDPR)the GDPR pursuant to Article 2(2)(d). Article 79 GDPR does not explicitly limit judicial remedies to the rights enshrined in Chapter III of the GDPR. Following61 KB (10,218 words) - 12:31, 13 June 2023
- Garante per la protezione dei dati personali (Italy) - 9983210 (category Article 5(1) GDPR)to in Article 13 GDPR. For these reasons, the processing of personal data carried out by the controller is in violation of Articles 5(1)(a), Article 6, Article89 KB (14,466 words) - 15:14, 20 February 2024
- KG Berlin - 3 Ws 250/21 - 161 AR 64/21 (category Article 83(5) GDPR)DPA fined Deutsche Wohnen SE € 14,500,000 for violating Article 5(1)(e) and Article 25(1) GDPR as the company's archive system was structurally unable38 KB (5,956 words) - 11:41, 21 January 2022
- APD/GBA (Belgium) - 124/2021 (category Article 6(3) GDPR)authority) • the obligations imposed by Article 37(5) and (7) of the GDPR and Article 38, paragraph 1 of the GDPR has not been complied with. (designation38 KB (5,625 words) - 10:37, 7 December 2021
- VG Ansbach - AN 14 K 19.01274 (category Article 77 GDPR)judicial review under Article 78 GDPR. The disputed infringement occurred before the GDPR came into legal force according to Article 99 GDPR. Therefore, the35 KB (5,807 words) - 14:24, 12 October 2022
- VG Berlin - 1 K 391/20 (category Article 91(1) GDPR)nature. As Article 91(2) GDPR explicitly mentions that the specific supervisory authority must fulfill the conditions of Chapter VI of the GDPR, such reference36 KB (5,768 words) - 14:17, 18 May 2022
- RvS - 201905087/1/A2 (category Article 6(1)(f) GDPR)notes that though Article 82(1) of the GDPR states that full compensation for actual non-material damage resulting from breaches of the GDPR must take place33 KB (5,123 words) - 07:17, 15 September 2020
- VSRS - II Ips 23/2020 (category Article 17 GDPR)has in relation to the general public, the same effect as an erasure (Article 17 GDPR). It would be excessive and contrary to the mission of the media to55 KB (9,115 words) - 09:22, 7 June 2022
- DSB (Austria) - DSB 2023-0.404.421 (category Article 5(1)(a) GDPR)limitation of Article 5(1)(b) GDPR and against the provisions of Article 5(1)(a) GDPR and Article 6(1)(f) GDPR in conjunction with Article 6(4) GDPR. Further40 KB (6,348 words) - 09:05, 16 November 2023
- Datatilsynet (Norway) - 21/03126 (category Article 33(1) GDPR)purposes of Article 4(16) GDPR." Consequently, the DPA concluded that the cooperation mechanism and procedure set out in Article 56(1) GDPR and Article 60 GDPR133 KB (19,309 words) - 05:16, 24 March 2023
- constitute a breach of Article 8 ECHR, as such interference in an individual's right to privacy is consistent with the requirements of Article 8 para. 2. The plaintiff36 KB (6,014 words) - 11:14, 11 November 2020
- Persónuvernd (Iceland) - nr. 2020123070 (category Article 15 GDPR)principle of transparency and fairness set in Article 5(1)(a) GDPR, and of his right to access set in Article 15 GDPR. In the course of the proceedings, the Company12 KB (1,660 words) - 13:11, 22 December 2021
- AEPD (Spain) - TD/00101/2016 (category Article 17 GDPR)of the Spanish Data Protection Agency, in accordance with article 37.d), in relation to article 36, both of the Organic Law 15/1999, of 13 December, of protection38 KB (6,059 words) - 14:46, 15 December 2022
- Commissioner (Cyprus) - 11.17.001.010.045 (category Article 5(1)(c) GDPR)that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines74 KB (12,375 words) - 10:07, 4 October 2023
- LG Bielefeld - 19 O 147/22 (category Article 24 GDPR)and Section 2 of the German Civil Code in conjunction with Article 6 (1) GDPR and Article 17 GDPR, the plaintiff is also not entitled to an injunctive relief37 KB (5,986 words) - 14:50, 9 May 2023
- IP (Slovenia) - 0603-47/2022/7 (category Article 5(1)(a) GDPR)for five (5) misdemeanors according to the second paragraph of Article 97 of ZVOP-2, in connection with point 1 of the first paragraph of Article 97 of ZVOP-214 KB (2,134 words) - 15:18, 26 April 2023
- VG Ansbach - AN 14 K 19.01313 (category Article 77 GDPR)alternative 2 GDPR would have been appropriate. 14 Since the substantive requirements for notification within the meaning of Article 78 (2) alternative 2 GDPR are13 KB (2,004 words) - 09:00, 23 August 2023
- OLG Karlsruhe - 12 U 305/21 (category Article 12 GDPR)among other things, on Article 15 GDPR. The court of first instance decided to reject the claim and argued that Article 15 GDPR only provides data subjects38 KB (6,239 words) - 10:47, 15 February 2023
- VGH München - 4 CS 21.2254 (category Article 5(1) GDPR)function is given in Article 24(4) Gemeindeordnung (GO), a national law that specifies Article 6(1)(e) GDPR in accordance with Article 6(2) GDPR for processing43 KB (7,102 words) - 16:14, 23 March 2022
- Decision Source: standards: Article 17(1) TEU 2016/679, Article 17(1)(a) TEU 2016/679, Article 17(1)(d) TEU 2016/679, Article 16 S 1 TEU 2016/679, § 4(1)13 KB (1,972 words) - 12:25, 15 September 2021
- GHDHA - 200.291.947/01 (category Article 6(1)(f) GDPR)Appeal considered Article 35(2) of the Implementing Act of the GDPR (UAVG), which follows from the right to object, Article 21 GDPR. Article 35(2) UAVG stipulates41 KB (6,941 words) - 10:56, 17 November 2021
- Garante per la protezione dei dati personali (Italy) - 9995680 (category Article 5(1)(a) GDPR)processing lack any applicable conditions found in Article 9(2) GDPR and was found in breach of Article 5(2) GDPR. Additionally, the Garante reiterated that the105 KB (16,849 words) - 11:58, 11 April 2024
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include440 KB (73,154 words) - 09:44, 12 May 2021
- BGH - I ZR 2/21 (category Article 6(1)(f) GDPR)relief neither on the KUG nor on the GDPR because the comprehensive weighing required by both Article 6(1)(f) GDPR and §§ 22, 23 KUG led to the same result66 KB (11,440 words) - 15:55, 30 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)aggravating circumstance according to Article 83(2)(i) or as a separate violation according to Article 83(5)(e) or Article 83(6). Since the situation at hand71 KB (11,552 words) - 13:40, 12 January 2024
- IP (Slovenia) - 0609-20/2024/6 (category Article 6(1)(a) GDPR)court fee of €30. Article 96(1)(1) ZVOP 2 (infringements of the provisions of Article 83(4) GDPR) (1) A fine of between EUR 100 and EUR 5 000 shall be imposed14 KB (2,075 words) - 14:30, 30 April 2024
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- VG Köln - 13 L 1707/21 (category Article 4(2) GDPR)processing according to Article 4(2) GDPR In its decision, the court considered only the list of examples laid down in Article 4(2) GDPR, although the list15 KB (2,273 words) - 15:58, 18 March 2022
- AEPD (Spain) - PS/00080/2022 (category Article 5(1)(f) GDPR)circumstances in relation to Article 5 and Articles 32 and 33 GDPR. First, there was the duration of the infringement under Article 83(2)(a) GDPR; second, there was47 KB (7,265 words) - 10:05, 21 July 2022
- IP (Slovenia) - 0603-46/2023/13 (category Article 13 GDPR)breach of Article 76(3) ZVOP-2. As a result, the DPA held the controller liable on the basis of Article 100(3) ZVOP-2 in conjunction with Article 100(1)(2)12 KB (1,770 words) - 16:59, 5 December 2023
- ICO (UK) - The Central Young Men’s Christian Association (category Article 5(1)(f) GDPR)UK GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the UK GDPR. Article 5(2)54 KB (7,579 words) - 16:44, 7 May 2024
- Persónuvernd - 2020010671 (category Article 5 GDPR)satisfy all the basic requirements of the first paragraph. Article 8 Act no. 90/2018, Coll. Article 5 Regulation (EU) 2016/679. Among other things, it is stipulated17 KB (2,537 words) - 09:58, 6 May 2021
- CNPD (Luxembourg) - Délibération n°16FR/2021 (category Article 5(1)(c) GDPR)that the processing operations must not be disproportionate. 5 15. Article 5.1.b) of the GDPR provides that personal data must be "collected for specific51 KB (7,338 words) - 11:33, 16 June 2021
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision on the79 KB (12,260 words) - 17:00, 12 December 2023
- ICO (UK) - Mermaids (category Article 5(1)(f) GDPR)out in the GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the GDPR. 10. In particular58 KB (7,695 words) - 09:00, 28 July 2021
- C. On the breach of Article 82 of the Data Protection Act 26. Under Article 82 of the Data Protection Act, transposing Article 5(3) of the ePrivacy Directive45 KB (7,227 words) - 10:03, 1 February 2023
- VG Hannover - 10 A 1443/19 (category Article 6(1)(f) GDPR)to Union law insofar as it affects non-public bodies. Article 6(1)(e) GDPR and Article 6(3) GDPR only give the member states regulatory leeway to regulate66 KB (10,800 words) - 07:54, 19 July 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- CNPD (Luxembourg) - Délibération n°24FR/2021 (category Article 5(1)(c) GDPR)the violation (article 83.2.a) of the GDPR), the Restricted Training notes that with regard to the breach of Article 5.1.c) of the GDPR, it constitutes58 KB (8,226 words) - 07:35, 22 July 2021
- AEPD (Spain) - PS/00209/2021 (category Article 6(1) GDPR)with the criteria established in Article 83(2)(b) GDPR: negligent character of the infringement, and Article 83(2)(g) GDPR: categories of personal data affected19 KB (2,809 words) - 09:21, 1 September 2021
- CJEU - C-453/21 - X-Fab Dresden GmbH & Co. KG (category Article 38(3) GDPR)effectiveness of the GDPR. Third, the CJEU looked at the context of Article 38(3) GDPR and noted that, according to Article 39(1)(b) GDPR, the task of the12 KB (1,791 words) - 12:19, 12 May 2023
- IP - 07121-1/2020/1180 (category Article 6(1)(a) GDPR)employee (on the basis of Articles 35, 36 and 37 of ZDR-1 in connection with point d or f of Article 6 (1) of the GDPR)? On the basis of the information you have12 KB (1,804 words) - 11:06, 13 January 2021
- data subjects with information pursuant to Article 14 GDPR. Nevertheless, according to Article 14(b)(5) GDPR, the obligation does not apply to the extent20 KB (2,817 words) - 12:54, 17 December 2022
- LAG Schleswig-Holstein - 1 Sa 148/22 (category Article 4(1) GDPR)the data subject requested his personal information (Article 15 (1) GDPR and Article 15 (3) GDPR) from the controller. On the same day, the data subject51 KB (8,324 words) - 15:52, 18 January 2024
- AEPD (Spain) - EXP202102778 (category Article 6(1)(f) GDPR)aforementioned infringement of article 6.1 of the GDPR could lead to the commission of the offenses typified in article 83.5 of the GDPR that under the The heading84 KB (13,036 words) - 13:26, 13 December 2023
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- VG Neustadt an der Weinstraße - 3 L 763/22.NW (category Article 6(1)(e) GDPR)court upheld Article 6(1)(e) GDPR as the legal basis for the processing of personal data. Furthermore, according to the court, Article 9(2)(j) GDPR states that54 KB (8,511 words) - 09:03, 16 December 2022
- OVG Bautzen - 3 B 357/20 (category Article 5 GDPR)accordance with Article 6(2) GDPR and Article 6(3) GDPR for adaptation to the application of Article 6(1)(c) GDPR and Article 6(1)(e) GDPR. The court stressed111 KB (18,198 words) - 11:22, 27 November 2023
- ICO (UK) - AMEX (category Article 4(11) GDPR)not permit his line to be used in contravention of paragraph (2)." 5. Section 122(5) of the Data Protection Act 201("DPA 2018") defines direct marketing72 KB (8,623 words) - 10:38, 26 May 2021
- Tietosuojavaltuutetun toimisto (Finland) - 9707/152/19 (category Article 12(3) GDPR)sessions, within the Article 12(3) GDPR time limit. Moreover, the DPA declared that the therapist had breached Article 12(4) GDPR, as they did not inform46 KB (7,186 words) - 14:12, 18 October 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 5(1)(b) GDPR)provisions of the GDPR relating to the principles of data protection (article 5 of the GDPR) and the lawfulness of processing (article 6 of the GDPR). An infringement83 KB (13,694 words) - 09:53, 14 December 2023
- APD/GBA (Belgium) - 161/2023 (category Article 4(11) GDPR)(implementing provisions of the “e-Privacy Directive”) and 3 Article 6.1.a. of the GDPR. In accordance with article 61 of the LCA, the Litigation Chamber informs the61 KB (8,521 words) - 14:59, 6 February 2024
- AEPD (Spain) - E/03882/2020 (category Article 4(1) GDPR)obligation according to Article 6(1)(c) GDPR would be a valid legal basis, related to the exception provided by Article 9(2)(h) GDPR: the employer has the56 KB (8,548 words) - 10:54, 4 June 2021
- NAIH (Hungary) - NAIH – 6427-1/2023 (category Article 5(1)(b) GDPR)were in violation of Article 5(1)(e) GDPR and Article 32 GDPR, but the DPA dismissed its previous finding of the Article 5(1)(b) GDPR violation. The DPA87 KB (14,360 words) - 08:30, 27 September 2023
- Rb. Amsterdam - C/13/687315 / HA RK 20-207 (category Article 5(1)(a) GDPR)subject falls outside of the scope of Article 20 GDPR. The data that falls under Article 20 is less than under Article 15 GDPR. The court also considered that82 KB (14,053 words) - 16:25, 25 March 2021
- Rb. Rotterdam - 9900906 (category Article 9 GDPR)stated that the request was in violation of Article 6(1)(f) GDPR. First, the Court stated that pursuant to Article 843a(1) of the Code of Civil Procedure (CCP)18 KB (2,792 words) - 13:37, 29 November 2022
- ВАС - 6307/27.06.2022 (category Article 5(1)(a) GDPR)Articles 24 and 25 GDPR. The Bulgarian Data Protection Authority (CPDP) found a breach of Article 5(1)(a) GDPR and Article 5(1)(f) GDPR since the personal19 KB (2,875 words) - 10:08, 22 November 2022
- IP (Slovenia) - 0609-6/2024/7 (category Article 6(1)(a) GDPR)ZVOP-1. Article 97, paragraph 1, subparagraph 1, and applying Article 52, paragraph 3, and Article 26, paragraphs 1, 2 and 3, and Article 27 of the PDL-1, and19 KB (2,784 words) - 09:16, 25 April 2024
- EDPB - Urgent Binding Decision 1/2021 - 'WhatsApp' (category Article 5(1)(a) GDPR)violates Article 5(1), Article 6(1) and Article 12(1) GDPR. Therefore the DE-HH SA adopted, on 10 May 2021, provisional measures under Article 66(1) GDPR, based188 KB (31,298 words) - 12:31, 20 January 2023
- WSA Warsaw (Poland) - II SA/Wa 310/20 (category Article 5(1)(f) GDPR)(2) breach of Article 5(1)(a), Article 5(1)(f), Article 5(2), Article 28(1), (3) and (10), Article 29, Article 83(1), (2), (3) and (5) in conjunction56 KB (8,906 words) - 14:16, 20 September 2021
- BVwG - W176 2247262-1 (category Article 57(4) GDPR)raise his data protection complaint in accordance with Article 57 (4) GDPR. Art. 57 Para. 4 GDPR standardizes that the supervisory authority in the case20 KB (3,055 words) - 15:41, 29 June 2022
- OLG Köln - 6 U 58/23 (category Article 44 GDPR)adequacy decision (Article 45 GDPR) nor suitable guarantees (Article 46 GDPR) are in place for the third country concerned, cf. Article 49 Paragraph 1 Sentence118 KB (19,824 words) - 10:49, 6 February 2024
- BGH - I ZR 7/16 (category Article 4(11) GDPR)and Article 2(f) of Directive 2002/58/EC, as amended by Article 2(5) of Directive 2009/136/EC, in conjunction with Article 2(h) of Directive 95/46/EC, if52 KB (8,575 words) - 15:55, 22 March 2022
- breach of Article 80(3) ZVOP-2 The DPA, therefore, reprimanded the controller for violations of Article 76(4) ZVOP-2, Article 78(1) ZVOP-2 and Article 80(3)21 KB (3,272 words) - 08:50, 1 March 2024
- ArbG Düsseldorf - 9 Ca 6557/18 (category Article 6(1)(c) GDPR)para. 25; on Art. 5 para. 1 lit. b E. Heberlein, in Ehmann / Selmayr, E., 2nd ed., Art. 5 marg. 14; Pötters, in Gola, E., 2nd ed., Art. 5 marg. 14) . It also58 KB (9,364 words) - 13:51, 16 December 2021
- ICO (UK) - Monetary Penalty Notice to Easylife Limited (category Article 5(1)(a) GDPR)the GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the GDPR. Article 5(2) makes77 KB (9,347 words) - 07:39, 13 October 2022
- VwGH - 2021/04/0030-4 (category Article 5 GDPR)access under Article 15 GDPR and for violating the principles of data minimisation (Article 5(1)(c) GDPR), confidentiality (Article 5(1)(f) GDPR) and the controller’s92 KB (15,327 words) - 08:27, 10 May 2024
- personal data concerning him or her infringes the GDPR or Article 1 or Article 2, first indent". - 5 - (4) The right to have a complaint dealt with shall19 KB (3,024 words) - 03:47, 4 August 2022
- AG München - 178 C 13527/22 (category Article 82 GDPR)damages under Article 82 GDPR. The controller replied that data scraping - which is not hacking - does not entail a violation of the GDPR by the controller21 KB (3,243 words) - 15:04, 18 April 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI and article 4 paragraph 1106 KB (14,502 words) - 17:09, 12 December 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)BKR is covered by Article 6, clause 1 (c) of the AVG and not by Article 6, clause 6 (f) of the AVG. The BKR itself refers to Article 6, clause 1 (f) of91 KB (15,371 words) - 15:11, 5 October 2021
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)violated the general data protectionArticle 5 (1) (a), Article 5 (2), Article 12 (1) and (4) ofArticle 14, Article 15 and Article 21 (4).1.3. The Authority condemns192 KB (30,170 words) - 10:11, 17 November 2023
- VG Frankfurt am Main - 5 L1281/22.F (category Article 5(1)(f) GDPR)insufficiently secured; the legal requirements of Article 5 (1) (f) GDPR and Article 32 (1) (a) GDPR have been complied with. The German data protection25 KB (3,840 words) - 13:34, 4 August 2022
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)order that there is no violation of articles 5.1(c), 5.1(d), 5.1(e) and 5.1(f). Articles 5.1(c), (d) and (f), 5.2, 12, 16, 24, 25, 30.1, 31, 32, 38.3 and90 KB (14,937 words) - 12:35, 3 August 2022
- APD/GBA (Belgium) - 15/2023 (category Article 5(1) GDPR)of Article 6(1)(e) are met. II.2. Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) and (2) of the AVG II.2.1. Article 5 (2) GDPR, Article105 KB (15,883 words) - 15:05, 8 March 2023
- APD/GBA (Belgium) - 77/2023 (category Article 5(1)(a) GDPR)storage (Article 5.1.b, 5.1.c, 5.1.d and 5.1.e of the GDPR); - Violation of the principle of legality (article 5.1.a of the GDPR); - Violation of Article 10150 KB (22,339 words) - 09:50, 21 June 2023
- Persónuvernd (Island) - 2022050850 (category Article 14(5) GDPR)represent during elections constituted lawful processing under Article 6(1)(c) GDPR and Article 9(2) GDPR. A data subject, who was the ombudsman of a political26 KB (3,831 words) - 10:10, 10 January 2024
- LG Essen - 18 O 204/21 (category Article 12(5)(b) GDPR)data under Article 4(1) GDPR. Moreover the court found that the controller can refuse to act on the request according to Article 12(5)(b) GDPR, because the24 KB (3,694 words) - 10:56, 15 June 2022
- BVwG - W298 2266986 -1/20E (category Article 5(1)(c) GDPR)identity of that natural person; Article 5 paragraph 1 lit. c GDPR reads: Article 5 paragraph one, letter c, GDPR reads: Article 5 Principles for processing personal63 KB (10,365 words) - 12:54, 31 January 2024
- Garante per la protezione dei dati personali (Italy) - 9902472 (category Article 5(1)(c) GDPR)these reasons, the DPA found violations of Article 5(1)(c) and (e) and Article 32(1)(b) and (d) and 32(2) GDPR, imposing a fine of €240,000. Share your comments63 KB (10,048 words) - 09:42, 2 August 2023
- ICO - FS50834927 (category Article 5(1)(a) GDPR)lawfulness principle in Article 5(1)(a) of the GDPR would be contravened by the disclosure of information, Article 6(1) of the GDPR (lawfulness) is to be24 KB (3,788 words) - 16:22, 7 March 2022
- ICO (UK) - Cabinet Office (category Article 5(1)(f) GDPR)the GDPR and DPA 2018. They are obliged by Article 5(2) of the GDPR to adhere to the data processing principle set out in Article 5(1). 8. Article 5(1)(f)79 KB (10,566 words) - 10:48, 7 December 2021
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)for an infractionof article 6 of the RGPD, typified in article 83.5.a) and classified as very serious toprescription effects in article 72.1.b) of the LOPDGDD206 KB (32,869 words) - 14:36, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9746068 (category Article 13 GDPR)under Article 21 GDPR. Based on these considerations, the Garante issued a fine of €40,000 on T.S.M. for the violation of Articles 13 and Article 15 and22 KB (3,423 words) - 14:22, 2 March 2022
- Garante per la protezione dei dati personali (Italy) - 9706389 (category Article 5(1) GDPR)(In violation of Articles 5(1), (2), 6 and 7 GDPR) Fourth, it found the company infringed Articles 5, 6, 7, 12, 13 and 21 GDPR, in relation to the procedures142 KB (23,307 words) - 09:37, 28 October 2021
- ICO (UK) - Tuckers Solicitors LLP (category Article 5(1)(f) GDPR)for by Article 51 of the GDPR. 17. By Article 57(1) of the GDPR, it is the Commissioner's task to monitor and enforce the application of the GDPR. 18. By87 KB (10,588 words) - 14:32, 16 March 2022
- HDPA (Greece) - 38/2023 (category Article 2(1) GDPR).]" 5. Because according to above article 17 of the GDPR, as it has been interpreted according to the content of the Guidelines 5/2019 of the GDPR1, the23 KB (3,704 words) - 18:18, 23 April 2024
- Rb. Overijssel - ZWO 22/775 (category Article 4(1) GDPR)that the plaintiff violates Article 5, first paragraph under a, jo. Article 6(1) of the GDPR has processed personal data. 5. The documents submitted by26 KB (4,142 words) - 15:30, 27 March 2024