Search results
From GDPRhub
- Article 47 GDPR (category GDPR Articles)undertakings”, following Article 4(19) GDPR, is constituted by “a controlling undertaking and its controlled undertakings”. The GDPR, however, does not define29 KB (2,823 words) - 15:15, 28 April 2022
- such as profiling (see also Article 4(4) GDPR); Restriction (marking for limited further processing, see also Article 4(3) GDPR), such as deactivation of125 KB (16,328 words) - 16:01, 8 March 2024
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))subject (Article 12(2) GDPR), respond and communicate the measures taken (Article 12(3) and (4) GDPR), the principle of freedom from costs (Article 12(5)61 KB (8,488 words) - 15:47, 18 March 2024
- Article 5 GDPR (category GDPR Articles)consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))a "filing system" within the meaning of Article 4(6) GDPR. See also Article 2(1) GDPR on the scope of the GDPR when it comes to non-automated filing systems73 KB (9,896 words) - 15:46, 18 March 2024
- Article 19 GDPR (category GDPR Articles)to per Article 4(9) GDPR. Article 19 does not establish any specific time requirement for notification. However, since the purpose of Article 19 is to enable19 KB (1,436 words) - 12:35, 12 May 2023
- Article 32 GDPR (category GDPR Articles) (section (4) Natural persons acting under the authority of the controller or the processor)evaluating the effectiveness of security measures (Article 32(1)(d) GDPR). According to Article 4(5) GDPR, "pseudonymisation" means the processing of personal41 KB (5,197 words) - 12:17, 17 April 2024
- can carry out a notification in phases under Article 33(4) GDPR (see below). Under Article 33(3)(b) GDPR, the supervisory authority must be given the contact54 KB (6,536 words) - 08:22, 16 June 2023
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- Article 30 GDPR (category GDPR Articles) (section (4) Provision of the ROPA to supervisory authority)provisions of the GDPR require the controller to keep track of individual recipients. For example, Article 15(1)(c) GDPR and Article 19 GDPR require the disclosure31 KB (3,327 words) - 15:31, 5 June 2023
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 25 GDPR (category GDPR Articles)Protection Regulation (GDPR): A Commentary, Article 25 GDPR, p. 577 (Oxford University Press 2020). EDPB, 'Guidelines 4/2019 on Article 25 Data Protection43 KB (4,675 words) - 06:43, 16 June 2023
- Article 26 GDPR (category GDPR Articles)provisions such as Article 30(4) for the record of processing or Article 40(11) for the register of approved codes of conduct, Article 26 does not explicitly37 KB (3,915 words) - 12:49, 24 May 2023
- further discussed, in Article 4(1) GDPR. Any information that relates to an identified or identifiable natural person falls under the GDPR, this also includes34 KB (4,652 words) - 12:07, 12 November 2023
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)listed in Article 83(4), (5) and (6) GDPR. This specifically refers to violations of Articles 8, 11, 25 to 39, 41(4), 42, 43 of the GDPR (paragraph 4), Articles55 KB (7,622 words) - 14:04, 7 November 2023
- Article 16 GDPR (category GDPR Articles)please refer to Article 19 GDPR. If the controller declines to rectify the data, they must provide reasons for their decision (Article 12(4) GDPR). The data23 KB (2,489 words) - 23:24, 6 March 2024
- 62(7) GDPR, the reference to the EDPB is mandatory. The authority addressed under Article 66(1)-(2) GDPR is the CSA within the meaning of Article 4(22) GDPR20 KB (1,590 words) - 16:11, 2 November 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- Article 60 GDPR (category GDPR Articles) (section (4) Objection by supervisory authority concerned (CSA) and procedure where it is not followed)resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- in Category:Article 3 GDPR EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 4 (available here)37 KB (4,635 words) - 13:29, 24 October 2023
- Article 78 GDPR (category GDPR Articles) (section (4) Information on preceding EDPB opinion or decision)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- Article 89 GDPR (category Article 89 GDPR) (section (4) Derogations do not Extend to Other Purposes that Require the Same Processing)that purpose. Article 89(4) GDPR makes it clear that the derogations to the GDPR are only available for processing specified in Article 89 GDPR, and not for29 KB (3,695 words) - 13:44, 21 March 2024
- 64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- right to data protection. Article 51 GDPR is closely connected to Article 4(21) (definition of SA), Article 52 (independence), Article 53 (General conditions27 KB (2,604 words) - 14:24, 16 January 2024
- Article 43 GDPR (category GDPR Articles)Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- Article 69 GDPR (category Article 69 GDPR)Regulation (GDPR), Article 68 GDPR, p. 1059 (Oxford University Press 2020); Brink, Wilhelm, in Wolff, Brink, DS-GVO, Article 69 GDPR, margin numbers 4-6 (C.H18 KB (1,327 words) - 12:36, 14 December 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Member State in relation to damage referred to in Article 62(4) GDPR. According to Article 62(7) GDPR, if the lead SA does not invite the SA to take part22 KB (1,915 words) - 13:46, 15 January 2024
- on Article 36(4), it is still disputed whether the outcome of the procedure rather resembles that of Article 58(3)(a) GDPR or Article 58(3)(b) GDPR. See31 KB (3,646 words) - 08:51, 21 July 2023
- Article 22 GDPR (category GDPR Articles) (section (4) Qualified prohibition of using special categories of data)and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- incompatible with the office. Article 52(4) GDPR and Article 52(6) GDPR establish the framework for SAs financial governance. Article 52(4) GDPR stipulates that SAs47 KB (5,594 words) - 22:45, 1 April 2024
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- Regulation (GDPR): A Commentary, Article 53 GDPR, p. 888 (Oxford University Press 2020). Boehm, in Kühling, Buchner, DS-GVO BDSG, Article 54 GDPR, margin numbers29 KB (2,894 words) - 23:06, 1 April 2024
- Article 65 GDPR (category GDPR Articles) (section (4) Supervisory authorities (SAs) prohibited to adopt any measure during the procedure)lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)and (3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5) GDPR)32 KB (3,730 words) - 08:43, 7 March 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- GDPR are Article 4(7) GDPR (definition of controller), Article 4(8) GDPR (definition of processor), Article 4(16) GDPR (definition of main establishment)55 KB (7,446 words) - 22:28, 1 April 2024
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- performance. Article 7 GDPR regulates the "conditions for consent". It specifies the definition of consent set out in Article 4(11) GDPR and, by integrating31 KB (3,489 words) - 16:00, 8 March 2024
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 97 GDPR (category Article 97 GDPR)recitals for Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out16 KB (778 words) - 08:24, 19 October 2023
- Article 54 GDPR (category GDPR Articles)provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- in Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 8 GDPR (category GDPR Articles)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- meaning of Article 4(7) and (8) GDPR can be liable for compensation. A claim for damages first requires an infringement of the GDPR. Article 82 GDPR does not33 KB (4,215 words) - 09:57, 19 March 2024
- in force for more than 4 years after the GDPR’s entrance into force. Responding to requests regarding the applicability of the GDPR in Slovenia, the IP issued10 KB (1,242 words) - 10:51, 6 February 2024
- Article 59 GDPR (category GDPR Articles)Marsch, DS-GVO/BDSG, Article 59 GDPR, margin numbers 4 and 5 (Nomos 2022). Ziebarth, in Sydow, Marsch, DS-GVO/BDSG, Article 59 GDPR, margin number 8 (Nomos15 KB (718 words) - 15:31, 19 October 2023
- burdens. This reading of Article 31 GDPR is supported by the language of Article 83(4)(a) GDPR which categorises Article 31 GDPR as an 'obligation' of the22 KB (2,042 words) - 14:29, 20 November 2023
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- motion. Its powers are described under Article 8 of the law "Informatique et Libertés". Under Article R311-1(4) of the French code of administrative justice8 KB (824 words) - 22:52, 27 February 2024
- Article 67 GDPR (category Article 67 GDPR)Category:Article 67 GDPR See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available here). See EDPB, 2019 Annual Report, Section 4.3.1 (available15 KB (810 words) - 16:13, 2 November 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 76 GDPR (category Article 76 GDPR)Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p.15 KB (787 words) - 08:17, 19 October 2023
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Article 74 GDPR (category Article 74 GDPR)decisions in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C15 KB (808 words) - 09:44, 17 October 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A19 KB (1,525 words) - 08:18, 19 October 2023
- Article 61 GDPR (category Article 61 GDPR) (section (4) Conditions for a refusal to comply with an assistance request)standards of clarity (Article 61(3) GDPR). Requests are imperative and, subject to specific exceptions (Article 61(4) and (5) GDPR), must be fulfilled and24 KB (2,181 words) - 11:46, 15 January 2024
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Article 73 GDPR (category Article 73 GDPR)simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 42 GDPR (category GDPR Articles) (section (3-4) Certification as a voluntary act that does not reduce compliance obligations)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- Article 72 GDPR (category Article 72 GDPR)dispute resolution under Article 65(3)(1) GDPR and for consistency decisions in the urgency procedure under Article 66(4) GDPR is necessary, as these are22 KB (2,266 words) - 08:26, 17 October 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Category:Article 11 GDPR Georgieva, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 11 GDPR, p. 39520 KB (1,854 words) - 16:32, 8 March 2024
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)controller (as defined under Article 4(7) GDPR) and a processor (as defined under Article 4(8) GDPR). As noted above, Article 79 GDPR imposes a two-stage cumulative31 KB (3,550 words) - 11:11, 29 November 2023
- Article 88 GDPR (category Article 88 GDPR)opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- complaint under Article 77(1) GDPR on behalf of the data subject and to represent the them before all supervisory authorities (“SA”) (Article 4(21) GDPR). Secondly26 KB (2,575 words) - 15:50, 9 November 2023
- Article 90 GDPR (category Article 90 GDPR)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- Article 55 GDPR (category GDPR Articles)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 37 GDPR (category GDPR Articles) (section (4) Other circumstances in which to designate a data protection officer)categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 49 GDPR (category GDPR Articles)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 1 GDPR (category GDPR Articles)about the scope of the term 'personal data' under Article 4(1) GDPR. Non-EU citizens can rely on the GDPR as its application is generally independent of nationality28 KB (3,831 words) - 16:21, 14 March 2024
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- refusal to take action on a data subject’s request (Article 12(4)). The first sentence of Article 20(3) GDPR clarifies that the exercise of the right to data40 KB (5,349 words) - 07:05, 1 June 2023
- administrative fines referred to in Article 66. It may cancel, reduce or increase those fines within the limits of Article 66. The EDPS, as an independent8 KB (1,078 words) - 12:58, 10 May 2024
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- GDPRhub style guide (section GDPR)in the Member States. Example: Article 6(1)(a) GDPR Example: Not Art. 6 Abs 1 Lit a GDPR or Article 6 GDPR or GDPR Article 6, Sec 1(a) Recitals are also17 KB (2,510 words) - 13:56, 24 April 2023
- Rb. Rotterdam - C/10/576091/HA RK 19-701 (category Article 15(3) GDPR)HA RK 19-693 C/10/576074 / HA RK 19-694, C/10/576079 / HA RK 19-696, C/10/576083 / HA RK 19-697, C/10/576085 / HA RK 19-698, C/10/576094 / HA RK 19-702,14 KB (2,154 words) - 16:27, 10 March 2022
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the113 KB (12,773 words) - 15:20, 6 December 2023
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed60 KB (9,144 words) - 16:17, 22 March 2022
- Spain the GDPR is developed by the Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD). Article 7.2 LOPDGDD15 KB (1,875 words) - 16:18, 13 July 2022
- Rb. Rotterdam - C/10/576074/HA RK 19-694 (category Article 15(3) GDPR)HA RK 19-693, C/10/576079 / HA RK 19-696, C/10/576083 / HA RK 19-697, C/10/576085 / HA RK 19-698, C/10/576091 / HA RK 19-701, C/10/576094 / HA RK 19-70215 KB (2,504 words) - 16:27, 10 March 2022
- CJEU - C-61/19 - Orange Romania (category Article 4(11) GDPR)consented to processing of his or her data (Art 7 (1) GDPR). This is equally true under Article 7(a) of the Directive 95/46, which required that the data8 KB (1,074 words) - 13:50, 11 August 2022
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)the meaning of Art. 4 No. 1 GDPR has a right to information from the person responsible within the meaning of Art. 4 No. 7 GDPR with regard to the processed32 KB (5,093 words) - 16:07, 11 September 2022
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the131 KB (14,752 words) - 08:36, 5 July 2023
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)of a copy, that "Article 15(1) of the GDPR restricts the right of access to personal data within the meaning of Article 4(1) of the GDPR and additional information51 KB (8,592 words) - 07:03, 2 November 2021
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.121 KB (13,722 words) - 15:16, 5 July 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- AEPD (Spain) - EXP202105680 (category Article 9 GDPR)very serious in article 72.1. e) from the LOPDGDD, with 10,000 euros. -article 13 of the GDPR, in accordance with article 83.5 b) of the GDPR, and for the66 KB (10,558 words) - 13:14, 13 December 2023
- defendant within the meaning of Article 4 of the GDPR. The defendant is therefore a controller within the meaning of Art. 4 No. 7 GDPR. b. 44 The Senate is convinced51 KB (8,215 words) - 09:55, 13 May 2022
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)that a controller is allowed to reject a request to access under Article 12(5)(b) GDPR as "excessive" if the request's sole purpose is to verify the validity40 KB (6,325 words) - 16:12, 18 May 2022
- exemption is based on Article 85(2) GDPR. According to Article 26(3) of the 2018 Act, certain GDPR provisions (listed in Article 26(9)) will not apply14 KB (2,011 words) - 15:42, 25 November 2020
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 4 GDPR)administrative fine for the infringement of Article 6(1) or Article 6(1)(b) GDPR meet the requirements of Article 4(24) GDPR. 504. The EDPB decides that the relevant53 KB (8,413 words) - 14:10, 30 January 2023
- CJEU - C-645/19 - Facebook Ireland and others v Gegevensbeschermingsautoriteit (category Article 55(1) GDPR)decision under Article 66 GDPR when the lead SA fails to respond to provide mutual assistance within a month as per Article 61(8) GDPR. The CJEU adopted10 KB (1,311 words) - 15:26, 13 June 2023
- the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European25 KB (3,812 words) - 10:03, 20 August 2021
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)pursuant to Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR)121 KB (20,412 words) - 15:58, 10 March 2022
- APD/GBA (Belgium) - 01/2021 (category Article 60 GDPR)various GDPR violations (including the principles of legality, transparency and fairness, minimisation and security among others). In total, 4 complaints19 KB (2,707 words) - 16:50, 12 December 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)for the alleged infringement of Article 5.1.d) of the RGPD, typified in Article 83.5 of the RGPD. SIXTH: On October 28, 19, written allegations were received26 KB (4,032 words) - 14:31, 13 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)under Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR143 KB (24,273 words) - 15:59, 10 March 2022
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the115 KB (12,842 words) - 08:38, 5 July 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8211/161/19 (category Article 5(1)(d) GDPR)this from happening, in violation with Article 24(1), Article 24(2), and Article 25(1) GDPR. According to Article 24(4) of the Finish Data Protection Act,42 KB (6,579 words) - 08:46, 27 January 2022
- its Article 35, that the concept of personal data and the possibilities for processing and protection will be defined by the law. The same article reaffirms3 KB (332 words) - 13:31, 3 May 2023
- Rb. Midden-Nederland - UTR- 20 817 en UTR 20 3081 (category Article 77 GDPR)Autoriteit Persoonsgegevens disagrees: Article 78(2) GDPR defines the applicable time frame in line with Article 4:13(1) of the Dutch Administrative law25 KB (3,954 words) - 13:39, 16 November 2020
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD typified in Article 83.5.a) of the RGPD and considered very serious, for the purposes of prescription, in Article 72.139 KB (6,623 words) - 14:08, 13 December 2023
- CJEU - C-77/21 - Digi (category Article 6(4) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing49 KB (7,800 words) - 09:22, 5 January 2024
- Tietosuojavaltuutetun toimisto (Finland) - 4356/532/19 (category Article 5(1)(a) GDPR)on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for43 KB (6,671 words) - 08:49, 27 January 2022
- democratic legitimation necessary under Article 23(1) second sentence in conjunction with Article 20(1) and (2) and Article 79(3) of the Basic Law. Since data18 KB (1,831 words) - 13:49, 3 November 2022
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)lawfulness, the Litigation Chamber concludes that Article 5.1.a. of the GDPR in conjunction with Article 6 of the GDPR have not been complied with with regard to37 KB (5,765 words) - 09:53, 14 December 2023
- AEPD (Spain) - EXP202205932 (category Article 6(1) GDPR)basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful32 KB (4,952 words) - 13:11, 13 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)even pseudonymised data (Art. 4 Para. 5 GDPR) from the term personal data are recorded in accordance with Art. 4 Para. 1 GDPR. It is undeniable that the MB158 KB (26,392 words) - 08:25, 7 June 2023
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller120 KB (19,650 words) - 09:00, 6 April 2022
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)with the principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of61 KB (10,257 words) - 10:15, 1 November 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- HDPA (Greece) - 28/2023 (category Article 58(2) GDPR)council in Greece to cease their processing activities, under Article 58(2) GDPR and Article 15(8) of Law 4624/2019, because of an unresolved data breach9 KB (1,211 words) - 20:32, 8 January 2024
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- HDPA (Greece) - 3/2022 (category Article 4(7) GDPR)the meaning of Article 4(7) GDPR. Furthermore, the erasure or destruction of personal data is a form of processing based on Article 4(2) GDPR. The DPA has11 KB (1,492 words) - 13:09, 23 November 2022
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 83(4)(a) GDPR)paragraph 3, all of article 35, and paragraph a) of paragraph 4 of article 83, all GDPR, with a fine of up to €20,000,000 or up to 4% of annual turnover163 KB (27,222 words) - 16:54, 6 December 2023
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)Pursuant to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not36 KB (5,810 words) - 13:09, 21 January 2022
- OGH - 6Ob35/21x (category Article 4(1) GDPR)constitute personal data under Article 4(1) GDPR? If so, do they qualify as special categories of personal data under Article 9 GDPR? Is the defendant obliged27 KB (4,090 words) - 09:54, 10 September 2021
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)meaning of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2.113 KB (17,325 words) - 08:50, 19 March 2024
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)none of the exceptions in Article 82 of the Data Protection Act were applicable, and Apple had to obtain consent (Article 4(11) GDPR) before using the identifiers82 KB (13,463 words) - 17:03, 6 December 2023
- APD/GBA (Belgium) - 06/2019 (category Article 5(1)(c) GDPR)(e) and 13(2)(a) GDPR. Thus, it ordered the controller to comply with the GDPR. In addition it fined € 10,000 under Article 58(2)(i) GDPR for the violation20 KB (3,137 words) - 16:51, 12 December 2023
- AEPD (Spain) - EXP202102430 (category Article 83(4) GDPR)the claimed party, for the alleged violation of Article 32 of the RGPD, typified in Article 83.4 of the GDPR. Once the initiation agreement was notified,33 KB (4,835 words) - 13:26, 13 December 2023
- CJEU - C‑340/21 - Natsionalna agentsia za prihodite (category Article 5 GDPR)under Article 32 GDPR? 4) Does Article 82(3) GDPR allow the controller to be exempt from liability for damages if the data breach as defined by 4(12) GDPR13 KB (1,963 words) - 11:04, 5 January 2024
- Norges Høyesterett - 2021-2403-A (category Article 4(11) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- LG Krefeld - 2 O 448/20 (category Article 15(1) GDPR)regarded as an access request under Article 15(1) GDPR. According to Recital 63 GDPR, the right of access under Article 15 GDPR serves data subjects to be informed17 KB (2,758 words) - 14:10, 15 December 2021
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)that the letter in question referred to Article 58(1)(a) of the GDPR and Article 5:16 in conjunction with Article 5:17 of the Awb does not make this any67 KB (11,415 words) - 17:15, 12 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(1)(c) GDPR)Protection Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and48 KB (7,442 words) - 10:24, 12 September 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)obligation of the controller (Article 6 (1) (c)) or to perform a public interest task or exercise public authority paragraph (e)). Article 6 (3) of the Data Protection41 KB (6,555 words) - 08:37, 4 March 2024
- AKI (Estonia) - 2.1.-1/19/126 (category Article 13(4) GDPR)his access request, provided an incomplete dataset in English. Could Article 15 GDPR be exercised although the personal are expected to be already possessed3 KB (195 words) - 10:30, 13 December 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could be asserted by way39 KB (6,362 words) - 14:01, 22 June 2023
- AEPD (Spain) - EXP202100300 (category Article 16 GDPR)included within the framework of data protection. Therefore, Article 16 GDPR cannot be applied. Article 16 refers to inaccurate personal data, not to the rectification16 KB (2,362 words) - 13:37, 13 December 2023
- (definition) Article 4.1: Data subject (definition) Article 4.2: Processing (definition) Article 4.3: Restriction of processing (definition) Article 4.4: Profileing9 KB (1,168 words) - 15:30, 6 December 2023
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)paragraph 1a Basic Law Article 5(1), first sentence VIG § 1, § 2, § 3, § 4 para. 4, § 5 para. 1, para. 4 p. 1, § 6 para. 1, para. 3, para. 4 Regulation (EU) 2017/62540 KB (6,397 words) - 08:03, 21 March 2022
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)Sentence 2 GDPR with reference to operational reasons as data protection officer. ECLI:DE:BAG:2023:060623.U.9AZR383.19.0 - 4 - - 4 - 9 AZR 383/19 The plaintiff40 KB (6,019 words) - 14:13, 28 November 2023
- CJEU - C-264/19 - Constantin Film Verleih GmbH v. YouTube LLC and Google Inc. (Opinion of AG Saugmandsgaard Øe) (category Article 4(1) GDPR)by definition, personal data within the meaning of Article 2(a) Directive 95/46, now Article 4(1) GDPR since they must enable Constantin Film Verleih to8 KB (1,020 words) - 13:14, 1 June 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read in131 KB (22,429 words) - 16:57, 12 December 2023
- |GDPR_Article_3=Article 99 GDPR |GDPR_Article_Link_3=Article 99 GDPR |GDPR_Article_4= |GDPR_Article_Link_4= |GDPR_Article_5= |GDPR_Article_Link_5= |GDPR_Article_6=32 KB (6,006 words) - 16:33, 7 July 2021
- |GDPR_Article_3=Article 99 GDPR |GDPR_Article_Link_3=Article 99 GDPR |GDPR_Article_4= |GDPR_Article_Link_4= |GDPR_Article_5= |GDPR_Article_Link_5= |GDPR_Article_6=34 KB (5,924 words) - 18:14, 20 April 2021
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)meaning of Article 6.4 Old Law. 2 DSGVO, which enables additional national deviations from the purpose, the compatibility test under Article 6.4, old version31 KB (5,184 words) - 17:19, 15 April 2023
- AKI (Estonia) - 2.1.-3/19/3971 (category Article 15 GDPR)adversely affect the rights and freedom of the others, pursuant to Article 15(4) GDPR. Also, it found that the national law - Money Laundering and Terrorist4 KB (423 words) - 10:30, 13 December 2023
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)in relation to proceedings under Article 78(1) of the GDPR. The Court notes that Article 58(4) and Article 78 of the GDPR give expression to the right to59 KB (8,242 words) - 10:47, 17 March 2021
- Rb. Den Haag - C/09/581973/KG ZA 19/1024 (category Article 82 GDPR)pursuant to Article 12(3) of the AVG. If, as in this case, such a decision is taken by an administrative body, then, pursuant to Article 34 of the GDPR Implementing20 KB (3,086 words) - 16:15, 10 March 2022
- AKI (Estonia) - 2.1.-3/19/4304 (category Article 15(1) GDPR)latter of the possibility to exercise their right of access according to Article 15 GDPR, regardless of the fact that the data controller is a public or private13 KB (2,032 words) - 10:30, 13 December 2023
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG, le règlement s'applique96 KB (15,396 words) - 16:50, 12 December 2023
- VG Berlin - 1 K 90.19 (category Article 15 GDPR)Chamber Decision date: 31.08.2020 File number: 1 K 90.19 Document type: Judgment Source: Legal norms: § 59 (4) BDSG, § 113 (5) sentence 1 VwGO Tenor The defendant10 KB (1,324 words) - 13:46, 15 September 2021
- AKI (Estonia) - 2.1-1/19/4627 (category Article 6 GDPR)commercial register by law, this does not mean that these data may be Page 4 4 (4) re-use and disclose for any purpose. Data that can be unrestricted reused16 KB (2,456 words) - 10:29, 13 December 2023
- HDPA (Greece) - 2/2023 (category Article 4(7) GDPR)protected by article 5 par. 1 item a) GDPR, in conjunction with Article 13 GDPR and b) directs a reprimand, according to article 58 par. 2 b) GDPR, to the complained31 KB (5,021 words) - 16:15, 18 July 2023
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 12(5) GDPR)the same search results on the basis of Article 12 (4) GDPR has been rejected by Google . Article 21 (1) of the GDPR provides that a data subject has the34 KB (5,811 words) - 09:44, 8 December 2020
- GHDHA - C/09/574422 / HA RK 19-368 (category Article 1 GDPR)obligation (Article 4:32 § 1 Wft). Therefore, Article 6(1)(c) GDPR was relevant. However, the Court highlighted that the phrase "at least on" in Article 6(1)43 KB (7,297 words) - 12:26, 4 October 2021
- CJEU - C-132/21 - Nemzeti Adatvédelmi és Információszabadság Hatóság (category Article 77(1) GDPR)According to Article 4(3) TEU, it is the task of national courts to ensure judicial protections of a data subjects under EU law. Article 19(1) TEU requires9 KB (1,308 words) - 12:54, 28 June 2023
- UODO (Poland) - ZSPR.421.19.2019 (category Article 4(1) GDPR)Procedure (Journal of Laws of 2020, item 256) and Article 7(1) and (2), Article 60, Article 101, Article 103 of the Act on the Protection of Personal Data29 KB (4,698 words) - 10:02, 17 November 2023
- Tribunal da Relação de Coimbra - 4354/19.7T8CBR-A.C2 (category Article 4(1) GDPR)receipts is framed in the definition of personal data contained in Article 4(1) of the GDPR because they contain “information relating to an identified or30 KB (4,858 words) - 09:58, 6 October 2021
- APD/GBA (Belgium) - 19/2021 (category Article 12 GDPR)right to object under Article 21(2) GDPR in conjunction with Article 12(1) GDPR, Article 12(2) GDPR, Article 13 GDPR and Article 14 GDPR. Telenet asked for10 KB (1,290 words) - 16:55, 12 December 2023
- DSB (Austria) - 2020-0.743.659 (category Article 4(15) GDPR)health data under Article 4(15) GDPR. Data such as name, phone number, email do not qualify as health data per se but in the context of COVID-19 contact tracing50 KB (8,015 words) - 13:52, 12 May 2023
- HDPA (Greece) - 56/2021 (category Article 13 GDPR)and Article of 11Law No. 3471/2006, in accordance with Article 13(58i2) of the GDPR in conjunction with Article 83(1)(a) of the GDPR. 5 of the GDPR, and54 KB (8,916 words) - 15:22, 22 February 2022
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- IP - 0610-376/2020/35 (category Article 13(1) GDPR)should comply with the criteria set out in Article 6. (4) General Regulations. The application of Article 6 (4) of the General Regulation to a change in110 KB (17,995 words) - 11:15, 22 April 2021
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)Court found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw32 KB (5,236 words) - 16:00, 10 March 2022
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- TGI Paris - N° 14/07224 (category Article 5(1)(d) GDPR)* clause n ° 12 regarding - of article 6 and article 32 / II of the Data Protection Act for all contracts, - of article L.132-1 of the Consumer Code in392 KB (67,730 words) - 15:27, 17 March 2022
- VG Mainz - 1 K 584/19.MZ (category Article 9(1) GDPR)The Administrative Court of Mainz (VG Mainz) held that Article 9 GDPR does not apply to a processor who captures special categories of data on camera,58 KB (9,665 words) - 08:51, 25 November 2020
- CJEU - C-683/21 - Nacionalinis visuomenės sveikatos centras (category Article 4(2) GDPR)asked whether the joint control of data in accordance with Article 4(7) and Article 26(1) GDPR must be interpreted 'exclusively' as involving deliberately9 KB (1,234 words) - 12:48, 25 January 2024
- AEPD (Spain) - EXP202207270 (category Article 19 GDPR)Spanish DPA dismissed a complaint about alleged violations of Articles 4(1) and 19 GDPR for publishing a photo of the data subject without consent due to lack26 KB (3,901 words) - 13:19, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9860529 (category Article 9 GDPR)right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,354 words) - 15:45, 6 December 2023
- Persónuvernd (Iceland) - 2020061954 (category Article 14(1) GDPR)Point 6 of Article 3 Act no. 90/2018 and item 7 of Article 4. of Regulation (EU) 2016/679, cf. and the first and second paragraphs. Article 4 Epidemiology88 KB (14,189 words) - 09:58, 7 December 2021
- Personvernnemnda (Norway) - PVN-2022-19 (category Article 17(1)(a) GDPR)services did not violate the data subject's right to erasure under Article 17 GDPR when refused to delete information on the data subject's ethnicity,23 KB (3,547 words) - 10:05, 17 November 2023
- AEPD (Spain) - PS/00003/2020 (category Article 5(1)(c) GDPR)of public space respect Article 5 (1) (c) GDPR? The AEPD held that the installation of a video surveillance system under Article 22 LOPDGDD must always50 KB (7,524 words) - 13:44, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9356568 (category Article 36 GDPR)processing. Under Article 36(5) GDPR, the Italian Ministry of Health has submitted the Data Protection Impact Assessment of the "Covid-19 Alert System" (and71 KB (11,426 words) - 15:49, 6 December 2023
- Rb. Gelderland - AWB 19/2901 (category Article 5 GDPR)whether Article 6 GDPR provides a legal basis for processing credit cards details and whether the processing is compliant with Article 5 GDPR. It also17 KB (2,610 words) - 16:18, 10 March 2022
- Persónuvernd (Iceland) - 2020061951 (category Article 5(1) GDPR)defined in the first paragraph. Article 4 of the Act, cf. Points 2 and 4 Article 3 of the Act and points 1 and 2. Article 4 of the Regulation. According to44 KB (7,044 words) - 08:42, 13 December 2021
- Rb. Rotterdam - ROT 19/1393 (category Article 17(1) GDPR)information to be retained by the defendant any longer. 4. Pursuant to Article 17 (1) of the GDPR , a data subject has the right to obtain erasure of personal9 KB (1,203 words) - 16:30, 10 March 2022
- DSB (Austria) - 2021-0.101.211 (category Article 4(15) GDPR)to be qualified as a health data pursuant to Article(4)(15) GDPR and that the scope of protection of Article 9(2) must be taken into account as a standard37 KB (5,745 words) - 13:53, 12 May 2023
- AEPD (Spain) - E/03884/2020 (category Article 4(1) GDPR)outside the material scope of the GDPR. Also, with regards to the definition of personal data from Article 4(1) GDPR, the DPA did not reach a firm conclusion56 KB (8,737 words) - 09:35, 26 May 2021
- AP (The Netherlands) - 14.01.2022 (category Article 5(1)(c) GDPR)increase or decrease. 4.4 Conclusion The AP sets the total fine at €525,000. 4For the justification, see paragraphs 4.3.1 and 4.3.2. 18/19,Date Unidentified50 KB (7,656 words) - 17:05, 12 December 2023
- AEPD (Spain) - EXP202104875 (category Article 5(1)(f) GDPR)SAW The violation of article 32 of the GDPR is typified in article 83.4.a) of the aforementioned GDPR in the following terms: "4. Violations of the following54 KB (8,451 words) - 13:35, 13 December 2023
- AEPD (Spain) - PS/00141/2020 (category Article 6(1)(a) GDPR)control authorities in article 57.1 of the Regulation (EU) 2016/679 (RGPD). Thus, with dates 04/02/19 and 04/14/19; 09/19/19 and 10/20/19 go requirements and26 KB (4,150 words) - 14:05, 13 December 2023
- AEPD (Spain) - PS/00235/2019 (category Article 6(1)(a) GDPR)twenty thousand euros), under¬ Article 6.1 (a) and Article 5.1 (a) of the GDPR, under consideration as ‘very serious’, in¬ Article 71 (1) (a) and (b), respectively24 KB (4,074 words) - 14:21, 13 December 2023
- BVerfG - 1 BvR 2853/19 (category Article 82 GDPR)infringement in the context of Article 82(1) of the GDPR. cc) The answer to the legal question of how Article 82 (1) of the GDPR is to be interpreted against19 KB (3,209 words) - 13:08, 15 September 2021
- AEPD (Spain) - PS/00388/2020 (category Article 7 GDPR)regards to a violation of Article 7 GDPR, for gathering consent in a generic way. To fine the controller €3000 for infringing Article 22(2) LSSI, for installing52 KB (8,471 words) - 14:33, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6652/154/19 (category Article 17(3)(b) GDPR)necessary according to Article 17(3)(b) GDPR and Article 17(3)(e) GDPR. The controller stated that, according to Chapter 8 Section 1(2)(4) of the Finnish Criminal19 KB (2,951 words) - 12:30, 23 April 2024
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))default (Art. 25 GDPR), integrity and confidentiality (Art. 5.1.f GDPR), as well as security ofprocessing(Art. 32GDPR)......101 B.4.4. - Additional alleged429 KB (58,279 words) - 09:12, 2 November 2022
- AEPD (Spain) - PS/00386/2019 (category Article 7 GDPR)authorities in Article 57.1 of Regulation (EU)2016/679 (General Data Protection Regulation, hereinafter RGPD), Thus, withdate 04/01/19 and 04/12/19, an information16 KB (2,335 words) - 14:33, 13 December 2023
- Gerechtshof Amsterdam - 200.258.200/01 (category Article 6(1)(f) GDPR)based are contested by [the appellant]. 3.4 The Court of Appeal will first jointly discuss grievances 1, 2 and 4 with which [the appellant] challenges the16 KB (2,462 words) - 12:29, 4 October 2021
- VG Potsdam - VG 3 K 1458/19 (category Article 17 GDPR)the alert on the SIS system under Article 17(1)(d) GDPR. The reason for the data subject invoking the GDPR is that Article 53(1) Regulation (EU) 2018/186123 KB (3,560 words) - 14:17, 21 February 2024
- Court of Appeal of Brussels - 2022/AR/723 (category Article 21(4) GDPR)21(2) and 21(4) GDPR. Moreover, the DPA held that the controller violated Article 5(1)(a), 5(1)(c), 5(2), 6(1), 12(2), 21(2) and 21(4) GDPR. The controller8 KB (919 words) - 09:54, 14 December 2023
- AKI (Estonia) - 18.02.2022 (category Article 5(1) GDPR)issues a reprimand under Article 58(2)(b) GDPR. After this, the DPA draws attention to the fact that pursuant of Article 5(1)(a) GDPR, data must be processed42 KB (5,838 words) - 10:27, 13 December 2023
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)"lifting". (4.2) Exclusions (4.2.1) GDPR and AO restrictions 145 According to Art. 15 Para. 1 GDPR, the person concerned (Art. 4 No. 1 GDPR) has a right97 KB (16,519 words) - 09:57, 22 February 2023
- Recitals GDPR (section Recitals from the GDPR)monitor the functioning of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC. In its adequacy decisions, the Commission182 KB (24,065 words) - 13:40, 9 July 2021
- OLG Frankfurt am Main - 13 U 206/20 (category Article 17(1) GDPR)by the plaintiff pursuant to Article 82(1) GDPR, since there have been violations of Article 6(1)(a) GDPR and Article 34 GDPR. The defendant also breached44 KB (7,334 words) - 09:02, 17 March 2022
- Personvernnemnda (Norway) - 2020-14 (19/00110) (category Article 6(1)(f) GDPR)Ordinance, cf. Article 4 no. 2. The search engine provider is responsible for the processing of personal data this connection, cf. Article 4 no. 7. This is32 KB (5,120 words) - 18:48, 5 March 2022
- Council of State - 251.378 (category Article 28(1) GDPR)ruling and the GDPR; breach of Article 28 GDPR (the choice of a the processor does not provide sufficient guarantees); breach of Article 32 GDPR (lack of appropriate40 KB (6,324 words) - 15:34, 1 September 2021
- Rb. Noord-Nederland - C/ 18/189406/HA ZA 19-6 (category Article 5(1)(f) GDPR)loss of control of personal data and a breach of Article 5(1)(f) GDPR, Article 6 GDPR and Article 32(2) GDPR. The first complainant is a company that is engaged105 KB (18,002 words) - 16:24, 10 March 2022
- CNIL (France) - SAN-2020-056 (category Article 15(4) GDPR)its article 6-III; Having regard to the emergency law n° 2020-290 of 23 March 2020 to deal with the COVID epidemic - 19, in particular its article 4; Having43 KB (6,847 words) - 17:11, 6 December 2023
- AEPD (Spain) - EXP202200429 (category Article 5(1)(c) GDPR)infringement of the GDPR, articles: -12 of the GDPR, in accordance with article 83.5.b) of the GDPR and 72.1.k) of the LOPDGDD, and -5.1.c) of the GDPR, in accordance56 KB (9,356 words) - 10:43, 13 December 2023
- AEPD (Spain) - PS/00448/2020 (category Article 5(1)(f) GDPR)for infringing the following provisions: -Article 17 GDPR – Right to Erasure - €50000 fine -Article 32 GDPR – Failure to implement appropriate technical45 KB (7,217 words) - 14:40, 13 December 2023
- Supreme Court - C.20.0323.N (category Article 4(11) GDPR)minimisation under Article 5(1)(c) GDPR, and contrary to the obligation to obtain the freely given consent of the data subject under Article 6(1)(a) GDPR, when refusal43 KB (6,749 words) - 07:07, 28 October 2021
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium42 KB (6,689 words) - 08:30, 21 November 2022
- Data Protection under SARS-CoV-2 (redirect from Data Protection under COVID-19) (section Principles of Article 5 GDPR)that a valid legal basis would be either Article 6(1)(c) GDPR, or Article 6(1)(d) GDPR or Article 9(2)(b) GDPR. The Data protection authority (the UOOU)25 KB (3,096 words) - 17:48, 25 November 2021
- Court of Appeal of Brussels - 2022/AR/556 (category Article 5(1)(b) GDPR)provisions of the GDPR relating to the principles of data protection (article 5 of the GDPR) and the lawfulness of processing (article 6 of the GDPR). An infringement83 KB (13,694 words) - 09:53, 14 December 2023
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled27 KB (4,216 words) - 13:26, 8 January 2024
- AEPD (Spain) - PS/00036/2020 (category Article 13 GDPR)based comply with Article 13 of the GDPR? The Spanish DPA found that the facts constituted an infringement for violation of Article 13 of the RGPD, and16 KB (2,587 words) - 13:50, 13 December 2023
- VG Regensburg - RN 9 K 19.1061 (category Article 2 GDPR)under Article 77(1) GDPR and subsequently the right of judicial remedy against the supervisory authority under Article 78(1) GDPR. Article 79 (1) GDPR provides94 KB (15,537 words) - 09:09, 25 August 2020
- AEPD (Spain) - PS/00209/2019 (category Article 57(1) GDPR)authorities in Article 57 (1) of the GDPR.Thus, on 31/10/18, an information injunction was sent to the entity in question. THIRD:By letter dated 18/01/19, in the26 KB (4,212 words) - 14:10, 13 December 2023
- HDPA (Greece) - 50/2021 (category Article 5(1)(a) GDPR)information in accordance with Article 13 GDPR. In addition, the HDPA found that the Ministry violated the obligation of Article 35(9) GDPR in relation to the expression5 KB (548 words) - 09:23, 12 October 2022
- AEPD (Spain) - PS/00332/2020 (category Article 7 GDPR)The Spanish DPA (AEPD) fined Borjamotor, S.A. for infringing Article 7 GDPR and Article Article 21(1) of the Spanish Law on Information Society Services (LSSI)45 KB (6,853 words) - 14:29, 13 December 2023
- HDPA (Greece) - 2/2020 (category Article 12(4) GDPR)subject of its inability to respond to the access request according to Article 12(4) GDPR. The complainant exercised their right of access asking the DPO of12 KB (1,773 words) - 15:33, 6 December 2023
- BVwG - W258 2217446-1 (category Article 4(1) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO, ordered79 KB (12,652 words) - 09:41, 10 September 2021
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- Gerechtshof Amsterdam - 200.280.852/01 (category Article 6(1)(e) GDPR) (section Was the introduction of Proctorio compliant with the GDPR?)government's COVID-19 measures did not allow for suitable alternatives and that the surveillance had a legal basis in Article 6(1)(e) GDPR. The plaintiffs53 KB (8,177 words) - 12:30, 4 October 2021
- AKI (Estonia) - 2.1-3/20/172 (category Article 16 GDPR)Page 4 4 (7) On November 8, 2015, I filed a complaint with the Data Protection Inspectorate (AKI) and demanded that the AKI rapidly implement Article 5828 KB (4,711 words) - 10:30, 13 December 2023
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines75 KB (12,421 words) - 13:23, 13 December 2023
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for37 KB (5,721 words) - 12:41, 16 September 2021
- Datatilsynet (Denmark) - 2019-812-0035 (category Article 15 GDPR)different legal grounds are relevant in this case, such as Article 15 GDPR, sections 15 and 19 of the Danish Law Enforcement Act and provision of the Public35 KB (5,628 words) - 16:38, 6 December 2023
- APD/GBA (Belgium) - 48/2021 (category Article 5(1)(a) GDPR)(listed in Article 57 of the GDPR) including that of dealing with complaints (article 57.1.f) of the GDPR) as well as a number of powers (article 58 of the43 KB (6,670 words) - 16:58, 12 December 2023
- HDPA (Greece) - 37/2020 (category Article 4(7) GDPR)in-depth discussion HE THOUGHT ACCORDING TO THE LAW. 1. According to the article. That’s 4 bets.7 of General Regulation (EU) 2016/679 on the protection of individuals14 KB (2,127 words) - 15:37, 6 December 2023
- HDPA (Greece) - 38/2020 (category Article 4(7) GDPR)address from my list of recipients, in accordance with the provisions of Article 18 GDPR. 4) He proceeded to remove the recipient’s e-mail address from the list14 KB (2,070 words) - 15:38, 6 December 2023
- CJEU - C-597/19 - M.I.C.M. (category Article 6(1)(f) GDPR)(‘seeding’) be regarded as a communication to the public within the meaning of Article 3(1) of Directive 2001/29, even if the individual pieces as such are unusable7 KB (966 words) - 12:03, 1 November 2022
- AEPD (Spain) - PS/00116/2020 (category Article 13 GDPR)cookies, as per Article 22(2) Spanish Law on Information Society Services (LSSI). This law regulates cookies, connected to Article 13 GDPR. The decision16 KB (2,380 words) - 14:01, 13 December 2023
- AEPD (Spain) - PS/00135/2020 (category Article 13 GDPR)gob.es 13/22 3.- On 09/01/19, this Agency requested the entity in question information on the reported events. 4.- On 22/02/19, the entity complained of47 KB (7,756 words) - 14:04, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6609/163/19 (category Article 5(1)(c) GDPR)enshrined in Article 5(1)(c) GDPR. The Finish DPA further ordered the controller to bring its processing activities into compliance under Article 58(2)(d)13 KB (1,873 words) - 13:06, 3 March 2024
- RvS - 202000948/1/A3 (category Article 12(6) GDPR)the decision of April 4, 2019 of the board to be well-founded. This decision qualifies for annulment due to violation of article 4: 5, first paragraph,12 KB (1,870 words) - 12:37, 16 September 2021
- APD/GBA (Belgium) - 137/2022 (category Article 12(4) GDPR)the DPA held that it had violated Article 12(3) GDPR (the controller failed to answer within a month), Article 12(4) GDPR (The controller failed to provide14 KB (1,946 words) - 08:50, 29 June 2023
- AEPD (Spain) - PS/00479/2019 (category Article 5(1)(c) GDPR)minimisation principle related, as per Article 5(1)(c) GDPR, and the lack of transparent information, as per Article 12 GDPR. The decision is the consequence17 KB (2,541 words) - 14:43, 13 December 2023
- OLG Koln - 15 U 45/23 (category Article 16 GDPR)database. The request for erasure under Article 17(1) GDPR is not applicable, because under Article 17(3)(e) GDPR, the processing was necessary for the defence26 KB (4,187 words) - 14:46, 8 May 2024
- DSB (Austria) - 2020-0.550.322 (category Article 4(2) GDPR)other legal basis for processing under Article 6 GDPR, the controller had violated Article 5(1)(a) and Article 6(1) GDPR. Taking into account the low income26 KB (4,098 words) - 13:51, 12 May 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)completely determined by it. This already follows from Article 1.3, Article 20.3 and Article 93.1 No. 4a of the Basic Law. According to these, the commitment133 KB (21,944 words) - 15:59, 22 March 2022
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)applicant in the sense of the legal basis of Article 6 (1) (f) GDPR.47The applicant cannot refer to Article 13 (4) GDPR in this regard. According to this, it41 KB (6,779 words) - 12:35, 24 November 2021
- APD/GBA (Belgium) - 19/2020 (category Article 5(1)(b) GDPR)1 f) GDPR) (and the obligations arising from it – Article 32 GDPR) and the principle of purpose (Article 5 § 1 b) GDPR) which the principle of security39 KB (6,246 words) - 16:55, 12 December 2023
- AEPD (Spain) - PS/00004/2020 (category Article 5(1)(c) GDPR)one claimed.THIRD: On 11/21/19, the claim is TRANSFERRED to thedenounced entity, receiving answering document dated 12/19/19.FUNDAMENTALS OF LAWIBy virtue18 KB (2,798 words) - 13:44, 13 December 2023
- AEPD (Spain) - PS/00410/2019 (category Article 7 GDPR)(threethousand euros), for violation of article 22.2) of the LSSI Law, typified as “slight” in theArticle 38.4.g) of the aforementioned Law.SECOND: REQUIRE15 KB (2,192 words) - 14:36, 13 December 2023
- challenged before the Court of Appeal on 19 February 2021. However, the Belgian DPA withdrew the above decision on 19 May 2021, reopened the proceedings before24 KB (3,393 words) - 09:25, 10 September 2021
- APD/GBA (Belgium) - 33/2020 (category Article 5 GDPR)by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit39 KB (6,551 words) - 16:56, 12 December 2023
- BVwG - W211 2210458-1/10 (category Article 4(7) GDPR)lit. a GDPR and Article 62.1 no. 4 DPA and Article 52.2 nos. 4 and 7 DPA 2000. The defendant's general assertions, in particular regarding the coverage92 KB (15,435 words) - 16:00, 22 March 2022
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)provided for in Article 9 of the GDPR or Article 51 of the ZZLD. 30 Under Article 27 of the ZMVR, data recorded by the police pursuant to Article 68 of that110 KB (18,000 words) - 08:01, 5 June 2023
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- LG München - 31 O 16606/20 (category Article 82(4) GDPR)subject pursuant to Article 82(1) GDPR, for a theft of their personal identity and financial data, because it violated Article 32(1) GDPR which led to a data25 KB (4,028 words) - 07:10, 8 February 2022
- DSB (Austria) - 2020-0.111.488 (category Article 4(15) GDPR)(Datenschutzbehörde - DSB) held that the doctor had violated Article 5(1)(a) GDPR and Article 9(1) and (2) GDPR as the patients had not given their ecplicit consent8 KB (1,048 words) - 13:50, 12 May 2023
- Commissioner (Cyprus) - 11.17.001.010.045 (category Article 5(1)(c) GDPR)that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines74 KB (12,375 words) - 10:07, 4 October 2023
- APD/GBA (Belgium) - 24/2021 (category Article 6 GDPR)and transparency (Article 5.1 a) GDPR), purpose limitation (Article 5.1 b) GDPR) and minimum data processing (Article 5.1 c) GDPR); 4) the legal basis for110 KB (18,238 words) - 16:56, 12 December 2023
- AKI (Estonia) - 2.1.-1/23/2891-5 (category Article 6(1)(a) GDPR)it was not possible to rely on Article 6(1)(a) GDPR. Secondly, the DPA recalled that, according to Article 6(1)(f) GDPR, processing of personal data on23 KB (3,657 words) - 11:23, 17 April 2024
- AEPD (Spain) - PS/00339/2019 (category Article 5(1)(f) GDPR)against the respondent, for the alleged infringement of Article 6 of the RGPD, typified in Article 83.5 of the RGPD. In view of the foregoing, the following18 KB (2,781 words) - 14:30, 13 December 2023
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)assessment against the GDPR A. Identification of the controllers involved (Article 4.7 GDPR) 24. In accordance with Article 4.7 GDPR, it must be the controller82 KB (13,250 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00268/2022 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD, Article 33 of the RGPD, Article 25 of the RGPD and Article 32 of the RGPD, typified in Article 83.5 of the RGPD63 KB (9,551 words) - 12:33, 13 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)they are processed (article 5.1 e) of the GDPR). 8.1.4. As for breaches of Articles 5.2. and 24 of the GDPR 88. Article 24.1 of the GDPR which covers Chapter127 KB (21,484 words) - 17:01, 12 December 2023
- AEPD (Spain) - PS/00006/2022 (category Article 12 GDPR)violation of the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned54 KB (8,870 words) - 10:43, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 9885/157/19 (category Article 12(1) GDPR)subject's rights, such as the right to object according to Article 21 GDPR. Pursuant to Article 58(2)(d) GDPR, the DPA ordered the controller to ensure that data21 KB (3,097 words) - 13:40, 12 January 2024
- CNIL (France) - SAN-2020-018 (category Article 12(4) GDPR) (section Violations of the obligations to inform as prescribed by Article 12 and 13 GDPR:)in violation of Article 13 GDPR. The questionnaire to subscribe to Nestor did not include all the information required by Article 13 GDPR: there was no information69 KB (11,007 words) - 17:10, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 9209/157/2019 (category Article 12(4) GDPR)Data Protection Regulation (2016/679) Article 12 (4), Article 17 (3), Article 21 (2) and (3), Article 25 (2), Article 58 (2) (b) Section 2 of the Health Care20 KB (3,108 words) - 13:02, 3 March 2024
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SEVENTH: Notification of the aforementioned45 KB (7,135 words) - 13:08, 13 December 2023
- AEPD (Spain) - PS/00185/2020 (category Article 13 GDPR)security of processing (Article 32 GDPR), the transparency principle (Article 13 GDPR) and its information duties related to cookies (Article 22(2) of the Spanish20 KB (3,162 words) - 14:08, 13 December 2023
- RvS - 201901006/1/A2 (category Article 79 GDPR)did not acknowledge that with the introduction of Title 8.4 in the Awb on the basis of Article 8:4, paragraph 1, opening words and under f of the Awb, the34 KB (5,179 words) - 07:10, 7 April 2020
- AEPD (Spain) - PS/00332/2019 (category Article 5(1)(c) GDPR)2012 to 2019 that it was operating. Following Article 83(5)(a)GDPR, read in the lights of Recital (148) GDPR, the AEPD issued a reprimand to the owner of15 KB (2,275 words) - 14:29, 13 December 2023
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)disregarded the provisions of Article 5-1 e) of the GDPR. C. On the breach of the obligation to inform people 65. Article 13 of the GDPR requires the data controller61 KB (10,028 words) - 17:09, 6 December 2023
- AEPD (Spain) - PS/00009/2020 (category Article 6(1) GDPR)defendant) for the infringement of Article 6(1) of the GDPR, as the defendant agreed to an early voluntary payment of the corresponding part (48,000 €) of the27 KB (4,150 words) - 13:45, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 834/532/18 (category Article 5(1)(a) GDPR)on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for43 KB (6,677 words) - 08:47, 27 January 2022
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)processing of personal data within the meaning of Article 4 GDPR and is it justified on the basis of Article 6 GDPR? Can the controller raise the argument that73 KB (11,238 words) - 16:59, 12 December 2023
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the77 KB (11,604 words) - 08:55, 29 June 2023
- AEPD (Spain) - PS/00368/2020 (category Article 21 GDPR)company, Iberdrola Clientes, S.A.U for infringing Article 21 GDPR, Article 48(1)(b) LGT, and Article 23(4) LOPDGDD. The initial proposed fine was €10000 however21 KB (3,137 words) - 14:33, 13 December 2023
- BVwG - W211 2225136-1 (category Article 5 GDPR)objected to its processing pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore39 KB (6,244 words) - 09:40, 10 September 2021
- HDPA (Greece) - 57/2021 (category Article 13 GDPR)2016/679 and article 11toun.3471 / 2006, according to article 58par.2 of the GCP in in combination with article 83 par. 5 of the GCC, and with article 21 par45 KB (7,165 words) - 15:22, 22 February 2022
- Rb. Gelderland - AWB - 18 3073 (category Article 6 GDPR)Section 49 of the Wbp has been met. 4.1 The next question to be answered is whether the claimant has suffered damage. 4.2 With reference to Section 6:106(1)(b)10 KB (1,424 words) - 12:09, 9 May 2022
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)disclosing personal data from a surveillance footage, thus breaching Article 5(1)(a) GDPR and Article 6. The company appealed to the Norwegian Privacy Appeals Board49 KB (7,646 words) - 07:56, 7 March 2022
- Please refer to the Dutch original for more details. 1/4 Dispute room Decision 57/2022 of April 19, 2022 File number : DOS-2021-01206 Subject: Camera surveillance12 KB (1,431 words) - 16:45, 12 December 2023
- APD/GBA (Belgium) - XX/2021 (category Article 60 GDPR)personal data under Article 17 GDPR. On 21 September 2021, the controller confirmed the deletion, as required by Article 12(3) and (4) GDPR. However, the complainant17 KB (2,189 words) - 12:34, 3 August 2022
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA206 KB (30,485 words) - 09:54, 14 December 2023
- Datatilsynet (Denmark) - 2023-432-0016 (category Article 4(11) GDPR)explicit consent was needed under Article 9(2) GDPR and the conditions for consent pursuant to Article 4(11) GDPR had to be assessed in light of the relevant46 KB (7,192 words) - 12:37, 19 December 2023
- CNPD (Luxembourg) - Délibération n°37FR/2021 (category Article 37(7) GDPR)Protection Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned26 KB (3,862 words) - 17:41, 25 June 2022
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(a) GDPR)Appeals Board assessed if a fine could be imposed as per Article 83(5) GDPR, cf. Article 83(2) GDPR, and in which case, how large it should be. The Board31 KB (5,018 words) - 18:44, 5 March 2022
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)controller for the purposes of Article 4(7) GDPR, and Company A was the processor for the purposes of Article 4(8) GDPR. The DPA found that both Companies55 KB (9,079 words) - 16:57, 6 December 2023
- CNIL (France) - MED-2020-015 (category Article 5(1)(a) GDPR)the provisions of the GDPR and the national data protection law. In the context of the worldwide health crisis caused by Covid-19, the French Ministry of33 KB (5,322 words) - 17:08, 6 December 2023
- AP (The Netherlands) - 4.02.2021 (category Article 8 GDPR)thus personal data as referred to in article 4, preambles under 1, of the AVG. 2/20 Date Unidentified February 4, 2021 [confidential] From the letter from57 KB (8,053 words) - 17:07, 12 December 2023
- AEPD (Spain) - PS/00100/2020 (category Article 13 GDPR)to the legal provisions established in article 22.2 LSSI. This Infraction is classified as "minor" in Article 38.4 g) of the aforementioned Law, and may27 KB (4,296 words) - 13:59, 13 December 2023
- Datatilsynet (Norway) - 20/01627 (category Article 4(1) GDPR)the DPA held that the recordings captured personal data pursuant to Article 4(1) GDPR. Since the controller did not use the recordings, they had not assessed45 KB (6,973 words) - 05:12, 15 September 2022
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)(definition) Article 4.1: Data subject (definition) Article 4.2: Processing (definition) Article 4.3: Restriction of processing (definition) Article 4.4 : Profiling9 KB (1,251 words) - 12:15, 8 May 2023
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)the GDPR. According to the defendant, this partner is thus not processor within the meaning of Article 4 (8) GDPR. Consequently, Article 28 (3) GDPR does113 KB (18,732 words) - 16:50, 12 December 2023
- AN - SAN 3073/2022 (category Article 5(1)(c) GDPR)union enshrined in Article 7 of the Spanish Constitution. Therefore, such processing would be lawful in accordance with Article 6(1) GDPR. Share your comments34 KB (5,374 words) - 14:21, 24 November 2022
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9440075 (category Article 5(1)(a) GDPR)and correct processing […] »(Article 6, paragraph 2, GDPR), with the consequence that the provision contained in art. 19, paragraph 3, of the Code (in27 KB (4,339 words) - 15:50, 6 December 2023
- AEPD (Spain) - PS/00273/2020 (category Article 17 GDPR)DPA (AEPD) imposed a €1000 fine on a beauty salon for breaching Article 17 GDPR and Article 21 LSSI. The salon sent a marketing SMS to a client months after15 KB (2,337 words) - 14:24, 13 December 2023
- CNIL (France) - SAN-2023-018 (category Article 31 GDPR)with the services of the CNIL in application of article 31 of the GDPR 19. In law, Article 31 of the GDPR provides that "the controller and the subcontractor22 KB (3,384 words) - 13:25, 24 January 2024
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- BVwG - W214 2233132-1/27E (category Article 15 GDPR)2023 standard B-VG Art 133 Paragraph 4 DSG §24 DSG §4 GDPR Art 12 GDPR Art 15 GDPR Art 15 Paragraph 1 litc GDPR Art77 UWG §26b paragraph 1 B-VG Art. 13387 KB (14,194 words) - 10:07, 15 February 2024
- AEPD (Spain) - PS/00194/2020 (category Article 6 GDPR)norm therefore by article 19 of the LOPD as business data. We consider relevant the legal basis by which, according to the article Article 65 of the LOPD33 KB (5,338 words) - 14:09, 13 December 2023
- APD/GBA (Belgium) - 07/2021 (category Article 5(1) GDPR)infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been72 KB (11,208 words) - 16:51, 12 December 2023
- APD/GBA (Belgium) - 05/2021 (category Article 5(1)(f) GDPR)of 25,000 euros (Article 83, paragraph 2 GDPR; Article 100, §1, 13 ° WOG and Article 101 WOG). 18 55. Taking into account article 83 GDPR and the case law60 KB (9,281 words) - 16:50, 12 December 2023
- Digitaliseringsstyrelsen - Decision against Google of 30 October 2023 (category Article 4(11) GDPR)definition of the concept of consent in the data protection regulation article 4, No. 11. Article 4 of the Data Protection Regulation, no. 11 states that consent52 KB (8,025 words) - 05:01, 23 November 2023
- Datatilsynet (Norway) - 20/01865 (category Article 4(1) GDPR)under Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet19 KB (2,942 words) - 09:03, 14 September 2023
- CNIL (France) - SAN-2023-076 (category Article 14 GDPR)communications under Article 14 GDPR were not legally necessary, as in the present case, Article 23 GDPR restrictions were applicable. Article 23 GDPR establishes36 KB (5,524 words) - 17:01, 6 December 2023
- AEPD (Spain) - PS/00408/2019 (category Article 58(2) GDPR)es Page 4 4/5IIIThis infraction is typified in article 83.5.e) of the RGPD, which considers as such: “ nofacilitate access in breach of article 58, paragraph12 KB (1,812 words) - 14:35, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)the inspected with section 4 of chapter 4 of the GDPR. 3. […] the inspectorate [is active in the field of transport] […]. 4. The controlled has approximately66 KB (9,458 words) - 19:42, 4 September 2021
- Gerechtshof Amsterdam - 200.251.466/01 (category Article 21 GDPR)request under Article 21 GDPR can be made at any time and several times. It also found that a provisional measure can be granted under Article 21 GDPR if an urgent19 KB (3,021 words) - 15:48, 15 March 2022
- AEPD (Spain) - 0098/2022 (category Article 6(1)(e) GDPR)under Article 36 GDPR) regarding the compliance of the envisaged processing with the GDPR. According to the Commission, the legal basis was Article 6(1)(e)56 KB (8,102 words) - 13:57, 1 February 2023
- AP (The Netherlands) - 10.12.2020 (locatefamily.com) (category Article 27(1) GDPR)personal data within the meaning of Article 4, opening words and (1) of the AVG. Based on Article 2, paragraph 1 and Article 3, paragraph 2, of the AVG, the38 KB (6,339 words) - 17:14, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)Protection Commissioner in cases 834/532/18 and 8212/161/19 4. In cases 834/532/18 and 8212/161/19, the data protection commissioner evaluated the registrar's71 KB (11,552 words) - 13:40, 12 January 2024
- Garante per la protezione dei dati personali (Italy) - 9446659 (category Article 5(1)(a) GDPR)powers delegated to the Guarantor. Pursuant to Article 78 of the RGPD, Article 152 of the Code and Article 10 of Legislative Decree no. 150/2011, this measure25 KB (3,911 words) - 15:51, 6 December 2023
- AEPD (Spain) - PS/00044/2020 (category Article 13 GDPR)of article Article 24.1, and in relation to the obligations referred to in the previous section, The information obligation provided for in Article 5 of39 KB (6,270 words) - 13:51, 13 December 2023
- "private life" in Article 8.1 ECHR (Wittwer in Schwimann, ABGB-Takom4 § 1328a Rz 3; Danzl in KBB5 § 1328a ABGB Rz 3; RV 173 BlgNR 22nd GP 17). 1.4 'Personal rights'24 KB (3,763 words) - 09:49, 14 December 2023
- AEPD (Spain) - PS/00197/2020 (category Article 5(1)(b) GDPR)6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the Spanish Data129 KB (21,793 words) - 14:09, 13 December 2023
- OLG München - 3 U 2906/20 (category Article 4(1) GDPR)a claim under Article 15 GDPR entitles the data subject to be provided with copies of their personal data and whether Article 15(3) GDPR contains an independent21 KB (3,450 words) - 10:33, 8 February 2022
- AEPD (Spain) - PS/00055/2020 (category Article 5(1)(c) GDPR)- Madridsedeagpd.gob.es Page 4 4/5EUR 000 000 maximum or, in the case of a company, an equivalent amountat a maximum of 4% of the total global annual turnover13 KB (1,964 words) - 13:52, 13 December 2023
- AP (The Netherlands) - AWB-21 3909 (category Article 15(1) GDPR)possible. 1 Article 6:2, preamble and under b, in conjunction with Article 7:1, first paragraph, preamble and under f, of the Awb 2 Article 6:12, second19 KB (3,027 words) - 17:13, 12 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)and 13 GDPR? Is the information provided to data subjects throughout the subscription process in compliance with the provisions of Article 13 GDPR? Does48 KB (7,404 words) - 17:09, 6 December 2023
- CNIL (France) - Google Analytics (no case number) (category Article 4(7) GDPR)jurisprudence of the CJEU (e.g. C-439/19). Thus, the data described above was found to be personal data per Article 4 GDPR. The CNIL then assessed whether the40 KB (5,904 words) - 16:51, 24 February 2022
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023
- Datatilsynet (Denmark) - 2020-31-3354 (category Article 4(11) GDPR)gather valid consent in line with the GDPR? In building its argumentation, the DPA also relied on Recital 32 GDPR, as well as paragraph 62 of the CJEU Planet4920 KB (3,151 words) - 16:38, 6 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2021:125 (category Article 51 GDPR)Constitution, Article 19 TFEU and Article 47 CFR. As Mr A's mandate and termination had not been assessed in the light of the provisions of the GDPR, the Supreme46 KB (7,394 words) - 14:08, 21 March 2024
- RvS - 202002066/1/A3 (category Article 15(3) GDPR)has fulfilled the purpose of Article 15 of the GDPR. [Applicant] cannot therefore derive any right from Article 15 of the GDPR to a copy of the documents22 KB (3,354 words) - 09:23, 18 February 2022
- DSB (Austria) - 2020-0.605.768 (category Article 40 GDPR)context of Articles 40 and 41 GDPR, in particular from Article 40 Paragraph 4 in conjunction with Article 41 Paragraph 2 lit. c) GDPR, namely further that a monitoring19 KB (2,799 words) - 13:52, 12 May 2023
- AP (The Netherlands) - 10.12.2020 (Booking.com) (category Article 33(1) GDPR)controller within the meaning of Article 4(7) of the AVG. 3.4 Violation regarding the reporting of a violation 3.4.1 Introduction Article 33(1) of the AVG stipulates77 KB (12,915 words) - 17:15, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)provided for in Article 12.3 of the GDPR, nor informed the claimants of a possible reason for its inaction as required by article 12.4 of the GDPR. It also considers76 KB (11,147 words) - 16:58, 6 December 2023
- HDPA (Greece) - 26/2023 (category Article 15 GDPR)under Article 15 GDPR." The DPA rejected the request for review. Genealogical research on a family surname did not fall within the scope of Article 15 GDPR14 KB (2,181 words) - 11:27, 13 September 2023
- IMY (Sweden) - DI-2021-4355 (category Article 32 GDPR)Our ref: DI-2021-4355 5(6) Date:2023-01-19 Choice of intervention Article 58(2) and Article 83(2) of the GDPR give IMY the authority to impose an administrative28 KB (3,101 words) - 09:49, 7 June 2023
- AEPD (Spain) - PS/00436/2021 (category Article 13(1) GDPR)that, in cases of video surveillance, Article 22.4 LOPDGDD provides that the duty of disclosure in Article 12 GDPR may be fulfilled by placing a sign near20 KB (3,085 words) - 12:24, 13 December 2023
- AEPD (Spain) - PS/00132/2020 (category Article 6(1) GDPR)paragraph k) of Article 83.2 of the RGPD, the LOPDGDD, Article 76, "Sanctions and corrective measures", it provides: "In accordance with Article 83(2)(k) of24 KB (3,939 words) - 14:03, 13 December 2023
- AEPD (Spain) - PS/00030/2020 (category Article 12 GDPR)sedeagpd.gob.es 4/7 Article 22 section 4 LOPDGDD (LO 3/2018, December 5) provides the following: “The duty of information provided for in article 12 of Regulation19 KB (2,965 words) - 13:49, 13 December 2023
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)authentication via a third service provider cannot constitute a breach of Article 6 of the GDPR when it implies that the personal data of the data subjects are not124 KB (18,772 words) - 17:01, 12 December 2023
- Commissioner (Cyprus) - 11.17.001.010.201 (category Article 5(1)(a) GDPR)personal data (Article 5 GDPR). 9 4. Conclusion 4.1 Having regard to all the above facts, as stated and, based on the powers granted to me by Article 58 of the23 KB (3,737 words) - 10:30, 7 June 2023
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)competences.12 Article 4, §2, second paragraph of the WOG.13 GBA Disputes Chamber, Decision on the merits 19/2020 of 19 April 2020.14 Article 5, §1, 2 ° Law41 KB (6,354 words) - 16:59, 12 December 2023
- CE - N° 430810 (category Article 6(1)(a) GDPR)to in Article 9 of the GDMPR in order to infer that such consent would not be necessary for data not referred to in that Article, since Article 4 of the42 KB (6,800 words) - 09:50, 10 September 2021
- OLG Stuttgart - 9 U 34/21 (category Article 82 GDPR)data breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal60 KB (10,254 words) - 11:22, 22 December 2021
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)After considering the objections in light of Article 4(24) GDPR and the factors outlined in Article 83(2) GDPR the EDPB instructed the DPC to impose an administrative289 KB (33,568 words) - 15:00, 1 February 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)this case under Article 6(1)(a) or 6(1)(c)? If Article 6(1)(a) applies, do the requirements for parental consent under Article 8 GDPR also apply? Did the48 KB (7,926 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00198/2019 (category Article 5(1) GDPR)system with an alleged focus on the complainant's house, infringing article 5(3) GDPR which enshrines the principle of data minimisation. The AEPD examined12 KB (1,686 words) - 14:09, 13 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(1)(a) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)According to Article 94 of the GDPR "references to the repealed directive must be understood as references to the [GDPR]". 84. Under Article 4, paragraph82 KB (13,428 words) - 17:02, 6 December 2023
- AEPD (Spain) - PS/00340/2019 (category Article 6(1)(e) GDPR)as a data subject under Article 21(1) GDPR had been violated by the PAR. Did Mrs AAA have a right to object under Article 21 GDPR? Had the PAR infringed23 KB (3,554 words) - 14:31, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)23Investigation report, page 34, point 4.4.8.1. 24Investigation report, page 34, point 4.4.8.2.1.1 25Investigation report, page 34, point 4.4.8.2.2.1 _______________82 KB (11,472 words) - 16:58, 6 December 2023
- AEPD (Spain) - PS/00299/2019 (category Article 7 GDPR)(thirty thousand euros), for violation of article 22.2) of the LawLSSI, typified as “slight” in article 38.4.g) of the aforementioned Law.SECOND: REQUIRING21 KB (3,202 words) - 14:54, 13 December 2023
- AEPD (Spain) - PS/00143/2020 (category Article 5(1)(f) GDPR)breach of Article 5(1)(f) GDPR ("integrity and confidentiality"). Therefore, the Spanish DPA held that there was an infringement of the GDPR. It imposed17 KB (2,578 words) - 14:05, 13 December 2023
- Rb. Rotterdam - ROT 20/3286 (category Article 82(1) GDPR)which article of the GDPR was violated. However, considering the plaintiff made a request for the removal of her data, it is likely that Article 17 GDPR12 KB (1,685 words) - 13:08, 28 July 2021
- AEPD (Spain) - EXP202209511 (category Article 6(1) GDPR)violation of Article 6.1 and 13 of the RGPD, typified in the Article 83.5 of the GDPR. FIFTH: The database of this organization was consulted on April 19, 202322 KB (3,257 words) - 13:28, 13 December 2023
- Rb. Gelderland - C/05/391171 / HA RK 21-135 (category Article 5(1)(c) GDPR)limitation as used in Article 5 of the GDPR and that Article 17(1)(d) of the GDPR also does not apply.c. Is the method of registration inadequate?4.14. [applicant]56 KB (9,287 words) - 16:00, 26 January 2022
- AKI (Estonia) - 2.1.-1/21/129 (category Article 6 GDPR)reply. The AKI reminded the defendant of its obligation under Article 13 GDPR and Article 14 GDPR to inform the data subject in a concise, clear, comprehensible22 KB (3,237 words) - 12:25, 17 June 2022
- CNPD (Portugal) - Deliberação 984/2018 (category Article 5(1)(f) GDPR)the combined provisions of article 32, paragraph 1, subparagraphs b) and d) and article 83, paragraph 4, al.a), of the GDPR, with a fine of € 0.00 to €40 KB (5,935 words) - 16:55, 6 December 2023
- NAIH (Hungary) - NAIH/2020/974/4 (category Article 5(1)(a) GDPR)breach of the General Data Protection Regulation5. Article 5 (1) (a), Article 5 (2) and Article 13 Article 1 (1) to (2). III.3. JogkövetkezményekIII.3.1. The67 KB (10,815 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS/00473/2019 (category Article 5 GDPR)authorities in article 57.1 of the Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter RGPD). So, dated 07/12/19, an informative35 KB (5,635 words) - 14:41, 13 December 2023
- according to the introduction of Article 4, this only applies "where this Directive does not provide otherwise". Under Article 8(6) of the Directive, for distance200 KB (33,233 words) - 09:49, 14 December 2023
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph28 KB (4,527 words) - 15:58, 26 April 2022
- HDPA (Greece) - 53/2022 (category Article 5(1)(a) GDPR)violation of article 13 of Regulation (EU) 2016/679, in accordance with article 58 par. 2 i' of the GDPR in combination with article 83 par. 5 of the GDPR. The50 KB (8,004 words) - 04:49, 14 December 2022
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- AEPD (Spain) - PS/00365/2019 (category Article 31 GDPR)infringement of Article 31 GDPR in conjunction with Article 58(1)(e) GDPR. The AEPD, therefore, agreed to impose a penalty of € 20000 under Article 83(5)(e) GDPR86 KB (14,295 words) - 14:32, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 37(7) GDPR)Protection Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned81 KB (11,895 words) - 16:58, 6 December 2023
- AEPD (Spain) - E/00113/2019 (category Article 4(11) GDPR)unequivocal consent to the processing of his personal data according to Article 4(11) GDPR. The AEPD noted that to determine whether FEDA, having regard to the27 KB (4,497 words) - 13:38, 13 December 2023
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)according to article 4.1 of the RGPD, is data personal protection and their protection, therefore, is the object of said Regulation. Article 4.2 of the RGPD47 KB (7,616 words) - 14:35, 13 December 2023
- AEPD (Spain) - PS/00454/2019 (category Article 5(1)(c) GDPR)thealleged violation of Article 5.1.c) of the GDPR, typified in Article 83.5 of theRGPD. FIFTH: Consulted the database of this Agency on 02/18/19 it has not beenreceived12 KB (1,832 words) - 14:41, 13 December 2023
- DSB (Austria) - D123.768/0004-DSB/2019 (category Article 4(4) GDPR)CFR Art8 para 11 CFR Art11 para 1 ECHR Art10 para 1 GDPR Art4 no 2 GDPR Art4 no 7 GDPR Art85 para 1 GDPR Art85 para 2 Text GZ: DSB-D123.768/0004-DSB/201929 KB (4,637 words) - 13:57, 12 May 2023
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 1885 KB (13,724 words) - 16:52, 12 December 2023
- AEPD (Spain) - PS/00245/2019 (category Article 5(1)(a) GDPR)Articles 5(1)(a) GDPR and 13 GDPR. On the other hand, they disagreed with the infringement of Article 5(1)(a) GDPR in relation to Article 9(1) GDPR with regard116 KB (18,941 words) - 14:21, 13 December 2023
- AEPD (Spain) - PS/00430/2018 (category Article 4(7) GDPR)( *** POSITION 1) for an infraction of Article 6.1.f) of the GDPR, in accordance with Article 83.5 of the GDPR ”. In the face of it, no allegations have40 KB (6,508 words) - 14:39, 13 December 2023
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 90. In addition, a controller102 KB (15,787 words) - 07:39, 6 September 2023
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 5(1) GDPR)assignment of the assignment, for the activities of DPO, pursuant to Article 19, paragraphs 4 and 10 of Legislative Decree 30 March 2001, n. 165, for a period57 KB (9,144 words) - 15:55, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 5(1)(a) GDPR)on the basis of Article 9 (2) (B) GDPR in conjunction with Article 32 GDPR" (see note cited, p. 4) (see footnote cit., p. 5-8). 1.6. On 4.8.2020, at the33 KB (5,342 words) - 15:52, 6 December 2023
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant84 KB (12,933 words) - 16:46, 12 December 2023
- AEPD (Spain) - PS/00117/2022 (category Article 4(11) GDPR)in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 4/11 2016/67930 KB (4,623 words) - 12:58, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9361186 (category Article 5(1)(c) GDPR)correct processing [...]" (Article 6(1)(c) and (e)). 2, RGPD), with the consequence that the provision contained in Article 19, paragraph 3, of the Code31 KB (5,041 words) - 15:49, 6 December 2023
- AEPD (Spain) - EXP202200399 (category Article 5(1)(f) GDPR)the database of the controller. Therefore, the controller violated Article 5(1)(f) GDPR. The DPA considered several aggravating factors, such as the fact10 KB (1,343 words) - 13:13, 13 December 2023
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant45 KB (6,780 words) - 16:57, 12 December 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)Hague October 4, 2022, ECLI:NL:GHDHA:2022:2100, para. 3.1-3.13. 4 Conclusion 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Exhibit 4 to the introductory103 KB (17,620 words) - 10:13, 29 November 2023
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)the processing is based on Article 6(1)(a) or on Article 9, (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the69 KB (11,315 words) - 13:30, 19 January 2022
- AEPD (Spain) - PS/00110/2020 (category Article 7 GDPR)Thus, the AEPD understood that the defendant has infringed Article 7 of the GDPR and Article 6(3) of the Spanish Law on Data Protection and Digital Rights32 KB (4,992 words) - 14:00, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542096 (category Article 12(3) GDPR)a violation of Article 12(3) in relation to Article 15 GDPR. The Garante hence applied an administrative fine as per Article 83(5) GDPR. The amount of21 KB (3,092 words) - 15:54, 6 December 2023
- GHDHA - 200.274.807 / 01 (category Article 6(1)(f) GDPR)her life. Her objection to processing follows from Article 21(1) GDPR. ING argues that Article 21(1) GDPR cannot be relied on in this case because it applies29 KB (4,710 words) - 12:25, 4 October 2021
- OGH - 6Ob127/20z (category Article 4(1) GDPR)held that a lawsuit under Article 79 GDPR regarding the alleged violation of Article 15 GDPR is indeed feasible. Article 79 GDPR is not limited to certain34 KB (5,408 words) - 13:57, 20 September 2021
- BVwG (Austria) - W211 2268942-1 (category Article 55(3) GDPR)permissible in accordance with Article 133, Paragraph 4, B-VG.The revision is permitted in accordance with Article 133, Paragraph 4, B-VG. text Reasons for the75 KB (12,118 words) - 15:46, 14 February 2024
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On October 13, 2022, DIGI requests the49 KB (7,973 words) - 13:25, 13 December 2023
- AEPD (Spain) - PS/00291/2020 (category Article 5(1)(f) GDPR)- Madrid sedeagpd.gob.es 4/4 The exposed facts suppose, on the part of the claimed, the commission of the infraction of article 22.2 of the LSSI. This offense15 KB (2,246 words) - 14:26, 13 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- AEPD (Spain) - PS/00415/2020 (category Article 5 GDPR)imposed a fine of €60000 for the violating Article 5(1)(d) GDPR and €30000 for violating Article 5(1)(f) GDPR. In imposing the fine, the AEPD factored in30 KB (4,436 words) - 14:36, 13 December 2023
- OGH - 6Ob35/21x (request for preliminary ruling under Article 267 TFEU) (category Article 82 GDPR)ruling under Article 267 TFEU on the requirements of awarding damages for GDPR violations and the assessment of such damage under Article 82 GDPR. For the23 KB (3,551 words) - 09:54, 10 September 2021
- IP - 0712-1/2020/1408 (category Article 15 GDPR)person, using Article 15 as their basis. The Slovenian DPA (IP) was asked for an opinion concerning the scope of GDPR Article 15. Within the GDPR, an individual10 KB (1,575 words) - 13:37, 10 August 2021
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- APD/GBA (Belgium) - 136/2023 (category Article 5(1)(f) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- AEPD (Spain) - PS/00135/2021 (category Article 6(1) GDPR)violated Article 6(1)GDPR, for processing personal data without a legal basis. Hence, the AEPD decided to fine Telefónica for the violation of Article 6(1)GDPR30 KB (4,631 words) - 13:00, 13 December 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 5(1)(e) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)processed on the basis of Article 6(1)(c) GDPR does not have the rights to erasure and objection contained in Article 17 and Article 21 GDPR respectively. This29 KB (4,605 words) - 17:00, 15 December 2021
- DSB (Austria) - 2020-0.191.240 (category Article 4(1) GDPR)follows The appeal is dismissed as unfounded. Legal basis: Article 51(1), Article 57(1)(f) and Article 77(1) of Regulation (EU) 2016/679 (the basic data protection66 KB (10,546 words) - 13:50, 12 May 2023
- AEPD (Spain) - PS/00092/2020 (category Article 13 GDPR)reprimand to the company for not complying with Article 13 GDPR, since it failed to even mention the GDPR in its Privacy Policy. Share your comments here22 KB (3,514 words) - 13:58, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose52 KB (7,520 words) - 13:13, 20 July 2021
- HDPA (Greece) - 20/2020 (category Article 4(15) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- RvS - 202100789/1/A3 (category Article 5(1)(b) GDPR)in accordance with Article 5, paragraph 1, preamble and under b, of the GDPR. 4.4. Article 6, paragraph 1, opening words, of the GDPR stipulates that processing20 KB (2,965 words) - 12:52, 28 June 2023
- Datatilsynet (Denmark) - 2020-442-8866 (category Article 4(1) GDPR)the COVID-19 situation, and that during this period only to a very modest extent waste paper has been disposed of for shredding. 4.1. Article 32 of the20 KB (3,045 words) - 16:40, 6 December 2023
- Datatilsynet (Denmark) - 2020-432-0034 (category Article 5 GDPR)has taken place in accordance with Article 5 (1) of the Data Protection Regulation. Article 32 (1) (f) and Article 35. Below is a more detailed review40 KB (6,369 words) - 16:39, 6 December 2023
- AEPD (Spain) - PS/00099/2022 (category Article 83(4) GDPR)infringement of Article 5.1.f) of the RGPD, typified in Article 83.5 of the RGPD, and Article 32 of the RGPD, typified in article 83.4 of the RGPD Once38 KB (5,920 words) - 12:43, 13 December 2023
- AEPD (Spain) - PS/00273/2019 (category Article 5(1)(c) GDPR)to article 4.1 of the RGPD, is a piece of information personal and their protection, is therefore the subject of the said Regulation. In Article 4(2) of16 KB (2,359 words) - 14:24, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861827 (category Article 5(1)(a) GDPR)violated Article 12 GDPR, as it did not facilitate the data subject´s exercise of their rights, especially the right to erasure under Article 17 GDPR. In view87 KB (14,525 words) - 15:45, 6 December 2023
- AZOP (Croatia) - Decision 04-08-2022 (category Article 6 GDPR)legitimate interests under Article 6(1)(f) GDPR, they must still comply with data protection principles under Article 5 GDPR. In Croatia, many employers11 KB (1,655 words) - 13:32, 31 October 2023
- Garante per la protezione dei dati personali (Italy) - 9296257 (category Article 36(4) GDPR)(Italy) Jurisdiction: Italy Relevant Law: Article 36(4) GDPR Type: Advisory Opinion Outcome: n/a Started: Decided: 19.03.2020 Published: Fine: None Parties:2 KB (189 words) - 15:48, 6 December 2023
- HDPA (Greece) - 3/2020 (category Article 15 GDPR)coverage of the image of the third party shall not be required.” 4. As follows from Article 12 (4) of Law 2472/1997, the controller was required to respond to19 KB (3,034 words) - 15:33, 6 December 2023
- AEPD (Spain) - EXP202201721 (category Article 83(4)(a) GDPR)violated Article 6 and Article 32 GDPR. The DPA seems to consider the authentication procedure itself as "processing" and therefore Article 32 GDPR applies79 KB (12,408 words) - 13:24, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.00085 KB (12,340 words) - 15:30, 19 August 2022
- AEPD (Spain) - PS/00148/2019 (category Article 6 GDPR)violation of Article 7.3 of Organic Law 15/1999, of December 13, of Protection of Personal Data (hereinafter LOPD), typified in the Article 44.4.b) of the48 KB (7,550 words) - 14:05, 13 December 2023
- AEPD (Spain) - PS/00067/2020 (category Article 13 GDPR)the next month to inform the employees in conformity with Article 89 LOPDGDD and Article 13 GDPR. Share your comments here! Share blogs or news articles33 KB (5,347 words) - 13:55, 13 December 2023
- TS - 1039/2022 (category Article 18(1) GDPR)provided for in Article 18 GDPR. As explained by the Court, Article 18(1) GDPR, in particular in paragraph (d), is linked to Article 21(1) GDPR, which guarantees44 KB (6,561 words) - 14:24, 24 November 2022
- AEPD (Spain) - PS/00239/2022 (category Article 15 GDPR)of article 17 of the GDPR. X Classification of the infringement of article 17 of the GDPR The aforementioned infringement of article 17 of the GDPR supposes60 KB (9,630 words) - 12:34, 13 December 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)findings 14 2.3.3Legal assessment 17 2.4PhysicalSecurityAccesstoNVIS 19 2.4.1Legal framework 19 2.4.2 Factual findings 19 2.4.3Legal Review 22 2.5Accessright179 KB (22,957 words) - 17:07, 12 December 2023
- CE - N° 433311 (category Article 5(1)(e) GDPR)company for faulty website security (article 32 GDPR) and violation of the storage limitation principle (article 5(1)(e) GDPR). After a complaint in 2018, the18 KB (2,677 words) - 09:50, 10 September 2021
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- AEPD (Spain) - PS/00082/2020 (category Article 5(1)(c) GDPR)6www.aepd.es28001 - Madridsedeagpd.gob.es Page 4 4/7FOUNDATIONS OF LAWIBy virtue of the powers that article 58.2 of the RGPD recognizes to each authoritycontrol18 KB (2,749 words) - 13:57, 13 December 2023
- Datatilsynet (Norway) - 20/02220 (category Article 4(1) GDPR)Flissenter a violation of the GDPR? Can credit information about a company be considered personal data for the purposes of Article 4(1)(GDPR)? The Datatilsynet held4 KB (498 words) - 18:55, 5 March 2022
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)obtained from them, as required under Article 14(1)(a) AVG and Article 14(2)(c)(e) and point (f) AVG; c. article 12 j° article 14 AVG, in view of the defendant62 KB (10,509 words) - 16:58, 12 December 2023
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)breach of the obligation to inform pursuant to Article 14 of the GDPR 20. According to Article 14 of the GDPR: 1. Where personal data has not been collected48 KB (7,525 words) - 17:02, 6 December 2023
- AEPD (Spain) - PS/00190/2020 (category Article 5(1)(f) GDPR)to the claimed, by the alleged violation of article 5.1.f) of the RGPD, typified in article 83.5 of the GDPR. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid14 KB (2,143 words) - 14:09, 13 December 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)out in Article 6 (1) of the GDPR In addition, there is a circumstance within the meaning of Article 9 (2) of the GDPR. (45) Article 9 (2) of the GDPR does72 KB (11,159 words) - 10:09, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 4 GDPR)accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently144 KB (23,155 words) - 15:46, 6 December 2023
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results73 KB (11,604 words) - 16:57, 12 December 2023
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)point 4.7. of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision79 KB (12,260 words) - 17:00, 12 December 2023
- AEPD (Spain) - PS/00057/2020 (category Article 7 GDPR)authorities in article 57.1 of the Regulation(EU) 2016/679 (General Data Protection Regulation, hereinafter RGPD). So,with dates 19/12/19 and 07/01/20,31 KB (4,757 words) - 13:52, 13 December 2023
- APD/GBA (Belgium) - 72/2020 (category Article 5(1)(b) GDPR)membership are in principle prohibited (article 9.1 of the RGPD). The second paragraph of the However, the same article provides for a series of exceptions34 KB (5,677 words) - 17:00, 12 December 2023
- AEPD (Spain) - PS/00449/2019 (category Article 5(1)(b) GDPR)with NIF G08564379, an infringement of article 5.1.b) GDPR, typified in Article 83.5 GDPR, in relation to Article 72.1 a) of the LOPDGDD, a fine of 500019 KB (2,862 words) - 14:43, 13 December 2023
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)session year 2005-2006, 29 708, no. 19 (p. 523) Article 4:32 The obligation from this article is taken over from Article 52 of the Wfd. Under Section 14(2)91 KB (15,371 words) - 15:11, 5 October 2021
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- AEPD (Spain) - PS/00405/2020 (category Article 6(1)(a) GDPR)complained party, by the alleged infringement of article 6.1.a) of the RGPD, typified in article 83.5 of the GDPR. EIGHTH: The agreement to initiate this sanctioning20 KB (3,047 words) - 14:35, 13 December 2023
- AEPD (Spain) - PS/00322/2020 (category Article 83(4)(a) GDPR)States ”. The violation of article 32 of the RGPD is typified in article 83.4.a) of the aforementioned RGPD in the following terms: "4. Violations of the following26 KB (3,840 words) - 14:28, 13 December 2023
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- AEPD (Spain) - PS/00451/2019 (category Article 6(1)(f) GDPR)regard to article 83.2 (k) of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k)26 KB (4,231 words) - 14:44, 13 December 2023
- AEPD (Spain) - PS/00335/2019 (category Article 6(1)(a) GDPR)subjects infringes Article 6 (1) (a) GDPR. The AEPD fined the data processor in an amount of 4,000 Euro for the violation of Article 6 (1) (a) GDPR. Since the21 KB (3,281 words) - 14:30, 13 December 2023
- AEPD (Spain) - PS/00461/2019 (category Article 5(1)(c) GDPR)fine on the defendant and stated he has to comply with Article 5(1)(c) and Article 83(2)(a)(b) GDPR. Share your comments here! Share blogs or news articles15 KB (2,366 words) - 14:41, 13 December 2023
- AEPD (Spain) - PS/00397/2019 (category Article 5(1)(c) GDPR)according to Article 12 GDPR and Article 13 GDPR and to maintain a record of the processing activities under its responsibility according to Article 30(1) GDPR18 KB (2,741 words) - 14:34, 13 December 2023
- AEPD (Spain) - PS/00247/2019 (category Article 32(4) GDPR)employee of the entity - infringes Article 32. 2 and 32.4 of the RGPD, an infringement punishable under Article 83.4.a of the GDPR. Assessing the circumstances39 KB (6,720 words) - 14:22, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9779057 (category Article 4(1) GDPR)without references to names. Moreover, (2) it included health data (Article 4(15) GDPR) as the newsletters were send to patients of the respected medical63 KB (9,916 words) - 11:28, 16 August 2022
- Court of Appeal of Brussels - 2020/AR/1111 (category Article 3(1) GDPR)ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of37 KB (5,919 words) - 08:54, 20 August 2021
- ANSPDCP (Romania) - Fine against Lugera & Makler Broker S.R.L. (category Article 32(4) GDPR)finding the violation of the provisions of art. 29 and art. 32 para. (2) and (4) of the General Data Protection Regulation. As such, the operator Lugera &4 KB (508 words) - 15:17, 13 December 2023
- AEPD (Spain) - PS/00272/2019 (category Article 5(1)(c) GDPR)according to article 4.1 of the RGPD, is a piece of information personal and their protection, therefore, is object of said Regulation. In Article 4.2 The RGPD22 KB (3,438 words) - 14:24, 13 December 2023
- DSB (Austria) - 2022-0.332.606 (category Article 2(2)(c) GDPR)case fell under the household exception found in Article 2(2)(c) GDPR. According to this provision, the GDPR does not apply to the processing of personal data21 KB (3,166 words) - 13:43, 12 May 2023
- AEPD (Spain) - EXP202200367 (category Article 5(1)(a) GDPR)in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter GDPR), and in57 KB (8,117 words) - 10:35, 13 December 2023
- IMY (Sweden) - DI-2020-10518 (category Article 12(3) GDPR)Klarna violate Article 15 of the GDPR? The DPA considered that Klarna failed to process the request within the timeframe required by Article 12(3) and without18 KB (2,003 words) - 15:22, 6 December 2023
- AEPD (Spain) - PS/00054/2020 (category Article 5(1)(c) GDPR)may be recorded of the data processing, in violation of Article 13 and Article 5 (1) (c) GDPR. The complainant lodged a complaint with the AEPD about the37 KB (6,022 words) - 13:52, 13 December 2023
- NAIH (Hungary) - NAIH/2020/5911/7 (category Article 12 GDPR)on the basis of the notification, Article 57 (1) f) of the General Data Protection Regulation and Article 38. § Article 1Regulation (EU) 2016/679 of the9 KB (1,337 words) - 10:13, 17 November 2023
- AEPD (Spain) - EXP202103039 (category Article 13 GDPR)pursuant to Article 13 GDPR. In the present case, the controller omitted this obligation. The DPA therefore held that the controller violated Article 13 GDPR22 KB (3,385 words) - 13:35, 13 December 2023
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(a) GDPR)compatible by virtue of a legal provision (see Article 6.4. of the RGPD). Based on the criteria in section 6.4 of the EDR: there is no link between the two35 KB (5,853 words) - 16:58, 12 December 2023
- right to freely request inspection is infringed. 5.3. The argument fails. 5.4. 5.4. [appellant under 1] has also requested compensation for exceeding the reasonable19 KB (3,135 words) - 12:38, 16 September 2021
- DSB (Austria) - 2021-0.347.702 (category Article 6(1)(f) GDPR)or by a third party. The court used Article 9(2)(f) GDPR to interpret legitimate interests under Article 6(1)(f) GDPR as including the establishment, exercise25 KB (3,875 words) - 10:36, 11 January 2024
- AEPD (Spain) - PS/00102/2020 (category Article 5(1)(f) GDPR)gob.es Page 4 11/4In this sense, Organic Law 3/2018, of December 5, on the Protection ofPersonal Data and guarantee of digital rights article 6.1 of the21 KB (3,082 words) - 13:59, 13 December 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)accordance with Article 60(3) GDPR. Ten DPAs (AT, DE, ES, FI, FR, HU, IT, NL, NO, SE) raised objections, in accordance with Article 60(4) GDPR, to the Draft468 KB (51,340 words) - 14:10, 30 January 2023
- Court of Appeal of Brussels - 2020/AR/1333 (category Article 32(4) GDPR)people affected and the level of damage the elves suffered (article 83.2.4 of the GDPR) 4.1.4. The Data Protection Authority should have taken into account51 KB (7,792 words) - 11:43, 24 January 2022
- AP (The Netherlands) - 16.06.2020 (category Article 4(12) GDPR)the sense of Article 4, headings under 12, of the GDPR. What should be clear is that a breach is some type of security incident Article 4, headings under54 KB (8,224 words) - 17:07, 12 December 2023
- AEPD (Spain) - EXP202206542 (category Article 5(1) GDPR)NIF ***NIF.1, in accordance with article 58.2.d) of the GDPR, for a violation of article 13 of the GDPR typified in article 83.5.b) of the aforementioned24 KB (3,749 words) - 13:19, 13 December 2023
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)purpose constituted a breach of Article 5(1)(e) GDPR. Secondly, the CNIL indicated that the controller breached Article 13 GDPR by failing to include the right56 KB (8,757 words) - 14:12, 28 February 2024
- HDPA (Greece) - 55/2021 (category Article 33 GDPR)measures to security of processing, in accordance with Article 32 GDPR, in connection with Article 24 GDPR, as the controller did not take into account the risks65 KB (10,533 words) - 10:28, 27 January 2022
- Datatilsynet (Norway) - 20/02225 (category Article 5(2) GDPR)dissuasive" as per Article 83(1). In addition to a breach of Article 6(1)(f), the lack of organisational measures pursuant to Article 5(2) was weighted45 KB (7,286 words) - 18:55, 5 March 2022
- AEPD (Spain) - PS/00173/2020 (category Article 5(1)(d) GDPR)defendant) for the infringement of the accuracy principle, as per Article 5(1)(d) of the GDPR. The decision is the consequence of a complaint submitted by another22 KB (3,424 words) - 14:06, 13 December 2023
- Datatilsynet (Norway) - 17/01281 (category Article 6(1)(f) GDPR)Privacy Ordinance Article 4 no. 2. For this processing of personal data, the mission assembly is responsible for processing. Article 6 (1) of the Privacy38 KB (6,275 words) - 16:13, 6 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments60 KB (9,713 words) - 13:07, 26 March 2024
- APD/GBA (Belgium) - 73/2020 (category Article 5 GDPR)plain. The word "concise" in Article 12(1) GDPR, however, does not mean incomplete, all mandatory information from Article 13 GDPR must still be included. The93 KB (14,040 words) - 17:00, 12 December 2023
- LG Essen - 6 O 190/21 (category Article 33 GDPR)violated Article 34(2) GDPR, because he only informed the data subject of the alleged data loss. However, the information obligations of Article 34 GDPR provide28 KB (4,596 words) - 18:30, 18 November 2021
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)(articles 12 and 14 of the GDPR); A breach of his right of access (article 15 of the GDPR); A breach of Article 28 of the GDPR with regard to its status72 KB (11,389 words) - 08:59, 20 August 2021
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- Court of Appeal of Brussels - 2022/AR/1085 (category Article 52 GDPR)the grounds of (i) the absence of a high risk within the meaning of Article 35.5 GDPR and (ii) the fact that the present complaint is only a side dispute30 KB (4,204 words) - 09:54, 14 December 2023
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 37(7) GDPR)Protection Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned56 KB (8,326 words) - 16:57, 6 December 2023
- HDPA (Greece) - 12/2022 (category Article 5(1)(a) GDPR)lawfulness, fairness and transparency under Article 5(1)(a) GDPR, and the principle of accountability under Article 5(2) GDPR. Additionally, the HDPA held that the46 KB (7,390 words) - 08:07, 1 April 2022
- GHAL - 200.186.790/01 (category Article 6(1)(b) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- LG Feldkirch - 57 Cg 30/19b - 15 (category Article 9(1) GDPR)the GDPR, as the data falls under Article 9 GDPR and awarded € 800 in emotional damages. The Austrian Business Code cannot override Article 9 GDPR. There69 KB (11,077 words) - 16:48, 7 March 2022
- AEPD (Spain) - PS/00278/2020 (category Article 5(1)(a) GDPR)images, in violation of Article 5(1)(a) GDPR? The Spanish DPA (AEPD) found that the defendant's conduct violated Article 5(1)(a) GDPR, as a broader principle28 KB (4,592 words) - 14:25, 13 December 2023
- LG Bonn - 29 OWi 1/20 (category Article 83(4) GDPR)states that the party concerned violated Article 83(4)(a) GDPR in conjunction with [Article 32(1) GDPR. Article 32 (1) GDPRby failing, at least with gross58 KB (9,577 words) - 08:06, 16 September 2021
- communication service. Therefore, TikTok had to obtain valid consent (Article 4(11) GDPR) from users before using the identifiers. The DPA stated that it should73 KB (11,864 words) - 17:03, 6 December 2023
- DSB (Austria) - D550.038/0003-DSB/2018 (category Article 5(1)(a) GDPR)1 No. 4 DSG 3) a) Section 52 para. 2 no. 7 DSG 2000 in conjunction with § 69 (5) DSG b) Art. 62 Para. 1 No. 4 DSG 4) a) Section 52 para. 2 no. 4 DSG 200031 KB (5,161 words) - 14:02, 12 May 2023
- NAIH (Hungary) - NAIH/2020/193/8 (category Article 12(4) GDPR)been deleted by the employer upon request pursuant to Article 16, Article 17 and Article 5(1)(d) GDPR (inaccuracy of personal data). Therefore, the employer58 KB (9,413 words) - 10:11, 17 November 2023
- HDPA (Greece) - 25/2022 (category Article 5(1)(a) GDPR)principles of article 5 par. 1 GDPR. It's not a coincidence that the GDPR includes accountability (already mentioned above article 5 par. 2 GDPR) in the regulation48 KB (7,803 words) - 13:29, 11 October 2022
- Rb. Overijssel - AK 20 1535 (category Article 17(1)(a) GDPR)inviolable. Article 17, paragraph 1, preamble and under d, of the GDPR therefore does not give the claimant a right to erasure. Article 21 of the GDPR 7. On23 KB (3,225 words) - 11:52, 4 October 2021
- AEPD (Spain) - PS/00385/2020 (category Article 6(1)(a) GDPR)their privacy policy in line with Article 6(1)(a) GDPR within a month. The AEPD also held that URLs 1-4 breached Article 22(2) of the Law 34/2002 (LSSI)55 KB (8,967 words) - 14:33, 13 December 2023