Search results
From GDPRhub
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)and (3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5)32 KB (3,730 words) - 08:43, 7 March 2024
- such as profiling (see also Article 4(4) GDPR); Restriction (marking for limited further processing, see also Article 4(3) GDPR), such as deactivation of125 KB (16,328 words) - 16:01, 8 March 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)proportionate (Article 7 and 8 EU Charter of Fundamental Rights) and in compliance with Article 6(2) and (3) GDPR. According to Article 6(3) GDPR, the legal108 KB (17,005 words) - 15:39, 18 March 2024
- Article 5 GDPR (category GDPR Articles)consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- APD/GBA (Belgium) - 66/2021 (category Article 4(3) GDPR)infringement committed to Article 12.3 and 12.4 GDPR as well as to Articles 11 §3, 11/1 § 3, 11/2§3 and 11/3 §3 of the law of 3 August 2012 . 2.3.2. With regard to88 KB (13,010 words) - 20:12, 30 December 2021
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))consent under Article 7(3), object under Article 21 GDPR or if the processing is in fact compliant with the principles of Article 5(1) GDPR. Simply listing71 KB (9,532 words) - 13:30, 6 March 2024
- a "filing system" within the meaning of Article 4(6) GDPR. See also Article 2(1) GDPR on the scope of the GDPR when it comes to non-automated filing systems73 KB (9,896 words) - 15:46, 18 March 2024
- Article 32 GDPR (category GDPR Articles) (section (3) Codes of conduct and certification mechanisms)evaluating the effectiveness of security measures (Article 32(1)(d) GDPR). According to Article 4(5) GDPR, "pseudonymisation" means the processing of personal41 KB (5,197 words) - 12:17, 17 April 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)listed in Article 83(4), (5) and (6) GDPR. This specifically refers to violations of Articles 8, 11, 25 to 39, 41(4), 42, 43 of the GDPR (paragraph 4), Articles55 KB (7,622 words) - 14:04, 7 November 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))subject (Article 12(2) GDPR), respond and communicate the measures taken (Article 12(3) and (4) GDPR), the principle of freedom from costs (Article 12(5)61 KB (8,488 words) - 15:47, 18 March 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- Protection Regulation (GDPR): A Commentary, Article 25 GDPR, p. 577 (Oxford University Press 2020). EDPB, 'Guidelines 4/2019 on Article 25 Data Protection43 KB (4,675 words) - 06:43, 16 June 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- performance. Article 7 GDPR regulates the "conditions for consent". It specifies the definition of consent set out in Article 4(11) GDPR and, by integrating31 KB (3,489 words) - 16:00, 8 March 2024
- compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor should72 KB (9,140 words) - 13:12, 2 June 2023
- Article 33 GDPR (category GDPR Articles) (section (3) Minimal requirements of the controller's notification.)respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences54 KB (6,536 words) - 08:22, 16 June 2023
- meaning of Article 4(7) and (8) GDPR can be liable for compensation. A claim for damages first requires an infringement of the GDPR. Article 82 GDPR does not33 KB (4,215 words) - 09:57, 19 March 2024
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- Article 60 GDPR (category GDPR Articles) (section (3) Duty of lead supervisory authority (LSA) to communicate the relevant information and submit a draft decision)resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- GDPR are Article 4(7) GDPR (definition of controller), Article 4(8) GDPR (definition of processor), Article 4(16) GDPR (definition of main establishment)55 KB (7,446 words) - 22:28, 1 April 2024
- Article 34 GDPR (category GDPR Articles) (section (3) Exemptions from the obligation to communicate to the data subject)not directly mentioned by Article 33(3)(b)-(d) GDPR could be shared as additional information by the controller Article 34(3) GDPR lists three exemptions37 KB (3,962 words) - 15:20, 16 June 2023
- Kühling/Buchner, DSGVO, Article 2 GDPR, margin number 15 (C.H. Beck 2020, 3rd edition). Bäcker, in Wolff, Brink, BeckOK Datenschutzrecht, Article 2 GDPR, margin number34 KB (4,652 words) - 12:07, 12 November 2023
- Article 46 GDPR (category GDPR Articles) (section (4) Consistency Mechanism in case Paragraph 3 Applies)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 38 GDPR (category GDPR Articles) (section (3) Independence, no retaliation, direct communication with management)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e) GDPR)31 KB (3,646 words) - 08:51, 21 July 2023
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- right to data protection. Article 51 GDPR is closely connected to Article 4(21) (definition of SA), Article 52 (independence), Article 53 (General conditions27 KB (2,604 words) - 14:24, 16 January 2024
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)Gola, DS-GVO, Article 4 GDPR, margin number 106 (C.H. Beck 2018). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November25 KB (2,418 words) - 14:11, 24 May 2023
- Article 70 GDPR (category Article 70 GDPR) (section (3) Forwarding the opinions, guidelines, and recommendations)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 78 GDPR (category GDPR Articles) (section (3) Competent courts and national procedural requirements)DS-GVO BDSG, Article 78 GDPR, margin number 6 (C.H. Beck 2020, 3rd edition); Körffer in Paal, Pauly, DS-GVO BDSG, Article 78 GDPR, margin numbers 3-5, (C.H30 KB (3,874 words) - 10:46, 7 December 2023
- Article 64 GDPR (category Article 64 GDPR) (section (3) Conditions for the adoption of the opinion and timeline)64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- Article 66 GDPR (category Article 66 GDPR) (section (3) Adoption of a final decision of the EDPB without provisional measures)GDPR. In contrast, Article 66(3) refers to “any supervisory authority” (Article 4(21) GDPR) and allows it to request an urgent opinion or an urgent binding20 KB (1,590 words) - 16:11, 2 November 2023
- which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 61 GDPR (category Article 61 GDPR) (section (3) Requirements of an assistance request and limitation of utilization of requested information)standards of clarity (Article 61(3) GDPR). Requests are imperative and, subject to specific exceptions (Article 61(4) and (5) GDPR), must be fulfilled and24 KB (2,181 words) - 11:46, 15 January 2024
- Article 42 GDPR (category GDPR Articles) (section (3-4) Certification as a voluntary act that does not reduce compliance obligations)or processor should be approved pursuant to Article 58(3) GDPR, or by the EDPB pursuant to Article 63 GDPR. Where such an approval takes place through27 KB (2,452 words) - 14:26, 28 July 2023
- notification GDPR articles 51(4), 85(3), 88(3) (available here) (accessed 30 April 2021). Ireland notification GDPR articles 51(4), 84(2), 85(3), 88(3), 90(2)32 KB (3,228 words) - 13:32, 30 November 2023
- use of trusted third party verification services. Article 8(3) GDPR makes it clear that Article 8(1) GDPR only refers to consent, not to the object of the19 KB (1,335 words) - 13:56, 24 October 2023
- EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph 3, or other information43 KB (5,641 words) - 14:58, 28 April 2022
- Article 41 GDPR (category GDPR Articles) (section (3) Submitting the draft criteria for accreditation to the EDPB)clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Member State in relation to damage referred to in Article 62(4) GDPR. According to Article 62(7) GDPR, if the lead SA does not invite the SA to take part22 KB (1,915 words) - 13:46, 15 January 2024
- Article 89 GDPR (category Article 89 GDPR) (section (3) Derogations are Possible for Archiving Purposes in the Public Interest)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- occupation. For example, Article 52(2) GDPR requires SA members to remain free from external influence and Article 52(3) GDPR entails a prohibition of29 KB (2,894 words) - 23:06, 1 April 2024
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- in Category:Article 3 GDPR EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 4 (available here)37 KB (4,635 words) - 13:29, 24 October 2023
- burdens. This reading of Article 31 GDPR is supported by the language of Article 83(4)(a) GDPR which categorises Article 31 GDPR as an 'obligation' of the22 KB (2,042 words) - 14:29, 20 November 2023
- incompatible with the office. Article 52(4) GDPR and Article 52(6) GDPR establish the framework for SAs financial governance. Article 52(4) GDPR stipulates that SAs47 KB (5,594 words) - 22:45, 1 April 2024
- refusal to take action on a data subject’s request (Article 12(4)). The first sentence of Article 20(3) GDPR clarifies that the exercise of the right to data40 KB (5,349 words) - 07:05, 1 June 2023
- with processing within the scope of the GDPR. Part 2 deals with processing outside of the scope of the GDPR. Part 3 deals with processing by competent authorities18 KB (2,488 words) - 15:22, 14 December 2021
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- limit the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A19 KB (1,525 words) - 08:18, 19 October 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- other DPAs concerned. The BCR Lead the submits, following Article 64(1) GDPR and Article 64(4) GDPR, a draft decision to the EDPB. The EDPB, in turn, issues29 KB (2,823 words) - 15:15, 28 April 2022
- Article 72 GDPR (category Article 72 GDPR)dispute resolution under Article 65(3)(1) GDPR and for consistency decisions in the urgency procedure under Article 66(4) GDPR is necessary, as these are22 KB (2,266 words) - 08:26, 17 October 2023
- Article 43 GDPR (category GDPR Articles)Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- Garante per la protezione dei dati personali (Italy) (section Complaints Procedure under Art 77 GDPR)Garante. For example, Article 3 reiterates the general principles of fairness and transparency of the proceeding before the DPA. Article 12 ensures a right7 KB (808 words) - 08:17, 16 February 2023
- Article 97 GDPR (category Article 97 GDPR)years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the16 KB (778 words) - 08:24, 19 October 2023
- Article 49 GDPR (category GDPR Articles)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 54 GDPR (category GDPR Articles)provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- Article 69 GDPR (category Article 69 GDPR)Buchner, DS-GVO BDSG, Article 69 GDPR, margin number 4 (C.H. Beck 2020, 3rd edition). Dix in Kühling, Buchner, DS-GVO BDSG, Article 69 GDPR, margin number 518 KB (1,327 words) - 12:36, 14 December 2023
- Article 16 GDPR (category GDPR Articles)please refer to Article 19 GDPR. If the controller declines to rectify the data, they must provide reasons for their decision (Article 12(4) GDPR). The data23 KB (2,489 words) - 23:24, 6 March 2024
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 93 GDPR (category Article 93 GDPR) (section (3) Urgency procedure under Article 8 of Regulation (EU) No. 182/2011)organisation), Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats17 KB (1,096 words) - 08:19, 19 October 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)controller (as defined under Article 4(7) GDPR) and a processor (as defined under Article 4(8) GDPR). As noted above, Article 79 GDPR imposes a two-stage cumulative31 KB (3,550 words) - 11:11, 29 November 2023
- Article 73 GDPR (category Article 73 GDPR)simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- Article 19 GDPR (category GDPR Articles)disclosed to per Article 4(9) GDPR. Article 19 does not establish any specific time requirement for notification. However, since the purpose of Article 19 is to19 KB (1,436 words) - 12:35, 12 May 2023
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- Article 76 GDPR (category Article 76 GDPR)Regulation (GDPR), Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article15 KB (787 words) - 08:17, 19 October 2023
- provisions such as Article 30(4) for the record of processing or Article 40(11) for the register of approved codes of conduct, Article 26 does not explicitly37 KB (3,915 words) - 12:49, 24 May 2023
- Protection Supervisor, including decisions under Article 63(3), shall be brought before the Court of Justice. 3. The Court of Justice shall have unlimited5 KB (607 words) - 10:41, 5 May 2024
- procedural aspects of the use of GDPR and other aspects which the GDPR leaves for definition to the member states (for ex. Art. 6(3), some aspects of Art. 9(2)10 KB (1,242 words) - 10:51, 6 February 2024
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 67 GDPR (category Article 67 GDPR)Category:Article 67 GDPR See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available here). See EDPB, 2019 Annual Report, Section 4.3.1 (available15 KB (810 words) - 16:13, 2 November 2023
- Datenschutzrecht, Article 80 GDPR, margin number 5 (C.H. Beck 2019); Bergt in Kühling, Buchner, DS-GVO BDSG, Article 80 GDPR, margin number 4 (C.H. Beck 2020, 3rd edition)26 KB (2,575 words) - 15:50, 9 November 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Article 98 GDPR (category Article 98 GDPR)Regulation. Noting that a broader reading of Article 98 GDPR is supported by the wording of Article 2(3) GDPR, which provides that: 'For the processing of15 KB (943 words) - 09:58, 8 November 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 59 GDPR (category GDPR Articles)BDSG, Article 59 GDPR, margin number 4 (C.H. Beck 2020). Boehm, in Kühling, Buchner, DS-GVO BDSG, Article 59 GDPR, margin number 7 (C.H. Beck 2020, 3rd Edition)15 KB (718 words) - 15:31, 19 October 2023
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 74 GDPR (category Article 74 GDPR)decisions in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C15 KB (808 words) - 09:44, 17 October 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Category:Article 11 GDPR Georgieva, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 11 GDPR, p. 39520 KB (1,854 words) - 16:32, 8 March 2024
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- organisation-fined-for-gdpr-rule-breach-1.4255692?mode=amp https://www.irishlegal.com/article/tusla-fined-40-000-in-second-gdpr-breach https://www.dataprotection8 KB (1,034 words) - 14:13, 20 August 2021
- Article 90 GDPR (category Article 90 GDPR)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- motion. Its powers are described under Article 8 of the law "Informatique et Libertés". Under Article R311-1(4) of the French code of administrative justice8 KB (824 words) - 22:52, 27 February 2024
- to § 14(1)(1)(6) BDSG the BfDI is responsible for complaints under Article 77 GDPR. The BfDI has to inform the complainant about the ongoing procedure3 KB (297 words) - 14:49, 1 December 2020
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- at/dam/jcr:ee7b155a-0a1f-4d00-98e9-902314c7022d/Datenschutzbericht%202022.pdf Report: Europe’s governments are failing the GDPR by Brave, page 6 - https://brave11 KB (1,468 words) - 13:27, 14 May 2023
- Spain the GDPR is developed by the Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD). Article 7.2 LOPDGDD15 KB (1,875 words) - 16:18, 13 July 2022
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)what purpose, etc. ........4 1.3.2 Recipient of the data ............................................. .....................4 1.3.3 The data processed in the113 KB (12,773 words) - 15:20, 6 December 2023
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(1)(c) GDPR)Protection Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and48 KB (7,442 words) - 10:24, 12 September 2022
- Paragraph 24 of Schedule 2 states that the GDPR provisions Article 13(1) to (3), Article 14(1) to (4) and Article 15(1) to (3) do not apply to personal data consisting14 KB (2,011 words) - 15:42, 25 November 2020
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 35(1) GDPR)protection regulation's article 5, subsection 2, cf. Article 5, subsection 1, letter a, Article 24, cf. Article 28, subsection 1, Article 35, subsection 1, as117 KB (18,075 words) - 10:19, 12 September 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(1)(a) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- the age of consent under GDPR is kept, namely 16 (art. 8.1 GDPR). See Article 7 of the national implementing law. See Article 5 of the national implementing16 KB (2,260 words) - 19:26, 30 November 2021
- BVwG - W258 2217446-1 (category Article 4(1) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO, ordered79 KB (12,652 words) - 09:41, 10 September 2021
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 4 GDPR)administrative fine for the infringement of Article 6(1) or Article 6(1)(b) GDPR meet the requirements of Article 4(24) GDPR. 504. The EDPB decides that the relevant53 KB (8,413 words) - 14:10, 30 January 2023
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.121 KB (13,722 words) - 15:16, 5 July 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)............. ......................4 1.3.1 Who has implemented the Tool and for what purpose, etc. ........4 1.3.2 Recipient of the data ............131 KB (14,752 words) - 08:36, 5 July 2023
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)...............3 1.3 What Coop has stated............................................... ........................................4 1.3.1 Who has implemented115 KB (12,842 words) - 08:38, 5 July 2023
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- Rb. Rotterdam - C/10/576091/HA RK 19-701 (category Article 15(3) GDPR)the documents or files containing their personal data under Article 15(3) GDPR and Article 12 of the ePrivacy Directive. However, there is a right to a14 KB (2,154 words) - 16:27, 10 March 2022
- age of consent in Sweden is 13 years following § 4 of the Data Protection Act. Under Chapter 3 § 3 number 3 there is a general provision opening up for processing7 KB (793 words) - 14:08, 1 October 2021
- APD/GBA (Belgium) - 26/2021 (category Article 6 GDPR)26/2021 - 4/4 This interim decision can be appealed within 30 days of its notification registered with the Marktenhof (article 108, § 1, of the law of 3 December8 KB (1,156 words) - 16:56, 12 December 2023
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed60 KB (9,144 words) - 16:17, 22 March 2022
- LG Köln - 33 O 376/22 (category Article 6(1)(b) GDPR)protection within the meaning of Article 45 of the GDPR and without appropriate safeguards within the meaning of Article 46 of the GDPR. Furthermore, the plaintiff66 KB (9,990 words) - 12:30, 29 January 2024
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 4(11) GDPR)categories of personal data, cf. GDPR article 9 no. 1, cf. article 4 no. 15. The medical list disputes this. Article 4 (15) reads as follows: "For the purposes144 KB (23,058 words) - 18:48, 5 March 2022
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- Datatilsynet (Norway) - 20/02136 (category Article 3(2) GDPR) (section Special categories of data under Article 9 GDPR)Infringement of Article 6 and 9 GDPR qualifies for the maximum amount for administrative fines as set out in Article 83(5) GDPR: 20,000,000 € or 4% of the total18 KB (2,375 words) - 16:17, 6 December 2023
- defendant within the meaning of Article 4 of the GDPR. The defendant is therefore a controller within the meaning of Art. 4 No. 7 GDPR. b. 44 The Senate is convinced51 KB (8,215 words) - 09:55, 13 May 2022
- CJEU - Joined Cases C‑26/22 and C‑64/22 - SCHUFA (category Article 6(1) GDPR)interests under Article 6(1)(f) GDPR. On the erasure obligations under Article 17 GDPR, the CJEU held that under Article 17(1)(d) GDPR SCHUFA will be under15 KB (2,180 words) - 08:23, 13 December 2023
- CJEU - C‑307/22 - Copies of Medical Records (category Article 15(3) GDPR)reading first sentence of Article 15(3), in conjunction with Article 12(5) of the GDPR under Article 23(1)(i) GDPR. (judgment of 4 May 2023, Österreichische10 KB (1,478 words) - 11:17, 2 November 2023
- APD/GBA (Belgium) - 01/2021 (category Article 60 GDPR)various GDPR violations (including the principles of legality, transparency and fairness, minimisation and security among others). In total, 4 complaints19 KB (2,707 words) - 16:50, 12 December 2023
- CJEU - C‑340/21 - Natsionalna agentsia za prihodite (category Article 5 GDPR)under Article 32 GDPR? 4) Does Article 82(3) GDPR allow the controller to be exempt from liability for damages if the data breach as defined by 4(12) GDPR13 KB (1,963 words) - 11:04, 5 January 2024
- Protection Act 2019 sets exceptions in Article 9(1) GDPR, Article 15 GDPR, Article 16 GDPR, Article 18 GDPR and Article 21 GDPR for scientific or historical research10 KB (1,037 words) - 14:52, 10 July 2020
- HDPA (Greece) - 28/2023 (category Article 58(2) GDPR)council in Greece to cease their processing activities, under Article 58(2) GDPR and Article 15(8) of Law 4624/2019, because of an unresolved data breach9 KB (1,211 words) - 20:32, 8 January 2024
- many waivers from GDPR for research purposes under Article 89 GDPR. It is questionable of the law is constitutional and in line with GDPR. § 151 of the Austrian8 KB (721 words) - 09:32, 24 April 2024
- its Article 35, that the concept of personal data and the possibilities for processing and protection will be defined by the law. The same article reaffirms3 KB (332 words) - 13:31, 3 May 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)(1) (3) of the Personal Data Act (523/1999). 3. The Data Protection Regulation is the law directly applicable in the Member States. However, Article 6 (2)41 KB (6,555 words) - 08:37, 4 March 2024
- HDPA (Greece) - 3/2022 (category Article 4(7) GDPR)the meaning of Article 4(7) GDPR. Furthermore, the erasure or destruction of personal data is a form of processing based on Article 4(2) GDPR. The DPA has11 KB (1,492 words) - 13:09, 23 November 2022
- HDPA (Greece) - 4/2020 (category Article 15(3) GDPR)parent's request, thus violating Article 15(1) and (4) GDPR as well as the principle of accountability pursuant to Article 5(2) GDPR. The complainant requested18 KB (2,865 words) - 15:33, 6 December 2023
- HDPA (Greece) - 20/2023 (category Article 12(3) GDPR)registered letter in violation of article 15 (1) cond. 12 par. 2, 3 and 4 GDPR and c) 30,000 euros for violation of Article 25 (1) GDPR because it did not in practice6 KB (634 words) - 17:48, 17 July 2023
- CJEU - C-252/21 - Meta Platforms and Others v Bundeskartellamt (category Article 4(11) GDPR)competition law, such as the GDPR. It followed, that the CJEU held that in accordance with Article 51 GDPR and Article 4(3) TEU a national competition authority8 KB (1,231 words) - 08:22, 6 July 2023
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)erasure provided for in Article 17 GDPR? b) that person is not entitled to a right of objection as referred to in Article 21 GDPR? 3. If the answer29 KB (4,605 words) - 17:00, 15 December 2021
- HDPA (Greece) - 2/2020 (category Article 12(4) GDPR)the reasons for the delay, in breach of the provisions of Article 12 (3) and (4) of the GDPR.The same infringement, namely the late reply of the PPC as12 KB (1,773 words) - 15:33, 6 December 2023
- CJEU - C-175/20 - SIA ‘SS’ (Opinion of AG Bobek) (category Article 4(1) GDPR)specialized website. AG Bobek is also of the opinion that Article 6(1)(c) GDPR and Article 6(3) GDPR do not preclude national rules from laying down, without8 KB (1,081 words) - 13:13, 1 June 2023
- HDPA (Greece) - 33/2020 (category Article 4(7) GDPR)such a fulfilment by Article 12(3) & (4) GDPR. For this reason, an administrative fine of 1000 EUR was imposed (Article 83(5)b GDPR). Share your comments20 KB (2,270 words) - 15:37, 6 December 2023
- Rb. Rotterdam - C/10/576074/HA RK 19-694 (category Article 15(3) GDPR)the documents or files containing their personal data under Article 15(3) GDPR and Article 12 of the ePrivacy Directive. However, there is a right to a15 KB (2,504 words) - 16:27, 10 March 2022
- CJEU - C-268/21 - Norra Stockholm Bygg (category Article 6(3) GDPR)proportionality of the measure under Article 6(4) GDPR, in accordance with the objectives referred to in Article 23(1) GDPR. It recalled that these objectives9 KB (1,372 words) - 10:12, 7 June 2023
- Recitals GDPR (section Recitals from the GDPR)monitor the functioning of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC. In its adequacy decisions, the Commission182 KB (24,065 words) - 13:40, 9 July 2021
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 4(11) GDPR) (section 4.3. Legal basis for processing)the data subject's consent in Article 4(11), and the basic principle of legality, reasonableness and transparency in Article 5(1)(a). Furthermore, Datatilsynet65 KB (9,767 words) - 16:22, 6 December 2023
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)then enter a password before gaining access to the computer. 3.3.3 Control of logging 3.3.3.1 Facts The OLVG information security & privacy policy states67 KB (11,415 words) - 17:15, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(3) GDPR)the inspected with section 4 of chapter 4 of the GDPR. 3. […] the inspectorate [is active in the field of transport] […]. 4. The controlled has approximately66 KB (9,458 words) - 19:42, 4 September 2021
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 35(3) GDPR)b) of paragraph 3, all of article 35, and paragraph a) of paragraph 4 of article 83, all GDPR, with a fine of up to €20,000,000 or up to 4% of annual turnover163 KB (27,222 words) - 16:54, 6 December 2023
- BVwG - W211 2210458-1/10 (category Article 4(7) GDPR)of the GDPR. To 2): c) Article 50b (2) DSG 2000 (for the period prior to 25 May 2018) (d) Article 13(3) DSG (for the period from 25 May 2018) To 3): c) Article92 KB (15,435 words) - 16:00, 22 March 2022
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)therefore sufficient legal reasons. c) A right to information from § 3 para. 3 and 4 VVG is also ruled out. This only refers to missing come or destroyed40 KB (6,325 words) - 16:12, 18 May 2022
- BVwG - W176 2244407-1/18E (category Article 15(4) GDPR)in Article 23 GDPR. Restrictions on the right to information under Art. 15 GDPR result in particular from the express provision in Art. 15 (4) GDPR that48 KB (7,816 words) - 11:04, 29 July 2022
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)Pursuant to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not36 KB (5,810 words) - 13:09, 21 January 2022
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- HDPA (Greece) - 20/2020 (category Article 4(15) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- APD/GBA (Belgium) - 149/2023 (category Article 7(3) GDPR)meaning of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2.113 KB (17,325 words) - 08:50, 19 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 12(3) GDPR)the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR. As a result, the DPA issued52 KB (7,936 words) - 22:32, 2 March 2024
- AEPD (Spain) - EXP202102430 (category Article 83(4) GDPR)the claimed party, for the alleged violation of Article 32 of the RGPD, typified in Article 83.4 of the GDPR. Once the initiation agreement was notified,33 KB (4,835 words) - 13:26, 13 December 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)even pseudonymised data (Art. 4 Para. 5 GDPR) from the term personal data are recorded in accordance with Art. 4 Para. 1 GDPR. It is undeniable that the MB158 KB (26,392 words) - 08:25, 7 June 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)implement 1See e.g. PVN 2019-09 2FOR-2018-07-02-1107. 3 Prop. 56 LS (2017-2018), point 31.3.3.3 4controlling measures in their business. Regulations on49 KB (7,646 words) - 07:56, 7 March 2022
- APD/GBA (Belgium) - 81/2020 (category Article 12(3) GDPR)period allotted to it to do so (Article 15.1 combined with Article 12.3. of GDPR as well as Article 12.2. of the GDPR (obligation to facilitate the exercise127 KB (21,484 words) - 17:01, 12 December 2023
- Norges Høyesterett - 2021-2403-A (category Article 4(11) GDPR)Privacy Regulation (GDPR) article 6 no. 1 letter f. GDPR applies according to the Personal Data Act § 1 as Norwegian law. Legelisten.no (3) Legelisten.no is46 KB (7,024 words) - 06:18, 6 March 2022
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European25 KB (3,812 words) - 10:03, 20 August 2021
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)02/2021 - 14/26 3. Motifs 3.1 Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe96 KB (15,396 words) - 16:50, 12 December 2023
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(a) GDPR)Appeals Board assessed if a fine could be imposed as per Article 83(5) GDPR, cf. Article 83(2) GDPR, and in which case, how large it should be. The Board31 KB (5,018 words) - 18:44, 5 March 2022
- Rb. Midden-Nederland - UTR- 20 817 en UTR 20 3081 (category Article 77 GDPR)the explanatory memorandum to the UAVG, 3 state that Article 78 of the GDPR is a term as referred to in Article 4:13, first paragraph, of the Awb. The fact25 KB (3,954 words) - 13:39, 16 November 2020
- HDPA (Greece) - 37/2020 (category Article 4(7) GDPR)accordance with article 11 par.1 Law 3471/2006, as applicable, the prior consent of the data subject, without prejudice to paragraph 3 of the same article, as applicable14 KB (2,127 words) - 15:37, 6 December 2023
- HDPA (Greece) - 38/2020 (category Article 4(7) GDPR)address from my list of recipients, in accordance with the provisions of Article 18 GDPR. 4) He proceeded to remove the recipient’s e-mail address from the list14 KB (2,070 words) - 15:38, 6 December 2023
- GDPR, Article 9 GDPR, Article 10 GDPR, Article 30 GDPR and Article 34 GDPR, as well as the provision of the PDPA governing processing of personal data10 KB (1,440 words) - 08:54, 17 January 2020
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read in131 KB (22,429 words) - 16:57, 12 December 2023
- VG Wiesbaden - 6 K 788/20.WI (category Article 4(4) GDPR)conditions of Article 6 (1) of the GDPR. This follows both from Article 21(1)(1)(2) of the GDPR, which refers to Article 6(1)(1)(e) and (f) of the GDPR as a possible52 KB (8,534 words) - 12:58, 15 December 2021
- Datatilsynet (Norway) - 20/02375 (category Article 6(1)(f) GDPR)rating, breaching Article 6(1) GDPR, and required the company to implement a policy for conducting credit ratings per Article 24 GDPR. A person lodged a40 KB (5,943 words) - 18:54, 5 March 2022
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)according to article 4.1 of the GDPR, are a Personal data and its protection, therefore, is the subject of said Regulation. In the article 4.2 of the GDPR defines74 KB (11,726 words) - 13:02, 13 December 2023
- CNIL (France) - SAN-2022-019 (category Article 3(2) GDPR)did not react either. GDPR applicable? (Article 3(2) GDPR) The DPA held that the GDPR was applicable pursuant of Article 3(2) GDPR. Because the controller11 KB (1,452 words) - 17:03, 6 December 2023
- OGH - 6Ob35/21x (category Article 4(1) GDPR)constitute personal data under Article 4(1) GDPR? If so, do they qualify as special categories of personal data under Article 9 GDPR? Is the defendant obliged27 KB (4,090 words) - 09:54, 10 September 2021
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)controller €3,940,000 for the violation of Article 5(1)(f) GDPR and Article 5(2) GDPR. The AEPD considered that the fine was proportional, since the GDPR establishes270 KB (43,335 words) - 12:39, 13 December 2023
- AEPD (Spain) - EXP202100764 (category Article 83(4) GDPR)ends and means of such activity, by virtue of article 4.7 of the GDPR. Article 4 section 12 of the GDPR broadly defines “violations of security of personal34 KB (5,184 words) - 13:22, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)that “Recital 65 of the GDPR also includes the exception of the legal defense as provided for in article 17.3.e of the GDPR to the right to erasure",37 KB (5,765 words) - 09:53, 14 December 2023
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- HDPA (Greece) - 6/2020 (category Article 17(3) GDPR)compliance with the principles of Article 5 (1) GDPR. 4. As, in accordance with the provisions of Article 4 (c) (d).1 GDPR is personal data “any information29 KB (4,557 words) - 15:33, 6 December 2023
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines22 KB (3,427 words) - 13:26, 13 December 2023
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(a) GDPR)or for statistical purposes is not 3 Letter of the Respondent to the Litigation Chamber of July 6, 2020. 4 Article 8 of the Charter of Fundamental Rights35 KB (5,853 words) - 16:58, 12 December 2023
- AEPD (Spain) - EXP202206626 (category Article 5(1)(c) GDPR)accordance with article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 The GDPR defines35 KB (5,475 words) - 13:21, 13 December 2023
- APD/GBA (Belgium) - 41/2020 (category Article 12 GDPR)data concerning those other persons. On Article 12(4) GDPR: the defendant was found in breach of Article 12(4) GDPR for not mentioning the possibility to7 KB (890 words) - 16:58, 12 December 2023
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)that the controller had not violated Article 45 GDPR nor any of the subsequent Articles from Chapter V of the GDPR. The AEPD took into account that the44 KB (6,642 words) - 10:34, 13 December 2023
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)provided for in Article 5(1)(a), (e) and (f), Article 5(2), Article 24(1) and (2), Article 28(3), Article 30(1)(d) and (f) and Article 32(1) of the General58 KB (9,357 words) - 10:02, 17 November 2023
- AEPD (Spain) - EXP202201746 (category Article 83(4) GDPR)infringement of Article 32 GDPR. Therefore, the Spanish DPA issued a warning sanction for each violation of Article 5(1)(f) and Article 32 GDPR. AEPD highlighted62 KB (9,703 words) - 13:05, 13 December 2023
- HDPA (Greece) - 39/2020 (category Article 4(7) GDPR)rowspan="2" width="3"><img src="http://www.dpa.gr:80/APDPXPortlets/images/menutop_space.jpg" width="3" height="104"></td><!--/*++++++++++++++++++++++++3 Υπομενού56 KB (7,755 words) - 15:39, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4680/182/18 (category Article 9 GDPR)according to Article 9(2)(a) GDPR. On the basis of the information gathered, the DPA held that the controller had violated Article 9 GDPR. As a result49 KB (7,496 words) - 14:44, 24 January 2024
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))default (Art. 25 GDPR), integrity and confidentiality (Art. 5.1.f GDPR), as well as security ofprocessing(Art. 32GDPR)......101 B.4.4. - Additional alleged429 KB (58,279 words) - 09:12, 2 November 2022
- EDPB - Binding Decision 1/2021 - 'WhatsApp' (category Article 4(24) GDPR) (section Additional infringement of Article 13(2)(e) GDPR)several paragraphs of Article 83 of the GDPR, as further summarised below. Fining of the ‘gravest infringement’. Article 83(3) GDPR provides that “[i]f a29 KB (4,384 words) - 16:00, 6 December 2023
- CJEU - C-667/21 - Krankenversicherung Nordrhein (category Article 9(3) GDPR)least one of the conditions set out in Article 6(1) GDPR? On the topic of non-material damages 4) Does Article 82(1) GDPR have a specific or general preventive14 KB (1,916 words) - 16:03, 2 February 2024
- UODO (Poland) - DKN.5131.6.2020 (category Article 34(4) GDPR)as Article 57 (1) (a), Article 58 (2) (e) and (i), Article 83 (1) - (3) and Article 83 (4) (a) in connection with Article 33 (1) and Article 34 (1), (2)66 KB (10,785 words) - 10:00, 17 November 2023
- AEPD (Spain) - PS/00070/2019 (category Article 4(11) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- AEPD (Spain) - EXP202205353 (category Article 5(1)(f) GDPR)the alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement22 KB (3,386 words) - 16:05, 13 December 2023
- AEPD (Spain) - EXP202201721 (category Article 83(4)(a) GDPR)violated Article 6 and Article 32 GDPR. The DPA seems to consider the authentication procedure itself as "processing" and therefore Article 32 GDPR applies79 KB (12,408 words) - 13:24, 13 December 2023
- AEPD (Spain) - EXP202105644 (category Article 5(1)(f) GDPR)controller €80,000: €50,000 for the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. The original fine of €80,000 was reduced27 KB (4,121 words) - 15:06, 13 December 2023
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SEVENTH: Notification of the aforementioned45 KB (7,135 words) - 13:08, 13 December 2023
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)with article 4.1 of the RGPD, is a personal data. nal and its protection, therefore, is the subject of said regulation. In article 4.2 of the GDPR defines22 KB (3,319 words) - 13:00, 13 December 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)purpose limitation in accordance with Article 5 Paragraph 1 Letter b GDPR (Paal/Pauly/Paal, 3rd edition 2021, GDPR Article 15 Rn. 24). The plaintiff has a right32 KB (5,093 words) - 16:07, 11 September 2022
- AEPD (Spain) - EXP202105680 (category Article 9 GDPR)very serious in article 72.1. e) from the LOPDGDD, with 10,000 euros. -article 13 of the GDPR, in accordance with article 83.5 b) of the GDPR, and for the66 KB (10,558 words) - 13:14, 13 December 2023
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)AEPD fined in €2,000 a website for non-GDPR compliant privacy policy, violating Article 13 GDPR. On January 16, 2022 the data subject complaint against29 KB (4,482 words) - 14:06, 5 March 2024
- AEPD (Spain) - EXP202209511 (category Article 6(1) GDPR)following the mandatory legal requirements to do so, violating Article 6(1) and Article 13 GDPR. A resident has installed, without the authorization of the22 KB (3,257 words) - 13:28, 13 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)none of the exceptions in Article 82 of the Data Protection Act were applicable, and Apple had to obtain consent (Article 4(11) GDPR) before using the identifiers82 KB (13,463 words) - 17:03, 6 December 2023
- AEPD (Spain) - PS/00451/2019 (category Article 6(1)(f) GDPR)regard to article 83.2 (k) of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k)26 KB (4,231 words) - 14:44, 13 December 2023
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller gives120 KB (19,650 words) - 09:00, 6 April 2022
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)this case under Article 6(1)(a) or 6(1)(c)? If Article 6(1)(a) applies, do the requirements for parental consent under Article 8 GDPR also apply? Did the48 KB (7,926 words) - 16:56, 12 December 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 83(3) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- AEPD (Spain) - EXP202205932 (category Article 6(1) GDPR)basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful32 KB (4,952 words) - 13:11, 13 December 2023
- HDPA (Greece) - 57/2021 (category Article 13 GDPR)2016/679 and article 11toun.3471 / 2006, according to article 58par.2 of the GCP in in combination with article 83 par. 5 of the GCC, and with article 21 par45 KB (7,165 words) - 15:22, 22 February 2022
- AEPD (Spain) - EXP202209001 (category Article 5(1)(c) GDPR)area (Document Annex). mental I). SECOND: In accordance with article 65.4 of Organic Law 3/2018, of 5 December, Protection of Personal Data and guarantee22 KB (3,303 words) - 13:28, 13 December 2023
- HDPA (Greece) - 56/2021 (category Article 13 GDPR)and Article of 11Law No. 3471/2006, in accordance with Article 13(58i2) of the GDPR in conjunction with Article 83(1)(a) of the GDPR. 5 of the GDPR, and54 KB (8,916 words) - 15:22, 22 February 2022
- Datatilsynet (Norway) - 15/01355 (category Article 4(11) GDPR)Supervision: Article 6(1)(f), legitimate interest. For the special category personal data: About diagnosis: Article 6(1)(a), cf. Article 9(2)(a), consent16 KB (2,111 words) - 06:21, 6 March 2022
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines75 KB (12,421 words) - 13:23, 13 December 2023
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notification of the Commencement Agreement26 KB (4,147 words) - 13:27, 13 December 2023
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)AEPD found that the Socialist Party of Catalonia (PSC-PSOE) violated Article 21 GDPR due to unsolicited political propaganda sent after the data subject26 KB (4,032 words) - 14:31, 13 December 2023
- AEPD (Spain) - EXP202301529 (category Article 17 GDPR)considering that it has violated the provisions of Article 17 of the GDPR and Article 21 of the GDPR and urge GLOBAL CAPITAL GROUP SPAIN, S.L. with NIF20 KB (3,078 words) - 13:05, 13 December 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 17(3)(d) GDPR) (section Article 17(1)(d) GDPR)seriously impair the achievement of purposes pursuant to Article 89(1) GDPR. In principle, Article 89(3) GDPR contains an opening clause. This provision was also31 KB (4,648 words) - 13:56, 12 May 2023
- communication service. Therefore, TikTok had to obtain valid consent (Article 4(11) GDPR) from users before using the identifiers. The DPA stated that it should73 KB (11,864 words) - 17:03, 6 December 2023
- CJEU - C-132/21 - Nemzeti Adatvédelmi és Információszabadság Hatóság (category Article 77(1) GDPR)to the powers provided for in Article 51(1) GDPR and those conferred by Article 58(2)(b) and (d) of that regulation? (3) Must the independence of the supervisory9 KB (1,308 words) - 12:54, 28 June 2023
- HDPA (Greece) - 3/2020 (category Article 15 GDPR)coverage of the image of the third party shall not be required.” 4. As follows from Article 12 (4) of Law 2472/1997, the controller was required to respond to19 KB (3,034 words) - 15:33, 6 December 2023
- Helsingin hallinto-oikeus (Finland) - H6072/2021 (category Article 17(3)(a) GDPR)right of freedom of expression and information within the meaning of Article 17(3)(a) GDPR. The controller also stated that there were compelling legitimate61 KB (9,876 words) - 21:38, 24 March 2024
- Helsingin hallinto-oikeus (Finland) - 3620/2023 (category Article 5(1)(a) GDPR)the GDPR. In light of this, the Court agreed with the DPA that the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article22 KB (3,193 words) - 10:34, 29 February 2024
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)2, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3, 59.3133 KB (21,944 words) - 15:59, 22 March 2022
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- LG Krefeld - 2 O 448/20 (category Article 15(1) GDPR)regarded as an access request under Article 15(1) GDPR. According to Recital 63 GDPR, the right of access under Article 15 GDPR serves data subjects to be informed17 KB (2,758 words) - 14:10, 15 December 2021
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled27 KB (4,216 words) - 13:26, 8 January 2024
- OLG Köln - 15 U 126/19 (category Article 17(3) GDPR)pursuant to Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR)121 KB (20,412 words) - 15:58, 10 March 2022
- AEPD (Spain) - EXP202100300 (category Article 16 GDPR)included within the framework of data protection. Therefore, Article 16 GDPR cannot be applied. Article 16 refers to inaccurate personal data, not to the rectification16 KB (2,362 words) - 13:37, 13 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)under Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR143 KB (24,273 words) - 15:59, 10 March 2022
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- CJEU - C-184/20 - Vyriausioji Tarnybinės Etikos Komisija (category Article 6(3) GDPR)and (e), 6(3) and 9(1) GDPR. The preliminary questions concern the issue whether the existence of a legal obligation – Article 6(1)(c) GDPR – or a public6 KB (522 words) - 13:15, 1 June 2023
- democratic legitimation necessary under Article 23(1) second sentence in conjunction with Article 20(1) and (2) and Article 79(3) of the Basic Law. Since data protection18 KB (1,831 words) - 13:49, 3 November 2022
- AEPD (Spain) - TD/00183/2021 (category Article 15 GDPR)and the free circulation of these data (hereinafter, GDPR); and in article 47 of the Law Organic 3/2018, of December 5, Protection of Personal Data and20 KB (3,087 words) - 13:30, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9860529 (category Article 9 GDPR)right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,354 words) - 15:45, 6 December 2023
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD typified in Article 83.5.a) of the RGPD and considered very serious, for the purposes of prescription, in Article 72.139 KB (6,623 words) - 14:08, 13 December 2023
- Datatilsynet (Denmark) - 2019-441-1581 (category Article 34 GDPR)cf. GDPR Art. 34, 3 (b), it is our opinion that Namely and Intervare are not required to notify the data subjects pursuant to the GDPR art. 34, 1. 3. Justification24 KB (3,365 words) - 16:37, 6 December 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)analogously, Section 823 (1) and (2) BGB in conjunction with Article 6 (1) GDPR and Article 17 GDPR. Claims under data protection law could be asserted by way39 KB (6,362 words) - 14:01, 22 June 2023
- Tietosuojavaltuutetun toimisto (Finland) - 918/154/2019 (category Article 17(1) GDPR)was outdated and was no longer of importance to society. Pursuant to Article 17(1) GDPR, the data subject had requested Google LLC (the controller) to remove26 KB (4,072 words) - 12:18, 27 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 8211/161/19 (category Article 5(1)(d) GDPR)this from happening, in violation with Article 24(1), Article 24(2), and Article 25(1) GDPR. According to Article 24(4) of the Finish Data Protection Act,42 KB (6,579 words) - 08:46, 27 January 2022
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)with the principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of61 KB (10,257 words) - 10:15, 1 November 2023
- APD/GBA (Belgium) - 06/2019 (category Article 5(1)(c) GDPR)(e) and 13(2)(a) GDPR. Thus, it ordered the controller to comply with the GDPR. In addition it fined € 10,000 under Article 58(2)(i) GDPR for the violation20 KB (3,137 words) - 16:51, 12 December 2023
- HDPA (Greece) - 26/2023 (category Article 15 GDPR)under Article 15 GDPR." The DPA rejected the request for review. Genealogical research on a family surname did not fall within the scope of Article 15 GDPR14 KB (2,181 words) - 11:27, 13 September 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)and 13 GDPR? Is the information provided to data subjects throughout the subscription process in compliance with the provisions of Article 13 GDPR? Does48 KB (7,404 words) - 17:09, 6 December 2023
- HDPA (Greece) - 18/2020 (category Article 5(1)(a) GDPR)governed by the basic principle of GDPR, the principle of transparency (relevant Articles 12-14 of the GDPR). 4. The GDPR introduces the principle of accountability12 KB (1,733 words) - 15:34, 6 December 2023
- BVwG - W211 2225136-1 (category Article 5 GDPR)objected to its processing pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore39 KB (6,244 words) - 09:40, 10 September 2021
- CNIL (France) - SAN-2019-001 (category Article 4(11) GDPR)comprehensible character, within the meaning of Article 12 of the GDPR, of the information provided for in Article 13 of the Regulation must be assessed. The90 KB (14,556 words) - 17:08, 6 December 2023
- HDPA (Greece) - 30/2020 (category Article 4(1) GDPR)powers under Article 58(2) GDPR and impose on the respondent the responsibility to restore the fulfilment of Article 5(1)(a) GDPR and of Article 5(1)(b-f)20 KB (2,519 words) - 15:36, 6 December 2023
- HDPA (Greece) - 11/2024 (category Article 17 GDPR)60 of the GDPR does not apply established by the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR36 KB (5,761 words) - 17:19, 22 April 2024
- ANSPDCP (Romania) - 03.08.2023 (category Article 12(4) GDPR)Romanian DPA fined Med Life SA for the violations of Article 12(4) GDPR and Article 15(3) GDPR. Med Life SA was fined 9,839.6 RON, equivalent to €2,0005 KB (659 words) - 15:14, 13 December 2023
- HDPA (Greece) - 52/2021 (category Article 28(3) GDPR)processor €30,000 under Article 58(2) GDPR and Article 83(4) GDPR for the breach of Article 32(2), Article 32(4) GDPR and Article 28(3) GDPR. As for the controller8 KB (861 words) - 10:00, 22 December 2021
- |GDPR_Article_3=Article 99 GDPR |GDPR_Article_Link_3=Article 99 GDPR |GDPR_Article_4= |GDPR_Article_Link_4= |GDPR_Article_5= |GDPR_Article_Link_5= |GDPR_Article_6=32 KB (6,006 words) - 16:33, 7 July 2021
- |GDPR_Article_3=Article 99 GDPR |GDPR_Article_Link_3=Article 99 GDPR |GDPR_Article_4= |GDPR_Article_Link_4= |GDPR_Article_5= |GDPR_Article_Link_5= |GDPR_Article_6=34 KB (5,924 words) - 18:14, 20 April 2021
- Datatilsynet (Norway) - 21/02873 (category Article 3(1) GDPR)in Article 12(5) GDPR, Article 15(4) GDPR or Article 16 of the Norwegian Personal Data Act were applicable. The DPA ordered the controller (Article 58(2)(d)13 KB (1,583 words) - 16:20, 6 December 2023
- Rb. Amsterdam - C/13/692003/HA RK 20-302 (category Article 15(1) GDPR)located in the Amsterdam district (Article 4 Brussels I bis Regulation 2 and Article 262 opening lines and under a Rv 3 ). 4.2. Insofar as the request of [applicants]30 KB (4,797 words) - 10:03, 19 May 2021
- APD/GBA (Belgium) - 136/2022 (category Article 4(1) GDPR)right of access (Article 12(4) GDPR). The DPA held that data concerning the vehicle of the complainant is personal data (Article 4(1) GDPR), since the data19 KB (2,700 words) - 08:49, 29 June 2023
- OLG München - 3 U 2906/20 (category Article 4(1) GDPR)a claim under Article 15 GDPR entitles the data subject to be provided with copies of their personal data and whether Article 15(3) GDPR contains an independent21 KB (3,450 words) - 10:33, 8 February 2022
- Personvernnemnda (Norway) - 2021-18 (20/02059) (category Article 5(1)(d) GDPR)around the processing of personal data subject to Article 10 GDPR. Pursuant to Article 6(1)(f) GDPR, the Privacy Appeals Board conducted a balancing test36 KB (5,859 words) - 06:40, 6 July 2022
- Commissioner (Cyprus) - 11.17.001.007.219 (category Article 4(1) GDPR)that if a trial is taking place, then Article 55(3) of the GDPR is triggered. The Company believed that this article suspends the obligation to provide access4 KB (392 words) - 16:52, 6 December 2023
- AP (The Netherlands) - 4.02.2021 (category Article 8 GDPR)interpretation of article 13 of the Wbp is no different from that of article 32 of the GDPR, described in paragraphs 2.3.2 and 2.3.3. Also in the period57 KB (8,053 words) - 17:07, 12 December 2023
- HDPA (Greece) - 41/2019 (category Article 12(3) GDPR)according to Article 12(3) GDPR and Article 12(4) GDPR when a data subject may exercise their right of access according to Article 15(1) GDPR and Article 15(3)4 KB (322 words) - 15:39, 6 December 2023
- AG Frankfurt am Main - 31 C 2043/22 (78) (category Article 4 GDPR)the meaning of Article 4 GDPR and that it had an interest in secrecy that justified its refusal to provide a copy under Article 15(4) GDPR. Unsatisfied,5 KB (498 words) - 07:16, 7 June 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4356/532/19 (category Article 5(1)(a) GDPR)on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for43 KB (6,671 words) - 08:49, 27 January 2022
- Tietosuojavaltuutetun toimisto (Finland) - 834/532/18 (category Article 5(1)(a) GDPR)on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for43 KB (6,677 words) - 08:47, 27 January 2022
- ANSPDCP (Romania) - S.C. Viva Credit IFN S.A. (category Article 12(3) GDPR)a violation of GDPR Art. 17 and Art. 12(3) & (4). The National Supervisory Authority found that there had been a violation of the GDPR and imposed a fine4 KB (565 words) - 15:20, 13 December 2023
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)no. 2, § 66 (3) sentence 3, § 68 (1) sentence 5 LFGB § 40 paragraph 1a Basic Law Article 5(1), first sentence VIG § 1, § 2, § 3, § 4 para. 4, § 5 para. 140 KB (6,397 words) - 08:03, 21 March 2022
- DSB (Austria) - 2021-0.101.211 (category Article 4(15) GDPR)to be qualified as a health data pursuant to Article(4)(15) GDPR and that the scope of protection of Article 9(2) must be taken into account as a standard37 KB (5,745 words) - 13:53, 12 May 2023
- APD/GBA (Belgium) - 11/2024 (category Article 12(3) GDPR)established in Article 12(3) and (4) GDPR. Therefore, the Belgian DPA found the controller to have breached Article 15 GDPR in conjunction with Article 12(3) and26 KB (3,856 words) - 08:51, 19 March 2024
- APD/GBA (Belgium) - 137/2022 (category Article 12(3) GDPR)the DPA held that it had violated Article 12(3) GDPR (the controller failed to answer within a month), Article 12(4) GDPR (The controller failed to provide14 KB (1,946 words) - 08:50, 29 June 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)was processing personal data within the meaning of section 3(4) DPA and Article (4)(2) GDPR. 1.3 This Penalty Notice arises out of an incident from 25 May130 KB (21,195 words) - 13:52, 25 April 2021
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)the GDPR (document 38, p. 14}: • "Breach of art. 6.1GDPR: o the data processing for the purposes stated in parts 1, 2, 3, 4, 6 and 7 of point 4.3 of the85 KB (12,340 words) - 15:30, 19 August 2022
- APD/GBA (Belgium) - 20/2023 (category Article 2(4) GDPR)objection for data processing under Article 21 GDPR and the principle of liability under Article 2(4) GDPR and Article 24 GDPR. The complainant, the data subject14 KB (1,883 words) - 16:59, 20 March 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)(definition) Article 4.1: Data subject (definition) Article 4.2: Processing (definition) Article 4.3: Restriction of processing (definition) Article 4.4 : Profiling9 KB (1,251 words) - 12:15, 8 May 2023
- CNIL (France) - SAN-2023-082 (category Article 9(4) GDPR)etc.). 2.4.1.9. These documents must include all of the information provided for in Article 14 of the GDPR. 2.4.2. Exercise of people’s rights 2.4.2.1. The46 KB (7,106 words) - 17:06, 6 December 2023
- DSB (Austria) - D130.206/0006-DSB/2019 (category Article 3(3) GDPR)infringed or has infringed") is achieved. 5. on point 3. Under Article 13.4, paragraphs 1, 2 and 3 of Article 13.4 find legal grounds for refusal of access. cit40 KB (6,007 words) - 13:59, 12 May 2023
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- AP (The Netherlands) - 24.03.2020 (category Article 4(15) GDPR)controller as referred to in Article 4, Section 7, of the GDPR. 4.3 Violation of the prohibition on processing health data 4.3.1 Introduction Health data48 KB (7,461 words) - 17:04, 12 December 2023
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 7(4) GDPR)for the special categories. 4.4.3. Page 4 of the Declaration clearly lists the cases concerning the conditions of Article 6 with the relevant legal bases56 KB (8,913 words) - 16:52, 6 December 2023
- RvS - 201905347/1/A3 (category Article 17(3) GDPR)decision of the Minister is no longer based on Article 17(3) GDPR. Instead the decision is based on Article 6(4) GDPR. However the Minister did not explain well25 KB (3,824 words) - 22:46, 10 October 2020
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(3) GDPR)the right of access under Article 15(4) of the GDPR or section 22 of the DDPA can be invoked. It follows from Article 15 (4), that the right to obtain26 KB (3,820 words) - 16:22, 6 December 2023
- HDPA (Greece) - 48/2023 (category Article 12(3) GDPR)personal data in violation of Article 5(1)(a) GDPR, Article 6(1) GDPR, Article 12(3) GDPR, Article 12(4) GDPR and Article 15 GDPR. As such, the DPA issued a6 KB (685 words) - 14:58, 21 March 2024
- GHAL - 200.256.387 (category Article 17(3)(b) GDPR)virtue of Article 17(3)(b) GDPR. Indeed, it further is justified that the task carried out in the public interest under Article 6(1)(e) GDPR does not constitute27 KB (4,289 words) - 07:57, 7 March 2022
- BVwG - W258 2227269-1/14E (category Article 4(7) GDPR)violating Article 5(1) GDPR Article 6 (1) GDPR Article 6(4) GDPR Article 9 GDPR Article 14 GDPR Article 30 GDPR Article 35 GDPR and Article 36 GDPR. The fine47 KB (7,345 words) - 09:41, 10 September 2021
- APD/GBA (Belgium) - 103/2022 (category Article 4(11) GDPR)of Article 4(11). The DPA thus found another violation of Article 6(1)(a). The DPA further held that the controller violated Article 4(11), Article 12(1)6 KB (569 words) - 12:31, 3 August 2022
- AKI (Estonia) - 2.1.-3/20/4479 (category Article 5(1)(c) GDPR)with the precept was 01.12.2020. 3.3. On 1 December 2020, MustamäeApteek OÜ announced compliance with the precept. 3.4. On December 7, 2020, Mustamäe Apteek28 KB (4,474 words) - 10:31, 13 December 2023
- APD/GBA (Belgium) - 135/2022 (category Article 4(23) GDPR)companies in both Belgium and the UK, violated Article 15(1) GDPR, Article 15(3) GDPR and Article 12(3) GDPR GDPR for deleting data instead of providing access39 KB (5,674 words) - 08:57, 29 June 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 4) (category Article 28(3)(a) GDPR)processor, see Article 28(3)(a) GDPR. Document that all transfers of personal data to insecure third countries, are in line with the GDPR. Describe all25 KB (3,660 words) - 08:42, 14 September 2022
- AP (The Netherlands) - 16.06.2020 (category Article 4(12) GDPR)the fine under Article 7, under c of the 2019 Policy Rules. 4.3.4 Proportionality Ultimately, the AP judges on the basis of Articles 3: 4 and 5:46 of the54 KB (8,224 words) - 17:07, 12 December 2023
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)three (3) of the five (5) complainants in three (3) of the four (4) publications exceeded the principle of data minimisation in violation of Article 5(1)(c)31 KB (4,973 words) - 16:50, 6 December 2023
- Gerechtshof Amsterdam - 200.251.466/01 (category Article 21 GDPR)proceedings. 3.6.3. There is no dispute between the parties that the credit registration is based on article 4:32 Wft. This article implements Article 8 of Directive19 KB (3,021 words) - 15:48, 15 March 2022
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 12(5) GDPR)the same search results on the basis of Article 12 (4) GDPR has been rejected by Google . Article 21 (1) of the GDPR provides that a data subject has the34 KB (5,811 words) - 09:44, 8 December 2020
- Tietosuojavaltuutetun toimisto (Finland) - 9209/157/2019 (category Article 12(4) GDPR)Data Protection Regulation (2016/679) Article 12 (4), Article 17 (3), Article 21 (2) and (3), Article 25 (2), Article 58 (2) (b) Section 2 of the Health Care20 KB (3,108 words) - 13:02, 3 March 2024
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)accordance with Article 60(3) GDPR. Ten DPAs (AT, DE, ES, FI, FR, HU, IT, NL, NO, SE) raised objections, in accordance with Article 60(4) GDPR, to the Draft468 KB (51,340 words) - 14:10, 30 January 2023
- HDPA (Greece) - 65/2022 (category Article 12(3) GDPR)found that there had been a violation of articles 12 para. 1, 3, 4 and 15 para. 1 of the GDPR, to the extent that the complained company never responded to5 KB (571 words) - 16:39, 28 February 2023
- APD/GBA (Belgium) - 08/2019 (category Article 12(3) GDPR)violated Articles 12(3), (4), 13(2)(b), 30(1)(d) and (g) of the GDPR and issued a warning by virtue of Article 58(2)(b) of the GDPR. Due to the anonimisation24 KB (3,843 words) - 16:51, 12 December 2023
- AZOP (Croatia) - Decision 04-05-2023 (redirect from AZOP (Croatia) - Decision of 4 May 2023 - debt collection agency) (category Article 28(3) GDPR)with its transparency obligation. (2) Contrary to the provisions of Article 28(3) GDPR, the controller did not have a processing agreement with the processor12 KB (1,626 words) - 15:22, 30 October 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)based on Article 6.1.f) of the GDPR, but not for all processing based on this article. […] 73 74Investigation report, page 22, point 4.4.2.3.3. WP 260 rev82 KB (11,472 words) - 16:58, 6 December 2023
- Datatilsynet (Denmark) - 2020-442-8866 (category Article 4(1) GDPR)security are reported in a timely manner in future. 4.3. Article 34 of the Data Protection Regulation Article 34 (1) of the Data Protection Regulation 1, it20 KB (3,045 words) - 16:40, 6 December 2023
- DSB (Austria) - D123.921/0005-DSB/2019 (category Article 12(3) GDPR)Paragraph 3 and 4, Art. 15, Art. 77 Paragraph 1 of Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR), OJ No. L119 of 4.5. 2016; §§ 4 Paragraph42 KB (6,592 words) - 13:58, 12 May 2023
- Rb. Rotterdam - 9436020 \ CV EXPL 21-30289 (category Article 4(2) GDPR)data is a form of processing as referred to in the GDPR (article 4 sub 2 GDPR). Article 6 of the GDPR provides that the processing of personal data is only19 KB (2,828 words) - 10:09, 18 March 2022
- Digitaliseringsstyrelsen - Decision against Google of 30 October 2023 (category Article 4(11) GDPR)under §§ 2(8) and 3(1) of the Cookie Law , the condition for voluntary and specific consent (as also described in Article 4(11) GDPR) was not met. In connection52 KB (8,025 words) - 05:01, 23 November 2023
- Rb. Gelderland - C/05/391171 / HA RK 21-135 (category Article 5(1)(c) GDPR)limitation as used in Article 5 of the GDPR and that Article 17(1)(d) of the GDPR also does not apply.c. Is the method of registration inadequate?4.14. [applicant]56 KB (9,287 words) - 16:00, 26 January 2022
- DPC (Ireland) - IN-21-3-1 (category Article 4 GDPR)the request within a period of one month (Article 12(3)). Accordingly, the controller infringed Article 12(3) GDPR with respect to its handling of the access20 KB (3,069 words) - 18:48, 24 January 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023
- NAIH (Hungary) - NAIH-1091-10/2022 (NAIH-6936/2021) (category Article 12(3) GDPR)thereby violating Article 5 (2) of the GDPR paragraph, i.e. the principle of "accountability". IV.3.4. Fulfilling stakeholder requests IV.3.4.1. Deletion of69 KB (11,255 words) - 10:08, 17 November 2023
- Rb. Limburg - C/03/278775 / HA RK 20-119 (category Article 35 GDPR)[applicant] is therefore admissible in her request. 4.3. Pursuant to Article 21 (1) of the GDPR , persons such as [the applicant] can object to the processing16 KB (2,580 words) - 10:43, 23 September 2020
- Garante per la protezione dei dati personali (Italy) - 9451734 (category Article 6(3) GDPR)1, letter c) and e), par. 2 and par. 3, letter b); 9, par. 1, 2, 4, of the Regulation; Articles 2-ter, par. 1 and 3 and 2-septies, par. 8, of the Code is24 KB (3,697 words) - 15:52, 6 December 2023
- DSB (Austria) - D550.038/0003-DSB/2018 (category Article 5(1)(a) GDPR)1 No. 4 DSG 3) a) Section 52 para. 2 no. 7 DSG 2000 in conjunction with § 69 (5) DSG b) Art. 62 Para. 1 No. 4 DSG 4) a) Section 52 para. 2 no. 4 DSG 200031 KB (5,161 words) - 14:02, 12 May 2023
- HG Wien - 57 Cg 32/20m (category Article 4(2) GDPR) (section Clause 3: Violation of the Transparency Principle under Article 5(1)(a) GDPR)based on a legitimate interest under Article 6(1)(f) GDPR, so that the principle of lawfulness under Article 5(1)(a) GDPR is violated. This is due to the fact24 KB (3,579 words) - 12:05, 7 July 2021
- BVwG - W101 2132183-1 and W101 2132039-1 (category Article 4(1) GDPR) (section Use of online tools to provide access in line with Article 12 GDPR)are made by way of a resolution, unless a ruling is required. 3.3. on A) 3.3.1 Section 69 (4) of the DSG does not contain any transitional provisions regarding107 KB (17,615 words) - 09:42, 10 September 2021
- OGH - 6Ob127/20z (category Article 4(1) GDPR)held that a lawsuit under Article 79 GDPR regarding the alleged violation of Article 15 GDPR is indeed feasible. Article 79 GDPR is not limited to certain34 KB (5,408 words) - 13:57, 20 September 2021
- Commissioner (Cyprus) - 11.17.001.008.042 (category Article 4(11) GDPR)An employer should explore the specific exceptions in Article 9(2)(b) GDPR to Article 9(2)(j) GDPR to lawfully process health-related data of employees4 KB (472 words) - 16:52, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.010.201 (category Article 5(1)(a) GDPR)consent [Article 6(1)(a)], due to the nature of the employer-employee relationship.' 3. Rationale 3.1 Definitions 3.1.1 According to Articles 4(1) and 4(2) of23 KB (3,737 words) - 10:30, 7 June 2023
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- DVI (Latvia) - SIA “Lursoft IT” (category Article 6(3) GDPR)law “On Latvia 10 15 Article 4, Eleventh Part, Article 4, Paragraph one, Clause 3 Point (a) and the fourth paragraph of Article 4 Documents in the register90 KB (14,351 words) - 16:10, 6 December 2023
- HDPA (Greece) - 51/2022 (category Article 4(1) GDPR)national law, Directive 01/2011 and Law 4624/2019, as well as the GDPR. According to Article 9(4) of Directive 01/2011, the transmission to third parties of13 KB (1,901 words) - 08:43, 9 November 2022
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)para 3.4) On 1 April 2022, the DPC shared its Draft Decision with the other Data Protection Authorities (DPAs) in accordance with Article 60(3) GDPR. Six289 KB (33,568 words) - 15:00, 1 February 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)discontinued pursuant to Article 17, clause 1 (d) of the AVG. In grievance 4, [the appellant] again contests points 3.21 and 3.22. [the appellant] claims91 KB (15,371 words) - 15:11, 5 October 2021
- DSB (Austria) - 2020-0.349.984 (category Article 4(2) GDPR)acceptance and identification (points 3.3 and 3.5.2 of the General Terms and Conditions for letters nationally and point 4.1 of the product and price list ("PVV")28 KB (4,228 words) - 14:00, 12 May 2023
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)meaning of Article 6.4 Old Law. 2 DSGVO, which enables additional national deviations from the purpose, the compatibility test under Article 6.4, old version31 KB (5,184 words) - 17:19, 15 April 2023
- Datatilsynet (Denmark) - 2023-432-0016 (category Article 4(11) GDPR)explicit consent was needed under Article 9(2) GDPR and the conditions for consent pursuant to Article 4(11) GDPR had to be assessed in light of the relevant46 KB (7,192 words) - 12:37, 19 December 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)uncensored form” as intended by the court, i.e. without that 3.20 3.21 3.22 3.23 3.24 3.25 3.26 3.27 3.28 essential information in the deeds had been blacked103 KB (17,620 words) - 10:13, 29 November 2023
- AP (The Netherlands) - 10.12.2020 (Booking.com) (category Article 33(1) GDPR)AP refers to subsections 4.3.1 and 4.3.2. 4.3.6 Proportionality and statutory maximum penalty Finally, pursuant to Sections 3:4 and 5:46 of the Awb (principle77 KB (12,915 words) - 17:15, 12 December 2023
- Rb. Noord-Holland - C/15/311101 / HA RK 20-227 (category Article 17(3)(b) GDPR)minimize data. 4.4. The municipality takes the position that Article 17 paragraph 3 under b AVG in conjunction with Article 7.3.8 paragraph 3 Youth Act opposes22 KB (3,333 words) - 13:22, 2 June 2021
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page82 KB (13,250 words) - 16:57, 12 December 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 12(4) GDPR)Chapter 3 and Sections 3, 4, 6, 11, 12, 13, 16, 17, 21, 23-24. Section 4 (5), Section 5 (3) to (5), (7) and (8), Section 13 (2) § 23, § 25, 25 / G. § (3), (4)60 KB (9,820 words) - 10:08, 17 November 2023
- Commissioner (Cyprus) - 12.10.001.011.001 (category Article 34(3) GDPR)the under General Data Protection Regulation 2016/679. According to Article 33 of GDPR, in the case of a personal data breach, the Data Controller shall7 KB (861 words) - 16:53, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 5(1)(f) GDPR)hand can not verify its legalitytraining. 3.6.4. In view of what was mentioned in paragraphs 3.6.1. - 3.6.3. above, the DefendantThe perpetrator was obliged61 KB (9,412 words) - 16:52, 6 December 2023
- DSB (Austria) - 2020-0.743.659 (category Article 4(15) GDPR)permission in Article 6 (1) (c) GDPR and argues that it is the Viennese in accordance with Article 5 (3) of the EpiG in conjunction with Article 1 (2) (e)50 KB (8,015 words) - 13:52, 12 May 2023
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)found that the right to a copy under Article 15(3) GDPR is independent from the right to access under Article 15(1) GDPR and is to be construed extensively42 KB (6,689 words) - 08:30, 21 November 2022
- Court of Appeal of Brussels - 2022/AR/953 (category Article 4(11) GDPR)the DPA to issue a referral in order to open an ex officio investigation (Article 63(1) of the Law establishing the Belgian DPA). This referral needs to indicate7 KB (681 words) - 10:43, 15 January 2024
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a decision107 KB (17,697 words) - 16:52, 12 December 2023
- GHDHA - C/09/574422 / HA RK 19-368 (category Article 1 GDPR)obligation (Article 4:32 § 1 Wft). Therefore, Article 6(1)(c) GDPR was relevant. However, the Court highlighted that the phrase "at least on" in Article 6(1)43 KB (7,297 words) - 12:26, 4 October 2021
- Commissioner (Cyprus) - 11.17.001.010.045 (category Article 5(1)(c) GDPR)that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines74 KB (12,375 words) - 10:07, 4 October 2023
- Commissioner (Cyprus) - 11.17.001.009.232 (category Article 12(3) GDPR)breaching Article 12(3) GDPR, since it failed to notify the data subject that her erasure request was satisfied, as well as Article 24(1) GDPR, given that17 KB (2,515 words) - 11:17, 6 February 2024
- DSB (Austria) - 2020-0.816.655 (category Article 3 GDPR)latest at the time of the first communication (Art. 14(3)(a) and (b) GDPR). However, Art. 14(1) to (4) GDPR shall not apply if and to the extent that the data28 KB (4,230 words) - 13:53, 12 May 2023
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)force of the GDPR, the controller also sent him a separate revocation letter referring to the operational reasons under Article 38(3) GDPR, second sentence40 KB (6,019 words) - 14:13, 28 November 2023
- AP (The Netherlands) - 14.01.2022 (category Article 5(1)(c) GDPR)increase or decrease. 4.4 Conclusion The AP sets the total fine at €525,000. 4For the justification, see paragraphs 4.3.1 and 4.3.2. 18/19,Date Unidentified50 KB (7,656 words) - 17:05, 12 December 2023
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)"lifting". (4.2) Exclusions (4.2.1) GDPR and AO restrictions 145 According to Art. 15 Para. 1 GDPR, the person concerned (Art. 4 No. 1 GDPR) has a right97 KB (16,519 words) - 09:57, 22 February 2023
- UODO (Poland) - ZSPR.421.3.2018 (category Article 4(1) GDPR)mentioned in the Art. 14 GDPR. 4) No, in the assessment of the President of UODO, sending out information related to Art. 14 GDPR by regular mail to the52 KB (8,444 words) - 10:01, 17 November 2023
- APD/GBA (Belgium) - 11/2019 (category Article 6(4) GDPR)the obligations relating to the right to erase data (Articles 12.3 and 4 and Article 17 of the RGPD) and contained findings going further than the subject24 KB (3,844 words) - 16:51, 12 December 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)additional submissions regarding Article 83(3) GDPR (“Meta IE Submissions on Article 83(3) GDPR”). December 2021 On3December2021,theIESAshareditsDraftDecisionwiththeCSAs276 KB (38,206 words) - 09:46, 20 January 2023
- AP (The Netherlands) - 7.04.2022 (redirect from AP (The Netherlands) - Dutch Tax and Customs Administration fined €3,700,000 for six GDPR violations) (category Article 5(1)(b) GDPR)theAVGsserious. 3.6Conclusion The AP sets the total amount of the fines imposed at €3,700,000. 1For the justification, see also paragraph 3.3 and 3.4. 14/16,Date49 KB (7,201 words) - 17:06, 12 December 2023
- GHAL - 200.256.426 (category Article 4(2) GDPR)on legitimate interests according to Article 6(1)(f) GDPR and that Ziggo had to comply with Article 6(4)(d) GDPR. The Court found that DFW had a legitimate40 KB (6,777 words) - 16:28, 15 March 2022
- Court of Appeal of Brussels - 2019/AR/1006 (category Article 16 GDPR)incorrect applies Article 12.3 of the AVG. However, this is not correct. 33. Article 12.3 of the GDPR reads (in its relevant parts): ''Art. 12.3 The controller59 KB (9,290 words) - 09:10, 5 May 2024
- BVwG (Austria) - W211 2268942-1 (category Article 55(3) GDPR)complainant for the costs of the appeal (paragraph 5). 3.4.2. According to Article 55 (3) GDPR, the supervisory authorities are not responsible for supervising75 KB (12,118 words) - 15:46, 14 February 2024
- APD/GBA (Belgium) - 42/2020 (category Article 4(7) GDPR)the file (Article 95, §2, 3 ° WOG) 7. On 7 August 2019, a copy of the file will be sent to the defendants. Page 3 Substance decision 35/2020 - 3/11 8. On30 KB (4,871 words) - 16:58, 12 December 2023
- AKI (Estonia) - 2.1.-3/19/3971 (category Article 15 GDPR)adversely affect the rights and freedom of the others, pursuant to Article 15(4) GDPR. Also, it found that the national law - Money Laundering and Terrorist4 KB (423 words) - 10:30, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3216/452/17 (category Article 5(1)(a) GDPR)violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR. As a result, and in accordance with Article 58(2)(d) GDPR, the60 KB (9,117 words) - 14:46, 24 January 2024
- Tietosuojavaltuutetun toimisto (Finland) - TSV/35/2022 (category Article 32(4) GDPR)a violation of Article 5(1)(b) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Generally, a controller20 KB (2,859 words) - 13:11, 13 March 2024
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3021/452/2017 (category Article 15(3) GDPR) (section Application of Articles 12 and 15 GDPR to call records)(2016/679) Article 5 (1) (a), Article 12 (1), (2) and (6) , Article 13, Article 15 (1) (h), (3) and (4), Article 58 (2) (c) and (d) subparagraphs Article 34 (1)41 KB (6,220 words) - 09:48, 17 November 2023
- AKI (Estonia) - 18.02.2022 (category Article 5(1) GDPR)issues a reprimand under Article 58(2)(b) GDPR. After this, the DPA draws attention to the fact that pursuant of Article 5(1)(a) GDPR, data must be processed42 KB (5,838 words) - 10:27, 13 December 2023
- RvS - 202100789/1/A3 (category Article 17(3)(e) GDPR)in accordance with Article 5, paragraph 1, preamble and under b, of the GDPR. 4.4. Article 6, paragraph 1, opening words, of the GDPR stipulates that processing20 KB (2,965 words) - 12:52, 28 June 2023
- Persónuvernd - 2020010601 (category Article 4(1) GDPR)of him or her, cf. 2. tölul. Article 3 Act no. 90/2018 and point 1. Article 4 of the Regulation. According to para. Article 4 Act no. 90/2018, the Act and39 KB (6,351 words) - 09:52, 6 May 2021
- Datatilsynet (Norway) - 20/02172 (category Article 6(1)(f) GDPR)under Article 6(1)(f) GDPR. The DPA also requires that the company implement internal controls of their credit rating process as per Article 24 GDPR. The28 KB (4,155 words) - 18:57, 5 March 2022
- Datatilsynet (Norway) - 20/02291 (category Article 5(1)(f) GDPR)patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital45 KB (6,645 words) - 14:40, 28 March 2022
- AP (The Netherlands) - 23.09.2021 (category Article 32(1) GDPR)increase or decrease. 4.4 Conclusion The AP sets the total fine at €400,000. 8For the justification, see paragraphs 4.3.1 and 4.3.2. 24/25Date Unidentified66 KB (8,861 words) - 17:08, 12 December 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)Data Authority2019 53 3.3Penaltyforviolatingthesecurityofprocessing 53 3.3.1 Nature, seriousness and duration of the infringement 54 3.3.2 Negligent nature179 KB (22,957 words) - 17:07, 12 December 2023
- AP (The Netherlands) - 10.12.2020 (locatefamily.com) (category Article 27(1) GDPR)personal data within the meaning of Article 4, opening words and (1) of the AVG. Based on Article 2, paragraph 1 and Article 3, paragraph 2, of the AVG, the38 KB (6,339 words) - 17:14, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 38(3) GDPR)Protection Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned56 KB (8,326 words) - 16:57, 6 December 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)increase or decrease. 4.4 Conclusion The AP sets the total fine at €450,000. 6For the justification, see paragraphs 4.3.1 and 4.3.2. 23/41Date Unidentified106 KB (14,502 words) - 17:09, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9435807 (category Article 5(1)(a) GDPR)indicated in point 3.3 of this decision. 4.3. Safety measures applied to the storage of traffic data. The conduct ascertained in point 3.4 of this decision58 KB (9,448 words) - 15:50, 6 December 2023
- AKI (Estonia) - 2.1-3/20/172 (category Article 16 GDPR)Page 4 4 (7) On November 8, 2015, I filed a complaint with the Data Protection Inspectorate (AKI) and demanded that the AKI rapidly implement Article 5828 KB (4,711 words) - 10:30, 13 December 2023
- APD/GBA (Belgium) - 24/2021 (category Article 7(3) GDPR)especially: 1) Violation of article 4.11 GDPR read in conjunction with article 6.1 a) GDPR as well Articles 7.1 and 7.3 GDPR: the Inspection Service determines110 KB (18,238 words) - 16:56, 12 December 2023
- AZOP (Croatia) - Decision 17-05-2022 (redirect from AZOP (Croatia) - Usž-27/22-4) (category Article 6 GDPR)consent, in line with Article 6(1)(a) GDPR. The Court recalled that Article 31 of the Croatian Law on the Implementation of the GDPR stipulates that the15 KB (2,261 words) - 15:55, 30 October 2023
- AP (The Netherlands) - z2018-02009 (category Article 32 GDPR)(hereinafter: the GDPR) applies on 25 May 2018 become. The GDPR imposes the same obligation in Article 32, paragraph 1, as it applied under Article 13 6. The UWV33 KB (5,112 words) - 17:10, 12 December 2023
- Rb. Den Haag - C/09/581973/KG ZA 19/1024 (category Article 82 GDPR)pursuant to Article 12(3) of the AVG. If, as in this case, such a decision is taken by an administrative body, then, pursuant to Article 34 of the GDPR Implementing20 KB (3,086 words) - 16:15, 10 March 2022
- AEPD (Spain) - PS/00326/2020 (category Article 37(1)(a) GDPR)obligation imposed on public authorities under Article 37(1) GDPR. This obligation is also within Article 34(1) and (3) of the Spanish data protection law (LOPDGDD)14 KB (1,992 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00239/2022 (category Article 15 GDPR)of article 17 of the GDPR. X Classification of the infringement of article 17 of the GDPR The aforementioned infringement of article 17 of the GDPR supposes60 KB (9,630 words) - 12:34, 13 December 2023
- NAIH (Hungary) - NAIH/2020/2555 (category Article 4(1) GDPR)out in Article 12 (3) of the General Data Protection Regulation, the Debtor informed by electronic means on 7 March 2019, in accordance with Article 15 (1)33 KB (5,033 words) - 10:12, 17 November 2023
- AKI (Estonia) - 2.1.-3/19/4304 (category Article 15(3) GDPR)been destroyed. The individual complained before the DPA revoking Article 15(1) and (3) GDPR and the DPA to order the delivering of the requested information13 KB (2,032 words) - 10:30, 13 December 2023
- AEPD (Spain) - TD/00129/2020 (category Article 4(1) GDPR)recording is "processing" of "personal data" within the meaning of Article 4(1) and 4(2) GDPR. Therefore, the data subject has the right to request access to22 KB (3,422 words) - 14:50, 13 December 2023
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)in relation to proceedings under Article 78(1) of the GDPR. The Court notes that Article 58(4) and Article 78 of the GDPR give expression to the right to59 KB (8,242 words) - 10:47, 17 March 2021
- AEPD (Spain) - PS/00029/2020 (category Article 35(3)(b) GDPR)required by Article 35(3)(b). The AEPD also held that there had a been a violation of Article 32 because of a failure to comply with GDPR security measure44 KB (6,943 words) - 13:49, 13 December 2023
- VG Mainz - 1 K 584/19.MZ (category Article 9(1) GDPR)58(2)(d) GDPR the DPA was entitled to order the shutdown camera 2 during the opening hours of the shopping mall and to reposition cameras 3 and 4. Share58 KB (9,665 words) - 08:51, 25 November 2020
- Tietosuojavaltuutetun toimisto (Finland) - 7285/183/18 (category Article 5(1)(a) GDPR)fairness of processing (Article 5(1)(a) GDPR), data minimisation (Article 5(1)(c) GDPR), and data protection by default (Article 25(2) GDPR). The DPA suggested73 KB (11,237 words) - 05:34, 21 July 2022
- AEPD (Spain) - PS/00254/2019 (category Article 4(12) GDPR)infringement of Article 32.1 of the GDPR typified as a serious infringement in Article 73 f) of the LOPDGDD and in Article 83.4 of the GDPR. For its part39 KB (6,341 words) - 14:23, 13 December 2023
- LG München - 31 O 16606/20 (category Article 82(3) GDPR)subject pursuant to Article 82(1) GDPR, for a theft of their personal identity and financial data, because it violated Article 32(1) GDPR which led to a data25 KB (4,028 words) - 07:10, 8 February 2022
- APD/GBA (Belgium) - XX/2021 (category Article 60 GDPR)personal data under Article 17 GDPR. On 21 September 2021, the controller confirmed the deletion, as required by Article 12(3) and (4) GDPR. However, the complainant17 KB (2,189 words) - 12:34, 3 August 2022
- Datatilsynet (Norway) - 20/03293 (category Article 30 GDPR)Privacy Ordinance article 58 no. 2. 4.2 Requirements for treatment protocol Pursuant to Article 30 of the Privacy Regulation (and Article 24 of Directive18 KB (2,525 words) - 08:44, 11 July 2022
- BVwG - W214 2233132-1/27E (category Article 15 GDPR)2023 standard B-VG Art 133 Paragraph 4 DSG §24 DSG §4 GDPR Art 12 GDPR Art 15 GDPR Art 15 Paragraph 1 litc GDPR Art77 UWG §26b paragraph 1 B-VG Art. 13387 KB (14,194 words) - 10:07, 15 February 2024
- Garante per la protezione dei dati personali (Italy) - 9445180 (category Article 5(1)(a) GDPR)the processing continued until 4 June 2018 see also Article 5, paragraph 1, letter a), c) and e) of the Regulation). 3. Conclusions: unlawfulness of treatment34 KB (5,414 words) - 15:50, 6 December 2023
- AG Pankow - 4 C 199/21 (category Article 15 GDPR)according to Article 82 GDPR. The District Court rejected the claim of the data subject. It held that the controller did not violate Article 15(1) GDPR. It found17 KB (2,569 words) - 07:15, 17 May 2022
- APD/GBA (Belgium) - 63/2020 (category Article 12(4) GDPR)en hij deze zaak niet wenst verder te zetten. 2. Rechtsgrond Artikel 12.4 AVG 4. Wanneer de verwerkingsverantwoordelijke geen gevolg geeft aan het verzoek20 KB (2,982 words) - 17:00, 12 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 28(3) GDPR)submitted its observations, which, in accordance with Article 54(1)(b), (3) and (4), (4) and (4), (5) and (5), (5) and (5), (5) and (5), (5) and (6). 235 KB (5,526 words) - 16:56, 12 December 2023
- GHAL - 200.307.462 (category Article 10 GDPR)obliging Ziggo to send warning letters 3.3. The preliminary relief judge has explained in considerations 3.31 to 3.41 that the basis on which Ziggo is obliged28 KB (4,573 words) - 10:04, 14 December 2023
- APD/GBA (Belgium) - 48/2021 (category Article 5(1)(a) GDPR)(listed in Article 57 of the GDPR) including that of dealing with complaints (article 57.1.f) of the GDPR) as well as a number of powers (article 58 of the43 KB (6,670 words) - 16:58, 12 December 2023
- APD/GBA (Belgium) - 136/2023 (category Article 38(3) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)(definition) Article 4.1: Data subject (definition) Article 4.2: Processing (definition) Article 4.3: Restriction of processing (definition) Article 4.4: Profileing9 KB (1,168 words) - 15:30, 6 December 2023
- Gerechtshof Amsterdam - 200.280.852/01 (category Article 6(1)(e) GDPR) (section Was the introduction of Proctorio compliant with the GDPR?)complies with GDPR 3.3.1 CSR et al further argue that the use of Proctorio's software for online examinations does not meet the requirements of the GDPR. According53 KB (8,177 words) - 12:30, 4 October 2021
- NAIH (Hungary) - NAIH/2020/193/8 (category Article 12(3) GDPR)been deleted by the employer upon request pursuant to Article 16, Article 17 and Article 5(1)(d) GDPR (inaccuracy of personal data). Therefore, the employer58 KB (9,413 words) - 10:11, 17 November 2023
- Commissioner (Cyprus) - 11.17.001.010.007 (category Article 15(3) GDPR)intention to infringe either article 5(1)( c) or article 34(1) of the GDPR. Legal framework 8.1. Pursuant to Article 5(1)(c) of the GDPR “Personal Data shall be:20 KB (3,082 words) - 13:42, 31 January 2024
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 28(3)(a) GDPR)reviewe the security of the data processed by the processor under Article 28(3)(a) and (h) GDPR. For these reasons, the responsibility of the security incident50 KB (8,001 words) - 15:52, 6 December 2023
- GHAL - 200.254.914 (category Article 6(1)(f) GDPR)Applicable GDPR Provisions 4.4 In this case, the first question that arises is whether the listing of the search results is lawful. In this case, Article 6(1)(f)20 KB (2,722 words) - 10:04, 14 December 2023
- AEPD (Spain) - EXP202208230 (category Article 28(3) GDPR)violation of article 28.2 typified in Article 83.4 a) GDPR. SIXTY THOUSAND EUROS (€60,000) for alleged violation of article 28.3 typified in Article 83.4 a) GDPR45 KB (6,904 words) - 13:12, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/1111 (category Article 3(1) GDPR)ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of37 KB (5,919 words) - 08:54, 20 August 2021
- AEPD (Spain) - PS/00385/2020 (category Article 6(1)(a) GDPR)their privacy policy in line with Article 6(1)(a) GDPR within a month. The AEPD also held that URLs 1-4 breached Article 22(2) of the Law 34/2002 (LSSI)55 KB (8,967 words) - 14:33, 13 December 2023
- DPC (Ireland) - Meta Platforms Ireland Limited (Facebook) - IN-18-5-5 (category Article 4 GDPR)of Article 6(1)(b) GDPR, and to bring its processing into compliance with Article 6(1) GDPR. Furthermore, pursuant to Articles 58(2)(i) and 83 GDPR, and21 KB (3,005 words) - 14:16, 1 February 2023
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)processing of personal data within the meaning of Article 4 GDPR and is it justified on the basis of Article 6 GDPR? Can the controller raise the argument that73 KB (11,238 words) - 16:59, 12 December 2023
- AEPD (Spain) - PS/00251/2020 (category Article 37(1)(b) GDPR)company result in a breach of Article 37 GDPR? The Spanish DPA (AEPD) found that Conseguridad SL had violated Article 37(1)(b) GDPR by not having designated15 KB (2,245 words) - 14:22, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/1333 (category Article 32(4) GDPR)people affected and the level of damage the elves suffered (article 83.2.4 of the GDPR) 4.1.4. The Data Protection Authority should have taken into account51 KB (7,792 words) - 11:43, 24 January 2022
- APD/GBA (Belgium) - 15/2021 (category Article 15(3) GDPR)According to Article 15.3 GDPR, the data subject also has the right to obtaincopy of the personal data which is the object of the processing. Article 15.4 of the85 KB (13,724 words) - 16:52, 12 December 2023
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)person concerned. ” 4.3.1- As regards respect for the principles of minimization and finality (article 5.1.c. and article 5.1.b of the GDPR) 24. In its capacity45 KB (6,780 words) - 16:57, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8040/163/2019 (category Article 4(11) GDPR)and 5 (3) of Directive 2002/58, read in conjunction with Article 2 (h) of Directive 95/46 and Regulation 2016/679 4 Article 6 (11) and Article 6 (1) (a)29 KB (4,610 words) - 13:07, 3 March 2024
- ICO - FS50819531 (category Article 4(1) GDPR)personal data pursuant to Section 3(2) of the Data Protection Act (DPA) and Article 4(1) GDPR. Pursuant to the FOIA and the GDPR, the ICO balanced the right3 KB (212 words) - 16:21, 7 March 2022
- AEPD (Spain) - PS/00197/2020 (category Article 5(1)(b) GDPR)contract, as expressly follows from article 4.4 of RD 1164/2001, which develops the provisions to in article 52.3 of the LSE and to which it refers literally129 KB (21,793 words) - 14:09, 13 December 2023
- Persónuvernd (Island) - 2022020363 (category Article 28(3) GDPR)and thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing142 KB (22,881 words) - 12:42, 16 January 2024
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 5(1) GDPR)positions in the areas referred to in Article 3 of the Ministerial Decree of 7 May 2019 (number of years), area of interest. 3. Preliminary assessments of the57 KB (9,144 words) - 15:55, 6 December 2023
- Datatilsynet (Denmark) - 2019-431-0037 (category Article 28(1) GDPR)publicly available on the Internet. However, it follows from Article 28(1) GDPR and Article 28(3)(f) GDPR that the data processor (in this instance Kombit A/S)18 KB (2,710 words) - 16:34, 6 December 2023
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- Datatilsynet (Norway) - 20/01868 (category Article 5(1)(d) GDPR)of personal data, cf. Article 5, also to the processing of personal data pursuant to Article 16. This interpretation of Article 16 is based on, among others26 KB (4,150 words) - 16:14, 6 December 2023
- AP (The Netherlands) - 25.11.2021 (category Article 5(1)(a) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)provided for in Article 12.3 of the GDPR, nor informed the claimants of a possible reason for its inaction as required by article 12.4 of the GDPR. It also considers76 KB (11,147 words) - 16:58, 6 December 2023
- AEPD (Spain) - PS/00329/2020 (category Article 37 GDPR)issued under this article. " III Article 73 of the LOPDDG indicates: Violations considered serious "Based on what is established in article 83.4 of Regulation13 KB (2,002 words) - 14:29, 13 December 2023
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- Datatilsynet (Denmark) - 2019-431-0048 (category Article 28(3)(f) GDPR)reactivated according to plan. It follows from Article 28 (1) of the Data Protection Regulation Article 3 (3) (f) requires the data controller to assist the18 KB (2,633 words) - 16:36, 6 December 2023
- AEPD (Spain) - PS/00003/2020 (category Article 5(1)(c) GDPR)of public space respect Article 5 (1) (c) GDPR? The AEPD held that the installation of a video surveillance system under Article 22 LOPDGDD must always50 KB (7,524 words) - 13:44, 13 December 2023
- TGI Paris - N° 14/07224 (category Article 5(1)(d) GDPR)regarding - of article L.121-20-3 of the Consumer Code in its wording prior to the law of March 17, 2014 for all contracts, - of article R.132-1 / 4 ° & 5 ° of392 KB (67,730 words) - 15:27, 17 March 2022
- AEPD (Spain) - PS/00151/2020 (category Article 5(1)(c) GDPR)and 3rd floors. 3. Photographs of the exterior of the property and of the 4 cameras installed inside the east (entrance, 1st, 2nd and 3 floors). 4. Model28 KB (4,525 words) - 14:06, 13 December 2023
- Gerechtshof Amsterdam - 200.258.200/01 (category Article 6(1)(f) GDPR)of which ING suffered loss. 3.3 This decision and the grounds on which it was based are contested by [the appellant]. 3.4 The Court of Appeal will first16 KB (2,462 words) - 12:29, 4 October 2021
- APD/GBA (Belgium) - 154/2023 (category Article 5(1)(b) GDPR)principle (Article 5.1 b) GDPR) and the principle of minimum data processing (Article 5.1 c) GDPR). This follows from both provisions of the GDPR camera surveillance21 KB (3,034 words) - 15:30, 26 January 2024
- AEPD (Spain) - PS/00026/2021 (category Article 21 GDPR)processor, Vamavi Phone SL, had violated Article 48(1) LGT, Article 21 GDPR in link with Article 23 LOPDGDD and Article 28 GDPR by making a commercial call on behalf33 KB (5,185 words) - 13:48, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/1085 (category Article 52 GDPR)complainant, prima facie cannot be placed in one of the cases listed in Article 35.3 GDPR. This brief explanation will suffice: the Litigation Chamber may conduct30 KB (4,204 words) - 09:54, 14 December 2023
- APD/GBA (Belgium) - 75/2023 (category Article 12(3) GDPR)paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the77 KB (11,604 words) - 08:55, 29 June 2023
- Datatilsynet (Norway) - 18/02579 (category Article 5(1)(f) GDPR)subsequent violations of Article 32(1)(b) GDPR and Article 32(1)(d) GDPR and of the principle of accountability as foreseen in Article 5(2) GDPR read in conjunction41 KB (6,337 words) - 18:52, 5 March 2022
- Court of Appeal of Brussels - 2022/AR/556 (category Article 6(3) GDPR)reasons, article 780, 3° of the Judicial Code, article 149 of the Constitution and article 6 of the ECHR - the pleas not explicitly stated. 17.3.3. The Procurement83 KB (13,694 words) - 09:53, 14 December 2023
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 4 GDPR)accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently144 KB (23,155 words) - 15:46, 6 December 2023
- AEPD (Spain) - E/03884/2020 (category Article 4(1) GDPR)outside the material scope of the GDPR. Also, with regards to the definition of personal data from Article 4(1) GDPR, the DPA did not reach a firm conclusion56 KB (8,737 words) - 09:35, 26 May 2021
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- AEPD (Spain) - PS/00257/2020 (category Article 37 GDPR)handed down under this article." III Article 73 of the LOPDDG states Infringements considered serious: "In accordance with Article 83(4) of Regulation (EU)18 KB (2,737 words) - 14:23, 13 December 2023
- Supreme Court - C.20.0323.N (category Article 4(11) GDPR)minimisation under Article 5(1)(c) GDPR, and contrary to the obligation to obtain the freely given consent of the data subject under Article 6(1)(a) GDPR, when refusal43 KB (6,749 words) - 07:07, 28 October 2021
- APD/GBA (Belgium) - 51/2023 (category Article 5(1)(b) GDPR)obligation under Article 37(7) GDPR. The DPA ordered the controller to comply with his obligations under Article 13(1)(b) GDPR and Article 37(7) GDPR and to publish18 KB (2,611 words) - 12:45, 16 June 2023
- AEPD (Spain) - PS/00348/2020 (category Article 5(1)(a) GDPR)claimant’s signature constitute a breach under the GDPR? The AEPD held that Vodafone violated Article 6(1) GDPR, as they had processed the claimant’s data without38 KB (5,648 words) - 14:31, 13 December 2023
- AEPD (Spain) - PS/00322/2020 (category Article 83(4)(a) GDPR)sedeagpd.gob.es 4/12 3. Adherence to a code of conduct approved in accordance with article 40 or to a certification mechanism approved under article 42 may serve26 KB (3,840 words) - 14:28, 13 December 2023
- AKI (Estonia) - 2.1.-1/23/2891-5 (category Article 6(1)(a) GDPR)it was not possible to rely on Article 6(1)(a) GDPR. Secondly, the DPA recalled that, according to Article 6(1)(f) GDPR, processing of personal data on23 KB (3,657 words) - 11:23, 17 April 2024
- HDPA (Greece) - 2/2023 (category Article 4(7) GDPR)and 13 GDPR, he may exercise his powers article 58 par. 2 GDPR its corrective powers in combination with the resulting ones from article 4 par. 3 item d)31 KB (5,021 words) - 16:15, 18 July 2023
- Garante per la protezione dei dati personali (Italy) - 9861249 (category Article 5(1)(a) GDPR)should have applied Article 35 GDPR. In light of the above, the Italian DPA used its corrective powers under Article 58(2)(c) and 83 GDPR and fined the controller87 KB (14,104 words) - 15:45, 6 December 2023
- AEPD (Spain) - TD/00261/2020 (category Article 12 GDPR)articles 12.5 and 15.3 of Regulation (EU) 2016/679 and in the sections 3 and 4 of article 13 of this organic law. " FIFTH: Article 15 of the RGPD provides23 KB (3,523 words) - 14:46, 13 December 2023
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)within the meaning of Article 26 GDPR, as determined in section 2.3. 135. The legal provision on data protection by design, Article 25 GDPR, states expressly82 KB (12,100 words) - 17:01, 12 December 2023
- DSB (Austria) - 2020-0.191.240 (category Article 4(1) GDPR)follows The appeal is dismissed as unfounded. Legal basis: Article 51(1), Article 57(1)(f) and Article 77(1) of Regulation (EU) 2016/679 (the basic data protection66 KB (10,546 words) - 13:50, 12 May 2023
- APD/GBA (Belgium) - 72/2020 (category Article 7(3) GDPR)juncto 7.3 of the RGPD; - that it is not necessary to pronounce one of the measures provided for in Article 100, §1 of the ACL. Pursuant to Article 108, §34 KB (5,677 words) - 17:00, 12 December 2023
- CNPD (Luxembourg) - Délibération n°37FR/2021 (category Article 37(7) GDPR)Protection Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned26 KB (3,862 words) - 17:41, 25 June 2022
- HDPA (Greece) - 47/2022 (category Article 28(3) GDPR)data subject (Article 26 GDPR). The processing by the processor must, in accordance with the provisions of article 28 paragraph 3 of the GDPR, be governed25 KB (3,943 words) - 14:32, 28 September 2022
- AEPD (Spain) - PS/00187/2020 (category Article 5(1)(f) GDPR)relation to the article 5.1.f) of the RGPD, typified in article 83.4.a) of the RGPD with sanction of awareness. 3. Violation of article 34 of the RGPD in51 KB (7,770 words) - 14:08, 13 December 2023
- Gerechtshof Amsterdam - 200.258.736/01 (category Article 15 GDPR)purport of the Wbp (old). 3.3 Against this decision [appellants] come up with fifteen grievances. ABN AMRO contested the grievances. 3.4 Grounds 1 and 9 up to41 KB (7,150 words) - 12:30, 4 October 2021
- Datatilsynet (Denmark) - 2019-421-0028 (category Article 12(3) GDPR)ruled that the one-month deadline was not respected and thus that, Article 12(3) GDPR was infringed. Share your comments here! Share blogs or news articles17 KB (2,639 words) - 16:27, 6 December 2023
- Persónuvernd (Iceland) - 2020061954 (category Article 28(3) GDPR)Point 6 of Article 3 Act no. 90/2018 and item 7 of Article 4. of Regulation (EU) 2016/679, cf. and the first and second paragraphs. Article 4 Epidemiology88 KB (14,189 words) - 09:58, 7 December 2021
- AEPD (Spain) - PS/00280/2022 (category Article 28(3) GDPR)subjects and the obligations and rights of the controller'), as per Article 28(3) GDPR, was lacking. Additionally, the DPA highlighted that such contract30 KB (4,551 words) - 11:51, 9 February 2023
- Datatilsynet (Norway) - 20/04401 (category Article 6(1) GDPR)implications. 5.3. Relevant practice related to the Personal Data Regulations § 4-3 - «factual need» According to the Personal Data Regulations § 4-3, credit assessment40 KB (5,988 words) - 19:04, 5 March 2022
- Tribunal da Relação de Coimbra - 4354/19.7T8CBR-A.C2 (category Article 4(1) GDPR)missions, applying all the exclusions provided for in article 2 of the GDPR. ”, Resulting from its article 3 under the heading“ National control authority ”that“The30 KB (4,858 words) - 09:58, 6 October 2021
- AEPD (Spain) - PS/00315/2020 (category Article 28(3)(g) GDPR)CIF A76539030, for a violation of article 28.3.g) of the RGPD, in accordance with article 83.4 b) of the RGPD, and article 74.k) of the LOPDGDD, with the62 KB (10,401 words) - 14:35, 21 November 2023
- Court of Appeal of Brussels - 2021/AR/205 (category Article 6 GDPR)processing plea 6: the right to object - Article 21(1) AVG plea 7: Article 12(3) TFEU - no infringement plea 8: Article 20 AVG-Right of transfer-the warning-not92 KB (14,873 words) - 09:03, 20 August 2021
- OLG Linz - 6R49/19x (category Article 4(2) GDPR)pursuant to Article 82(4) and Recital 146 sent. 7. However, joint and several liability presupposes that the conditions of paragraphs 2 and 3 are fulfilled33 KB (5,113 words) - 09:50, 14 December 2023
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 28(3) GDPR)by the GDPR, on the other, Article 28, paragraph 3 of the GDPR does not provide any indication regarding the obligation to conclude a deed of appointment49 KB (7,758 words) - 15:44, 6 December 2023
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)or more exceptions from those contained in art. 3. 4 GDPR. In this sense, those provided for in art. 34.3 a) and b). C / Jorge Juan, 6 www.aepd.es 28001100 KB (16,401 words) - 14:07, 13 December 2023
- data in the deeds, based on Article 40(2)(c) of the Dutch Civil-law notaries act (Wet op het notarisambt) and Article 18(1)(3) of the Land registry act (Kadasterwet);16 KB (2,099 words) - 12:30, 4 October 2021
- NAIH (Hungary) - NAIH/2020/974/4 (category Article 5(1)(a) GDPR)Data Protection Regulation5. Article 5 (1) (a), Article 5 (2) and Article 13 Article 1 (1) to (2). III.3. JogkövetkezményekIII.3.1. The Authority is responsible67 KB (10,815 words) - 10:11, 17 November 2023
- Persónuvernd - 2020051604 (category Article 4(1) GDPR)in the public interest, cf. Item 5 Article 9 Act no. 90/2018 and paragraph 3 e. Article 6 Regulation (EU) 2016/679. 3. Conclusion Privacy protects that13 KB (1,930 words) - 09:33, 13 May 2022
- Datatilsynet (Norway) - 20/02274 (category Article 5(1)(a) GDPR)fundamental principles of the GDPR, notably Article 5(1)(a) and (e) GDPR. The DPA found violations of various provisions of the GDPR. It held that the controller47 KB (7,661 words) - 18:54, 5 March 2022
- CE - N° 428451 (category Article 9(3) GDPR)Code of Administrative Justice. Article 3: The surplus of the conclusions of the request is rejected. Article 4: This decision will be notified to the National35 KB (5,153 words) - 16:29, 20 May 2021
- Datatilsynet (Norway) - 20/01626 (category Article 5(1)(a) GDPR)minimization in Article 5, paragraph 1, letter c. 4.2. Security of personal data processing - Article 5 (1) (f) and Article 32 10 As stated in paragraph 3, Article50 KB (8,081 words) - 18:52, 5 March 2022
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement27 KB (4,363 words) - 16:56, 12 December 2023
- AEPD (Spain) - EXP202201247 (category Article 4(11) GDPR)violation of article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 3/6 FIFTH: The17 KB (2,350 words) - 13:17, 13 December 2023
- AEPD (Spain) - PS/00051/2020 (category Article 7(3) GDPR)withdrawal of consent under Article 7(3) GDPR. The Authority also considers the existence of a deletion request under Article 17 GDPR. The AEPD concludes that31 KB (4,853 words) - 13:52, 13 December 2023
- Rb. Rotterdam - ROT 20/3286 (category Article 82(1) GDPR)which article of the GDPR was violated. However, considering the plaintiff made a request for the removal of her data, it is likely that Article 17 GDPR12 KB (1,685 words) - 13:08, 28 July 2021
- Garante per la protezione dei dati personali (Italy) - 9440075 (category Article 6(3) GDPR)art. 5 and 6 of the GDPR? The DPA held that Regione Campania violated art 5(1)(a)(c), art. 6(1)(c)(e), art. 6(2) and art. 6(3)(b) GDPR, and concluded that27 KB (4,339 words) - 15:50, 6 December 2023
- GHAL - 200.186.790/01 (category Article 6(1)(b) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- AEPD (Spain) - PS/00430/2020 (category Article 4(11) GDPR)his/her consent. The DPA first outlined Article 6(1)(a) and (b) GDPR, Articles 4(11) GDPR on consent, as well as Article 6 of the Spanish Data Protection Law31 KB (4,738 words) - 14:39, 13 December 2023
- BAC (Bulgaria) - 2606/2021 (category Article 4(12) GDPR)controller, under Article 24 and 32 of the GDPR, which led to a breach of the security of personal data under Article 4(12) of the GDPR, and no proof that13 KB (1,761 words) - 09:58, 14 December 2023
- AEPD (Spain) - PS/00368/2020 (category Article 21 GDPR)company, Iberdrola Clientes, S.A.U for infringing Article 21 GDPR, Article 48(1)(b) LGT, and Article 23(4) LOPDGDD. The initial proposed fine was €10000 however21 KB (3,137 words) - 14:33, 13 December 2023
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)(articles 12 and 14 of the GDPR); A breach of his right of access (article 15 of the GDPR); A breach of Article 28 of the GDPR with regard to its status72 KB (11,389 words) - 08:59, 20 August 2021
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)resume. 3 The Marktenhof states in point 4.7. of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d)79 KB (12,260 words) - 17:00, 12 December 2023
- APD/GBA (Belgium) - 42/2022 (category Article 6(1)(f) GDPR)policy of the Disputes Chamber. 4 Cf. criterion A.5. in the dismissal policy of the Disputes Chamber. 5 Article 15.3 GDPR: “The right to obtain a copy referred13 KB (1,908 words) - 08:54, 29 June 2023
- AEPD (Spain) - PS/00148/2019 (category Article 6 GDPR)minutes 3:11:51 and 3:11:57; The video (2) NUM001, between minutes 3:12:06 and 3:12:28; The video (3) NUM002, between the minutes 3:12:54 and 3:13:04; The48 KB (7,550 words) - 14:05, 13 December 2023
- AEPD (Spain) - PS/00104/2020 (category Article 5(1)(f) GDPR)specified in article 32 GDPR (security of processing). In determining the amount of the fine, certain aggravating factors of article 83 GDPR were considered36 KB (6,022 words) - 13:59, 13 December 2023
- Datatilsynet (Norway) - 20/02225 (category Article 5(2) GDPR)supplementary national legal basis, cf. the Privacy Ordinance Article 6 (1) (e) and Article 6 (3).4 Our assessment is that Aquateknikk neither performs a task45 KB (7,286 words) - 18:55, 5 March 2022
- APD/GBA (Belgium) - 73/2020 (category Article 5 GDPR)plain. The word "concise" in Article 12(1) GDPR, however, does not mean incomplete, all mandatory information from Article 13 GDPR must still be included. The93 KB (14,040 words) - 17:00, 12 December 2023
- HDPA (Greece) - 9/2024 (category Article 5(1)(a) GDPR)and the GDPR, in particular with regard to the competence, tasks and powers of data protection authorities ). 4. In article 4 par. 7 of the GDPR, a data102 KB (17,186 words) - 13:46, 26 April 2024
- Datatilsynet (Norway) - 20/01865 (category Article 4(1) GDPR)under Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet19 KB (2,942 words) - 09:03, 14 September 2023
- AEPD (Spain) - EXP202203956 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned start-up52 KB (8,323 words) - 13:17, 13 December 2023
- LAG Baden-Württemberg - Sa 11/18 (category Article 15 GDPR)information pursuant to Article 15 (1) of the GDPR relates to "personal data relating to an individual" pursuant to Article 4 No. 1 of the GDPR. In addition, the18 KB (2,724 words) - 08:24, 14 March 2022
- AEPD (Spain) - EXP202104006 (category Article 4(12) GDPR)ends and means of such activity, by virtue of article 4.7 of the GDPR. Article 4 section 12 of the GDPR broadly defines “violations of security of personal31 KB (4,578 words) - 12:11, 6 March 2024
- DSB (Austria) - D123.768/0004-DSB/2019 (category Article 4(4) GDPR)CFR Art8 para 11 CFR Art11 para 1 ECHR Art10 para 1 GDPR Art4 no 2 GDPR Art4 no 7 GDPR Art85 para 1 GDPR Art85 para 2 Text GZ: DSB-D123.768/0004-DSB/201929 KB (4,637 words) - 13:57, 12 May 2023