Search results
From GDPRhub
- such as profiling (see also Article 4(4) GDPR); Restriction (marking for limited further processing, see also Article 4(3) GDPR), such as deactivation of125 KB (16,328 words) - 16:01, 8 March 2024
- Article 32 GDPR (category GDPR Articles) (section (4) Natural persons acting under the authority of the controller or the processor)evaluating the effectiveness of security measures (Article 32(1)(d) GDPR). According to Article 4(5) GDPR, "pseudonymisation" means the processing of personal41 KB (5,197 words) - 12:17, 17 April 2024
- Article 89 GDPR (category Article 89 GDPR) (section (4) Derogations do not Extend to Other Purposes that Require the Same Processing)that purpose. Article 89(4) GDPR makes it clear that the derogations to the GDPR are only available for processing specified in Article 89 GDPR, and not for29 KB (3,695 words) - 13:44, 21 March 2024
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- IP - 07120-1/2020/25 (category Article 4(5) GDPR)particularly emphasizes the inadequacy of the provisions of Article 4, paragraphs 1 and 2 and Article 5, paragraphs 1 and 2 of the Arrangement, since, as stated24 KB (3,577 words) - 15:31, 14 April 2021
- Article 5 GDPR (category GDPR Articles)consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))rights under the GDPR, when relevant information is provided. Article 13 GDPR embodies the principle of transparency in Article 5(1)(a) GDPR, outlining the71 KB (9,532 words) - 13:30, 6 March 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)listed in Article 83(4), (5) and (6) GDPR. This specifically refers to violations of Articles 8, 11, 25 to 39, 41(4), 42, 43 of the GDPR (paragraph 4), Articles55 KB (7,622 words) - 14:04, 7 November 2023
- CNIL (France) - Google Analytics (no case number) (category Article 4(7) GDPR)be personal data per Article 4 GDPR. The CNIL then assessed whether the transfers of the data to the US comply with Article 44 GDPR. It considered whether40 KB (5,904 words) - 16:51, 24 February 2022
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))a "filing system" within the meaning of Article 4(6) GDPR. See also Article 2(1) GDPR on the scope of the GDPR when it comes to non-automated filing systems73 KB (9,896 words) - 15:46, 18 March 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))subject (Article 12(2) GDPR), respond and communicate the measures taken (Article 12(3) and (4) GDPR), the principle of freedom from costs (Article 12(5) GDPR)61 KB (8,488 words) - 15:47, 18 March 2024
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- Article 25 GDPR (category GDPR Articles)Protection Regulation (GDPR): A Commentary, Article 25 GDPR, p. 577 (Oxford University Press 2020). EDPB, 'Guidelines 4/2019 on Article 25 Data Protection43 KB (4,675 words) - 06:43, 16 June 2023
- accountability in Article 5(2) GDPR, paragraph (2) specifies further requirements in the general principle of transparency under Article 5(1)(a) GDPR, paragraph31 KB (3,489 words) - 16:00, 8 March 2024
- meaning of Article 4(7) and (8) GDPR can be liable for compensation. A claim for damages first requires an infringement of the GDPR. Article 82 GDPR does not33 KB (4,215 words) - 09:57, 19 March 2024
- can carry out a notification in phases under Article 33(4) GDPR (see below). Under Article 33(3)(b) GDPR, the supervisory authority must be given the contact54 KB (6,536 words) - 08:22, 16 June 2023
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 60 GDPR (category GDPR Articles) (section (4) Objection by supervisory authority concerned (CSA) and procedure where it is not followed)resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- GDPR are Article 4(7) GDPR (definition of controller), Article 4(8) GDPR (definition of processor), Article 4(16) GDPR (definition of main establishment)55 KB (7,446 words) - 22:28, 1 April 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 30 GDPR (category GDPR Articles) (section (4) Provision of the ROPA to supervisory authority)requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number 20 (C.H. Beck29 KB (2,951 words) - 14:19, 25 July 2023
- Article 37 GDPR (category GDPR Articles) (section (4) Other circumstances in which to designate a data protection officer)categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- BDSG, Article 36 GDPR, margin number 5 (C.H. Beck 2020, 3rd Edition). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 36 GDPR, margin number 5 (C.H. Beck31 KB (3,646 words) - 08:51, 21 July 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- Article 61 GDPR (category Article 61 GDPR) (section (4) Conditions for a refusal to comply with an assistance request)standards of clarity (Article 61(3) GDPR). Requests are imperative and, subject to specific exceptions (Article 61(4) and (5) GDPR), must be fulfilled and24 KB (2,181 words) - 11:46, 15 January 2024
- Article 65 GDPR (category GDPR Articles) (section (4) Supervisory authorities (SAs) prohibited to adopt any measure during the procedure)lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- 64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- Article 42 GDPR (category GDPR Articles) (section (3-4) Certification as a voluntary act that does not reduce compliance obligations)(Articles 42(7) GDPR, 43(5), and 58(2)(h) GDPR). According to the EDPB, where a DPA is to conduct certification pursuant to Article 42(5) GDPR, it will have27 KB (2,452 words) - 14:26, 28 July 2023
- with the support of the EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph43 KB (5,641 words) - 14:58, 28 April 2022
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- powers of the ICO (which are listed in Article 58 GDPR) to certain safeguards, which are listed in Section 115(5)-(9) of the Act. For instance, Section18 KB (2,488 words) - 15:22, 14 December 2021
- Member State in relation to damage referred to in Article 62(4) GDPR. According to Article 62(7) GDPR, if the lead SA does not invite the SA to take part22 KB (1,915 words) - 13:46, 15 January 2024
- burdens. This reading of Article 31 GDPR is supported by the language of Article 83(4)(a) GDPR which categorises Article 31 GDPR as an 'obligation' of the22 KB (2,042 words) - 14:29, 20 November 2023
- Article 16 GDPR (category GDPR Articles)However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article23 KB (2,489 words) - 23:24, 6 March 2024
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- to in Article 42(5) and approved by the supervisory authority which is competent pursuant to Article 55 or 56 or by the Board pursuant to Article 63; (c)22 KB (1,634 words) - 14:40, 28 July 2023
- leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A19 KB (1,525 words) - 08:18, 19 October 2023
- Article 78 GDPR (category GDPR Articles) (section (4) Information on preceding EDPB opinion or decision)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- refusal to take action on a data subject’s request (Article 12(4)). The first sentence of Article 20(3) GDPR clarifies that the exercise of the right to data40 KB (5,349 words) - 07:05, 1 June 2023
- further discussed, in Article 4(1) GDPR. Any information that relates to an identified or identifiable natural person falls under the GDPR, this also includes34 KB (4,652 words) - 12:07, 12 November 2023
- right to data protection. Article 51 GDPR is closely connected to Article 4(21) (definition of SA), Article 52 (independence), Article 53 (General conditions27 KB (2,604 words) - 14:24, 16 January 2024
- Article 88 GDPR (category Article 88 GDPR)opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 49 GDPR (category GDPR Articles) (section (5) Limitation of Transfers Based on Important Reasons of Public Interest)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)(3) GDPR), inform him or her about the measures taken (Article 12(3) and (4) GDPR), the right to receive this service free of charge (Article 12(5) GDPR)32 KB (3,730 words) - 08:43, 7 March 2024
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)controller (as defined under Article 4(7) GDPR) and a processor (as defined under Article 4(8) GDPR). As noted above, Article 79 GDPR imposes a two-stage cumulative31 KB (3,550 words) - 11:11, 29 November 2023
- meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Article 72 GDPR (category Article 72 GDPR)from the fact that, according to Article 68(3) GDPR, the Commission is not a member of the EDPB. Secondly, Article 68(5) GDPR explicitly states that the Commission22 KB (2,266 words) - 08:26, 17 October 2023
- Article 19 GDPR (category GDPR Articles)disclosed to per Article 4(9) GDPR. Article 19 does not establish any specific time requirement for notification. However, since the purpose of Article 19 is to19 KB (1,436 words) - 12:35, 12 May 2023
- DS-GVO BDSG, Article 53 GDPR, margin number 5 (C.H. Beck 2020, 3rd Edition). Polenz, in Simitis, Hornung, Spiecker, Datenschutzrecht, Article 53 GDPR, margin29 KB (2,894 words) - 23:06, 1 April 2024
- Article 73 GDPR (category Article 73 GDPR)simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- Article 97 GDPR (category Article 97 GDPR)recitals for Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out16 KB (778 words) - 08:24, 19 October 2023
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Article 69 GDPR (category Article 69 GDPR)DS-GVO BDSG, Article 69 GDPR, margin number 4 (C.H. Beck 2020, 3rd edition). Dix in Kühling, Buchner, DS-GVO BDSG, Article 69 GDPR, margin number 5 (C.H. Beck18 KB (1,327 words) - 12:36, 14 December 2023
- Article 22 GDPR (category GDPR Articles) (section (4) Qualified prohibition of using special categories of data)and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- Article 8 GDPR (category GDPR Articles)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- Datenschutzrecht, Article 80 GDPR, margin number 5 (C.H. Beck 2019); Bergt in Kühling, Buchner, DS-GVO BDSG, Article 80 GDPR, margin number 4 (C.H. Beck 202026 KB (2,575 words) - 15:50, 9 November 2023
- 62(7) GDPR, the reference to the EDPB is mandatory. The authority addressed under Article 66(1)-(2) GDPR is the CSA within the meaning of Article 4(22) GDPR20 KB (1,590 words) - 16:11, 2 November 2023
- Article 59 GDPR (category GDPR Articles)Marsch, DS-GVO/BDSG, Article 59 GDPR, margin numbers 4 and 5 (Nomos 2022). Ziebarth, in Sydow, Marsch, DS-GVO/BDSG, Article 59 GDPR, margin number 8 (Nomos15 KB (718 words) - 15:31, 19 October 2023
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- Article 55 GDPR (category GDPR Articles)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 76 GDPR (category Article 76 GDPR)No 1049/2001. More specific provisions include Articles 64(5)(b), 65(5), 70(3) and 70(4) GDPR, which regulate the publication of opinions and resolutions15 KB (787 words) - 08:17, 19 October 2023
- Article 47 GDPR (category GDPR Articles)other DPAs concerned. The BCR Lead the submits, following Article 64(1) GDPR and Article 64(4) GDPR, a draft decision to the EDPB. The EDPB, in turn, issues29 KB (2,823 words) - 15:15, 28 April 2022
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 67 GDPR (category Article 67 GDPR)Category:Article 67 GDPR See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available here). See EDPB, 2019 Annual Report, Section 4.3.1 (available15 KB (810 words) - 16:13, 2 November 2023
- Article 54 GDPR (category GDPR Articles)provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)limited to, security of processing (Article 32(1) GDPR) and the general principles of processing set out in Article 5 GDPR. In confirming the above interpretation20 KB (1,854 words) - 16:32, 8 March 2024
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- Article 1 GDPR (category GDPR Articles)about the scope of the term 'personal data' under Article 4(1) GDPR. Non-EU citizens can rely on the GDPR as its application is generally independent of nationality28 KB (3,831 words) - 16:21, 14 March 2024
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 74 GDPR (category Article 74 GDPR)Articles 64(5), 65(5), 64(7) and 64(8) GDPR. Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 74 GDPR, p. 1099 (Oxford15 KB (808 words) - 09:44, 17 October 2023
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- organisation-fined-for-gdpr-rule-breach-1.4255692?mode=amp https://www.irishlegal.com/article/tusla-fined-40-000-in-second-gdpr-breach https://www.dataprotection8 KB (1,034 words) - 14:13, 20 August 2021
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)Hague October 4, 2022, ECLI:NL:GHDHA:2022:2100, para. 3.1-3.13. 4 Conclusion 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Exhibit 4 to the introductory103 KB (17,620 words) - 10:13, 29 November 2023
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- in Category:Article 3 GDPR EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 4 (available here)37 KB (4,635 words) - 13:29, 24 October 2023
- institution's equivalent to GDPR (Recital 5 Regulation 2018/1725), meaning that the two regulations should be applied in parallel (Recital 4 Regulation 2018/1725)5 KB (607 words) - 10:41, 5 May 2024
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Article 26 GDPR (category GDPR Articles)protection principles (Article 5), determination of the legal basis for processing (Article 6), implementation of security measures (Article 32), notification37 KB (3,915 words) - 12:49, 24 May 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)protection law as enshrined in Article 5 GDPR must be complied with, and that the rights of the data subjects as found in the GDPR must also be available under25 KB (2,482 words) - 10:04, 19 March 2024
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- in force for more than 4 years after the GDPR’s entrance into force. Responding to requests regarding the applicability of the GDPR in Slovenia, the IP issued10 KB (1,242 words) - 10:51, 6 February 2024
- Article 90 GDPR (category Article 90 GDPR)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- to § 14(1)(1)(6) BDSG the BfDI is responsible for complaints under Article 77 GDPR. The BfDI has to inform the complainant about the ongoing procedure3 KB (297 words) - 14:49, 1 December 2020
- Garante per la protezione dei dati personali (Italy) (section Complaints Procedure under Art 77 GDPR)Garante. For example, Article 3 reiterates the general principles of fairness and transparency of the proceeding before the DPA. Article 12 ensures a right7 KB (808 words) - 08:17, 16 February 2023
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- Garante per la protezione dei dati personali (Italy) - 9921184 (category Article 5(2) GDPR)technique [Article 5(1)(f) GDPR]; b) apply the principles of data minimization [Article 5(1)(c) GDPR], purpose limitation [Article 5(1)(b) GDPR] and storage167 KB (26,302 words) - 08:34, 30 August 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(1)(c) GDPR)Protection Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and48 KB (7,442 words) - 10:24, 12 September 2022
- GDPRhub style guide (section GDPR)in the Member States. Example: Article 6(1)(a) GDPR Example: Not Art. 6 Abs 1 Lit a GDPR or Article 6 GDPR or GDPR Article 6, Sec 1(a) Recitals are also17 KB (2,510 words) - 13:56, 24 April 2023
- was Ley Orgánica 5/1992, de 29 de octubre, de regulación del tratamiento automatizado de los datos de carácter personal (Organic Law 5/1992 of 29 October15 KB (1,875 words) - 16:18, 13 July 2022
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(1)(a) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- exemption is based on Article 85(2) GDPR. According to Article 26(3) of the 2018 Act, certain GDPR provisions (listed in Article 26(9)) will not apply14 KB (2,011 words) - 15:42, 25 November 2020
- Recitals GDPR (section Recitals from the GDPR)monitor the functioning of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC. In its adequacy decisions, the Commission182 KB (24,065 words) - 13:40, 9 July 2021
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the113 KB (12,773 words) - 15:20, 6 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 35(1) GDPR)regulation[1] article 5, subsection 2, cf. Article 5, subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1117 KB (18,075 words) - 10:19, 12 September 2022
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)minimisation obligation pursuant to Article 5 of the GDPR and the data protection obligations pursuant to Article 25 of the GDPR. The Federal Administrative Court51 KB (8,592 words) - 07:03, 2 November 2021
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further49 KB (7,800 words) - 09:22, 5 January 2024
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 4 GDPR)Meta IE of the principle of fairness under Article 5(1)(a) GDPR, meets the requirements of Article 4(24) GDPR. 489. The EDPB instructs the IE SA to find53 KB (8,413 words) - 14:10, 30 January 2023
- BVwG - W258 2217446-1 (category Article 4(1) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO, ordered79 KB (12,652 words) - 09:41, 10 September 2021
- Norges Høyesterett - 2021-2403-A (category Article 4(11) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)infringements of Article 5.1.c) and Article 6.1 AVG. In particular, the Disputes Chamber found that relevant that: - the infringed Article 5.1.c) AVG contains60 KB (9,144 words) - 16:17, 22 March 2022
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the AEPD602 KB (102,229 words) - 14:21, 13 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)of personal data of data subjects guaranteed by Article 44 GDPR and consequently breached Article 44 GDPR. The DPA issued a fine of 300,000 SEK (approx.121 KB (13,722 words) - 15:16, 5 July 2023
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)................................5 1.3.4 Categories of persons affected by the processing......................5 1.3.5 When the code for the Tool is executed115 KB (12,842 words) - 08:38, 5 July 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)................................5 1.3.4 Categories of persons affected by the processing......................5 1.3.5 When the code for the Tool is executed131 KB (14,752 words) - 08:36, 5 July 2023
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 4(11) GDPR)categories of personal data, cf. GDPR article 9 no. 1, cf. article 4 no. 15. The medical list disputes this. Article 4 (15) reads as follows: "For the purposes144 KB (23,058 words) - 18:48, 5 March 2022
- CJEU - C‑340/21 - Natsionalna agentsia za prihodite (category Article 5 GDPR)under Article 32 GDPR? 4) Does Article 82(3) GDPR allow the controller to be exempt from liability for damages if the data breach as defined by 4(12) GDPR13 KB (1,963 words) - 11:04, 5 January 2024
- BlnBDI (Berlin) - C-807/21 - Deutsche Wohnen (category Article 83 GDPR)necessary. For the intentional infringement of Article 25(1) GDPR and Article 5(1)(a), (c), and (e) GDPR, the authority imposed a pecuniary penalty of €147 KB (936 words) - 16:39, 12 December 2023
- CJEU - Joined Cases C‑26/22 and C‑64/22 - SCHUFA (category Article 6(1) GDPR)interests under Article 6(1)(f) GDPR. On the erasure obligations under Article 17 GDPR, the CJEU held that under Article 17(1)(d) GDPR SCHUFA will be under15 KB (2,180 words) - 08:23, 13 December 2023
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(a) GDPR)Appeals Board assessed if a fine could be imposed as per Article 83(5) GDPR, cf. Article 83(2) GDPR, and in which case, how large it should be. The Board31 KB (5,018 words) - 18:44, 5 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)obligation of the controller (Article 6 (1) (c)) or to perform a public interest task or exercise public authority paragraph (e)). Article 6 (3) of the Data Protection41 KB (6,555 words) - 08:37, 4 March 2024
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- defendant within the meaning of Article 4 of the GDPR. The defendant is therefore a controller within the meaning of Art. 4 No. 7 GDPR. b. 44 The Senate is convinced51 KB (8,215 words) - 09:55, 13 May 2022
- CJEU - C‑307/22 - Copies of Medical Records (category Article 12(5) GDPR)reading first sentence of Article 15(3), in conjunction with Article 12(5) of the GDPR under Article 23(1)(i) GDPR. (judgment of 4 May 2023, Österreichische10 KB (1,478 words) - 11:17, 2 November 2023
- APD/GBA (Belgium) - 85/2022 (category Article 4(11) GDPR)(potential violation of Articles4.11, 6.1 a) and 7.1 GDPR): ▪ The GDPR requires a “statement or unequivocal active act” (Article 4.11 GDPR), which means that all171 KB (24,826 words) - 15:55, 18 June 2022
- APD/GBA (Belgium) - 26/2021 (category Article 6 GDPR)Decision 26/2021 - 4/4 This interim decision can be appealed within 30 days of its notification registered with the Marktenhof (article 108, § 1, of the8 KB (1,156 words) - 16:56, 12 December 2023
- LG Köln - 33 O 376/22 (category Article 6(1)(b) GDPR)protection within the meaning of Article 45 of the GDPR and without appropriate safeguards within the meaning of Article 46 of the GDPR. Furthermore, the plaintiff66 KB (9,990 words) - 12:30, 29 January 2024
- Expression. It is unsure if the GDPR is compatible to the constitutional protection. The stance of the Swedish government is that Article 85 and 86 allows the constitutional7 KB (793 words) - 14:08, 1 October 2021
- Tietosuojavaltuutetun toimisto (Finland) - 4680/182/18 (category Article 9 GDPR)according to Article 9(2)(a) GDPR. On the basis of the information gathered, the DPA held that the controller had violated Article 9 GDPR. As a result49 KB (7,496 words) - 14:44, 24 January 2024
- GDPR, Article 9 GDPR, Article 10 GDPR, Article 30 GDPR and Article 34 GDPR, as well as the provision of the PDPA governing processing of personal data10 KB (1,440 words) - 08:54, 17 January 2020
- the age of consent under GDPR is kept, namely 16 (art. 8.1 GDPR). See Article 7 of the national implementing law. See Article 5 of the national implementing16 KB (2,260 words) - 19:26, 30 November 2021
- HDPA (Greece) - 4/2020 (category Article 5(2) GDPR)parent's request, thus violating Article 15(1) and (4) GDPR as well as the principle of accountability pursuant to Article 5(2) GDPR. The complainant requested18 KB (2,865 words) - 15:33, 6 December 2023
- compliance with the principles of Article 5 GDPR and that they could be based on the legal basis of Article 6(1)(f) GDPR. The BVwG ruled that the principle8 KB (987 words) - 10:01, 12 May 2022
- APD/GBA (Belgium) - 01/2021 (category Article 60 GDPR)various GDPR violations (including the principles of legality, transparency and fairness, minimisation and security among others). In total, 4 complaints19 KB (2,707 words) - 16:50, 12 December 2023
- HDPA (Greece) - 48/2021 (category Article 4(11) GDPR)provisions Article 4.11: Consent (definition) Article 4.12: Violation of personal data (definition) Article 5.2: Principle of accountability Article 6.1.a:8 KB (1,028 words) - 12:49, 24 November 2021
- HDPA (Greece) - 31/2020 (category Article 4(1) GDPR)DPA held that a CCTV system shall be handled as subject to Article 4(1) and Article 4(2) of GDPR Regulation. That judgment does not mean that any CCTV surveillance6 KB (719 words) - 15:36, 6 December 2023
- AEPD (Spain) - EXP202100764 (category Article 5(1)(f) GDPR)alleged violation of Article 5.1.f) of the RGPD and Article 32 of the RGPD, typified in Article 83.4 of the RGPD and Article 83.5 of the RGPD. The initiation34 KB (5,184 words) - 13:22, 13 December 2023
- CJEU - C-175/20 - SIA ‘SS’ (Opinion of AG Bobek) (category Article 4(1) GDPR)specialized website. AG Bobek is also of the opinion that Article 6(1)(c) GDPR and Article 6(3) GDPR do not preclude national rules from laying down, without8 KB (1,081 words) - 13:13, 1 June 2023
- Rb. Rotterdam - C/10/576091/HA RK 19-701 (category Article 15(3) GDPR)the documents or files containing their personal data under Article 15(3) GDPR and Article 12 of the ePrivacy Directive. However, there is a right to a14 KB (2,154 words) - 16:27, 10 March 2022
- HDPA (Greece) - 33/2020 (category Article 4(7) GDPR)presenting the principles of data processing of Article 5(1) GDPR, underlined that, based on Article 5(2) GDPR, it is the data processor's responsibility to20 KB (2,270 words) - 15:37, 6 December 2023
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)violating Article 5(1)(c) and Article 5(1)(e) GDPR. The DPA of Berlin fined Deutsche Wohnen SE for violating Article 5(1)(c) and Article 5(1)(e) GDPR, because36 KB (5,810 words) - 13:09, 21 January 2022
- HDPA (Greece) - 23/2020 (category Article 4(1) GDPR)principle of proportionality (Article 8(1) CFR, Article 9A Greek Constitution, Recital 64 GDPR), underlined that the GDPR totally respects all fundamental9 KB (1,089 words) - 15:35, 6 December 2023
- BVwG - W211 2210458-1/10 (category Article 4(7) GDPR)for in Article 13, paragraph 5 of the DSG and Article 50d, paragraph 1 of the DSG 2000 violates Article 13, paragraph 5 in conjunction with Article 62, paragraph92 KB (15,435 words) - 16:00, 22 March 2022
- HDPA (Greece) - 30/2020 (category Article 4(1) GDPR)processor's accountability under Article 5(2) GDPR? Did the data processor under question violate Article 5(1) and 5(2) GDPR? Does the existence of a basis20 KB (2,519 words) - 15:36, 6 December 2023
- the data subject's consent in Article 4(11), and the basic principle of legality, reasonableness and transparency in Article 5(1)(a). Furthermore, Datatilsynet65 KB (9,767 words) - 16:22, 6 December 2023
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(a) GDPR)ensure the objectives set out in section 23.1 of the MDR (section 6.4 of the MDR). 5 Article 5(1)(b) of the GDPMR states that "personal data must be : (...)35 KB (5,853 words) - 16:58, 12 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)that a controller is allowed to reject a request to access under Article 12(5)(b) GDPR as "excessive" if the request's sole purpose is to verify the validity40 KB (6,325 words) - 16:12, 18 May 2022
- AEPD (Spain) - EXP202201746 (category Article 5(1)(f) GDPR)violation of article 5.1.f) of the GDPR SAW The violation of article 5.1.f) of the RGPD implies the commission of the violations typified in article 83.5 of the62 KB (9,703 words) - 13:05, 13 December 2023
- AEPD (Spain) - EXP202205353 (category Article 5(1)(f) GDPR)the alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement22 KB (3,386 words) - 16:05, 13 December 2023
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)disclosing personal data from a surveillance footage, thus breaching Article 5(1)(a) GDPR and Article 6. The company appealed to the Norwegian Privacy Appeals Board49 KB (7,646 words) - 07:56, 7 March 2022
- Datatilsynet (Norway) - 15/01355 (category Article 4(11) GDPR)Supervision: Article 6(1)(f), legitimate interest. For the special category personal data: About diagnosis: Article 6(1)(a), cf. Article 9(2)(a), consent16 KB (2,111 words) - 06:21, 6 March 2022
- HDPA (Greece) - 20/2020 (category Article 4(15) GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- CJEU - C-136/17 - GC and Others (category Article 9(1) GDPR)and ‘criminal convictions’ within the meaning of Article 8(5) of Directive 95/46 (and Article 10 GDPR). In addition the court judged that a search engine4 KB (438 words) - 14:23, 11 August 2022
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 83(4)(a) GDPR)of paragraph 2 of article 5 and paragraph a) of paragraph 5 of article 83, both of the RGPD, with a fine of up to €20,000,000 or up to 4% of the annual turnover163 KB (27,222 words) - 16:54, 6 December 2023
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- EDPB - Binding Decision 1/2021 - 'WhatsApp' (category Article 4(24) GDPR) (section Additional infringement of Article 13(2)(e) GDPR)infringement of Article 5(1)(c) GDPR. After recalling that each concerned DPA could submit a request for mutual assistance under Article 61 GDPR and thereby29 KB (4,384 words) - 16:00, 6 December 2023
- AEPD (Spain) - EXP202102430 (category Article 83(4) GDPR)the claimed party, for the alleged violation of Article 32 of the RGPD, typified in Article 83.4 of the GDPR. Once the initiation agreement was notified,33 KB (4,835 words) - 13:26, 13 December 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)to in Article 5(1) LRN, under which the controller did not fall in. Therefore, the controller breached Article 5(1)(a) GDPR and Article 6(1) GDPR, in conjunction113 KB (17,325 words) - 08:50, 19 March 2024
- AEPD (Spain) - EXP202206626 (category Article 5(1)(c) GDPR)accordance with article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 The GDPR defines35 KB (5,475 words) - 13:21, 13 December 2023
- AEPD (Spain) - EXP202105644 (category Article 5(1)(f) GDPR)controller €80,000: €50,000 for the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. The original fine of €80,000 was reduced27 KB (4,121 words) - 15:06, 13 December 2023
- CJEU - C-268/21 - Norra Stockholm Bygg (category Article 6(4) GDPR)proportionality of the measure under Article 6(4) GDPR, in accordance with the objectives referred to in Article 23(1) GDPR. It recalled that these objectives9 KB (1,372 words) - 10:12, 7 June 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines22 KB (3,427 words) - 13:26, 13 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)they are processed (article 5.1 e) of the GDPR). 8.1.4. As for breaches of Articles 5.2. and 24 of the GDPR 88. Article 24.1 of the GDPR which covers Chapter127 KB (21,484 words) - 17:01, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 5(1)(a) GDPR)the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR. As a result, the DPA issued52 KB (7,936 words) - 22:32, 2 March 2024
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)that the letter in question referred to Article 58(1)(a) of the GDPR and Article 5:16 in conjunction with Article 5:17 of the Awb does not make this any different67 KB (11,415 words) - 17:15, 12 December 2023
- HDPA (Greece) - 28/2023 (category Article 58(2) GDPR)council in Greece to cease their processing activities, under Article 58(2) GDPR and Article 15(8) of Law 4624/2019, because of an unresolved data breach9 KB (1,211 words) - 20:32, 8 January 2024
- AEPD (Spain) - EXP202201721 (category Article 83(4)(a) GDPR)the violation of the GDPR: violation of article 6.1, violation typified in its article 83.5.a). IV Secondly, article 32 of the GDPR “Security of processing”79 KB (12,408 words) - 13:24, 13 December 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)for the violation of Article 5(1)(f) GDPR and Article 5(2) GDPR. The AEPD considered that the fine was proportional, since the GDPR establishes that fines270 KB (43,335 words) - 12:39, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)the inspected with section 4 of chapter 4 of the GDPR. 3. […] the inspectorate [is active in the field of transport] […]. 4. The controlled has approximately66 KB (9,458 words) - 19:42, 4 September 2021
- AEPD (Spain) - EXP202105680 (category Article 83(5)(a) GDPR)very serious in article 72.1. e) from the LOPDGDD, with 10,000 euros. -article 13 of the GDPR, in accordance with article 83.5 b) of the GDPR, and for the66 KB (10,558 words) - 13:14, 13 December 2023
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)with article 4.1 of the RGPD, is a personal data. nal and its protection, therefore, is the subject of said regulation. In article 4.2 of the GDPR defines22 KB (3,319 words) - 13:00, 13 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA429 KB (58,279 words) - 09:12, 2 November 2022
- AEPD (Spain) - EXP202209001 (category Article 5(1)(c) GDPR)te, LPACAP), for the alleged violation of Article 5.1.c) of the RGPD, typified in the Article 83.5 of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid22 KB (3,303 words) - 13:28, 13 December 2023
- Datatilsynet (Norway) - 20/02375 (category Article 6(1)(f) GDPR)rating, breaching Article 6(1) GDPR, and required the company to implement a policy for conducting credit ratings per Article 24 GDPR. A person lodged a40 KB (5,943 words) - 18:54, 5 March 2022
- Rb. Rotterdam - C/10/576074/HA RK 19-694 (category Article 15(3) GDPR)assessment framework 4.4. The right of access previously laid down in Article 12 of the Privacy Directive 95/46 has now been included in Article 15 of the AVG15 KB (2,504 words) - 16:27, 10 March 2022
- the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European25 KB (3,812 words) - 10:03, 20 August 2021
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)the LOPDGDD, in its article 71 “Infringements” establishes that “The acts and conduct referred to in sections 4, 5 and 6 of article 83 of Regulation (EU)29 KB (4,482 words) - 14:06, 5 March 2024
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)violation of Article 6 of the GDPR, typified in Article 83.5.a) of the GDPR, and classified as very serious for the purposes of prescription in article 72.1.b)74 KB (11,726 words) - 13:02, 13 December 2023
- AEPD (Spain) - EXP202203969 (category Article 83(5)(a) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SEVENTH: Notification of the aforementioned45 KB (7,135 words) - 13:08, 13 December 2023
- Rb. Midden-Nederland - UTR- 20 817 en UTR 20 3081 (category Article 77 GDPR)Autoriteit Persoonsgegevens disagrees: Article 78(2) GDPR defines the applicable time frame in line with Article 4:13(1) of the Dutch Administrative law25 KB (3,954 words) - 13:39, 16 November 2020
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)that the controller had not violated Article 45 GDPR nor any of the subsequent Articles from Chapter V of the GDPR. The AEPD took into account that the44 KB (6,642 words) - 10:34, 13 December 2023
- HDPA (Greece) - 6/2020 (category Article 5 GDPR)compliance with the principles of Article 5 (1) GDPR. 4. As, in accordance with the provisions of Article 4 (c) (d).1 GDPR is personal data “any information29 KB (4,557 words) - 15:33, 6 December 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 5(1)(f) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- AEPD (Spain) - EXP202209511 (category Article 83(5) GDPR)LPACAP), for the alleged violation of Article 6.1 and 13 of the RGPD, typified in the Article 83.5 of the GDPR. FIFTH: The database of this organization22 KB (3,257 words) - 13:28, 13 December 2023
- Datatilsynet (Norway) - 20/02136 (category Article 3(2) GDPR) (section Special categories of data under Article 9 GDPR)Infringement of Article 6 and 9 GDPR qualifies for the maximum amount for administrative fines as set out in Article 83(5) GDPR: 20,000,000 € or 4% of the total18 KB (2,375 words) - 16:17, 6 December 2023
- AEPD (Spain) - EXP202205932 (category Article 83(5) GDPR)basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful32 KB (4,952 words) - 13:11, 13 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)even pseudonymised data (Art. 4 Para. 5 GDPR) from the term personal data are recorded in accordance with Art. 4 Para. 1 GDPR. It is undeniable that the MB158 KB (26,392 words) - 08:25, 7 June 2023
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)provided for in Article 5(1)(a), (e) and (f), Article 5(2), Article 24(1) and (2), Article 28(3), Article 30(1)(d) and (f) and Article 32(1) of the General58 KB (9,357 words) - 10:02, 17 November 2023
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG, le règlement s'applique96 KB (15,396 words) - 16:50, 12 December 2023
- DSB (Austria) - Austrian Postal Service (category Article 6(1)(f) GDPR)"special categories of data" under Article 9 GDPR. What is the relationship between national laws (like § 151 GewO) and GDPR? Is a prediction of a political8 KB (611 words) - 16:12, 6 December 2023
- HDPA (Greece) - 37/2020 (category Article 4(7) GDPR)in-depth discussion HE THOUGHT ACCORDING TO THE LAW. 1. According to the article. That’s 4 bets.7 of General Regulation (EU) 2016/679 on the protection of individuals14 KB (2,127 words) - 15:37, 6 December 2023
- AEPD (Spain) - PS/00070/2019 (category Article 4(11) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notification of the Commencement Agreement26 KB (4,147 words) - 13:27, 13 December 2023
- Protection Act 2019 sets exceptions in Article 9(1) GDPR, Article 15 GDPR, Article 16 GDPR, Article 18 GDPR and Article 21 GDPR for scientific or historical research10 KB (1,037 words) - 14:52, 10 July 2020
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)lawfulness, the Litigation Chamber concludes that Article 5.1.a. of the GDPR in conjunction with Article 6 of the GDPR have not been complied with with regard to37 KB (5,765 words) - 09:53, 14 December 2023
- Supreme Administrative Court (Portugal) - 0856/20.0BELRA (category Article 4(1) GDPR)with the concept of "personal data", currently translated into Article 4(1) of the GDPR. With the amendment of 2013 and the introduction of a new exception6 KB (657 words) - 10:02, 6 October 2021
- HDPA (Greece) - 3/2022 (category Article 4(7) GDPR)the meaning of Article 4(7) GDPR. Furthermore, the erasure or destruction of personal data is a form of processing based on Article 4(2) GDPR. The DPA has11 KB (1,492 words) - 13:09, 23 November 2022
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read in131 KB (22,429 words) - 16:57, 12 December 2023
- CJEU - C-667/21 - Krankenversicherung Nordrhein (category Article 5(1)(f) GDPR)least one of the conditions set out in Article 6(1) GDPR? On the topic of non-material damages 4) Does Article 82(1) GDPR have a specific or general preventive14 KB (1,916 words) - 16:03, 2 February 2024
- BVwG - W211 2225136-1 (category Article 5 GDPR)under Article 5 of the GDPR, namely data minimisation and data economy, and a defective balancing of interests within the framework of Article 5 of the39 KB (6,244 words) - 09:40, 10 September 2021
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)fail to adhere to the data transparency (Article 5(1)(a) GDPR) and the data minimisation (Article 5(1)(c) GDPR) principles? Was the defendant required to48 KB (7,926 words) - 16:56, 12 December 2023
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)processed on the basis of Article 6(1)(c) GDPR does not have the rights to erasure and objection contained in Article 17 and Article 21 GDPR respectively. This29 KB (4,605 words) - 17:00, 15 December 2021
- AEPD (Spain) - PS/00451/2019 (category Article 6(1)(f) GDPR)referred to as LPACAP), for the alleged infringement of Article 6.1(f) of the RGPD, as defined in Article 83.5 of the RGPD. FOURTH: Having been notified of the26 KB (4,231 words) - 14:44, 13 December 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)purpose limitation in accordance with Article 5 Paragraph 1 Letter b GDPR (Paal/Pauly/Paal, 3rd edition 2021, GDPR Article 15 Rn. 24). The plaintiff has a right32 KB (5,093 words) - 16:07, 11 September 2022
- HDPA (Greece) - 57/2021 (category Article 13 GDPR)2016/679 and article 11toun.3471 / 2006, according to article 58par.2 of the GCP in in combination with article 83 par. 5 of the GCC, and with article 21 par45 KB (7,165 words) - 15:22, 22 February 2022
- APD/GBA (Belgium) - 41/2020 (category Article 12 GDPR)data concerning those other persons. On Article 12(4) GDPR: the defendant was found in breach of Article 12(4) GDPR for not mentioning the possibility to7 KB (890 words) - 16:58, 12 December 2023
- HDPA (Greece) - 18/2020 (category Article 5(1)(a) GDPR)governed by the basic principle of GDPR, the principle of transparency (relevant Articles 12-14 of the GDPR). 4. The GDPR introduces the principle of accountability12 KB (1,733 words) - 15:34, 6 December 2023
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)against the respondent, for the alleged infringement of Article 5.1.d) of the RGPD, typified in Article 83.5 of the RGPD. SIXTH: On October 28, 19, written allegations26 KB (4,032 words) - 14:31, 13 December 2023
- BVwG - W176 2244407-1/18E (category Article 15(4) GDPR)in Article 23 GDPR. Restrictions on the right to information under Art. 15 GDPR result in particular from the express provision in Art. 15 (4) GDPR that48 KB (7,816 words) - 11:04, 29 July 2022
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)with the principle of fair and transparent processing contained in Article 5(1)(a) GDPR? Is the information relating to personal data processing operations48 KB (7,404 words) - 17:09, 6 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)none of the exceptions in Article 82 of the Data Protection Act were applicable, and Apple had to obtain consent (Article 4(11) GDPR) before using the identifiers82 KB (13,463 words) - 17:03, 6 December 2023
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- AEPD (Spain) - EXP202100300 (category Article 16 GDPR)included within the framework of data protection. Therefore, Article 16 GDPR cannot be applied. Article 16 refers to inaccurate personal data, not to the rectification16 KB (2,362 words) - 13:37, 13 December 2023
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller gives120 KB (19,650 words) - 09:00, 6 April 2022
- Tietosuojavaltuutetun toimisto (Finland) - 3216/452/17 (category Article 5(1)(a) GDPR)violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR. As a result, and in accordance with Article 58(2)(d) GDPR, the60 KB (9,117 words) - 14:46, 24 January 2024
- HDPA (Greece) - 38/2020 (category Article 4(7) GDPR)provisions of Article 18 GDPR. 4) He proceeded to remove the recipient’s e-mail address from the list of recipients promoting his candidacy. 5) It was an14 KB (2,070 words) - 15:38, 6 December 2023
- the freedom of expression has been clarified by Article 80 of the Law "Informatique et Libertés". Article 44 of the Law "Informatique et Libertés" provides10 KB (1,108 words) - 09:37, 29 September 2021
- VG Wiesbaden - 6 K 788/20.WI (category Article 4(4) GDPR)Regulation = GDPR; OJ EU L No 119, 4.5.2016, p. 1) regulates: Art. 4 GDPR - Definitions. For the purposes of this Regulation, the term: [...] (4) 'profiling'52 KB (8,534 words) - 12:58, 15 December 2021
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines75 KB (12,421 words) - 13:23, 13 December 2023
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)with the principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of61 KB (10,257 words) - 10:15, 1 November 2023
- Helsingin hallinto-oikeus (Finland) - 3620/2023 (category Article 5(1)(a) GDPR)the GDPR. In light of this, the Court agreed with the DPA that the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article22 KB (3,193 words) - 10:34, 29 February 2024
- HDPA (Greece) - 56/2021 (category Article 13 GDPR)and Article of 11Law No. 3471/2006, in accordance with Article 13(58i2) of the GDPR in conjunction with Article 83(1)(a) of the GDPR. 5 of the GDPR, and54 KB (8,916 words) - 15:22, 22 February 2022
- Tietosuojavaltuutetun toimisto (Finland) - 7285/183/18 (category Article 5(1)(a) GDPR)fairness of processing (Article 5(1)(a) GDPR), data minimisation (Article 5(1)(c) GDPR), and data protection by default (Article 25(2) GDPR). The DPA suggested73 KB (11,237 words) - 05:34, 21 July 2022
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD typified in Article 83.5.a) of the RGPD and considered very serious, for the purposes of prescription, in Article 72.139 KB (6,623 words) - 14:08, 13 December 2023
- Personvernnemnda (Norway) - 2021-18 (20/02059) (category Article 5(1)(d) GDPR)specific categories of information in Article 8 (1) and (5) of Directive 95/46 or in Article 9 (1), Article 10 (1) and Article 10 of Regulation 2016/679, the36 KB (5,859 words) - 06:40, 6 July 2022
- AEPD (Spain) - EXP202301529 (category Article 17 GDPR)considering that it has violated the provisions of Article 17 of the GDPR and Article 21 of the GDPR and urge GLOBAL CAPITAL GROUP SPAIN, S.L. with NIF20 KB (3,078 words) - 13:05, 13 December 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)cites Articles 5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing31 KB (4,648 words) - 13:56, 12 May 2023
- CJEU - C-683/21 - Nacionalinis visuomenės sveikatos centras (category Article 4(2) GDPR)asked whether the joint control of data in accordance with Article 4(7) and Article 26(1) GDPR must be interpreted 'exclusively' as involving deliberately9 KB (1,234 words) - 12:48, 25 January 2024
- CNIL (France) - SAN-2019-001 (category Article 4(11) GDPR)comprehensible character, within the meaning of Article 12 of the GDPR, of the information provided for in Article 13 of the Regulation must be assessed. The90 KB (14,556 words) - 17:08, 6 December 2023
- OGH - 6Ob35/21x (category Article 4(1) GDPR)constitute personal data under Article 4(1) GDPR? If so, do they qualify as special categories of personal data under Article 9 GDPR? Is the defendant obliged27 KB (4,090 words) - 09:54, 10 September 2021
- APD/GBA (Belgium) - 06/2019 (category Article 5(1)(c) GDPR)conformity with Article 5.1. c), Article 6.1., Article 13.1. c), Article 13.1. c), Article 13.1. e) and Article 13.2. a) of the DGPS pursuant to Article 101 of20 KB (3,137 words) - 16:51, 12 December 2023
- AEPD (Spain) - TD/00183/2021 (category Article 15 GDPR)free circulation of these data (hereinafter, GDPR); and in article 47 of the Law Organic 3/2018, of December 5, Protection of Personal Data and guarantee20 KB (3,087 words) - 13:30, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8211/161/19 (category Article 5(1)(d) GDPR)this from happening, in violation with Article 24(1), Article 24(2), and Article 25(1) GDPR. According to Article 24(4) of the Finish Data Protection Act,42 KB (6,579 words) - 08:46, 27 January 2022
- communication service. Therefore, TikTok had to obtain valid consent (Article 4(11) GDPR) from users before using the identifiers. The DPA stated that it should73 KB (11,864 words) - 17:03, 6 December 2023
- HDPA (Greece) - 26/2023 (category Article 15 GDPR)under Article 15 GDPR." The DPA rejected the request for review. Genealogical research on a family surname did not fall within the scope of Article 15 GDPR14 KB (2,181 words) - 11:27, 13 September 2023
- Garante per la protezione dei dati personali (Italy) - 9860529 (category Article 9 GDPR)right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,354 words) - 15:45, 6 December 2023
- HDPA (Greece) - 2/2020 (category Article 12(4) GDPR)subject of its inability to respond to the access request according to Article 12(4) GDPR. The complainant exercised their right of access asking the DPO of12 KB (1,773 words) - 15:33, 6 December 2023
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled27 KB (4,216 words) - 13:26, 8 January 2024
- Datatilsynet (Norway) - 20/01868 (category Article 5(1)(d) GDPR)of personal data, cf. Article 5, also to the processing of personal data pursuant to Article 16. This interpretation of Article 16 is based on, among others26 KB (4,150 words) - 16:14, 6 December 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)provisions of Article 5(1)(a) and Articles 13 and 14 GDPR. Furthermore, the defendant violated the principle of integrity and confidentiality from Art. 5 Para.39 KB (6,362 words) - 14:01, 22 June 2023
- Tietosuojavaltuutetun toimisto (Finland) - 918/154/2019 (category Article 17(1) GDPR)was outdated and was no longer of importance to society. Pursuant to Article 17(1) GDPR, the data subject had requested Google LLC (the controller) to remove26 KB (4,072 words) - 12:18, 27 March 2024
- Garante per la protezione dei dati personali (Italy) - 9485681 (category Article 5 GDPR)found Vodafone S.p.A in violation of the following GDPR provisions: Article 5(1) and Article 5(2) and Article 25(1): for failing to implement control systems7 KB (810 words) - 15:52, 6 December 2023
- implementation of Article 5(3) ePD. § 25(1) TTDSG mandates that information (notably also information that is not considered personal data under the GDPR) may only18 KB (1,831 words) - 13:49, 3 November 2022
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- CJEU - C-645/19 - Facebook Ireland and others v Gegevensbeschermingsautoriteit (category Article 58(5) GDPR)decision under Article 66 GDPR when the lead SA fails to respond to provide mutual assistance within a month as per Article 61(8) GDPR. The CJEU adopted10 KB (1,311 words) - 15:26, 13 June 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)completely determined by it. This already follows from Article 1.3, Article 20.3 and Article 93.1 No. 4a of the Basic Law. According to these, the commitment133 KB (21,944 words) - 15:59, 22 March 2022
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- HDPA (Greece) - 3/2020 (category Article 15 GDPR)coverage of the image of the third party shall not be required.” 4. As follows from Article 12 (4) of Law 2472/1997, the controller was required to respond to19 KB (3,034 words) - 15:33, 6 December 2023
- HDPA (Greece) - 11/2024 (category Article 17 GDPR)information [...]". 5. Because according to the above article 17 of the GDPR, as it has been interpreted according to the content of the Guidelines 5/2019 of the36 KB (5,761 words) - 17:19, 22 April 2024
- UODO (Poland) - DKN.5131.6.2020 (category Article 34(4) GDPR)as Article 57 (1) (a), Article 58 (2) (e) and (i), Article 83 (1) - (3) and Article 83 (4) (a) in connection with Article 33 (1) and Article 34 (1), (2)66 KB (10,785 words) - 10:00, 17 November 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4356/532/19 (category Article 5(1)(a) GDPR)on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for43 KB (6,671 words) - 08:49, 27 January 2022
- Tietosuojavaltuutetun toimisto (Finland) - 834/532/18 (category Article 5(1)(a) GDPR)on final judgments did not comply with Article 25(1) GDPR. Pursuant to Article 58(2)(b) and Article 58(2)(d) GDPR, the DPA reprimanded the controller for43 KB (6,677 words) - 08:47, 27 January 2022
- HDPA (Greece) - 4/2022 (category Article 5(1)(a) GDPR)under Article 35(7) GDPR, for not complying with the principle of transparency under Article 5(1) GDPR and for not anonymising the data under Article 25(1)11 KB (1,274 words) - 10:37, 23 February 2022
- 99 GDPR |GDPR_Article_4= |GDPR_Article_Link_4= |GDPR_Article_5= |GDPR_Article_Link_5= |GDPR_Article_6= |GDPR_Article_Link_6= |GDPR_Article_7= |GDPR_Article_Link_7=32 KB (6,006 words) - 16:33, 7 July 2021
- 99 GDPR |GDPR_Article_4= |GDPR_Article_Link_4= |GDPR_Article_5= |GDPR_Article_Link_5= |GDPR_Article_6= |GDPR_Article_Link_6= |GDPR_Article_7= |GDPR_Article_Link_7=34 KB (5,924 words) - 18:14, 20 April 2021
- ANSPDCP (Romania) - Warning issued to Bucharest Municipality (District 4) (category Article 5(1)(a) GDPR)and voice) according to Article 5(1)(a) GDPR and Article 6(1) GDPR? The ANSPDCP found that the staff of the General Directorate of 4th District Local Police7 KB (931 words) - 15:22, 13 December 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)infringements of Article 5(1)(f), Article 24, and Article 32 GDPR, and to the objection of the IT SA on the possible infringement of Article 5(2) GDPR, the EDPB183 KB (30,819 words) - 09:50, 20 January 2023
- BVwG - W258 2227269-1/14E (category Article 4(7) GDPR)violating Article 5(1) GDPR Article 6 (1) GDPR Article 6(4) GDPR Article 9 GDPR Article 14 GDPR Article 30 GDPR Article 35 GDPR and Article 36 GDPR. The fine47 KB (7,345 words) - 09:41, 10 September 2021
- HG Wien - 57 Cg 32/20m (category Article 4(2) GDPR) (section Clause 2: Violation of the Transparency Principle under Article 5(1)(a) GDPR)minimisation according to Article 5(1)(c) GDPR. The court ruled that the second clause violated the transparency obligation of Article 5(1)(a) GDPR, in particular24 KB (3,579 words) - 12:05, 7 July 2021
- ANSPDCP (Romania) - Asociația de proprietari Bl. FC 5, orașul Năvodari, județul Constanța (category Article 5 GDPR)unlawfully, as it breached Articles 5 and 6(1) GDPR. For this violation, the DPA used its powers under Article 82(5)(a) and fined the association with €5006 KB (779 words) - 15:16, 13 December 2023
- DPC (Ireland) - Meta Platforms Ireland Limited (Facebook) - IN-18-5-5 (category Article 4 GDPR)accordance with Article 60(3) GDPR. Ten DPAs (AT, DE, FI, FR, IT, NL, NO, PL, PT, SE) raised objections, in accordance with Article 60(4) GDPR, to the Draft21 KB (3,005 words) - 14:16, 1 February 2023
- VGH München – 5 CS 19.2087 (category Article 4(1) GDPR)§ 68 (1) sentence 5 LFGB § 40 paragraph 1a Basic Law Article 5(1), first sentence VIG § 1, § 2, § 3, § 4 para. 4, § 5 para. 1, para. 4 p. 1, § 6 para. 140 KB (6,397 words) - 08:03, 21 March 2022
- Garante per la protezione dei dati personali (Italy) - 9283029 (category Article 5(1)(a) GDPR)respect the prohibition under Article 9 (1) GDPR and without relying on any specific exemptions under Article 9 (2) (4) GDPR. Feel free to add your comment6 KB (316 words) - 15:47, 6 December 2023
- AEPD (Spain) - EXP202104006 (category Article 4(12) GDPR)ends and means of such activity, by virtue of article 4.7 of the GDPR. Article 4 section 12 of the GDPR broadly defines “violations of security of personal31 KB (4,578 words) - 12:11, 6 March 2024
- HDPA (Greece) - 5/2023 (category Article 5(1)(a) GDPR)fairness and transparency established in Article 5(1)(a) GDPR. Moreover, the DPA found a violation of Article 13 GDPR, since the controller did not correctly5 KB (578 words) - 05:32, 26 April 2023
- Court of Appeal of Brussels - 2022/AR/723 (category Article 5(1)(c) GDPR)21(2) and 21(4) GDPR. Moreover, the DPA held that the controller violated Article 5(1)(a), 5(1)(c), 5(2), 6(1), 12(2), 21(2) and 21(4) GDPR. The controller8 KB (919 words) - 09:54, 14 December 2023
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 12(5) GDPR)data subject under Articles 17 (1) GDPR and 21 (1) GDPR can submit , also given the provisions of Article 12 (5) GDPR ? 5. Does it make any difference to34 KB (5,811 words) - 09:44, 8 December 2020
- DSB (Austria) - D550.038/0003-DSB/2018 (category Article 5(1)(a) GDPR)62(1)(4) and 69(5) DSG 2000 (missing deletion) € 800 under §§ 52(2)(4), 62(1)(4) and 69(5) DSG 2000 (missing signage) +10% administrative fee € 5.280 TOTAL31 KB (5,161 words) - 14:02, 12 May 2023
- DSB (Austria) - 2020-0.111.488 (category Article 4(15) GDPR)(Datenschutzbehörde - DSB) held that the doctor had violated Article 5(1)(a) GDPR and Article 9(1) and (2) GDPR as the patients had not given their ecplicit consent8 KB (1,048 words) - 13:50, 12 May 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)(definition) Article 4.1: Data subject (definition) Article 4.2: Processing (definition) Article 4.3: Restriction of processing (definition) Article 4.4 : Profiling9 KB (1,251 words) - 12:15, 8 May 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/35/2022 (category Article 5(1)(a) GDPR)a violation of Article 5(1)(b) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Generally, a controller20 KB (2,859 words) - 13:11, 13 March 2024
- AEPD (Spain) - PS/00187/2019 (category Article 4(11) GDPR)contrary to the GDPR within the meaning of Article 4(11) GDPR. For all the above, the AEPD hold that HM HOSPITALES 1989, S.A. breached Articles 5(1)(a) and 6(1)(a)5 KB (497 words) - 14:08, 13 December 2023
- HDPA (Greece) - 48/2023 (category Article 5(1)(a) GDPR)personal data in violation of Article 5(1)(a) GDPR, Article 6(1) GDPR, Article 12(3) GDPR, Article 12(4) GDPR and Article 15 GDPR. As such, the DPA issued a6 KB (685 words) - 14:58, 21 March 2024
- AEPD (Spain) - PS/00192/2022 (category Article 4(1) GDPR)violating Article 5(1)(c) GDPR, the DPA fined the controller €50,000. In its assessment of the fine, the DPA noted three aggravating factors per Article 83(2)15 KB (2,257 words) - 13:02, 13 December 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)accordance with Article 60(3) GDPR. Ten DPAs (AT, DE, ES, FI, FR, HU, IT, NL, NO, SE) raised objections, in accordance with Article 60(4) GDPR, to the Draft468 KB (51,340 words) - 14:10, 30 January 2023
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)(definition) Article 4.1: Data subject (definition) Article 4.2: Processing (definition) Article 4.3: Restriction of processing (definition) Article 4.4: Profileing9 KB (1,168 words) - 15:30, 6 December 2023
- HDPA (Greece) - 39/2020 (category Article 4(7) GDPR)under the GDPR and needs to establish a valid legal basis to process personal data. Unsolicited political communication is regulated with Article 11 L. 3471/200656 KB (7,755 words) - 15:39, 6 December 2023
- DSB (Austria) - 2020-0.550.322 (category Article 4(2) GDPR)other legal basis for processing under Article 6 GDPR, the controller had violated Article 5(1)(a) and Article 6(1) GDPR. Taking into account the low income26 KB (4,098 words) - 13:51, 12 May 2023
- Rb. Gelderland - C/05/391171 / HA RK 21-135 (category Article 5(1)(c) GDPR)personal data in accordance with the basic principles of Article 5 of the GDPR. Article 5(1)(a) of the GDPR states that personal data must be processed in a manner56 KB (9,287 words) - 16:00, 26 January 2022
- HDPA (Greece) - 2/2023 (category Article 4(7) GDPR)protected by article 5 par. 1 item a) GDPR, in conjunction with Article 13 GDPR. 12. Because, since a lack of compliance with the provisions of article 5 par.31 KB (5,021 words) - 16:15, 18 July 2023
- Datatilsynet (Denmark) - 2023-432-0016 (category Article 4(11) GDPR)fairness and transparency under Article 5(1)(a) GDPR, as well as the principle of data minimisation pursuant to Article 5(1)(c) GDPR, since they did not process46 KB (7,192 words) - 12:37, 19 December 2023
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)five (5) complainants in three (3) of the four (4) publications exceeded the principle of data minimisation in violation of Article 5(1)(c) GDPR, and the31 KB (4,973 words) - 16:50, 6 December 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)of an infringement of the Article 5(1)(a) GDPR principle of fairness, and infringements of the Article 5(1)(b) and (c) GDPR principles of purpose limitation289 KB (33,568 words) - 15:00, 1 February 2023
- Garante per la protezione dei dati personali (Italy) - 9544504 (category Article 5(1)(a) GDPR)Articles 5(1)(a), (d) and (f), 9 and 32(1)(b) GDPR.” Pursuant to Article 58(2)(i), the DPA hence imposed an administrative fine as per Article 83(4) and (5)10 KB (1,206 words) - 15:54, 6 December 2023
- DVI (Latvia) - SIA “Lursoft IT” (category Article 5(1)(a) GDPR)paragraph of Article 166, Article 168, Article 262, Article 269, 1. to find SIA “Lursoft IT” guilty in Article 83 (5) “a” of the Data Regulation and committed90 KB (14,351 words) - 16:10, 6 December 2023
- Datatilsynet (Norway) - 21/02873 (category Article 4(16) GDPR)in Article 12(5) GDPR, Article 15(4) GDPR or Article 16 of the Norwegian Personal Data Act were applicable. The DPA ordered the controller (Article 58(2)(d)13 KB (1,583 words) - 16:20, 6 December 2023
- ICO - FS50819531 (category Article 4(1) GDPR)Section 3(2) of the Data Protection Act (DPA) and Article 4(1) GDPR. Pursuant to the FOIA and the GDPR, the ICO balanced the right to information and the3 KB (212 words) - 16:21, 7 March 2022
- AEPD (Spain) - PS/00322/2020 (category Article 5(1)(f) GDPR)data integrity, security and confidentiality under Article 5(1)(f) GDPR. For the violation of Article 32, the AEPD issued the law firm with a reprimand26 KB (3,840 words) - 14:28, 13 December 2023
- AEPD (Spain) - PS/00099/2022 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD, typified in Article 83.5 of the RGPD, and Article 32 of the RGPD, typified in article 83.4 of the RGPD Once38 KB (5,920 words) - 12:43, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9451734 (category Article 5(1)(c) GDPR)protection of personal data, approved by resolution no. 98 of 4/4/2019, published in OJ no. 106 of 8/5/2019 and www.gpdp.it, web doc. no. 9107633 (hereinafter24 KB (3,697 words) - 15:52, 6 December 2023
- HDPA (Greece) - 38/2019 (category Article 4(1) GDPR)purposes? 4) Is the data subjects’ consent valid? The HDPA found that: 1) The telephone number constitutes personal data according to Article 4(1) GDPR as the4 KB (347 words) - 15:37, 6 December 2023
- AKI (Estonia) - 2.1.-1/19/126 (category Article 13(4) GDPR)provide data that the data subject already possesses under Articles 13(4) and 14(5)(a) GDPR. Thus, the DPA found that the company has adequately fulfilled the3 KB (195 words) - 10:30, 13 December 2023
- APD/GBA (Belgium) - 20/2023 (category Article 2(4) GDPR)objection for data processing under Article 21 GDPR and the principle of liability under Article 2(4) GDPR and Article 24 GDPR. The complainant, the data subject14 KB (1,883 words) - 16:59, 20 March 2023
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 5(1)(f) GDPR)orrequest-related processing activities. ». 2.5. Article 32 - Processing security:2.5.1. In accordance with the provisions of Article 32 of the Rules of Procedure, which61 KB (9,412 words) - 16:52, 6 December 2023
- APD/GBA (Belgium) - 10/2019 (category Article 5(1)(b) GDPR)been taken up in Article 5(1)(b) of the GDPR under the Principles relating to the processing of personal data (Chapter II). Article 5(1)(b) of the RGPD32 KB (5,190 words) - 16:51, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445180 (category Article 5(1)(a) GDPR)incoming communications" (note cit., p. 6). 1.4. On 10 September 2019, pursuant to Article 166, paragraph 5, of the Code, the Office notified the company34 KB (5,414 words) - 15:50, 6 December 2023
- APD/GBA (Belgium) - 11/2019 (category Article 5(1)(b) GDPR)the processing carried out by the controller violated Articles 5(1)(b), 5(1)(e) and 6(4) GDPR and imposed a fine accordingly. Share your comments here! Share24 KB (3,844 words) - 16:51, 12 December 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page82 KB (13,250 words) - 16:57, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/1333 (category Article 5(1)(a) GDPR)people affected and the level of damage the elves suffered (article 83.2.4 of the GDPR) 4.1.4. The Data Protection Authority should have taken into account51 KB (7,792 words) - 11:43, 24 January 2022
- Datatilsynet (Norway) - 20/02291 (category Article 5(1)(f) GDPR)patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital45 KB (6,645 words) - 14:40, 28 March 2022
- AEPD (Spain) - EXP202104873 (category Article 5(1)(f) GDPR)for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned24 KB (3,512 words) - 10:43, 13 December 2023
- APD/GBA (Belgium) - 11/2024 (category Article 5(2) GDPR)established in Article 12(3) and (4) GDPR. Therefore, the Belgian DPA found the controller to have breached Article 15 GDPR in conjunction with Article 12(3) and26 KB (3,856 words) - 08:51, 19 March 2024
- APD/GBA (Belgium) - 137/2022 (category Article 12(4) GDPR)result, the controller has acted in violation of Article 12.3 and 12.4 GDPR, as well as Article 17.1 GDPR. 5. The Disputes Chamber is of the opinion that on14 KB (1,946 words) - 08:50, 29 June 2023
- GHAL - 200.256.426 (category Article 4(2) GDPR)on legitimate interests according to Article 6(1)(f) GDPR and that Ziggo had to comply with Article 6(4)(d) GDPR. The Court found that DFW had a legitimate40 KB (6,777 words) - 16:28, 15 March 2022
- Supreme Court - C.20.0323.N (category Article 4(11) GDPR)minimisation under Article 5(1)(c) GDPR, and contrary to the obligation to obtain the freely given consent of the data subject under Article 6(1)(a) GDPR, when refusal43 KB (6,749 words) - 07:07, 28 October 2021
- DSB (Austria) - D130.206/0006-DSB/2019 (category Article 4(7) GDPR)- the rectification of the violation of Article 13 GDPR would also rectify the violation of Article 5(1)(a) GDPR (principle of transparency) and therefore40 KB (6,007 words) - 13:59, 12 May 2023
- CJEU - C-496/17 - Deutsche Post AG v. Hauptzollamt Köln (category Article 4(2) GDPR)must be respected. More particularly, the personal data must, under Article 5(1)(b) or 5(1)(c) of Regulation 2016/679, be collected for specified, explicit7 KB (1,005 words) - 13:10, 1 June 2023
- Datatilsynet (Norway) - 18/02579 (category Article 5(1)(f) GDPR)subsequent violations of Article 32(1)(b) GDPR and Article 32(1)(d) GDPR and of the principle of accountability as foreseen in Article 5(2) GDPR read in conjunction41 KB (6,337 words) - 18:52, 5 March 2022
- AEPD (Spain) - EXP202204631 (category Article 5(1)(f) GDPR)comes regulated in article 32 of the GDPR. II Article 5.1.f) of the GDPR Article 5.1.f) of the GDPR establishes the following: "Article 5 Principles relating36 KB (5,485 words) - 13:19, 13 December 2023
- AP (The Netherlands) - 24.03.2020 (category Article 4(15) GDPR)unlawfully. 2.4 Administrative fine Pursuant to Article 58, paragraph 2, preamble, in conjunction with Article 83, paragraph 4, of the GDPR and article 14, third48 KB (7,461 words) - 17:04, 12 December 2023
- DSB (Austria) - 2020-0.743.659 (category Article 4(15) GDPR)requirements of Article 9 GDPR. In the DSB held that the processing violated Articles 5, 6 and 9 GDPR: Consent under Articles 6(1)(a), 7 and 9(2)(a) GDPR cannot50 KB (8,015 words) - 13:52, 12 May 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.00085 KB (12,340 words) - 15:30, 19 August 2022
- Rb. Noord-Nederland - C/ 18/189406/HA ZA 19-6 (category Article 5(1)(f) GDPR)loss of control of personal data and a breach of Article 5(1)(f) GDPR, Article 6 GDPR and Article 32(2) GDPR. The first complainant is a company that is engaged105 KB (18,002 words) - 16:24, 10 March 2022
- RvS - 202100789/1/A3 (category Article 5(1)(b) GDPR)in accordance with Article 5, paragraph 1, preamble and under b, of the GDPR. 4.4. Article 6, paragraph 1, opening words, of the GDPR stipulates that processing20 KB (2,965 words) - 12:52, 28 June 2023
- HDPA (Greece) - 38/2022 (category Article 4 GDPR)processing personal data, in line with the definition of Article 4(1) GDPR. In accordance with Article 5(3) GDPR, the controller had an obligation to demonstrate9 KB (974 words) - 15:54, 20 December 2022
- DPC (Ireland) - Meta Platforms Ireland Limited (Instagram) - IN-18-5-7 (category Article 4 GDPR)accordance with Article 60(3) GDPR. Ten DPAs (AT, DE, ES, FI, FR, HU, IT, NL, NO, SE) raised objections, in accordance with Article 60(4) GDPR, to the Draft21 KB (3,069 words) - 14:17, 1 February 2023
- AKI (Estonia) - 2.1.-1/23/2891-5 (category Article 6(1)(a) GDPR)it was not possible to rely on Article 6(1)(a) GDPR. Secondly, the DPA recalled that, according to Article 6(1)(f) GDPR, processing of personal data on23 KB (3,657 words) - 11:23, 17 April 2024
- CNIL (France) - SAN-2023-082 (category Article 5(2) GDPR)etc.). 2.4.1.9. These documents must include all of the information provided for in Article 14 of the GDPR. 2.4.2. Exercise of people’s rights 2.4.2.1. The46 KB (7,106 words) - 17:06, 6 December 2023
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- AEPD (Spain) - PS/00320/2020 (category Article 4(11) GDPR)described violates article 6.1. of the RGPD and is subsumable in the sanctioning type of the article 83.5.a, of the RGPD. IV Article 72.1.b) of the LOPDGDD18 KB (2,736 words) - 14:28, 13 December 2023
- AEPD (Spain) - EXP202201247 (category Article 4(11) GDPR)hereinafter, LPACAP), for the alleged violation of article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid17 KB (2,350 words) - 13:17, 13 December 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- AKI (Estonia) - 18.02.2022 (category Article 5(1) GDPR)issues a reprimand under Article 58(2)(b) GDPR. After this, the DPA draws attention to the fact that pursuant of Article 5(1)(a) GDPR, data must be processed42 KB (5,838 words) - 10:27, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.010.201 (category Article 5(1)(a) GDPR)personal data (Article 5 GDPR). 9 4. Conclusion 4.1 Having regard to all the above facts, as stated and, based on the powers granted to me by Article 58 of the23 KB (3,737 words) - 10:30, 7 June 2023
- RvS - 201905347/1/A3 (category Article 5 GDPR)decision of the Minister is no longer based on Article 17(3) GDPR. Instead the decision is based on Article 6(4) GDPR. However the Minister did not explain well25 KB (3,824 words) - 22:46, 10 October 2020
- Datatilsynet (Norway) - 20/01865 (category Article 4(1) GDPR)under Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet19 KB (2,942 words) - 09:03, 14 September 2023
- DSB (Austria) - 2020-0.349.984 (category Article 4(2) GDPR)Paragraph 4 DSG) rely on an authorization norm within the meaning of Article 6 Paragraph 1 lit. c GDPR. This also results from Art. 5 Para. 1 lit. a GDPR, according28 KB (4,228 words) - 14:00, 12 May 2023
- Commissioner (Cyprus) - 11.17.001.008.042 (category Article 4(11) GDPR)An employer should explore the specific exceptions in Article 9(2)(b) GDPR to Article 9(2)(j) GDPR to lawfully process health-related data of employees4 KB (472 words) - 16:52, 6 December 2023
- AEPD (Spain) - PS/00117/2022 (category Article 4(11) GDPR)(hereinafter, LPACAP), for the alleged violation of article 6 of the RGPD, typified in article 83.5 of the GDPR. SIXTH: On June 30, 2022, the claimed party presented30 KB (4,623 words) - 12:58, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9779057 (category Article 4(1) GDPR)without references to names. Moreover, (2) it included health data (Article 4(15) GDPR) as the newsletters were send to patients of the respected medical63 KB (9,916 words) - 11:28, 16 August 2022
- AEPD (Spain) - PS/00151/2020 (category Article 5(1)(c) GDPR)of the duty of information as per article 13 GDPR. The DPA imposed thus a fine of €1000 for violating Article 13 GDPR. Share your comments here! Share blogs28 KB (4,525 words) - 14:06, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.010.045 (category Article 5(1)(c) GDPR)that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines74 KB (12,375 words) - 10:07, 4 October 2023
- APD/GBA (Belgium) - 03/2021 (category Article 5(1)(b) GDPR)Chamber thus concludes that the infringement of Article 5.1.b) in conjunction with Article 6.4. GDPR, and Article 6.1. AVG has been proven. 28. Despite the fact32 KB (4,880 words) - 16:50, 12 December 2023
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)(1) lit. d GDPR. The procedure was also compatible with the principle of purpose limitation within the meaning of Article 5 para. 1 lit. b GDPR. In September31 KB (5,184 words) - 17:19, 15 April 2023
- GHAL - 200.266.445 (category Article 5 GDPR)the registration. assessment framework 4.4 The assessment framework that the court used in paragraphs 4.1 to 4.4 of the decision of 24 June 2019 was not15 KB (2,380 words) - 13:35, 5 July 2022
- NAIH (Hungary) - NAIH/2020/974/4 (category Article 5(1)(a) GDPR)breach of the General Data Protection Regulation5. Article 5 (1) (a), Article 5 (2) and Article 13 Article 1 (1) to (2). III.3. JogkövetkezményekIII.3.167 KB (10,815 words) - 10:11, 17 November 2023
- AEPD (Spain) - EXP202208091 (category Article 5(1)(f) GDPR)for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned40 KB (6,014 words) - 13:24, 13 December 2023
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)processing of personal data within the meaning of Article 4 GDPR and is it justified on the basis of Article 6 GDPR? Can the controller raise the argument that73 KB (11,238 words) - 16:59, 12 December 2023
- APD/GBA (Belgium) - 154/2023 (category Article 5(1)(b) GDPR)principle (Article 5.1 b) GDPR) and the principle of minimum data processing (Article 5.1 c) GDPR). This follows from both provisions of the GDPR camera surveillance21 KB (3,034 words) - 15:30, 26 January 2024
- AEPD (Spain) - PS/00187/2020 (category Article 5(1)(f) GDPR)the alleged violation of Article 32 of the RGPD, Article 5.1.f) of the RGPD, Article 25 of the RGPD, typified in Article 83.5 of the RGPD. FOURTH: On October51 KB (7,770 words) - 14:08, 13 December 2023
- AEPD (Spain) - PS/00278/2019 (category Article 4(11) GDPR)lack of valid consent under Article 6(1)(a) GDPR. Thus, it imposed VODAFONE a fine of EUR 75,000 under Article 83(5) GDPR, being indecisive whether there23 KB (3,672 words) - 14:25, 13 December 2023
- Datatilsynet (Norway) - 20/02274 (category Article 5(1)(a) GDPR)fundamental principles of the GDPR, notably Article 5(1)(a) and (e) GDPR. The DPA found violations of various provisions of the GDPR. It held that the controller47 KB (7,661 words) - 18:54, 5 March 2022
- APD/GBA (Belgium) - 51/2023 (category Article 5(1)(b) GDPR)Articles 5.1.b) and 5.1.c) of the GDPR pursuant to Article 95, §1, 3° of the LCA; - pursuant to Article 58.2.c) of the GDPR and Article 95, § 1, 5° of the18 KB (2,611 words) - 12:45, 16 June 2023
- Garante per la protezione dei dati personali (Italy) - 9435753 (category Article 5(1) GDPR)administrative fines provided for by Article 83, paragraphs 4 and 5, of the Regulation and Article 166, paragraph 1 of the Code. 4.4. On the publication of the data129 KB (21,020 words) - 15:49, 6 December 2023
- APD/GBA (Belgium) - 48/2021 (category Article 5(1)(a) GDPR)defendant on the basis of Article 100.1, 5 ° LCA given the breach noted in Article 6 of the GDPR combined with Article 5.1.a) of GDPR; - To dismiss the remainder43 KB (6,670 words) - 16:58, 12 December 2023
- NAIH (Hungary) - NAIH/2020/2555 (category Article 4(1) GDPR)Debtor pursuant to Article 58 (2) (b) of the General Data Protection Regulation because its data processing activities violated Article 5 (1) (d) of the General33 KB (5,033 words) - 10:12, 17 November 2023
- AEPD (Spain) - PS/00029/2020 (category Article 5(1)(f) GDPR)Q4500146H, for the alleged infringement of Article 5.1.f) of the RGPD, in accordance with the provisions of Article 83.5 of the RGPD and 72.1.i) of the LOPDGDD44 KB (6,943 words) - 13:49, 13 December 2023
- AEPD (Spain) - PS/00268/2022 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD, Article 33 of the RGPD, Article 25 of the RGPD and Article 32 of the RGPD, typified in Article 83.5 of the RGPD63 KB (9,551 words) - 12:33, 13 December 2023
- DSB (Austria) - D122.970/0004-DSB/2019 (category Article 12(5) GDPR)executed. Legal basis: Article 4 lines 1, 2 and 5, Article 11 paragraphs 1 and 2, Article 12 paragraph 2, Article 17 paragraph 1 and Article 58 paragraph 2 lit23 KB (3,622 words) - 13:57, 12 May 2023
- Rb. Amsterdam - C/13/692003/HA RK 20-302 (category Article 15(1) GDPR)be regarded as the controller within the meaning of Article 4 under 7 GDPR. The legal framework 4.4. [Applicants] argue that Uber has infringed their right30 KB (4,797 words) - 10:03, 19 May 2021
- AEPD (Spain) - PS/00348/2020 (category Article 5(1)(a) GDPR)claimant’s signature constitute a breach under the GDPR? The AEPD held that Vodafone violated Article 6(1) GDPR, as they had processed the claimant’s data without38 KB (5,648 words) - 14:31, 13 December 2023
- AEPD (Spain) - PS/00326/2020 (category Article 37(1)(a) GDPR)28001 - Madrid sedeagpd.gob.es 3/5 The infringement is considered as such in article 83.4.a of the RGPD which states: ”4. The Infractions of the following14 KB (1,992 words) - 14:29, 13 December 2023
- NAIH (Hungary) - NAIH/2020/32/4 (category Article 5(1) GDPR)pursuant to Article 4(2) of the GDPR, and the applicant operating and managing the Facebook page is a controller pursuant to Article 4(7) of the GDPR, given75 KB (12,586 words) - 10:10, 17 November 2023
- AEPD (Spain) - PS/00329/2020 (category Article 37 GDPR)period ”. In this sense, article 77.1 c) and 2, 4 and 5 of the LOPGDD, indicates: 1. "The regime established in this article shall apply to the treatment13 KB (2,002 words) - 14:29, 13 December 2023
- NAIH (Hungary) - NAIH/2020/2000/5 (category Article 5(1)(a) GDPR)of a Commission decision on adequacy , or in Article 46, Article 47 or the second subparagraph of Article 49 (1) (a) the period for which the personal24 KB (3,815 words) - 10:11, 17 November 2023
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)person concerned. ” 4.3.1- As regards respect for the principles of minimization and finality (article 5.1.c. and article 5.1.b of the GDPR) 24. In its capacity45 KB (6,780 words) - 16:57, 12 December 2023
- AKI (Estonia) - 2.1.-3/20/4479 (category Article 5(1)(c) GDPR)are a special type of personal data (see also IKÜM art. 4 p. 15 definition of health data). 4.5. Challenger: AKI's position, as if any person in an e-pharmacy28 KB (4,474 words) - 10:31, 13 December 2023
- Datatilsynet (Denmark) - 2019-431-0052 (category Article 4(11) GDPR)place in accordance with Article 5 (1) of the Data Protection Regulation. 1, letter e, and Article 6, para. 1, cf. Article 4, point 11. The Danish Data27 KB (4,300 words) - 16:36, 6 December 2023
- AZOP (Croatia) - Decision 28-08-2019 (category Article 4(1) GDPR)violation of Article 5, Article 6, and Article 25 GDPR. It ordered the controller to comply with the data subject's erasure request pursuant to Article 17(1)(d)16 KB (2,373 words) - 15:31, 30 October 2023
- AP (The Netherlands) - 7.04.2022 (redirect from AP (The Netherlands) - Dutch Tax and Customs Administration fined €3,700,000 for six GDPR violations) (category Article 5(1)(b) GDPR)(possible) fraud. This resulted in a breach of Article 5(1)(a) GDPR and Article 6(1) GDPR in conjunction with Article 8 of the Dutch Personal Data Protection49 KB (7,201 words) - 17:06, 12 December 2023
- HDPA (Greece) - 35/2023 (category Article 4(12) GDPR)personal data by bank to the data subject's wife under Article 5 (1) (a) GDPR and Article 5 (1) (f) GDPR. An additional €50,000 was added for the violation52 KB (8,460 words) - 10:54, 10 January 2024
- APD/GBA (Belgium) - 22/2020 (category Article 5(1)(f) GDPR)observations, which, in accordance with Article 54(1)(b), (3) and (4), (4) and (4), (5) and (5), (5) and (5), (5) and (5), (5) and (6). 2 of the Rules of Procedure35 KB (5,526 words) - 16:56, 12 December 2023
- HDPA (Greece) - 24/2020 (category Article 4(2) GDPR)possibility of exercising their right to access (Article 15 GDPR), not mentioning any of the elements of Article 14 GDPR regarding the processing of data, but only8 KB (879 words) - 15:37, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9435807 (category Article 5(1)(a) GDPR)provided for by Article 83, paragraphs 4 and 5, of the Regulation. 4. ORDER INJUNCTION FOR THE APPLICATION OF THE PECUNIARY ADMINISTRATIVE SANCTION 4.1. Information58 KB (9,448 words) - 15:50, 6 December 2023
- APD/GBA (Belgium) - 08/2019 (category Article 12(4) GDPR)violated Articles 12(3), (4), 13(2)(b), 30(1)(d) and (g) of the GDPR and issued a warning by virtue of Article 58(2)(b) of the GDPR. Due to the anonimisation24 KB (3,843 words) - 16:51, 12 December 2023
- AEPD (Spain) - PS/00446/2021 (category Article 5(1)(c) GDPR)for the alleged violation of article 5.1.c) of the GDPR and article 13 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Once the aforementioned24 KB (3,717 words) - 13:04, 13 December 2023
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)pursuant to Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR)121 KB (20,412 words) - 15:58, 10 March 2022
- NAIH (Hungary) - NAIH-1091-10/2022 (NAIH-6936/2021) (category Article 5(2) GDPR)information pursuant to Article 13 (1) of the GDPR of what is written in paragraph Recital (39) of the GDPR and Article 5 (1) point a) of the GDPR stipulate that69 KB (11,255 words) - 10:08, 17 November 2023
- AEPD (Spain) - PS/00003/2020 (category Article 5(1)(c) GDPR)of Article 5.1.c) of the RGPD, typified in Article 83.5 of the RGPD, a fine of FIVE THOUSAND EUROS (€ 5,000). That, under the provisions of article 5850 KB (7,524 words) - 13:44, 13 December 2023
- AEPD (Spain) - EXP202105669 (category Article 5(1)(f) GDPR)violation of article 5.1.f) of the GDPR, typified in article 83.5 of the GDPR, a warning sanction and for a violation of article 32 of the GDPR, typified45 KB (6,998 words) - 12:58, 13 December 2023
- Court of Appeal of Brussels - 2019/AR/1006 (category Article 16 GDPR)inadmissible rational personae. 5.4. The merits of the appeal to the extent directed against the GBA - the violation of Article 16 GDPR. 5.4.1. The general framework59 KB (9,290 words) - 09:10, 5 May 2024
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)et seq. 13Investigation report, page 29, point 4.4.5.1. 14Investigation report, page 30, point 4.4.5.2.5.1. 15 Statement of Objections, point 18. 16 Statement82 KB (11,472 words) - 16:58, 6 December 2023
- DSB (Austria) - 2021-0.101.211 (category Article 4(15) GDPR)to be qualified as a health data pursuant to Article(4)(15) GDPR and that the scope of protection of Article 9(2) must be taken into account as a standard37 KB (5,745 words) - 13:53, 12 May 2023
- APD/GBA (Belgium) - 136/2023 (category Article 5(1)(f) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- AEPD (Spain) - PS/00279/2020 (category Article 83(5) GDPR)fine of € 5 000 for the violation of Article 6 GDPR and € 4 000 for the violation of article 13, under the power conferred by Article 83(5) GDPR. Share your21 KB (3,123 words) - 14:25, 13 December 2023
- AP (The Netherlands) - 16.06.2020 (category Article 4(12) GDPR)the sense of Article 4, headings under 12, of the GDPR. What should be clear is that a breach is some type of security incident Article 4, headings under54 KB (8,224 words) - 17:07, 12 December 2023
- AEPD (Spain) - EXP202200471 (category Article 5(1)(f) GDPR)the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. According to the national legislation (Article 76(2)(b) LOPDGDDon40 KB (6,014 words) - 13:21, 13 December 2023
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 5(1) GDPR)personal data, approved by resolution no. 98 of 4/4/2019, published in the Official Gazette n. 106 of 8/5/2019 and in www.gpdp.it, doc. web n. 9107633 (hereinafter57 KB (9,144 words) - 15:55, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)criteria laid down by article 83.2 of the GDPR for breach of Articles 5.1.a), 6.1, 12.3 and 4 as well as Article 15.1.b) and c) of the GDPR. As regards the amount76 KB (11,147 words) - 16:58, 6 December 2023
- APD/GBA (Belgium) - 07/2021 (category Article 5(1) GDPR)infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been72 KB (11,208 words) - 16:51, 12 December 2023
- NAIH (Hungary) - NAIH/2020/193/8 (category Article 5(1)(d) GDPR)been deleted by the employer upon request pursuant to Article 16, Article 17 and Article 5(1)(d) GDPR (inaccuracy of personal data). Therefore, the employer58 KB (9,413 words) - 10:11, 17 November 2023
- GDPRhub is a wiki with GDPR-related decisions and knowledge, enabling anyone to find and share GDPR insights across Europe! GDPRhub collects and summarises6 KB (277 words) - 12:46, 10 April 2024
- AEPD (Spain) - PS/00287/2020 (category Article 5(1)(f) GDPR)established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there32 KB (4,837 words) - 14:26, 13 December 2023
- AEPD (Spain) - PS/00071/2020 (category Article 5(1)(a) GDPR)P3120800B, for the alleged violation of article 5.1.b) in relation to article 6.4 of the RGPD, in accordance with article 83.5.a) of the RGPD. SECOND: INITIATE45 KB (7,267 words) - 13:56, 13 December 2023
- LG München - 31 O 16606/20 (category Article 5(1)(f) GDPR)subject pursuant to Article 82(1) GDPR, for a theft of their personal identity and financial data, because it violated Article 32(1) GDPR which led to a data25 KB (4,028 words) - 07:10, 8 February 2022
- Personvernnemnda (Norway) - 2021-03 (category Article 5(1)(a) GDPR)Ordinance Article 6 No. 1 letter f, for failure to assess protests, cf. Article 21, and for lack of information, cf. Article 13. 2. Pursuant to Article 58 (2)25 KB (4,046 words) - 18:37, 5 March 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 4) (category Article 28(3)(a) GDPR)consultation with the DPA as per Article 36 GDPR. The DPA temporarily suspended its processing ban against Helsingor municipality until 5 November 2022, and also25 KB (3,660 words) - 08:42, 14 September 2022
- Garante per la protezione dei dati personali (Italy) - 9861249 (category Article 5(1)(a) GDPR)Giessegi violated Articles 5(1)(a) and 13 GDPR, as it did not provide the data subject with a proper privacy policy. Article 28 GDPR was also infringed, as87 KB (14,104 words) - 15:45, 6 December 2023
- AP (The Netherlands) - 14.01.2022 (category Article 5(1)(c) GDPR)increase or decrease. 4.4 Conclusion The AP sets the total fine at €525,000. 4For the justification, see paragraphs 4.3.1 and 4.3.2. 18/19,Date Unidentified50 KB (7,656 words) - 17:05, 12 December 2023
- AP (The Netherlands) - 25.11.2021 (category Article 5(1)(a) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- Datatilsynet (Norway) - 20/01627 (category Article 4(1) GDPR)cf. Article 5 (2). A basic principle for the processing of personal data is that the processing must take place in a lawful manner, cf. Article 5, paragraph45 KB (6,973 words) - 05:12, 15 September 2022
- APD/GBA (Belgium) - 136/2022 (category Article 4(1) GDPR)right of access (Article 12(4) GDPR). The DPA held that data concerning the vehicle of the complainant is personal data (Article 4(1) GDPR), since the data19 KB (2,700 words) - 08:49, 29 June 2023
- AEPD (Spain) - EXP202309109 (category Article 5(1)(c) GDPR)purposes and means of such activity, by virtue of article 4.7 of the GDPR. For its part, article 5.1.c) of the GDPR regulates the “principles relating to processing”18 KB (2,733 words) - 13:18, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9529527 (category Article 5(1)(f) GDPR)stakeholders did not follow the security principles as per Article 5(1)(f) GDPR (ed.: the decision actually reads 5(2)(f)), highlighting ‘the absence of an assessment55 KB (8,833 words) - 15:54, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3021/452/2017 (category Article 5(1)(a) GDPR) (section Application of Articles 12 and 15 GDPR to call records)(2016/679) Article 5 (1) (a), Article 12 (1), (2) and (6) , Article 13, Article 15 (1) (h), (3) and (4), Article 58 (2) (c) and (d) subparagraphs Article 34 (1)41 KB (6,220 words) - 09:48, 17 November 2023
- AEPD (Spain) - PS/00128/2020 (category Article 4(13) GDPR)with article 4.1 of the RGPD. As for the fingerprint, it is also data that must be qualified. two as biometric data and in accordance with article 4.14 of39 KB (5,912 words) - 14:02, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 7(4) GDPR)time tracking system, due to a lack of compatibility with Article 7(4) and Article 35(9) of GDPR. KEO PLC decided to upgrade its ERP system, whose upgrade56 KB (8,913 words) - 16:52, 6 December 2023
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium42 KB (6,689 words) - 08:30, 21 November 2022
- CNPD (Portugal) - Deliberação 984/2018 (category Article 5(1)(f) GDPR)ofcombined provisions of Articles 5, paragraph 1 to 1. c) and article 5, paragraph 1 al. f) with article83, paragraph 5, al. a), the General Data Protection40 KB (5,935 words) - 16:55, 6 December 2023
- AP (The Netherlands) - 23.09.2021 (category Article 32(1) GDPR)11, report of 5 December 2019, page 23. 16See File 11, report of 5 December 2019, page 25. 17See File 11, report of 5 December 2019, page 4. 18See File 1166 KB (8,861 words) - 17:08, 12 December 2023
- Datatilsynet (Norway) - 20/01896 (category Article 5(2) GDPR)of the fee. 5.5. The amount of the infringement fee In determining the fee, the points in section 5.4 above shall be given weight, cf. Article 83 (2). The28 KB (4,387 words) - 18:58, 5 March 2022
- AEPD (Spain) - E/01090/2021 (category Article 4(9) GDPR)before the Social Court 4 of this city, in dismissal orders *** CARS.1. " The aforementioned order that you attached is dated February 5, 2020 with the claimant17 KB (2,544 words) - 13:39, 13 December 2023
- AEPD (Spain) - PS/00134/2019 (category Article 5(1)(a) GDPR)a violation of article 5.1 a) of the RGPD, ofin accordance with article 83.5 of the RGPD, a fine of APPEARANCE, in accordancewith article 58.2.b) of the26 KB (4,034 words) - 14:04, 13 December 2023
- AEPD (Spain) - PS/00200/2019 (category Article 5(1)(f) GDPR)Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 4 4/5The LOPDGDD states in its article 5:" 1. Those responsible and in charge of data processing14 KB (2,163 words) - 14:10, 13 December 2023
- AEPD (Spain) - PS/00483/2020 (category Article 5(1)(f) GDPR)established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there32 KB (4,834 words) - 14:43, 13 December 2023
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a decision107 KB (17,697 words) - 16:52, 12 December 2023
- AEPD (Spain) - PS/00335/2020 (category Article 5(1)(f) GDPR)protocols. This therefore breached Article 5(1)(f) GDPR and Article 32 GDPR. The initial sanction for infringing Article 5(1)(f) was a fine of €5000 and the34 KB (5,427 words) - 14:30, 13 December 2023
- AEPD (Spain) - EXP202104917 (category Article 4(11) GDPR)valid consent under Article 4(11) GDPR and Article 6(1) LOPDGDD (National data protection law aimed at the implementation of the GDPR). In both articles27 KB (4,356 words) - 12:41, 13 December 2023
- Datatilsynet (Norway) - 20/02172 (category Article 6(1)(f) GDPR)under Article 6(1)(f) GDPR. The DPA also requires that the company implement internal controls of their credit rating process as per Article 24 GDPR. The28 KB (4,155 words) - 18:57, 5 March 2022
- AEPD (Spain) - EXP202100639 (category Article 5(1)(c) GDPR)alleged infringement of article 5.1.c) of the RGPD and article 13 of the RGPD, typified in Article 83.5 a) and b) of the GDPR. FIFTH: On 12/17/2021 the32 KB (4,945 words) - 13:25, 13 December 2023
- AG Pankow - 4 C 199/21 (category Article 15 GDPR)according to Article 82 GDPR. The District Court rejected the claim of the data subject. It held that the controller did not violate Article 15(1) GDPR. It found17 KB (2,569 words) - 07:15, 17 May 2022
- DPC (Ireland) - IN-21-3-1 (category Article 4 GDPR)controller had infringed Article 6(1) GDPR, in addition to violating the principle of data minimisation in Article 5(1)(c) GDPR. Concerning the second issue20 KB (3,069 words) - 18:48, 24 January 2023
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 5(1)(f) GDPR)accuracy of the data processed (Article 5, paragraph 1, letter d) of the Regulation), nor in terms of safety and integrity (Article 5, paragraph 1, letter f) of50 KB (8,001 words) - 15:52, 6 December 2023
- AEPD (Spain) - PS/00272/2019 (category Article 5(1)(c) GDPR)with the GDPR. Especially, if the installation of surveillance camera is contrary to the data minimisation principle, under Article 5(1)(c) GDPR. First,22 KB (3,438 words) - 14:24, 13 December 2023
- AEPD (Spain) - PS/00239/2022 (category Article 15 GDPR)violation of Article 15 of the GDPR, typified in Article 83.5 of the GDPR, as well as for the alleged infringement of Article 17 of the GDPR, typified in60 KB (9,630 words) - 12:34, 13 December 2023
- Datatilsynet (Norway) - 21/00480 (category Article 5(1)(f) GDPR)fined a municipality €409,768 (NOK 4,000,000) for breaches of Article 5(1)(f) GDPR, Article 24 GDPR and Article 32 GDPR after a serious ransomware attack31 KB (4,380 words) - 06:12, 14 March 2023
- Commissioner (Cyprus) - 11.17.001.010.007 (category Article 5(1)(c) GDPR)intention to infringe either article 5(1)( c) or article 34(1) of the GDPR. Legal framework 8.1. Pursuant to Article 5(1)(c) of the GDPR “Personal Data shall be:20 KB (3,082 words) - 13:42, 31 January 2024
- AEPD (Spain) - PS/00430/2020 (category Article 4(11) GDPR)his/her consent. The DPA first outlined Article 6(1)(a) and (b) GDPR, Articles 4(11) GDPR on consent, as well as Article 6 of the Spanish Data Protection Law31 KB (4,738 words) - 14:39, 13 December 2023
- GHAL - 200.186.790/01 (category Article 6(1)(b) GDPR)terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The50 KB (8,219 words) - 12:42, 4 March 2022
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- APD/GBA (Belgium) - 24/2021 (category Article 6 GDPR)and transparency (Article 5.1 a) GDPR), purpose limitation (Article 5.1 b) GDPR) and minimum data processing (Article 5.1 c) GDPR); 4) the legal basis for110 KB (18,238 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00104/2020 (category Article 5(1)(f) GDPR)defendant is defined in Articles 83.4.a) and 83.4.b) respectively. 83.5.a) of the RGPD, precepts that they establish: Article 83.4: "Violations of the following36 KB (6,022 words) - 13:59, 13 December 2023
- AEPD (Spain) - TD/00129/2020 (category Article 4(1) GDPR)recording is "processing" of "personal data" within the meaning of Article 4(1) and 4(2) GDPR. Therefore, the data subject has the right to request access to22 KB (3,422 words) - 14:50, 13 December 2023
- Rb. Noord-Holland - C/15/311101 / HA RK 20-227 (category Article 17(1) GDPR)reluctant to minimize data. 4.4. The municipality takes the position that Article 17 paragraph 3 under b AVG in conjunction with Article 7.3.8 paragraph 3 Youth22 KB (3,333 words) - 13:22, 2 June 2021
- AEPD (Spain) - PS/00439/2019 (category Article 5(1)(c) GDPR)Spanish City Council with a warning of an infringement of Article 5(1)(c) pursuant to Article 83(5) over installed surveillance cameras in the City Hall.21 KB (2,946 words) - 14:40, 13 December 2023
- Digitaliseringsstyrelsen - Decision against Google of 30 October 2023 (category Article 4(11) GDPR)definition of the concept of consent in the data protection regulation article 4, No. 11. Article 4 of the Data Protection Regulation, no. 11 states that consent52 KB (8,025 words) - 05:01, 23 November 2023
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2020-056 (category Article 5(1)(d) GDPR)down in Article 28 of the GDPR. The Commission wonders about such a qualification in the light of the definition of a subcontractor given in Article 4.8 of43 KB (6,847 words) - 17:11, 6 December 2023
- AEPD (Spain) - PS/00201/2019 (category Article 4(1) GDPR)data had taken place, meaning GDPR obligations did not apply. Are these magnetic cards personal data within Article 4(1) GDPR? If so, did the MCP infringe54 KB (9,019 words) - 14:10, 13 December 2023
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)information obligation provided for a / 'article 14, §5, (c) of the GDPR. (...) Pursuant to article 14, §5, (c) of the GDPR, the responsibility for processing72 KB (11,389 words) - 08:59, 20 August 2021
- Rb. Rotterdam - 9436020 \ CV EXPL 21-30289 (category Article 4(2) GDPR)data is a form of processing as referred to in the GDPR (article 4 sub 2 GDPR). Article 6 of the GDPR provides that the processing of personal data is only19 KB (2,828 words) - 10:09, 18 March 2022
- Datatilsynet (Norway) - 20/02225 (category Article 5(2) GDPR)dissuasive" as per Article 83(1). In addition to a breach of Article 6(1)(f), the lack of organisational measures pursuant to Article 5(2) was weighted when45 KB (7,286 words) - 18:55, 5 March 2022
- AEPD (Spain) - EXP202104875 (category Article 5(1)(f) GDPR)of the article 5.1.f) of the RGPD, infringement typified in its article 83.5.a) of the aforementioned regulation. IV. Article 83.5 a) of the GDPR, considers54 KB (8,451 words) - 13:35, 13 December 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)Contents 1.Introduction 4 1.1Background 4 1.2Target research 5 1.3Visa ProcessforSchengen Short Stay Visa 5 1.4 Legal framework 8 1.5Process flow 8 2.Findings179 KB (22,957 words) - 17:07, 12 December 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)year 2005-2006, 29 708, no. 19 (p. 523) Article 4:32 The obligation from this article is taken over from Article 52 of the Wfd. Under Section 14(2) of the91 KB (15,371 words) - 15:11, 5 October 2021
- AEPD (Spain) - PS/00280/2022 (category Article 5(1)(f) GDPR)LPACAP), for the alleged infringement of article 5.1.f) of the RGPD and article 32 of the RGPD, typified in article 83.5 of the RGPD. EIGHTH: Notification of30 KB (4,551 words) - 11:51, 9 February 2023
- HDPA (Greece) - 12/2022 (category Article 5(1)(a) GDPR)lawfulness, fairness and transparency under Article 5(1)(a) GDPR, and the principle of accountability under Article 5(2) GDPR. Additionally, the HDPA held that the46 KB (7,390 words) - 08:07, 1 April 2022
- Tietosuojavaltuutetun toimisto (Finland) - TSV/29/2020 (category Article 5(1)(c) GDPR)violated Article 5(1)(c) GDPR, Article 25(2) GDPR and Section 29(4) of the Finnish Data Protection Act. As a result, and in accordance with Article 58(2)(d)25 KB (3,651 words) - 09:37, 3 April 2024
- AEPD (Spain) - PS/00075/2020 (category Article 83(5)(a) GDPR)respondent: a) for the alleged infringement of Article 6.1.a) of the GDPR, sanctioned in accordance with the Article 83.5.a) of the aforementioned RGPD and, b)31 KB (4,909 words) - 13:56, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 5(1) GDPR)power conferred by Article 58(2)(d) and (f) and Article 83(3) and (5) GDPR, imposed to Fastweb multiple corrective measures and a fine of € 4.501.868. Share131 KB (21,014 words) - 15:55, 6 December 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)agreements Article 12 (1) of the GDPR 17 IV.5. Legal consequences (72) The Authority finds that the Client has infringed Article 5 (1) (c) GDPR, Article 6 Article72 KB (11,159 words) - 10:09, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9685922 (category Article 5(1)(f) GDPR)processing carried out is in violation of Article 5(1)(f) GDPR, Article 25(1) GDPR, Article 32 GDPR and Article 35 GDPR. Especially, the controller cannot exclude119 KB (19,123 words) - 11:29, 16 August 2022
- AEPD (Spain) - PS/00183/2022 (category Article 5(1)(d) GDPR)of rectification of Article 16 GDPR and Article 14 of LOPDGDD, the national data protection law, the DPA stated that Article 12(4) LOPDGDD obliges the63 KB (10,203 words) - 13:01, 13 December 2023
- AEPD (Spain) - PS/00422/2018 (category Article 5(1)(f) GDPR)RETAIL S.L. for alleged infringement of Article 5.1 f) of the GDPR, in accordance with Article 83.5.a) of the GDPR- Initiate sanctioning procedure against25 KB (3,933 words) - 14:37, 13 December 2023
- AEPD (Spain) - PS/00436/2019 (category Article 83(5) GDPR)LPACAP), for the alleged infringement of Article 58. 1 of the RGPD, typified in Article 83.5 of the RGPD. 2/5 SIXTH: The aforementioned agreement to commence14 KB (2,123 words) - 14:40, 13 December 2023
- UODO (Poland) - DKN.5131.5.2020 (category Article 83(4)(a) GDPR)subjects, according to Article 33(1) GDPR and Article 34(1) GDPR? The PUODO held that the insurance company infringed the GDPR provisions, failing to notify47 KB (7,608 words) - 10:00, 17 November 2023
- APDCAT (Catalonia) - PS 49/2019 (category Article 5(1)(a) GDPR)provided for in Article 83.5.b) in relation to Article 13; and third, an infringement provided for in Article 83.4.a) in relation to Article 28 all of them38 KB (5,760 words) - 08:26, 8 September 2021
- APD/GBA (Belgium) - XX/2021 (category Article 60 GDPR)personal data under Article 17 GDPR. On 21 September 2021, the controller confirmed the deletion, as required by Article 12(3) and (4) GDPR. However, the complainant17 KB (2,189 words) - 12:34, 3 August 2022
- APD/GBA (Belgium) - 73/2020 (category Article 5 GDPR)Pursuant to Article 37(5) GDPR, the DPO should be designated, inter alia, on the basis of their in data protection law and practice. Article 37(7) GDPR provides93 KB (14,040 words) - 17:00, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)(infringement of Article 24 and 5.2 GDPR)Second vemreermiddel: the request of the complainant 's request for erasure in themeaning of Article 17 GDPR; third party67 KB (10,544 words) - 09:24, 10 September 2021
- AEPD (Spain) - PS/00449/2019 (category Article 5(1)(b) GDPR)with NIF G08564379, an infringement of article 5.1.b) GDPR, typified in Article 83.5 GDPR, in relation to Article 72.1 a) of the LOPDGDD, a fine of 500019 KB (2,862 words) - 14:43, 13 December 2023
- AEPD (Spain) - PS/00129/2022 (category Article 83(5) GDPR)violation of article 5.1.f) of Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter RGPD), typified in the article 83.5 of the RGPD22 KB (3,420 words) - 12:59, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 4 GDPR)accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently144 KB (23,155 words) - 15:46, 6 December 2023
- TGI Paris - N° 14/07224 (category Article 5(1)(d) GDPR)- of article L.121-20-3 of the Consumer Code in its wording prior to the law of March 17, 2014 for all contracts, - of article R.132-1 / 4 ° & 5 ° of the392 KB (67,730 words) - 15:27, 17 March 2022
- AEPD (Spain) - PS/00058/2020 (category Article 5(1)(f) GDPR)for the alleged violation of article 5.1f) of the RGPD in relation to the Article 5 of the LOPDGDD, typified in article 83.5 a) of the RGPD. C / Jorge Juan28 KB (4,619 words) - 13:53, 13 December 2023
- AEPD (Spain) - EXP202103746 (category Article 5(1)(c) GDPR)violation of data minimisation, Article 5(1)(c) GDPR. No fines can be imposed against the controller and Article 83(5) GDPR can therefore not be imposed.16 KB (2,041 words) - 13:34, 13 December 2023
- CNIL (France) - SAN-2020-018 (category Article 12(4) GDPR) (section Violation of the obligation to gather consent as prescribed by Article L. 34-5 of the Postal and Electronic Communication law:)to the criteria laid down by Article 83 paragraph 2 of the GDPR. With regard to the breach of Article L. 34-5 of the GDPR, the restricted committee considers69 KB (11,007 words) - 17:10, 6 December 2023
- CNPD (Luxembourg) - Délibération n°37FR/2021 (category Article 37(7) GDPR)Protection Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned26 KB (3,862 words) - 17:41, 25 June 2022
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)Internal Rules and Article 93 of the LCA, concerning morespecifically the articulation between article 15.4 of the GDPR and recital 63 of the GDPR, as well asbalancing85 KB (13,724 words) - 16:52, 12 December 2023
- AEPD (Spain) - PS/00139/2020 (category Article 5(1)(a) GDPR)violation of Article 5(1)(d) of the GPRS, in relation to Article 4(1) of the LOPDGDD, which governs the principle of accuracy of personal data. IV Article 72.120 KB (3,086 words) - 14:04, 13 December 2023
- Datatilsynet (Norway) - 20/01626 (category Article 5(1)(a) GDPR)processing as per Article 5(1)(b), nor legal grounds as per Article 6. In sum, the DPA found that NIF had breached Article 5(1)(a), (c) and (f), Article 6, and Article50 KB (8,081 words) - 18:52, 5 March 2022
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)Authority. II.5.2. Established infringement of Article 5(1)(a) j° Article 6(1)(f) and Article 12(2) GDPR in conjunction with Article 17 (1) GDPR. II.5.2.1. Administrative77 KB (11,604 words) - 08:55, 29 June 2023
- AEPD (Spain) - PS/00197/2020 (category Article 5(1)(b) GDPR)Articles 6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the Spanish129 KB (21,793 words) - 14:09, 13 December 2023
- AEPD (Spain) - EXP202209175 (category Article 13 GDPR)party, for the alleged violation of Article 5.1.c) of the RGPD and Article 13 of the RGPD, typified in Article 83.5 of the RGPD. C/ Jorge Juan, 6 www.aepd17 KB (2,368 words) - 13:28, 13 December 2023
- AEPD (Spain) - PS/00048/2021 (category Article 5 GDPR)Articles 5 and 6 GDPR? The AEPD held that publishing personal data on Twitter without the consent of the claimant is a violation of Article 6 GDPR, due to17 KB (2,458 words) - 13:51, 13 December 2023
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)DPA under Article 100 § 1, 6, 10 and 12 of the LCA. The complainant y also denounces a breach of Article 5.1. c) and Article 5.1. e) of the GDPR. 18. The73 KB (11,604 words) - 16:57, 12 December 2023
- AP (The Netherlands) - 4.02.2021 (category Article 8 GDPR)which the factors mentioned in article 7 give rise to this. Article7.Relevant factors Without prejudice to articles 3:4 and 5:46 of the General Law, administrative57 KB (8,053 words) - 17:07, 12 December 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 5(1)(e) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- Gerechtshof Amsterdam - 200.251.466/01 (category Article 21 GDPR)request under Article 21 GDPR can be made at any time and several times. It also found that a provisional measure can be granted under Article 21 GDPR if an urgent19 KB (3,021 words) - 15:48, 15 March 2022
- CE - N° 433311 (category Article 5(1)(e) GDPR)company for faulty website security (article 32 GDPR) and violation of the storage limitation principle (article 5(1)(e) GDPR). After a complaint in 2018, the18 KB (2,677 words) - 09:50, 10 September 2021
- Persónuvernd (Island) - 2022020363 (category Article 5 GDPR)and thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing142 KB (22,881 words) - 12:42, 16 January 2024
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)with Article 4 WOG. 17. First, it is clear that the content of the disputed e-mail messages constitute personal data within the meaning of Article 4.1. AVG39 KB (6,247 words) - 09:14, 15 November 2023
- Garante per la protezione dei dati personali (Italy) - 9440075 (category Article 5(1)(a) GDPR)with art. 5 and 6 of the GDPR? The DPA held that Regione Campania violated art 5(1)(a)(c), art. 6(1)(c)(e), art. 6(2) and art. 6(3)(b) GDPR, and concluded27 KB (4,339 words) - 15:50, 6 December 2023
- AEPD (Spain) - PS/00262/2020 (category Article 5(2) GDPR)(hereinafter, LPACAP), for the alleged violation of Article 6.1 of the RGPD, typified in Article 83.5 a) of the RGPD. FOURTH: Once the aforementioned commencement22 KB (3,293 words) - 14:23, 13 December 2023
- AEPD (Spain) - PS/00028/2022 (category Article 5(1)(f) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned start-up58 KB (9,301 words) - 12:39, 13 December 2023
- UODO (Poland) - ZSPR.421.3.2018 (category Article 4(1) GDPR)pursuant to this Article in respect of the infringement of this Regulation referred to in paragraphs 4, 5 and 6 of the above Article shall in each individual52 KB (8,444 words) - 10:01, 17 November 2023