Search results
From GDPRhub
- in Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- Article 2 GDPR (category GDPR Articles)elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Article 97 GDPR (category Article 97 GDPR)years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the16 KB (778 words) - 08:24, 19 October 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- Articles 4(11), 6(1)(a), 7 and 8 GDPR. For the definition of 'consent', see the more commentary under Article 6(1)(a) GDPR and Article 7 GDPR. For the definition125 KB (16,328 words) - 16:01, 8 March 2024
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 32 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- Article 46 GDPR (category GDPR Articles) (section (b) Binding corporate rules in accordance with Article 47)access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 49 GDPR (category GDPR Articles)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)organisation), Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats17 KB (1,096 words) - 08:19, 19 October 2023
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))consent under Article 7(3), object under Article 21 GDPR or if the processing is in fact compliant with the principles of Article 5(1) GDPR. Simply listing71 KB (9,532 words) - 13:30, 6 March 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 59 GDPR (category GDPR Articles)DS-GVO BDSG, Article 59 GDPR, margin number 7 (C.H. Beck 2020, 3rd Edition). See Ziebarth, in Sydow, Marsch, DS-GVO/BDSG, Article 59 GDPR, margin numbers15 KB (718 words) - 15:31, 19 October 2023
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)proportionate (Article 7 and 8 EU Charter of Fundamental Rights) and in compliance with Article 6(2) and (3) GDPR. According to Article 6(3) GDPR, the legal108 KB (17,005 words) - 15:39, 18 March 2024
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 75 GDPR (category Article 75 GDPR)Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 38 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 70 GDPR (category Article 70 GDPR)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- Article 52 GDPR (category GDPR Articles)this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- Article 5 GDPR (category GDPR Articles)consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 47 GDPR (category GDPR Articles)Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p29 KB (2,823 words) - 15:15, 28 April 2022
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- Article 26 GDPR (category GDPR Articles)related decisions in Category:Article 26 GDPR Petri, in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 26 GDPR, margin number 12 (C.H. Beck37 KB (3,915 words) - 12:49, 24 May 2023
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- Article 7 GDPR (category GDPR Articles)Regulation (GDPR), Article 7 GDPR, p. 350 (Oxford University Press 2020). Heckmann, Paschke, in Ehmann, Selmayr, Datenschutz-Grundverordnung, Article 7 GDPR, margin31 KB (3,489 words) - 16:00, 8 March 2024
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 74 GDPR (category Article 74 GDPR)Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C.H. Beck15 KB (808 words) - 09:44, 17 October 2023
- Article 54 GDPR (category GDPR Articles)enforcement of the GDPR. For more information regarding the establishment of SAs, please refer to Article 51(1) GDPR and Article 52 GDPR in this Commentary34 KB (3,649 words) - 13:19, 30 October 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 43 GDPR (category GDPR Articles) (section (6-7) Criteria for certification to be made public)Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- Article 76 GDPR (category Article 76 GDPR)Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p.15 KB (787 words) - 08:17, 19 October 2023
- Article 8 GDPR (category GDPR Articles)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 67 GDPR (category Article 67 GDPR)Commission (covering Articles 64 to 66 GDPR). For the purposes of the pilot project, the SAs referred to in Article 51 GDPR and the EDPB shall be considered15 KB (810 words) - 16:13, 2 November 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 19 GDPR (category GDPR Articles)States. → See Article 23 GDPR. → You can find all related decisions in Category:Article 19 GDPR. The obligation to notify under Article 19 should not be19 KB (1,436 words) - 12:35, 12 May 2023
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- Article 66 GDPR (category Article 66 GDPR)month to a request for mutual assistance (Article 61(8) GDPR) or to a request of joint operations (Article 62(7) GDPR). On 12 July 2021, the EDPB adopted an20 KB (1,590 words) - 16:11, 2 November 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Article 64 GDPR (category Article 64 GDPR)64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- Article 25 GDPR (category GDPR Articles)affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- meaning of Article 4(7) and (8) GDPR can be liable for compensation. A claim for damages first requires an infringement of the GDPR. Article 82 GDPR does not33 KB (4,215 words) - 09:57, 19 March 2024
- and, as a rule, acknowledged electronically (Article 61(7) GDPR) and free of charge (Article 61(7) GDPR). Finally, where the requested activity is not24 KB (2,181 words) - 11:46, 15 January 2024
- Article 69 GDPR (category Article 69 GDPR)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- Article 71 GDPR (category Article 71 GDPR)practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Member State in relation to damage referred to in Article 62(4) GDPR. According to Article 62(7) GDPR, if the lead SA does not invite the SA to take part22 KB (1,915 words) - 13:46, 15 January 2024
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Category:Article 11 GDPR Georgieva, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 11 GDPR, p. 39520 KB (1,854 words) - 16:32, 8 March 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- Article 68 GDPR (category Article 68 GDPR)decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 16 GDPR (category GDPR Articles)requirements of Article 5(1)(d) GDPR are not complied with. In such cases, there is no need to exercise the rights under Article 16 GDPR - but also no harm23 KB (2,489 words) - 23:24, 6 March 2024
- Article 90 GDPR (category Article 90 GDPR)Belisario, GDPR e normativa privacy – Commentario, Article 90 GDPR, p. 662 (Wolters Kluwer 2018). Piltz in Gola DS-GVO, Article 90 GDPR, margin numbers 6-7 (C18 KB (1,599 words) - 12:26, 29 April 2022
- Article 73 GDPR (category Article 73 GDPR)simple majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple19 KB (1,530 words) - 14:23, 12 October 2023
- Article 42 GDPR (category GDPR Articles) (section (7-8) What processing operations can be certified under the GDPR)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- CJEU - C-311/18 - Schrems II (category Article 45 GDPR)under Article 57(1)(f) of the GDPR, each supervisory authority is required on its territory to handle complaints which, in accordance with Article 77(1)12 KB (1,780 words) - 17:22, 10 March 2022
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A19 KB (1,525 words) - 08:18, 19 October 2023
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- Article 72 GDPR (category Article 72 GDPR)within the meaning of Article 72(1) GDPR. The GDPR does not contain detailed content requirements for the RoP. Article 74(2) GDPR only stipulates that the22 KB (2,266 words) - 08:26, 17 October 2023
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- Article 36 GDPR (category GDPR Articles)processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e)31 KB (3,646 words) - 08:51, 21 July 2023
- Article 34 GDPR (category GDPR Articles)meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- pursuant to Article 77 GDPR. Lastly, the NPO may file a legal remedy under Article 79 GDPR against a controller or processor regarding a GDPR infringement26 KB (2,575 words) - 15:50, 9 November 2023
- Article 1 GDPR (category GDPR Articles)limit the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- in Article 63 GDPR. Article 35(7) GDPR sets out a list of minimum requirements which shall be dealt with in the DPIA. To begin with, under Article 35(7)(a)52 KB (7,297 words) - 08:05, 18 July 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)controller (as defined under Article 4(7) GDPR) and a processor (as defined under Article 4(8) GDPR). As noted above, Article 79 GDPR imposes a two-stage cumulative31 KB (3,550 words) - 11:11, 29 November 2023
- Article 30 GDPR (category GDPR Articles)requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 78 GDPR (category GDPR Articles)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- Article 22 GDPR (category GDPR Articles)and interpretation as in Article 22(3) GDPR. → You can find all related decisions in Category:Article 22 GDPR Article 20 of GDPR proposal, COM(2012) 11 final31 KB (4,768 words) - 06:24, 16 June 2023
- Article 33 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 33 GDPR, p. 642-643 (Oxford University Press 2020). According to Bensoussan, the drafting of Article 33 GDPR drew inspiration54 KB (6,536 words) - 08:22, 16 June 2023
- Article 65 GDPR (category GDPR Articles)lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 6 (available here). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’37 KB (4,635 words) - 13:29, 24 October 2023
- Article 55 GDPR (category GDPR Articles)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)of conduct complies with the GDPR, as per Article 40(7) GDPR. According to the terminology of Articles 40(7) and 40(8) GDPR, the EDPB’s opinion should identify44 KB (5,008 words) - 14:50, 28 July 2023
- Article 41 GDPR (category GDPR Articles)clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)contrast to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not32 KB (3,730 words) - 08:43, 7 March 2024
- Article 53 GDPR (category GDPR Articles)the SAs' tasks, please refer to Article 57 GDPR and for their powers please refer to Article 58 GDPR. See Recital 122 GDPR. In this respect, reference should29 KB (2,894 words) - 23:06, 1 April 2024
- Article 88 GDPR (category Article 88 GDPR)opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- Article 89 GDPR (category Article 89 GDPR)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Overview of GDPR (section Article 7 CFR)of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- Article 20 GDPR (category GDPR Articles)consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- Recitals GDPR (section Recitals from the GDPR)Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and delivered an opinion on 7 March 2012 (17). Recital 173: This Regulation182 KB (24,065 words) - 13:40, 9 July 2021
- DSB (Austria) - 2021-0.586.257 (category Article 4(7) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- one of the 'other administrative or non-judicial' remedies, which Article 78(2) GDPR refers to. If the DPA decides to uphold their decision, they will10 KB (1,078 words) - 06:40, 26 March 2023
- LG Köln - 33 O 376/22 (category Article 45 GDPR)protection within the meaning of Article 45 of the GDPR and without appropriate safeguards within the meaning of Article 46 of the GDPR. Furthermore, the plaintiff66 KB (9,990 words) - 12:30, 29 January 2024
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data113 KB (12,773 words) - 15:20, 6 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)(Articles 12 and 14 of the GDPR) - a breach of her right of access (article 15 of the GDPR) - a breach of Article 28 of the GDPR with regard to the quality127 KB (21,484 words) - 17:01, 12 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)data, as provided for in Article 5 of the Regulation, is characterized. III. on sanctions and publicity 53. Article 45-III 7° of the law of January 6,41 KB (6,558 words) - 17:09, 6 December 2023
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)that the controller had not violated Article 45 GDPR nor any of the subsequent Articles from Chapter V of the GDPR. The AEPD took into account that the44 KB (6,642 words) - 10:34, 13 December 2023
- HDPA (Greece) - 20/2020 (category Article 45 GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data121 KB (13,722 words) - 15:16, 5 July 2023
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data115 KB (12,842 words) - 08:38, 5 July 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)be established on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data131 KB (14,752 words) - 08:36, 5 July 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)data according to Art. 45 GDPR does not exist. Since there is no adequacy decision according to Art. 45 Para. 3 GDPR, Art. 46 GDPR further admissibility158 KB (26,392 words) - 08:25, 7 June 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(1)(a) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- 2018-1125 of 12 December 2018. The age of consent is 15 years following Article 45 of the Law "Informatique et Libertés". The interplay between the right10 KB (1,108 words) - 09:37, 29 September 2021
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)compliant with Articles 5 and 6 GDPR. According to Article 6 GDPR, when a controller did not rely on consent (Article 6(1)(a) GDPR), its processing should be49 KB (7,800 words) - 09:22, 5 January 2024
- OLG Koln - 15 U 45/23 (category Article 16 GDPR)database. The request for erasure under Article 17(1) GDPR is not applicable, because under Article 17(3)(e) GDPR, the processing was necessary for the defence26 KB (4,187 words) - 14:46, 8 May 2024
- CNIL (France) - Google Analytics (no case number) (category Article 4(7) GDPR)be personal data per Article 4 GDPR. The CNIL then assessed whether the transfers of the data to the US comply with Article 44 GDPR. It considered whether40 KB (5,904 words) - 16:51, 24 February 2022
- CJEU - C-601/20 - SOVIM (category Article 45 GDPR)guaranteed by Article 7 of the Charter and the right to protection of personal data guaranteed by Article 8 of the Charter? Question 3 1. Is Article 5(1)(a)9 KB (1,176 words) - 13:29, 5 January 2024
- entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 651 KB (8,215 words) - 09:55, 13 May 2022
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- Council of State - 251.378 (category Article 45 GDPR)ruling and the GDPR; breach of Article 28 GDPR (the choice of a the processor does not provide sufficient guarantees); breach of Article 32 GDPR (lack of appropriate40 KB (6,324 words) - 15:34, 1 September 2021
- CNIL (France) - SAN-2019-001 (category Article 7 GDPR)comprehensible character, within the meaning of Article 12 of the GDPR, of the information provided for in Article 13 of the Regulation must be assessed. The90 KB (14,556 words) - 17:08, 6 December 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing of data relating31 KB (4,648 words) - 13:56, 12 May 2023
- BVwG - W258 2227269-1/14E (category Article 4(7) GDPR)violating Article 5(1) GDPR Article 6 (1) GDPR Article 6(4) GDPR Article 9 GDPR Article 14 GDPR Article 30 GDPR Article 35 GDPR and Article 36 GDPR. The fine47 KB (7,345 words) - 09:41, 10 September 2021
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- AEPD (Spain) - PS/00050/2020 (category Article 5(1)(a) GDPR)restaurant owner lawful in line of Article 5(1)(a) GDPR? The Spanish DPA concluded that there has been a breach of Article 5(1)(a) GDPR because the uploading of31 KB (5,083 words) - 13:51, 13 December 2023
- AEPD (Spain) - PS/00024/2019 (category Article 5(1)(f) GDPR)the principle of confidentiality, namely Article 5(1)(f) GDPR, and thus, it did not comply with Article 5(2) GDPR referred as the principle of "proactive53 KB (8,593 words) - 13:47, 13 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)conjunction with Article 56(5), read in conjunction with Article 56(6), read in conjunction with Article 56(7), read in conjunction with Article 56(8). in conjunction131 KB (22,429 words) - 16:57, 12 December 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- Norges Høyesterett - 2021-2403-A (category Article 7 GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- AEPD (Spain) - PS/00257/2020 (category Article 37 GDPR)for more than two years after the entry into force of the GDPR. This breached Article 37 GDPR. Ayuntamiento de Arroyomolinos was found lacking a Data Protection18 KB (2,737 words) - 14:23, 13 December 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- CE - N° 433311 (category Article 5(1)(e) GDPR)company for faulty website security (article 32 GDPR) and violation of the storage limitation principle (article 5(1)(e) GDPR). After a complaint in 2018, the18 KB (2,677 words) - 09:50, 10 September 2021
- AEPD (Spain) - TD/00071/2020 (category Article 17 GDPR)6www.aepd.es28001 - Madridsedeagpd.gob.es Page 4 4/7with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and this is notbased on19 KB (2,948 words) - 14:50, 13 December 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)subject’ (recital 45 of the preamble to the GDPR). (P. 85) (…) The basis of processing data, referred to in Article 6(1)(c) of the GDPR, is the processing91 KB (15,371 words) - 15:11, 5 October 2021
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 4(11) GDPR)like this: 123.45.67.89 - 25/Mar/2003 10:15:32 - http://www.google.com/search?q=cars - Firefox 1.0.7; Windows NT 5.1 - 740674ce2123e969 123.45.67.89 is the65 KB (9,767 words) - 16:22, 6 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- Datatilsynet (Norway) - 20/01949 (category Article 5 GDPR)transparency, cf. Article 5(1)(a), and accuracy, cf. Article (5)(1)(d), they hadn't recorded the processing activity as required in Article 30, hadn't conducted49 KB (7,572 words) - 16:14, 6 December 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)(definition) Article 4.5 : Pseudonymization (definition) Article 4.6 : Filing system (definition) Article 4.7 : Controller (definition) Article 4.8 : Processor9 KB (1,251 words) - 12:15, 8 May 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)enshrined in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not270 KB (43,335 words) - 12:39, 13 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)not completely determined by it. This already follows from Article 1.3, Article 20.3 and Article 93.1 No. 4a of the Basic Law. According to these, the commitment133 KB (21,944 words) - 15:59, 22 March 2022
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 7 GDPR)administrative fine for the infringement of Article 6(1) or Article 6(1)(b) GDPR meet the requirements of Article 4(24) GDPR. 504. The EDPB decides that the relevant53 KB (8,413 words) - 14:10, 30 January 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- APD/GBA (Belgium) - 36/2021 (category Article 83(7) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)processed on the basis of Article 6(1)(c) GDPR does not have the rights to erasure and objection contained in Article 17 and Article 21 GDPR respectively. This29 KB (4,605 words) - 17:00, 15 December 2021
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)the data protection claims from the GDPR is passively legitimate (Art. 15 Para. 1 GDPR). According to Art. 4 No. 7 GDPR, this is the natural or legal person97 KB (16,519 words) - 09:57, 22 February 2023
- APD/GBA (Belgium) - 24/2021 (category Article 7(1) GDPR)especially: 1) Violation of article 4.11 GDPR read in conjunction with article 6.1 a) GDPR as well Articles 7.1 and 7.3 GDPR: the Inspection Service determines110 KB (18,238 words) - 16:56, 12 December 2023
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)Profileing (definition) Article 4.5: Aliasing (definition) Article 4.6: Archiving system (definition) Article 4.7: Processor (definition) Article 4.8: Executor (definition)9 KB (1,168 words) - 15:30, 6 December 2023
- AZOP (Croatia) - Decision 05-07-2021 (category Article 32(1)(b) GDPR)activities further violated Article 32(1)(b) and (d) GDPR. Accordingly, the DPA, in accordance with its powers under Article 58 (2) GDPR, imposed an administrative5 KB (599 words) - 15:38, 30 October 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 7 GDPR)imposed pursuant toArticle83 GDPR 55. 45. The FR SA notes that reversing the findings concerning the infringements of Article 6(1) GDPR also affects the468 KB (51,340 words) - 14:10, 30 January 2023
- DSB (Austria) - 2022-0.332.606 (category Article 2(2)(c) GDPR)case fell under the household exception found in Article 2(2)(c) GDPR. According to this provision, the GDPR does not apply to the processing of personal data21 KB (3,166 words) - 13:43, 12 May 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)Court found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw32 KB (5,236 words) - 16:00, 10 March 2022
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)force of the GDPR, the controller also sent him a separate revocation letter referring to the operational reasons under Article 38(3) GDPR, second sentence40 KB (6,019 words) - 14:13, 28 November 2023
- AEPD (Spain) - PS/00291/2019 (category Article 6(1)(a) GDPR)unlawful processing data from a public registry without a legal basis under Article 6 GDPR. A citizen filled a complaint with the AEPD regarding the unlawful processing33 KB (5,396 words) - 14:26, 13 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)that a controller is allowed to reject a request to access under Article 12(5)(b) GDPR as "excessive" if the request's sole purpose is to verify the validity40 KB (6,325 words) - 16:12, 18 May 2022
- Tietosuojavaltuutetun toimisto (Finland) - 1198/161/2022 (category Article 9(2)(a) GDPR)within the meaning of Article 4(15) GDPR and Article 9(1) GDPR. Processing of sensitive data requires a legal basis under Article 9(2) GDPR. In the present case13 KB (1,847 words) - 15:52, 11 December 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)out in Article 6 (1) of the GDPR In addition, there is a circumstance within the meaning of Article 9 (2) of the GDPR. (45) Article 9 (2) of the GDPR does72 KB (11,159 words) - 10:09, 17 November 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 28(7) GDPR)conjunction with article 3.º, n.º 2 of article 4.º, and line b) of n.º 1 of article 6.º, all of Law n.º 58/2019, of August 8 (LERGPD). 7. It should also163 KB (27,222 words) - 16:54, 6 December 2023
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 90. In addition, a controller102 KB (15,787 words) - 07:39, 6 September 2023
- HDPA (Greece) - 57/2021 (category Article 13 GDPR)2016/679 and article 11toun.3471 / 2006, according to article 58par.2 of the GCP in in combination with article 83 par. 5 of the GCC, and with article 21 par45 KB (7,165 words) - 15:22, 22 February 2022
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- AEPD (Spain) - PS/00405/2020 (category Article 6(1)(a) GDPR)complained party, by the alleged infringement of article 6.1.a) of the RGPD, typified in article 83.5 of the GDPR. EIGHTH: The agreement to initiate this sanctioning20 KB (3,047 words) - 14:35, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 35(7) GDPR)provisions of the GDPR relating to the principles of data protection (article 5 of the GDPR) and the lawfulness of processing (article 6 of the GDPR). An infringement83 KB (13,694 words) - 09:53, 14 December 2023
- AEPD (Spain) - PS/00269/2019 (category Article 5(1)(f) GDPR)infringement of article 5.1.f), in relation to article 6.1, of the RGPD. The infringement of article 5.1.f) of the RGPD is typified in article 83.5.a) of the30 KB (4,761 words) - 14:24, 13 December 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- Gerechtshof Amsterdam - 200.251.466/01 (category Article 21 GDPR)request under Article 21 GDPR can be made at any time and several times. It also found that a provisional measure can be granted under Article 21 GDPR if an urgent19 KB (3,021 words) - 15:48, 15 March 2022
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)this case under Article 6(1)(a) or 6(1)(c)? If Article 6(1)(a) applies, do the requirements for parental consent under Article 8 GDPR also apply? Did the48 KB (7,926 words) - 16:56, 12 December 2023
- RvS - 201906880/1/A3 (category Article 5 GDPR)on Article 6(1)(c) GDPR. In particular, the appellant argued that pursuant to Article 6(3) GDPR, a public interest task under Article 6(1)(c) GDPR must40 KB (6,464 words) - 09:58, 7 July 2021
- APD/GBA (Belgium) - 12/2019 (category Article 7 GDPR)the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a decision107 KB (17,697 words) - 16:52, 12 December 2023
- AEPD (Spain) - TD/00262/2019 (category Article 17 GDPR)exercised by a complainant pursuant to Article 17 GDPR and analysed the exercise of the rights under Articles 15-22 GDPR. On 15 February 2019, Mrs A.A.A. (hereinafter17 KB (2,751 words) - 14:51, 13 December 2023
- AEPD (Spain) - PS/00025/2019 (category Article 6(1) GDPR)infringement of article 6.1 of the RGPD, typified in article 83.5 of the RGPD, afine of 75,000 euros (seventy-five thousand euros).SECOND: Under article 58.2.d)88 KB (14,301 words) - 13:48, 13 December 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)subject relied on the GDPR to anonymise and redact deeds which were key to the proceedings, on the basis of Article 5(1)(c) GDPR (data minimisation). In103 KB (17,620 words) - 10:13, 29 November 2023
- Persónuvernd - 2020010678 (category Article 5(1) GDPR)violation of the GDPR? The Persónuvernd held that the processing was lawful for several reasons. Regarding the GDPR, it held that Article 6(1)(f) applied26 KB (4,135 words) - 09:59, 6 May 2021
- APD/GBA (Belgium) - 33/2020 (category Article 5 GDPR)by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit39 KB (6,551 words) - 16:56, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 7 GDPR)of Articles 6, 7 and 12 of the GDPR. In the contested decision, the Belgian DPA found the infringement of Article 6, 7, 12, 13 and 24 GDPR sufficiently proven67 KB (10,544 words) - 09:24, 10 September 2021
- AEPD (Spain) - EXP202202000 (category Article 17 GDPR)information correctly published at the time. The DPA noted that under Article 17(3)(b) GDPR, personal data shall not be erased if their processing is necessary20 KB (3,107 words) - 10:49, 13 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)and 13 GDPR? Is the information provided to data subjects throughout the subscription process in compliance with the provisions of Article 13 GDPR? Does48 KB (7,404 words) - 17:09, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches66 KB (9,458 words) - 19:42, 4 September 2021
- NAIH (Hungary) - NAIH-3561-4/2022 (category Article 4(7) GDPR)controller’s status as “data controller” was correct under Article 4(7) GDPR. Article 44 GDPR requires that the transfer of personal data to a third country13 KB (1,677 words) - 09:39, 14 November 2022
- DSB (Austria) - 2021-0.347.702 (category Article 6(1)(f) GDPR)or by a third party. The court used Article 9(2)(f) GDPR to interpret legitimate interests under Article 6(1)(f) GDPR as including the establishment, exercise25 KB (3,875 words) - 10:36, 11 January 2024
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR. The complainants are clients52 KB (8,603 words) - 16:55, 12 December 2023
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)violation of article 5.1.f) of the GDPR (LCEur 2016, 605) , typified in article 83.5.a) of the GDPR, a penalty of warning, of in accordance with article 77 of195 KB (30,495 words) - 12:40, 13 December 2023
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)purpose constituted a breach of Article 5(1)(e) GDPR. Secondly, the CNIL indicated that the controller breached Article 13 GDPR by failing to include the right56 KB (8,757 words) - 14:12, 28 February 2024
- APD/GBA (Belgium) - 45/2023 (category Article 6(1)(a) GDPR)the data subject (Article 6(1)(a) GDPR and Article 9(2)(a) GDPR) or must be part of the performance of a contract (Article 6( 1)(b) GDPR) 2. According to22 KB (2,983 words) - 08:20, 16 May 2023
- Grünanger/Goricnik, Arbeitnehmer-Datenschutz und Mitarbeiterkontrolle2 Kap 7 Rz 7.87 and 7.93). In doing so, the defendant encroached on the plaintiff's privacy24 KB (3,763 words) - 09:49, 14 December 2023
- AKI (Estonia) - 2.1-3/20/347 (category Article 15(1) GDPR)protection of such information. ________________________________________ Page 7 7 (7) Due to the above, because the Public Information Act does not provide an26 KB (4,193 words) - 10:30, 13 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA429 KB (58,279 words) - 09:12, 2 November 2022
- AEPD (Spain) - PS/00306/2019 (category Article 5(1)(c) GDPR)6 6/8the power to impose an administrative fine pursuant to article 83 of the GDPR-article 58.2 i) -, or the power to order the controller or data controllerthat22 KB (3,421 words) - 14:27, 13 December 2023
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)paying profiles. II.4. Article 12(1),(2) and (3), Article 17, Article 19, Article 24(1) and Article 25(1) AVG 63. Article 12 (1) GDPR stipulates that the77 KB (11,604 words) - 08:55, 29 June 2023
- Rb. Noord-Nederland - C/ 18/189406/HA ZA 19-6 (category Article 5(1)(f) GDPR)loss of control of personal data and a breach of Article 5(1)(f) GDPR, Article 6 GDPR and Article 32(2) GDPR. The first complainant is a company that is engaged105 KB (18,002 words) - 16:24, 10 March 2022
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 7 GDPR)operations . 45 35. Although according to Guidelines 2/2019 on Article 6(1)(b) GDPR , processing cannot be rendered lawful by Article 6(1)(b) GDPR “simply because289 KB (33,568 words) - 15:00, 1 February 2023
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA206 KB (30,485 words) - 09:54, 14 December 2023
- AEPD (Spain) - EXP202100897 (category Article 6(1) GDPR)RGPD, given the almost total identity between its article 7.f) and article 6.1.f) of the RGPD Article 7, letter f) of said Directive indicated: “Member States72 KB (11,671 words) - 13:34, 13 December 2023
- NAIH (Hungary) - NAIH/2020/2000/5 (category Article 5(1)(a) GDPR)of a Commission decision on adequacy , or in Article 46, Article 47 or the second subparagraph of Article 49 (1) (a) the period for which the personal24 KB (3,815 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS/00198/2020 (category Article 6(1) GDPR)Madridsedeagpd.gob.es Page 7 7/11j) adherence to codes of conduct under article 40 or to mechanismscertification approved in accordance with Article 42, andk) any other24 KB (3,769 words) - 14:10, 13 December 2023
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)be erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement27 KB (4,363 words) - 16:56, 12 December 2023
- AP (The Netherlands) - 25.11.2021 (category Article 5(1)(a) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 37(7) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- NAIH (Hungary) - NAIH/2020/6484 (category Article 15(1)(a) GDPR)the general rule of Article 15 (1) (a), c) and d) of the GDPR by not giving substantive, specific answers to the request under Article 15 and by sharing27 KB (4,159 words) - 10:13, 17 November 2023
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)that the letter in question referred to Article 58(1)(a) of the GDPR and Article 5:16 in conjunction with Article 5:17 of the Awb does not make this any67 KB (11,415 words) - 17:15, 12 December 2023
- relation to contraventions of the UK-GDPR, section 168 DPA 2018 provides that "non-material damage" in Article 82 GDPR includes distress. In relation to breaches61 KB (8,986 words) - 08:40, 22 February 2022
- CE - 450163 (category Article 45(3) GDPR)protection (...)". According to Article 46 of the Regulation: "1. In the absence of a decision pursuant to Article 45(3), the controller or processor may26 KB (3,744 words) - 16:36, 10 August 2021
- UODO (Poland) - ZSZZS.440.768.2018 (category Article 83(7) GDPR)amended), and Article 7 (1) and (2), Article 60, Article 102 of the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2010, No. 153, item32 KB (5,139 words) - 10:02, 17 November 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 7(1) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- AEPD (Spain) - A/00291/2017 (category Article 7 GDPR)the concurrence of several criteria of those set forth in article 45.4 of the LOPD (article 45.5.a LOPD), specifically: The volume of treatments carried33 KB (5,107 words) - 14:56, 25 October 2022
- CNIL (France) - SAN-2020-015 (category Article 32(1) GDPR)private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA29 KB (4,374 words) - 16:03, 19 January 2024
- NAIH (Hungary) - NAIH/2020/3479 (category Article 5(1)(d) GDPR)proceedings Article 77 (1) and Article 22 (b) of the General Data Protection Regulation. may be submitted in the case provided for in Under Article 77 (1) of30 KB (4,563 words) - 10:12, 17 November 2023
- DSB (Austria) - 2023-0.637.760 (category Article 31 GDPR)powers (Article 58, paragraphs 1 and 2 of the GDPR). The DSB is a supervisory authority within the meaning of Article 51 GDPR Article 51, GDPR (see also82 KB (13,593 words) - 11:03, 24 January 2024
- APD/GBA (Belgium) - 72/2020 (category Article 7(3) GDPR)juncto 7.3 of the RGPD; - that it is not necessary to pronounce one of the measures provided for in Article 100, §1 of the ACL. Pursuant to Article 108,34 KB (5,677 words) - 17:00, 12 December 2023
- AP (The Netherlands) - z2018-02009 (category Article 32 GDPR)(hereinafter: the GDPR) applies on 25 May 2018 become. The GDPR imposes the same obligation in Article 32, paragraph 1, as it applied under Article 13 6. The UWV33 KB (5,112 words) - 17:10, 12 December 2023
- UOOU (Slovakia) - Opinion of 24 August 2021 - FATCA (category Article 45 GDPR)transfers to the US, there is no adequacy decision within the meaning of Article 45 GDPR since the Court of Justice of the EU invalidated the Privacy Shield18 KB (2,319 words) - 12:51, 28 September 2022
- Persónuvernd (Island) - 2022020363 (category Article 35(7) GDPR)and thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing142 KB (22,881 words) - 12:42, 16 January 2024
- |GDPR_Article_Link_4= |GDPR_Article_5= |GDPR_Article_Link_5= |GDPR_Article_6= |GDPR_Article_Link_6= |GDPR_Article_7= |GDPR_Article_Link_7= |GDPR_Article_8= |GDPR_Article_Link_8=32 KB (6,006 words) - 16:33, 7 July 2021
- |GDPR_Article_Link_4= |GDPR_Article_5= |GDPR_Article_Link_5= |GDPR_Article_6= |GDPR_Article_Link_6= |GDPR_Article_7= |GDPR_Article_Link_7= |GDPR_Article_8= |GDPR_Article_Link_8=34 KB (5,924 words) - 18:14, 20 April 2021
- CE - N° 444937 (category Article 45 GDPR)CJEU held that the Privacy Shield adequacy decision (adopted as per Article 45(3) GDPR) was invalid. It was deemed invalid as it did not provide an adequate51 KB (7,830 words) - 09:50, 29 October 2020
- indication that art. 30 GDPR has not been complied with. There are serious indications that article 12.1 GDPR has not been complied with. 7. On December 16, 201935 KB (5,303 words) - 17:01, 12 December 2023
- DVI (Latvia) - SIA “Lursoft IT” (category Article 5(1)(a) GDPR)Liability Law, 9 Article 156, the second and third paragraphs of Article 157, the first paragraph of Article 166, Article 168, Article 262, Article 269, 1. to90 KB (14,351 words) - 16:10, 6 December 2023
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 7 GDPR)addresses that the Medical List does today, cf. GDPR Article 4, No. 11, Article 6 No. 1 letter a, Article 7 and Article 9 No. 2 letter a If current practice is144 KB (23,058 words) - 18:48, 5 March 2022
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)assessment against the GDPR A. Identification of the controllers involved (Article 4.7 GDPR) 24. In accordance with Article 4.7 GDPR, it must be the controller82 KB (13,250 words) - 16:57, 12 December 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)violation of article 32, paragraph 1, GDPR and article 13, paragraph 1, sub, GDPR BZ should end these violations as soon as possible. article58, paragraph2179 KB (22,957 words) - 17:07, 12 December 2023
- NAIH (Hungary) - NAIH/2020/2555 (category Article 4(1) GDPR)out in Article 12 (3) of the General Data Protection Regulation, the Debtor informed by electronic means on 7 March 2019, in accordance with Article 15 (1)33 KB (5,033 words) - 10:12, 17 November 2023
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph28 KB (4,527 words) - 15:58, 26 April 2022
- NAIH (Hungary) - NAIH/2020/5553 (category Article 12(3) GDPR)request under Article 15 and with the one month deadline under Article 12(3). Was Google Ireland Ltd in breach of its obligations under GDPR Article 15(1) and27 KB (4,279 words) - 10:12, 17 November 2023
- AEPD (Spain) - EXP202205791 (category Article 17 GDPR)observations. Firstly, the right to be forgotten can be found in Article 17 GDPR and Article 93 of the LOPDGDD, the Spanish data protection law. It establishes29 KB (4,648 words) - 12:38, 13 December 2023
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant84 KB (12,933 words) - 16:46, 12 December 2023
- APD/GBA (Belgium) - 138/2022 (category Article 5(1)(a) GDPR)accountability obligation in article 5, paragraph 2 of the GDPR in conjunction with Article 24, paragraph 1 of the GDPR. 46. Based on Article 7, §2, fifth paragraph43 KB (6,274 words) - 08:57, 29 June 2023
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 1885 KB (13,724 words) - 16:52, 12 December 2023
- LG Rostock - 3 O 762/19 (category Article 7 GDPR)unlawful under Article 6(1) GDPR: A user's consent under Article 6(1)(a) GDPR could not be considered valid under Articles 4(11) and 7 GDPR, especially since103 KB (16,959 words) - 13:58, 20 September 2021
- Datatilsynet (Norway) - 20/03771-17 (category Article 45 GDPR)provided for in the EEA and required by Article 44 GDPR. Relevant tools for transfers: Adequacy decisions, Article 45(1) GDPR: “A transfer of personal data to69 KB (10,520 words) - 07:55, 10 August 2023
- Court of Appeal of Brussels - 2020/AR/1111 (category Article 3(1) GDPR)ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of37 KB (5,919 words) - 08:54, 20 August 2021
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)of the four component parts of Article 35(7) is set out in turn below, ie Articles 35(7)(a), 35(7)(b), 35(7)(c) and 35(7)(d). 89. Before identifying the129 KB (17,281 words) - 14:57, 10 April 2024
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)Failure to ensure data protection by default (Article 25(2) GDPR) The DPA also found a violation of Article 25(2) GDPR regarding the controllers “X” icon at the59 KB (9,566 words) - 17:03, 6 December 2023
- NSS - 10 As 190/2020 - 39 (category Article 83(7) GDPR)body within the meaning of Article 83(7) GDPR. In interpreting what amounts to a public authority or body under Article 83(7) GDPR, the NSS held that such34 KB (5,374 words) - 04:32, 28 April 2022
- OGH - 6Ob127/20z (category Article 4(1) GDPR)held that a lawsuit under Article 79 GDPR regarding the alleged violation of Article 15 GDPR is indeed feasible. Article 79 GDPR is not limited to certain34 KB (5,408 words) - 13:57, 20 September 2021
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)(1) lit. d GDPR. The procedure was also compatible with the principle of purpose limitation within the meaning of Article 5 para. 1 lit. b GDPR. In September31 KB (5,184 words) - 17:19, 15 April 2023
- personal data, which has been replaced by the RGPD. 44. According to Article 4(7) of the GDPR, the controller is "the natural or legal person, public authority73 KB (11,864 words) - 17:03, 6 December 2023
- APD/GBA (Belgium) - 149/2023 (category Article 7(3) GDPR)to in Article 5(1) LRN, under which the controller did not fall in. Therefore, the controller breached Article 5(1)(a) GDPR and Article 6(1) GDPR, in conjunction113 KB (17,325 words) - 08:50, 19 March 2024
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)montant de 10.000 € (article 83, paragraphe 2, de l'AVG ; article 100, §1, 13° WOG et article 101 WOG). 129. Compte tenu de l'article 83 AVG et de la jurisprudence1796 KB (15,396 words) - 16:50, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 5(1)(a) GDPR)for fraud prevention under Article 6(1)(f) GDPR. Did the company’s policy breach Article 6 or any other articles of the GDPR? The Garante held that the33 KB (5,342 words) - 15:52, 6 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 5(1)(f) GDPR)provisions of Article 5.1 of the AVG, but concerns the entire AVG. 31. The aforementioned follows from the merger of Article 5.2 of the AVG and Article 24.1 of35 KB (5,526 words) - 16:56, 12 December 2023
- BVwG - W211 2210458-1/10 (category Article 4(7) GDPR)principles laid down in Article 5 GDPR. A legal basis supporting the lawfulness of the data processing within the meaning of Article 6.1 GDPR was not apparent92 KB (15,435 words) - 16:00, 22 March 2022
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)and transferred to the Disputes Chamber pursuant to article 62, § 1 j° article 92, 1° WOG. 10. On 7 February 2020, the Disputes Chamber invites the parties39 KB (6,247 words) - 09:14, 15 November 2023
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant45 KB (6,780 words) - 16:57, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose52 KB (7,520 words) - 13:13, 20 July 2021
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg56 KB (8,326 words) - 16:57, 6 December 2023
- CNPD (Luxembourg) - Délibération n°16FR/2021 (category Article 5(1)(c) GDPR)elements provided for in Article 83.2 of the GDPR: As to the nature and seriousness of the violation (article 83.2.a) of the GDPR), the Restricted Training51 KB (7,338 words) - 11:33, 16 June 2021
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium42 KB (6,689 words) - 08:30, 21 November 2022
- GHAL - 200.256.387 (category Article 6(1)(c) GDPR)certain data to be delete. It brought a legal action based on Article 17 GDPR and Article 21 GDPR, read in conjunction with the Dutch Data Protection Act (Wet27 KB (4,289 words) - 07:57, 7 March 2022
- LG Münster I - ECLI:DE:LGMS:2023:0704.16O238.22.00 (category Article 6(1)(f) GDPR)personal data under Article 17(1)(d) GDPR, and ordered the controller to pay the data subject €579.17 in damages under Article 82(1) GDPR. Share your comments28 KB (4,215 words) - 15:09, 6 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "182 KB (13,463 words) - 17:03, 6 December 2023
- CNIL (France) - SAN-2021-003 (category Article 4(1) GDPR)drones equipped with cameras a personal personal data in the sense of Article 4 GDPR ? Did the Ministry of Interior comply with the French Data Protection39 KB (6,015 words) - 17:11, 6 December 2023
- APD/GBA (Belgium) - 48/2021 (category Article 5(1)(a) GDPR)(listed in Article 57 of the GDPR) including that of dealing with complaints (article 57.1.f) of the GDPR) as well as a number of powers (article 58 of the43 KB (6,670 words) - 16:58, 12 December 2023
- CE - 466115 (category Article 5 GDPR)association, a disregard of article 5 of the GDPR. 7. It follows that the arguments based on disregard for this article of the GDPR can only be dismissed. On28 KB (4,287 words) - 09:20, 23 February 2024
- APD/GBA (Belgium) - 04/2021 (category Article 7 GDPR)processing (Article 4, point 11, Article 6 (1) in conjunction with Article 7 GDPR) 121. With regard to the lawfulness of the processing (art. 6 GDPR), the defendant113 KB (18,732 words) - 16:50, 12 December 2023
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)authentication via a third service provider cannot constitute a breach of Article 6 of the GDPR when it implies that the personal data of the data subjects are not124 KB (18,772 words) - 17:01, 12 December 2023
- UODO (Poland) - DKE.561.23.2020 (category Article 31 GDPR)Pursuant to Art. 57 GDPR, the President of the Personal Data Protection Office - as a supervisory authority within the meaning of Art. 51 GDPR - monitors and33 KB (5,262 words) - 13:02, 16 June 2021
- BGH - VI ZR 15/23 (category Article 15(1) GDPR)reasoning of the Court of Appeal. Article 15 GDPR and the GDPR as such are applicable, even if the processing occurred before the GDPR came into force in 2018.17 KB (2,646 words) - 09:00, 28 March 2024
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)obligations under Article 5(1)(f) and Article 32 of GDPR. Article 5 (1) : Ticketmaster has failed to comply with the requirements of GDPR including to process130 KB (21,195 words) - 13:52, 25 April 2021
- DSB (Austria) - 2020-0.743.659 (category Article 4(15) GDPR)requirements of Article 9 GDPR. In the DSB held that the processing violated Articles 5, 6 and 9 GDPR: Consent under Articles 6(1)(a), 7 and 9(2)(a) GDPR cannot50 KB (8,015 words) - 13:52, 12 May 2023
- BVwG - W298 2266986 -1/20E (category Article 5(1)(c) GDPR)Paragraph 4 GDPR Art4 Z1 GDPR Art5 Paragraph 1 litc GDPR Art51 Paragraph 1 GDPR Art57 Paragraph 1 litf GDPR Art6 Paragraph 1 litf GDPR Art77 GDPR Art9 B-VG63 KB (10,365 words) - 12:54, 31 January 2024
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)complaint lodged under Article 77 of the GDPR, or proceedings based on Article 78(1) of the GDPR, is not precluded by the GDPR or any other provision of59 KB (8,242 words) - 10:47, 17 March 2021
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller120 KB (19,650 words) - 09:00, 6 April 2022
- Commissioner (Cyprus) - 11.17.001.008.229 (category Article 5(2) GDPR)violation of Article 5(2) GPDR since the controller failed to demonstrate compliance with Article 5(1) GDPR and a violation of Article 44 GDPR since the controller56 KB (8,616 words) - 15:31, 6 March 2024
- DSB (Austria) - 2021-0.285.169 (category Article 2(2)(c) GDPR) (section GDPR Does Not Apply Due to Exception of Article 2(2)(c) GDPR)meaning of Article 4(15) GDPR. The DSB founds that the GDPR does not apply due to the household exception provided for in Article 2(2)(c) GDPR. Pursuant31 KB (4,887 words) - 14:21, 21 July 2021
- Garante per la protezione dei dati personali (Italy) - 9685947 (category Article 28 GDPR)Guarantor or to ask to be heard by the Authority (Article 166, paragraphs 6 and 7, of the Code; as well as Article 18, paragraph 1, of the Law No. 689 of November115 KB (18,595 words) - 11:30, 16 August 2022
- BVwG - W252 2246581-1/6E (category Article 15(1)(h) GDPR)pursuant to Article 22 GDPR, but only 'light profiling' under Article 4(4) GDPR. Therefore, the controller claimed that Article 15(1)(h) GDPR did not apply31 KB (4,838 words) - 09:11, 30 August 2023
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)controller for the purposes of Article 4(7) GDPR, and Company A was the processor for the purposes of Article 4(8) GDPR. The DPA found that both Companies55 KB (9,079 words) - 16:57, 6 December 2023
- HDPA (Greece) - 44/2019 (category Article 5(1) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)as required by article 6 of the RGPD. The data processing carried out violates article 6 of the RGPD conduct that is subsumed in article 83.5 of the RGPD47 KB (7,616 words) - 14:35, 13 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)the European Union Article 7, Article 8 paragraph 1 and Article 11 European Convention on Human Rights Article 8 paragraph 1 and Article 10 paragraph 1 Regulation60 KB (9,713 words) - 13:07, 26 March 2024
- Garante per la protezione dei dati personali (Italy) - 9685922 (category Article 5(1)(f) GDPR)processing carried out is in violation of Article 5(1)(f) GDPR, Article 25(1) GDPR, Article 32 GDPR and Article 35 GDPR. Especially, the controller cannot exclude119 KB (19,123 words) - 11:29, 16 August 2022
- UODO (Poland) - DOKE.561.1.2023 (category Article 58(1)(a) GDPR)view of the above, it found a violation of Article 58(1)(a) and (e) GDPR and imposed a fine of PLN 33,012 (€7,000). Share your comments here! Share blogs45 KB (7,312 words) - 21:50, 8 August 2023
- EDPB Plenary 2/Minutes (section Art. 64 GDPR Opinions on DPIA lists – discussion, request for mandate and confirmation of the Rapporteurs: [REDACTED])the words “EDPB Enforcement Strategy” from item 3.7.2 and declaring the items 1.4, 2.1, 2.2, 2.3 and 3.7.2 confidential according to Art. 33 RoP. The members15 KB (2,014 words) - 19:45, 6 June 2020
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)which the person responsible is subject. In contrast to Article 6 (1) (b) GDPR, Article 6 (1) (c) GDPR with “legal obligation” does not mean a contractual41 KB (6,779 words) - 12:35, 24 November 2021
- Hämeenlinnan hallinto-oikeus (Finland) - 2548/2023 (category Article 5(1)(a) GDPR)in the tax information portals had in any case violated Article 5(1)(a) GDPR and Article 32 GDPR, because the large-scale and permanent publication of personal44 KB (6,893 words) - 10:28, 25 March 2024
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- NAIH (Hungary) - NAIH/2020/34/3 (category Article 12(2) GDPR)right of access under Article 15 GDPR? By denying the complainant access, did the respondent infringe Articles 12(1) or 12(2) GDPR? The NAIH that the complainant's48 KB (7,727 words) - 10:11, 17 November 2023
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- DSB (Austria) - 2021-0.568.642 (category Article 4 GDPR)Section 29 (1) GDPR, every person concerned who has suffered material or immaterial damage as a result of a violation of the GDPR or the GDPR is entitled33 KB (5,128 words) - 09:43, 2 December 2021
- GHSHE (Netherlands) - 200.274.447 01 (category Article 5 GDPR)account the provisions of Article 7:671b (8) opening words and under (b) of the Dutch Civil Code (old), on the basis of Article 7:671b (1) opening words and60 KB (10,118 words) - 15:12, 5 October 2021
- EWHC (UK) - Johnson v Eastlight Community Homes Ltd (category Article 82 GDPR)principles to the GDPR; (b) The effect (if any) of the remaining claims Article 5(1)(f) GDPR (the data security principle), the Article 8 claim and46 KB (7,676 words) - 10:45, 7 December 2021
- Datainspektionen - DI-2018-9274 (category Article 5(1)(b) GDPR)in a manner contrary to Article 5 (1)(a) GDPR. For a deeper understanding of the right to request delisting under Article 17 GDPR, the following case and96 KB (12,267 words) - 11:43, 7 April 2022
- AEPD (Spain) - TD/00277/2020 (category Article 17 GDPR)of these data (hereinafter, GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish40 KB (6,518 words) - 13:29, 13 December 2023
- APD/GBA (Belgium) - 05/2021 (category Article 5(1)(f) GDPR)of 25,000 euros (Article 83, paragraph 2 GDPR; Article 100, §1, 13 ° WOG and Article 101 WOG). 18 55. Taking into account article 83 GDPR and the case law60 KB (9,281 words) - 16:50, 12 December 2023
- AEPD (Spain) - PS/00276/2021 (category Article 6(1)(b) GDPR)application of article 45.6 of the LOPD. Well, in the case at hand, the specific assumption to, from among those expressed in the fifth section of article 45, accepted40 KB (6,381 words) - 10:12, 7 December 2021
- UODO (Poland) - DKN.5131.11.2020 (category Article 33(1) GDPR)the Foundation. The DPA held that the Foundation violated Article 33(1), Article 34(1) GDPR by failing to notify the DPA of a personal data protection51 KB (8,179 words) - 12:07, 11 August 2021
- UODO (Poland) - DKE.561.20.2022 (category Article 58(1)(a) GDPR)pursuant to Article 83(5)(e) GDPR. Second, the DPA considered the non-compliance with the summons to breach breach of Article 58(1)(a) and (e) GDPR. The delay43 KB (6,878 words) - 10:55, 10 January 2024
- Tietosuojavaltuutetun toimisto (Finland) - 7684/171/22 (category Article 35 GDPR)of the decision where it applied Article 35 GDPR in this case. This might imply that there was a confusion with Article 35 data protection impact assessment27 KB (4,068 words) - 10:13, 7 June 2023
- Rb. Zeeland-West-Brabant - AWB - 19 1554 (category Article 4(7) GDPR)meaning of Article 15(1) of the AVG. Pursuant to Article 34 of the AVG Implementation Act, the written decision on a request pursuant to Article 15 of the20 KB (3,206 words) - 16:22, 9 July 2020
- DSB (Austria) - 2020-0.191.240 (category Article 4(1) GDPR)follows The appeal is dismissed as unfounded. Legal basis: Article 51(1), Article 57(1)(f) and Article 77(1) of Regulation (EU) 2016/679 (the basic data protection66 KB (10,546 words) - 13:50, 12 May 2023
- Digitaliseringsstyrelsen - Decision against Google of 30 October 2023 (category Article 4(11) GDPR)condition for voluntary and specific consent (as also described in Article 4(11) GDPR) was not met. In connection with this, the Agency acknowledged that52 KB (8,025 words) - 05:01, 23 November 2023
- VG Mainz - 1 K 584/19.MZ (category Article 9(1) GDPR)measures pursuant to Article 58 (2) (d) DSGVO were announced - this error would in any case have been remedied pursuant to Article 45 (1) no. 3 VwVfG by58 KB (9,665 words) - 08:51, 25 November 2020
- AP (The Netherlands) - 23.09.2021 (category Article 32(1) GDPR)which led to a (sensitive) data breach, in violation of Article 32(1) and Article 32(2) GDPR In Oktober 2019, a malicious third party gained unauthorized66 KB (8,861 words) - 17:08, 12 December 2023
- OGH - 6Ob87/21v (category Article 5(1)(c) GDPR)found no violation of Article 5(1)(c)(e) GDPR and a prevailing legitimate interest of the defendant according to Article 6(f) GDPR. It must be noted that38 KB (6,129 words) - 10:12, 10 September 2021
- Datatilsynet (Denmark) - 2020-431-0075 (category Article 7 GDPR)2016/679, example 7, page 12. [3] Article 29-Group Opinion 6/2014 on the legitimate interests of the controller as referred to in Article 7 of Directive 95/46/EC66 KB (10,335 words) - 14:38, 25 October 2022
- NAIH (Hungary) - NAIH-1091-10/2022 (NAIH-6936/2021) (category Article 7(1) GDPR)on Article 58 (2) point b) of the GDPR, because violated: - Article 6 (1) of the GDPR, 16 - Article 5 (2) of the GDPR, - Article 7 (1) of the GDPR, - Paragraphs69 KB (11,255 words) - 10:08, 17 November 2023
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for37 KB (5,721 words) - 12:41, 16 September 2021
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)obtained from them, as required under Article 14(1)(a) AVG and Article 14(2)(c)(e) and point (f) AVG; c. article 12 j° article 14 AVG, in view of the defendant62 KB (10,509 words) - 16:58, 12 December 2023
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)is maintained under Article 6.1 b) to f) of the GDPR and therefore in Article 6.1.c) invoked in the species. Article 6.1 of the GDPR in fact reproduces73 KB (11,238 words) - 16:59, 12 December 2023
- APD/GBA (Belgium) - 136/2023 (category Article 5(1)(f) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results73 KB (11,604 words) - 16:57, 12 December 2023
- Rb. Midden-Nederland - AWB - 20 727 (category Article 15(1) GDPR)right of access under Article 15, first paragraph, of the GDPR can no longer be served. Article 15, first paragraph, of the GDPR gives a data subject the25 KB (3,767 words) - 09:49, 6 October 2021
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)disregarded the provisions of Article 5-1 e) of the GDPR. C. On the breach of the obligation to inform people 65. Article 13 of the GDPR requires the data controller61 KB (10,028 words) - 17:09, 6 December 2023
- DSB (Austria) - DSB-D124.0701/23 (category Article 4(7) GDPR)No. 9/1992 as amended: Article 5, Article 6, Article 51, paragraph one, Article 57, paragraph one , Litera f, as well as Article 77, paragraph one, of Regulation29 KB (4,393 words) - 09:42, 4 March 2024
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)arising from Article 15 of the GDPR. 3. On the breach relating to the obligation to respect the right of opposition (article 21 of the GDPR) 45. The rapporteur48 KB (7,525 words) - 17:02, 6 December 2023
- OLG Köln - 6 U 58/23 (category Article 44 GDPR)adequacy decision (Article 45 GDPR) nor suitable guarantees (Article 46 GDPR) are in place for the third country concerned, cf. Article 49 Paragraph 1 Sentence118 KB (19,824 words) - 10:49, 6 February 2024
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)resulting from Article L. 34-5 of the CPCE and Article 7-1 of the GDPR. B. On the breaches relating to the exercise of rights 27. According to Article 12 of the59 KB (9,623 words) - 17:03, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 37(7) GDPR)meaningless the obligation of Article 37.7 of the GDPR. 23. In view of the above, the restricted panel concludes that Article 37.7 of the GDPR has no not respected81 KB (11,895 words) - 16:58, 6 December 2023
- CJEU - C-33/22 - Österreichische Datenschutzbehörde (category Article 4(7) GDPR)security under Article 2(2)(a) GDPR. The GDPR will not apply if the activity of the controller falls outside the scope of Union Law under Article 2(2)(a). The8 KB (1,127 words) - 08:53, 30 January 2024
- APD/GBA (Belgium) - 07/2021 (category Article 5(1) GDPR)infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been72 KB (11,208 words) - 16:51, 12 December 2023
- AEPD (Spain) - PS/00006/2022 (category Article 12 GDPR)violation of the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned54 KB (8,870 words) - 10:43, 13 December 2023
- NAIH (Hungary) - 7286-1/2023 (category Article 4(7) GDPR)basis of GDPR Article 58 (2) point b), because it violated Article 15 (1) of the GDPR. (40) In accordance with Article 58 (2) point d) of the GDPR, the Authority33 KB (4,956 words) - 15:55, 20 March 2024
- LfDI (Baden-Württemberg) - 4 Sa 70/20 (category Article 7(4) GDPR)applied Article 9(2)(a) GDPR, according to which the data subject could have voluntarily disclosed their health data defined in Article 4(15) GDPR to the29 KB (4,815 words) - 08:48, 11 November 2022
- APD/GBA (Belgium) - 149/2022 (category Article 5(1)(b) GDPR)Violations of Article 5(1)(a) GDPR and Article 6(1) GDPR The DPA held that the controller did not violate Article 5(1)(a) GDPR and Article 6(1) GDPR. The DPA89 KB (13,017 words) - 15:07, 2 November 2022
- VG Düsseldorf - 29 K 7031/19 (category Article 77 GDPR)DPA under Article 78 of the GDPR. The court dismissed the complaint. It found that the plaintiff is precluded from having recourse to the GDPR in connection27 KB (4,391 words) - 13:32, 20 November 2021
- LG Hannover - 13 O 129/21 (category Article 82(1) GDPR)sense of Article 82(1) GDPR, because the controller unlawfully disclosed the data to its customers. The court also held that under Article 82 GDPR the violation28 KB (4,506 words) - 11:20, 4 November 2022
- CJEU - C-129/21 - Proximus (category Article 7 GDPR)the violation, among others, of article 6 GDPR, read in combination with article 7 of the same Regulation and of article 5, second paragraphe of the Regulation10 KB (1,397 words) - 20:26, 4 April 2023
- PHR - 22/01253 (category Article 15 GDPR)from Section 7.7.5 of the Dutch Civil Code, in particular Art. 7:446 para. 4, art. 7:464 par. 1 (in conjunction with art. 7:446 par. 2), art. 7:456 and art241 KB (42,617 words) - 14:14, 13 September 2022
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 1150/161/2021 (category Article 4(7) GDPR)Health Care (152/1990). Article 1 (2), Article 4 (2), Article 4 (7), Article 4 (12), Article 5 (1) (f), Article 5 (2), Article 9 (1), 24 of the General153 KB (24,570 words) - 15:11, 26 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - 7732/161/23 (category Article 46 GDPR)46 and Chapter V GDPR. Moreover, it found that the conditions set for the urgency procedure were met, in accordance with Article 66 GDPR. The DPA then temporarily32 KB (4,844 words) - 11:44, 11 October 2023
- HDPA (Greece) - 4/2023 (category Article 5(1)(a) GDPR)(definition) Article 4.5 : Pseudonymization (definition) Article 4.6 : Filing system (definition) Article 4.7 : Controller (definition) Article 4.8 : Processor10 KB (1,249 words) - 12:16, 8 May 2023
- Datatilsynet (Norway) - 20/01627 (category Article 4(1) GDPR)buildings such as the city hall without a sufficient legal basis from Article 6(1) and Article 5(1)(a) . In December 2019, the Norwegian DPA (Datatilsynet) was45 KB (6,973 words) - 05:12, 15 September 2022
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)pursuant to Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR)121 KB (20,412 words) - 15:58, 10 March 2022
- Datatilsynet (Norway) - 20/01772 (category Article 6(1)(c) GDPR)line with Article 17(1)(d) GDPR, the controller was obliged to delete data processed unlawfully, unless the exception of Article 17(3) GDPR (fulfillment53 KB (7,945 words) - 10:46, 24 January 2023
- RvS - 202002834/1/A3 (category Article 15(1) GDPR)on the basis of Article 15, first and third paragraphs, of the General Data Protection Regulation (hereinafter: GDPR ), formerly Article 35 of the Personal10 KB (1,489 words) - 11:45, 19 November 2020
- APD/GBA (Belgium) - 73/2020 (category Article 37(7) GDPR)Pursuant to Article 37(5) GDPR, the DPO should be designated, inter alia, on the basis of their in data protection law and practice. Article 37(7) GDPR provides93 KB (14,040 words) - 17:00, 12 December 2023
- CJEU - C-280/22 - Kinderrechtencoalitie Vlaanderen and Liga voor Mensenrechten v Belgian State (category Article 1 GDPR)valid and compatible with Article 16 TFEU and – as regards Article 3(5) and (6) – with Article 21 TFEU, as well as with Articles 7, 8 and 52 of the Charter7 KB (740 words) - 11:43, 7 September 2022
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 12(4) GDPR)internal data protection rules. Article 25 of the GDPR specifies the general obligations set out in Article 24: in this Article the principle of regulated built-in60 KB (9,820 words) - 10:08, 17 November 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4672/161/2022 (category Article 5(1)(a) GDPR)breached Article 44 GDPR, which requires transfers to be carried out in accordance with the conditions of Chapter V of the GDPR, and Article 46 GDPR, which44 KB (6,748 words) - 16:10, 21 March 2023
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)point 4.7. of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision79 KB (12,260 words) - 17:00, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)processing was therefore in breach of Article 5(1)(a) and Article 6(1)(c) of the GDPR. The DPA also ruled out Article 6(1)(f) on the grounds of domestic law:76 KB (11,147 words) - 16:58, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)relation to the requirements prescribed by Article 12.1 of the GDPR (transparency obligation) and by Article 13 of the GDPR (right to information). The Head of82 KB (11,472 words) - 16:58, 6 December 2023
- LG Feldkirch - 57 Cg 30/19b - 15 (category Article 9(1) GDPR)the GDPR, as the data falls under Article 9 GDPR and awarded € 800 in emotional damages. The Austrian Business Code cannot override Article 9 GDPR. There69 KB (11,077 words) - 16:48, 7 March 2022
- BVwG - W137 2255764-1 (category Article 44 GDPR)date 06/30/2023 standard B-VG Art133 Para.4 DSG §1 DSG §24 GDPR Art4 GDPR Art44 GDPR Art5 GDPR Art6 VwGVG §28 paragraph 2 B-VG Art. 133 today B-VG Art. 13372 KB (11,712 words) - 06:56, 31 August 2023
- APD/GBA (Belgium) - 25/2020 (category Article 7 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- Rb. Zeeland-West-Brabant - AWB- 20 6846 (category Article 12(3) GDPR)Court considered that pursuant to Article 12(3) GDPR, data controllers must provide data subjects with information on Article 15 to 22 requests without delay12 KB (1,755 words) - 15:01, 10 November 2020
- AEPD (Spain) - EXP202204836 (category Article 15 GDPR)violation of article 15 of the RGPD. V Classification of the violation of article 15 of the GDPR If confirmed, the aforementioned violation of article 15 of the52 KB (8,320 words) - 13:18, 14 February 2024
- Datatilsynet (Norway) - 21/03656 (category Article 12 GDPR)out in Article 14(5)(a) and Article 14(5)(c) GDPR. The DPA rejected the controller's views as it argued that the exceptions in Article 14(5) GDPR should63 KB (8,745 words) - 13:33, 27 April 2022
- BVwG - W252 2246883-1 (category Article 77 GDPR)directly from Article 77 GDPR. However, the GDPR does not contain any specifications regarding the deadlines for asserting a claim under Article 77 GDPR. The exercise21 KB (3,361 words) - 09:58, 13 July 2023
- VG Schwerin - 1 A 1254/20 SN (category Article 4(7) GDPR)Paragraph 45 The plaintiff cannot base his claim on Article 78(1) of the GDPR in conjunction with Article 57 of the GDPR. Article 57 of the GDPR. The scope37 KB (6,156 words) - 10:12, 26 May 2021
- NS - 30 Cdo 3909/2023-174 (category Article 85 GDPR)of Directive 2002/58 and Article 1 paragraph 2 and points 3, 10 and 51 of the GDPR) and in the domestic context also Article 10, paragraph 3 of the Charter103 KB (16,947 words) - 08:34, 24 April 2024
- APD/GBA (Belgium) - 77/2023 (category Article 5(1)(a) GDPR)storage (Article 5.1.b, 5.1.c, 5.1.d and 5.1.e of the GDPR); - Violation of the principle of legality (article 5.1.a of the GDPR); - Violation of Article 10150 KB (22,339 words) - 09:50, 21 June 2023
- Rb. Noord-Holland - 20/3831 (category Article 5(1)(e) GDPR)base the processing of personal data on Article 6(1)(e) GDPR. The court held that pursuant to Article 17(3) GDPR there is no obligation for a government30 KB (4,206 words) - 08:37, 14 October 2021
- LG München I - 5 O 5853/22 (category Article 5(1)(f) GDPR)organizational measures pursuant to Article 32 GDPR. The court held that the controller violated Article 32(1) GDPR, which requires appropriate technical31 KB (5,017 words) - 15:08, 20 October 2023
- Garante per la protezione dei dati personali (Italy) - 9754332 (category Article 28(2) GDPR)Guarantor or to ask to be heard by the Authority (Article 166, paragraphs 6 and 7, of the Code, as well as Article 18, paragraph 1, of Law 24 November 1981, n37 KB (6,034 words) - 16:59, 23 March 2022
- Garante per la protezione dei dati personali (Italy) - 9983210 (category Article 5(1) GDPR)Article 9, Article 12 and Article 13 GDPR. The Italian DPA ordered the controller to bring processing operations into conformity with the provisions of89 KB (14,466 words) - 15:14, 20 February 2024
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)the processing is based on Article 6(1)(a) or on Article 9, (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the69 KB (11,315 words) - 13:30, 19 January 2022
- OLG Celle - 8 U 165/22 (category Article 12(5) GDPR)sense of Article 4(1) GDPR. Moreover, OLG Celle also held that a singular access request can never be excessive for the purposes of Article 12(5) GDPR as the62 KB (10,852 words) - 14:08, 7 January 2023
- BVwG - W245 2239715-1 (category Article 6 GDPR)was no reason for erasure under Article 17 GDPR as the processing was still necessary and lawful under Article 6(1)(f) GDPR. In June 2020, the data subject62 KB (10,455 words) - 10:50, 7 September 2022
- CNIL (France) - SAN-2020-056 (category Article 5(1)(d) GDPR)is based on Article 9(2)(i) of the GDPR as mentioned above. 34. However, certain data referred to in the PIA are not mentioned in Article 2 of the draft43 KB (6,847 words) - 17:11, 6 December 2023
- Datatilsynet (Norway) - 20/02376 (category Article 24(1) GDPR)for conducting risk assessments. Both Article 24 and Article 32 GDPR impose such an obligation. Considering the individual case a thorough assessment would38 KB (5,620 words) - 07:40, 4 October 2021
- IP - 07121-1/2021/400 (category Article 4(15) GDPR)Information whose content meets the definition of health data in point 15 of Article 4 GDPR is health information even if it is published by the person himself7 KB (1,034 words) - 11:06, 27 October 2021
- NAIH (Hungary) - NAIH/2020/193/8 (category Article 5(1)(d) GDPR)been deleted by the employer upon request pursuant to Article 16, Article 17 and Article 5(1)(d) GDPR (inaccuracy of personal data). Therefore, the employer58 KB (9,413 words) - 10:11, 17 November 2023
- APD/GBA (Belgium) - 18/2020 (category Article 5 GDPR)therefore of the opinion that no breach of Article 5.2 of the GDPR, Article 24.1 of the GDPR and Article 33 of the GDPR can be established. - As regards the55 KB (8,810 words) - 16:55, 12 December 2023
- Rb. Amsterdam - C/13/689705/HA RK 20-258 (category Article 15 GDPR)processing of their personal data pursuant to Article 12 (1) of the GDPR . Profiling 4.35. In Article 4 part 4 GDPR , profiling is defined as any form of automated57 KB (9,498 words) - 20:42, 28 April 2021
- APD/GBA (Belgium) - 115/2022 (category Article 5(1)(c) GDPR)/13 of the GDPR are processed, their processing must find a basis in article 9.2 of the GDPR read in conjunction with Article 6.1. of the GDPR. 29. Since42 KB (6,237 words) - 11:23, 5 August 2022
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI and article 4 paragraph 1106 KB (14,502 words) - 17:09, 12 December 2023
- ICO (UK) - Tuckers Solicitors LLP (category Article 5(1)(f) GDPR)for by Article 51 of the GDPR. 17. By Article 57(1) of the GDPR, it is the Commissioner's task to monitor and enforce the application of the GDPR. 18. By87 KB (10,588 words) - 14:32, 16 March 2022
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(1) GDPR)fine are set out in Article 83 of the General Data Protection Regulation. contained in Article. In the event of a breach of Article 5 of the General Data67 KB (10,492 words) - 10:11, 17 November 2023
- Supreme Court - III CZP 78/19 (category Article 5 GDPR)defendant is Article 159(2)(4) of the Polish Telecommunications Law, in conjunction with Article 30, Article 32(2), Article 42(1) and Article 45(1) of the39 KB (5,984 words) - 09:08, 2 November 2020
- VG der Freien Hansestadt Bremen - 4 K 1338/21 (category Article 4(2) GDPR)in the sense of Article 4(2) GDPR. Therefore, the data controller needed a lawful ground for processing in the sense of Article 6(1) GDPR. Due to the fact10 KB (1,353 words) - 10:42, 14 November 2022
- AEPD (Spain) - PS/00135/2021 (category Article 6(1) GDPR)violated Article 6(1)GDPR, for processing personal data without a legal basis. Hence, the AEPD decided to fine Telefónica for the violation of Article 6(1)GDPR30 KB (4,631 words) - 13:00, 13 December 2023
- AEPD (Spain) - PS/00168/2020 (category Article 6(1) GDPR)violation of Article 6(1) GDPR? AEPD considered that the documentation provided offers evidence that Vodafone violated Article 6(1) of the GDPR, by processing22 KB (3,568 words) - 14:06, 13 December 2023
- FG München - 15 K 1212/19 (category Article 4(7) GDPR)the data protection claims from the GDPR is passively legitimate (Art. 15 Para. 1 GDPR). According to Art. 4 No. 7 GDPR, this is the natural or legal person98 KB (16,511 words) - 08:37, 9 May 2022
- NAIH (Hungary) - NAIH/2020/32/4 (category Article 5(1) GDPR)right of access under Article 15 of the GDPR and the right to erasure (‘forgotten’) under Article 17 of the GDPR, Article 12 of the GDPR on measures to exercise75 KB (12,586 words) - 10:10, 17 November 2023
- Rb. Amsterdam - C/13/663563 / HA RK 19-97 (category Article 6(1)(f) GDPR)the links on the grounds of Article 17(1)(a) GDPR and Article 17(1)(c) GDPR or whether the exception of Article 17(3)(a) GDPR about the freedom of expression37 KB (6,086 words) - 16:12, 10 March 2022
- NAIH (Hungary) - NAIH-4667-10/2022 (category Article 10 GDPR)minor, the parent is not considered to be the data subject pursuant to Article 4(1) GDPR. At the same time, the parent can submit a data subject request to62 KB (9,999 words) - 10:21, 7 December 2022
- BGH - I ZR 2/21 (category Article 6(1)(f) GDPR)relief neither on the KUG nor on the GDPR because the comprehensive weighing required by both Article 6(1)(f) GDPR and §§ 22, 23 KUG led to the same result66 KB (11,440 words) - 15:55, 30 March 2022
- VG Köln - 13 L 1707/21 (category Article 4(2) GDPR)processing according to Article 4(2) GDPR In its decision, the court considered only the list of examples laid down in Article 4(2) GDPR, although the list15 KB (2,273 words) - 15:58, 18 March 2022
- Court of Appeal of Brussels - 2021/AR/205 (category Article 6 GDPR)processing plea 6: the right to object - Article 21(1) AVG plea 7: Article 12(3) TFEU - no infringement plea 8: Article 20 AVG-Right of transfer-the warning-not92 KB (14,873 words) - 09:03, 20 August 2021
- CNIL (France) - SAN-2021-014 (category Article 16 GDPR)provided for in Article 16 of the Rules. 2. On the failure to comply with data erasure requests 39. According to article 17 of the GDPR "the data subject37 KB (6,021 words) - 07:23, 23 September 2021
- OLG Karlsruhe - 12 U 305/21 (category Article 12 GDPR)among other things, on Article 15 GDPR. The court of first instance decided to reject the claim and argued that Article 15 GDPR only provides data subjects38 KB (6,239 words) - 10:47, 15 February 2023
- Administrative court Luxembourg - 45128 (category Article 6(1)(e) GDPR)reference the GDPR on its own, without any of the involved parties bringing this up. The court referred to Article 6(1)(e) GDPR and recital 45, and reiterated44 KB (6,803 words) - 08:33, 21 November 2022
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 5(1)(b) GDPR)according to Article 4, point 11, as well as the Restrictions according to Article 7 GDPR. (149) According to Article 5 (1) point b) of the GDPR, personal140 KB (23,189 words) - 08:25, 20 February 2024
- CJEU - C-118/22 - Direktor na Glavna direktsia "Natsionalna politsia" pri MVR - Sofia (category Article 5(1)(e) GDPR)data subject argued that Article 5,13 and 14 LED (the roughly equivalent GDPR articles would be Article 5(1)(e), 13 and 15 GDPR) do not permit the police8 KB (1,080 words) - 10:11, 15 February 2024
- Rb. Midden-Nederland - C/16/530061 / KG ZA 21-617 (category Article 6(1)(f) GDPR)concerns Article 9 AVG instead of Article 10 AVG and Article 9 AVG does not apply to criminal personal data (see legal ground 4.23 and MvT to Article 22 UAVG)38 KB (6,263 words) - 16:40, 15 June 2022
- FG Berlin-Brandenburg - 16 K 5148/20 (category Article 4(7) GDPR)processing (Article 18 GDPR), right to data portability (Article 20 GDPR) and right to object (Article 21 GDPR). The right to information under Art. 15 GDPR cannot45 KB (7,420 words) - 18:15, 12 March 2024
- Personvernnemnda (Norway) - PVN-2022-22 (category Article 9 GDPR)processing of sensitive personal data under Article 9 GDPR and their lack of valid consent to do so under Article 6(1) GDPR. In 2020, the Norwegian Consumer Council91 KB (14,440 words) - 10:06, 17 November 2023
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)According to Article 94 of the GDPR "references to the repealed directive must be understood as references to the [GDPR]". 84. Under Article 4, paragraph82 KB (13,428 words) - 17:02, 6 December 2023
- NAIH (Hungary) - NAIH-5377-12/2023 (category Article 5(1)(c) GDPR)the basis of Article 2 (1) of the GDPR, the GDPR shall apply to the data processing in this case apply. (19) Article 5 (1) point c) GDPR: Personal data39 KB (5,747 words) - 14:31, 6 November 2023
- DSB (Austria) - 2023-0.603.142 (category Article 31 GDPR)accordance with Article 31 of the GDPR, Article 31, due to the security breach , GDPR. According to Article 83 Paragraph 4 Letter a of the GDPR, these two provisions76 KB (12,550 words) - 09:24, 28 February 2024
- EDPB - Urgent Binding Decision 01/2023 (category Article 6(1)(f) GDPR)advertising purposes on the basis of Article 6(1)(b) GDPR and Article 6(1)(f) GDPR, pursuant to Article 58(2)(f) GDPR, to be effective one week after notification346 KB (48,181 words) - 16:39, 12 December 2023
- VwGH - Ro 2021/04/0010-11 (category Article 4(4) GDPR)background of Article 22 GDPR. The Court found that the controller’s algorithmic process in itself is an automated decision under Article 22(1) GDPR, based on144 KB (21,026 words) - 14:50, 27 March 2024
- Datatilsynet (Denmark) - 2023-431-0001 (category Article 5(1)(a) GDPR)breached Article 6(1)(e) GDPR and ordered all 53 municipalities to bring their processing in line with Article 5(1)(a) GDPR, Article 6(1) GDPR, by ensuring158 KB (25,068 words) - 12:28, 14 February 2024
- Garante per la protezione dei dati personali (Italy) - 9746047 (category Article 5(1)(a) GDPR)violation of Articles 5(1)(a) and (c) GDPR, as well as in breach of the adequate information requirements under Article 13 GDPR. Based on these infringements,15 KB (2,365 words) - 13:17, 23 February 2022
- APD/GBA (Belgium) - 72/2021 (category Article 6(1)(e) GDPR)conditions provided for in Article 6.1.e) are met by the species. Under Article 6.3.b) and recital 45 of the GDPR, processing based on Article 6.1.e) must meet two57 KB (8,330 words) - 11:53, 30 June 2021
- AEPD (Spain) - PS/00267/2020 (category Article 7 GDPR)to data transfers would not be valid in accordance with Article 49(1) GDPR and Article 7 GDPR, given that consent was required within the contract without208 KB (33,882 words) - 14:25, 24 November 2022
- VwGH - Ra 2020/04/0187 (category Article 83 GDPR)under Article 83 GDPR and the question of the compatibility of § 30 Datenschutzgesetz (Austrian Data Protection Act - DSG) with Article 83 GDPR to the16 KB (2,370 words) - 14:56, 6 December 2023
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)violated the general data protectionArticle 5 (1) (a), Article 5 (2), Article 12 (1) and (4) ofArticle 14, Article 15 and Article 21 (4).1.3. The Authority condemns192 KB (30,170 words) - 10:11, 17 November 2023
- NAIH (Hungary) - NAIH-3734-15/2023 (category Article 6(1)(f) GDPR)legislation (30) Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data processing in this case. (31) Recital (47) GDPR: The data controller48 KB (7,721 words) - 11:09, 10 January 2024
- VG Cottbus - VG 4 K 1191/19 (category Article 4(2) GDPR)is done using a water meter and its readout. Article 12(5) GDPR in conjunction with Article 18(1)(d) GDPR does not prevent the charging of an administrative75 KB (12,396 words) - 12:11, 30 March 2022
- NAIH (Hungary) - NAIH-1743/2021 (category Article 5(1) GDPR)pursuant to Article 58 (2) (b) of the GDPR. condemns the Applicant for violating Article 5 (1) (a) of the GDPR; (b) and (c), Article 6 and Article 9. (50)47 KB (7,131 words) - 11:05, 21 January 2022
- Rb. Amsterdam - AMS 22/1414 (category Article 17 GDPR)regarded as a request under the General Data Protection Regulation (GDPR). Article 34 of the Gdpr Implementation Act states that a decision on such a request by12 KB (1,857 words) - 14:27, 20 April 2022
- FG München - 15 K 118/20 (category Article 4(7) GDPR)objective of Article 15 GDPR. Despite the obligation of the controller under Article 12(1) GDPR, it cannot the objective of Article 15 GDPR that the controller85 KB (14,338 words) - 22:04, 9 February 2022
- APD/GBA (Belgium) - 137/2023 (category Article 12(1) GDPR)transparency under Article 12(1) GDPR and Article 14 GDPR, as the controller had failed to fulfill the informational obligations under Article 14 GDPR. The municipality52 KB (7,789 words) - 11:38, 11 October 2023
- NAIH (Hungary) - NAIH-85-3/2022 (category Article 5(1)(a) GDPR) (section Fine and order to comply with GDPR)(EU) No Article 5 (1) (a) and (b), Article 6 (1), Article 6 (4) Article 12 (1), Article 13, Article 21 (1) and (2), Article 24 (1), Article 25 Article 1 (1)147 KB (23,028 words) - 13:36, 28 February 2023
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)the alleged violation of article 28 of the RGPD in relation to the Article 24 of the RGPD punishable in accordance with article 83.4 of the RGPD, for the287 KB (48,336 words) - 13:53, 13 December 2023
- Persónuvernd (Iceland) - 2022050940 (category Article 5(1) GDPR)under Article 15 GDPR. The company also believed that it was not obliged to carry out a data protection impact assessment under Article 35 GDPR due to31 KB (4,851 words) - 05:33, 9 May 2023
- VwGH - Ro 2019/04/0229 (category Article 4(7) GDPR)30 DSG with Article 83 GDPR, to the CJEU for a preliminary ruling under Article 267 TFEU. This case law has a wide-ranging impact on GDPR-fines in Austria59 KB (8,848 words) - 12:41, 16 September 2021
- VG Weimar - 3 K 1832/20 We (category Article 80 GDPR)to mandate an organisation to lodge a complaint in their name under Article 80 GDPR. A similar right is also found in the national law, with the difference28 KB (4,687 words) - 10:02, 14 September 2022
- mechanism (see Article 56 GDPR). During the appeal procedure, however, the AEPD claimed that only Article 22 LSSI (which also stems from Article 5(3) ePrivacy31 KB (4,895 words) - 11:51, 2 May 2024
- APD/GBA (Belgium) - 49/2023 (category Article 6(1)(e) GDPR)scope of Article 9(1) GDPR. Since Article 9 GDPR was not applicable, the DPA examined the lawfulness of the processing under Article 6(1)(e) GDPR which was57 KB (8,705 words) - 11:48, 16 May 2023
- Garante per la protezione dei dati personali (Italy) - 9855545 (category Article 5 GDPR)The Italian DPA reprimanded the Order for violating Articles 5(1)(a) and 6 GDPR. In this case the data subject, an Italian doctor, made critical statements78 KB (12,518 words) - 13:52, 1 March 2023
- Rb. Den Haag - C/09/550982/HA ZA 18/388 (category Article 5(1)(b) GDPR)particular with Article 8 of the ECHR, Articles 7 and 8 of the Charter and/or Article 17 of the ICCPR; and/or Article 6 and/or Article 13 of the ECHR;128 KB (21,722 words) - 16:14, 10 March 2022
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)under Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR143 KB (24,273 words) - 15:59, 10 March 2022
- provisions of Article 9. Act no. 90/2018. This is most likely to be considered here in item 6. Article 9 of the Act, cf. paragraph 1 e. Article 6 of the Regulation21 KB (3,273 words) - 10:42, 22 June 2020
- AEPD (Spain) - PS/00070/2019 (category Article 7 GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- APD/GBA (Belgium) - 141/2022 (category Article 17 GDPR)under Article 10 ECHR and Article 11 of the Charter. The DPA also added the GDPR provided an exception to its own, specifically Article 17(3)(a) GDPR, which25 KB (3,628 words) - 16:09, 9 November 2022
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)personal data in the context of telephone jokes. Article 6 GDPR (legality of processing) and Articles 13 and 14 GDPR (transparency) were infringed. The decision206 KB (32,869 words) - 14:36, 13 December 2023
- APD/GBA (Belgium) - 15/2023 (category Article 7(1) GDPR)of Article 6(1)(e) are met. II.2. Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) and (2) of the AVG II.2.1. Article 5 (2) GDPR, Article105 KB (15,883 words) - 15:05, 8 March 2023
- AEPD (Spain) - PS/00188/2021 (category Article 6(1) GDPR)for: processing personal data without a legal basis, in breach of Article 6(1) GDPR: €70,000 and; not complying with their obligation to erase the data33 KB (5,242 words) - 11:42, 11 August 2021
- IMY (Sweden) - IMY-2022-1621 (category Article 4(7) GDPR)consent under Article 9(2)(a) GDPR were met. The DPA noted that the statements of the controller referred to the exception in Article 9(2)(g) GDPR. National145 KB (16,497 words) - 08:54, 19 October 2022
- DSB (Austria) - 2023-0.789.858 (category Article 12(3) GDPR)to Article 58 Paragraph 2 Letter i and Article 83 Paragraph 1 to 6 GDPR Article 58 Paragraph 2 Litera i and Article 83 Paragraph One , up to 6 GDPR are57 KB (9,442 words) - 08:55, 17 January 2024
- ICO - Monetary Penalty on Marriott International Inc. (category Article 5(1)(f) GDPR)Recital 7. 7 See, i particular, Recitals 11, 148, 150, and Article 5, Chapter IV and Article 83. The relevant obligations 2.5. Chapter 1 GDPR sets out241 KB (31,368 words) - 09:59, 9 May 2022
- IDPC (Malta) - CDP/IMI/LSA/22/2021 (category Article 12(3) GDPR)risk of the processing pursuant to Article 32(1) GDPR. The DPA held that the controller infringed Article 12(3) GDPR, when it failed to reply to an access18 KB (2,190 words) - 09:57, 23 May 2023
- OLG Celle - 13 U 84/19 (category Article 16 GDPR)from the scope of Article 16 GDPR, in my opinion, already follows from the word "inaccurate" in the first sentence of Article 16 GDPR and does not need53 KB (8,795 words) - 11:53, 2 March 2022
- TA Luxembourg - N° 46189 (category Article 6(1)(f) GDPR)controller (Article 6(1)(e) GDPR), as long as this is laid down in national law (Article 6(3)(b) GDPR). The Tribunal then looked into Article 12(5) of the45 KB (7,132 words) - 07:47, 21 October 2021
- TA Luxembourg - N° 46416 (category Article 96 GDPR)Articles 45, 46 and 49 GDPR; similarly, he believes that the administration of direct contributions cannot be based on Article 96 of the GDPR according64 KB (10,128 words) - 08:51, 24 November 2021
- ICO (UK) - Emailmovers Limited (category Article 4(7) GDPR)also Recital 32. 10. The conditions for "consent" are set out in UK GDPR Art 7. Article 7(1) states, relevantly: "1. Where processing is based on consent,29 KB (4,150 words) - 12:48, 3 August 2021
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- APD/GBA (Belgium) - 85/2022 (category Article 7(1) GDPR)principle unlimited. 7. Non-compliance with the withdrawal of consent (potential violation of Article 7.3 GDPR): ▪ Article 7.3 of the GDPR provides that the171 KB (24,826 words) - 15:55, 18 June 2022
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)the data subject (Article 12 AVG), right to rectification (Article 16 AVG), data protection by design and default settings (Article 25 AVG) and the duty90 KB (14,937 words) - 12:35, 3 August 2022
- VG Neustadt an der Weinstraße - 3 L 763/22.NW (category Article 6(1)(e) GDPR)court upheld Article 6(1)(e) GDPR as the legal basis for the processing of personal data. Furthermore, according to the court, Article 9(2)(j) GDPR states that54 KB (8,511 words) - 09:03, 16 December 2022
- APD/GBA (Belgium) - 47/2022 (category Article 35(7) GDPR) (section 7. Data protection by default and data minimisation)the meaning of Article 9 of the GDPR must indeed be based on Article 9.2 of the GDPR, read in conjunction with Article 6.1 of the GDPR. 24 This has been207 KB (31,357 words) - 14:21, 8 June 2022
- CNIL (France) - SAN-2020-008 (category Article 5(1)(e) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- Rb. Midden-Nederland - C/16/531572 / KG ZA 21-672 (category Article 4(1) GDPR)consulted before processing, pursuant to Article 36 GDPR. Fourth, the Court noted that, pursuant to Article 10 GDPR and Article 31 Implementation Act, the IP addresses59 KB (9,649 words) - 08:09, 20 October 2022
- NSA - III OSK 25287/21 (category Article 6(1)(c) GDPR)The Polish Supreme Administrative Court ruled, taking into account Article 86 GDPR, that the Polish DPA could not overrule a court decision ordering the59 KB (9,782 words) - 15:11, 7 December 2022
- Subdistrict Court on the basis of the provisions of Article 7:671 b paragraph 1 under a and Article 7:669 paragraph 3 under e (culpable act or omission)27 KB (4,150 words) - 13:42, 27 July 2022
- APD/GBA (Belgium) - 18/2023 (category Article 5(1)(a) GDPR)could constitute a violation of Article 5.1.a and Article 6.1 of the GDPR. - pursuant to Article 58.2.c) of the GDPR and Article 95, §1, 5° of the LCA, to order29 KB (4,332 words) - 13:51, 21 March 2023
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)provided for in Article 9 of the GDPR or Article 51 of the ZZLD. 30 Under Article 27 of the ZMVR, data recorded by the police pursuant to Article 68 of that110 KB (18,000 words) - 08:01, 5 June 2023
- Tietosuojavaltuutetun toimisto (Finland) - 9707/152/19 (category Article 12(3) GDPR)sessions, within the Article 12(3) GDPR time limit. Moreover, the DPA declared that the therapist had breached Article 12(4) GDPR, as they did not inform46 KB (7,186 words) - 14:12, 18 October 2023
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- DSB (Austria) - 2021-0.518.795 (category Article 4(7) GDPR)legal basis under Article 9(2) GDPR for sending the medical assessment, which contained health data under Article 14 GDPR#15Article 4(15) GDPR, to the municipality29 KB (4,581 words) - 10:13, 10 March 2022
- CE - N° 399922 (category Article 17 GDPR)made public. Google Inc. seeks the annulment of that decision. 3. First, Article 45 of the Law of 6 January 1978, as applicable at the date of the contested21 KB (3,303 words) - 16:05, 22 March 2022
- Datatilsynet (Denmark) - 2023-212-0015 (category Article 6(1)(e) GDPR)wished to rely on Articles 6(1)(e) and 9(1)(g) GDPR. Under Article 6(3) GDPR, reliance on Article 6(1)(e) GDPR as a legal basis for processing must be laid56 KB (8,857 words) - 12:38, 29 November 2023
- DPC (Ireland) - Whatsapp Ireland Limited - IN-18-5-6 (category Article 7 GDPR)case to the Irish DPA (DPC) under article 56 GDPR, and in accordance with the procedure outlined in Article 60 GDPR. Responding to the Complainant’s assertions32 KB (4,686 words) - 14:17, 1 February 2023
- Persónuvernd - 2020010548 (category Article 2(2)(c) GDPR)Paragraph 1 Article 45 Act no. 90/2018. It says: If the instructions of the Data Protection Authority are not complied with, cf. Points 6, 7 and 9 Article 42 of23 KB (3,745 words) - 09:50, 6 May 2021
- CNIL (France) - SAN-2022-024 (category Article 3 GDPR)offer services to data subjects in the EU (Article 3(2)(a) GDPR). The DPA concluded that Article 3(2)(b) GDPR was also not applicable. The DPA mentioned30 KB (4,714 words) - 10:34, 4 January 2023
- AEPD (Spain) - PS/00281/2022 (category Article 4(1) GDPR)for a violation of article 58.2 c) of the GDPR, in accordance with article 83.6 of the GDPR, classified as very serious in article 72.1.m) of the LOPDGDD313 KB (53,033 words) - 10:20, 7 June 2023
- Commissioner (Cyprus) - 1.17.001.007.270 (category Article 5(1)(a) GDPR)rescission of X's membership, AAEA had violated Article 5(1)(a) GDPR, Article 6(1) GDPR and Article 9(1) GDPR. The Commissioner therefore decided to impose64 KB (10,097 words) - 08:07, 27 October 2021
- District Court Warsaw-Praga (Poland) - II C 1228/19 (category Article 4(12) GDPR)designated by Union or Member State law (Article 4(7) of the GDPR). According to Art. 4 point 12 of the GDPR, "personal data breach" means a breach of27 KB (4,466 words) - 12:28, 31 January 2023
- Court of Appeal - (2021) IECA 53 (category Article 4(11) GDPR)these allegations, she placed reliance upon Recitals 1, 4 and 7 together of Article 4(11) of GDPR. Whelan J., has stated the evidence indicates that the disclosure136 KB (23,256 words) - 13:47, 29 April 2021
- VerfGH Saarland - VerfGH Lv 15/20 (category Article 6(1)(a) GDPR)basis of consent, Article 6 (1) (a) GDPR. In particular, Article 6 (1) (c) (legal obligation of the controller and Article 6 (1) (e) GDPR (public interest)66 KB (10,700 words) - 14:15, 20 September 2021
- Rb. Amsterdam - C/13/682421 / KG ZA 20-336 (category Article 6(1) GDPR)event has occurred or may occur in the Netherlands (Article 6, opening words and under e, Rv, and Article 7(2) of Regulation (EU) 1215/2012 on jurisdiction30 KB (4,796 words) - 16:13, 10 March 2022
- APD/GBA (Belgium) - 99/2023 (category Article 5(1)(c) GDPR)to the GDPR in execution of article 2.1. of the GDPR. II.2. Regarding compliance with Article 6 of the GDPR (lawfulness) 24. Pursuant to Article 6 of the33 KB (5,012 words) - 14:07, 26 July 2023
- EDPB Plenary 3/Minutes (section International cooperation for the protection of personal data - Article 50 GDPR – state of play and discussion (Rapporteur: [REDACTED])lists that had been submitted to the EDPB for an opinion according to Art. 64 GDPR. Five items - with different options were submitted for a decision of the13 KB (1,695 words) - 19:45, 6 June 2020
- VG Ansbach - 14 K 19.01274 (category Article 77 GDPR)the GDPR also applied to facts before the above-mentioned date. The Court noted that the entry-into-force of the GDPR according to Article 99 GDPR represents33 KB (5,554 words) - 11:06, 19 November 2021
- preceding paragraph prescribes after 6 months, in accordance with article 45 of the LSSI. III Article 21.1 of the LSSI expressly prohibits commercial communications26 KB (4,069 words) - 15:51, 1 December 2021
- VGH München - BeckRS 2021, 36742 (category Article 9(2)(i) GDPR)general personality rights (Article 2 (1) in conjunction with Article 1 (1) GG) of the applicant and violates Article 9 (1) GDPR. Voluntary consent (Art.33 KB (5,353 words) - 12:40, 26 January 2022
- Garante per la protezione dei dati personali (Italy) - 9972788 (category Article 5(1)(a) GDPR)controller in violation of Article 5(1)(a) GDPR, Article 6 GDPR, and Article 13 GDPR. To begin with, in terms of Article 6 GDPR, the DPA rejected the controller's31 KB (4,724 words) - 11:01, 31 January 2024
- Rb. Noord-Nederland - C/18/194754 / HA RK 19-64 and C/18/197707 / HA RK 20-22 (category Article 17(1)(c) GDPR)of the media, as enshrined in Article 11 of the Charter; further compare Article 10 ECHR, Article 7 Constitution and Article 17(3)(a) AVG. This may be different33 KB (5,593 words) - 08:22, 24 November 2020
- VG Berlin - VG 3L 1028.19 (category Article 17(1)(a) GDPR)the requirements of Article 17 GDPR fulfilled and would the defendant require to delete the school record? Article 17 (1) (a) GDPR grants a right to delete30 KB (4,986 words) - 15:50, 17 March 2022
- Datatilsynet (Norway) - 23-114365TVI-TOSL/08 and 23-114359TVI-TOSL/08 (category Article 6(1)(b) GDPR)because, under the GDPR, Facebook Norway could not be considered a data controller under Article 4(7) GDPR and Articles 66(1) and 61(8) GDPR were used incorrectly113 KB (18,098 words) - 11:57, 13 September 2023
- (“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)31 KB (4,210 words) - 15:26, 20 June 2023
- NAIH (Hungary) - NAIH/2020/974/4 (category Article 5(1)(a) GDPR)breach of the General Data Protection Regulation5. Article 5 (1) (a), Article 5 (2) and Article 13 Article 1 (1) to (2). III.3. JogkövetkezményekIII.3.1. The67 KB (10,815 words) - 10:11, 17 November 2023
- VG Wiesbaden - 6 L 738/21.WI (category Article 4(7) GDPR)so Article 48 GDPR does not apply. Moreover, the Court considered that none of the conditions referred to in Article 49(1) and Article 49(2) GDPR is fulfilled35 KB (5,925 words) - 09:07, 22 December 2021
- LAG Düsseldorf - 12 Sa 186/19 (category Article 9 GDPR)entitled to a claim under Article 82 (1) GDPR, which he could also base on Article 823 (1) BGB in conjunction with Article 2 (1) and Article 1 (1) GG. The defendant120 KB (20,753 words) - 17:06, 7 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)aggravating circumstance according to Article 83(2)(i) or as a separate violation according to Article 83(5)(e) or Article 83(6). Since the situation at hand71 KB (11,552 words) - 13:40, 12 January 2024
- APD/GBA (Belgium) - 66/2021 (category Article 4(3) GDPR)indictments. 2.2. Identification of the controller (Article 4.7 GDPR) 71. In accordance with Article 4.7 of the GDPR, the controller should be considered: the “natural88 KB (13,010 words) - 20:12, 30 December 2021
- Garante per la protezione dei dati personali (Italy) - 9936215 (category Article 5(1)(a) GDPR)authorisation from the data subject. This breached Article 5(1)(a) GDPR, Article 6 GDPR, Article 13 GDPR, and Article 157 of the Italian Privacy Code. GFB One s30 KB (4,688 words) - 08:49, 15 November 2023
- VG Frankfurt am Main - 5 L 623/21.F (category Article 23 GDPR)according to Article 23 GDPR, restrictions of obligations and rights under Article 12 GDPR - Article 22 GDPR Article 34 GDPR and Article 5 GDPR, insofar as30 KB (4,766 words) - 15:12, 8 September 2021
- EDPB - Urgent Binding Decision 1/2021 - 'WhatsApp' (category Article 7 GDPR)decision under Article 66(2) GDPR ............ 7 2.1 Existence of a request pursuant to Article 66(2) GDPR coming from a SA in the EEA............ 7 2.2 The SA188 KB (31,298 words) - 12:31, 20 January 2023
- APD/GBA (Belgium) - 11/2022 (category Article 7 GDPR)interpreted Article 5.3 of the Directive Privacy and electronic communications using the GDPR, specifically on the basis of Article 4.11, Article 6.1.a GDPR (consent92 KB (13,989 words) - 14:56, 3 February 2022
- VG Mainz - 1 K 467/19.MZ (category Article 7 GDPR)under Article 9(1) and Article 4(15) GDPR but the transfer was nevertheless admissible pursuant to Article 9 GDPR, as the strict requirements of Art 7 DSGVO34 KB (5,514 words) - 15:11, 22 March 2022
- HDPA (Greece) - 47/2023 (category Article 12(1) GDPR)provisions of article 12 para. 1, 2 GDPR in combination with the provisions of article 15 para. 1, 3 GDPR, and addresses a reprimand according to article 58 par36 KB (6,028 words) - 07:43, 20 March 2024
- VG Ansbach - AN 14 K 19.01274 (category Article 77 GDPR)judicial review under Article 78 GDPR. The disputed infringement occurred before the GDPR came into legal force according to Article 99 GDPR. Therefore, the35 KB (5,807 words) - 14:24, 12 October 2022
- CNIL (France) - SAN-2022-018 (category Article 5(1)(e) GDPR)of the processing pursuant to Article 5, paragraph 1, e) of the GDPR 19. According to Article 5, paragraph 1, e) of the GDPR, personal data must be kept36 KB (5,637 words) - 18:59, 21 September 2022
- ICO (UK) - We Buy Any Car Limited (category Article 4(11) GDPR)went on to inform the Commissioner that during the period 7 April 2019 to 7 April 2020 it sent 207.7 million email messages, of which 205.5 were delivered41 KB (5,743 words) - 11:44, 21 September 2021
- Garante per la protezione dei dati personali (Italy) - 9920977 (category Article 13 GDPR)conformity with the data subject’s rights of information under Article 13 GDPR and Article 14 GDPR, the hospital should firstly make clear what the legal basis92 KB (14,476 words) - 08:25, 19 September 2023
- LG Augsburg - 022 O 2669/22 (category Article 5(1)(f) GDPR)13, 14 GDPR), also the defendant clearly and in ease language pointed to the default settings, so no breach of Article 25 GDPR or Article 32 GDPR either26 KB (4,101 words) - 10:24, 13 March 2024
- NAIH (Hungary) - NAIH/4410-1/2023 (category Article 6(1)(f) GDPR)shall comply with Article 6 (1) of the GDPR and Article 13 (1) of the GDPR- (2) of the GDPR and Article 58 (2) point b) of the GDPR decided in accordance30 KB (4,522 words) - 13:15, 26 July 2023
- VG München - M 32 K 20.2879 (category Article 6(2) GDPR)recitals of the GDPR and to Article 86 GDPR which concerns public access to official documents, as well as Article 6(2) GDPR and Article 6(3) GDPR which provides34 KB (5,661 words) - 13:40, 20 September 2021
- OLG Dresden - 4 U 324/21 (category Article 15 GDPR)pecuniary damages under Article 1, in conjunction with Article 2(1) Grundgesetz or for non-pecuniary damages under Article 82 GDPR because of the loss of28 KB (4,704 words) - 15:29, 10 November 2021
- KG Berlin - 3 Ws 250/21 - 161 AR 64/21 (category Article 83 GDPR)controllers and processors (Article 4(7) and (8) of the GDPR) as well as the certification body in the case of Article 83(4b) of the GDPR and the supervisory authority38 KB (5,956 words) - 11:41, 21 January 2022
- WSA Warsaw - II SA/Wa 1635/20 (category Article 6(1)(c) GDPR)expressed in Article 6 of the Code of Administrative Procedure and Article 7 in principio of the Code of Administrative Procedure as well as Article 7 of the37 KB (5,880 words) - 08:26, 20 May 2021
- DSB (Austria) - 2023-0.583.644 (category Article 5(1)(a) GDPR)meaning of Article 6 Paragraph 1 Letter a in conjunction with Article 7 GDPR Article 6, paragraph one, letter a, in conjunction with Article 7 GDPR. Finally93 KB (15,554 words) - 10:04, 15 February 2024
- Datatilsynet (Norway) - 21/02504 (category Article 5(2) GDPR)without a legal basis under Article 6(1) GDPR and for not adhering to the accountability principle as per Article 5(2) GDPR, cf. Article 24. The DPA also requires40 KB (5,993 words) - 05:16, 16 February 2022
- LG Köln - 13 K 278/21 (category Article 9(1) GDPR)controller responsible for violating Article 9 GDPR and ruled a compensation of €1,000 on the basis of Article 82(1) GDPR. The data subject was a federal civil35 KB (5,679 words) - 11:27, 2 August 2023
- CNPD (Luxembourg) - Délibération n° 17FR/2021 (category Article 5(1)(c) GDPR)non-compliance with the requirements of Article 5.1.c) of the GDPR and non-compliance with the requirements of article 5.1.e) of the GDPR. 10. On February 28, 2020,44 KB (6,212 words) - 08:28, 16 June 2021
- ICO (UK) - Tempcover Ltd (category Article 4(11) GDPR)(“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)40 KB (5,684 words) - 18:42, 16 February 2022
- APD/GBA (Belgium) - 07/2024 (category Article 5(1)(c) GDPR)of the GDPR has violated: iv. Article 4.11), Article 5.1.a) and 5.2, Article 6.1.a), as well as Article 7.1 and 7.3 GDPR; v. Article 5, Article 24.1, as350 KB (51,369 words) - 09:25, 31 January 2024
- IP - 07120-1/2020/25 (category Article 4(5) GDPR)emphasized that the processing requires an adequate legal basis (under Article 6 and 9 GDPR) for the controller. According to the IP, the question to ask is24 KB (3,577 words) - 15:31, 14 April 2021
- ICO - FS50834927 (category Article 4(1) GDPR)data within the meaning of Article 4(1) GDPR? Does a disclosure of personal data under the FOIA fall under Article 6(1)(f) GDPR? The ICO first held, that24 KB (3,788 words) - 16:22, 7 March 2022