Search results
From GDPRhub
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 46 GDPR (category GDPR Articles) (section (c) Standard data protection clauses adopted by the Commission under Article 93(2))access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 42 GDPR (category GDPR Articles) (section (2) Demonstrating safeguards through data protection certification mechanisms, seals or marks)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- DSB (Austria) - 2021-0.586.257 (category Article 46(2)(c) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- (see Article 52 GDPR) and shall be provided with various competencies (Articles 55, 56 GDPR), tasks (Article 57 GDPR) and powers (Article 58 GDPR). For125 KB (16,328 words) - 16:01, 8 March 2024
- LG Köln - 33 O 376/22 (category Article 46(2)(c) GDPR)protection within the meaning of Article 45 of the GDPR and without appropriate safeguards within the meaning of Article 46 of the GDPR. Furthermore, the plaintiff66 KB (9,990 words) - 12:30, 29 January 2024
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 46(2) GDPR)fine of €2,400,000 pursuant of Article 83(5)(c) GDPR for the breach of the international personal data transfer regime (Articles 44 and 46(2) GDPR). The service163 KB (27,222 words) - 16:54, 6 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 46(2)(c) GDPR)the completed between the MB and the BF2 Standard data protection clauses in accordance with Article 46 (2) (c) GDPR are supported. also be the additional158 KB (26,392 words) - 08:25, 7 June 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(2) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- Datatilsynet (Norway) - 20/03771 (category Article 46(2)(c) GDPR)and consequent transfer of personal data to the US in violation of Article 44 GDPR, as they did not have sufficient supplementary measures in place. Following15 KB (2,045 words) - 18:58, 7 March 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- CE - 450163 (category Article 46(2)(c) GDPR)C-311/18, the Court of Justice of the European Union ruled that Article 46(1) and Article 46(2)(c) of Regulation 2016/679 must be interpreted as meaning that26 KB (3,744 words) - 16:36, 10 August 2021
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- DPC (Ireland) - IN-20-8-1 (category Article 46 GDPR)of standard contractual clauses adopted by the Commission under Article 46(2)(c) GDPR even before the CJEU passed the Schrems II decision. First, the Irish7 KB (952 words) - 10:22, 24 May 2023
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))decision". Similar to the ex-ante information in Article 13(2)(f) and 14(2)(f) GDPR, Article 15(2) GDPR requires that in case the controller transfers data73 KB (9,896 words) - 15:46, 18 March 2024
- elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- from Articles 13(2)(b) and 14(2)(c) GDPR. However, Article 21(4) GDPR specifies that the right to object under Article 21(1) and 21(2) GDPR (i.e. the right49 KB (5,993 words) - 06:22, 16 June 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 94 GDPR (category Article 94 GDPR)Directive 95/46/EC remain in force until amended, replaced or repealed. Article 94 GDPR repeals Directive 95/46/EC and brings into effect the GDPR on the same13 KB (530 words) - 09:40, 3 October 2023
- affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- Article 17 GDPR (category GDPR Articles) (section (ii) Erasure following objection under Article 21(2))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- Article 32 GDPR (category GDPR Articles) (section (2) Certain risks must always be taken into account)Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- principles of Directive 95/46/EC stayed the same in the GDPR. In practice the large convergence between Directive 95/46/EC and the GDPR meant that previous decisions48 KB (5,978 words) - 15:57, 1 February 2024
- in Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- Article 12 GDPR (category GDPR Articles) (section (2) Facilitation of the exercise of rights and identification)are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 6 (available here). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’37 KB (4,635 words) - 13:29, 24 October 2023
- Article 30 GDPR (category GDPR Articles) (section (2) Record of processing activities by the processor)applicability of Article 49(1) GDPR, the documentation of suitable safeguards (Article 30(2)(c) GDPR). See commentary under Article 30(1)(e) GDPR. The processor's31 KB (3,327 words) - 15:31, 5 June 2023
- Article 49 GDPR (category GDPR Articles)adequacy decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate29 KB (3,500 words) - 08:54, 27 March 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- information as outlined in Articles 13 and 14 of the GDPR (see above). Article 26(2) of the GDPR emphasizes the significance of these specific obligations37 KB (3,915 words) - 12:49, 24 May 2023
- Article 97 GDPR (category Article 97 GDPR)years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the16 KB (778 words) - 08:24, 19 October 2023
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- to in point (d) of Article 46(2) and in Article 28(8); (e) aims to authorise contractual clauses referred to in point (a) of Article 46(3); or (f) aims to23 KB (2,079 words) - 16:07, 2 November 2023
- must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller52 KB (7,297 words) - 08:05, 18 July 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 69 GDPR (category Article 69 GDPR) (section (2) The Board shall neither seek nor take instructions from any body)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e)31 KB (3,646 words) - 08:51, 21 July 2023
- exercise on their behalf all rights foreseen under Articles 77 and 78 GDPR and Article 20 of L. 4624/2019. The mandate shall be given with a specific written23 KB (2,039 words) - 08:15, 25 April 2024
- and jurisdiction provisions (Articles 47(1)(b), 47(2)(d), 47(2)(e), 47(2)(g), 47(2)(i), 47(2)(l) GDPR); a duty for the EU BCR member to accept responsibility29 KB (2,823 words) - 15:15, 28 April 2022
- Article 34 GDPR (category GDPR Articles) (section (2) Minimal requirements of the controller's communication to the data subject)meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Article 16 GDPR (category GDPR Articles)related decisions in Category:Article 16 GDPR Meents, Hinzpeter in Taeger, Gabel, DSGVO – BDSG, Article 16 GDPR, margin number 2 (Deutscher Fachverlag, 4th23 KB (2,489 words) - 23:24, 6 March 2024
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 7 GDPR (category GDPR Articles) (section (2) Consent request in the context of a written declaration concerning other matters)accountability in Article 5(2) GDPR, paragraph (2) specifies further requirements in the general principle of transparency under Article 5(1)(a) GDPR, paragraph31 KB (3,489 words) - 16:00, 8 March 2024
- Article 33 GDPR (category GDPR Articles) (section (2) Processor's notification in the event of a personal data breach)decisions in Category:Article 33 GDPR There was no equivalent to Article 33 GDPR under the Data Protection Directive 95/46/EC. Indeed, Article 17 of the Directive54 KB (6,536 words) - 08:22, 16 June 2023
- Article 75 GDPR (category Article 75 GDPR) (section (2) Exclusive Performance of Tasks under the Instructions of the Chair)Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)organisation), Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats17 KB (1,096 words) - 08:19, 19 October 2023
- Article 59 GDPR (category GDPR Articles)accordance with Article 58(2) [GDPR]”. These is a reference to the information that SAs must keep in internal records according to Article 57(1)(u) GDPR. The report15 KB (718 words) - 15:31, 19 October 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- Datenschutzrecht, Article 73 GDPR, margin number 3 (C.H. Beck 2019, 1st edition). Nguyen, in Gola, DS-GVO, Article 73 GDPR, margin number 2 (C.H. Beck 2018, 2nd edition);19 KB (1,530 words) - 14:23, 12 October 2023
- entering the contract, Article 22(2)(a) GDPR does not mention this additional aspect. In any case, the application of Article 22(2)(a) GDPR is always subjected31 KB (4,768 words) - 06:24, 16 June 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)under Article 79 GDPR – or both. This flexibility allows for parallel proceedings under both Article 77 GDPR and under Article 79 GDPR. As the GDPR foresees31 KB (3,550 words) - 11:11, 29 November 2023
- Beck, 2018, 2nd edition). We refer, in that respect, to the Commentary on Article 2(2)(c) GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)contrast to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not32 KB (3,730 words) - 08:43, 7 March 2024
- Article 99 GDPR (category Article 99 GDPR)Journal of the European Union. 2. It shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the12 KB (295 words) - 08:25, 19 October 2023
- Article 55 GDPR (category GDPR Articles) (section (2) Exclusive competence regarding processing for compliance with a legal obligation or in the public interest)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- accountability obligation enshrined in Article 5(2) GDPR. This theory is not totally convincing. In light of Article 5(2) GDPR, a reversal of burden of proof for33 KB (4,215 words) - 09:57, 19 March 2024
- provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- consistency mechanism under Article 65(2)(1) GDPR and the adoption of the EDPS’s rules of procedure under Article 72(2) GDPR. Notably, each EDPB member22 KB (2,266 words) - 08:26, 17 October 2023
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- APD/GBA (Belgium) - 61/2023 (category Article 46 GDPR)ensure compliance with the GDPR. It therefore violated Articles 5(2) and 24 GDPR. Consequently, on the basis of Article 58(2)(f) GDPR and in accordance with10 KB (1,134 words) - 11:55, 5 July 2023
- Article 41 GDPR (category GDPR Articles) (section (2) Criteria for accreditation from the competent supervisory authority)clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Chair represents the Board (Article 68(2) GDPR) and is responsible for directing the work of the secretariat (Article 75(2) GDPR). Other specific responsibilities15 KB (808 words) - 09:44, 17 October 2023
- Article 8 GDPR (category GDPR Articles) (section (2) Verification of parental consent by the controller)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p.15 KB (787 words) - 08:17, 19 October 2023
- Article 19 GDPR (category GDPR Articles)definition for "processing" in Article 4(2) GDPR). If data is been made public, the applicable provision is Article 17(2) GDPR, provided that all requirements19 KB (1,436 words) - 12:35, 12 May 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 66 GDPR (category Article 66 GDPR) (section (2) Adoption of a final decision after provisional measures)derogation from Article 64(3) and Article 65(2), an urgent opinion or an urgent binding decision referred to in paragraphs 2 and 3 of this Article shall be adopted20 KB (1,590 words) - 16:11, 2 November 2023
- Article 67 GDPR (category Article 67 GDPR)referred to in Article 64. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2). Recital 167:15 KB (810 words) - 16:13, 2 November 2023
- Article 43 GDPR (category GDPR Articles)with the examination procedure referred to in Article 93(2). You can help us fill this section! Article 43 GDPR explains the procedure involved in establishing22 KB (1,634 words) - 14:40, 28 July 2023
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- Article 98 GDPR (category Article 98 GDPR)Regulation. Noting that a broader reading of Article 98 GDPR is supported by the wording of Article 2(3) GDPR, which provides that: 'For the processing of15 KB (943 words) - 09:58, 8 November 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)processing (Article 32(1) GDPR) and the general principles of processing set out in Article 5 GDPR. In confirming the above interpretation, Paragraph 2 sets out20 KB (1,854 words) - 16:32, 8 March 2024
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A delegated19 KB (1,525 words) - 08:18, 19 October 2023
- with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- to in Article 61(6) GDPR. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2) GDPR. → You24 KB (2,181 words) - 11:46, 15 January 2024
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- Article 62 GDPR (category Article 62 GDPR) (section (2) Right to participate in joint operations and the obligation to invite other supervisory authorities)ng, Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters22 KB (1,915 words) - 13:46, 15 January 2024
- Article 90 GDPR (category Article 90 GDPR) (section (2) Notification of national implementation to the Commission)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- According to Article 80(2) GDPR, where legislated for by Member States, this right extends to Articles 77, 78 and 79 GDPR, but not Article 82 GDPR. This exclusion26 KB (2,575 words) - 15:50, 9 November 2023
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- functions, a permissive function (Article 88(1) GDPR) and a conditional function (Article 88(2) GDPR). While Article 88(2) GDPR determines the scope of the opening32 KB (3,228 words) - 13:32, 30 November 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- laid down in Article 57 GDPR. The powers of SAs are both investigative and corrective, which are set out in Article 58 GDPR. Article 52(2) GDPR requires two47 KB (5,594 words) - 22:45, 1 April 2024
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- Article 78 GDPR (category GDPR Articles) (section (2) Right to judicial remedy against DPA inactivity)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- Article 53 GDPR (category GDPR Articles) (section (2) Qualification, experience and skills of the member(s))occupation. For example, Article 52(2) GDPR requires SA members to remain free from external influence and Article 52(3) GDPR entails a prohibition of29 KB (2,894 words) - 23:06, 1 April 2024
- in principle (see hereunder Article 65(2) GDPR) to adopt a decision under Article 65 GDPR is reached, since Article 64 GDPR only requires a simple majority33 KB (4,185 words) - 16:09, 2 November 2023
- Article 89 GDPR (category Article 89 GDPR) (section (2) Derogations Possible for Scientific or Historical Research Purposes or Statistical Purposes)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Garante per la protezione dei dati personali (Italy) - 9782890 (category Article 5(2) GDPR)place per Article 46(2) GDPR. For these violations, the DPA reprimanded the controller and ordered it to comply with the GDPR (specifically Article 46 GDPR)47 KB (7,604 words) - 07:01, 20 July 2022
- Article 20 GDPR (category GDPR Articles) (section (2) Right to have personal data directly transmitted to another controller)consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- CJEU - C-311/18 - Schrems II (category Article 2(2) GDPR)under Article 57(1)(f) of the GDPR, each supervisory authority is required on its territory to handle complaints which, in accordance with Article 77(1)12 KB (1,780 words) - 17:22, 10 March 2022
- the parties. Section 100 of the Slovak Data Protection Act implements Article 77 GDPR. The complaint shall include (Section 100 (3)): The name, surname, correspondence9 KB (1,006 words) - 07:13, 7 July 2021
- Garante per la protezione dei dati personali (Italy) - 9806053 (category Article 5(2) GDPR)place per Article 46(2) GDPR. For these violations, the DPA reprimanded the controller and ordered it to comply with the GDPR (specifically Article 46 GDPR)91 KB (14,906 words) - 14:39, 5 October 2022
- Garante per la protezione dei dati personali (Italy) - 9808698 (category Article 5(2) GDPR)place per Article 46(2) GDPR. For these violations, the DPA reprimanded the controller and ordered it to comply with the GDPR (specifically Article 46 GDPR)91 KB (15,011 words) - 09:00, 5 October 2022
- Rb. Amsterdam - C/13/684665 / KG ZA 20-481 (category Article 5 GDPR)Bontje and Mr. D.R. Stolwijk. 2 The facts 2.1. [Claimant 3] is a student at the UvA's Faculty of Economics and Business (FEB). 2.2. On March 15, 2020, the government39 KB (5,852 words) - 10:21, 10 September 2021
- Recitals GDPR (section Recitals from the GDPR)the functioning of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC. In its adequacy decisions, the Commission should182 KB (24,065 words) - 13:40, 9 July 2021
- the Directive 95/46/EC and the GDPR. The Court assessed the requirements for a valid consent under both Directive 95/46/EC and the GDPR and found that there6 KB (893 words) - 15:22, 24 March 2022
- BVwG - W137 2255764-1 (category Article 44 GDPR)material scope of Article 2 no. 1 GDPR fundamentally requires that "personal data" be processed. The material scope of Article 2, number one, GDPR fundamentally72 KB (11,712 words) - 06:56, 31 August 2023
- CJEU - C-434/16 - Peter Nowak (category Article 15 GDPR)information relating to that candidate, within the meaning of Article 2(a) of Directive 95/46". From the start of its analysis it emphasised that the scope6 KB (766 words) - 21:17, 5 March 2024
- Spain the GDPR is developed by the Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD). Article 7.2 LOPDGDD15 KB (1,875 words) - 16:18, 13 July 2022
- IMY (Sweden) - DI-2020-11373 (category Article 46 GDPR)DI-2020-11373 2(23) Date: 2023-06-30 2.2.1 Applicable regulations, etc. ................................................... .....9 2.2.2 The Privacy Protection113 KB (12,773 words) - 15:20, 6 December 2023
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)reference made by Article 2 of the ePrivacy Directive to Directive 95/46/EC on the protection of personal data, which has been replaced by the GDPR. According93 KB (14,936 words) - 17:09, 6 December 2023
- CJEU - C-40/17 - Fashion ID (category Article 80 GDPR)definition set out under Article 2(d) Directive 95/46 and that NRW did not have legal standing to bring a class action suit under Directive 95/46. The Higher Regional6 KB (492 words) - 13:09, 1 June 2023
- OLG Köln - 6 U 58/23 (category Article 44 GDPR)guarantees are given in Article 46 Para. 2 GDPR, including the so-called standard contractual clauses (Art. 46 Para. 2 lit. c) GDPR, referred to there as118 KB (19,824 words) - 10:49, 6 February 2024
- CJEU - C-136/17 - GC and Others (category Article 9(2) GDPR)and ‘criminal convictions’ within the meaning of Article 8(5) of Directive 95/46 (and Article 10 GDPR). In addition the court judged that a search engine4 KB (438 words) - 14:23, 11 August 2022
- IMY (Sweden) - DI-2020-11370 (category Article 46 GDPR)..................... .14 2.2.1 Applicable regulations, etc. ................................................... ...14 2.2.2 The Privacy Protection Authority's131 KB (14,752 words) - 08:36, 5 July 2023
- IMY (Sweden) - DI-2020-11368 (category Article 46 GDPR)...................... .11 2.2.1 Applicable regulations, etc. ................................................ ...11 2.2.2 The Privacy Protection Authority's115 KB (12,842 words) - 08:38, 5 July 2023
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)meaning of Article 46 GDPR. In 2020, noyb lodged a complaint with the Austrian DPA alleging that the controller breached the provisions of Chapter V GDPR. The121 KB (13,722 words) - 15:16, 5 July 2023
- the context of the employment relationship. In application of Article 88 of the GDPR, Article 111 of the Code provides that such data shall be processed in6 KB (757 words) - 13:53, 16 August 2022
- CJEU - C-61/19 - Orange Romania (category Article 4(11) GDPR)wishes to be regarded as specific and informed?" "(2) For the purposes of Article 2(h) of Directive 95/46, what conditions must be fulfilled in order for8 KB (1,074 words) - 13:50, 11 August 2022
- artistic or literary purposes, only Article 24, Article 26, Article 28, Article 29, Article 32, and Article 40- Article 43 applies, following § 3. Special8 KB (1,064 words) - 12:53, 23 June 2023
- AEPD (Spain) - E/10529/2021 (category Article 46 GDPR)45 of the GDPR. - The person in charge cannot base the transfer of data on the clauses contractual type provided for in arts. 46.2.c and 46.2.d of the GDPR44 KB (6,642 words) - 10:34, 13 December 2023
- BVwG - W211 2222613-2/12E (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- CNPD (Portugal) - Deliberação 2021/533 (category Article 46 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- CNIL (France) - SAN-2019-010 (category Article 21(2) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 651 KB (8,215 words) - 09:55, 13 May 2022
- case must be qualified as the EU controller as referred to in Article 2(d) of Directive 95/46. 40 The fact that the Administrator of a Fan Page uses the Facebook65 KB (9,767 words) - 16:22, 6 December 2023
- exemption is based on Article 85(2) GDPR. According to Article 26(3) of the 2018 Act, certain GDPR provisions (listed in Article 26(9)) will not apply14 KB (2,011 words) - 15:42, 25 November 2020
- than those expressly indicated in Article 22(1), with the exception of personal data referred to in Article 10 GDPR. This means that data concerning criminal9 KB (1,215 words) - 16:58, 18 May 2021
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read131 KB (22,429 words) - 16:57, 12 December 2023
- BVwG - W258 2217446-1 (category Article 9(2) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO,79 KB (12,652 words) - 09:41, 10 September 2021
- guaranteed human rights. This right is explicitly enshrined in Article 38. In Slovenia the GDPR is not implemented by the national law. Slovenia remains the4 KB (391 words) - 09:57, 17 May 2021
- Norges Høyesterett - 2021-2403-A (category Article 9(2)(a) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- Protection Act 2019 sets exceptions in Article 9(1) GDPR, Article 15 GDPR, Article 16 GDPR, Article 18 GDPR and Article 21 GDPR for scientific or historical research10 KB (1,037 words) - 14:52, 10 July 2020
- CJEU - C-77/21 - Digi (category Article 5(2) GDPR)compliant with Articles 5 and 6 GDPR. According to Article 6 GDPR, when a controller did not rely on consent (Article 6(1)(a) GDPR), its processing should be49 KB (7,800 words) - 09:22, 5 January 2024
- many waivers from GDPR for research purposes under Article 89 GDPR. It is questionable of the law is constitutional and in line with GDPR. § 151 of the Austrian8 KB (721 words) - 09:32, 24 April 2024
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller120 KB (19,650 words) - 09:00, 6 April 2022
- the age of consent under GDPR is kept, namely 16 (art. 8.1 GDPR). See Article 7 of the national implementing law. See Article 5 of the national implementing16 KB (2,260 words) - 19:26, 30 November 2021
- IX of the GDPR does not apply to processing that is exclusively for journalistic, artistic or literary purposes, with the exception of Article 28-32, which5 KB (582 words) - 17:53, 3 March 2020
- European Convention of Human Rights. According to Article 29(2), Article 14 GDPR and Article 15 GDPR apply insofar as the right to freedom of expression6 KB (580 words) - 23:49, 18 January 2020
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)lawfulness, the Litigation Chamber concludes that Article 5.1.a. of the GDPR in conjunction with Article 6 of the GDPR have not been complied with with regard to37 KB (5,765 words) - 09:53, 14 December 2023
- BVwG - W176 2244407-1/18E (category Article 15(4) GDPR)in Article 23 GDPR. Restrictions on the right to information under Art. 15 GDPR result in particular from the express provision in Art. 15 (4) GDPR that48 KB (7,816 words) - 11:04, 29 July 2022
- APD/GBA (Belgium) - 149/2023 (category Article 13(2) GDPR)of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2. a)113 KB (17,325 words) - 08:50, 19 March 2024
- freedoms, under Article L 521-2 of the Code of Administrative Justice or where it exists serious doubts as the legality of the decision, under Article L 521-110 KB (1,108 words) - 09:37, 29 September 2021
- APD/GBA (Belgium) - 26/2021 (category Article 6 GDPR)movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation, hereinafter “GDPR”); In view of the law of 3 December 2017 establishing8 KB (1,156 words) - 16:56, 12 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)Human Rights. According to settled case-law, it follows from Article 1.2 and Article 59.2 of the Basic Law that there is an obligation to use the Human133 KB (21,944 words) - 15:59, 22 March 2022
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting47 KB (7,519 words) - 09:28, 13 February 2024
- AEPD (Spain) - EXP202105680 (category Article 9 GDPR)person.” Article 9.2 of the GDPR however means that: “Section 1 will not apply when one of the following circumstances occurs:” which cover article 9.2.a) to66 KB (10,558 words) - 13:14, 13 December 2023
- CJEU - C-439/19 - B v. Latvijas Republikas Saeima (category Article 2(2)(a) GDPR)the GDPR, and no exception is applicable. Article 2(2)(a) and (b) of the GDPR represents partly a continuation of the first indent of Article 3(2) of Directive12 KB (1,792 words) - 18:13, 1 February 2023
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- GDPR, Article 9 GDPR, Article 10 GDPR, Article 30 GDPR and Article 34 GDPR, as well as the provision of the PDPA governing processing of personal data10 KB (1,440 words) - 08:54, 17 January 2020
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(2) GDPR)and Article 57(1)(a), Article 58(2)(d) and (i) in connection with Article 5(1)(a), (e) and (f) and (2), Article 24(1) and (2), Article 28, Article 30(1)(d)58 KB (9,357 words) - 10:02, 17 November 2023
- CJEU - C-46/23 - Újpest Önkormányzat Polgármesteri Hivatala (category Article 58(2)(d) GDPR)corrective powers under Article 58(2) GDPR, namely 58(2)(d) and (g) GDPR, may be exercised by the DPA on its own motion. Article 58(2)(c) GDPR, on the other hand6 KB (683 words) - 15:27, 27 March 2024
- VG Wiesbaden - 6 K 788/20.WI (category Article 4(4) GDPR)decision within the meaning of Article 22(1) and Article 22(2) GDPR - then the opening clause of Article 22(2)(b) GDPR does not apply to national rules52 KB (8,534 words) - 12:58, 15 December 2021
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)that the letter in question referred to Article 58(1)(a) of the GDPR and Article 5:16 in conjunction with Article 5:17 of the Awb does not make this any67 KB (11,415 words) - 17:15, 12 December 2023
- APD/GBA (Belgium) - 53/2020 (category Article 25(2) GDPR)been taken up again at Article 5.1(b) of the GDPR under the Principles for the Processing of Personal Data (Chapter II). 16. Article 5.1(b) of the GDMP provides35 KB (5,853 words) - 16:58, 12 December 2023
- Rb. Rotterdam - C/10/576091/HA RK 19-701 (category Article 15(3) GDPR)the documents or files containing their personal data under Article 15(3) GDPR and Article 12 of the ePrivacy Directive. However, there is a right to a14 KB (2,154 words) - 16:27, 10 March 2022
- APD/GBA (Belgium) - 06/2019 (category Article 58(2)(i) GDPR)c), Article 6.1., Article 13.1. c), Article 13.1. c), Article 13.1. e) and Article 13.2. a) of the DGPS pursuant to Article 101 of the ICA, to impose20 KB (3,137 words) - 16:51, 12 December 2023
- DSB (Austria) - 2022-0.296.352 (category Article 46(1) GDPR)anyway. In any case, suitable guarantees were required by Article 46(1) GDPR. Per Article 46(3)(b) GDPR, those guarantees could be provided for by provisions10 KB (1,335 words) - 13:39, 12 May 2023
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines22 KB (3,427 words) - 13:26, 13 December 2023
- BVwG - W211 2225136-1 (category Article 5 GDPR)objected to its processing pursuant to Article 21(1) of the GDPR (Article 17(1)(a), (c)(1) and (d) of the GDPR). A request for erasure would therefore39 KB (6,244 words) - 09:40, 10 September 2021
- CJEU - C-601/20 - SOVIM (category Article 25(2) GDPR)guaranteed by Article 7 of the Charter and the right to protection of personal data guaranteed by Article 8 of the Charter? Question 3 1. Is Article 5(1)(a)9 KB (1,176 words) - 13:29, 5 January 2024
- APD/GBA (Belgium) - 01/2021 (category Article 60 GDPR)Constitution. It therefore went on to say that, Article 57 of the Law, read in combination with Article 60 of the same Law, provide that procedures must19 KB (2,707 words) - 16:50, 12 December 2023
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)before May 25, 2018. 2.2. Consent and the lawfulness of the processing (Article 4, point 11, Article 6 (1) in conjunction with Article 7 GDPR) 121. With regard113 KB (18,732 words) - 16:50, 12 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(2) GDPR)Protection Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and48 KB (7,442 words) - 10:24, 12 September 2022
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)AEPD fined in €2,000 a website for non-GDPR compliant privacy policy, violating Article 13 GDPR. On January 16, 2022 the data subject complaint against29 KB (4,482 words) - 14:06, 5 March 2024
- Datatilsynet (Denmark) - 2019-31-1424 (category Article 58(2)(c) GDPR)Thus, it violated Article 15 GDPR. The Datatilsynet issued an injunction and ordered the company, as foreseen under 58(2)(c) GDPR, to carry out a concrete33 KB (5,189 words) - 16:23, 6 December 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)infringement of Article 5.1 c) AVG has been proven. f)Transparent information (Article 5.1(a); Article 12.1. and Article 13.1. and 13.2. AVG) 43.The complainant48 KB (7,926 words) - 16:56, 12 December 2023
- Council of State - 251.378 (category Article 46 GDPR)ruling and the GDPR; breach of Article 28 GDPR (the choice of a the processor does not provide sufficient guarantees); breach of Article 32 GDPR (lack of appropriate40 KB (6,324 words) - 15:34, 1 September 2021
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)processed on the basis of Article 6(1)(c) GDPR does not have the rights to erasure and objection contained in Article 17 and Article 21 GDPR respectively. This29 KB (4,605 words) - 17:00, 15 December 2021
- AEPD (Spain) - TD/00185/2019 (category Article 17 GDPR)competent to decide, in accordance with the provisions of Article 56(2) in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of the European17 KB (2,620 words) - 14:51, 13 December 2023
- CJEU - C-683/21 - Nacionalinis visuomenės sveikatos centras (category Article 4(2) GDPR)and 35 GDPR. As a result, the DPA imposed an administrative fine of €12,000 on the CNSP and €3,000 on ITSS as joint-controller, under Article 83 GDPR. The9 KB (1,234 words) - 12:48, 25 January 2024
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 9(2)(a) GDPR)that the Medical List does today, cf. GDPR Article 4, No. 11, Article 6 No. 1 letter a, Article 7 and Article 9 No. 2 letter a If current practice is invalid144 KB (23,058 words) - 18:48, 5 March 2022
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches66 KB (9,458 words) - 19:42, 4 September 2021
- DSB (Austria) - D122.844/0006-DSB/2018 (category Article 12(5) GDPR)violates the right to access under Article 15 GDPR. GDPR is also applicable to cases that were brought under Directive 95/46 but were pending before the DPA19 KB (2,936 words) - 13:55, 12 May 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 94(2) GDPR)the GDPR. Would judge otherwiseindeed contradict :o the wording of Article L2.2 in conjunction with Article 2.f) of the ePrivacy Directive,o Article 8 of67 KB (10,544 words) - 09:24, 10 September 2021
- CNIL (France) - Google Analytics (no case number) (category Article 4(7) GDPR)be personal data per Article 4 GDPR. The CNIL then assessed whether the transfers of the data to the US comply with Article 44 GDPR. It considered whether40 KB (5,904 words) - 16:51, 24 February 2022
- "controller" in Article 82 of the Data Protection Act, which is justified by the reference made by Article 2 of the ePrivacy Directive to Directive 95/46/EC on the73 KB (11,864 words) - 17:03, 6 December 2023
- AEPD (Spain) - E/03276/2021 (category Article 6(1)(a) GDPR)months from the next day upon notification of this act, as provided in article 46.1 of the aforementioned Law. 940-0419 Mar Spain Martí Director of the10 KB (1,288 words) - 13:39, 13 December 2023
- Datatilsynet (Norway) - 21/03530 (category Article 58(2)(f) GDPR)by the EDPB pursuant to Article 66(2) GDPR. Temporary ban on processing (order) Pursuant to Article 66(1) GDPR and 58(2)(f) GDPR the Norwegian DPA consequently99 KB (14,431 words) - 16:20, 6 December 2023
- Datatilsynet (Norway) - 20/02375 (category Article 6(1)(f) GDPR)rating, breaching Article 6(1) GDPR, and required the company to implement a policy for conducting credit ratings per Article 24 GDPR. A person lodged a40 KB (5,943 words) - 18:54, 5 March 2022
- ANSPDCP (Romania) - Fine to a physician for recording a patient on his personal telephone (category Article 9(2) GDPR)violation of Article 5 GDPR, Article 6(1) GDPR and Article 9 GDPR. Article 5 GDPR establishes the principles of data processing. Firstly, Article 5(1)(a) GDPR7 KB (876 words) - 15:12, 13 December 2023
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)Pursuant to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not36 KB (5,810 words) - 13:09, 21 January 2022
- HDPA (Greece) - 11/2024 (category Article 17 GDPR)the GDPR does not apply established by the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR36 KB (5,761 words) - 17:19, 22 April 2024
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)provided for in Article 2, h) of Directive 95/46/EC. In particular, under these new requirements, article 4, paragraph 11 of the GDPR requires that the82 KB (13,428 words) - 17:02, 6 December 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- Garante per la protezione dei dati personali (Italy) - 9779057 (category Article 58(2)(i) GDPR)personal data, even without references to names. Moreover, (2) it included health data (Article 4(15) GDPR) as the newsletters were send to patients of the respected63 KB (9,916 words) - 11:28, 16 August 2022
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results73 KB (11,604 words) - 16:57, 12 December 2023
- APD/GBA (Belgium) - 75/2023 (category Article 12(2) GDPR)Authority. II.5.2. Established infringement of Article 5(1)(a) j° Article 6(1)(f) and Article 12(2) GDPR in conjunction with Article 17 (1) GDPR. II.5.2.1. Administrative77 KB (11,604 words) - 08:55, 29 June 2023
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 5(2) GDPR)orrequest-related processing activities. ». 2.5. Article 32 - Processing security:2.5.1. In accordance with the provisions of Article 32 of the Rules of Procedure, which61 KB (9,412 words) - 16:52, 6 December 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8040/163/2019 (category Article 58(2)(d) GDPR)which Articles 2 (f) and 5 (3) of Directive 2002/58, read in conjunction with Article 2 (h) of Directive 95/46 and Regulation 2016/679 4 Article 6 (11) and29 KB (4,610 words) - 13:07, 3 March 2024
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)” Regarding section k) of article 83.2 of the GDPR, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions45 KB (7,135 words) - 13:08, 13 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 58(2)(f) GDPR)protection regulation's article 5, subsection 2, cf. Article 5, subsection 1, letter a, Article 24, cf. Article 28, subsection 1, Article 35, subsection 1, as117 KB (18,075 words) - 10:19, 12 September 2022
- RvS - 202002066/1/A3 (category Article 15(3) GDPR)ruling 2. The requests of 10 July 2018 and 3 September 2018 referred to in this judgment were based on the Wob and Article 15 of the GDPR. 2.1. In22 KB (3,354 words) - 09:23, 18 February 2022
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)29 708, no. 19 (p. 523) Article 4:32 The obligation from this article is taken over from Article 52 of the Wfd. Under Section 14(2) of the Wck, participation91 KB (15,371 words) - 15:11, 5 October 2021
- CJEU - C-201/14 - Smaranda Bara (category Article 13(1)(e) GDPR)Therefore, the Court did not find the exception in Article 13 applicable. Lastly, Article 11 Directive 95/46 concerns the information required to be communicated6 KB (727 words) - 21:38, 19 January 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 5(2) GDPR)and (f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c)71 KB (11,304 words) - 10:01, 17 November 2023
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 1885 KB (13,724 words) - 16:52, 12 December 2023
- HDPA (Greece) - 44/2019 (category Article 5(2) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- APD/GBA (Belgium) - 28/2020 (category Article 21(2) GDPR)be erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement27 KB (4,363 words) - 16:56, 12 December 2023
- Gerechtshof Amsterdam - C/13/640898/HARK17-386 (category Article 6(1)(c) GDPR)decision has been further determined today. 2 Facts 2.1 In the contested decision under 2.1 up to and including 2.17, the court established the facts that26 KB (4,225 words) - 16:00, 15 March 2022
- APD/GBA (Belgium) - 54/2021 (category Article 4 GDPR) (section The notion of processing of personal data within the meaning of Article 4 GDPR)to to demonstrate (as required by Article 5.2. of the GDPR) that the processing he carries out complies to the GDPR. 46. It follows from the foregoing that73 KB (11,238 words) - 16:59, 12 December 2023
- Datatilsynet (Norway) - 20/02172 (category Article 6(1)(f) GDPR)under Article 6(1)(f) GDPR. The DPA also requires that the company implement internal controls of their credit rating process as per Article 24 GDPR. The28 KB (4,155 words) - 18:57, 5 March 2022
- AEPD (Spain) - EXP202100300 (category Article 16 GDPR)included within the framework of data protection. Therefore, Article 16 GDPR cannot be applied. Article 16 refers to inaccurate personal data, not to the rectification16 KB (2,362 words) - 13:37, 13 December 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)to work. 1 2See, among other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI and106 KB (14,502 words) - 17:09, 12 December 2023
- DSB (Austria) - 2020-0.111.488 (category Article 9(2) GDPR)publication of their data under Article 9(2)(a) GDPR and there was no other legal basis for the processing under Article 9(2) GDPR. Consequently, the DSB issued8 KB (1,048 words) - 13:50, 12 May 2023
- AEPD (Spain) - PS/00050/2020 (category Article 5(1)(a) GDPR)of data protection by its article 2.2, without prejudice to the provisions of sections 3 and 4 of this article. " And in article 19: ”Treatment of contact31 KB (5,083 words) - 13:51, 13 December 2023
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)the Personal Data Act and the Privacy Ordinance, cf. section 2 and Article 2 of the Ordinance 2. The Personal Data Act and the Privacy Ordinance are coming49 KB (7,646 words) - 07:56, 7 March 2022
- Personvernnemnda (Norway) - 2022-13 (21/00481) (category Article 58(2)(d) GDPR)controller) about €352,555 (NOK 4,000,000) for violating Article 5(1)(f) GDPR, Article 24 GDPR and Article 32 GDPR after a serious ransomware attack led to highly45 KB (6,913 words) - 12:13, 15 March 2023
- Rb. Rotterdam - C/10/576074/HA RK 19-694 (category Article 15(3) GDPR)the documents or files containing their personal data under Article 15(3) GDPR and Article 12 of the ePrivacy Directive. However, there is a right to a15 KB (2,504 words) - 16:27, 10 March 2022
- AZOP (Croatia) - Decision 21-01-2022 (category Article 5(1)(a) GDPR)controller thus also violated Article 14 GDPR. However, the DPA did not use any of their corrective powers as listed in Article 58(2) GDPR. Share your comments18 KB (2,722 words) - 15:26, 30 October 2023
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)whether Art. 15 GDPR applies to the investigation files at all, since according to Art. 2 Para. 2 d GDPR, Section 2a Para. 4 AO, the GDPR does not apply97 KB (16,519 words) - 09:57, 22 February 2023
- VG Mainz - 1 K 584/19.MZ (category Article 58(2) GDPR)street. The DPA was allowed to issue a reprimand, Art. 58(2)(b) GDPR. On the basis of Art. 58(2)(f) GDPR, the DPA was not entitled to order the removal of camera58 KB (9,665 words) - 08:51, 25 November 2020
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant45 KB (6,780 words) - 16:57, 12 December 2023
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)also be subject to the provisions of Article 6.1(e) DSGVO in conjunction with Article 6.1(b) DSGVO. Article 2, 28.2 no. 2 BayDSG without the consent of the31 KB (5,184 words) - 17:19, 15 April 2023
- AP (The Netherlands) - 24.03.2020 (category Article 4(15) GDPR)unlawfully. 2.4 Administrative fine Pursuant to Article 58, paragraph 2, preamble, in conjunction with Article 83, paragraph 4, of the GDPR and article 14, third48 KB (7,461 words) - 17:04, 12 December 2023
- AEPD (Spain) - EXP202100897 (category Article 83(2) GDPR)by virtue of Article 29 of Directive 95/46/CE, which with the entry into force of article 94.2 of the RGPD that repeals the directive 95/46 is changed to72 KB (11,671 words) - 13:34, 13 December 2023
- AEPD (Spain) - EXP202301529 (category Article 17 GDPR)considering that it has violated the provisions of Article 17 of the GDPR and Article 21 of the GDPR and urge GLOBAL CAPITAL GROUP SPAIN, S.L. with NIF20 KB (3,078 words) - 13:05, 13 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Directive 95/46/EC (General Data Protection Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c)60 KB (9,713 words) - 13:07, 26 March 2024
- NAIH (Hungary) - NAIH/2020/2000/5 (category Article 12(2) GDPR)initiated by the above Registry, (1) and (2) and Article 13.II.The Authority instructs the Obliged Pursuant to Article 58 (2) (d) of the General Data Protection24 KB (3,815 words) - 10:11, 17 November 2023
- HDPA (Greece) - 30/2020 (category Article 2(2)(c) GDPR)(Articles 58(2)(i) GDPR) & 83 GDPR) and, after having taken into consideration Article 83(2) GDPR's fine measuring principles and ARTICLE 29 Data Protection20 KB (2,519 words) - 15:36, 6 December 2023
- processing involved special categories of data under Article 9 GDPR and whether an exception under Article 9(2) applied; • targeted advertising by the controller57 KB (9,084 words) - 15:11, 13 July 2022
- APD/GBA (Belgium) - 72/2020 (category Article 9(2) GDPR)lawfulness (section 2.2 below) and purpose (section 2.3 below). Finally, it will address the issue of the sanction (section 2.4 below) 2.1 Applicable Law34 KB (5,677 words) - 17:00, 12 December 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public bodies (the96 KB (13,984 words) - 16:57, 6 December 2023
- Persónuvernd (Island) - 2022020363 (category Article 58(2)(d) GDPR)administrative fine in the amount of 2,000,000 ISK on the controller under Article 83(2)(a) GDPR and Article 83(2)(g) GDPR. This is just one of five decisions142 KB (22,881 words) - 12:42, 16 January 2024
- APD/GBA (Belgium) - 81/2020 (category Article 5(2) GDPR)period allotted to it to do so (Article 15.1 combined with Article 12.3. of GDPR as well as Article 12.2. of the GDPR (obligation to facilitate the exercise127 KB (21,484 words) - 17:01, 12 December 2023
- Datatilsynet (Norway) - 20/02191 (category Article 83(2) GDPR)processing special categories of data, cf. Article 32(1)(b) GDPR, Article 32(1)(d), Article 24 and Article 35, cf. Article 5. In May 2019, a municipality reported38 KB (5,967 words) - 11:48, 7 May 2022
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)exists; or, in the case of transfers referred to in Article 46, Article 47 or the second subparagraph of Article 49(1), what are the appropriate or appropriate107 KB (17,697 words) - 16:52, 12 December 2023
- UODO (Poland) - ZSPR.421.3.2018 (category Article 14 GDPR)Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable52 KB (8,444 words) - 10:01, 17 November 2023
- CJEU - C-264/19 - Constantin Film Verleih GmbH v. YouTube LLC and Google Inc. (Opinion of AG Saugmandsgaard Øe) (category Article 4(1) GDPR)by definition, personal data within the meaning of Article 2(a) Directive 95/46, now Article 4(1) GDPR since they must enable Constantin Film Verleih to8 KB (1,020 words) - 13:14, 1 June 2023
- AEPD (Spain) - EXP202205353 (category Article 5(1)(f) GDPR)the alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement22 KB (3,386 words) - 16:05, 13 December 2023
- CNIL (France) - SAN-2019-005 (category Article 32(2) GDPR)violates Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR41 KB (6,558 words) - 17:09, 6 December 2023
- Norway, and not the GDPR. The DPA does, however, refer to corresponding Articles in the GDPR: Articles 5(1)(b) and (c), as well as Article 17. Share blogs43 KB (6,983 words) - 09:09, 21 August 2022
- GHAL - 200.278.124/01 (category Article 5(1)(c) GDPR)in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because35 KB (5,805 words) - 10:04, 14 December 2023
- Datatilsynet (Norway) - 20/01516 (category Article 5 GDPR)to the public, violating Article 24 GDPR. The decision discusses as well, the relationship between directive 95/46/EC and GDPR. The DPA highlighted that26 KB (3,885 words) - 08:43, 7 May 2022
- AEPD (Spain) - TD/00005/2020 (category Article 17 GDPR)of the Spanish Agency of Data Protection, as laid down in Article 56(2) inin relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of European Parliament23 KB (3,780 words) - 14:49, 13 December 2023
- AEPD (Spain) - E/07449/2019 (category Article 13 GDPR)decision, or, in the case of transfers pursuant to Article 46 or 47 or the second subparagraph of Article 49(1), reference to adequate or appropriate safeguards11 KB (1,680 words) - 13:41, 13 December 2023
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)with article 4.1 of the RGPD, is a personal data. nal and its protection, therefore, is the subject of said regulation. In article 4.2 of the GDPR defines22 KB (3,319 words) - 13:00, 13 December 2023
- AEPD (Spain) - TD/00183/2021 (category Article 15 GDPR)in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European20 KB (3,087 words) - 13:30, 13 December 2023
- intervention Article 58 (2) (i) and Article 83 (2) state that the IMY has the power to impose administrative penalty fees in accordance with Article 83. the18 KB (2,003 words) - 15:22, 6 December 2023
- AEPD (Spain) - PS/00070/2019 (category Article 5(2) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 24(2) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- AEPD (Spain) - PS/00152/2020 (category Article 58(2)(b) GDPR)foundation was responsible for violating Article 33 GDPR, and issued it with a warning pursuant to Article 58(2)(b) GDPR. The AEPD did not find the former Secretary27 KB (4,243 words) - 14:06, 13 December 2023
- APD/GBA (Belgium) - 42/2022 (category Article 6(1)(f) GDPR)has its legal basis under Article 6(1)(f) The Disputes Chamber proceeds to dismiss the complaint in accordance with article 95 , § 1, 3° WOG, giving three13 KB (1,908 words) - 08:54, 29 June 2023
- movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter GDPR; Having regard to the law of 3 December 201712 KB (1,431 words) - 16:45, 12 December 2023
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- AEPD (Spain) - EXP202209001 (category Article 5(1)(c) GDPR)violation of Article 5.1.c) of the RGPD, typified in the Article 83.5 of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 2/7 FIFTH: On22 KB (3,303 words) - 13:28, 13 December 2023
- Helsingin hallinto-oikeus (Finland) - 117/2024 (category Article 9 GDPR)company. In this case, it is not the consent referred to in Article 6(1)(a), Article 7 or Article 9(2)(a) of the Data Protection Regulation, but a separate permission22 KB (3,290 words) - 10:29, 25 March 2024
- Datatilsynet (Denmark) - 2019-441-1581 (category Article 34 GDPR)persons pursuant to Article 34(1) GDPR. The Danish DPA found that Intervare did not go through with a proper assessment pursuant to Article 34(1), as it had24 KB (3,365 words) - 16:37, 6 December 2023
- AEPD (Spain) - EXP202209511 (category Article 6(1) GDPR)following the mandatory legal requirements to do so, violating Article 6(1) and Article 13 GDPR. A resident has installed, without the authorization of the22 KB (3,257 words) - 13:28, 13 December 2023
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG, le règlement s'applique96 KB (15,396 words) - 16:50, 12 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))pursuant to Article 17(2) DPA Act. 9. Moreover, as regards the one-stop-shop mechanism, Article 56 GDPR states: "Without prejudice to Article 55, the supervisory429 KB (58,279 words) - 09:12, 2 November 2022
- AEPD (Spain) - EXP202207084 (category Article 2(2)(c) GDPR)exclusively private or domestic activity, which is lawful, based on the 2.2.c, GDPR. Share your comments here! Share blogs or news articles here! The decision15 KB (2,384 words) - 10:46, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose52 KB (7,520 words) - 13:13, 20 July 2021
- AEPD (Spain) - PS/00315/2019 (category Article 13 GDPR)information provided was in breach of Article 13 GDPR. Therefore, the authority warned the controller (Article 83(5) GDPR) and requested to complete the notice17 KB (2,633 words) - 14:28, 13 December 2023
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)relation to letter k) of article 83.2 of the GDPR, the LOPDGDD, in its article 76, "Sanctions and corrective measures" establishes that: "2. In accordance with26 KB (4,147 words) - 13:27, 13 December 2023
- BVwG (Austria) - W211 2268942-1 (category Article 55(3) GDPR)interpretation of Article 55(3) GDPR would not cover this as judicial activity. Therefore, the complaint is not admissible in accordance with Article 130 Paragraph75 KB (12,118 words) - 15:46, 14 February 2024
- UODO (Poland) - DKN.5101.25.2020 (category Article 32(2) GDPR)Art. 58 sec. 2 lit. b) and e), in connection with Art. 5 sec. 1 lit. f, art. 24 sec. 1, art. 25 sec. 1, art. 32 sec. 1 lit. d, art. 32 sec. 2, art. 33 paragraph63 KB (10,088 words) - 09:52, 17 November 2023
- UODO (Poland) - ZSZZS.440.768.2018 (category Article 58(2)(f) GDPR)connection with Article 5 paragraph 1 point c, Article 9 paragraph 1, Article 58 paragraph 2 point f, point g and point i and with Article 83 paragraph 2 and 3,32 KB (5,139 words) - 10:02, 17 November 2023
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 58(2)(e) GDPR)data within the meaning of Article 4(2) in the course of proceedings under both Articles 77 and 78 of the GDPR. Article 4(2) refers to disclosure as a59 KB (8,242 words) - 10:47, 17 March 2021
- AP (The Netherlands) - 4.02.2021 (category Article 8 GDPR)The interpretation of article 13 of the Wbp is no different from that of article 32 of the GDPR, described in paragraphs 2.3.2 and 2.3.3. Also in the period57 KB (8,053 words) - 17:07, 12 December 2023
- AZOP (Croatia) - Decision 28-08-2019 (category Article 25(2) GDPR)violation of Article 5, Article 6, and Article 25 GDPR. It ordered the controller to comply with the data subject's erasure request pursuant to Article 17(1)(d)16 KB (2,373 words) - 15:31, 30 October 2023
- OGH - 6Ob35/21x (category Article 4(1) GDPR)constitute personal data under Article 4(1) GDPR? If so, do they qualify as special categories of personal data under Article 9 GDPR? Is the defendant obliged27 KB (4,090 words) - 09:54, 10 September 2021
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)AEPD found that the Socialist Party of Catalonia (PSC-PSOE) violated Article 21 GDPR due to unsolicited political propaganda sent after the data subject26 KB (4,032 words) - 14:31, 13 December 2023
- AZOP (Croatia) - Decision 31-05-2022 (category Article 25 GDPR)Croatian DPA did not explain which specific corrective powers under Article 58(2) GDPR it used. Share blogs or news articles here! The decision below is17 KB (2,433 words) - 15:45, 30 October 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- AZOP (Croatia) - Decision 04-07-2022 (category Article 6(1) GDPR)space. The DPA found a violation of Article 6(1) GDPR and ordered the controller, pursuant to Article 58(2)(d) GDPR, to adjust the location of the cameras14 KB (2,038 words) - 15:20, 30 October 2023
- AZOP (Croatia) - Decision 30-12-2021 (category Article 5(1)(a) GDPR)had a legal basis under Article 6(1) GDPR to publish the data subject’s personal data, and did not violate Article 5(1)(a) GDPR. In the decision, the Croatian16 KB (2,411 words) - 15:44, 30 October 2023
- AZOP (Croatia) - Decision 16-11-2021 (category Article 4(1) GDPR)wearing a protective mask did not consitute personal data according to Article 4(1) GDPR because it was impossible for the average person to identify the individual12 KB (1,882 words) - 15:24, 30 October 2023
- that a valid legal basis would be either Article 6(1)(c) GDPR, or Article 6(1)(d) GDPR or Article 9(2)(b) GDPR. The Data protection authority (the UOOU)25 KB (3,096 words) - 17:48, 25 November 2021
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 58(2) GDPR)elements provided for in Article 83.2 of the GDPR: - As to the nature and seriousness of the violation (Article 83.2.a) of the GDPR), it is that with respect76 KB (11,147 words) - 16:58, 6 December 2023
- AEPD (Spain) - TD/00085/2020 (category Article 12 GDPR)of the Spanish Agency of Data Protection, as laid down in Article 56(2) in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of the European17 KB (2,654 words) - 14:50, 13 December 2023
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 12(5) GDPR)respecting the time limits as set out to in Article 12(5) of the GDPR and Article 35(2) of the Dutch GDPR Implementation Act? According to the court, the34 KB (5,811 words) - 09:44, 8 December 2020
- DSB (Austria) - 2021-0.101.211 (category Article 4(15) GDPR)PCR (SARS_CoV-2) test is to be qualified as a health data pursuant to Article(4)(15) GDPR and that the scope of protection of Article 9(2) must be taken37 KB (5,745 words) - 13:53, 12 May 2023
- AEPD (Spain) - TD/00317/2019 (category Article 12 GDPR)6www.aepd.es28001 - Madridsedeagpd.gob.es Page 2 2/6THIRD: On October 30, 2019, in accordance with article 65.4 ofOrganic Law 3/2018, of December 5, on the18 KB (2,591 words) - 14:47, 13 December 2023
- AEPD (Spain) - TD/00325/2019 (category Article 56(2) GDPR)to take a decision in accordance with the provisions of Article 56(2) in conjunction with Article 57(1)(f) both of Regulation (EU) 2016/679 of the European17 KB (2,691 words) - 14:52, 13 December 2023
- AEPD (Spain) - PS/00357/2020 (category Article 13 GDPR)accordance with provided for in article 58.2.b) of the RGPD, for an infringement of article 13 of the RGPD, typified in article 83.5 of the RGPD, a warning20 KB (3,075 words) - 14:32, 13 December 2023
- BVwG - W211 2230221-1 (category Article 15(1)(c) GDPR)Court's request for preliminary ruling regarding the interpretation of Article 15(1)(c) GDPR is published. The data subject filed a complaint with the Austrian19 KB (2,825 words) - 09:42, 26 November 2021
- BVwG - W214 2233132-1/27E (category Article 15 GDPR)violates the GDPR or paragraph one or Article 2 1st part. (2) The complaint must contain: 1. the name of the right deemed to have been violated, 2. to the extent87 KB (14,194 words) - 10:07, 15 February 2024
- AEPD (Spain) - TD/00109/2020 (category Article 15 GDPR)the Spanish Agency of Data Protection, as laid down in Article 56(2) in in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of European Parliament19 KB (3,100 words) - 14:50, 13 December 2023
- AEPD (Spain) - TD/00182/2019 (category Article 15 GDPR)decide on this matter, in accordance with the provisions of Article 56(2) in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of the European18 KB (2,922 words) - 14:51, 13 December 2023
- RvS - 201901006/1/A2 (category Article 79 GDPR)ECLI:NL:HR:2019:376, paragraph 4.2.2, of 28 May 2019, ECLI:NL:HR:2019:793, paragraph 2.4.5, and of 19 July 2019, ECLI:NL:HR:2019:1278, paragraph 2.13.2). 33. The Section34 KB (5,179 words) - 07:10, 7 April 2020
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- IP - 0712-1/2020/1408 (category Article 15 GDPR)person, using Article 15 as their basis. The Slovenian DPA (IP) was asked for an opinion concerning the scope of GDPR Article 15. Within the GDPR, an individual10 KB (1,575 words) - 13:37, 10 August 2021
- AEPD (Spain) - PS/00339/2019 (category Article 5(1)(f) GDPR)the complainant on 06/04/2019 12:46:47 (Peninsular time). LEGAL FOUNDATIONS I By virtue of the powers that article 58.2 of the RGPD recognises to each control18 KB (2,781 words) - 14:30, 13 December 2023
- the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European25 KB (3,812 words) - 10:03, 20 August 2021
- AEPD (Spain) - EXP202105644 (category Article 5(1)(f) GDPR)controller €80,000: €50,000 for the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. The original fine of €80,000 was reduced27 KB (4,121 words) - 15:06, 13 December 2023
- AEPD (Spain) - PS/00279/2020 (category Article 6 GDPR)for the violation of Article 6 GDPR and € 4 000 for the violation of article 13, under the power conferred by Article 83(5) GDPR. Share your comments here21 KB (3,123 words) - 14:25, 13 December 2023
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)this regard within the meaning of Article 2 (2) point d) GDPR. Whichcertain officials of the defendant under Article 5, §2 of the Second Ordinanceare appointed41 KB (6,354 words) - 16:59, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/1111 (category Article 3(2) GDPR)ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of37 KB (5,919 words) - 08:54, 20 August 2021
- NAIH (Hungary) - NAIH/2020/2729/15 (category Article 5(1)(b) GDPR)the existence or absence of a decision in accordance with Article 46, Article 47 or Article 49 (1). in the case of the transmission referred to in the58 KB (9,071 words) - 10:12, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9524175 (category Article 28(2) GDPR)as by Article 28(2) and (3) The obligation to adopt technical and organizational measures to ensure the security of the processing as by Article 32. The20 KB (3,133 words) - 15:53, 6 December 2023
- AEPD (Spain) - TD/00129/2020 (category Article 4(2) GDPR)recording is "processing" of "personal data" within the meaning of Article 4(1) and 4(2) GDPR. Therefore, the data subject has the right to request access to22 KB (3,422 words) - 14:50, 13 December 2023
- AEPD (Spain) - EXP202103039 (category Article 13 GDPR)pursuant to Article 13 GDPR. In the present case, the controller omitted this obligation. The DPA therefore held that the controller violated Article 13 GDPR22 KB (3,385 words) - 13:35, 13 December 2023
- DSB (Austria) - 2020-0.303.727 (category Article 85(2) GDPR)in Article 9 of Directive 95/46 / EC are not applicable to the former Article 9 of Directive 95/46 / EC - the counterpart provision of now Article 85 GDPR21 KB (3,266 words) - 13:51, 12 May 2023
- AEPD (Spain) - PS/00423/2019 (category Article 13 GDPR)information under Article 13 GDPR is illegal. Consequently, the APED decided to issue a fine of €1.500 for the violation of Article 13 GDPR. Share your comments23 KB (3,636 words) - 14:38, 13 December 2023
- AEPD (Spain) - PS/00451/2019 (category Article 6(1)(f) GDPR)regard to article 83.2 (k) of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k) of26 KB (4,231 words) - 14:44, 13 December 2023
- Datatilsynet (Norway)- 20/02254 (category Article 57(1)(a) GDPR)Communications Act § 2-7 b, which implement Article 5 (3) of the Communication Protection Directive, are lex specialis for the Privacy Regulation. Article 95 of the24 KB (3,498 words) - 16:14, 6 December 2023
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)ECLI:NL:HR:2019:376, paragraph 4.2.2, of 28 May 2019, ECLI:NL:HR:2019:793, paragraph 2.4.5, and of 19 July 2019, ECLI:NL:HR:2019:1278, paragraph 2.13.2). 40. The Section37 KB (5,721 words) - 12:41, 16 September 2021
- AEPD (Spain) - EXP202202000 (category Article 17 GDPR)in accordance with the provisions of paragraph 2 of Article 56 in relation to paragraph 1 f) of Article 57, both of Regulation (EU) 2016/679 of the European20 KB (3,107 words) - 10:49, 13 December 2023
- APD/GBA (Belgium) - 136/2023 (category Article 5(2) GDPR)violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article58 KB (9,184 words) - 16:49, 12 December 2023
- AZOP (Croatia) - Decision 10-08-2023 (category Article 5 GDPR)this the AZOP held that the controller acted contrary to Article 5(1)(a) GDPR and Article 6 GDPR. Moreover, the AZOP reiterated the fact that the pictures19 KB (2,955 words) - 16:29, 5 December 2023
- UODO (Poland) - DKE.561.17.2020 (category Article 31 GDPR)entrepreneur. The DPA found that the controller violated Article 31 GDPR and Article 58(1)(e) GDPR and issued a warning to the entrepreneur. The entrepreneur22 KB (3,364 words) - 09:52, 17 November 2023
- APD/GBA (Belgium) - 11/2024 (category Article 5(2) GDPR)4 and article 15 of the GDPR (right of access), for reasons set out below. Furthermore, in accordance with article 58.2.c) of the GDPR and article 95, §26 KB (3,856 words) - 08:51, 19 March 2024
- Datatilsynet (Denmark) - 2020-31-4131 (category Article 2(2)(c) GDPR)the processing of personal data is not covered by the GDPR, according to Article 2(2)(c) of the GDPR. However, the DPA concluded that Orienteringsret.dk24 KB (3,651 words) - 16:38, 6 December 2023
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA206 KB (30,485 words) - 09:54, 14 December 2023
- AEPD (Spain) - PS/00029/2020 (category Article 58(2)(b) GDPR)under Article 58(2)(b) GDPR. The Authority ordered the Health Service to carry out a DPIA and bring its processing operations in line with the GDPR within44 KB (6,943 words) - 13:49, 13 December 2023
- AEPD (Spain) - EXP202102088 (category Article 13 GDPR)event of an infraction of the precepts of the GDPR. Article 58.2 of the RGPD provides the following: “2 Each supervisory authority shall have all of the26 KB (3,881 words) - 13:35, 13 December 2023
- AEPD (Spain) - EXP202206542 (category Article 5(1) GDPR)NIF ***NIF.1, in accordance with article 58.2.d) of the GDPR, for a violation of article 13 of the GDPR typified in article 83.5.b) of the aforementioned24 KB (3,749 words) - 13:19, 13 December 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page82 KB (13,250 words) - 16:57, 12 December 2023
- AEPD (Spain) - EXP202102430 (category Article 58(2)(d) GDPR)in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 2/12 2016/67933 KB (4,835 words) - 13:26, 13 December 2023
- AEPD (Spain) - TD/00261/2020 (category Article 12 GDPR)in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European23 KB (3,523 words) - 14:46, 13 December 2023
- AEPD (Spain) - PS/00043/2020 (category Article 13 GDPR)specified period - article 58. 2 d) -. According to the provisions of article 83.2 of the RGPD, the measure provided for in article 58.2 d) of the aforementioned24 KB (3,838 words) - 13:51, 13 December 2023
- AEPD (Spain) - PS/00324/2019 (category Article 13 GDPR)portability of the data; (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the right to withdraw consent at any time22 KB (3,480 words) - 14:28, 13 December 2023
- Supreme Court - C.20.0323.N (category Article 4(11) GDPR)appeal judges Articles 2.1, 4 2), 5.1 c) and 57.1 a), f) and h) GDPR, to the extent necessary read in conjunction with Article 288(2) TFEU and Articles 443 KB (6,749 words) - 07:07, 28 October 2021
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)information in accordance with Art. 15 (1) half-sentence 2 GDPR. According to Art. 4 No. 2 GDPR, processing also includes in particular the collection,32 KB (5,093 words) - 16:07, 11 September 2022
- CNPD (Luxembourg) - Délibération n°37FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg26 KB (3,862 words) - 17:41, 25 June 2022
- Gerechtshof Amsterdam - 200.258.736/01 (category Article 15 GDPR)grievances. 1.7 Subsequently a judgment has been given. 2Features 2.1 In the order under 2.1 to 2.10 the District Court established the facts on which it41 KB (7,150 words) - 12:30, 4 October 2021
- AZOP (Croatia) - Decision 29-06-2022 (Center for Social Welfare) (category Article 5 GDPR)not under a legal obligation to process these data. Article 29 of the Croatian Labour Act and Article 5(4) of the Labour Law Rulebook (Official Gazette,17 KB (2,660 words) - 15:35, 30 October 2023
- AEPD (Spain) - EXP202205932 (category Article 6(1) GDPR)basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful32 KB (4,952 words) - 13:11, 13 December 2023
- AEPD (Spain) - TD/00263/2020 (category Article 13 GDPR)in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European22 KB (3,544 words) - 14:48, 13 December 2023
- AZOP (Croatia) - Decision 29-06-2022 (bank) (category Article 5 GDPR)the principles of lawfulness and fairness of Article 5 GDPR and without a legal basis under Article 6 GDPR. A bank (the controller) organized prize games20 KB (3,166 words) - 15:36, 30 October 2023
- AEPD (Spain) - PS/00062/2020 (category Article 13 GDPR)specified period - article 58. 2 d) -. According to the provisions of article 83.2 of the RGPD, the measure provided for in article 58.2 d) of the aforementioned44 KB (7,162 words) - 13:53, 13 December 2023
- AZOP (Croatia) - Decision 05-07-2021 (category Article 32(2) GDPR)activities further violated Article 32(1)(b) and (d) GDPR. Accordingly, the DPA, in accordance with its powers under Article 58 (2) GDPR, imposed an administrative5 KB (599 words) - 15:38, 30 October 2023
- AEPD (Spain) - PS/00132/2020 (category Article 6(1) GDPR)paragraph k) of Article 83.2 of the RGPD, the LOPDGDD, Article 76, "Sanctions and corrective measures", it provides: "In accordance with Article 83(2)(k) of Regulation24 KB (3,939 words) - 14:03, 13 December 2023
- AEPD (Spain) - PS/00452/2019 (category Article 6(1)(a) GDPR)paragraph k) of Article 83.2 of the RGPD, the LOPDGDD, Article 76, "Sanctions and corrective measures", it provides: "In accordance with Article 83(2)(k) of Regulation25 KB (4,037 words) - 14:55, 13 December 2023
- Personvernnemnda (Norway) - 2021-09 & PVN-2021-15 (20/01790) (category Article 5(1)(a) GDPR)Privacy Ordinance Article 83 no. 2 letters a to k. to highlight factors that are to be given special weight. With reference to Article 83 no. 2 letter a «The40 KB (6,549 words) - 18:49, 5 March 2022
- AEPD (Spain) - TD/00054/2020 (category Article 12 GDPR)the Spanish Agency of Data Protection, as laid down in Article 56(2) in in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of European Parliament22 KB (3,500 words) - 14:50, 13 December 2023
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 13(2)(a) GDPR)violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed60 KB (9,144 words) - 16:17, 22 March 2022
- Datatilsynet (Denmark) - 2019-31-2071 (category Article 15(1) GDPR)to the right of access under Article 15(4) of the GDPR or section 22 of the DDPA can be invoked. It follows from Article 15 (4), that the right to obtain26 KB (3,820 words) - 16:22, 6 December 2023
- AZOP (Croatia) - Decision 18-12-2020 (category Article 5(1)(c) GDPR)information. Article 7 of said act, however, states that public figures cannot expect the same level of protection as other citizens. Article 8 also states21 KB (3,345 words) - 15:24, 30 October 2023
- OGH - 6Ob77/20x (category Article 25 GDPR)opening clauses in Article 80(1) and (2) GDPR ("closed shop"). In this case, consumer rights associations would be barred from bringing GDPR class actions unless7 KB (658 words) - 13:16, 8 July 2021
- Datatilsynet (Norway) - 20/02225 (category Article 5(2) GDPR)dissuasive" as per Article 83(1). In addition to a breach of Article 6(1)(f), the lack of organisational measures pursuant to Article 5(2) was weighted when45 KB (7,286 words) - 18:55, 5 March 2022
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 9(2) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- OGH - 6Ob159/20f (category Article 12(1) GDPR)under Article 15 GDPR to the defendant and requested i.a. information on concrete recipients of their personal data under Article 15(1)(c) GDPR. The defendant22 KB (3,310 words) - 07:44, 5 October 2021
- Datatilsynet (Norway) - 20/02147 (category Article 5 GDPR)the lack of security routines, thus breaching Article 32(1)(b) cf. Article 5 GDPR, Article 35 and Article 24(1), respectively. Teachers at two junior high24 KB (3,591 words) - 18:57, 5 March 2022
- AEPD (Spain) - TD/00248/2020 (category Article 12 GDPR)in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European25 KB (3,972 words) - 14:47, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 13(2)(a) GDPR)mandatory by article 13.2.a) of the GDPR. 2.2 Regarding the exercise of their rights by the persons concerned 67 53. In the context of objective 2, the head82 KB (11,472 words) - 16:58, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9440000 (category Article 6(2) GDPR)art. 58, paragraph 5, of the Code. 2, of the Regulations, concerning the alleged violations of the 2-ter, paragraphs 1, 2 and 3, of the Code and of Art. 624 KB (3,852 words) - 15:50, 6 December 2023
- AEPD (Spain) - PS/00266/2019 (category Article 83(2)(e) GDPR)with the provisions of article 58.2.b) of the RGPD, for the alleged infringement of article 13 of the RGPD, typified in article 83.5.b) of the RGPD SECOND:28 KB (4,459 words) - 14:23, 13 December 2023
- Datatilsynet (Norway) - 20/01896 (category Article 5(2) GDPR)rating without a legal basis under Article 6(1)(f) GDPR and for not adhering to the accountability principle as per Article 5(2). The DPA also requires that28 KB (4,387 words) - 18:58, 5 March 2022
- Garante per la protezione dei dati personali (Italy) - 9542155 (category Article 5(2) GDPR)Authority of Bologna for violation of Articles 5(2)(f) and 9 GDPR. On the basis of Articles 58(2)(i) and 83 GDPR, the Garante imposed a fine of € 18 000 on the26 KB (4,162 words) - 15:54, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)the number of data subjects (Article 83.2.a) of the GDPR), the As for the number of data subjects (Article 83.2.a) of the GDPR), the Panel notes that these69 KB (11,315 words) - 13:30, 19 January 2022
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)regulation as established in thearticle 2.2 of the RGPD and article 2.2.a) of the LOPDGDD. It says to article 2.2 of the RGPD:"2. This Regulation does not apply206 KB (32,869 words) - 14:36, 13 December 2023
- NAIH (Hungary) - NAIH/2020/6484 (category Article 15(1)(a) GDPR)under this Article. Article 11 (2) In the cases referred to in paragraphs 15 to 22, the controller shall exercise their rights under Article may not refuse27 KB (4,159 words) - 10:13, 17 November 2023
- AEPD (Spain) - PS/00268/2019 (category Article 13 GDPR)specific enough and did not comply with Article 13 GDPR. Does the lack of precision enough to infrige Article 13 GDPR? The AEPD found that the information28 KB (4,435 words) - 14:23, 13 December 2023
- AEPD (Spain) - PS/00151/2020 (category Article 5(1)(c) GDPR)specified period - article 58. 2 d) -. According to the provisions of article 83.2 of the RGPD, the measure provided for in article 58.2 d) of the aforementioned28 KB (4,525 words) - 14:06, 13 December 2023
- GHDHA - C/09/574422 / HA RK 19-368 (category Article 1 GDPR)obligation (Article 4:32 § 1 Wft). Therefore, Article 6(1)(c) GDPR was relevant. However, the Court highlighted that the phrase "at least on" in Article 6(1)43 KB (7,297 words) - 12:26, 4 October 2021
- AEPD (Spain) - PS/00100/2020 (category Article 13 GDPR)contrary to the legal provisions established in article 22.2 LSSI. This Infraction is classified as "minor" in Article 38.4 g) of the aforementioned Law, and may27 KB (4,296 words) - 13:59, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542071 (category Article 5(1)(a) GDPR)of Enna"; - the processing would also find its legal basis in Article 9(2)(g) and Article 2(6)(u) of the Code: 'tasks of the national health service and25 KB (3,961 words) - 15:54, 6 December 2023
- AEPD (Spain) - TD/00254/2020 (category Article 15 GDPR)in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European25 KB (3,791 words) - 14:47, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 58(2) GDPR)analyzes the criteria set by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches56 KB (8,326 words) - 16:57, 6 December 2023
- AEPD (Spain) - PS/00112/2020 (category Article 13 GDPR)Madridsedeagpd.gob.es Page 2 2/10infringement of article 13 of the RGPD, typified in accordance with the provisions of article83.5.b) of the RGPD and b)29 KB (4,402 words) - 14:00, 13 December 2023
- AEPD (Spain) - PS/00221/2020 (category Article 14 GDPR)for an infringement of article 14 of the RGPD, typified in article 83.5 of the RGPD, a warning sanction, in in relation to article 74.a) of the LOPDGDD.29 KB (4,537 words) - 14:19, 13 December 2023
- AP (The Netherlands) - 16.06.2020 (category Article 4(12) GDPR)so that the violation is still continues. 2. Legal framework Pursuant to Article 2, paragraph 1, of the GDPR, this Regulation applies to all or part of54 KB (8,224 words) - 17:07, 12 December 2023
- AEPD (Spain) - EXP202206626 (category Article 5(1)(c) GDPR)accordance with article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 The GDPR defines35 KB (5,475 words) - 13:21, 13 December 2023
- BAC (Bulgaria) - № 6515 (category Article 6(1)(a) GDPR)subjects contained in the mortgage deed without a legal basis under Article 6 GDPR and ordered the controller to pay the data subjects €127.82 Euro (25020 KB (3,093 words) - 09:56, 14 December 2023
- AEPD (Spain) - EXP202100764 (category Article 5(1)(f) GDPR)contemplated in article 83.2 of the RGPD and the article 76.2 of the LOPDGDD, with respect to the infraction committed by violating the established in article 5.134 KB (5,184 words) - 13:22, 13 December 2023
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)After considering the objections in light of Article 4(24) GDPR and the factors outlined in Article 83(2) GDPR the EDPB instructed the DPC to impose an administrative289 KB (33,568 words) - 15:00, 1 February 2023
- AZOP (Croatia) - Decision 21-07-2022 (A1 telecommunications) (category Article 25(1) GDPR)controller HRK 2.15 million (approximately €283,000). It held that the controller violated Articles 25(1), 32(1)(b), 32(1)(d) and 32(2) GDPR by not taking7 KB (855 words) - 15:30, 30 October 2023
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)listed in Article 2(3) of that directive and Article 2(2) of that regulation, apply. 62 In particular, it should be noted that Article 9 of the GDPR and Article110 KB (18,000 words) - 08:01, 5 June 2023
- Court of Appeal of Brussels - 2020/AR/329 (category Article 77(2) GDPR)submits that Article 77 AVG 2, interpreted in the light of Articles 1, 51(1) and 57 AVG, recitals 7, 10 and 141 AVG, Article 8 Charter and Article 16 TFEU,48 KB (7,560 words) - 09:03, 20 August 2021
- OLG Innsbruck - 1 R 182/19b (category Article 99(2) GDPR)representative within 14 days the amount of EUR 2.500,-- plus 4% interest since 2.3.2019 is hereby rejected. 2. the plaintiff is obliged to reimburse the defendant54 KB (7,916 words) - 12:06, 9 May 2022
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)for more details. Article 2: Material scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal data9 KB (1,251 words) - 12:15, 8 May 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)data 9 2.1.1 Factual findings 9 2.1.2Legal assessment 9 2.2 Controller and processor(s) 10 2.2.1 Factual findings 10 2.2.2Legal assessment 12 2.3Security179 KB (22,957 words) - 17:07, 12 December 2023
- AEPD (Spain) - E/08210/2021 (category Article 4(22) GDPR)authority. Under Article 60 GDPR, the following DPAs were identified as “concerned supervisory authorities” under Article 4(22) GDPR: the Netherlands,29 KB (4,457 words) - 10:34, 13 December 2023
- Datatilsynet (Norway) - 20/02379 (category Article 85 GDPR)assessment on the wording of Article 85 GDPR, The Norwegian Constitution § 100, The European Convention of Human Rights Article 10, and the International29 KB (4,480 words) - 16:15, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9440075 (category Article 6(2) GDPR)art. 5 and 6 of the GDPR? The DPA held that Regione Campania violated art 5(1)(a)(c), art. 6(1)(c)(e), art. 6(2) and art. 6(3)(b) GDPR, and concluded that27 KB (4,339 words) - 15:50, 6 December 2023
- DSB (Austria) - D123.768/0004-DSB/2019 (category Article 85(2) GDPR)para 11 CFR Art11 para 1 ECHR Art10 para 1 GDPR Art4 no 2 GDPR Art4 no 7 GDPR Art85 para 1 GDPR Art85 para 2 Text GZ: DSB-D123.768/0004-DSB/2019 of 18.1229 KB (4,637 words) - 13:57, 12 May 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 38(2) GDPR)analyzes the criteria set by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches81 KB (11,895 words) - 16:58, 6 December 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR. The complainants are clients52 KB (8,603 words) - 16:55, 12 December 2023
- LfDI (Baden-Württemberg) - 0523.1-2/3 (category Article 5(2) GDPR) (section Violation of Article 5(2) GDPR)violation of Article 5(2) GDPR. Further proceedings regarding potential other violations of the GDPR were provisionally terminated pursuant to § 46 of the German8 KB (1,137 words) - 10:22, 17 November 2023
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)reasoned in accordance with Article 4(24) GDPR and, after conducting its own assessment of the factors under Article 83(2) GDPR, found that the proposed fine468 KB (51,340 words) - 14:10, 30 January 2023
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)more details. Article 2: Substantive scope Article 2.2.c: Exclusively personal or domestic activity Article 3: Territorial scope Article 4.1: Personal9 KB (1,168 words) - 15:30, 6 December 2023
- AEPD (Spain) - PS/00075/2020 (category Article 6(1)(a) GDPR)relation to Article 83.2(k) of the RGPD, the LOPDGDD, in its Article 76, "Sanctions and remedial measures", provides that "In accordance with Article 83(2)(k)31 KB (4,909 words) - 13:56, 13 December 2023
- AEPD (Spain) - PS/00317/2020 (category Article 13 GDPR)the lack of a privacy and cookie policy on a website infringe Article 13 GDPR and Article 22(2) LSSI? The AEPD decided to impose a fine to the clinic: € 200031 KB (4,862 words) - 14:28, 13 December 2023
- UODO (Poland) - ZSPR.421.19.2019 (category Article 31 GDPR)with Article 31, Article 58(1)(e) and (f) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament and of29 KB (4,698 words) - 10:02, 17 November 2023
- UODO (Poland) - DKN.5112.7.2020 (category Article 58(2)(b) GDPR)and Article 60 of the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2019, item 1781) and pursuant to Article 58(2)(b) in connection29 KB (4,687 words) - 09:56, 17 November 2023
- AEPD (Spain) - EXP202205791 (category Article 17 GDPR)with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the RGPD; and in article 47 of the LOPDGDD. C/ Jorge Juan29 KB (4,648 words) - 12:38, 13 December 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)has engaged another real estate agent for the sale. 2 Process flow First instance 2.1 2.2 2.3 2.4 2.5 PME summoned [plaintiff] on May 9, 2018 (see also103 KB (17,620 words) - 10:13, 29 November 2023
- OGH - 9Ob38/19g (category Article 4(11) GDPR)of § 6 para 3 KSchG, as it refers to the inadmissible clauses 1.2.3 and 1.2.6 [= clauses 2 and 3 above; note]. The inadmissibility of the provisions to which200 KB (33,233 words) - 09:49, 14 December 2023
- NAIH (Hungary) - NAIH/2020/2555 (category Article 4(2) GDPR)number). However, the DPA concluded that the controller did not violate Article 15(2) GDPR by asking for more information to identify the data subject when the33 KB (5,033 words) - 10:12, 17 November 2023
- AP (The Netherlands) - 23.09.2021 (category Article 32(2) GDPR)which led to a (sensitive) data breach, in violation of Article 32(1) and Article 32(2) GDPR In Oktober 2019, a malicious third party gained unauthorized66 KB (8,861 words) - 17:08, 12 December 2023
- AEPD (Spain) - EXP202210237 (category Article 6(1) GDPR)fact that the processing of the controller relied on Article (6)(1)(b) GDPR and Article 6(1)(c) GDPR as legal basis affects the holding of the DPA since32 KB (4,780 words) - 10:44, 13 December 2023
- Datatilsynet (Denmark) - 2020-441-4364 (category Article 5(1)(a) GDPR)not complied with Article 32 (1) of the Data Protection Regulation. 1 and 2, Article 33, para. Article 34 (3) (d) 1 and 2, and Article 5, para. 1, letter33 KB (5,347 words) - 16:39, 6 December 2023
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)(2) (f) and Article 14 (2) (g), Article 14 (1) andArticle 15 (1) (h) and Article 21 (1)infringement of Article 18 (1) (a) and (d).order the restriction192 KB (30,170 words) - 10:11, 17 November 2023
- AEPD (Spain) - E/03884/2020 (category Article 2(1) GDPR)allow a person to be unequivocally identified. Therefore, following Article 2(1) GDPR, the AEPD concluded that there was no processing of data, neither automated56 KB (8,737 words) - 09:35, 26 May 2021
- AEPD (Spain) - PS/00194/2020 (category Article 6 GDPR)norm therefore by article 19 of the LOPD as business data. We consider relevant the legal basis by which, according to the article Article 65 of the LOPD33 KB (5,338 words) - 14:09, 13 December 2023
- ANSPDCP (Romania) - Warning issued to Cluj-Napoca Municipality (category Article 5(1)(a) GDPR)Camera" (which processes image and voice) according to Article 5(1)(a) GDPR and Article 6(1) GDPR? The ANSPDCP found that the staff of the General Directorate7 KB (906 words) - 15:22, 13 December 2023
- the obligations under Article 6, §2, al. 5 and Article 9 of the Camera Act 1 2. there is a serious indication that article 6, § 2, al. 4 of the aforementioned35 KB (5,303 words) - 17:01, 12 December 2023
- APD/GBA (Belgium) - 10/2019 (category Article 5(1)(b) GDPR)provided for in Article 83 of the PGRD and having regard to the assessment factors listed in Article 83.2. of the RGPD, a reprimand (Article 100 § 1, 5° LCA)32 KB (5,190 words) - 16:51, 12 December 2023
- Personvernnemnda (Norway) - 2021-17 (20/02389) (category Article 6(1)(f) GDPR)legal basis for their processing in article 6(1)(f) GDPR. However, according to article 17(1)(c) and article 21(1) GDPR, upon receiving an erasure request45 KB (7,396 words) - 18:49, 5 March 2022
- IP - 07121-1/2020/1159 (category Article 6 GDPR)lawfulness under Article 6(1)(f) GDPR ("does the employer have legitimate interests in monitoring quarantine compliance?") or Article 9(2) GDPR ("quarantine7 KB (1,028 words) - 11:05, 13 January 2021
- Garante per la protezione dei dati personali (Italy) - 9269618 (category Article 5(1)(f) GDPR)controller under the GDPR. The data controller did not process personal data with an appropriate level of security, as required by article 32, read in conjunction34 KB (4,967 words) - 15:46, 6 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "182 KB (13,463 words) - 17:03, 6 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2023:56 (category Article 5(1)(c) GDPR)of Directive 95/46/EC (General Data Protection Regulation) Article 5, paragraph 1, subparagraph c, Article 25, Article 58, paragraph 2, subparagraph d45 KB (5,016 words) - 14:14, 21 March 2024
- AEPD (Spain) - PS/00127/2020 (category Article 13 GDPR)information duty included in Article 13 GDPR. Is this a violation of Article 13 GDPR? The AEPD held that there had been a violation of Article 13. According to the35 KB (5,363 words) - 14:02, 13 December 2023
- Helsingin hallinto-oikeus (Finland) - 116/2024 (category Article 25(2) GDPR)life insurance company had breached Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR as its as its practice was to process41 KB (6,133 words) - 10:29, 25 March 2024
- AEPD (Spain) - PS/00408/2019 (category Article 58(2) GDPR)thatestablishes article 83.2 of the RGPD, and with the provisions of article 76 of theLOPDGDD, regarding section k) of the aforementioned article 83.2 RGPD.In12 KB (1,812 words) - 14:35, 13 December 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 24(2) GDPR)statement of the Debtor [Article 83 (2) (k) GDPR]; - the processing did not affect specific categories of personal data [Article 83 (2) GDPR paragraph (g)]; -60 KB (9,820 words) - 10:08, 17 November 2023
- UODO (Poland) - DKN.5130.2815.2020 (category Article 32(2) GDPR)57(1)(a) and Article 58(2)(b) in connection with Article 5(1)(f), Article 24(1), Article 25(1), Article 32(1) and (2) of 2 of Regulation EU 2016/679 of the European37 KB (5,819 words) - 09:58, 17 November 2023
- APD/GBA (Belgium) - 24/2021 (category Article 35(2) GDPR)the basis of article 6.1 e) GDPR read together with articles 5.2 GDPR and 24.1 GDPR. 3) Violation of Articles 12.1, 12.6, 13.1 and 13.2 GDPR: the Inspection110 KB (18,238 words) - 16:56, 12 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 5(2) GDPR)provisions of Article 5.1 of the AVG, but concerns the entire AVG. 31. The aforementioned follows from the merger of Article 5.2 of the AVG and Article 24.1 of35 KB (5,526 words) - 16:56, 12 December 2023
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)3 Sentence 2 GDPR is in accordance and whether there is a conflict of interest within the meaning of. Article 38 Paragraph 6 Sentence 2 GDPR applies if40 KB (6,019 words) - 14:13, 28 November 2023
- Tribunal da Relação de Coimbra - 4354/19.7T8CBR-A.C2 (category Article 4(2) GDPR)missions, applying all the exclusions provided for in article 2 of the GDPR. ”, Resulting from its article 3 under the heading“ National control authority ”that“The30 KB (4,858 words) - 09:58, 6 October 2021
- AEPD (Spain) - PS/00128/2020 (category Article 9(2)(b) GDPR)an infringement of article 13 of the RGPD, typified in article 83.5.b) of the RGPD, a warning sanction in accordance with article 77.2 of the LOPDGDD. SECOND:39 KB (5,912 words) - 14:02, 13 December 2023
- CE - 437808 (category Article 83 GDPR)Secondly, under Article 83 of the GDPR: "1. Each supervisory authority shall ensure that administrative fines imposed under this article for violations13 KB (1,928 words) - 09:51, 10 September 2021
- APDCAT (Catalonia) - PS 49/2019 (category Article 5(1)(a) GDPR)out by the school). Article 9 GDPR, for having processed biometric data without any valid ground from Article 9(2). Article 13 GDPR, for not having informed38 KB (5,760 words) - 08:26, 8 September 2021
- AEPD (Spain) - PS/00054/2020 (category Article 5(1)(c) GDPR)may be recorded of the data processing, in violation of Article 13 and Article 5 (1) (c) GDPR. The complainant lodged a complaint with the AEPD about the37 KB (6,022 words) - 13:52, 13 December 2023
- AEPD (Spain) - E/08452/2019 (category Article 4(12) GDPR)found that there had been a “personal data breach” pursuant to Article 4 (12) of the GDPR as a result of the publication on the municipal website regarding11 KB (1,651 words) - 13:42, 13 December 2023
- APD/GBA (Belgium) - 73/2020 (category Article 5 GDPR)accordance with article 15 AVG (section 2.1) - data processing officer (section 2.2) - cookie policy (section 2.3) - health data processing (section 2.4) - camera93 KB (14,040 words) - 17:00, 12 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)§ 8 clause 2 of the GTC agreed between the parties (according to § 8 b paragraph 2 MB/KK). 52 § 8 b para. 2 MB/KK violates §203 sentence 2 VVG and is therefore40 KB (6,325 words) - 16:12, 18 May 2022
- AEPD (Spain) - PS/00180/2020 (category Article 13 GDPR)as per Article 22(2) of the Spanish Law on Information Society Services (LSSI) — amongst others, the Spanish law regulating cookies — and Article 13 of38 KB (5,879 words) - 14:07, 13 December 2023
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)complained of, by virtue of the powers established in Article 58.2 of the RGPD and in Articles 47, 64.2 and 68.1 of the Organic Law 3/2018, of December 5,39 KB (6,623 words) - 14:08, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9269629 (category Article 5(1)(f) GDPR)Consequently, based on Article 83(5)(a) GDPR, the hospital was fined to pay a fine of EUR 30.000,00 for violation of Article 5(1)(f) GDPR. Corrective measures38 KB (5,724 words) - 15:47, 6 December 2023
- AEPD (Spain) - PS/00065/2020 (category Article 13 GDPR)is based on Article 6(1)(a) or Article 9(2)(a) or Article 9(2)(b); or (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence61 KB (9,973 words) - 13:55, 13 December 2023
- APD/GBA (Belgium) - 20/2023 (category Article 2(4) GDPR)objection for data processing under Article 21 GDPR and the principle of liability under Article 2(4) GDPR and Article 24 GDPR. The complainant, the data subject14 KB (1,883 words) - 16:59, 20 March 2023
- Datatilsynet (Denmark) - 2019-432-0024 (category Article 6(2) GDPR)compliant with data protection rules, on the basis of Article 6(2) read in conjunction with Article 6(1)(e) GDPR. Then, the Datatilsynet focused on two specific13 KB (1,936 words) - 16:37, 6 December 2023
- UODO (Poland) - DKN.5112.13.2020 (category Article 5(1)(a) GDPR)on the GEOPORTAL2 was not in line with the principle of lawfulness in Article 5(1)(a) GDPR, as none of the conditions of Article 6 GDPR were satisfied.60 KB (9,755 words) - 09:58, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9446730 (category Article 58(2)(c) GDPR)to the GDPR, imposed a fine in the amount of € 10.000 and ordered Cavauto srl. to communicate the proposed changes in view of compliance with GDPR. The Italian34 KB (5,420 words) - 15:51, 6 December 2023
- APD/GBA (Belgium) - 138/2022 (category Article 5(2) GDPR)an infringement of Article 5 (1) a), b) and c) and (2) of the GDPR and Article 24 (1) of the GDPR; and - an infringement of article 8 of the law of 2143 KB (6,274 words) - 08:57, 29 June 2023
- HDPA (Greece) - 12/2024 (category Article 17 GDPR)60 of the GDPR does not apply the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR and 13 para37 KB (5,933 words) - 16:53, 19 April 2024
- APD/GBA (Belgium) - 137/2022 (category Article 12(3) GDPR)Belgian DPA used Article 58(2)(c) GDPR to order a controller to comply with an erasure request of a data subject pursuant to Article 17 GDPR after it failed14 KB (1,946 words) - 08:50, 29 June 2023
- OLG Bremen - 1 W 18/21 (category Article 82 GDPR)damages were not fully presented. Article 82 GDPR presupposes damage. The asserted mere breach of the provisions of the GDPR is not sufficient for a claim7 KB (945 words) - 13:54, 20 September 2021
- BVwG - W211 2210458-1/10 (category Article 2(1) GDPR)2019, BVwerG 6 C 2.18 "It follows that the opening clauses of Article 6.2 and 6.3 GDPR for processing operations under Article 6.1(1)(e) GDPR do not cover92 KB (15,435 words) - 16:00, 22 March 2022
- AEPD (Spain) - PS/00101/2020 (category Article 6 GDPR)provisions of article 39 bis 2 of the LSSI so that withinONE MONTH from the notification of this resolution:2.1. COMPLIES with the provisions of article 21.1 of13 KB (1,871 words) - 13:59, 13 December 2023
- NAIH (Hungary) - NAIH-1091-10/2022 (NAIH-6936/2021) (category Article 5(2) GDPR)comply with GDPR Article 12 (1) and GDPR Article 5 (2) of the provisions of paragraph 2, and he did not even mention the Data Subject 2. Based on GDPR Article69 KB (11,255 words) - 10:08, 17 November 2023
- BAC (Bulgaria) - № 11179 (category Article 5(1)(c) GDPR)and repealing Directive 95/46 / EC EC (General Data Protection Regulation, GDPR) for violation of Art. 5, § 1, b. "c" of the GDPR - the principle of data13 KB (1,908 words) - 13:41, 15 September 2021
- NAIH (Hungary) - NAIH/2020/5911/7 (category Article 12 GDPR)on the basis of the notification, Article 57 (1) f) of the General Data Protection Regulation and Article 38. § Article 1Regulation (EU) 2016/679 of the9 KB (1,337 words) - 10:13, 17 November 2023
- IMY (Sweden) - DI-2020-10561 (category Article 12(3) GDPR)intervention Article 58 (2) (i) and Article 83 (2) state that the IMY has the power to impose administrative penalty fees in accordance with Article 83. the17 KB (1,940 words) - 15:23, 6 December 2023
- APD/GBA (Belgium) - 19/2020 (category Article 5(2) GDPR)established by the GDPR.The principle of liability set out in Article 5.2 of the GDPR and developed in Article 24 are at the heart of the GDPR and reflect the39 KB (6,246 words) - 16:55, 12 December 2023
- AEPD (Spain) - PS/00086/2020 (category Article 5(1)(f) GDPR)constitute a violation of Article 5 (1) (f) of the RGPD? For infringing Article 5(1)(f) GDPR, in conjunction with Article 72(1)(a) LOPDGDD, the Spanish14 KB (2,017 words) - 13:57, 13 December 2023
- AEPD (Spain) - PS/00329/2020 (category Article 37 GDPR)having appointed a data protection officer, thus breaching Article 37 GDPR. After the GDPR came into force, the Burgos city Council did not appoint a DPO13 KB (2,002 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00326/2020 (category Article 37(1)(a) GDPR)obligation imposed on public authorities under Article 37(1) GDPR. This obligation is also within Article 34(1) and (3) of the Spanish data protection law14 KB (1,992 words) - 14:29, 13 December 2023
- AP (The Netherlands) - 10.12.2020 (locatefamily.com) (category Article 27(1) GDPR)data within the meaning of Article 4, opening words and (1) of the AVG. Based on Article 2, paragraph 1 and Article 3, paragraph 2, of the AVG, the AVG applies38 KB (6,339 words) - 17:14, 12 December 2023
- IP - 7121-1/2020/369 (category Article 6 GDPR)the conditions laid down in Article 7 GDPR. Additionally, in this case, the IP also reiterated the provisions of Article 8 GDPR on conditions applicable to10 KB (1,406 words) - 15:25, 17 March 2022
- AEPD (Spain) - PS/00028/2020 (category Article 6 GDPR)signifiesidentified catives (article 83.2 b) Basic personal identifiers -image- are affected (art 83.2g)VOn the other hand, article 83.7 of the RGPD provides14 KB (2,075 words) - 13:48, 13 December 2023
- AEPD (Spain) - EXP202202928 (category Article 12 GDPR)with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the GDPR; and in article 47 of the LOPDGDD. SECOND: In14 KB (2,003 words) - 12:37, 13 December 2023
- IP - 07121-1/2020/387 (category Article 9 GDPR)personal data under Article 9 GDPR. The processing of such data is prohibited unless one of the exceptions referred to in Article 9(2) GDPR applies. In the12 KB (1,812 words) - 15:11, 17 March 2022
- APD/GBA (Belgium) - 145/2023 (category Article 4(1) GDPR)material scope of application of the AVG (Article 2.1. AVG). None of the 4 grounds for exception under article 2.2. AVG apply here. As the Defendant does39 KB (6,247 words) - 09:14, 15 November 2023
- CNIL (France) - SAN-2019-001 (category Article 4(11) GDPR)comprehensible character, within the meaning of Article 12 of the GDPR, of the information provided for in Article 13 of the Regulation must be assessed. The90 KB (14,556 words) - 17:08, 6 December 2023
- ANSPDCP (Romania) - Warning issued to Bucharest Municipality (District 4) (category Article 5(1)(a) GDPR)device (which processes image and voice) according to Article 5(1)(a) GDPR and Article 6(1) GDPR? The ANSPDCP found that the staff of the General Directorate7 KB (931 words) - 15:22, 13 December 2023
- APD/GBA (Belgium) - XX/2021 (category Article 58(2)(c) GDPR)on the merits in accordance with Article 98 et seq. DPAA, to: - pursuant to Article 58.2(c) of the GDPR and Article 95(1)(5) of the DPAA , to order the17 KB (2,189 words) - 12:34, 3 August 2022
- AEPD (Spain) - PS/00089/2021 (category Article 6(1)(a) GDPR)the privacy policy. Thus, Article 21(1) LSSI has not been complied with, as there is no consent according to Articles 6 and 7 GDPR. Serious infringements11 KB (1,490 words) - 13:58, 13 December 2023
- AEPD (Spain) - PS/00055/2020 (category Article 5(1)(c) GDPR)consequent infringement of the data minimisation principle as per Article 5(1)(c) GDPR. The controller's video surveillance system is oriented toward the13 KB (1,964 words) - 13:52, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3021/452/2017 (category Article 12(2) GDPR) (section Application of Articles 12 and 15 GDPR to call records)(2016/679) Article 5 (1) (a), Article 12 (1), (2) and (6) , Article 13, Article 15 (1) (h), (3) and (4), Article 58 (2) (c) and (d) subparagraphs Article 34 (1)41 KB (6,220 words) - 09:48, 17 November 2023
- AEPD (Spain) - PS/00425/2019 (category Article 5(2) GDPR)down in Article 83 (2) GDPR: As aggravating factors: • In this case, negligent action is not intentional, but it is significant (Article 83 (¬2) (b)). •14 KB (2,140 words) - 14:39, 13 December 2023
- AEPD (Spain) - EXP202103746 (category Article 58(2) GDPR)violation of data minimisation, Article 5(1)(c) GDPR. No fines can be imposed against the controller and Article 83(5) GDPR can therefore not be imposed.16 KB (2,041 words) - 13:34, 13 December 2023
- AEPD (Spain) - PS/00040/2020 (category Article 15 GDPR)consequences of said treatment for the interested party. " Article 12.2.3 and .4 of the RGPD indicates: "2.The data controller will facilitate the interested party38 KB (6,303 words) - 13:50, 13 December 2023
- AEPD (Spain) - PS/00436/2019 (category Article 58(1) GDPR)LPACAP), for the alleged infringement of Article 58. 1 of the RGPD, typified in Article 83.5 of the RGPD. 2/5 SIXTH: The aforementioned agreement to commence14 KB (2,123 words) - 14:40, 13 December 2023
- AEPD (Spain) - PS/00410/2019 (category Article 7 GDPR)as per Article 22(2) of the Spanish Law on Information Society Services (LSSI) —this is the Spanish law regulating cookies, connected to Article 13 of the15 KB (2,192 words) - 14:36, 13 December 2023
- DSB (Austria) - D123.921/0005-DSB/2019 (category Article 1(2) GDPR)according to Art 15 Paragraph 1 GDPR, such as the origin of the data. In accordance with Art 15 (4) GDPR and Recital 63 GDPR, the information must be restricted42 KB (6,592 words) - 13:58, 12 May 2023
- GHAL - 200.256.426 (category Article 4(2) GDPR)on legitimate interests according to Article 6(1)(f) GDPR and that Ziggo had to comply with Article 6(4)(d) GDPR. The Court found that DFW had a legitimate40 KB (6,777 words) - 16:28, 15 March 2022
- AEPD (Spain) - PS/00417/2019 (category Article 37 GDPR)scalethe by the number of clients it has (article 83.2 a)Basic personal identifiers are affected (article 83.2 g)Therefore, in accordance with the applicable16 KB (2,298 words) - 14:36, 13 December 2023
- AEPD (Spain) - PS/00291/2020 (category Article 5(1)(f) GDPR)the commission of the infraction of article 22.2 of the LSSI. This offense is classified as "slight" in article 38.4 g), of the aforementioned Law, which15 KB (2,246 words) - 14:26, 13 December 2023
- APD/GBA (Belgium) - 48/2021 (category Article 5(1)(a) GDPR)(listed in Article 57 of the GDPR) including that of dealing with complaints (article 57.1.f) of the GDPR) as well as a number of powers (article 58 of the43 KB (6,670 words) - 16:58, 12 December 2023
- AEPD (Spain) - PS/00198/2019 (category Article 5(1) GDPR)virtue of the powers that Article 58.2 of the RGPD grants to each control authority, and in accordance with the provisions of Article 47 of Organic Law 3/201812 KB (1,686 words) - 14:09, 13 December 2023
- AEPD (Spain) - PS/00200/2019 (category Article 5(1)(f) GDPR)Madridsedeagpd.gob.es Page 3 3/55 of the LOPDGDD, as indicated in article 83.5 of the RGPD, and article 58.2.b)of the RGPD . "No allegations were received regarding14 KB (2,163 words) - 14:10, 13 December 2023
- AEPD (Spain) - PS/00251/2020 (category Article 37(1)(b) GDPR)company result in a breach of Article 37 GDPR? The Spanish DPA (AEPD) found that Conseguridad SL had violated Article 37(1)(b) GDPR by not having designated15 KB (2,245 words) - 14:22, 13 December 2023
- AEPD (Spain) - PS/00334/2020 (category Article 6(1) GDPR)legitimate basis a violation of GDPR? The Spanish DPA considered that the processing of personal data was in breach of Article 6(1) GDPR, as the worker had processed16 KB (2,328 words) - 14:30, 13 December 2023
- TS - 1039/2022 (category Article 18(1) GDPR)provided for in Article 18 GDPR. As explained by the Court, Article 18(1) GDPR, in particular in paragraph (d), is linked to Article 21(1) GDPR, which guarantees44 KB (6,561 words) - 14:24, 24 November 2022
- Hämeenlinnan hallinto-oikeus (Finland) - 2548/2023 (category Article 85(2) GDPR)information in accordance with Article 85(2) GDPR. The Court held that the provisions on the security of processing in Article 32 GDPR are not intended to limit44 KB (6,893 words) - 10:28, 25 March 2024
- AEPD (Spain) - EXP202104530 (category Article 28 GDPR)they filed a complaint, however the accused company acted according to Article 28 GDPR and the Spanish DPA ended the proceedings. A.A.A. (data subject) received12 KB (1,685 words) - 12:41, 13 December 2023
- AEPD (Spain) - TD/00277/2020 (category Article 17 GDPR)index of search the following urls: 1. *** URL.1 2. *** URL.2 3. *** URL.3 SECOND: In accordance with article 65.4 of the LOPDGDD, which has provided for a40 KB (6,518 words) - 13:29, 13 December 2023
- AEPD (Spain) - PS/00192/2022 (category Article 4(2) GDPR)health, culture, and emotional state. This combined with the fact that Article 4(2) GDPR includes "transmission" and "dissemination" in the definition of processing15 KB (2,257 words) - 13:02, 13 December 2023
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)basis for the dispute is Article 58 (2) (d) of the General Data Protection Regulation (GDPR), Regulation no and to repeal RL 95/46 / EG (OJ L 119) in conjunction41 KB (6,779 words) - 12:35, 24 November 2021
- AEPD (Spain) - PS/00005/2020 (category Article 5(1)(c) GDPR)possible non-compliance with the data minimisation principle, as per Article 5(1)(c) GDPR. The decision is the consequence of a complaint submitted by a Spanish13 KB (1,795 words) - 13:47, 13 December 2023
- AEPD (Spain) - PS/00070/2020 (category Article 58(2)(b) GDPR)publication of the judgment breach the GDPR? The AEPD held that the respondent’s actions violated the GDPR Article 5(1)(a) requirement that processing must43 KB (7,001 words) - 13:56, 13 December 2023
- AEPD (Spain) - PS/00273/2019 (category Article 58(2) GDPR)within a specified period - Article 58. 2 d)-. In accordance with Article 83(2) of the RGPD, the measure provided for in Article 58(2)(d) of that Regulation16 KB (2,359 words) - 14:24, 13 December 2023
- AZOP (Croatia) - Decision 04-08-2022 (category Article 6 GDPR)legitimate interests under Article 6(1)(f) GDPR, they must still comply with data protection principles under Article 5 GDPR. In Croatia, many employers11 KB (1,655 words) - 13:32, 31 October 2023
- AEPD (Spain) - PS/00461/2019 (category Article 83(2)(a) GDPR)fine on the defendant and stated he has to comply with Article 5(1)(c) and Article 83(2)(a)(b) GDPR. Share your comments here! Share blogs or news articles15 KB (2,366 words) - 14:41, 13 December 2023
- Datatilsynet (Denmark) - 2023-432-0016 (category Article 9(2)(a) GDPR)with Article 9(2)(a) GDPR and Article 6(1)(a) GDPR. Thus, the Danish DPA held that the processing was also not following the principles of Article 5(1)46 KB (7,192 words) - 12:37, 19 December 2023
- AEPD (Spain) - PS/00454/2019 (category Article 5(1)(c) GDPR)procedure to the claimed, by thealleged violation of Article 5.1.c) of the GDPR, typified in Article 83.5 of theRGPD. FIFTH: Consulted the database of this12 KB (1,832 words) - 14:41, 13 December 2023
- UODO (Poland) - DKE.561.11.2020 (category Article 58(2)(e) GDPR)57(1)(a), Article 83(1)-(2) and Article 83(6) in connection with Article 58(2)(e) and (i) of the Regulation of the European Parliament and of the Council46 KB (7,322 words) - 09:51, 17 November 2023
- AZOP (Croatia) - Decision 17-05-2022 (category Article 6 GDPR)consent, in line with Article 6(1)(a) GDPR. The Court recalled that Article 31 of the Croatian Law on the Implementation of the GDPR stipulates that the15 KB (2,261 words) - 15:55, 30 October 2023
- Datatilsynet (Denmark) - 2020-32-1733 (category Article 5(1)(d) GDPR)pursuant to Article 6(1)(e) of the GDPR and § 1(2) of the Act of Statistics Denmark and is not obliged to delete it in accordance with the Article 17(3)(b)16 KB (2,377 words) - 16:39, 6 December 2023
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision on the79 KB (12,260 words) - 17:00, 12 December 2023
- AEPD (Spain) - EXP202201247 (category Article 58(2) GDPR)hereinafter, LPACAP), for the alleged violation of article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid17 KB (2,350 words) - 13:17, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 12(2) GDPR)the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR. As a result, the DPA issued52 KB (7,936 words) - 22:32, 2 March 2024
- AEPD (Spain) - EXP202209175 (category Article 13 GDPR)sanction to the party claimed for the violation of Article 13 of the GDPR typified in Article 83.5 of the GDPR. The sanction that must be imposed is an administrative17 KB (2,368 words) - 13:28, 13 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2021:125 (category Article 51 GDPR)Constitution, Article 19 TFEU and Article 47 CFR. As Mr A's mandate and termination had not been assessed in the light of the provisions of the GDPR, the Supreme46 KB (7,394 words) - 14:08, 21 March 2024
- AEPD (Spain) - PS/00190/2020 (category Article 5(1)(f) GDPR)violation of article 5.1.f) of the RGPD, typified in article 83.5 of the GDPR. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 2/5 FOURTH: On14 KB (2,143 words) - 14:09, 13 December 2023
- AEPD (Spain) - TD/00164/2020 (category Article 12 GDPR)AEPD considers that this could lead to a sanction, in accordance with article 58(2) GDPR. Share your comments here! Share blogs or news articles here! The17 KB (2,571 words) - 14:51, 13 December 2023
- AEPD (Spain) - PS/00386/2019 (category Article 7 GDPR)as per Article 22(2) of the Spanish Law on Information Society Services (LSSI) —this is the Spanish law regulating cookies, connected to Article 13 of the16 KB (2,335 words) - 14:33, 13 December 2023
- AEPD (Spain) - PS/00116/2020 (category Article 13 GDPR)cookies, as per Article 22(2) Spanish Law on Information Society Services (LSSI). This law regulates cookies, connected to Article 13 GDPR. The decision16 KB (2,380 words) - 14:01, 13 December 2023