Search results
From GDPRhub
- not apparent why the principle laid down in Article 72(1) GDPR should be deviated from. Article 72(1) GDPR stipulates that the Board shall take decisions19 KB (1,530 words) - 14:23, 12 October 2023
- within the meaning of Article 72(1) GDPR. The GDPR does not contain detailed content requirements for the RoP. Article 74(2) GDPR only stipulates that the22 KB (2,266 words) - 08:26, 17 October 2023
- Article 33 GDPR (category GDPR Articles) (section (1) Controller's notification in the event of a personal data breach)agreement on joint responsibility as required under Article 26(1) of the GDPR. Article 33(1) GDPR outlines that controllers (as defined above) have an54 KB (6,536 words) - 08:22, 16 June 2023
- specific rules. Article 82 GDPR introduces a right to compensation for damage caused as a result of an infringement of the GDPR. Article 82(1) contains the33 KB (4,215 words) - 09:57, 19 March 2024
- one of the 'other administrative or non-judicial' remedies, which Article 78(2) GDPR refers to. If the DPA decides to uphold their decision, they will10 KB (1,078 words) - 06:40, 26 March 2023
- decisions in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C15 KB (808 words) - 09:44, 17 October 2023
- Article 17 GDPR (category GDPR Articles) (section (i) Erasure following objection under Article 21(1))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- Article 34 GDPR (category GDPR Articles) (section (1) Communication of a personal data breach to the data subject)meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- categories of data listed under Article 9(1) GDPR. There have been conflicting arguments as to whether Article 22(1) GDPR lays down a right or a general31 KB (4,768 words) - 06:24, 16 June 2023
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 99 GDPR (category Article 99 GDPR)shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and12 KB (295 words) - 08:25, 19 October 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 97 GDPR (category Article 97 GDPR)recitals for Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out16 KB (778 words) - 08:24, 19 October 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- Article 59 GDPR (category GDPR Articles)accordance with Article 58(2) [GDPR]”. These is a reference to the information that SAs must keep in internal records according to Article 57(1)(u) GDPR. The report15 KB (718 words) - 15:31, 19 October 2023
- in the EDPB's Rules of Procedure (“RoP”). Article 33(1) RoP stipulates that in “accordance with Art 76 (1) GDPR”, discussions of the Board and of expert15 KB (787 words) - 08:17, 19 October 2023
- commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- Article 67 GDPR (category Article 67 GDPR)Category:Article 67 GDPR See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available here). See EDPB, 2019 Annual Report, Section 4.3.1 (available15 KB (810 words) - 16:13, 2 November 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the41 KB (5,197 words) - 12:17, 17 April 2024
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 24 GDPR (category Article 24 GDPR) (section (1) Appropriate technical and organisational measures)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- the information society service(s)." According to Article 4(25) GDPR, which in turn refers to Article 1(1) of Directive (EU) 2015/1535, an "information society19 KB (1,335 words) - 13:56, 24 October 2023
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 98 GDPR (category Article 98 GDPR)accordance with Article 98'. → You can find all related decisions in Category:Article 98 GDPR The CJEU has yet to rule on Article 98 GDPR. Nonetheless, the15 KB (943 words) - 09:58, 8 November 2023
- Article 19 GDPR (category GDPR Articles)of Article 15(1)(c) GDPR, which permits in certain cases that the information provided is limited to "categories of recipient[s]": Article 15 GDPR is a19 KB (1,436 words) - 12:35, 12 May 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- will not have to submit another request for erasure under Article 17(1)(b) GDPR. Article 7(4) GDPR provides some useful guidance on the factors to be taken31 KB (3,489 words) - 16:00, 8 March 2024
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- establishes an EU-wide penalty regime for violations under Article 83 GDPR, Article 84(1) GDPR dispenses with complete harmonisation. It does, however, provide19 KB (1,477 words) - 14:12, 7 November 2023
- Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- binding decision under Article 66 GDPR, at the request of the Hamburg SA which adopted provisional measures under Article 66(1) GDPR, based on its consideration20 KB (1,590 words) - 16:11, 2 November 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 16 GDPR (category GDPR Articles)However, Article 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article23 KB (2,489 words) - 23:24, 6 March 2024
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)first glance, Article 92 GDPR's wording seems to be in conflict with Article 290(1) TFEU, but in actuality it is not. Article 92(2) GDPR must be read in19 KB (1,525 words) - 08:18, 19 October 2023
- accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)subjects - which would be counterproductive. Article 11 GDPR is meant to address this matter. Under Article 11(1) GDPR, when a processing operation does not or20 KB (1,854 words) - 16:32, 8 March 2024
- affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- 64(2) GDPR). The remaining paragraphs of Article 64(3)-(8) GDPR lay down substantive rules and a detailed procedure for the EDPB’s opinions. Article 64(1) GDPR23 KB (2,079 words) - 16:07, 2 November 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Articles 4(11), 6(1)(a), 7 and 8 GDPR. For the definition of 'consent', see the more commentary under Article 6(1)(a) GDPR and Article 7 GDPR. For the definition125 KB (16,328 words) - 16:01, 8 March 2024
- Article 38 GDPR (category GDPR Articles) (section (1) DPO's involvement in any data protection issues)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- framework of voluntary cooperation provided for in Article 62(1) GDPR is partly supplemented by Article 62(2) GDPR, which contains several cases in which joint22 KB (1,915 words) - 13:46, 15 January 2024
- compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- Article 61 GDPR (category Article 61 GDPR) (section (1) Exchange of information and mutual assistance)request (Article 61(5) GDPR), the requesting SA may adopt a provisional measure on the territory of its Member State under Article 55(1) GDPR. If the SA24 KB (2,181 words) - 11:46, 15 January 2024
- Article 51 GDPR (category GDPR Articles) (section (1) Establishment of a supervisory authority (SA))controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- Article 70 GDPR (category Article 70 GDPR) (section (1) Tasks to ensure the consistent application of the Regulation)leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 30 GDPR (category GDPR Articles) (section (1) Record of processing activities by the controller)requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller31 KB (3,327 words) - 15:31, 5 June 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- other DPAs concerned. The BCR Lead the submits, following Article 64(1) GDPR and Article 64(4) GDPR, a draft decision to the EDPB. The EDPB, in turn, issues29 KB (2,823 words) - 15:15, 28 April 2022
- Article 42 GDPR (category GDPR Articles) (section (1) Defining certification mechanisms, data protection seals, and marks)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- complaint under Article 77(1) GDPR on behalf of the data subject and to represent the them before all supervisory authorities (“SA”) (Article 4(21) GDPR). Secondly26 KB (2,575 words) - 15:50, 9 November 2023
- clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- deadline of Article 36(1) GDPR, and it is still disputed whether the outcome of the procedure rather resembles that of Article 58(3)(a) GDPR or Article 58(3)(b)31 KB (3,646 words) - 08:51, 21 July 2023
- proceedings under Article 79(1) GDPR where no subjective rights under the GDPR are concerned. For example, a data subject cannot use Article 79(1) GDPR to bring31 KB (3,550 words) - 11:11, 29 November 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)the basis of (i) its legitimate interest (Article 6(1)(f) GDPR) or (ii) the public interest (Article 6(1)(e) GDPR). Hence, data subjects may find themselves32 KB (3,730 words) - 08:43, 7 March 2024
- elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- Article 85 GDPR (category Article 85 GDPR) (section (1) Reconciling data protection rules with freedom of expression)into force of the GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1073. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- between Article 21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c)49 KB (5,993 words) - 06:22, 16 June 2023
- opening clause under Article 88(1) GDPR, any rules introduced must meet the criteria imposed by Article 88(2) GDPR. Lastly, Article 88(3) GDPR imposes an obligation32 KB (3,228 words) - 13:32, 30 November 2023
- Article 53 GDPR (category GDPR Articles) (section (1) Authority appointing the members of the supervisory authority (SA))the SAs' tasks, please refer to Article 57 GDPR and for their powers please refer to Article 58 GDPR. See Recital 122 GDPR. In this respect, reference should29 KB (2,894 words) - 23:06, 1 April 2024
- mentioned in Article 26(1), but also encompasses other obligations of controllers under the GDPR. EDPB: This extends to various obligations under the GDPR, including37 KB (3,915 words) - 12:49, 24 May 2023
- According to the final paragraph in Article 49(1) GDPR, when none of the derogations described above (Article 49(1)(a-g) GDPR) is applicable, transfers to third29 KB (3,500 words) - 08:54, 27 March 2023
- Article 55 GDPR (category GDPR Articles) (section (1) Territorial competence of supervisory authorities (SAs))which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- additional benefit of Article 14(1)(d) GDPR may be questionable, if one agrees that Article 14(1)(c) (see commentary on Article 13(1)(c) GDPR) already requires47 KB (5,644 words) - 17:49, 5 March 2024
- Article 89 GDPR (category Article 89 GDPR) (section (1) Mandatory Appropriate Safeguards for Archiving Purposes in the Public Interest, Scientific or Historical Research Purposes,...)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- Article 78 GDPR (category GDPR Articles) (section (1) Right to an effective judicial remedy against an SA's decision)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- lead SA (“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the33 KB (4,185 words) - 16:09, 2 November 2023
- the territorial scope of the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 16 (available here) referring to Article 1(1)(b) Directive (EU) 2015/153537 KB (4,635 words) - 13:29, 24 October 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 37 GDPR (category GDPR Articles) (section (1) Obligation to designate a data protection officer)surveillance cameras, it was therefore in breach of Article 37(1)(b) GDPR by not having a DPO. Article 37(1) GDPR specifies three conditions in which the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))further details see Article 14(1)(d) GDPR. Similar to the ex-ante information in Article 13(1)(e) and 14(1)(e) GDPR, Article 15(1)(c) GDPR requires the controller73 KB (9,896 words) - 15:46, 18 March 2024
- the establishment of SAs are set out in Article 51(1) and 52 GDPR, Article 54(1)(a) GDPR repeats that these should be legislated for through a Member State's34 KB (3,649 words) - 13:19, 30 October 2023
- up. Indeed, the wording of Article 40(1) establishes that they “shall encourage” this (emphasis added). Article 40(1) GDPR clarifies that codes of conduct44 KB (5,008 words) - 14:50, 28 July 2023
- under Article 13 should not be too long. Article 12 GDPR may be limited by Union or national Law in accordance with Article 23 GDPR. Article 12(1) GDPR76 KB (11,304 words) - 08:37, 4 March 2024
- must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller52 KB (7,297 words) - 08:05, 18 July 2023
- with the support of the EDPB in accordance with Article 70(1)(b) GDPR. According to Article 45(5) GDPR, the continued monitoring referred to in paragraph43 KB (5,641 words) - 14:58, 28 April 2022
- consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Article 52 GDPR (category GDPR Articles) (section (1) Complete independence of supervisory authorities (SAs))this purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the47 KB (5,594 words) - 22:45, 1 April 2024
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- Recitals GDPR (section Recitals from the GDPR)practice. Recital 1: The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter182 KB (24,065 words) - 13:40, 9 July 2021
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(1)(c) GDPR)Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and 35, para. 1. Below48 KB (7,442 words) - 10:24, 12 September 2022
- GDPRhub style guide (section GDPR)the Member States. Example: Article 6(1)(a) GDPR Example: Not Art. 6 Abs 1 Lit a GDPR or Article 6 GDPR or GDPR Article 6, Sec 1(a) Recitals are also not17 KB (2,510 words) - 13:56, 24 April 2023
- BVwG - W211 2210458-1/10 (category Article 2(1) GDPR)according to To 1): € 1.200,00 To 2): € 300,00 To 3): € 300,00 . . . In total: € 1.800 To 1): 3 days To 2): 1 day To 3): 1 day ... In total: 5 days Ad 1): Art.92 KB (15,435 words) - 16:00, 22 March 2022
- AEPD (Spain) - EXP202105680 (category Article 9 GDPR)very serious in article 72.1. e) from the LOPDGDD, with 10,000 euros. -article 13 of the GDPR, in accordance with article 83.5 b) of the GDPR, and for the66 KB (10,558 words) - 13:14, 13 December 2023
- UODO (Poland) - DKN.5131.6.2020 (category Article 33(1) GDPR)Article 57 (1) (a), Article 58 (2) (e) and (i), Article 83 (1) - (3) and Article 83 (4) (a) in connection with Article 33 (1) and Article 34 (1), (2) and66 KB (10,785 words) - 10:00, 17 November 2023
- APD/GBA (Belgium) - 72/2020 (category Article 5(1)(b) GDPR)articles 5.1.,b) juncto 24.1 and 9.2.a) juncto 7.3 of the RGPD; - that it is not necessary to pronounce one of the measures provided for in Article 100, §1 of34 KB (5,677 words) - 17:00, 12 December 2023
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)provisions of article 83.1 of the GDPR. In order to determine the administrative fine to be imposed, the provisions of article 83.2 of the GDPR and article 76 of74 KB (11,726 words) - 13:02, 13 December 2023
- AP Barcelona - Auto 72/2021 (category Article 9(1) GDPR)prohibited by Article 9(1) of the GDPR. In order to process such data, the controller should have validly relied in one of the exceptions from Article 9(2). However34 KB (5,368 words) - 14:01, 20 September 2021
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines75 KB (12,421 words) - 13:23, 13 December 2023
- AEPD (Spain) - EXP202206626 (category Article 5(1)(c) GDPR)accordance with article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 The GDPR defines35 KB (5,475 words) - 13:21, 13 December 2023
- ANSPDCP (Romania) - 31.01.2023 (category Article 6(1)(a) GDPR)the GDPR. The dental practise violated the GDPR by not informing the DPA of the data breach within 72 hours and, thereby, violated Article 33 GDPR. The8 KB (1,123 words) - 15:15, 13 December 2023
- AP (The Netherlands) - 10.12.2020 (Booking.com) (category Article 33(1) GDPR)referred to in Article 33(1) of the AVG.15 15 File note 1, Notification of personal data breach 7-2-2019. P 5. 3.4.3 Assessment Article 33(1) of the AVG provides77 KB (12,915 words) - 17:15, 12 December 2023
- AEPD (Spain) - EXP202209001 (category Article 5(1)(c) GDPR)IMPOSE Ms. B.B.B., with NIF ***NIF.1, for a violation of the Article 5.1.c) and 13 of the RGPD, typified in Article 83.5 a) and b) of the RGPD, a fine22 KB (3,303 words) - 13:28, 13 December 2023
- AEPD (Spain) - EXP202209511 (category Article 6(1) GDPR)***NIF.1, for a violation of Article 6.1 and another of article 13 of the RGPD, typified in Article 83.5 letters a) and b) of the RGPD, a fine of €1,500 (€122 KB (3,257 words) - 13:28, 13 December 2023
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)of Article 5.1.f) of the RGPD typified in Article 83.5.a) of the RGPD and considered very serious, for the purposes of prescription, in Article 72.1.a)39 KB (6,623 words) - 14:08, 13 December 2023
- AEPD (Spain) - PS/00152/2020 (category Article 33 GDPR)foundation was responsible for violating Article 33 GDPR, and issued it with a warning pursuant to Article 58(2)(b) GDPR. The AEPD did not find the former Secretary27 KB (4,243 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00268/2022 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD, Article 33 of the RGPD, Article 25 of the RGPD and Article 32 of the RGPD, typified in Article 83.5 of the RGPD63 KB (9,551 words) - 12:33, 13 December 2023
- AEPD (Spain) - EXP202200429 (category Article 5(1)(c) GDPR)infringement of the GDPR, articles: -12 of the GDPR, in accordance with article 83.5.b) of the GDPR and 72.1.k) of the LOPDGDD, and -5.1.c) of the GDPR, in accordance56 KB (9,356 words) - 10:43, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)relation to the requirements prescribed by Article 12.1 of the GDPR (transparency obligation) and by Article 13 of the GDPR (right to information). The Head of82 KB (11,472 words) - 16:58, 6 December 2023
- processing by the defendant can only be Article 6 (1) sentence 1 lit e) DSGVO (see b) or Article 6 (1) sentence 1 lit f) DSGVO (see c), the requirements51 KB (8,215 words) - 09:55, 13 May 2022
- AEPD (Spain) - PS/00451/2019 (category Article 6(1)(f) GDPR)and application of Article 20.1 c) by the AEPD implies the exclusion of the weighting required by the legitimizing basis of Article 6.1.f) of the RGPD and26 KB (4,231 words) - 14:44, 13 December 2023
- DSB (Austria) - D550.038/0003-DSB/2018 (category Article 5(1)(a) GDPR)provision(s): Regarding 1) - Article 5(1)(a) and (c) and Article 6(1) of the Data Protection Basic Regulation - DSGVO, OJ No L 119, 4.5.2016, p. 1. Re 2) (a) Section31 KB (5,161 words) - 14:02, 12 May 2023
- VG Wiesbaden - 6 K 788/20.WI (category Article 15(1)(h) GDPR)conditions of Article 6 (1) of the GDPR. This follows both from Article 21(1)(1)(2) of the GDPR, which refers to Article 6(1)(1)(e) and (f) of the GDPR as a possible52 KB (8,534 words) - 12:58, 15 December 2021
- Datatilsynet (Denmark) - 2020-442-8866 (category Article 4(1) GDPR)within the 72-hour time limit mandated by Article 33(1). Did the secretariat of the DPA breach its data security obligations under Articles 32(1), 33(1), and20 KB (3,045 words) - 16:40, 6 December 2023
- AP (The Netherlands) - 16.06.2020 (category Article 9(1) GDPR)under Article 4(12) GDPR. Second, the AP found that PVV Overijssel was obliged to notify the data breach to the AP within 72 hours pursuant to Article 33(1)54 KB (8,224 words) - 17:07, 12 December 2023
- UODO (Poland) - DKN.5131.7.2020 (category Article 33(1) GDPR)breach and had failed to do so within the timeframe set out in Article 33(1) of the GDPR, meaning that the company had breached this provision. Consequently50 KB (8,066 words) - 10:00, 17 November 2023
- AEPD (Spain) - PS/00029/2020 (category Article 5(1)(f) GDPR)the alleged infringement of Article 5.1.f) of the RGPD, in accordance with the provisions of Article 83.5 of the RGPD and 72.1.i) of the LOPDGDD, considered44 KB (6,943 words) - 13:49, 13 December 2023
- AEPD (Spain) - PS/00220/2020 (category Article 5(1)(d) GDPR)infringement of article 5.1 d) of the RGPD because the due payment request was not made due to a quality problem of the data. IV Article 72.1.a) of the LOPDGDD28 KB (4,295 words) - 14:11, 13 December 2023
- AEPD (Spain) - PS/00249/2020 (category Article 5(1)(b) GDPR)the presumed infringement of article 5.1 b) of the RGPD, typified in Article 83.5 a) of the RGPD, in relation to Article 72.1 a) of the LOPDGDD. SECOND:20 KB (3,097 words) - 14:22, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 5(1)(f) GDPR)subparagraphs b '. y '. d 'and e' of par. 1 of article 5 as well as of article 6 par. 1ΓΚΠΔ ... ». 3. Reasoning 3.1. The data contained in an insurance policy61 KB (9,412 words) - 16:52, 6 December 2023
- AEPD (Spain) - PS/00028/2020 (category Article 6 GDPR)J10460640 , for aviolation of article 6 of the RGPD, typified in article 83.5 of the RGPD, in relation towith article 72.1 b) of the LOPDGDD, a fine of14 KB (2,075 words) - 13:48, 13 December 2023
- HDPA (Greece) - 35/2023 (category Article 5(1) GDPR)personal data by bank to the data subject's wife under Article 5 (1) (a) GDPR and Article 5 (1) (f) GDPR. An additional €50,000 was added for the violation52 KB (8,460 words) - 10:54, 10 January 2024
- AEPD (Spain) - PS/00275/2019 (category Article 5(1)(f) GDPR)the same year, for alleged infringement of Article 5.1.f) of the GDPR, typified in article 83.5 of the GDPR, proposing a fine of 50,000 euros. Vodafone21 KB (3,335 words) - 14:25, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)questions: 1° Should Article 72.2 of the e-Privacy Directive 2002/58/EC, read in conjunction with Article 2(f) of that directive and with Article 95 of the67 KB (10,544 words) - 09:24, 10 September 2021
- AEPD (Spain) - PS/00452/2019 (category Article 6(1)(a) GDPR)pursuant to Article 47(1) and 48.1 of Law 39/2015 of 1 October, on the limitation of the infringement of article 6.1 of the RGPD typified in article 83.5 a)25 KB (4,037 words) - 14:55, 13 December 2023
- AEPD (Spain) - PS/00449/2019 (category Article 5(1)(b) GDPR)with NIF G08564379, an infringement of article 5.1.b) GDPR, typified in Article 83.5 GDPR, in relation to Article 72.1 a) of the LOPDGDD, a fine of 5000 euros19 KB (2,862 words) - 14:43, 13 December 2023
- AEPD (Spain) - PS/00075/2020 (category Article 6(1)(a) GDPR)case; (…)” IV Infringement of Article 6.1.a) of the GDPR Article 5, Principles relating to processing, of the RGPD states: "1. Personal data shall be: (a)31 KB (4,909 words) - 13:56, 13 December 2023
- AEPD (Spain) - PS/00269/2019 (category Article 5(1)(f) GDPR)infringement of article 5.1.f), in relation to article 6.1, of the RGPD. The infringement of article 5.1.f) of the RGPD is typified in article 83.5.a) of the30 KB (4,761 words) - 14:24, 13 December 2023
- AEPD (Spain) - PS/00389/2019 (category Article 5 GDPR)infringement in accordance with referred to in Article 72 of the LOPDGDD, which provides "1. Depending on what Article 83(5) of Regulation (EU) 2016/679 are considered31 KB (4,819 words) - 14:34, 13 December 2023
- AEPD (Spain) - PS/00079/2020 (category Article 6(1) GDPR)of Article 6(1) GDPR? The Spanish DPA held that the documentation in the file provides evidence that G.L.P. Instalaciones 86, S.L violated Article 6(1)20 KB (3,301 words) - 13:57, 13 December 2023
- AEPD (Spain) - PS/00182/2020 (category Article 6(1) GDPR)of October 1, of the Common Administrative Procedure of Public Administrations (hereinafter, LPACAP), for the alleged violation of Article 6.1 of the RGPD21 KB (3,154 words) - 14:07, 13 December 2023
- AEPD (Spain) - EXP202200439 (category Article 6(1) GDPR)constitutes sensitive data within the meaning of Article 9 GDPR. The DPA alluded to Article 9(1) GDPR which prohibits the processing of these special categories36 KB (5,608 words) - 13:01, 13 December 2023
- AEPD (Spain) - PS/00381/2019 (category Article 5(1)(f) GDPR)breach of Article 5(1)(f) GDPR. Was the publication of the census copies a breach of the data integrity and confidentiality principle under Article 5(1)(f) GDPR22 KB (3,479 words) - 14:33, 13 December 2023
- AKI (Estonia) - 2.1.-1/22/1396 (category Article 5(1)(f) GDPR)basis in line with Article 13(1)(d) GDPR. The DPA stated that it would impose a fine on the controller, pursuant to Article 58(2)(i) GDPR, if latter does34 KB (5,305 words) - 08:40, 29 June 2023
- UODO (Poland) - DKN.5131.5.2020 (category Article 33(1) GDPR)subjects, according to Article 33(1) GDPR and Article 34(1) GDPR? The PUODO held that the insurance company infringed the GDPR provisions, failing to notify47 KB (7,608 words) - 10:00, 17 November 2023
- AEPD (Spain) - PS/00099/2022 (category Article 5(1)(f) GDPR)controller with €10,000 for the violation of Article 5(1)(f) GDPR and €25,000 for the violation of Article 32 GDPR. There is a pattern in the Spanish DPA resolutions38 KB (5,920 words) - 12:43, 13 December 2023
- AEPD (Spain) - PS/00086/2020 (category Article 5(1)(f) GDPR)constitute a violation of Article 5 (1) (f) of the RGPD? For infringing Article 5(1)(f) GDPR, in conjunction with Article 72(1)(a) LOPDGDD, the Spanish14 KB (2,017 words) - 13:57, 13 December 2023
- AEPD (Spain) - PS/00415/2020 (category Article 5(1)(d) GDPR)imposed a fine of €60000 for the violating Article 5(1)(d) GDPR and €30000 for violating Article 5(1)(f) GDPR. In imposing the fine, the AEPD factored in30 KB (4,436 words) - 14:36, 13 December 2023
- AEPD (Spain) - PS/00366/2019 (category Article 5(1)(d) GDPR)authorities an infringement of Article 5 (1) (d) GDPR? The AEPD agreed to impose a penalty for infringement of Article 5 (1) (d) for lack of accuracy in29 KB (4,583 words) - 14:32, 13 December 2023
- APD/GBA (Belgium) - 05/2021 (category Article 5(1)(f) GDPR)of 25,000 euros (Article 83, paragraph 2 GDPR; Article 100, §1, 13 ° WOG and Article 101 WOG). 18 55. Taking into account article 83 GDPR and the case law60 KB (9,281 words) - 16:50, 12 December 2023
- AEPD (Spain) - PS/00190/2020 (category Article 5(1)(f) GDPR)confidentiality referred to in article 5.1.f) of Regulation (EU) 2016/679. " Its article 72.1.a) considers it: “Violations considered very serious "1. In accordance with14 KB (2,143 words) - 14:09, 13 December 2023
- Supreme Court - C.20.0323.N (category Article 5(1)(c) GDPR)Articles 2.1, 4 2), 5.1 c) and 57.1 a), f) and h) GDPR, to the extent necessary read in conjunction with Article 288(2) TFEU and Articles 4 § 1, 63, 72 and 10043 KB (6,749 words) - 07:07, 28 October 2021
- TS - 1039/2022 (category Article 18(1) GDPR)provided for in Article 18 GDPR. As explained by the Court, Article 18(1) GDPR, in particular in paragraph (d), is linked to Article 21(1) GDPR, which guarantees44 KB (6,561 words) - 14:24, 24 November 2022
- AEPD (Spain) - PS/00095/2020 (category Article 5(1)(b) GDPR)by the alleged violation of Article 5.1(f) of the GDPR, Article 5.1(b) of the GDPR, as set out in Article 83.5 of the GDPR. FOURTH: On 10 June 2020, the15 KB (2,317 words) - 13:59, 13 December 2023
- AEPD (Spain) - PS/00192/2022 (category Article 4(1) GDPR)limitation period, article 72 of the LOPDGDD indicates: Article 72. Infractions considered very serious. "1. Based on the provisions of article 83.5 of Regulation15 KB (2,257 words) - 13:02, 13 December 2023
- AEPD (Spain) - EXP202201247 (category Article 6(1) GDPR)an infringement of article 6.1 of the RGPD, typified in article 83.5 of the RGPD, and for the purposes of prescription, by article 72.1 b) of the LOPDGDD17 KB (2,350 words) - 13:17, 13 December 2023
- AEPD (Spain) - PS/00402/2019 (category Article 6 GDPR)imposed a fine of 20.000 EUR on IBERIA Airlines for the violation of Article 6(1)(f) GDPR, when further sending unsolicited emails after a customer has requested15 KB (2,327 words) - 14:34, 13 December 2023
- AEPD (Spain) - TD/00010/2020 (category Article 12 GDPR)AEPD pursuant to Article 72(1)(m). The AEPD does not specify the provision of Article 21 on which it bases its decision. Article 21 GDPR states that the16 KB (2,571 words) - 14:49, 13 December 2023
- AEPD (Spain) - PS/00448/2020 (category Article 5(1)(f) GDPR)data contained in article 5(f) and 32 the GDPR? The AEPD held that this offense is considered as ‘grave’ in accordance with Article 72(1)(k) LOPDGDD and45 KB (7,217 words) - 14:40, 13 December 2023
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(1) GDPR)regard to Client 1 that data management - infringed Article 25 (1) to (2) of the General Data Protection Regulation, - infringed Article 32 (1) (b) of the General67 KB (10,492 words) - 10:11, 17 November 2023
- CNIL (France) - 2023-097 (category Article 5(1)(c) GDPR)the public interest, per Article 6(1)(e) GDPR, and was also necessary for scientific research purposes under Article 9(2)(j) GDPR. Thirdly, that the data18 KB (2,536 words) - 17:11, 6 December 2023
- AEPD (Spain) - PS/00374/2018 (category Article 5(1)(c) GDPR)controller, in this case the public administration, breached Articles 5(1)(c) and 5(1)(f) GDPR. The AEPD examined a complaint submitted by an anonymous citizen18 KB (2,711 words) - 13:43, 13 December 2023
- AEPD (Spain) - PS/00333/2019 (category Article 5 GDPR)infringement of article 5.1(b), as defined in Article 83(5)(a) and considered for the purposes of the statute of limitations in Article 72(1)(a), a fine of16 KB (2,625 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00034/2020 (category Article 5(1)(f) GDPR)with NIF ***NIF.1, for an infringement of Article 5.1.f) of the RGPD, typified in Article 83.5 of the RGPD, in relation to Article 72(1)(a) a fine of EUR18 KB (2,727 words) - 13:50, 13 December 2023
- AEPD (Spain) - PS/00450/2019 (category Article 5(1)(f) GDPR)for the infringement of Article 5.1 f) of the RGPD, typified in Article 83.5 a) of the RGPD and considered very serious in 72.1.a), for the purposes of17 KB (2,620 words) - 14:43, 13 December 2023
- AEPD (Spain) - PS/00187/2020 (category Article 5(1)(f) GDPR)by the alleged violation of Article 32 of the RGPD, Article 5.1.f) of the RGPD, Article 25 of the RGPD, typified in Article 83.5 of the RGPD. FOURTH: On51 KB (7,770 words) - 14:08, 13 December 2023
- AEPD (Spain) - EXP202301529 (category Article 17 GDPR)established in the articles 15 to 22 of the GDPR, regulated in article 64.1 of the LOPDGDD, according to the which: "1. When the procedure refers exclusively20 KB (3,078 words) - 13:05, 13 December 2023
- AEPD (Spain) - TD/00183/2021 (category Article 15 GDPR)the offense considered in article 72.1.m) of the LOPDGDD, which will be sanctioned, in accordance with art. 58.2 of the GDPR. SECOND: NOTIFY this resolution20 KB (3,087 words) - 13:30, 13 December 2023
- UODO (Poland) - DKN.5131.31.2021 (category Article 5(1)(a) GDPR)controller violated Article 33(1) GDPR by failing to inform the DPA of the data breach. Second, the DPA held that the controller violated Article 28(1), (3) and105 KB (17,237 words) - 09:22, 10 May 2023
- CNIL (France) - SAN-2023-0076 (category Article 5(1)(b) GDPR)instance, the controller sought to rely upon Article 6(1)(e) GDPR and Article 9(2)(j) GDPR. Article 6(1)(e) GDPR establishes a lawful basis for the processing19 KB (2,826 words) - 17:01, 6 December 2023
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)as established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal100 KB (16,401 words) - 14:07, 13 December 2023
- AEPD (Spain) - PS/00491/2020 (category Article 6(1) GDPR)(1) GDPR? The AEPD found that publishing the image of the data subject without his consent was a violation of Article 6 (1) GDPR, and decided to fine the19 KB (2,957 words) - 14:45, 13 December 2023
- AEPD (Spain) - PS/00206/2020 (category Article 6 GDPR)thealleged infringement of Article 6 of the RGPD, typified in Article 83.5 a) of the RGPDand considered very serious in 72.1.a), for the purposes of prescription20 KB (3,078 words) - 14:10, 13 December 2023
- AEPD (Spain) - TD/00318/2019 (category Article 12 GDPR)considered a violation pursuant to Article 72(1)(m) of the LOPDGDD, which would be sanctioned according to Article 58(2) GDPR. Share your comments here! Share20 KB (2,999 words) - 14:52, 13 December 2023
- AEPD (Spain) - PS/00128/2020 (category Article 6(1)(b) GDPR)LOPDGDD in its article 72 indicates for the purposes of prescription: "Infractions considered very serious: "1. Based on the provisions of article 83.5 of the39 KB (5,912 words) - 14:02, 13 December 2023
- AEPD (Spain) - EXP202208091 (category Article 5(1)(f) GDPR)for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned40 KB (6,014 words) - 13:24, 13 December 2023
- AEPD (Spain) - EXP202205353 (category Article 5(1)(f) GDPR)the alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement22 KB (3,386 words) - 16:05, 13 December 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 5(1)(f) GDPR)infringements of Article 5(1)(f), Article 24, and Article 32 GDPR, and to the objection of the IT SA on the possible infringement of Article 5(2) GDPR, the EDPB183 KB (30,819 words) - 09:50, 20 January 2023
- AEPD (Spain) - PS/00274/2019 (category Article 5(1)(f) GDPR)violation of thearticle 5.1.f), in relation to article 6.1 of the RGPD.The violation of article 5.1.f) of the RGPD is typified in article 83.5.a)of the RGPD.37 KB (5,700 words) - 14:24, 13 December 2023
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines22 KB (3,427 words) - 13:26, 13 December 2023
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: Notification of the aforementioned start-up22 KB (3,319 words) - 13:00, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)of articles 38.1, 38.3, 39.1 a) and 39.1 b) of the GDPR; - to issue an injunction against Company A to comply with Article 38.1 of the GDPR, within four66 KB (9,458 words) - 19:42, 4 September 2021
- AEPD (Spain) - EXP202201746 (category Article 5(1)(f) GDPR)infringement of Article 32 GDPR. Therefore, the Spanish DPA issued a warning sanction for each violation of Article 5(1)(f) and Article 32 GDPR. AEPD highlighted62 KB (9,703 words) - 13:05, 13 December 2023
- AEPD (Spain) - PS/00279/2020 (category Article 6 GDPR)for the violation of Article 6 GDPR and € 4 000 for the violation of article 13, under the power conferred by Article 83(5) GDPR. Share your comments here21 KB (3,123 words) - 14:25, 13 December 2023
- AEPD (Spain) - EXP202103039 (category Article 13 GDPR)person in charge of the treatment, the violation of article 13 of the RGPD. In this sense, article 72.1.h) of the LOPDGDD, considers it very serious, for22 KB (3,385 words) - 13:35, 13 December 2023
- AEPD (Spain) - PS/00129/2022 (category Article 83(5) GDPR)council for an infringement of Article 32 GDPR. The AEPD dropped the case due to the time limitations outlined in Article 72 and 73 LOGPD. The access to the22 KB (3,420 words) - 12:59, 13 December 2023
- AEPD (Spain) - PS/00189/2020 (category Article 58(2) GDPR)(LOPDGDD) in its article 72.1 m), under the rubric “Infractions considered very grave ”provides: "1. In accordance with the provisions of article 83.5 of Regulation22 KB (3,343 words) - 14:08, 13 December 2023
- AEPD (Spain) - EXP202205820 (category Article 6 GDPR)according to article 4.1 of the GDPR, are a Personal data and its protection, therefore, is the subject of said Regulation. In the article 4.2 of the GDPR defines61 KB (9,700 words) - 13:21, 13 December 2023
- AEPD (Spain) - PS/00415/2019 (category Article 6(1) GDPR)referred to as LPACAP), for the alleged infringement of Article 6.1 of the RGPD, as defined in Article 83.5 of the RGPD. FOURTH: Upon notification of the aforementioned22 KB (3,521 words) - 14:36, 13 December 2023
- AEPD (Spain) - PS/00010/2020 (category Article 6(1)(a) GDPR)lawful bases of Article 6(1)(a) and 6(1)(b) in particular, stating that the actions of the respondents were in breach of Article 6(1) GDPR because the complainant's22 KB (3,523 words) - 13:45, 13 December 2023
- AEPD (Spain) - EXP202105923 (category Article 5(1)(d) GDPR)controller violated Article 5(1)(d) GDPR ("accuracy"), but a more natural conclusion would be to find a violation of Article 32(1)(d) GDPR ("adoption of adequate26 KB (3,846 words) - 12:42, 13 December 2023
- AEPD (Spain) - PS/00134/2019 (category Article 5(1)(a) GDPR)finepublic, as indicated in article 77.1. c) and 2. 4. 5. and 6. of the LOPDDGG: “ 1. Theregime established in this article will be applicable to the treatments26 KB (4,034 words) - 14:04, 13 December 2023
- AEPD (Spain) - EXP202100282 (category Article 6(1) GDPR)S.A.U. with NIF A-65559296, for the alleged violation of article 6.1. GDPR typified in article 83.5.a) of the aforementioned RGPD. C / Jorge Juan, 6 www27 KB (4,108 words) - 13:32, 13 December 2023
- AEPD (Spain) - PS/00247/2020 (category Article 7 GDPR)L. for the infringement of Article 13 GDPR (data privacy policy) and a warning penalty for the infringement of Article 7 GDPR regarding the collection of24 KB (3,893 words) - 14:22, 13 December 2023
- AEPD (Spain) - PS/00062/2020 (category Article 13 GDPR)breach Article 13 GDPR even if the contact form is not operational? The Spanish DPA (AEPD) held that the defendant, PSI, violated Article 13 GDPR by failing44 KB (7,162 words) - 13:53, 13 December 2023
- HDPA (Greece) - 55/2021 (category Article 37(1) GDPR)Ministry of Tourism violated Article 33 GDPR by failing to report the aforementioned data breach, and Article 37(1) GDPR by not appointing a DPO (at the65 KB (10,533 words) - 10:28, 27 January 2022
- AEPD (Spain) - PS/00114/2019 (category Article 6(1) GDPR)of articles 83.1 and 83.2 of the RGPD must be observed. In turn, pursuant to article 83. 2.k GDPR, the circumstances described in article 76 LOPDGDD may60 KB (10,197 words) - 14:01, 13 December 2023
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notification of the Commencement Agreement26 KB (4,147 words) - 13:27, 13 December 2023
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)violation of Article 21 RGPD, by not effectively attending to the exercise of the mentioned right. On the other hand, the LOPDGDD, in its Article 72.1.k), qualifies26 KB (4,032 words) - 14:31, 13 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)breach of Article 32 of the GDPR has occurred. B. On the failure to notify the data breach to the CNIL 32. Pursuant to Article 33 (1) of the GDPR, in the26 KB (4,050 words) - 17:10, 6 December 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)enshrined in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not270 KB (43,335 words) - 12:39, 13 December 2023
- AEPD (Spain) - EXP202105693 (category Article 6(1) GDPR)against the controller. Based on Article 72(1)(b) of the national data protection law, and Articles 83(1) and 83(2) GDPR, the DPA considered aggravating49 KB (7,579 words) - 13:15, 13 December 2023
- LG Essen - 6 O 190/21 (category Article 33 GDPR)itself, that the information and measures mentioned in Article 33(1)(b) to Article 33(1)(d) GDPR must also be communicated to the data subject. However28 KB (4,596 words) - 18:30, 18 November 2021
- AEPD (Spain) - PS/00112/2020 (category Article 13 GDPR)communications, as per Article 21(1) of the Spanish Law on Information Society Services (LSSI), as well as for the infringement of Article 13 of the GDPR. The decision29 KB (4,402 words) - 14:00, 13 December 2023
- AEPD (Spain) - PS/00379/2019 (category Article 6 GDPR)an alleged violation of article 6 of the GDPR typified as an infringement of basic principles for processing in article 83.5 GDPR. In determining the amount26 KB (4,235 words) - 14:33, 13 December 2023
- AEPD (Spain) - PS/00085/2021 (category Article 6(1)(a) GDPR)A80907397, for the alleged violation of article 6.1. GDPR typified in article 83.5.a) of the aforementioned RGPD. 1. APPOINT Mr. D.D.D. as instructor. and28 KB (4,350 words) - 13:57, 13 December 2023
- AEPD (Spain) - PS/00009/2020 (category Article 6(1) GDPR)Vodafone España, S.A.U. (the defendant) for the infringement of Article 6(1) of the GDPR, as the defendant agreed to an early voluntary payment of the corresponding27 KB (4,150 words) - 13:45, 13 December 2023
- AEPD (Spain) - PS/00484/2020 (category Article 6(1)(a) GDPR)messages. Is this a violation of Article 6(1)(a) GDPR? The AEPD held that this behaviour was a violation of Article 6(1)(a) GDPR and fined Vodafone €100,00027 KB (4,189 words) - 14:44, 13 December 2023
- CJEU - C-507/17 - Google LLC v CNIL (category Article 3(1) GDPR)safeguards of Directive 95/46 and Regulation 2016/679 (GDPR). The Court explained that the Directive and GDPR do not indicate that EU legislature has chosen to6 KB (747 words) - 13:42, 11 August 2022
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)the data is not obtained from the interested party (article 14). Article 13 of the GDPR states: "1. When personal data relating to him or her is obtained29 KB (4,482 words) - 14:06, 5 March 2024
- AEPD (Spain) - EXP202105644 (category Article 5(1)(f) GDPR)controller €80,000: €50,000 for the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. The original fine of €80,000 was reduced27 KB (4,121 words) - 15:06, 13 December 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)(definition) Article 5.1 : Principles of data processing Article 5.1.a : Principle of legality, objectivity and transparency Article 5.1.b : Principle9 KB (1,251 words) - 12:15, 8 May 2023
- AEPD (Spain) - PS/00200/2020 (category Article 6(1) GDPR)complaint - infringes Article 6(1) GDPR, by unlawfully processing the complainant's personal data, in relation to Article 5(1)(f) GDPR, which governs the30 KB (4,833 words) - 14:10, 13 December 2023
- AEPD (Spain) - PS/00430/2020 (category Article 6(1) GDPR)his/her consent. The DPA first outlined Article 6(1)(a) and (b) GDPR, Articles 4(11) GDPR on consent, as well as Article 6 of the Spanish Data Protection Law31 KB (4,738 words) - 14:39, 13 December 2023
- AEPD (Spain) - PS/00051/2020 (category Article 6(1)(a) GDPR)withdrawal of consent under Article 7(3) GDPR. The Authority also considers the existence of a deletion request under Article 17 GDPR. The AEPD concludes that31 KB (4,853 words) - 13:52, 13 December 2023
- AEPD (Spain) - PS/00070/2019 (category Article 5(1)(a) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- AEPD (Spain) - PS/00028/2022 (category Article 5(1)(f) GDPR)entity has violated article 6 of the GDPR, for carrying out a processing of personal data without legitimacy. II Article 6.1 of the GDPR establishes the assumptions58 KB (9,301 words) - 12:39, 13 December 2023
- AEPD (Spain) - PS/00201/2019 (category Article 4(1) GDPR)rules on administrative procedures'. II Articles 1 and 2.1 of the RGPD provide as follows: "Article 1. 1. This Regulation lays down the rules on the protection54 KB (9,019 words) - 14:10, 13 December 2023
- Norges Høyesterett - 2021-2403-A (category Article 5(1)(a) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- AEPD (Spain) - EXP202204631 (category Article 5(1)(f) GDPR)comes regulated in article 32 of the GDPR. II Article 5.1.f) of the GDPR Article 5.1.f) of the GDPR establishes the following: "Article 5 Principles relating36 KB (5,485 words) - 13:19, 13 December 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)Court found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw32 KB (5,236 words) - 16:00, 10 March 2022
- AEPD (Spain) - PS/00291/2019 (category Article 6(1)(a) GDPR)Sections 1.1 and 1.2 of the first stipulation and section 2.2 of the second stipulation of the aforementioned contract state "FIRST.- OBJECT: 1.1 The purpose33 KB (5,396 words) - 14:26, 13 December 2023
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)purpose limitation in accordance with Article 5 Paragraph 1 Letter b GDPR (Paal/Pauly/Paal, 3rd edition 2021, GDPR Article 15 Rn. 24). The plaintiff has a right32 KB (5,093 words) - 16:07, 11 September 2022
- AEPD (Spain) - EXP202205932 (category Article 6(1) GDPR)basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful32 KB (4,952 words) - 13:11, 13 December 2023
- AEPD (Spain) - EXP202102430 (category Article 32 GDPR)functions assigned to the control authorities in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es33 KB (4,835 words) - 13:26, 13 December 2023
- Rb. Gelderland - AWB - 18 3073 (category Article 6 GDPR)for the Judicial Institutions Department of the Ministry. Considerations 1.1 First of all, the court assesses whether the plaintiff is justifiably exempted10 KB (1,424 words) - 12:09, 9 May 2022
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing49 KB (7,800 words) - 09:22, 5 January 2024
- AEPD (Spain) - PS/00408/2019 (category Article 58(2) GDPR)Protection besanction BBB , with NIF *** NIF.1 , for a violation of Article 58.1 of the GDPR,typified in Article 83.5 of the RGPD, with a warning sanction12 KB (1,812 words) - 14:35, 13 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 5(1)(f) GDPR)provisions of Article 5.1 of the AVG, but concerns the entire AVG. 31. The aforementioned follows from the merger of Article 5.2 of the AVG and Article 24.1 of the35 KB (5,526 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00219/2019 (category Article 5(1)(d) GDPR)serious infringement in article 72.1.a) "The processing of personal data violating the principles and guarantees established in article 5 of the Regulation37 KB (5,785 words) - 14:11, 13 December 2023
- APDCAT (Catalonia) - PS 49/2019 (category Article 5(1)(a) GDPR)out by the school). Article 9 GDPR, for having processed biometric data without any valid ground from Article 9(2). Article 13 GDPR, for not having informed38 KB (5,760 words) - 08:26, 8 September 2021
- AEPD (Spain) - EXP202203914 (category Article 6(1) GDPR)correspond would be for the infringement of article 6.1 of the GDPR, typified in article 83.5 a) of the GDPR, the sanction that would correspond would be37 KB (5,914 words) - 10:42, 13 December 2023
- AEPD (Spain) - PS/00227/2019 (category Article 6(1)(a) GDPR)its article 72, it considers for the purposes of prescription, that they are: "Infractions considered very serious: 1. In accordance with Article 83(5)36 KB (5,821 words) - 14:20, 13 December 2023
- AEPD (Spain) - PS/00183/2022 (category Article 5(1)(d) GDPR)"Principles of Data Protection", article 4.1 of the LOPDGDD determines: "4. Data accuracy. 1. In accordance with article 5.1.d) of Regulation (EU) 2016/67963 KB (10,203 words) - 13:01, 13 December 2023
- AEPD (Spain) - PS/00093/2019 (category Article 5(1)(f) GDPR)PS/00093/2019 for "alleged non-compliance with the provisions of Article 5.1(f) of the RGPD and Article 72.1(a) of the LOPDGDD". The respondent states in its second37 KB (5,995 words) - 13:58, 13 December 2023
- AEPD (Spain) - EXP202100764 (category Article 5(1)(f) GDPR)party, respectively. III Article 5.1.f) of the GDPR Article 5.1.f) “Principles relating to processing” of the GDPR establishes: "1. The personal data will34 KB (5,184 words) - 13:22, 13 December 2023
- AEPD (Spain) - PS/00101/2020 (category Article 6 GDPR)of article 39 bis 2 of the LSSI so that withinONE MONTH from the notification of this resolution:2.1. COMPLIES with the provisions of article 21.1 of the13 KB (1,871 words) - 13:59, 13 December 2023
- AEPD (Spain) - PS/00326/2020 (category Article 37(1)(a) GDPR)obligation imposed on public authorities under Article 37(1) GDPR. This obligation is also within Article 34(1) and (3) of the Spanish data protection law14 KB (1,992 words) - 14:29, 13 December 2023
- AEPD (Spain) - EXP202202928 (category Article 17(1) GDPR)with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the GDPR; and in article 47 of the LOPDGDD. SECOND: In accordance14 KB (2,003 words) - 12:37, 13 December 2023
- AEPD (Spain) - TD/00293/2021 (category Article 4(1) GDPR)transactions are personal data under Article 4(1) GDPR and are as such subject to the right of access guaranteed by Article 15 GDPR. The DPA did not, however, explicitly13 KB (1,878 words) - 13:37, 13 December 2023
- AEPD (Spain) - PS/00329/2020 (category Article 37 GDPR)period ”. In this sense, article 77.1 c) and 2, 4 and 5 of the LOPGDD, indicates: 1. "The regime established in this article shall apply to the treatment13 KB (2,002 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)an infractionof article 6 of the RGPD, typified in article 83.5.a) and classified as very serious toprescription effects in article 72.1.b) of the LOPDGDD206 KB (32,869 words) - 14:36, 13 December 2023
- AEPD (Spain) - EXP202100897 (category Article 6(1) GDPR)basis for the processing (Article 21(1) GDPR). Finally, the DPA fined the controller €12,000 for a violation of Article 6(1) GDPR due to the lack of a valid72 KB (11,671 words) - 13:34, 13 December 2023
- AEPD (Spain) - PS/00425/2019 (category Article 5(1)(f) GDPR)of an infringement of Article 5 (1) (f) of the GDPR under (74345679) (f) of the GDPR, as set out in Article 83 (5) (a) of the GDPR. SECOND: To notify this14 KB (2,140 words) - 14:39, 13 December 2023
- AEPD (Spain) - PS/00436/2019 (category Article 58(1) GDPR)the AEPD's order to provide all necessary information as required in Article 58(1) GDPR. Following a complaint against the mobile network operator Xfera Móviles14 KB (2,123 words) - 14:40, 13 December 2023
- AEPD (Spain) - PS/00334/2020 (category Article 6(1) GDPR)legitimate basis a violation of GDPR? The Spanish DPA considered that the processing of personal data was in breach of Article 6(1) GDPR, as the worker had processed16 KB (2,328 words) - 14:30, 13 December 2023
- AEPD (Spain) - EXP202105669 (category Article 5(1)(f) GDPR)regulated in article 32 of the GDPR, which regulates the security of the treatment. IV. Article 5.1.f) of the GDPR Article 5.1.f) of the GDPR establishes45 KB (6,998 words) - 12:58, 13 December 2023
- AEPD (Spain) - PS/00076/2021 (category Article 6(1) GDPR)(LOPDGDD) in its article 72, under the heading "Infractions considered very serious ”provides: "1. Based on what is established in article 83.5 of the Regulation15 KB (2,292 words) - 13:56, 13 December 2023
- AEPD (Spain) - PS/00254/2019 (category Article 33(1) GDPR)infringement of Article 32.1 of the GDPR typified as a serious infringement in Article 73 f) of the LOPDGDD and in Article 83.4 of the GDPR. For its part39 KB (6,341 words) - 14:23, 13 December 2023
- AEPD (Spain) - EXP202203923 (category Article 12 GDPR)with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the GDPR; and in article 47 of the LOPDGDD. SECOND: In accordance14 KB (2,139 words) - 10:50, 13 December 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the AEPD602 KB (102,229 words) - 14:21, 13 December 2023
- APD/GBA (Belgium) - 72/2023 (category Article 15 GDPR)requirements of Article 15 of the GDPR. 23. Even assuming that the complaint should be interpreted as a request based on Article 15 of the GDPR (and to which21 KB (3,040 words) - 07:38, 21 June 2023
- AEPD (Spain) - PS/00143/2020 (category Article 5(1)(f) GDPR)breach of Article 5(1)(f) GDPR ("integrity and confidentiality"). Therefore, the Spanish DPA held that there was an infringement of the GDPR. It imposed17 KB (2,578 words) - 14:05, 13 December 2023
- AEPD (Spain) - PS/00048/2021 (category Article 5 GDPR)for the alleged violation of Article 6 of the RGPD, typified in Article 83.5 a) of the RGPD in relation to article 72.1 b) of the LOPDGDD. FIFTH: The17 KB (2,458 words) - 13:51, 13 December 2023
- APD/GBA (Belgium) - 72/2021 (category Article 6(1)(e) GDPR)basis of article 100.1, 5 ° LCA, for violation of Article 15.1 of the GDPR attached to Articles 12.3 and 13.1.c) and for violation of Article 6.1.e) of the57 KB (8,330 words) - 11:53, 30 June 2021
- AEPD (Spain) - TD/00164/2020 (category Article 12 GDPR)in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European17 KB (2,571 words) - 14:51, 13 December 2023
- CNIL (France) - SAN-2023-082 (category Article 5(2) GDPR)obligations in accordance with Article 26 of the GDPR. 1.3. Processing of personal data included in the scope of this methodology 1.3.1. Only processing of personal46 KB (7,106 words) - 17:06, 6 December 2023
- AEPD (Spain) - PS/00234/2020 (category Article 7 GDPR)AEPD concluded that the defendant could have breached Article 13 GDPR, Article 7 GDPR and Article 22(2) LSSI: there was no identification of the data controller47 KB (7,368 words) - 14:21, 13 December 2023
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)recorded such acts and uploaded the video to Instagram had infringed Article 6(1) GDPR, for processing personal data without a legitimate basis (namely without47 KB (7,616 words) - 14:35, 13 December 2023
- AEPD (Spain) - TD/00233/2020 (category Article 17 GDPR)the offense considered in article 72.1.m) of the LOPDGDD, which will be sanctioned, in accordance with art. 58.2 of the GDPR. SECOND: NOTIFY this resolution17 KB (2,670 words) - 14:46, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 2437/161/22 (category Article 33 GDPR)comply with Article 33 GDPR and Article 34 GDPR. Consequently, it issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. First, the21 KB (3,220 words) - 17:44, 27 April 2022
- VG Hannover - 10 A 1443/19 (category Article 6(1)(f) GDPR)to Union law insofar as it affects non-public bodies. Article 6(1)(e) GDPR and Article 6(3) GDPR only give the member states regulatory leeway to regulate66 KB (10,800 words) - 07:54, 19 July 2023
- VG Osnabrück - 1 B 72/21 (category Article 6(1)(c) GDPR)meaning of Article 6 Paragraph 3 in conjunction with Paragraph 1 Letter c) or Letter e) GDPR, whereby according to Article 85 Paragraph 1, 2 GDPR the protection34 KB (5,527 words) - 13:49, 12 April 2022
- OLG Dresden - 4 U 1905/21 (category Article 15(1) GDPR)on April 1, 2017 in the amount of €39.96, 14 Tariff B... increase on April 1, 2020 in the amount of €74.26, 15Tarif T... increase on April 1, 2017 in the40 KB (6,325 words) - 16:12, 18 May 2022
- AEPD (Spain) - PS/00090/2020 (category Article 57(1) GDPR)typified in Article 83.5.e) of the RGPD, which considers such as: 'failure to provide access in breach of Article 58(1)'. The same Article states that16 KB (2,462 words) - 13:58, 13 December 2023
- AEPD (Spain) - EXP202309109 (category Article 5(1)(c) GDPR)virtue of article 4.7 of the GDPR. For its part, article 5.1.c) of the GDPR regulates the “principles relating to processing” establishing that: “1. Personal18 KB (2,733 words) - 13:18, 13 December 2023
- AEPD (Spain) - PS/00174/2019 (category Article 5(1)(f) GDPR)organisation contravene Article 5(1)(f) GDPR? The AEPD found that the disclosure of her personal data to the 400 members violated Article 5(1)(f) GDPR. The AEPD stressed18 KB (2,714 words) - 14:07, 13 December 2023
- AEPD (Spain) - PS/00036/2020 (category Article 13 GDPR)based comply with Article 13 of the GDPR? The Spanish DPA found that the facts constituted an infringement for violation of Article 13 of the RGPD, and16 KB (2,587 words) - 13:50, 13 December 2023
- AEPD (Spain) - PS/00024/2019 (category Article 5(1)(f) GDPR)the principle of confidentiality, namely Article 5(1)(f) GDPR, and thus, it did not comply with Article 5(2) GDPR referred as the principle of "proactive53 KB (8,593 words) - 13:47, 13 December 2023
- AEPD (Spain) - PS/00351/2019 (category Article 58(2)(c) GDPR)supervisory authority pursuant to Article 58(2) or failing to provide access in violation of Article 58(1).” Article 72.1 (m) of Organic Law 3/2018 on the17 KB (2,739 words) - 14:31, 13 December 2023
- AEPD (Spain) - PS/00257/2020 (category Article 37 GDPR)specified time". In this sense, Article 77.1 c) and 2, 4 and 5 of the LOPGDD, indicates: 1. The regime established in this article shall apply to the processing18 KB (2,737 words) - 14:23, 13 December 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)Justification 3.1.1. Regarding the purpose limitation findings (Article 5.1 b) GDPR) and the lawfulness of processing (Article 6.1 GDPR) 12. In its report82 KB (13,250 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00132/2022 (category Article 6(1) GDPR)affirmative act, may constitute an infringement of Article 6(1) of infringement of Article 6.1 of the GDPR. Article 72.1.b) of the LOPDGDD, for its part, considers52 KB (8,416 words) - 12:59, 13 December 2023
- AEPD (Spain) - TD/00085/2020 (category Article 12 GDPR)the Spanish Agency of Data Protection, as laid down in Article 56(2) in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of the European Parliament17 KB (2,654 words) - 14:50, 13 December 2023
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter GDPR), and C/49 KB (7,973 words) - 13:25, 13 December 2023
- AEPD (Spain) - PS/00268/2020 (category Article 13 GDPR)infringement, attributable to the claimed, for violation of article 13 of the RGPD. For its part, article 72.1.h) of the LOPDGDD, considers very serious, for the17 KB (2,700 words) - 14:23, 13 December 2023
- AEPD (Spain) - TD/00133/2020 (category Article 12 GDPR)has been received. Does the GDPR allow the data controller to ignore a request for erasure? The AEPD found that Article 12 GDPR does not allow the data controller18 KB (2,721 words) - 14:51, 13 December 2023
- AEPD (Spain) - PS/00388/2020 (category Article 7 GDPR)constitutive of an infringement for violation of article 7 of the RGPD mentioned. For its part, article 72.1.c) of the LOPDGDD, considers very serious, for52 KB (8,471 words) - 14:33, 13 December 2023
- LG Deggendorf - 33 O 461/22 (category Article 82 GDPR)O 177/22; LG Regensburg, judgment of May 1, 2023 - 72 O 731/22) .Section. 61According to Article 5(1)(a) GDPR, personal data must be processed lawfully66 KB (11,183 words) - 09:28, 12 July 2023
- AEPD (Spain) - TD/00182/2019 (category Article 15 GDPR)of the infringement considered in article 72.1.m) of the LOPDGDD, which will be sanctioned, in accordance with article 58.2 of the RGPD. SECOND: TO NOTIFY18 KB (2,922 words) - 14:51, 13 December 2023
- AEPD (Spain) - EXP202101314 (category Article 15 GDPR)commission of the offense considered in article 72.1.m) of the LOPDGDD, which will be sanctioned, in accordance with article 58.2 of the RGPD. SECOND: NOTIFY18 KB (2,693 words) - 13:31, 13 December 2023
- EWHC (UK)- QB- Soriano v Forensic News LLC (category Article 3(1) GDPR)conferred by article 79(2) of the GDPR. This is the relevant provision for the purposes of para 3.1(20) of CPR Practice Direction 3B. Article 79(2) provides:108 KB (18,178 words) - 11:57, 29 November 2021
- established in articles 15 to 22 of the GDPR, regulated in article 64.1 of the LOPDGDD, according to which: "1. When the procedure refers exclusively to18 KB (2,786 words) - 12:38, 13 December 2023
- AEPD (Spain) - PS/00320/2020 (category Article 6(1) GDPR)described violates article 6.1. of the RGPD and is subsumable in the sanctioning type of the article 83.5.a, of the RGPD. IV Article 72.1.b) of the LOPDGDD18 KB (2,736 words) - 14:28, 13 December 2023
- CNIL (France) - SAN-2020-012 (category Article 26(1) GDPR)in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection Act, provides: 1. Each supervisory93 KB (14,936 words) - 17:09, 6 December 2023
- AEPD (Spain) - PS/00155/2021 (category Article 58(1) GDPR)sanction Vodafone in accordance with Article 83(5)(e) GDPR, for the non-compliance with an order pursuant to Article 58(1) GDPR. For this infringement, the AEPD20 KB (2,992 words) - 13:30, 13 December 2023
- AEPD (Spain) - TD/00325/2019 (category Article 57(1)(f) GDPR)of the infringement considered in article 72.1.m) of the LOPDGDD, which will be sanctioned, in accordance with article 58.2 of the RGPD. SECOND: TO NOTIFY17 KB (2,691 words) - 14:52, 13 December 2023
- AEPD (Spain) - PS/00439/2019 (category Article 5(1)(c) GDPR)the violation considered in article 72.1.m) of the LOPDGDD, which will be sanctioned, of according to art. 58.2 of the GDPR.21 KB (2,946 words) - 14:40, 13 December 2023
- AEPD (Spain) - PS/00405/2020 (category Article 6(1)(a) GDPR)complained party, by the alleged infringement of article 6.1.a) of the RGPD, typified in article 83.5 of the GDPR. EIGHTH: The agreement to initiate this sanctioning20 KB (3,047 words) - 14:35, 13 December 2023
- AEPD (Spain) - TD/00013/2021 (category Article 12(6) GDPR)the offense considered in article 72.1.m) of the LOPDGDD, which will be sanctioned, in accordance with art. 58.2 of the GDPR. SECOND: NOTIFY this resolution19 KB (3,027 words) - 14:48, 13 December 2023
- AEPD (Spain) - TD/00109/2020 (category Article 15 GDPR)the Spanish Agency of Data Protection, as laid down in Article 56(2) in in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of European Parliament19 KB (3,100 words) - 14:50, 13 December 2023
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)to in Article 5(1) LRN, under which the controller did not fall in. Therefore, the controller breached Article 5(1)(a) GDPR and Article 6(1) GDPR, in conjunction113 KB (17,325 words) - 08:50, 19 March 2024
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)infringement of article 6.1 of the GDPR, infringement typified in article 83.5 of the aforementioned Regulation 2016/679. II breached obligation Article 6.1 of the45 KB (7,135 words) - 13:08, 13 December 2023
- AEPD (Spain) - PS/00102/2021 (category Article 6(1) GDPR)(LOPDGDD) in its article 72, under the heading "Infractions considered very serious ”provides: "1. Based on what is established in article 83.5 of the Regulation21 KB (3,099 words) - 13:59, 13 December 2023
- AEPD (Spain) - EXP202202889 (category Article 12 GDPR)with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the GDPR; and in article 47 of the LOPDGDD. SECOND: In accordance20 KB (3,077 words) - 10:46, 13 December 2023
- AEPD (Spain) - TD/00251/2021 (category Article 15 GDPR)in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European20 KB (3,142 words) - 13:31, 13 December 2023
- AEPD (Spain) - PS/00365/2019 (category Article 58(1)(e) GDPR)violation of article 6.1. RGPD, typified in article 83.5.a), and article 31, in relation to article 58.1.e), both of the RGPD, typified in article 83.5.e) of86 KB (14,295 words) - 14:32, 13 December 2023
- AEPD (Spain) - PS/00139/2020 (category Article 5(1)(a) GDPR)of Article 5(1)(d) of the GPRS, in relation to Article 4(1) of the LOPDGDD, which governs the principle of accuracy of personal data. IV Article 72.1.a)20 KB (3,086 words) - 14:04, 13 December 2023
- AEPD (Spain) - PS/00069/2020 (category Article 6(1)(a) GDPR)infringement of Article 6.1 a) of the RGPD, typified in Article 83.5 of the RGPD, and a fine of EUR 60 000 is proposed. PROVEN FACTS 1.- The facts set20 KB (3,066 words) - 13:55, 13 December 2023
- AEPD (Spain) - PS/00023/2020 (category Article 5(1)(c) GDPR)with NIF ***NIF.1 (hereinafter the claimant), for the installation of a video surveillance in ***ADDRESS.1, ***APPARTMENTS.1 - ***LOCALITY.1 (SANTACRUZ OF21 KB (3,298 words) - 13:46, 13 December 2023
- AEPD (Spain) - PS/00436/2021 (category Article 13(1) GDPR)PUB ***PUB.1 located on CALLE ***ADDRESS.1, when there are two video surveillance cameras installed in it. Article 13 of the RGPD, sections 1 and 2, establishes20 KB (3,085 words) - 12:24, 13 December 2023
- AEPD (Spain) - PS/00262/2020 (category Article 6(1) GDPR)offense for violation of the Article 6.1 of the RGPD. Article 6, Legality of treatment, of the RGPD establishes that: "1. The treatment will only be lawful22 KB (3,293 words) - 14:23, 13 December 2023
- AEPD (Spain) - PS/00123/2020 (category Article 5(1)(f) GDPR)entities, as indicated in article 77.1. c) and 2. 3. 4. 5. and 6. of the LOPDDGG: “1. The regime established in this article will apply to the treatments21 KB (3,254 words) - 14:02, 13 December 2023
- AEPD (Spain) - PS/00102/2020 (category Article 5(1)(f) GDPR)for the infringement of the confidentiality principle specified at Article 5(1)(f) GDPR, as the defendant agreed to an early and guilty voluntary payment21 KB (3,082 words) - 13:59, 13 December 2023
- AEPD (Spain) - EXP202201987 (category Article 15 GDPR)the infraction considered in article 72.1.m) of the LOPDGDD, which will be sanctioned, in accordance with art. 58.2 of the GDPR. SECOND: NOTIFY this resolution21 KB (3,290 words) - 10:50, 13 December 2023
- AEPD (Spain) - PS/00239/2022 (category Article 56(1) GDPR)violation of Article 15 of the GDPR, typified in Article 83.5 of the GDPR, as well as for the alleged infringement of Article 17 of the GDPR, typified in60 KB (9,630 words) - 12:34, 13 December 2023
- AEPD (Spain) - EXP202204881 (category Article 6(1) GDPR)in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter GDPR), and C/55 KB (9,017 words) - 10:46, 13 December 2023
- NAIH (Hungary) - NAIH/2020/2729/15 (category Article 5(1)(b) GDPR)the existence or absence of a decision in accordance with Article 46, Article 47 or Article 49 (1). in the case of the transmission referred to in the second58 KB (9,071 words) - 10:12, 17 November 2023
- AEPD (Spain) - PS/00214/2022 (category Article 6(1) GDPR)legal bases of contract (Article 6(1)(b) GDPR), legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR) and determined that131 KB (20,916 words) - 12:38, 13 December 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)rely on Article 6(1)(b) GDPR in the context of its offering of the Instagram Terms of Use, and to include an infringement of Article 6(1) GDPR” (Para 137)468 KB (51,340 words) - 14:10, 30 January 2023
- Datatilsynet (Norway) - 21/03126 (category Article 33(1) GDPR)deadline set out in Article 33(1) GDPR. 6. Datatilsynet’s Assessment 6.1. Findings of an Infringement of Article 33(1) GDPR 6.1.1. Introduction As noted133 KB (19,309 words) - 05:16, 24 March 2023
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)accordance with Article 56 paragraph 1 of the Regulation. 23. Applying the cooperation and consistency mechanism provided for in Chapter VII of the GDPR, the CNIL56 KB (9,069 words) - 17:02, 6 December 2023
- VG Regensburg - RN 9 K 19.1061 (category Article 77(1) GDPR)under Article 77(1) GDPR and subsequently the right of judicial remedy against the supervisory authority under Article 78(1) GDPR. Article 79 (1) GDPR provides94 KB (15,537 words) - 09:09, 25 August 2020
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)with the principle of fair and transparent processing contained in Article 5(1)(a) GDPR? Is the information relating to personal data processing operations48 KB (7,404 words) - 17:09, 6 December 2023
- DPC (Ireland) - Meta Platforms Ireland Limited (Facebook) - IN-18-5-5 (category Article 4 GDPR)6(1)(b) GDPR, Articles 5(1)(a), 12(1) and 13(1)(c) have been infringed.” Issue 4 (Additional Issue) – Whether Facebook Infringed the Article 5(1)(a) GDPR21 KB (3,005 words) - 14:16, 1 February 2023
- AEPD (Spain) - EXP202104873 (category Article 5(1)(f) GDPR)for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned24 KB (3,512 words) - 10:43, 13 December 2023
- AEPD (Spain) - TD/00129/2020 (category Article 4(1) GDPR)recording is "processing" of "personal data" within the meaning of Article 4(1) and 4(2) GDPR. Therefore, the data subject has the right to request access to22 KB (3,422 words) - 14:50, 13 December 2023
- AEPD (Spain) - PS/00475/2019 (category Article 17 GDPR)infringement of the right to objection specified at Article 21 GDPR in connection with Article 48(1)(b) of the Spanish Telecommunications General Law, as23 KB (3,481 words) - 14:42, 13 December 2023
- AEPD (Spain) - PS/00092/2020 (category Article 13 GDPR)reprimand to the company for not complying with Article 13 GDPR, since it failed to even mention the GDPR in its Privacy Policy. Share your comments here22 KB (3,514 words) - 13:58, 13 December 2023
- AEPD (Spain) - PS/00168/2020 (category Article 6(1) GDPR)violation of Article 6(1) GDPR? AEPD considered that the documentation provided offers evidence that Vodafone violated Article 6(1) of the GDPR, by processing22 KB (3,568 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00014/2020 (category Article 6(1) GDPR)violation of article 6 of the RGPD, indicated in reason II. IV Article 72.1.b) of the LOPDGDD states that “ Based on what is established in article 83.5 of21 KB (3,441 words) - 13:46, 13 December 2023
- AEPD (Spain) - PS/00173/2020 (category Article 5(1)(d) GDPR)amount ”.The LOPDGDD in its article 72 indicates: “Violations considered very serious:1. In accordance with the provisions of article 83.5 of the Regulation22 KB (3,424 words) - 14:06, 13 December 2023
- AEPD (Spain) - TD/00044/2021 (category Article 17 GDPR)the offense considered in article 72.1.m) of the LOPDGDD, which will be sanctioned, in accordance with art. 58.2 of the GDPR. C / Jorge Juan, 6 www.aepd22 KB (3,465 words) - 13:30, 13 December 2023
- AEPD (Spain) - TD/00054/2020 (category Article 12 GDPR)commission of the offence referred to in Article 72.1.m) of the LOPDGDD, which will be sanctioned in accordance with Article 58.2 of the RGPD. SECOND: TO NOTIFY22 KB (3,500 words) - 14:50, 13 December 2023
- HDPA (Greece) - 39/2020 (category Article 4(7) GDPR)show_context_help(h) { newWindow = window.open(h,"Help", "menubar=1,toolbar=1,scrollbars=1,resizable=1,width=700, height=500"); } </SCRIPT><NOSCRIPT></NOSCRIPT><STYLE56 KB (7,755 words) - 15:39, 6 December 2023
- AEPD (Spain) - TD/00263/2020 (category Article 13 GDPR)the offense considered in article 72.1.m) of the LOPDGDD, which will be sanctioned, in accordance with art. 58.2 of the GDPR. SECOND: NOTIFY this resolution22 KB (3,544 words) - 14:48, 13 December 2023
- AEPD (Spain) - EXP202104896 (category Article 9(2) GDPR)infringement of article 6.1 of the GDPR, in accordance with article 83.5.a) of the GDPR, and for the purposes of prescription in article 72.1.b) of the LOPDGDD103 KB (17,238 words) - 13:27, 3 April 2023
- Persónuvernd (Island) - 2021051199 (category Article 6(1)(e) GDPR)sheriff was held to have not breached the GDPR. The processing of the case file was lawful under Article 6(1)(e) GDPR as it was necessary for the exercise of30 KB (4,766 words) - 15:03, 29 September 2023
- AEPD (Spain) - PS/00060/2020 (category Article 58(1)(a) GDPR)in its article 72.1 m), under the heading "Infringements considered to be very serious," he says: "1. In accordance with the provisions of Article 83(5)23 KB (3,695 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00278/2019 (category Article 6(1)(a) GDPR)lack of valid consent under Article 6(1)(a) GDPR. Thus, it imposed VODAFONE a fine of EUR 75,000 under Article 83(5) GDPR, being indecisive whether there23 KB (3,672 words) - 14:25, 13 December 2023
- AEPD (Spain) - PS/00322/2020 (category Article 5(1)(f) GDPR)data integrity, security and confidentiality under Article 5(1)(f) GDPR. For the violation of Article 32, the AEPD issued the law firm with a reprimand26 KB (3,840 words) - 14:28, 13 December 2023
- AEPD (Spain) - PS/00340/2019 (category Article 6(1)(e) GDPR)as a data subject under Article 21(1) GDPR had been violated by the PAR. Did Mrs AAA have a right to object under Article 21 GDPR? Had the PAR infringed23 KB (3,554 words) - 14:31, 13 December 2023
- AEPD (Spain) - EXP202204530 (category Article 6(1) GDPR)regulated in article 6 of the GDPR. The assumptions that allow the processing of personal data to be considered lawful listed in article 6.1 of the GDPR: 1. Treatment26 KB (3,971 words) - 13:26, 13 December 2023
- AEPD (Spain) - EXP202206542 (category Article 5(1) GDPR)B., with NIF ***NIF.1, in accordance with article 58.2.d) of the GDPR, for a violation of article 13 of the GDPR typified in article 83.5.b) of the aforementioned24 KB (3,749 words) - 13:19, 13 December 2023
- AEPD (Spain) - PS/00446/2021 (category Article 5(1)(c) GDPR)constitute of a breach of Article 5(1)(c) GDPR. Second, the AEPD recalled that, compliant with Article 13(1) and (2) GDPR, and Article 22(4) of the Law on the24 KB (3,717 words) - 13:04, 13 December 2023
- AEPD (Spain) - PS/00324/2020 (category Article 5(1)(f) GDPR)alleged infringement of Article 5(1)(f) GDPR. Does the action of the defendant constitute a violation of Article 5(1)(f) GDPR? Considering the evidence25 KB (3,670 words) - 14:28, 13 December 2023
- AEPD (Spain) - PS/00308/2020 (category Article 5(1)(a) GDPR)party, breach Article 6(1) GDPR? The Spanish DPA (AEPD) referred to the principle of lawfulness, fairness and transparency (Article 5(1)(a)), as well as25 KB (4,016 words) - 14:27, 13 December 2023
- AEPD (Spain) - EXP202204492 (category Article 6(1) GDPR)provisions of article 58.2.i) of the GDPR, for the alleged infringement of article 6.1 of the GDPR, typified in article 83.5.b) of the GDPR. SECOND: APPOINT26 KB (3,867 words) - 10:44, 13 December 2023
- AEPD (Spain) - PS/00028/2021 (category Article 5(1)(c) GDPR)obtain such recordings through the camera, with grounds on Article 6(1)(e) GDPR and Article 22 of the Spanish Data Protection Act (LOPDGDD), that allows25 KB (3,876 words) - 13:48, 13 December 2023
- AEPD (Spain) - PS/00132/2020 (category Article 6(1) GDPR)supply data, without the consent of the data subject, a breach of Article 6 (1) GDPR? The Spanish DPA held that the processing of data relating to electricity24 KB (3,939 words) - 14:03, 13 December 2023
- AEPD (Spain) - PS/00405/2019 (category Article 6(1) GDPR)significant (Article 83(2)(b) GDPR). - basic personal identifiers were affected (name, identification number, the line identifier) (Article 83(2)(g) GDPR). The24 KB (3,887 words) - 14:34, 13 December 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 15(1) GDPR)subjects to Under the conditions set out in Article 15 (1) and (3) of the GDPR, thereby infringing the GDPR Article 25 (1). III.3.2. Designed to handle requests60 KB (9,820 words) - 10:08, 17 November 2023
- AEPD (Spain) - PS/00356/2020 (category Article 6(1) GDPR)(LOPDGDD) in its article 72, under the heading "Infractions considered very serious ”provides: "1. In accordance with the provisions of article 83.5 of the26 KB (3,848 words) - 14:31, 13 December 2023
- AEPD (Spain) - PS/00043/2020 (category Article 13 GDPR)statute of limitations for the offense, article 72.1 of the LOPDGDD establishes: "Based on what is established in article 83.5 of Regulation (EU) 2016/679, considered24 KB (3,838 words) - 13:51, 13 December 2023
- AEPD (Spain) - PS/00188/2020 (category Article 5(1)(f) GDPR)violation of Article 5 (1) (f) GDPR? The Spanish DPA held that were clear indications that the defendant infringed Article 5 (1) (f) GDPR, principles relating24 KB (3,907 words) - 14:08, 13 December 2023
- AEPD (Spain) - PS/00198/2020 (category Article 6(1) GDPR)(the defendant) for the infringement of Article 6(1) of the GDPR, as the defendant agreed to an early and guilty voluntary payment of the corresponding24 KB (3,769 words) - 14:10, 13 December 2023
- AEPD (Spain) - EXP202102088 (category Article 13 GDPR)turn, article 72. 1 h) of the LOPDGDD, under the heading "Infringements considered very serious provides: “1 Based on the provisions of article 83.5 of26 KB (3,881 words) - 13:35, 13 December 2023
- AEPD (Spain) - PS/00235/2020 (category Article 6(1) GDPR)Telefónica Móviles España, S.A.U. with a fine of €75,000 for violating Article 6(1) GDPR. The complainant had five telephone lines contracted with Telefónica24 KB (3,766 words) - 14:21, 13 December 2023
- UODO (Poland) - DKN.5101.25.2020 (category Article 5(1)(f) GDPR)with Art. 5 sec. 1 lit. f, art. 24 sec. 1, art. 25 sec. 1, art. 32 sec. 1 lit. d, art. 32 sec. 2, art. 33 paragraph. 1 and art. 34 sec. 1 of the Regulation63 KB (10,088 words) - 09:52, 17 November 2023
- AEPD (Spain) - PS/00433/2020 (category Article 58(2)(c) GDPR)(LOPDGDD) in its article 72.1 m), under the heading “ Infractionsconsidered very serious ” provides:"one. Based on what is established in article 83.5 of the23 KB (3,592 words) - 14:40, 13 December 2023
- UODO (Poland) - DKN.5131.43.2022 (category Article 5(2) GDPR)the controller was in breach of Article 33(1) GDPR, Article 33(3) GDPR, Articles 34(1) and 34(2) GDPR, and Article 5(2) GDPR, Firstly, the Polish DPA held57 KB (9,261 words) - 08:13, 25 October 2023
- before the GDPR came into effect. Therefore, GDPR should not had applied. The Spanish National High Court (AN) analysed Recital 171 GDPR and noted that19 KB (3,026 words) - 09:52, 10 September 2021
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)provided in article 5.1.f) and 32.1 of the GDPR (LCEur 2016, 605). It should be noted that the GDPR, without prejudice to the provisions of its article 83, contemplates195 KB (30,495 words) - 12:40, 13 December 2023
- AEPD (Spain) - PS/00369/2019 (category Article 5(1)(c) GDPR)inform the affected parties as provided for in Article 12 GDPR and Article 13 GDPR. According to Article 30(1) GDPR a record must be kept by the responsible28 KB (4,371 words) - 14:33, 13 December 2023
- Datatilsynet (Denmark) - 2019-441-3399 (category Article 34(1) GDPR)in accordance with Article 32 (2) of the Regulation. 2nd 3.3. Article 33 (1) of the Data Protection Regulation 1 and Article 34 (1). 1 The Data Inspectorate27 KB (4,231 words) - 16:38, 6 December 2023
- DSB (Austria) - 2020-0.550.322 (category Article 5(1)(a) GDPR)other legal basis for processing under Article 6 GDPR, the controller had violated Article 5(1)(a) and Article 6(1) GDPR. Taking into account the low income26 KB (4,098 words) - 13:51, 12 May 2023
- AEPD (Spain) - PS/00006/2019 (category Article 6(1)(a) GDPR)policy, contravene Articles 13(1), 6(1)(a) and 8 GDPR? The AEPD found that GRUP BC S.L violated Article 13(1), 6(1)(a) and 8 GDPR. Share your comments here27 KB (4,517 words) - 13:44, 13 December 2023
- AEPD (Spain) - E/08210/2021 (category Article 56(1) GDPR)authority. Under Article 60 GDPR, the following DPAs were identified as “concerned supervisory authorities” under Article 4(22) GDPR: the Netherlands,29 KB (4,457 words) - 10:34, 13 December 2023
- AEPD (Spain) - PS/00151/2020 (category Article 5(1)(c) GDPR)of the duty of information as per article 13 GDPR. The DPA imposed thus a fine of €1000 for violating Article 13 GDPR. Share your comments here! Share blogs28 KB (4,525 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00280/2022 (category Article 5(1)(f) GDPR)compliance with the provisions of section 1 and able to demonstrate it (“proactive responsibility”).” Article 72.1 a) of the LOPDGDD states that “according30 KB (4,551 words) - 11:51, 9 February 2023
- AEPD (Spain) - PS/00232/2020 (category Article 6(1) GDPR)(LOPDGDD) in its article 72, under the heading "Infractions considered very serious ”provides: "1. In accordance with the provisions of article 83.5 of the29 KB (4,386 words) - 14:20, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 18/FR/2022 (category Article 5(1)(b) GDPR)processing was therefore in breach of Article 5(1)(a) and Article 6(1)(c) of the GDPR. The DPA also ruled out Article 6(1)(f) on the grounds of domestic law:76 KB (11,147 words) - 16:58, 6 December 2023
- AEPD (Spain) - PS/00303/2020 (category Article 6(1) GDPR)commerce (hereinafter LSSI), as provided in article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, on Administrative Procedure Common of Public29 KB (4,480 words) - 14:27, 13 December 2023
- AEPD (Spain) - PS/00135/2021 (category Article 6(1) GDPR)violated Article 6(1)GDPR, for processing personal data without a legal basis. Hence, the AEPD decided to fine Telefónica for the violation of Article 6(1)GDPR30 KB (4,631 words) - 13:00, 13 December 2023
- CNIL (France) - SAN-2020-015 (category Article 32(1) GDPR)private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA29 KB (4,374 words) - 16:03, 19 January 2024
- AEPD (Spain) - PS/00141/2020 (category Article 6(1)(a) GDPR)Judiciales (JAVA). JAVA infringed Article 6(1)(a) GDPR by publishing illegal recordings on its website and also infringed Article 22(2) LSSI due to its cookie26 KB (4,150 words) - 14:05, 13 December 2023
- AEPD (Spain) - PS/00058/2020 (category Article 5(1)(f) GDPR)plaintiff’s personal data on a member’s bulletin board, in violation of Article 5(1)(f) GDPR. The Spanish DPA received a complaint in November 2019 against Caja28 KB (4,619 words) - 13:53, 13 December 2023
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)contrary to the plaintiff's view - does not follow from Art. 82 (1) GDPR. Art. 82 (1) GDPR would probably be directly applicable in national law. The defendant28 KB (4,527 words) - 15:58, 26 April 2022
- AEPD (Spain) - PS/00068/2020 (category Article 6(1) GDPR)have breached the lawfulness of processing principle as per article 6(1) GDPR, as well as article 20 of the Spanish Law on Personal Data Protection and Guarantee27 KB (4,106 words) - 13:55, 13 December 2023
- AEPD (Spain) - PS/00205/2021 (category Article 6(1) GDPR)constitutes personal data according with Article 4(1) GDPR therefore its processing falls within the scope of GDPR. The DPA also analysed whether the controller28 KB (4,527 words) - 12:35, 13 December 2023
- AEPD (Spain) - EXP202206302 (category Article 6 GDPR)functions assigned to the control authorities in article 57.1 and the powers granted in the article 58.1 of Regulation (EU) 2016/679 (General Data Protection28 KB (4,608 words) - 13:27, 13 December 2023
- AEPD (Spain) - EXP202104917 (category Article 4(11) GDPR)valid consent under Article 4(11) GDPR and Article 6(1) LOPDGDD (National data protection law aimed at the implementation of the GDPR). In both articles27 KB (4,356 words) - 12:41, 13 December 2023
- AEPD (Spain) - PS/00008/2020 (category Article 6(1) GDPR)commerce (hereinafter LSSI), as provided in the article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, of the Administrative Procedure Common of27 KB (4,408 words) - 13:45, 13 December 2023
- LG Feldkirch - 57 Cg 30/19b - 15 (category Article 9(1) GDPR)and GDPR? Is a prediction of a political affiliation a "special category of data" under Article 9(1) GDPR? How much are the damages under Article 82 GDPR69 KB (11,077 words) - 16:48, 7 March 2022
- AN - 578/2021 (category Article 5(1)(d) GDPR)the following corrective powers listed below: 1. impose an administrative fine in accordance with article 83, in addition to or instead of the aforementioned26 KB (4,277 words) - 09:18, 26 July 2021
- DPC - In the matter of Twitter International Company (IN-19-1-1) (category Article 33(1) GDPR)had complied with its obligations under Article 33(1) but as well with Article 33(5). In relation to Article 33(1), the DPC view was that, on the basis of10 KB (1,404 words) - 07:47, 19 October 2021
- AEPD (Spain) - PS/00117/2022 (category Article 57(1) GDPR)functions assigned to the control authorities in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es30 KB (4,623 words) - 12:58, 13 December 2023
- AEPD (Spain) - EXP202104006 (category Article 5(1)(f) GDPR)party, respectively. III Article 5.1.f) of the GDPR Article 5.1.f) “Principles relating to processing” of the GDPR establishes: "1. The personal data will31 KB (4,578 words) - 12:11, 6 March 2024
- AEPD (Spain) - EXP202100639 (category Article 5(1)(c) GDPR)minimisation principle under Article 5(1)(c) GDPR, and €500 for a violation of the information requirements under Article 13 GDPR). Additionally, the AEPD32 KB (4,945 words) - 13:25, 13 December 2023
- AEPD (Spain) - EXP202206825 (category Article 6(1) GDPR)regulated in article 6 of the GDPR. The assumptions that allow the processing of personal data to be considered lawful listed in article 6.1 of the GDPR: 1. Treatment31 KB (4,864 words) - 13:27, 13 December 2023
- AEPD (Spain) - PS/00341/2020 (category Article 6(1) GDPR)principles are found under Article 5(1)(a) and Article 5(2) GDPR respectively]. The Spanish DPA even made reference to Recital 40 GDPR on the legality of processing32 KB (4,831 words) - 14:31, 13 December 2023
- AEPD (Spain) - PS/00287/2020 (category Article 5(1)(f) GDPR)established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there was32 KB (4,837 words) - 14:26, 13 December 2023
- AEPD (Spain) - PS/00483/2020 (category Article 5(1)(f) GDPR)established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there was32 KB (4,834 words) - 14:43, 13 December 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 5(1)(e) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- Datatilsynet (Denmark) - 2021-441-9356 (category Article 32(1) GDPR)Ordinance [1] Article 32 (1). 1. The Danish Data Protection Agency also finds that Coop Danmark A / S has acted in accordance with Article 33 (1) of the Data14 KB (2,142 words) - 12:58, 14 June 2022
- AEPD (Spain) - PS/00317/2020 (category Article 13 GDPR)commerce (hereinafter LSSI), as provided in article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, on Administrative Procedure Common of Public31 KB (4,862 words) - 14:28, 13 December 2023
- Datatilsynet (Denmark) - 2021-442-14071 (category Article 32(1) GDPR)with the rules in the data protection regulation[1] article 32, subsection 1 and Article 33, subsection 1. Below follows a closer review of the case and17 KB (2,465 words) - 14:29, 27 July 2022
- Persónuvernd (Iceland) - 2022081293 (category Article 4 GDPR)section 6. Paragraph 1 Article 8 and Article 27 Act no. 90/2018, cf. point f, paragraph 1 Article 5 and paragraph 2 Article 32 of regulation (EU) 2016/67916 KB (2,478 words) - 09:18, 12 April 2023
- AEPD (Spain) - PS/00080/2022 (category Article 5(1)(f) GDPR)under Article 5(1)(f) GDPR. Furthermore, the controller was responsible for implementing appropriate security measures according to Article 32(1)(b) GDPR47 KB (7,265 words) - 10:05, 21 July 2022
- AEPD (Spain) - PS/00477/2019 (category Article 6 GDPR)purposes of prescription in article 72.1.b) and c) of the LOPDGDD. In accordance with the provisions of articles 72.1 and 74.1 of the LOPDGDD, the Infractions566 KB (93,179 words) - 13:43, 13 December 2023
- Datatilsynet (Denmark) - 2021-442-12924 (category Article 32(1) GDPR)security, cf. Article 4, no. 12 of the Data Protection Regulation. 3.1. Article 32 of the Data Protection Regulation It follows from Article 32 (1) of the Data29 KB (4,593 words) - 07:34, 11 April 2022
- UODO (Poland) - DKN.5131.11.2020 (category Article 33(1) GDPR)violated Article 33(1), Article 34(1) GDPR by failing to notify the DPA of a personal data protection breach without undue delay, no later than within 72 hours51 KB (8,179 words) - 12:07, 11 August 2021
- AEPD (Spain) - PS/00375/2022 (category Article 5(1)(b) GDPR)in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter GDPR), and in55 KB (8,720 words) - 10:46, 18 January 2024
- Garante per la protezione dei dati personali (Italy) - 9780409 (category Article 5(1)(d) GDPR)breach of Article 5(1)(a), Article 5(1)(d), Article 5(2), Article 6 GDPR and 129 of the Code. The data controller also breached Article 12(2), Article 15 GDPR61 KB (9,720 words) - 22:42, 22 November 2022
- NAIH (Hungary) - NAIH/2020/2555 (category Article 4(1) GDPR)Pursuant to Article 60 (2), a request to initiate an official data protection procedure may be made in the case provided for in Article 77 (1) of the General33 KB (5,033 words) - 10:12, 17 November 2023
- OGH - 6Ob127/20z (category Article 4(1) GDPR)held that a lawsuit under Article 79 GDPR regarding the alleged violation of Article 15 GDPR is indeed feasible. Article 79 GDPR is not limited to certain34 KB (5,408 words) - 13:57, 20 September 2021
- AEPD (Spain) - PS/00335/2020 (category Article 5(1)(f) GDPR)protocols. This therefore breached Article 5(1)(f) GDPR and Article 32 GDPR. The initial sanction for infringing Article 5(1)(f) was a fine of €5000 and the34 KB (5,427 words) - 14:30, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9269618 (category Article 5(1)(f) GDPR)engines (see Annex 1 to note of 9 January 2019, p. 1); b) to be "aware of the dispersion of data on 12.12.2018" (see note of 9 January 2019, p. 1) and to have34 KB (4,967 words) - 15:46, 6 December 2023
- AEPD (Spain) - EXP202202898 (category Article 6(1) GDPR)the provisions of article 6.1. of the GDPR, therefore could involve the commission of an offense classified in article 83.5 of the GDPR, which provides the34 KB (5,358 words) - 13:16, 13 December 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)the processing of personal data of Article 23(1) of Regulation 2018/1725, the EDPS recalled that, under Article 5(1)(b) of Regulation 2018/1725, processing61 KB (9,971 words) - 14:28, 4 January 2024
- NAIH (Hungary) - NAIH – 6427-1/2023 (category Article 5(1)(b) GDPR)were in violation of Article 5(1)(e) GDPR and Article 32 GDPR, but the DPA dismissed its previous finding of the Article 5(1)(b) GDPR violation. The DPA87 KB (14,360 words) - 08:30, 27 September 2023
- AEPD (Spain) - PS/00406/2020 (category Article 6(1)(f) GDPR)violation of article 6.1. f) of the RGPD, in relation with article 20.1 c) of the LOPDGDD, typified in article 83.5.a) of the cited GDPR That by writing36 KB (5,582 words) - 14:35, 13 December 2023
- AEPD (Spain) - EXP202211953 (category Article 5(1)(a) GDPR)adequate information under Article 13 GDPR, and for the processing of personal data in a manner contrary to Article 5(1)(a) of the GDPR. A data subject submitted85 KB (13,042 words) - 12:42, 13 December 2023
- AEPD (Spain) - PS/00127/2020 (category Article 13 GDPR)information duty included in Article 13 GDPR. Is this a violation of Article 13 GDPR? The AEPD held that there had been a violation of Article 13. According to the35 KB (5,363 words) - 14:02, 13 December 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read131 KB (22,429 words) - 16:57, 12 December 2023
- AEPD (Spain) - EXP202202954 (category Article 5(1)(c) GDPR)legal basis for processing under Article 6(1)(c) GDPR, violated the data minimisation principle under Article 5(1)(c) GDPR, and improperly processed a special34 KB (5,149 words) - 16:00, 20 March 2024
- AEPD (Spain) - PS/00188/2021 (category Article 6(1) GDPR)(LOPDGDD) in its article 72, under the heading "Infractions considered very serious ”provides: "1. Based on what is established in article 83.5 of the Regulation33 KB (5,242 words) - 11:42, 11 August 2021
- AEPD (Spain) - PS/00467/2020 (category Article 5(1)(d) GDPR)results from application of the provisions of article 72.1.k) of this organic law. According to article 72 of the LOPDGDD, it is considered very serious149 KB (24,924 words) - 10:55, 11 August 2021
- DPC (Ireland) - 05/SIU/2018 (category Article 2 GDPR)accessed the CCTV cameras, thereby infringing Article 32(1) GDPR. The Council also violated Sections 71(1)(f), 72(1) and 78 of the 2018 Act by failing to implement13 KB (1,414 words) - 15:11, 14 March 2023
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)having knowledge of the following: 1.1 In general, marketing actions can be classified attending to several criteria. 1.1.1. Campaigns managed directly by287 KB (48,336 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00347/2020 (category Article 5(1)(c) GDPR)”. The LOPDGDD in its article 72 indicates: “Violations considered very serious: 1. In accordance with the provisions of article 83.5 of the Regulation26 KB (4,015 words) - 10:20, 19 May 2021
- AEPD (Spain) - EXP202204501 (category Article 5(1)(f) GDPR)” III Violation of article 5.1 f) of the GDPR Article 5.1.f) of the GDPR, Principles relating to processing, states the following: "1. The personal data57 KB (8,604 words) - 15:40, 20 March 2024
- ICO (UK) - Cabinet Office (category Article 5(1)(f) GDPR)in the sum of £500,000. Breaches of GDPR Contravention of Article 5(1)(f) of the GDPR 47. Article 5(1)(f) of the GDPR has been contravened as the Cabinet79 KB (10,566 words) - 10:48, 7 December 2021
- AEPD (Spain) - PS/00348/2020 (category Article 5(1)(a) GDPR)claimant’s signature constitute a breach under the GDPR? The AEPD held that Vodafone violated Article 6(1) GDPR, as they had processed the claimant’s data without38 KB (5,648 words) - 14:31, 13 December 2023
- AEPD (Spain) - EXP202200471 (category Article 5(1)(f) GDPR)the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. According to the national legislation (Article 76(2)(b) LOPDGDDon40 KB (6,014 words) - 13:21, 13 December 2023
- AEPD (Spain) - PS/00104/2020 (category Article 5(1)(f) GDPR)measures that would have implemented as required by Article 32(1) of Regulation (EU) For its part, Article 72(1)(i) of the LOPDGDD considers a very serious infringement36 KB (6,022 words) - 13:59, 13 December 2023
- AEPD (Spain) - PS/00054/2020 (category Article 5(1)(c) GDPR)may be recorded of the data processing, in violation of Article 13 and Article 5 (1) (c) GDPR. The complainant lodged a complaint with the AEPD about the37 KB (6,022 words) - 13:52, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- UODO (Poland) - DKN.5110.12.2021 (category Article 33(1) GDPR)57 sec. 1 lit. a) and lit. h), art. 58 sec. 2 lit. i), art. 83 sec. 1 and 2 and article. 83 sec. 4 lit. a) in connection with art. 33 paragraph 1 and art51 KB (8,343 words) - 14:16, 15 June 2022
- AEPD (Spain) - PS/00172/2020 (category Article 6(1) GDPR)three years, in accordance with article 72.1 of the LOPDGDD, which establishes that: "Based on what is established in article 83.5 of Regulation (EU) 2016/67938 KB (6,160 words) - 14:06, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 7285/183/18 (category Article 5(1)(a) GDPR)fairness of processing (Article 5(1)(a) GDPR), data minimisation (Article 5(1)(c) GDPR), and data protection by default (Article 25(2) GDPR). The DPA suggested73 KB (11,237 words) - 05:34, 21 July 2022
- AEPD (Spain) - PS/00193/2021 (category Article 6(1) GDPR)(LOPDGDD) in its article 72, under the heading "Infractions considered very serious ”provides: "1. Based on what is established in article 83.5 of the Regulation27 KB (4,223 words) - 10:01, 22 September 2021
- AEPD (Spain) - PS/00119/2021 (category Article 6(1) GDPR)an infraction of article 6.1 of the RGPD, typified in article 83.5 a) of the RGPD, and for the purposes of prescription in article 72.1.a) of the LOPDGDD28 KB (4,459 words) - 14:26, 24 November 2022
- LG München I - 5 O 5853/22 (category Article 5(1)(f) GDPR)organizational measures pursuant to Article 32 GDPR. The court held that the controller violated Article 32(1) GDPR, which requires appropriate technical31 KB (5,017 words) - 15:08, 20 October 2023
- VG Berlin - VG 3L 1028.19 (category Article 17(1)(a) GDPR)the requirements of Article 17 GDPR fulfilled and would the defendant require to delete the school record? Article 17 (1) (a) GDPR grants a right to delete30 KB (4,986 words) - 15:50, 17 March 2022
- AEPD (Spain) - PS/00044/2020 (category Article 13 GDPR)of article Article 24.1, and in relation to the obligations referred to in the previous section, The information obligation provided for in Article 5 of39 KB (6,270 words) - 13:51, 13 December 2023
- AEPD (Spain) - PS/00040/2020 (category Article 15 GDPR)12/13 public, as indicated in article 77.1. c) and 2. 4. 5. and 6. of the LOPDDGG: “1. The regime established in this article will be applicable to the treatments38 KB (6,303 words) - 13:50, 13 December 2023
- UODO (Poland) - DKN.5131.49.2021 (category Article 33(1) GDPR)notified in accordance with Article 34 GDPR. Therefore, the DPA found that the controller violated Article 33(1) and Article 34(1) GDPR and imposed a fine of63 KB (10,380 words) - 08:26, 17 October 2023
- UODO (Poland) - DKN.5131.34.2021 (category Article 33(1) GDPR)The Polish DPA held that a medical facility violated Articles 33(1) and 34(1) GDPR by not notifying the DPA and the data subject of a data breach after61 KB (9,994 words) - 08:37, 14 September 2022
- UODO (Poland) - ZSPR.421.2.2019 (category Article 5(1)(f) GDPR)(f), Article 5(2), Article 6(1), Article 7(1), Article 24(1), Article 25(1), Article 32(1)(b), Article 32(1)(c) and Article 32(1)(b), Article 32(1)(c) and71 KB (11,304 words) - 10:01, 17 November 2023
- UODO (Poland) - DKN.5131.3.2021 (category Article 33(1) GDPR)supervisory authority (i.e. Article 33 (1 ) of the GDPR) and to notify the data subjects of breach of (Article 34 (1-2) of the GDPR), it would be necessary129 KB (20,850 words) - 12:13, 7 July 2021
- AEPD (Spain) - PS/00209/2021 (category Article 6(1) GDPR)with the criteria established in Article 83(2)(b) GDPR: negligent character of the infringement, and Article 83(2)(g) GDPR: categories of personal data affected19 KB (2,809 words) - 09:21, 1 September 2021
- Datatilsynet (Denmark) - 2021-442-13805 (category Article 34(1) GDPR)Protection Agency's decision 3.1. Article 34 of the Data Protection Regulation It follows from Article 34 (1) of the Regulation 1, that when a breach of personal18 KB (2,834 words) - 07:37, 4 October 2021
- AEPD (Spain) - E/12707/2022 (category Article 5(1)(f) GDPR)documentation. The Spanish DPA concluded that there was a breach of Article 5(1)(f) and 32(1) of the GDPR. The access to the third parties’ personal data constituted35 KB (5,522 words) - 14:57, 19 October 2023
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- AEPD (Spain) - PS/00493/2020 (category Article 6(1) GDPR)legal basis under Article 6(1) GDPR. It rejected the argument of the boating club that the publication was lawful under Article 6(1)(f) GDPR, citing the judgment51 KB (8,261 words) - 15:29, 25 January 2022
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)condition of necessity is maintained under Article 6.1 b) to f) of the GDPR. The article 6.1 of the GDPR replaces Article 7 of the Directive, without the relevant45 KB (6,780 words) - 16:57, 12 December 2023
- APD/GBA (Belgium) - 33/2020 (category Article 5(1)(c) GDPR)by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit39 KB (6,551 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00070/2020 (category Article 5(1)(a) GDPR)LOPDGDG establishes a period of three years in article 72.1: "1. Based on what is established in article 83.5 of Regulation (EU) 2016/679, considered very43 KB (7,001 words) - 13:56, 13 December 2023
- OLG Köln - 20 U 295/21 (category Article 4(1) GDPR)found that the right to a copy under Article 15(3) GDPR is independent from the right to access under Article 15(1) GDPR and is to be construed extensively42 KB (6,689 words) - 08:30, 21 November 2022
- CNIL (France) - SAN-2020-008 (category Article 5(1)(e) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- UODO (Poland) - DKN.5131.59.2022 (category Article 33(1) GDPR)should have notified the DPA under Article 33(1) GDPR and the data subjects affected by the breach under Article 34(1) GDPR. Regarding the corrective measure108 KB (17,728 words) - 07:57, 25 April 2024
- APD/GBA (Belgium) - 12/2019 (category Article 6(1)(a) GDPR)implementing the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a107 KB (17,697 words) - 16:52, 12 December 2023
- AEPD (Spain) - PS/00332/2020 (category Article 7 GDPR)Spanish DPA (AEPD) fined Borjamotor, S.A. for infringing Article 7 GDPR and Article Article 21(1) of the Spanish Law on Information Society Services (LSSI)45 KB (6,853 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00178/2021 (category Article 5(1)(f) GDPR)of the article 5.1.f) of the RGPD, typified in article 83.5 of the RGPD, considered very serious for the purposes of prescription in article 72.1.i) of20 KB (3,078 words) - 14:26, 24 November 2022
- AEPD (Spain) - EXP202303130 (category Article 5(1)(f) GDPR)provisions of article 5.1.f) of the RGPD and article 32 of the GDPR, violations classified in article 83.5 of the GDPR and article 83.4 of the GDPR respectively38 KB (5,842 words) - 14:16, 18 October 2023
- AEPD (Spain) - PS/00111/2021 (category Article 5(1)(f) GDPR)imposed a fine of €30,000 for the violation of Article 5(1)(f) GDPR and €20,000 for the violation of Article 32 GDPR, but this was reduced to a total fine amounting39 KB (6,095 words) - 10:08, 20 October 2021
- AEPD (Spain) - PS/00384/2020 (category Article 5(1)(f) GDPR)constituted an infringement of Article 5(1)(f) GDPR for violating the principle of confidentiality and Article 32 GDPR for failing to implement appropriate37 KB (5,788 words) - 15:05, 14 July 2021
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA429 KB (58,279 words) - 09:12, 2 November 2022
- APD/GBA (Belgium) - 52/2024 (category Article 5(1)(a) GDPR)the Disputes Chamber judges that it is possible Article 5.1.a), Article 5.1.b) and Article 6.1 of the GDPR has been infringed. II.2. The basic principle21 KB (3,024 words) - 09:26, 17 April 2024
- determines the purposes and means of the processing". According to Article 26(1) of the GDPR, "where two or more controllers jointly determine the purposes73 KB (11,864 words) - 17:03, 6 December 2023
- AEPD (Spain) - PS/00499/2022 (category Article 5(1)(c) GDPR)infringement of article 5.1.c) of the GDPR, typified in article 83.5 of the GDPR, and for the alleged infringement of article 13, typified in article 83.5.b) of55 KB (8,912 words) - 13:18, 16 May 2023
- AEPD (Spain) - PS/00178/2022 (category Article 4(1) GDPR)violating Article 6 GDPR by taking audio recordings of its employees and costumers disproportionate to the data minimisation principle of Article 5(1)(c) GDPR59 KB (9,122 words) - 14:48, 22 September 2022
- AG München - 178 C 13527/22 (category Article 82 GDPR)after data scraping chains of standards: GDPR Art. 15, Art. 82 BGB § 254, § 280 paragraph 1, § 362 paragraph 1, § 1004 ZPO § 141, § 286, § 287 Motto: The21 KB (3,243 words) - 15:04, 18 April 2023
- DSB (Austria) - 2023-0.603.142 (category Article 33(1) GDPR)accordance with Article 31 of the GDPR, Article 31, due to the security breach , GDPR. According to Article 83 Paragraph 4 Letter a of the GDPR, these two provisions76 KB (12,550 words) - 09:24, 28 February 2024
- DSB (Austria) - DSB-D213.1759 (category Article 5(1)(c) GDPR)hereinafter: GDPR), OJ L 119, 4 May 2016, p. 1.: Article 4, Article 5 Paragraph 1 Letter c, Article 6, Article 12 Paragraph 3, Article 51 Paragraph 1, Article72 KB (11,993 words) - 14:21, 10 April 2024
- ANSPDCP (Romania) - 07.12.2023 (category Article 15(1) GDPR)Article 33(1) GDPR, Article 15(1) GDPR and Article 12(3) and (4) GDPR and issued the controller a €24,000 fine. The DPA also imposed the following corrective4 KB (410 words) - 10:12, 17 January 2024
- DPC (Ireland) - IN-20-1-3 (category Article 32 GDPR)confidentiality in Article 6(1)(f) GDPR and the requirements of Article 32 GDPR (as implemented in Article 72(1), 75 and 78, and by extension 71(1)(f) of the Irish5 KB (471 words) - 11:49, 2 March 2023
- CNIL (France) - SAN-2020-056 (category Article 5(1)(d) GDPR)compliance with the data minimisation principle laid down in Article 5(1)(c) of the GDPR. 33. In addition, personal data concerning health will be processed43 KB (6,847 words) - 17:11, 6 December 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- AEPD (Spain) - PS/00250/2021 (category Article 5(1)(f) GDPR)confidentiality established in Article 5(1)(f) GDPR. The AEPD held that medical histories are special categories of data under Article 9, the processing of which40 KB (6,262 words) - 10:43, 7 July 2021
- AEPD (Spain) - PS/00071/2020 (category Article 5(1)(a) GDPR)which is not the data processing, article 5. 1.a) of the RGPD is being violated Establishes article 5.1.b) of the RGPD "1. The personal data will be: C /45 KB (7,267 words) - 13:56, 13 December 2023
- AEPD (Spain) - PS/00003/2020 (category Article 5(1)(c) GDPR)of public space respect Article 5 (1) (c) GDPR? The AEPD held that the installation of a video surveillance system under Article 22 LOPDGDD must always50 KB (7,524 words) - 13:44, 13 December 2023
- OLG Frankfurt am Main - 13 U 206/20 (category Article 17(1) GDPR)by the plaintiff pursuant to Article 82(1) GDPR, since there have been violations of Article 6(1)(a) GDPR and Article 34 GDPR. The defendant also breached44 KB (7,334 words) - 09:02, 17 March 2022
- AEPD (Spain) - PS/00459/2020 (category Article 5 GDPR)prescription in article 72 of the LOPDGDD and both are typified in article 83.5 of the GDPR. In this regard, article 29.5 of Law 40/2015, of October 1, on the40 KB (6,380 words) - 08:15, 28 July 2021
- AEPD (Spain) - PS/00227/2020 (category Article 6(1) GDPR)Articles 6 and 13 GDPR? The AEPD decided to impose, for infringement of Article 6 GDPR, a fine of € 10000 and, for infringement of Article 13 GDPR, a fine of46 KB (7,230 words) - 14:20, 13 December 2023
- AEPD (Spain) - PS/00314/2021 (category Article 37 GDPR)communicate them to the AEPD (article 37 RGPD). Article 37 RGPD, paragraphs 1 and 7 refer to these obligations and establish, respectively: "1. The person in charge24 KB (3,489 words) - 12:05, 10 November 2021
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- AEPD (Spain) - PS/00120/2021 (category Article 5(1)(c) GDPR) (section On Articles 6, 9 and 5(1)(c) GDPR)of the GDPR, Article 6 of the GDPR, Article 9 of the GDPR, Article 12 of the GDPR, Article 35 of the RGPD, Article 13 of the RGPD, Article 25 of the RGPD337 KB (50,591 words) - 15:29, 5 August 2021
- LG Ravensburg - 2 O 228/22 (category Article 15(1) GDPR)meaning of Article 4 no. 7 of the GDPR.1,000 euros from Art. 82 (1) GDPR due to various violations of the GDPR. 22 1. The defendant violated Art. 32 (1) GDPR26 KB (4,057 words) - 13:39, 11 April 2024
- AEPD (Spain) - PS/00126/2021 (category Article 6(1) GDPR)negligence of the infringement (Article 83(2)(b) GDPR) the impact on basic personal identifiers (Article 83(2)(g) GDPR) Share your comments here! Share26 KB (3,922 words) - 13:10, 9 June 2021
- AEPD (Spain) - PS/00501/2021 (category Article 6(1) GDPR)commerce (hereinafter LSSI), as provided in article 43.1 of said Law. II Article 85 of Law 39/2015, of October 1, on Administrative Procedure Common to Public26 KB (3,914 words) - 12:38, 2 February 2022
- AEPD (Spain) - PS/00433/2021 (category Article 6(1) GDPR)alleged violation of article 6.1 of the RGPD, sanctioned in accordance with the provisions of article 83.5.b) of the aforementioned GDPR and considered for27 KB (4,079 words) - 12:37, 9 February 2022
- UODO (Poland) - DKN. 5131.27.2022 (category Article 33(1) GDPR)accordance with the law (Article 2 of the Act on land and mortgage registers and mortgage and Article 20 (1) point 1 and Article 24 section 2 of the Geodetic80 KB (13,127 words) - 07:57, 14 September 2022
- AEPD (Spain) - PS/00131/2020 (category Article 13 GDPR)we must look for it in article 9 and 6 of the RGPD. Article 9 of the RGPD establishes in its sections 1 and 2.b) the following: "1. The processing of personal45 KB (6,923 words) - 08:41, 16 June 2021
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "1. Each supervisory authority82 KB (13,463 words) - 17:03, 6 December 2023
- DSB (Austria) - 2020-0.743.659 (category Article 5(1)(a) GDPR)permission in Article 6 (1) (c) GDPR and argues that it is the Viennese in accordance with Article 5 (3) of the EpiG in conjunction with Article 1 (2) (e) Contact50 KB (8,015 words) - 13:52, 12 May 2023
- AEPD (Spain) - EXP202104875 (category Article 5(1)(f) GDPR)of the article 5.1.f) of the RGPD, infringement typified in its article 83.5.a) of the aforementioned regulation. IV. Article 83.5 a) of the GDPR, considers54 KB (8,451 words) - 13:35, 13 December 2023
- APD/GBA (Belgium) - 17/2020 (category Article 15(1) GDPR)once all the persona data mentioned by virtue of Article 15(1) GDPR, in the lights of Recital (63) GDPR. Thus, the authority ruled that the lack of a complete52 KB (8,603 words) - 16:55, 12 December 2023
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)of the GDPR: art. 5.1 a, 12.1, 13, 14, 6, 7, 5.1.c in conjunction with 25, 5.2, 28.3, 31, 37 and 38 AVG. 63. With regard to Article 5 (1) (a) GDPR, the defendant113 KB (18,732 words) - 16:50, 12 December 2023
- AEPD (Spain) - EXP202203956 (category Article 6(1) GDPR)entity has violated article 6 of the GDPR, for carrying out a processing of personal data without legitimacy. II Article 6.1 of the GDPR establishes the assumptions52 KB (8,323 words) - 13:17, 13 December 2023
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- AEPD (Spain) - PS/00135/2020 (category Article 13 GDPR)portability of the data; (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a) the existence of the right to withdraw consent in at any47 KB (7,756 words) - 14:04, 13 December 2023
- NAIH (Hungary) - NAIH-1855-4/2022 (category Article 9(1) GDPR)the data subjects. 1) A) The Controller has not respected Article 32, paragraph (1), point (a) and(b) and paragraph (2) of that article of Regulation (EU)50 KB (7,405 words) - 13:58, 28 November 2022
- CNIL (France) - CNIL2326891X (category Article 5(2) GDPR)meaning of article 6.1.f of the GDPR, with the exception of the organizations mentioned in 1° of A and in 1°, 2°, 3°, 5° and 6° of B of I of article L. 61247 KB (7,402 words) - 12:43, 21 December 2023
- ICO (UK) - The Central Young Men’s Christian Association (category Article 5(1)(f) GDPR)failed to comply with Articles 5 (1)(f) and 32(1) and (2) of the UK GDPR. Article 5 (1)(f) and 32(1) and (2) of the UK GDPR 1546. The Commissioner finds that54 KB (7,579 words) - 16:44, 7 May 2024
- Digitaliseringsstyrelsen - Decision against Google of 30 October 2023 (category Article 4(11) GDPR)under §§ 2(8) and 3(1) of the Cookie Law , the condition for voluntary and specific consent (as also described in Article 4(11) GDPR) was not met. In connection52 KB (8,025 words) - 05:01, 23 November 2023
- AEPD (Spain) - PS/00410/2020 (category Article 6(1)(a) GDPR)FIRST: IMPOSE Don B.B.B., with NIF *** NIF.1, for a violation of Article 6.1.a) of the RGPD, typified in Article 83.5 of the RGPD, and classified as a very47 KB (7,334 words) - 17:00, 14 December 2022
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)it should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met99 KB (14,431 words) - 16:20, 6 December 2023
- IDPC (Malta) - COMP/138/2022 (category Article 15(1) GDPR)Articles 6(1) and 9(1) GDPR; b) the controller failed to adequately inform data subjects about the processing of their data, in violation of Article 14 GDPR;7 KB (862 words) - 14:35, 23 May 2023
- UODO (Poland) - DKN.5131.16.2021 (category Article 33(1) GDPR)violated Article 33(1) GDPR. Moreover, it violated Article 34(1) GDPR since it did not provide the data subjects with the information listed in Article 33(3)(b)88 KB (14,432 words) - 10:31, 24 November 2021
- AEPD (Spain) - EXP202205850 (category Article 5(1)(c) GDPR)claimed party, for the alleged infringement of Article 5.1.c) of the GDPR, typified in Article 83.4 of the GDPR. Once the Initiation Agreement was notified29 KB (4,590 words) - 15:06, 19 April 2023
- AEPD (Spain) - PS/00140/2021 (category Article 5 GDPR)A50715366, for the alleged violation of article 6.1. of the GDPR typified in article 83.5.a) of the aforementioned RGPD. 1. APPOINT D. B.B.B. as instructor.28 KB (4,254 words) - 11:30, 16 June 2021
- AEPD (Spain) - PS-00507-2022 (category Article 4(1) GDPR)found an infringement of Article 6(1) GDPR typified in Article 83(5)(a) GDPR and classified it as a grave infringement (Article 72(1) LOPDGDD). Due to these49 KB (7,832 words) - 10:54, 22 January 2024
- NAIH (Hungary) - NAIH-3734-15/2023 (category Article 6(1)(f) GDPR)legislation (30) Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data processing in this case. (31) Recital (47) GDPR: The data controller48 KB (7,721 words) - 11:09, 10 January 2024
- AEPD (Spain) - PS/00068/2021 (category Article 5(1)(c) GDPR)infringement of article 5.1.c) of the RGPD, in accordance with article 83.5 a) of the RGPD, and for the purposes of prescription, of article 72.1.a) of the LOPDGDD48 KB (7,804 words) - 10:36, 21 December 2021