Search results

provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be

or by a third party. The court used Article 9(2)(f) GDPR to interpret legitimate interests under Article 6(1)(f) GDPR as including the establishment, exercise

interests under Article 6(1)(f) GDPR. The data subject was heard on this statement and filed a submission, arguing that Article 6(1)(f) GDPR does not apply

right to privacy, namely, personal data that are protected by Article 9(1) and 9(2)(f) of the GDPR (i.e. union dues, insurance and alimony payments and absences

information took place in accordance with Article 9 (1) of the Data Protection Ordinance. Article 2 (2) (f) and Article 6 (2) 1, letter b. The Danish Data Protection

specifically on Article 9 (2) (f) GDPR - but the wording of the exception in Article 9 (2) (f) GDPR is clear and clear with regard to the fact that Art. 9 Para.

disclosure was necessary for the defence of its client's legal claim under Article 9(2)(f) GDPR. In the context of a legal dispute, Magna Lögmen - an Icelandic law

a fundamental right. 4.7. ASZ also invokes Article 9(2)(f) of the AVG, from which it follows that Article 9(1) of the AVG does not apply if the processing

company could process the data lawfully because an Article 9(2) exception applied, namely Article 9(2)(f), where processing is necessary for the exercise

assessed according to Article 6(1)(f) GDPR and Article 9 GDPR. Second, lawyers are data controllers within the meaning of Article 4(7) GDPR with regard to their

legal basis under Article 9(2) GDPR for sending the medical assessment, which contained health data under Article 14 GDPR#15Article 4(15) GDPR, to the municipality

Protection Regulation Information covered by Article 9 (2) (f) may be covered by Article 9 (2). 1, is processed if the processing is necessary for legal claims

regulation's article 9, subsection 2, letters d and f. In relation to this, Plesner has stated that with regard to Article 9, subsection 2, letter d, Plesner

constituted health data under Article 9(1) and Article 4(15) GDPR but the transfer was nevertheless admissible pursuant to Article 9 GDPR, as the strict requirements

Paragraph 4 GDPR Art4 Z1 GDPR Art5 Paragraph 1 litc GDPR Art51 Paragraph 1 GDPR Art57 Paragraph 1 litf GDPR Art6 Paragraph 1 litf GDPR Art77 GDPR Art9 B-VG Art

possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State

has specifically been Article 6 (1) of the Data Protection Regulation. Article 9 (1) (f) and Article 9 (1) 2, letter f, as TV 2 has "transferred" personal

consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details

reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate

categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific

application, see Article 3(2)(b) GDPR, or automated decision making, see Article 22 GDPR. Profiling also triggers information duties under Articles 13(2)(f) and 14(2)(g)

decision". Similar to the ex-ante information in Article 13(2)(f) and 14(2)(f) GDPR, Article 15(2) GDPR requires that in case the controller transfers data

flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision

access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data

court can be regarded as necessary within the meaning of Article 6 (1) (f) and Article 9 (2) (f) GDPR. Nor are there any overriding interests or rights and

with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR

from Articles 13(2)(b) and 14(2)(c) GDPR. However, Article 21(4) GDPR specifies that the right to object under Article 21(1) and 21(2) GDPR (i.e. the right

commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA

mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual

access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation

non-material damage. Article 32(1) GDPR reflects the principle of integrity and confidentiality enshrined in Article 5(1)(f) GDPR. The controller and the

requirements of data minimization (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). Under Article 30(1)(f) GDPR, where possible, the controller

compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to

Regulation (GDPR): A Commentary, Article 49 GDPR, p. 846 (Oxford University Press 2020). EDPB, ‘Guidelines 2/2018 on derogations of Article 49 under Regulation

leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward

access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)

provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)

must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller

as health data under Article 9 GDPR. The DPA decided that the controller could rely on the exemption outlined in Article 9(2)(h) GDPR. The DPA could have

important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal

accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand

and jurisdiction provisions (Articles 47(1)(b), 47(2)(d), 47(2)(e), 47(2)(g), 47(2)(i), 47(2)(l) GDPR); a duty for the EU BCR member to accept responsibility

Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 6

court can be regarded as necessary within the meaning of Article 6 (1) (f) and Article 9 (2) (f) GDPR. It would also not conflict with any overriding interests

the controller under Article 33(2) GDPR." See, EDPB, Guidelines 9/2022 on personal data breach notification under GDPR (Version 2.0), 28 March 2023, p

meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines

processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e)

point (d) of Article 46(2) and in Article 28(8); (e) aims to authorise contractual clauses referred to in point (a) of Article 46(3); or (f) aims to approve

or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both

to in Article 61(6) GDPR. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2) GDPR. → You

the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally

are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles

difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter

number 9 (C.H. Beck, 2018, 2nd edition). We refer, in that respect, to the Commentary on Article 2(2)(c) GDPR. Spiecker et al., GDPR Article-by-Article Commentary

falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting

requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide

contrast to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not

occupation. For example, Article 52(2) GDPR requires SA members to remain free from external influence and Article 52(3) GDPR entails a prohibition of

consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is

the non-binding Recitals of the GDPR. Example: There was agreement that legitimate interests under Article 6(1)(f) GDPR would need further definitions,

information as outlined in Articles 13 and 14 of the GDPR (see above). Article 26(2) of the GDPR emphasizes the significance of these specific obligations

laid down in Article 57 GDPR. The powers of SAs are both investigative and corrective, which are set out in Article 58 GDPR. Article 52(2) GDPR requires two

reference, see Article 143 of the Code). However, detailed time-limits can be found in Regolamento n. 2/2019 cited above. Under Article 154 of the Code

formation, meaning one president and five others elected members, pursuant to Article 9 of the Law "Informatique et Libertés". The CNIL's internal rules indicate

website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google

trigger Article 9, irrespective of how the data is further processed by the data controllers the data was disclosed to. The exception under Article 9(2) is

at/dam/jcr:ee7b155a-0a1f-4d00-98e9-902314c7022d/Datenschutzbericht%202022.pdf Report: Europe’s governments are failing the GDPR by Brave, page 6 - https://brave

other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of

interests under Article 6(1)(f) GDPR. On the erasure obligations under Article 17 GDPR, the CJEU held that under Article 17(1)(d) GDPR SCHUFA will be under

regulation[1] article 5, subsection 2, cf. Article 5, subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1

that the Medical List does today, cf. GDPR Article 4, No. 11, Article 6 No. 1 letter a, Article 7 and Article 9 No. 2 letter a If current practice is invalid

personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO,

meaning of Article 6(1)(f) of the GDPR must already be known in order for a balancing of interests within the meaning of Article 6(1)(f) of the GDPR to be possible

pursued by Meta pursuant to Article 6(1)(f) GDPR. Lastly, the CJEU noted that the fact that Article 6(1)(a) and Article 9(2)(a) GDPR must be interpreted as

processing of data concerning health laid down in Article 9(1) GDPR is possible under Article 9(2)(h) GDPR) in a case such as the present one, are there further

Supervision: Article 6(1)(f), legitimate interest. For the special category personal data: About diagnosis: Article 6(1)(a), cf. Article 9(2)(a), consent

pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA

in particular of children was in breach of Article 5, Article 6, Article 8, Article 9, and Article 25 GDPR. Consequently, the DPA urgently imposed upon

assessed in accordance with the provisions of Article 6(1)(c), Article 6(1)(f) GDPR, or both provisions? 2.     Does the answer to Question 1 mean: a)  

regard to article 83.2 (k) of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k) of

artistic or literary purposes, only Article 24, Article 26, Article 28, Article 29, Article 32, and Article 40- Article 43 applies, following § 3. Special

these facts: one for the violation of article 5.1.f) RGPD, and another for article 32 GDPR. x Article 58.2 of the GDPR provides the following: “Each supervisory

personal data under Article 9 GDPR. The OGH agreed with the BVwG's reasoning in W258 2217446-1 and held that that the purpose of Article 9 GDPR is to protect

Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the

III Article 5.1.f) of the GDPR Article 5.1.f) “Principles relating to processing” of the GDPR establishes: "1. The personal data will be: (…) f) treated

treatment in Article 6 (1) (f) which is the most obvious. We point to that The Privacy Board has assumed that Article 6, paragraph 1, letter f is a relevant

Ordinance Article 6 No. 1 letter f, for failure to assess protests, cf. Article 21, and for lack of information, cf. Article 13. 2. Pursuant to Article 58 (2)

right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can

Articles 5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing of

person.” Article 9.2 of the GDPR however means that: “Section 1 will not apply when one of the following circumstances occurs:” which cover article 9.2.a) to

by the EDPB pursuant to Article 66(2) GDPR. Temporary ban on processing (order) Pursuant to Article 66(1) GDPR and 58(2)(f) GDPR the Norwegian DPA consequently

c), Article 6.1., Article 13.1. c), Article 13.1. c), Article 13.1. e) and Article 13.2. a) of the DGPS pursuant to Article 101 of the ICA, to impose

force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect

unclear if this national determination of Article 6(1)(f) GDPR is compatible with the GDPR. Many other GDPR provisions were introduced in the sector-specific

of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2. a)

current version of the TCF violates Article 5(1)(f) GDPR. Processing of special categories of personal data - Article 9 GDPR The DPA held that although its

rating, breaching Article 6(1) GDPR, and required the company to implement a policy for conducting credit ratings per Article 24 GDPR. A person lodged a

for the violation of Article 5(1)(f) GDPR and Article 5(2) GDPR. The AEPD considered that the fine was proportional, since the GDPR establishes that fines

the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection

did not react either. GDPR applicable? (Article 3(2) GDPR) The DPA held that the GDPR was applicable pursuant of Article 3(2) GDPR. Because the controller

with article 4.1 of the RGPD, is a personal data. nal and its protection, therefore, is the subject of said regulation. In article 4.2 of the GDPR defines

protection within the meaning of Article 45 of the GDPR and without appropriate safeguards within the meaning of Article 46 of the GDPR. Furthermore, the plaintiff

the meaning of Article 4(7) GDPR. Furthermore, the erasure or destruction of personal data is a form of processing based on Article 4(2) GDPR. The DPA has

2019, BVwerG 6 C 2.18 "It follows that the opening clauses of Article 6.2 and 6.3 GDPR for processing operations under Article 6.1(1)(e) GDPR do not cover

relation to letter k) of article 83.2 of the GDPR, the LOPDGDD, in its article 76, "Sanctions and corrective measures" establishes that: "2. In accordance with

of interests to be carried out pursuant to Article 6 (1) (f) of the GDPR would (now) be in his favour. 2.2 On the permissible retention period of data

that under Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled

the alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement

obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does

provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read

5 Para. 1 lit. f GDPR, Art. 5 Para. 1 lit. a GDPR and Art compatible. I.16. After being asked to comment (VWA ./56, see point II.2), BF2 took the lead their

1597222413; cookie-agreed=2; __unam=67c8073-173e205d800-f576793-2; TS018cf77a=017ccc203c9e7bc4149f20e42e6a3643881397eb41e025f2c54bb e7141c720c53441c2483c;

infringement of Article 5.1 c) AVG has been proven. f)Transparent information (Article 5.1(a); Article 12.1. and Article 13.1. and 13.2. AVG) 43.The complainant

information in accordance with Art. 15 (1) half-sentence 2 GDPR. According to Art. 4 No. 2 GDPR, processing also includes in particular the collection,

and Article 57(1)(a), Article 58(2)(d) and (i) in connection with Article 5(1)(a), (e) and (f) and (2), Article 24(1) and (2), Article 28, Article 30(1)(d)

according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines

situation (see Article 9 DSRL 95/46/EC, Article 85 DSGVO - so-called media privilege; see above, marginal no. 11 f.). The reference in Article 9 of the DSRL

within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated

and Article of 11Law No. 3471/2006, in accordance with Article 13(58i2) of the GDPR in conjunction with Article 83(1)(a) of the GDPR. 5 of the GDPR, and

basis under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful

controller €80,000: €50,000 for the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. The original fine of €80,000 was reduced

presenting the principles of data processing of Article 5(1) GDPR, underlined that, based on Article 5(2) GDPR, it is the data processor's responsibility to

around the processing of personal data subject to Article 10 GDPR. Pursuant to Article 6(1)(f) GDPR, the Privacy Appeals Board conducted a balancing test

conditions of Article 6 (1) of the GDPR. This follows both from Article 21(1)(1)(2) of the GDPR, which refers to Article 6(1)(1)(e) and (f) of the GDPR as a possible

in particular Article 6(2) of the Regulation seems (a), (e) and (f) to be relevant to consider as a possible basis for processing. On (f) DMI is part of

portability of the data c) when the processing is based on Article 6(1)(a) or Article 9, paragraph 2, letter a), the existence of the right to withdraw consent

with the principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of

Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG, le règlement s'applique

further additional corrective powers exercised in this second decision (IN-19-9-2) in light of how the first decision addressed the circumstances of the same

lawfulness, the Litigation Chamber concludes that Article 5.1.a. of the GDPR in conjunction with Article 6 of the GDPR have not been complied with with regard to

infringement of Article 5.1.f) of the RGPD typified in Article 83.5.a) of the RGPD and considered very serious, for the purposes of prescription, in Article 72.1

such processing to be legitimate on the basis of Article 9 (2) (B) GDPR in conjunction with Article 32 GDPR" (see note cited, p. 4) (see footnote cit., p

3 Sentence 2 GDPR is in accordance and whether there is a conflict of interest within the meaning of. Article 38 Paragraph 6 Sentence 2 GDPR applies if

analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches

data for the purposes of its legitimate interests in accordance with Article 6(1)(f) GDPR. Therefore, the data subject must be considered to have objected

police. The DPA assessed the appropriate sanctions in accordance with Article 83(2) GDPR and suggested a fine of approximately €67,000 (DKK 500,000). The DPA

” Regarding section k) of article 83.2 of the GDPR, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions

only be made under the conditions of Article 9(2) GDPR. In doing so, the court pointed out that Article 9(2)(e) GDPR, i.e. the public nature of the data

investigations the CNIL found five breaches of the GDPR: -         Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively

(d) and (f), 9 and 32(1)(b) GDPR.” Pursuant to Article 58(2)(i), the DPA hence imposed an administrative fine as per Article 83(4) and (5) GDPR. Given that

to the general rule of prohibition of the same (art. 9.1. GDPR). However, article 9.2 of the GDPR regulates exceptions to said general prohibition, invoking

the consent on which the treatment is based in accordance with Article 6(1)(a) or Article 9(2)(a) and this is not based on another legal basis; c) the interested

16.12.2008 - C-73/07, EuZW 2009, 108 para. 61 f.; v. 14.2.2019 - C-345/17, NVwZ 2019, 465 para. 53 f./59 f.) However, it can expressly not be assumed that

Authority of Bologna for violation of Articles 5(2)(f) and 9 GDPR. On the basis of Articles 58(2)(i) and 83 GDPR, the Garante imposed a fine of € 18 000 on the

Consequently, based on Article 83(5)(a) GDPR, the hospital was fined to pay a fine of EUR 30.000,00 for violation of Article 5(1)(f) GDPR. Corrective measures

Pursuant to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not

accordance with article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 The GDPR defines

conduct a DPIA cf. Article 35 - clearly inform students cf. Article 12 that a) it's voluntary to participate in the survey cf. Article 13(2)(f), and b) that

connection with Article 5 paragraph 1 point c, Article 9 paragraph 1, Article 58 paragraph 2 point f, point g and point i and with Article 83 paragraph 2 and 3,

violation of Article 5.1.f) of the RGPD, typified in Article 83.5 of the RGPD. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es Page 2 2/6 FOURTH:

street. The DPA was allowed to issue a reprimand, Art. 58(2)(b) GDPR. On the basis of Art. 58(2)(f) GDPR, the DPA was not entitled to order the removal of camera

therefore held that the controller violated Article 5(f) (principles of integrity and confidentiality) and Article 9 by communicating personal data, including

processing special categories of data, cf. Article 32(1)(b) GDPR, Article 32(1)(d), Article 24 and Article 35, cf. Article 5. In May 2019, a municipality reported

the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision

in Article 6 GDPR. If the information also includes sensitive data specified in Article 9(1) GDPR, there must be a basis for processing in Article 9(2)

only with regard to the applications under 2 a), 2 b) and 2 c) and partially with regard to the application under 2 d), so that the remainder of the regional

the documents or files containing their personal data under Article 15(3) GDPR and Article 12 of the ePrivacy Directive. However, there is a right to a

the notice board of the neighbour’s community a violation of Article 5 (1) (f) GDPR? Article 9 of Ley de Propriedad Horizontal provides that: "If a summons

referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding

the GDPR, as the data falls under Article 9 GDPR and awarded € 800 in emotional damages. The Austrian Business Code cannot override Article 9 GDPR. There

limitation under Article 5(1)(a) of the GDPR. 1(b) and the obligation (principle) of accountability under Article 5(1)(b). 2 of the GDPR, that is to say

processing might be based on Article 6(1)(f) GDPR (legitimate interest) and - regarding health data - on Article 9(2)b) GDPR (fulfilling obligations under

pursuant to Article 82(1) GDPR, because controller violated Article 32(1) GDPR. The Court upheld the appeal and ordered the controller to pay € 2,500, - as

violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed

Articles 13, 14, 18 and 21 DSGVO were excluded under Article 9(8) CESTA. Pursuant to Article 9.2(i) of the DSGVO, the defendant was entitled to lawfully

the European legal order. 9 II.2. Article 5, paragraph 1, a) and paragraph 2 of the GDPR and Article 24, paragraph 1 of the GDPR and the Belgian legislation

cf. Article 9 (1) of the Data Protection Regulation. 2, letter g. The ITU has stated that, in principle, personal data not covered by Article 9 of the

her life. Her objection to processing follows from Article 21(1) GDPR. ING argues that Article 21(1) GDPR cannot be relied on in this case because it applies

data (Article 9 GDPR)? Does the data controller have a legitimate interest to process credit card data of recurring purchasers under Article 6(1)(f)? Can

in the article 57.1 and the powers granted in article 58.1 of the Regulation (EU) C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 2/12 2016/679

personal data under Article 15 GDPR? The Spanish DPA held that the airline company had not complied with the right to access in Article 15 GDPR when it refused

violation of thearticle 5.1.f), in relation to article 6.1 of the RGPD.The violation of article 5.1.f) of the RGPD is typified in article 83.5.a)of the RGPD. The

Authority. II.5.2. Established infringement of Article 5(1)(a) j° Article 6(1)(f) and Article 12(2) GDPR in conjunction with Article 17 (1) GDPR. II.5.2.1. Administrative

cf. Article 58, paragraph 2, letter i, cf. Article 83. Both infringements of Article 6 and Article 13 may be sanctioned with a fee, cf. Article 85, paragraph

imposed a fine of €60000 for the violating Article 5(1)(d) GDPR and €30000 for violating Article 5(1)(f) GDPR. In imposing the fine, the AEPD factored in

c) and5, paragraph 1, al. f), all of the aforementioned regulations;-pursuant to article 58, paragraph 2, al. i) the GDPR, the application to the defendant

6(1) GDPR indicated that the subsequent legal bases outlined in the Article are not mutually exclusive. Therefore, both Article 6(1)(c) and (f) GDPR can apply

§ 8 clause 2 of the GTC agreed between the parties (according to § 8 b paragraph 2 MB/KK). 52 § 8 b para. 2 MB/KK violates §203 sentence 2 VVG and is therefore

that the article’s publication was in violation of Article 5(1)(c) GDPR, Article 6(1)(f) GDPR, when read in line with Article 85 GDPR. Article 5(1)(c) outlines

compliant with Articles 5 and 6 GDPR. According to Article 6 GDPR, when a controller did not rely on consent (Article 6(1)(a) GDPR), its processing should be

(2) (f) and Article 14 (2) (g), Article 14 (1) andArticle 15 (1) (h) and Article 21 (1)infringement of Article 18 (1) (a) and (d).order the restriction

data Article 9.2.a: Express consent Article 9.2.b: Fulfillment of labor law obligations, etc. Article 9.2.c: Protection of vital interests Article 9.2.d:

" Regarding section k) of article 83.2 of the GDPR, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions

violation of article 5.1.f) of the RGPD, typified in article 83.5 of the GDPR. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 2/5 FOURTH: On

protected by article 5 par. 1 item a) GDPR, in conjunction with Article 13 GDPR and b) directs a reprimand, according to article 58 par. 2 b) GDPR, to the complained

request an investigation from the inspection service in accordance with Article 63, 2 ° ; 2° request the inspection service to carry out an additional investigation

accordance with Article 9 (1) of the Data Protection Regulation, unless the treatment is not covered by any of the exceptions in Article 9 (2) of the Regulation

institution, organization, etc. Article 9.2.e: Explicit disclosure Article 9.2.g: Substantial public interest Article 9.2.f: Establishment, exercise or support

" Regarding section k) of article 83.2 of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions

previous provisions pursuant to art. 58 of the Regulation (Article 83, paragraph 2, letter e), f), h), i), of the Regulation itself). Based on the aforementioned

constitutes sensitive data within the meaning of Article 9 GDPR. The DPA alluded to Article 9(1) GDPR which prohibits the processing of these special categories

authorization provisions of Article 9. Act no. 90/2018. These include point 6. Article 9 of the Act, cf. point e of the first paragraph. Article 6 of the Regulation

the following: Article 66 GDPR gives the possibility for a procedure of urgency and from this article (and Article 66 and Article 62 GDPR), the European

LPACAP), for the alleged infringement of article 5.1.f) of the RGPD and article 32 of the RGPD, typified in article 83.5 of the RGPD. EIGHTH: Notification

protocols. This therefore breached Article 5(1)(f) GDPR and Article 32 GDPR. The initial sanction for infringing Article 5(1)(f) was a fine of €5000 and the

controller violated Article 6(1)(f) GDPR when accessing the employee's email account and emails. Further, the Datatilsynet breached Article 21 GDPR since the controller

2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.

stored or otherwise processed. 2.9 Article 32 GDPR applies to both controllers and processors. Penalties 2.10 Article 83(1) GDPR requires supervisory authorities

the GDPR, pursuant to Articles 58(2)(b) and (d) respectively. For the violation of Article 5(1)(f), it issued a fine of €10000, pursuant to Article 58(2)(i)

the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the

for the infringement of the confidentiality principle specified at Article 5(1)(f) GDPR, as the defendant agreed to an early and guilty voluntary payment

policies regulating this, they failed to comply to Article 24(1) and (2) GDPR and Article 25(1) and (2) GDPR. No fine was imposed, but a reprimand and clear

privacy. Health data are special categories of data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can

right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can

right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can

provided in article 9.2 of the RGPD that would allow lifting the general prohibition of the treatment of these types of data established in the article 9.1. At

with Article 31, Article 58(1)(e) and (f) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament and of

obtained from them, as required under Article 14(1)(a) AVG and Article 14(2)(c)(e) and point (f) AVG; c. article 12 j° article 14 AVG, in view of the defendant

under Article 58(2)(b) GDPR. The Authority ordered the Health Service to carry out a DPIA and bring its processing operations in line with the GDPR within

also be subject to the provisions of Article 6.1(e) DSGVO in conjunction with Article 6.1(b) DSGVO. Article 2, 28.2 no. 2 BayDSG without the consent of the

specified period - article 58. 2 d) -. According to the provisions of article 83.2 of the RGPD, the measure provided for in article 58.2 d) of the aforementioned

violation of Article 5 (1) (f) GDPR? The Spanish DPA held that were clear indications that the defendant infringed Article 5 (1) (f) GDPR, principles relating

guarantees ”(Article 9, paragraph 2, letter b), of the Regulation). In any case, the dissemination of data relating to health is prohibited (art. 2-septies

employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public bodies (the

RETAIL S.L. for alleged infringement of Article 5.1 f) of the GDPR, in accordance with Article 83.5.a) of the GDPR- Initiate sanctioning procedure against

95/46/EC) on the same date (see Article 94 GDPR). That the initiating petition in this case dates from 22 May 2018 and that Article 48, paragraph 10 of the (Dutch)

under Article 35(7) GDPR, for not complying with the principle of transparency under Article 5(1) GDPR and for not anonymising the data under Article 25(1)

has its legal basis under Article 6(1)(f) The Disputes Chamber proceeds to dismiss the complaint in accordance with article 95 , § 1, 3° WOG, giving three

violations of f Article 32 paragraphs (1) and (2) GDPR. The controller Fan Courrier Express SRL was sanctioned with a fine in the amount of 52,325.9 lei, the

dissuasive" as per Article 83(1). In addition to a breach of Article 6(1)(f), the lack of organisational measures pursuant to Article 5(2) was weighted when

in Article 17 GDPR (cf. Article 17 (3) b GDPR). In that case, the data subject does not have the right to object as referred to in Article 21 GDPR, because

violation of article 6.1. f) of the RGPD, in relation with article 20.1 c) of the LOPDGDD, typified in article 83.5.a) of the cited GDPR That by writing

5.1.f, of the RGPD -as set out in Article 83(5)(a) of the said regulation and 5(1)(f) in relation to Article 32(1)(b) and (c) - specified in Article 83(4)(a)

submits that Article 77 AVG 2, interpreted in the light of Articles 1, 51(1) and 57 AVG, recitals 7, 10 and 141 AVG, Article 8 Charter and Article 16 TFEU,

by the alleged violation of Article 5.1(f) of the GDPR, Article 5.1(b) of the GDPR, as set out in Article 83.5 of the GDPR. FOURTH: On 10 June 2020, the

out by the school). Article 9 GDPR, for having processed biometric data without any valid ground from Article 9(2). Article 13 GDPR, for not having informed

parties (Article 83.2.k of the RGPD in relation to Article 76.2.b of the LOPDGDD) - The turnover or activity figure of the entity (article 83.2.a, of the

notification date: August 9, 2019 ENTITIES UNDER INVESTIGATION PROMOFARMA ECOM S.L with NIF B65130122 with address in AV DIAGONAL Num.534 P.6 PTA.2 - 08029 Barcelona

in Article 23 GDPR. Restrictions on the right to information under Art. 15 GDPR result in particular from the express provision in Art. 15 (4) GDPR that

internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its

terminated, must be assessed in the light of Article 6 GDPR and not Article 10 GDPR. Article 6(1)(f) GDPR provides a sufficient basis for processing. The

by the alleged violation of Article 32 of the RGPD, Article 5.1.f) of the RGPD, Article 25 of the RGPD, typified in Article 83.5 of the RGPD. FOURTH: On

organisation contravene Article 5(1)(f) GDPR? The AEPD found that the disclosure of her personal data to the 400 members violated Article 5(1)(f) GDPR. The AEPD stressed

processing involved special categories of data under Article 9 GDPR and whether an exception under Article 9(2) applied; • targeted advertising by the controller

appeals to that effect legitimate interest (Article 6.1 f) GDPR). 26. In accordance with Article 6.1 f) GDPR and the case law of the Court of Justice of

material scope of application of the AVG (Article 2.1. AVG). None of the 4 grounds for exception under article 2.2. AVG apply here. As the Defendant does

pre-existing form of Article 11 of Law 3471/2006). However, with the provisions of article 16 par. 1 and 2 of law 3917/2011, par. 1 and 2 of article 11 of law 3471/2006

established in article 58.2 of the GDPR. Between They have the power to impose an administrative fine in accordance with the article 83 of the RGPD -article 58.2

” Regarding section k) of article 83.2 of the RGPD, the LOPDGDD, article 76, “Sanctions and corrective measures” provides: "2. In accordance with the provisions

contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could

such cases (see BVerfGE 82, 159 <195 f.>; 126, 286 <316 f.>; 128, 157 <187 f.>; 129, 78 <106 f.>; 135, 155 <232 f. marginal no. 183>). This may be the

according to article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines

on the basis of Article 9 (1) of the Data Protection Ordinance [1]. 2, letter h, cf. the Data Protection Act [2] § 7, para. 3, and Article 6, para. 1, letter

registers removed is rejected. 6(1)(f) of the GDPR, [applicant] can rely on Article 21 of the GDPR. Article 21 GDPR gives a data subject the right to object

violating Article 5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article

of article 32.1 of the RGPD, typified in article 83.4.a) of the aforementioned RGPD. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 2/9 FIFTH:

municipalities has not complied with Article 28 (1) of the Data Protection Regulation. Article 32 (3) (f), cf. Article 32, as the company has not implemented

contemplated in Article 83.2 of the GDPR, with respect to the infringement committed by violating the provisions of Article 5.1.f) of the GDPR, allows for

(hereinafter claimant 2). C.C.C. (hereinafter claimant 3). D.D.D. (hereinafter claimant 4). E.E.E. (hereinafter claimant 5). F.F.F. and D.D.D. (hereinafter

and mitigate its effects (article 83.2.f, of the RGPD) -Basic personal identifiers (name, surname, address, D.N.I.) (article 83.2 g). Therefore, in accordance

controller thus also violated Article 14 GDPR. However, the DPA did not use any of their corrective powers as listed in Article 58(2) GDPR. Share your comments

companies. 2.2 On 19 November 2013, ING entered the [Appellant's] personal details in ING's internal referral register (IVR) for a period of eight years. 2.3 In

controller) about €352,555 (NOK 4,000,000) for violating Article 5(1)(f) GDPR, Article 24 GDPR and Article 32 GDPR after a serious ransomware attack led to highly

Pursuant to Article 2 (2), the General Data Protection Regulation shall apply with the additions indicated therein. Pursuant to Article 2 (2) of the General

ruling under Article 267 TFEU on the requirements of awarding damages for GDPR violations and the assessment of such damage under Article 82 GDPR. For the

paragraph 2 and paragraph 3, letter b) of the Regulation; 9, paragraphs 1, 2, 4, of the Regulation, Articles 2-ter, paragraphs 1 and 3 and 2-septies, paragraph

in line with Article 13 GDPR. On the DSB's request, the controller declared R*** Hotels GmbH as its representative under Article 27 GDPR and sent a reply

withdrawal of consent under Article 7(3) GDPR. The Authority also considers the existence of a deletion request under Article 17 GDPR. The AEPD concludes that

violation of Article 5(1)(a), (b), (d) and (e) GDPR. Furthermore, there was no legal basis for these processing operations under Article 6(1) GDPR. The DPA

of the data; c) when the treatment is based on article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), the existence of the right to withdraw

measures ('integrity andconfidentiality ")." (Article 5 (1) (f)). In addition, paragraph (2) of the same article provides that "the controller bears theresponsibility

infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been

conferred on it by the provisions of Article 58 of the GDPR and Article 15 of Law 4624/2019. 2. As Article 5 of the GDPR defines the processing principles

subsequent violations of Article 32(1)(b) GDPR and Article 32(1)(d) GDPR and of the principle of accountability as foreseen in Article 5(2) GDPR read in conjunction

legitimate and explicit purpose. Therefore, it was contrary to Article 5(1)(b) GDPR and Article 6 GDPR. In addition, the DPA found that the controller did not

with Article 5 (1) (a) and Article 6 (1) (f) GDPR. Thus, the controller failed to comply with the accountability principle under Article 5 (2) GDPR. Second

into account and issued a fine of €2,000 for the violation of Article 5(1)(f) GDPR as classified under Article 83(5) GDPR. Share your comments here! Share

arises from Article 5.2 and Article 24 GDPR where it is up to the defendant to demonstrate that they also acts in accordance with article 5.1. f GDPR namely:

location still covered as a "legitimate interest" in Article 6(1)(f) GDPR? How are penalties under GDPR and the Austrian Data Protection Act ("DSG") to be

infringement in question was correctly defined as a breach of Article 5(1)(a) GDPR and Article 6(1)(f). However, the PVN did not agree that the infringement was

interest in the field of public health, in accordance with Article 9 (2) (h) and (i) and Article 9 (3); (d) for archiving in the public interest, for scientific

and that basic personal identifiers, as set out in Articles 83(2)(f) GDPR and 83(2)(g) GDPR, are affected. In addition, the annual turnover of the company

"Regarding section k) of article 83.2 of the RGPD, the LOPDGDD, article 76," Sanctions and corrective measures", provides:"2. In accordance with the provisions

violated Article 5(1)(f) GDPR and proved the ineffectivness of the controller's employee compliance training, in violation of Article 32 GDPR. The DPA

portability of the data; (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the right to withdraw consent at any time

pursuant to Article 58, paragraph 2, of the Regulation, with this measure. Pursuant to Article 78 of the Regulation, Article 152 of the Code and Article 10 of

patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital

the documents or files containing their personal data under Article 15(3) GDPR and Article 12 of the ePrivacy Directive. However, there is a right to a

specific enough and did not comply with Article 13 GDPR. Does the lack of precision enough to infrige Article 13 GDPR? The AEPD found that the information

therefore lawful [also in the light of] Article 6(f) of the Regulation" (p. 21) - as regards the infringement of Article 9(2)(b) of the Regulation "it is clear

principle to which Article 6(1) GDPR is linked, and imposed a fine of €2000 relying on Article 58(2) GDPR. The defendant ultimately paid €1200 for the breach

on legitimate interests according to Article 6(1)(f) GDPR and that Ziggo had to comply with Article 6(4)(d) GDPR. The Court found that DFW had a legitimate

III Article 5.1.f) of the GDPR Article 5.1.f) “Principles relating to processing” of the GDPR establishes: "1. The personal data will be: (…) f) treated

comes regulated in article 32 of the GDPR. II Article 5.1.f) of the GDPR Article 5.1.f) of the GDPR establishes the following: "Article 5 Principles relating

the processing is based on Article 6(1)(a) or on Article 9, (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the

processing as per Article 5(1)(b), nor legal grounds as per Article 6. In sum, the DPA found that NIF had breached Article 5(1)(a), (c) and (f), Article 6, and Article

complainant, Article 83(2)(h) GDPR - The existence of a prior complaint. Aggravating factors in accordance with Article 72(2)(a) & (b) LOPDGDD and Article 83(2)(k)

mandatory by article 13.2.a) of the GDPR. 2.2 Regarding the exercise of their rights by the persons concerned 67 53. In the context of objective 2, the head

violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)

of the measures referred to points (a) to (h) of Article 58(2) and Article 58(2)(a) to (h) paragraph 2(j). When deciding on the imposition of administrative

established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there was

the GDPR does not apply established by the GDPR and, therefore, in accordance with the provisions of articles 55 para. 1, 2 para. 1 and 3 para. 2 GDPR

infringement of Article 32.1 of the GDPR typified as a serious infringement in Article 73 f) of the LOPDGDD and in Article 83.4 of the GDPR. For its part

sedeagpd.gob.es 10/14 claimed (article 83.2. a) of the RGPD). - The intentionality or negligence of the infringement (article 83.2. B) of the RGPD). - Basic

employee of the entity - infringes Article 32. 2 and 32.4 of the RGPD, an infringement punishable under Article 83.4.a of the GDPR. Assessing the circumstances

of data protection by its article 2.2, without prejudice to the provisions of sections 3 and 4 of this article. " And in article 19: ”Treatment of contact

established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there was

infringement of Article 32 GDPR in conjunction with Article 5(1)(f) GDPR? The Romanian DPA (ANSPDCP) found that the controller violated Article 32 GDPR as they

protection regulation article 6 no. 1 letter f, for failure to assess protests, cf. article 21, and for failure to information, cf. Article 13. 2. X AS is ordered

principles are found under Article 5(1)(a) and Article 5(2) GDPR respectively]. The Spanish DPA even made reference to Recital 40 GDPR on the legality of processing

violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account

Therefore the controller violated Article 5(1)(a) and (2), Article 6(1), Article 12(1), Article 13(1)(b) and (c) GDPR. The DPA imposed a fine of €50.000

appeal judges Articles 2.1, 4 2), 5.1 c) and 57.1 a), f) and h) GDPR, to the extent necessary read in conjunction with Article 288(2) TFEU and Articles 4

number of personal data. (Article 76.2.b) The balance of the circumstances contemplated in article 83.2 of the RGPD and the Article 76.2 of the LOPDGDD, with

the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. According to the national legislation (Article 76(2)(b) LOPDGDDon

publication of the judgment breach the GDPR? The AEPD held that the respondent’s actions violated the GDPR Article 5(1)(a) requirement that processing must

infringement of Article 31 GDPR in conjunction with Article 58(1)(e) GDPR. The AEPD, therefore, agreed to impose a penalty of € 20000 under Article 83(5)(e) GDPR

"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller

given the almost total identity between its article 7.f) and article 6.1.f) of the RGPD Article 7, letter f) of said Directive indicated: “Member States

to the storage of data; (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the right to withdraw consent at any time

under Article 58(2) GDPR and impose on the respondent the responsibility to restore the fulfilment of Article 5(1)(a) GDPR and of Article 5(1)(b-f) GDPR

violation of article 13 of Regulation (EU) 2016/679, in accordance with article 58 par. 2 i' of the GDPR in combination with article 83 par. 5 of the GDPR. The

messages. Is this a violation of Article 6(1)(a) GDPR? The AEPD held that this behaviour was a violation of Article 6(1)(a) GDPR and fined Vodafone €100,000

is maintained under Article 6.1 b) to f) of the GDPR and therefore in Article 6.1.c) invoked in the species. Article 6.1 of the GDPR in fact reproduces

Law", which is a requirement of Article 9(2)(j) GDPR. Therefore, the controller could not rely on Article 9(2)(j) GDPR for its processing. Third, the DPA

PCR (SARS_CoV-2) test is to be qualified as a health data pursuant to Article(4)(15) GDPR and that the scope of protection of Article 9(2) must be taken

law--> |GDPR_Article_1=Article 12(5) GDPR |GDPR_Article_Link_1=Article 12 GDPR#5 |GDPR_Article_2=Article 15 GDPR |GDPR_Article_Link_2=Article 15 GDPR |GDPR_Article_3=Article

law--> |GDPR_Article_1=Article 12(5) GDPR |GDPR_Article_Link_1=Article 12 GDPR#5 |GDPR_Article_2=Article 15 GDPR |GDPR_Article_Link_2=Article 15 GDPR |GDPR_Article_3=Article

infringements of Article 5(1)(f), Article 24, and Article 32 GDPR, and to the objection of the IT SA on the possible infringement of Article 5(2) GDPR, the EDPB

that a valid legal basis would be either Article 6(1)(c) GDPR, or Article 6(1)(d) GDPR or Article 9(2)(b) GDPR. The Data protection authority (the UOOU)

business is trading data.   2) Lack of valid consent to process the data Article 6 GDPR, in particular Article 6(1)(a) and (f) GDPR (Free consent) was also

for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned

Madridsedeagpd.gob.es Page 2 2/10infringement of article 13 of the RGPD, typified in accordance with the provisions of article83.5.b) of the RGPD and b)

1 (c) of the AVG and not by Article 6, clause 6 (f) of the AVG. The BKR itself refers to Article 6, clause 1 (f) of the GCG. In addition, although Section

infringement of Article 5.1.f) of the RGPD, Article 33 of the RGPD, Article 25 of the RGPD and Article 32 of the RGPD, typified in Article 83.5 of the RGPD

did not follow the security principles as per Article 5(1)(f) GDPR (ed.: the decision actually reads 5(2)(f)), highlighting ‘the absence of an assessment

consequent infringement of the confidentiality principle, as per Article 5(1)(f) GDPR. The decision is the consequence of a complaint submitted by a Spanish

this passage refers to Article 5(2)). The Spanish DPA therefore proposed a fine of €60000 on Vodafone for infringing Article 6(1) GDPR. This was then reduced

the lack of a privacy and cookie policy on a website infringe Article 13 GDPR and Article 22(2) LSSI? The AEPD decided to impose a fine to the clinic: € 2000

the data could be processed under the legitimate interest basis (ARTICLE 6(1)(f) GDPR). The tribunal weighted the different interests at stake and decided

minimal data processing (Article 5.1(c) of the AVG), integrity and confidentiality (Article 5.1(f) of the AVG), accountability (Article 5.2 of the AVG), the responsibility

company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose

according to article 5 par. 1 a) and f) GDPR. B. It imposes, on ALFA BANK S.A., as controller, based on article 58 par. 2 sec. i) of the GDPR, an administrative

sedeagpd.gob.es Page 9 9/14 or indirectly, through the infraction. ” Regarding section k) of article 83.2 of the RGPD, the LOPDGDD, article 76, " Sanctions

regulated in article 32 of the GDPR, which regulates the security of the treatment. IV. Article 5.1.f) of the GDPR Article 5.1.f) of the GDPR establishes

serious negligent action (article 83.2 b). Basic personal identifiers are affected (name, surname, mobile phone number) (article 83.2 g). The evident link between

thedata; c) when the treatment is based on article 6, paragraph 1, letter a), or theArticle 9, paragraph 2, letter a), the existence of the right to withdraw

is based on Article 6(1)(a) or Article 9(2)(a) or Article 9(2)(b); or (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence

highly sensitive personal data exposed, thus breaching Article 32(1)(b) GDPR and Article 32(2), cf. Article 24. An employee in a municipal health care center

the violation of article 6 of the RGPD typified in article 83.5.a). REQUIRE: A D.D.D., in accordance with the provisions of article 58.2 d) of the RGPD that

elements provided for in Article 83.2 of the GDPR: - As to the nature and seriousness of the violation (Article 83.2.a) of the GDPR), it is that with respect

Articles 6 and 13 GDPR? The AEPD decided to impose, for infringement of Article 6 GDPR, a fine of € 10000 and, for infringement of Article 13 GDPR, a fine of

information duty included in Article 13 GDPR. Is this a violation of Article 13 GDPR? The AEPD held that there had been a violation of Article 13. According to the

constitute data processing within the meaning of Page 9 Decision 55/2021 - 9/34Article 4.2 of the GDPR 5 . Any transmission of information by this channel

content: [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted]

significant (Article 83(2)(b) GDPR). - basic personal identifiers were affected (name, identification number, the line identifier) (Article 83(2)(g) GDPR). The

time tracking system, due to a lack of compatibility with Article 7(4) and Article 35(9) of GDPR. KEO PLC decided to upgrade its ERP system, whose upgrade

processing of personal data of clients or third parties (article 83.2.k, of the RGPD in relation to article 76.2.b, of the LOPDGDD) It is appropriate to graduate

to whom the personal data was disclosed pursuant to article 17 paragraph 2 and article 19, [...]". 2.2 According to the Guidelines 5/2020 of the ESPD regarding

2 of the GDPR, and with the provisions of article 76 of the LOPDGDD, with respect to section k) of the aforementioned article 83.2 GDPR. Article 83.2 of

data subject (Article 26 GDPR). The processing by the processor must, in accordance with the provisions of article 28 paragraph 3 of the GDPR, be governed

control authority, are established in article 58.2 of the RGPD. Between they have the power to direct a warning -article 58.2 b) -, the Power to impose an administrative

violation of the article6.1. of the RGPD, in relation to article 20 e) of the LOPDGDD, typifiedin article 83.5.a) of the aforementioned GDPR.2. TO appoint D

violated Article 12 GDPR, as it did not facilitate the data subject´s exercise of their rights, especially the right to erasure under Article 17 GDPR. In view

follows: Article 5(1)(c) , Article 5(1)(e) and Article 6(1)(f) of the GDPR The DPC found that Airbnb did not validly rely on Article 6(1)(f) of the GDPR as the

for the violation of Article 6 GDPR and € 4 000 for the violation of article 13, under the power conferred by Article 83(5) GDPR. Share your comments here

information”, article 83.2 f) of the GDPR. (IV) "The non-existence of benefits obtained through the infringement", article 83.2 k) of the GDPR and 76.2 c) of the

hereinafter, LPACAP), for the alleged violation of article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid

obligation for the DPA to process the case pursuant to Article 77. It follows from Article 57(1)(a) GDPR that the Data Protection Authority shall, "supervise

AEPD concluded that the defendant could have breached Article 13 GDPR, Article 7 GDPR and Article 22(2) LSSI: there was no identification of the data controller

e) and f) of the GDPR which links with article 69 of Law 7/1985 of 2/04 of the rules of the local regime, also referring to the law 19/2013 of 9/12, of

” Regarding section k) of article 83.2 of the GDPR, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions

personal data 9 2.1.1 Factual findings 9 2.1.2Legal assessment 9 2.2 Controller and processor(s) 10 2.2.1 Factual findings 10 2.2.2Legal assessment 12 2.3Security

controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result, the DPA issued

for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned

GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page

address from my list of recipients, in accordance with the provisions of Article 18 GDPR. 4) He proceeded to remove the recipient’s e-mail address from the list

on the GEOPORTAL2 was not in line with the principle of lawfulness in Article 5(1)(a) GDPR, as none of the conditions of Article 6 GDPR were satisfied.

Spanish Agency of Data Protection, as laid down in Article 56(2) in in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of European Parliament

receive information on the outcome of the complaint under Article 77(2) GDPR and Article 57(1)(f) GDPR. The case was therefore returned to the DPA for an assessment

” Regarding section k) of article 83.2 of the GDPR, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions

That Krifa - in accordance with Article 5 (1) of the Data Protection Regulation. 2, cf. Article 32 (1) (f), cf. 1 and 2 - has demonstrated that a risk assessment

contemplated in article 83.2 of the GDPR and the Article 76.2 of the LOPDGDD, with respect to the offense committed by violating the established in article 6.1 of

of personal data mentioned in Article 2 (2) GDPR are not relevant. Contrary to the plaintiff's view, Article 2(2)(d) GDPR does not apply in the present

information”, article 83.2 f) of the GDPR. (IV) "The non-existence of benefits obtained through the infringement", article 83.2 k) of the GDPR and 76.2 c) of the

right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that

for the alleged violation of Article 5.1.f) of the RGPD, in relation to article 5 of the LOPDGDD, as indicated in article 83.5 a) of the RGPD. The telematic

" Regarding section k) of article 83.2 of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions

consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results

(c) where the processing is based on Article 6(1)(a) or Article 6(1)(b) or Article 6(1)(c) of the GDPR Article 9(2)(a), the existence of the right to withdraw

private and professional spheres, to be applicable (see Article 2 and Article 41, paragraph 2, Cost). Niemietz c. Allemagne, 16.12.1992 (Rec. no. 13710/88)

Articles 57(1) and 58(2) GDPR for the processing of personal data without the consent of the data subject, as foreseen in Article 6 GDPR. Firstly, the DPA

(Art. 6 Para. 1 lit. f GDPR). In this context, Art. 6 Para. 1 lit. c GDPR in conjunction with the PMG and Art. 6 Para. 1 lit. f GDPR relevant: The Respondent

negligence of the infringement (83 (2) (b) GDPR) and the lack of cooperation with the Spanish Data Protection Agency (83 (2) (f) GDPR). Therefore, in view of the

specified period - article 58. 2 d) -. According to the provisions of article 83.2 of the RGPD, the measure provided for in article 58.2 d) of the aforementioned

alleged infringement of Article 5(1)(f) GDPR. Does the action of the defendant constitute a violation of Article 5(1)(f) GDPR? Considering the evidence

of the article 5.1.f) of the RGPD, infringement typified in its article 83.5.a) of the aforementioned regulation. IV. Article 83.5 a) of the GDPR, considers

applicant in the sense of the legal basis of Article 6 (1) (f) GDPR.47The applicant cannot refer to Article 13 (4) GDPR in this regard. According to this, it

legal basis for their processing in article 6(1)(f) GDPR. However, according to article 17(1)(c) and article 21(1) GDPR, upon receiving an erasure request

relation to Article 83.2(k) of the RGPD, the LOPDGDD, in its Article 76, "Sanctions and remedial measures", provides that "In accordance with Article 83(2)(k)

of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision on the

take a decision in accordance with the provisions of Article 56(2) in conjunction with Article 57(1)(f) both of Regulation (EU) 2016/679 of the European Parliament

of Article 5(1)(f) GDPR. Was the publication of the census copies a breach of the data integrity and confidentiality principle under Article 5(1)(f) GDPR

been taken up again at Article 5.1(b) of the GDPR under the Principles for the Processing of Personal Data (Chapter II). 16. Article 5.1(b) of the GDMP provides

in accordance with the provisions of section 2 of article 56 inin relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of theEuropean

" Regarding section k) of article 83.2 of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions

the infringement - Article 83(2)(b) - and the fact that the infringement involved the “basic identifiers” of the claimant - Article 83(2)(g) - to be aggravating

representation does not replace Article 9 (2) (a) and (c) consent of the data subject in accordance with Article 7. Article 7 (1) of the ECHR provides that

be erased and thus also violates Article 17.1(c) AVG. 3.2. With regard to the infringement of Article 6.1 and Article 21.4 of the AVG 29. In its statement

the GDPR. Would judge otherwiseindeed contradict :o the wording of Article L2.2 in conjunction with Article 2.f) of the ePrivacy Directive,o Article 8 of

of the data; d) when the treatment is based on article 6, paragraph 1, letter a), or article 9, section 2, letter a), the existence of the right to withdraw

information under Article 13 GDPR is illegal. Consequently, the APED decided to issue a fine of €1.500 for the violation of Article 13 GDPR. Share your comments

significant negligent action identified (Art. 83 (2) (b) GDPR). -basic personal affected (Art. 83 (2) (g) GDPR). -Actions previously committed, as this is not

complainant as per Article 17 GDPR, as well as his/her right as a consumer to refuse unsolicited commercial phone calls, as per Article 21 GDPR in connection

regulation as established in thearticle 2.2 of the RGPD and article 2.2.a) of the LOPDGDD. It says to article 2.2 of the RGPD:"2. This Regulation does not apply

The interpretation of article 13 of the Wbp is no different from that of article 32 of the GDPR, described in paragraphs 2.3.2 and 2.3.3. Also in the period

municipality €409,768 (NOK 4,000,000) for breaches of Article 5(1)(f) GDPR, Article 24 GDPR and Article 32 GDPR after a serious ransomware attack led to highly

reasoned in accordance with Article 4(24) GDPR and, after conducting its own assessment of the factors under Article 83(2) GDPR, found that the proposed fine

portability concerned the right to (c) information based on Article 6 (1) (a) or Article 9 (2) (a); in the case of data processing, the right to withdraw

graduation criteria established in section 2 of said article. 2. In accordance with the provisions of article 83.2.k) of Regulation (EU) 2016/679 may also

category of personal data prohibited from processing in accordance with article 9 GDPR, thus causing non-material damage to them. Therefore, the plaintiff

her on the basis of Article 6(1)(e) or (f), including of profiling based on those provisions. Article 6(1)(e) and (f) of the GDPR reads as follows: The

meaning of Article 22 (1) of the GDPR with regard to [Applicants]. Since Article 13, paragraph 2, heading and under f, Article 14, paragraph 2, heading and

of data; (d) where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), that the data subject shall have the right to withdraw

the defendant for an infringement of Article 5(1)(a) GDPR a warning penalty in accordance with Article 58(2)(b) GDPR. Share your comments here! Share blogs

in paragraph 22, based on article 58 par 2 f of GDPR. 31. For the measurement of the fines, based on article 83 of the GDPR, the Authority takes into account

comply with GDPR Article 12 (1) and GDPR Article 5 (2) of the provisions of paragraph 2, and he did not even mention the Data Subject 2. Based on GDPR Article

of a person (article 83.2 b).-Basic personal identifiers are affected (name, a number ofidentification, the line identifier) ​​(article 83.2 g).- Section

August 2, 2017 is attached (THE CLIENT) and JOKER PREMIUM INVEX, S.L. (THE SUPPLIER). Sections 1.1 and 1.2 of the first stipulation and section 2.2 of the

the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG

under Article 15 GDPR to the defendant and requested i.a. information on concrete recipients of their personal data under Article 15(1)(c) GDPR. The defendant

his/her consent. The DPA first outlined Article 6(1)(a) and (b) GDPR, Articles 4(11) GDPR on consent, as well as Article 6 of the Spanish Data Protection Law

right of access under Article 15 of the GDPR and the right to erasure (‘forgotten’) under Article 17 of the GDPR, Article 12 of the GDPR on measures to exercise

" Regarding section k) of article 83.2 of the RGPD, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions

violation of Article 6(1) GDPR? AEPD considered that the documentation provided offers evidence that Vodafone violated Article 6(1) of the GDPR, by processing

infringements of Article 48 of Law 9/2014 of 9 May, General of Telecommunications (hereinafter referred to as LGT), in accordance with the Article 84.3 of the

Opinion of OE article 29, 2/2017, p. 18. 13See. Opinion of OE article 29, 2/2017, p. 28. 14 See. Opinion of OE article 29, 2/2017, pp. 28-29. 12.9. In the context

breaching Article 12(3) GDPR, since it failed to notify the data subject that her erasure request was satisfied, as well as Article 24(1) GDPR, given that

emphasised: None of the personal data concerned information covered by Article 9 or 10 GDPR. The data subject was interviewed as part of his role in the business

conjunction with Section 99(2) of the AVG, the Wbp was repealed on 25 May and the AVG entered into force on that date. 2.2 Section 48, tenth paragraph

negligent action (Article 83(2)(b) GDPR), and for being data known as basic personal identifiers such as name and address (Article 83(2)(g) GDPR). The AEPD set

Company itself, pursuant to Article 58, paragraph 2, letter i), of the Regulation, Article 166, paragraph 7, of the Code and Article 18 of Law no. 689/1981

specified period (art. 58.2 d)). According to the provisions of article 83.2 of the RGPD, the measure provided for in article 58.2 d) of the aforementioned

referred to in section 2 shall not be based on the categories personal data referred to in article 9, paragraph 1, unless Article 9(2)(a) or (g) applies and

or negligence in the infringement (article 83.2 b).Basic personal identifiers (name, surname,address) (article 83.2 g).C / Jorge Juan, 6www.aepd.es28001

for processing personal data without a legal ground as required by Article 6(1) GDPR, after hiring a handwriting expert to determine that an alleged signature

under this Article. Article 11 (2) In the cases referred to in paragraphs 15 to 22, the controller shall exercise their rights under Article may not refuse

under this Article. Article 11 (2) In the cases referred to in paragraphs 15 to 22, the controller shall exercise their rights under Article may not refuse

infringement of article 5.1.f), in relation to article 6.1, of the RGPD. The infringement of article 5.1.f) of the RGPD is typified in article 83.5.a) of the

Protection Regulation (Article 83 (2) (e) of the General Data Protection Regulation). circumstances within the meaning of Article 2 (2) (b), (f), (g), (h), (i)

5.1.a, 5.1.b, 6.1.c), 6.3, 9.2.i), 12.1, 13.1.c), 13.2.a), 13.2.d), 13.2.e), 30.1.a) and 30.1.d), 35.1 and 35.7 of the GDPR 9. The applicant further alleges

principles of article 5 par. 1 GDPR. It's not a coincidence that the GDPR includes accountability (already mentioned above article 5 par. 2 GDPR) in the regulation

paragraph k) of Article 83.2 of the RGPD, the LOPDGDD, Article 76, "Sanctions and corrective measures", it provides: "In accordance with Article 83(2)(k) of Regulation

according to Article 6 (1) point f) of the GDPR. (99) In the case of data management based on point f) of Article 6, paragraph (1) of the GDPR, the data controller

portability of the data; (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a) the existence of the right to withdraw consent in at any

ofcontroller (article 4.7 of the GDPR), the scope of the GDPR (article3.1 of the GDPR), the right to erasure (article 17 of the GDPR) and its powers (article 58.2of

to Article 83(2)(k) of the RGPD, the LOPDGDD, in its Article 76, "Penalties and corrective measures", states that: "In accordance with Article 83(2)(k)

establishes article 83.2 of the RGPD, and with the provisions of article 76 of the LOPDGDD, regarding section k) of the aforementioned article 83.2 RGPD. In

event of a violation of the precepts of the RGPD. Article 58.2 of the GDPR provides the following: “2 Each supervisory authority will have all of the following

infractions of article 48 of Law 9/2014, of May 9, General Telecommunications (hereinafter LGT), in accordance with the provisions of the article 84.3 of the

Ordinance Article 6 No. 1 letter f for this processing. Our legal basis for decisions on reprimands is the Privacy Ordinance, Article 58, No. 2, letter b

have entered into a breacha / 'article 14.1-2 combined' article 12.3, article 6, article 5.1, c) and articles 5.2 and 24.1-2 of the RGPO. It is therefore

process for user registrations, the respondent violated Article 5 GDPR, Article 6 GDPR, and Article 32 GDPR, and § 1 para 1 DSG (the Austrian Data Protection

and the lack of control by Vodafone on that; - A € 2 000 000 fine for the infringement of Article 44 GDPR: due to the carrying out of international transfers

requirements of Article 9 GDPR. In the DSB held that the processing violated Articles 5, 6 and 9 GDPR: Consent under Articles 6(1)(a), 7 and 9(2)(a) GDPR cannot

accordance with article 15 AVG (section 2.1) - data processing officer (section 2.2) - cookie policy (section 2.3) - health data processing (section 2.4) - camera

invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium

third parties (article 83.2.k, of the RGPD in relationwith article 76.2.b, of the LOPDGDD)SAWIn accordance with articles 58.2 and 83.2 of the RGPD, previously

have the data processed; (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the right to withdraw consent at any time

regard to Article 83.2 (k) of the RGPD, the LOPDGDD, Article 76, "Sanctions and corrective measures", provides: "2. In accordance with Article 83(2)(k) of

graduation established in section 2 of the aforementioned article. 2. In accordance with the provisions of article 83.2.k) of the Regulation (EU) 2016/679

Art. 58 sec. 2 lit. b) and e), in connection with Art. 5 sec. 1 lit. f, art. 24 sec. 1, art. 25 sec. 1, art. 32 sec. 1 lit. d, art. 32 sec. 2, art. 33 paragraph

ECLI:NL:HR:2019:376, paragraph 4.2.2, of 28 May 2019, ECLI:NL:HR:2019:793, paragraph 2.4.5, and of 19 July 2019, ECLI:NL:HR:2019:1278, paragraph 2.13.2). 33. The Section

protected (Article 32, Article 24 (1) and (2) of Regulation 2016/679). Has the Chief Surveyor of the country appointed a data protection officer (Article 37 of

paragraph k) of Article 83.2 of the RGPD, the LOPDGDD, Article 76, "Sanctions and corrective measures", it provides: "In accordance with Article 83(2)(k) of Regulation

competent to decide, in accordance with the provisions of Article 56(2) in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of the European Parliament

in accordance with the provisions of section 2 of article 56 in in relation to paragraph 1 f) of article 57, both of Regulation (EU) 2016/679 of the European

of the data; c) when the treatment is based on article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), the existence of the right to withdraw

1 f) GDPR) (and the obligations arising from it – Article 32 GDPR) and the principle of purpose (Article 5 § 1 b) GDPR) which the principle of security

the conduct object of this claim is undeniable (article 76.2.b) of the LOPDGDD in relation to article 83.2.k). - Although it cannot be argued that the defendant

competent to decide, in accordance with the provisions of Article 56(2) in relation to Article 57(1)(f), both of Regulation (EU) 2016/679 of the European Parliament

required by Article 12 GDPR. The DPA clarified that the right of information and the right of access are distinct. An access request under Article 15 GDPR is not

established in article 58.2 of the GDPR. Between They have the power to impose an administrative fine in accordance with the article 83 of the RGPD -article 58.2

rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 18

the DPA held that the controller had violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 6 GDPR and Section 3 of the Finnish Act on the Protection

restrictions of this right arise from Para. 2 leg. cit., but not from Art. 6 Para. 1 or 9 (2) GDPR. However, the GDPR and in particular the principles enshrined

in accordance with the provisions of Article 6.1 letter f) and recital 47 of the Regulation" (note cit., p. 3). 2-undecies, letter e) of the Code; in fact

accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently

fact that the processing of the controller relied on Article (6)(1)(b) GDPR and Article 6(1)(c) GDPR as legal basis affects the holding of the DPA since

expression was regulated in Article 9, and this provision essentially coincides with Article 85 of the Privacy Regulation. Article 9 of the Directive (sections

in accordance with the provisions of section 2 of article 56 in in relation to section 1 f) of article 57, both of Regulation (EU) 2016/679 of the European

Liability Law, 9 Article 156, the second and third paragraphs of Article 157, the first paragraph of Article 166, Article 168, Article 262, Article 269, 1. to

to the complaint (Article 83 (2) (f) GDPR), not linking the activity of the offender to the processing of personal data (Article 76 (2) (b) LOPDGD), the

address/duplicate address.' 2.9 ABN AMRO rejected this request by letter dated 6 June 2018. 2.10 By letter dated 15 May 2018 [appellant sub 2], ABN AMRO requested

under Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting

6(1)(e) GDPR (public interest) or Article 6(1)(f) GDPR (legitimate interest). Moreover, Article 21(2) GDPR specifically grants data subjects the right to

lawfulness under Article 6(1)(f) GDPR ("does the employer have legitimate interests in monitoring quarantine compliance?") or Article 9(2) GDPR ("quarantine

the basis of article 6.1 e) GDPR read together with articles 5.2 GDPR and 24.1 GDPR. 3) Violation of Articles 12.1, 12.6, 13.1 and 13.2 GDPR: the Inspection

as Article 57 (1) (a), Article 58 (2) (e) and (i), Article 83 (1) - (3) and Article 83 (4) (a) in connection with Article 33 (1) and Article 34 (1), (2)

Pursuant to Article 21(1) of the GDPR, persons such as [the claimant] can object to the processing of their personal data on the basis of Article 6(1)(e) or

analyzes the criteria set by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches

be annexed to the minutes of the hearing. 2. Legal basis Article 5.1 f) AVG 1. Personal data must be: (…) (f) processed by the application of appropriate

the criteria in Article 83 (2) sentence 2 GDPR. In this case, the fact-based assessment criteria in Article 83 (2) sentence 2 of the GDPR take precedence

portability; c) when the treatment is based on article 6, paragraph 1, letter a), or the Article 9, paragraph 2, letter a), the existence of the right to withdraw

analyse the criteria set out in Article 83.2 of the GDPR. 61. As regards the nature and seriousness of the breach (Article 83(2)(a) of the RGPD), it points

The Spanish DPA (AEPD) fined Borjamotor, S.A. for infringing Article 7 GDPR and Article Article 21(1) of the Spanish Law on Information Society Services (LSSI)

their privacy policy in line with Article 6(1)(a) GDPR within a month. The AEPD also held that URLs 1-4 breached Article 22(2) of the Law 34/2002 (LSSI), the

infringements of Article 48 of Law 9/2014 of 9 May, General of Telecommunications (hereinafter referred to as LGT), in accordance with the Article 84.3 of the

according to article 4.1 of the GDPR, are a Personal data and its protection, therefore, is the subject of said Regulation. In the article 4.2 of the GDPR defines

without legal action basis, cf. the Privacy Ordinance Article 6 No. 1 letter f. 2. Pursuant to Article 58 (2) (d) of the Privacy Regulation, the EAS / Elektro