Search results
From GDPRhub
- Article 94 GDPR (category Article 94 GDPR)date of effect under Article 94 GDPR. In order to ensure a sense of continuity within the regulatory framework, Article 94(2) GDPR provides that any reference13 KB (530 words) - 09:40, 3 October 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 94(2) GDPR)the GDPR. Would judge otherwiseindeed contradict :o the wording of Article L2.2 in conjunction with Article 2.f) of the ePrivacy Directive,o Article 8 of67 KB (10,544 words) - 09:24, 10 September 2021
- processing (Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e)31 KB (3,646 words) - 08:51, 21 July 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- consent under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details51 KB (6,355 words) - 08:25, 18 April 2024
- Article 99 GDPR (category Article 99 GDPR)Journal of the European Union. 2. It shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the12 KB (295 words) - 08:25, 19 October 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- of the use of GDPR and other aspects which the GDPR leaves for definition to the member states (for ex. Art. 6(3), some aspects of Art. 9(2), Art. 10, Art10 KB (1,242 words) - 10:51, 6 February 2024
- Article 96 GDPR (category Article 96 GDPR)protected by Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 97 GDPR (category Article 97 GDPR)years as per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the16 KB (778 words) - 08:24, 19 October 2023
- Article 87 GDPR (category Article 87 GDPR)process them. This was already the case under Article 8(7) of the DPD, the precursor of Article 87 GDPR. In many Member States, the processing of NIN and15 KB (660 words) - 09:37, 1 December 2023
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)possible "legitimate interest" under Article 6(1)(f) GDPR. Equally to Article 6(1)(c) GDPR, Article 6(2) and (3) GDPR require that Union or Member State108 KB (17,005 words) - 15:39, 18 March 2024
- Chair represents the Board (Article 68(2) GDPR) and is responsible for directing the work of the secretariat (Article 75(2) GDPR). Other specific responsibilities15 KB (808 words) - 09:44, 17 October 2023
- Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p.15 KB (787 words) - 08:17, 19 October 2023
- Article 59 GDPR (category GDPR Articles)accordance with Article 58(2) [GDPR]”. These is a reference to the information that SAs must keep in internal records according to Article 57(1)(u) GDPR. The report15 KB (718 words) - 15:31, 19 October 2023
- in Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- Article 67 GDPR (category Article 67 GDPR)referred to in Article 64. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2). Recital 167:15 KB (810 words) - 16:13, 2 November 2023
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 10 GDPR (category GDPR Articles)from Article 6(1) GDPR and comply with the principles enshrined in Article 5 GDPR. Additionally, the processing will still be subject to other GDPR provisions17 KB (1,768 words) - 15:41, 18 March 2024
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)(e.g. Article 25 (1) and (2), Article 28(1), Article 32(1) GDPR, Article 89(1) GDPR). These measures can also be regarded as measures under Article 24(1)30 KB (3,458 words) - 10:31, 25 April 2024
- Article 63 GDPR (category Article 63 GDPR)to in Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR15 KB (851 words) - 06:55, 29 April 2022
- Article 8 GDPR (category GDPR Articles) (section (2) Verification of parental consent by the controller)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing19 KB (1,335 words) - 13:56, 24 October 2023
- Article 98 GDPR (category Article 98 GDPR)Regulation. Noting that a broader reading of Article 98 GDPR is supported by the wording of Article 2(3) GDPR, which provides that: 'For the processing of15 KB (943 words) - 09:58, 8 November 2023
- Article 32 GDPR (category GDPR Articles) (section (2) Certain risks must always be taken into account)Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- Article 93 GDPR (category Article 93 GDPR) (section (2) Examination procedure under Article 5 of Regulation (EU) No. 182/2011)unlike delegated acts made under Article 92 GDPR. Article 93(2) GDPR explicitly provides for the application of Article 5 of Regulation (EU) No 182/201117 KB (1,096 words) - 08:19, 19 October 2023
- Article 19 GDPR (category GDPR Articles)definition for "processing" in Article 4(2) GDPR). If data is been made public, the applicable provision is Article 17(2) GDPR, provided that all requirements19 KB (1,436 words) - 12:35, 12 May 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 69 GDPR (category Article 69 GDPR) (section (2) The Board shall neither seek nor take instructions from any body)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public15 KB (1,196 words) - 08:15, 19 October 2023
- Article 75 GDPR (category Article 75 GDPR) (section (2) Exclusive Performance of Tasks under the Instructions of the Chair)Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data46 KB (5,825 words) - 11:12, 7 November 2023
- Article 50 GDPR (category GDPR Articles)exchange of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs17 KB (1,142 words) - 15:41, 28 April 2022
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear19 KB (1,477 words) - 14:12, 7 November 2023
- Article 7 GDPR (category GDPR Articles) (section (2) Consent request in the context of a written declaration concerning other matters)accountability in Article 5(2) GDPR, paragraph (2) specifies further requirements in the general principle of transparency under Article 5(1)(a) GDPR, paragraph31 KB (3,489 words) - 16:00, 8 March 2024
- falls outside the scope of Article 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting22 KB (2,042 words) - 14:29, 20 November 2023
- Article 43 GDPR (category GDPR Articles)with the examination procedure referred to in Article 93(2). You can help us fill this section! Article 43 GDPR explains the procedure involved in establishing22 KB (1,634 words) - 14:40, 28 July 2023
- Article 66 GDPR (category Article 66 GDPR) (section (2) Adoption of a final decision after provisional measures)derogation from Article 64(3) and Article 65(2), an urgent opinion or an urgent binding decision referred to in paragraphs 2 and 3 of this Article shall be adopted20 KB (1,590 words) - 16:11, 2 November 2023
- Datenschutzrecht, Article 73 GDPR, margin number 3 (C.H. Beck 2019, 1st edition). Nguyen, in Gola, DS-GVO, Article 73 GDPR, margin number 2 (C.H. Beck 2018, 2nd edition);19 KB (1,530 words) - 14:23, 12 October 2023
- Article 16 GDPR (category GDPR Articles)related decisions in Category:Article 16 GDPR Meents, Hinzpeter in Taeger, Gabel, DSGVO – BDSG, Article 16 GDPR, margin number 2 (Deutscher Fachverlag, 4th23 KB (2,489 words) - 23:24, 6 March 2024
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set20 KB (1,632 words) - 10:01, 11 October 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)objections pursuant to Article 92(5) GDPR. Article 92(5) GDPR imposes a further condition for the delegation of power, in line with Article 290(2)(b) TFEU. A delegated19 KB (1,525 words) - 08:18, 19 October 2023
- Article 90 GDPR (category Article 90 GDPR) (section (2) Notification of national implementation to the Commission)accordance with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand18 KB (1,599 words) - 12:26, 29 April 2022
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)processing (Article 32(1) GDPR) and the general principles of processing set out in Article 5 GDPR. In confirming the above interpretation, Paragraph 2 sets out20 KB (1,854 words) - 16:32, 8 March 2024
- affected since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- a binding dispute resolution procedure in accordance with Article 65 GDPR. Article 64(2) GDPR allows any SA, the EDPB Chair or the Commission to request23 KB (2,079 words) - 16:07, 2 November 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- (see Article 52 GDPR) and shall be provided with various competencies (Articles 55, 56 GDPR), tasks (Article 57 GDPR) and powers (Article 58 GDPR). For125 KB (16,328 words) - 16:01, 8 March 2024
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- accountability obligation enshrined in Article 5(2) GDPR. This theory is not totally convincing. In light of Article 5(2) GDPR, a reversal of burden of proof for33 KB (4,215 words) - 09:57, 19 March 2024
- Article 62 GDPR (category Article 62 GDPR) (section (2) Right to participate in joint operations and the obligation to invite other supervisory authorities)ng, Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters22 KB (1,915 words) - 13:46, 15 January 2024
- compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- to in Article 61(6) GDPR. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2) GDPR. → You24 KB (2,181 words) - 11:46, 15 January 2024
- controller is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also27 KB (2,604 words) - 14:24, 16 January 2024
- consistency mechanism under Article 65(2)(1) GDPR and the adoption of the EDPS’s rules of procedure under Article 72(2) GDPR. Notably, each EDPB member22 KB (2,266 words) - 08:26, 17 October 2023
- Press 2020). Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. Spiecker et al., GDPR Article-by-Article Commentary (2023), p 1090. CJEU22 KB (2,177 words) - 10:01, 19 March 2024
- leeway exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward27 KB (3,038 words) - 12:19, 11 October 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in35 KB (4,017 words) - 16:04, 18 March 2024
- Article 30 GDPR (category GDPR Articles) (section (2) Record of processing activities by the processor)applicability of Article 49(1) GDPR, the documentation of suitable safeguards (Article 30(2)(c) GDPR). See commentary under Article 30(1)(e) GDPR. The processor's31 KB (3,327 words) - 15:31, 5 June 2023
- Article 46 GDPR (category GDPR Articles) (section (c) Standard data protection clauses adopted by the Commission under Article 93(2))access (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR)34 KB (3,646 words) - 08:53, 27 March 2023
- and jurisdiction provisions (Articles 47(1)(b), 47(2)(d), 47(2)(e), 47(2)(g), 47(2)(i), 47(2)(l) GDPR); a duty for the EU BCR member to accept responsibility29 KB (2,823 words) - 15:15, 28 April 2022
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University Press 2020). Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article25 KB (2,482 words) - 10:04, 19 March 2024
- Article 42 GDPR (category GDPR Articles) (section (2) Demonstrating safeguards through data protection certification mechanisms, seals or marks)difference between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter27 KB (2,452 words) - 14:26, 28 July 2023
- According to Article 80(2) GDPR, where legislated for by Member States, this right extends to Articles 77, 78 and 79 GDPR, but not Article 82 GDPR. This exclusion26 KB (2,575 words) - 15:50, 9 November 2023
- Article 34 GDPR (category GDPR Articles) (section (2) Minimal requirements of the controller's communication to the data subject)meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Article 41 GDPR (category GDPR Articles) (section (2) Criteria for accreditation from the competent supervisory authority)clear from the wording of Article 41(1) GDPR. Article 41(1) GDPR does not define accreditation. Nonetheless, Article 41(2) GDPR provides a criterion against30 KB (2,720 words) - 14:02, 28 July 2023
- explicit wording of Article 81 GDPR does not limit its application to proceedings instigated either under Article 78 GDPR or Article 79 GDPR. Secondly, the27 KB (2,619 words) - 14:52, 16 November 2023
- elements in Article 2(1) are fulfilled, the GDPR applies unless the processing falls under one of the exemptions named in Article 2(2)(a) to (d) GDPR. The first34 KB (4,652 words) - 12:07, 12 November 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)under Article 79 GDPR – or both. This flexibility allows for parallel proceedings under both Article 77 GDPR and under Article 79 GDPR. As the GDPR foresees31 KB (3,550 words) - 11:11, 29 November 2023
- Beck, 2018, 2nd edition). We refer, in that respect, to the Commentary on Article 2(2)(c) GDPR. Spiecker et al., GDPR Article-by-Article Commentary (2023)33 KB (3,748 words) - 14:25, 7 November 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)contrast to Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not32 KB (3,730 words) - 08:43, 7 March 2024
- functions, a permissive function (Article 88(1) GDPR) and a conditional function (Article 88(2) GDPR). While Article 88(2) GDPR determines the scope of the opening32 KB (3,228 words) - 13:32, 30 November 2023
- Article 53 GDPR (category GDPR Articles) (section (2) Qualification, experience and skills of the member(s))occupation. For example, Article 52(2) GDPR requires SA members to remain free from external influence and Article 52(3) GDPR entails a prohibition of29 KB (2,894 words) - 23:06, 1 April 2024
- from Articles 13(2)(b) and 14(2)(c) GDPR. However, Article 21(4) GDPR specifies that the right to object under Article 21(1) and 21(2) GDPR (i.e. the right49 KB (5,993 words) - 06:22, 16 June 2023
- information as outlined in Articles 13 and 14 of the GDPR (see above). Article 26(2) of the GDPR emphasizes the significance of these specific obligations37 KB (3,915 words) - 12:49, 24 May 2023
- Article 49 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 49 GDPR, p. 846 (Oxford University Press 2020). EDPB, ‘Guidelines 2/2018 on derogations of Article 49 under Regulation29 KB (3,500 words) - 08:54, 27 March 2023
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)flows by the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision55 KB (7,622 words) - 14:04, 7 November 2023
- Article 55 GDPR (category GDPR Articles) (section (2) Exclusive competence regarding processing for compliance with a legal obligation or in the public interest)which would be competent under Article 55(1) GDPR, as provided in Article 56 GDPR in connection with Article 60 GDPR. For more information see commentary35 KB (3,971 words) - 21:34, 1 April 2024
- Article 17 GDPR (category GDPR Articles) (section (ii) Erasure following objection under Article 21(2))provided for in Article 6(1)(a) GDPR or, as the case may be, Article 9(2)(a) GDPR, and consent is withdrawn according to Article 7(3) GDPR, data must be61 KB (8,488 words) - 15:47, 18 March 2024
- entering the contract, Article 22(2)(a) GDPR does not mention this additional aspect. In any case, the application of Article 22(2)(a) GDPR is always subjected31 KB (4,768 words) - 06:24, 16 June 2023
- Article 89 GDPR (category Article 89 GDPR) (section (2) Derogations Possible for Scientific or Historical Research Purposes or Statistical Purposes)Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides29 KB (3,695 words) - 13:44, 21 March 2024
- with Article 13, Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR47 KB (5,644 words) - 17:49, 5 March 2024
- the application of the GDPR. You can find further details about the territorial scope in Article 3 GDPR. According to Article 1(2), the Regulation generally28 KB (3,831 words) - 16:21, 14 March 2024
- Article 78 GDPR (category GDPR Articles) (section (2) Right to judicial remedy against DPA inactivity)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- reliance on Article 6(1)(f) GDPR or at least exercise the right to object under Article 21 GDPR. If the legal basis is Article 6(1)(f) GDPR (i.e. 'legitimate71 KB (9,532 words) - 13:30, 6 March 2024
- in principle (see hereunder Article 65(2) GDPR) to adopt a decision under Article 65 GDPR is reached, since Article 64 GDPR only requires a simple majority33 KB (4,185 words) - 16:09, 2 November 2023
- the GDPR (Article 3)’, 12 November 2019 (Version 2.1), p. 6 (available here). EDPB, ‘Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)’37 KB (4,635 words) - 13:29, 24 October 2023
- access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- Article 33 GDPR (category GDPR Articles) (section (2) Processor's notification in the event of a personal data breach)respect of Article 33. If a controller who is not established in the EU but falls under the scope of Article 3(2) or Article 3(3) of the GDPR experiences54 KB (6,536 words) - 08:22, 16 June 2023
- categories of data under Article 9 GDPR or data relating to criminal convictions and offences under Article 10 GDPR. Article 37(2) GDPR allows for the designation43 KB (4,904 words) - 12:59, 21 July 2023
- Article 15 GDPR (category GDPR Articles) (section Additional information under Article 15(1)(a) to (h))decision". Similar to the ex-ante information in Article 13(2)(f) and 14(2)(f) GDPR, Article 15(2) GDPR requires that in case the controller transfers data73 KB (9,896 words) - 15:46, 18 March 2024
- provided for in Article 52(3) GDPR and Articles 53(3) and 53(4) GDPR. For more information on SA members and staff, please refer to Article 52(2) GDPR (SA members)34 KB (3,649 words) - 13:19, 30 October 2023
- requirements. Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide44 KB (5,008 words) - 14:50, 28 July 2023
- Article 12 GDPR (category GDPR Articles) (section (2) Facilitation of the exercise of rights and identification)are dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles76 KB (11,304 words) - 08:37, 4 March 2024
- must also be involved in the drafting of the DPIA under Article 35(2) GDPR and Article 39(1)(c) GDPR, and their advice should be recorded by the controller52 KB (7,297 words) - 08:05, 18 July 2023
- processing), Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Article 20 GDPR (category GDPR Articles) (section (2) Right to have personal data directly transmitted to another controller)consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)commentary to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA60 KB (7,796 words) - 20:12, 1 April 2024
- laid down in Article 57 GDPR. The powers of SAs are both investigative and corrective, which are set out in Article 58 GDPR. Article 52(2) GDPR requires two47 KB (5,594 words) - 22:45, 1 April 2024
- mechanism referred to in Article 63 GDPR (Article 28(8) GDPR). The Commission has made use of its power under Article 28(7) GDPR and published standard contractual72 KB (9,140 words) - 13:12, 2 June 2023
- of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- DSB (Austria) - 2021-0.119.956 (category Article 15(2) GDPR)Regarding points 1 and 2 a) Basic information about Article 15 GDPRa) Basic information about Article 15 GDPR Pursuant to Article 15 Para. 1 GDPR, the data subject50 KB (8,021 words) - 15:40, 18 January 2024
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)understood as made to the GDPR, in accordance with article 94 of the last. Likewise, it is apparent from recital 173 of the GDPR that this text explicitly93 KB (14,936 words) - 17:09, 6 December 2023
- CNIL (France) - SAN-2020-013 (category Article 94 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- Garante per la protezione dei dati personali (Italy) - 9860529 (category Article 9 GDPR)right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,354 words) - 15:45, 6 December 2023
- Recitals GDPR (section Recitals from the GDPR)data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the182 KB (24,065 words) - 13:40, 9 July 2021
- APD/GBA (Belgium) - 06/2019 (category Article 58(2)(i) GDPR)c), Article 6.1., Article 13.1. c), Article 13.1. c), Article 13.1. e) and Article 13.2. a) of the DGPS pursuant to Article 101 of the ICA, to impose20 KB (3,137 words) - 16:51, 12 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 5(2) GDPR)period allotted to it to do so (Article 15.1 combined with Article 12.3. of GDPR as well as Article 12.2. of the GDPR (obligation to facilitate the exercise127 KB (21,484 words) - 17:01, 12 December 2023
- OGH - 6 Ob 91/19d (category Article 77 GDPR)history of GDPR explicitly shows that GDPR does foresee parallel enforcement. No violation of Article 94(1) of the Austrian Constitution ("B-VG"). § 29(2) DSG5 KB (429 words) - 15:45, 10 March 2022
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)requirements of the GDPR; Because from Recital 171 Sentence 2 GDPR, from Art. 4 No. 2 GDPR and Art. 24 Para. 1, in particular Sentence 2 GDPR, the obligation130 KB (21,874 words) - 09:43, 15 February 2024
- APD/GBA (Belgium) - 71/2020 (category Article 4(1) GDPR)of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d) and Article 6.1. e) of the GDPR. Decision on the79 KB (12,260 words) - 17:00, 12 December 2023
- APD/GBA (Belgium) - 149/2023 (category Article 13(2) GDPR)of article 4.19 of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2. a)113 KB (17,325 words) - 08:50, 19 March 2024
- IP - 07121-1/2020/1159 (category Article 6 GDPR)lawfulness under Article 6(1)(f) GDPR ("does the employer have legitimate interests in monitoring quarantine compliance?") or Article 9(2) GDPR ("quarantine7 KB (1,028 words) - 11:05, 13 January 2021
- OLG Naumburg - 9 U 6/19 (category Article 9(2)(a) GDPR)there is no explicit consent by the customers as requested under Article 9(2)(a) GDPR and an implied consent cannot fulfill the provision’s requirement32 KB (5,236 words) - 16:00, 10 March 2022
- Norges Høyesterett - 2021-2403-A (category Article 9(2)(a) GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)According to Article 94 of the GDPR "references to the repealed directive must be understood as references to the [GDPR]". 84. Under Article 4, paragraph82 KB (13,428 words) - 17:02, 6 December 2023
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)processed on the basis of Article 6(1)(c) GDPR does not have the rights to erasure and objection contained in Article 17 and Article 21 GDPR respectively. This29 KB (4,605 words) - 17:00, 15 December 2021
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- IP - 7121-1/2020/369 (category Article 6 GDPR)the conditions laid down in Article 7 GDPR. Additionally, in this case, the IP also reiterated the provisions of Article 8 GDPR on conditions applicable to10 KB (1,406 words) - 15:25, 17 March 2022
- APD/GBA (Belgium) - 137/2022 (category Article 12(3) GDPR)Belgian DPA used Article 58(2)(c) GDPR to order a controller to comply with an erasure request of a data subject pursuant to Article 17 GDPR after it failed14 KB (1,946 words) - 08:50, 29 June 2023
- IP - 07121-1/2020/387 (category Article 9 GDPR)personal data under Article 9 GDPR. The processing of such data is prohibited unless one of the exceptions referred to in Article 9(2) GDPR applies. In the12 KB (1,812 words) - 15:11, 17 March 2022
- IP - 0712-1/2020/1408 (category Article 15 GDPR)person, using Article 15 as their basis. The Slovenian DPA (IP) was asked for an opinion concerning the scope of GDPR Article 15. Within the GDPR, an individual10 KB (1,575 words) - 13:37, 10 August 2021
- APD/GBA (Belgium) - XX/2021 (category Article 58(2)(c) GDPR)on the merits in accordance with Article 98 et seq. DPAA, to: - pursuant to Article 58.2(c) of the GDPR and Article 95(1)(5) of the DPAA , to order the17 KB (2,189 words) - 12:34, 3 August 2022
- AZOP (Croatia) - Decision 17-05-2022 (category Article 6 GDPR)consent, in line with Article 6(1)(a) GDPR. The Court recalled that Article 31 of the Croatian Law on the Implementation of the GDPR stipulates that the15 KB (2,261 words) - 15:55, 30 October 2023
- Datatilsynet (Norway) - 21/03530 (category Article 58(2)(f) GDPR)by the EDPB pursuant to Article 66(2) GDPR. Temporary ban on processing (order) Pursuant to Article 66(1) GDPR and 58(2)(f) GDPR the Norwegian DPA consequently99 KB (14,431 words) - 16:20, 6 December 2023
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)lawfulness, the Litigation Chamber concludes that Article 5.1.a. of the GDPR in conjunction with Article 6 of the GDPR have not been complied with with regard to37 KB (5,765 words) - 09:53, 14 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read131 KB (22,429 words) - 16:57, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9860461 (category Article 9 GDPR)privacy. Health data are special categories of data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,409 words) - 15:44, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9860487 (category Article 9 GDPR)right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,352 words) - 15:44, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9860513 (category Article 9 GDPR)right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data can16 KB (2,324 words) - 15:45, 6 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))pursuant to Article 17(2) DPA Act. 9. Moreover, as regards the one-stop-shop mechanism, Article 56 GDPR states: "Without prejudice to Article 55, the supervisory429 KB (58,279 words) - 09:12, 2 November 2022
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)§ 8 clause 2 of the GTC agreed between the parties (according to § 8 b paragraph 2 MB/KK). 52 § 8 b para. 2 MB/KK violates §203 sentence 2 VVG and is therefore40 KB (6,325 words) - 16:12, 18 May 2022
- APD/GBA (Belgium) - 157/2023 (category Article 21(2) GDPR)within the meaning of Article 100 of the WOG. The Disputes Chamber has thus decided, on the basis of Article 58.2.c) GDPR and Article 95, § 1, 5° of the WOG17 KB (2,723 words) - 16:34, 26 January 2024
- APD/GBA (Belgium) - 51/2023 (category Article 5(1)(b) GDPR)obligation under Article 37(7) GDPR. The DPA ordered the controller to comply with his obligations under Article 13(1)(b) GDPR and Article 37(7) GDPR and to publish18 KB (2,611 words) - 12:45, 16 June 2023
- LAG Baden-Württemberg - Sa 11/18 (category Article 15 GDPR)information pursuant to Article 15 (1) of the GDPR relates to "personal data relating to an individual" pursuant to Article 4 No. 1 of the GDPR. In addition, the18 KB (2,724 words) - 08:24, 14 March 2022
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)Compétence de la Chambre de Résolution des Litiges (Article 2 AVG ; Article 4 WOG) 55. Conformément à l'article 2, paragraphe 1, de l'AVG, le règlement s'applique96 KB (15,396 words) - 16:50, 12 December 2023
- GHAL - 200.254.914 (category Article 6(1)(f) GDPR)95/46/EC) on the same date (see Article 94 GDPR). That the initiating petition in this case dates from 22 May 2018 and that Article 48, paragraph 10 of the (Dutch)20 KB (2,722 words) - 10:04, 14 December 2023
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)listed in Article 2(3) of that directive and Article 2(2) of that regulation, apply. 62 In particular, it should be noted that Article 9 of the GDPR and Article110 KB (18,000 words) - 08:01, 5 June 2023
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)dossier werden toegevoegd. 2. Motivering 2.1. De bevoegdheid van de Inspectiedienst en de Geschillenkamer en de omvang van het dossier 2.1.1. Het verzoek van124 KB (18,772 words) - 17:01, 12 December 2023
- OLG Hamm - 8 U 94/22 (category Article 5(1)(a) GDPR)principle of Fairness (Article 5(1)(a) GDPR), purpose limitation (Article 5(1)(b) GDPR) and data minimisation (Article 5(1)(c) GDPR) would not prevent the56 KB (9,184 words) - 15:04, 18 July 2023
- APD/GBA (Belgium) - 63/2020 (category Article 12(4) GDPR)meldt de verweerder aan de Geschillenkamer een kopie van stuk 2 van het dossier (art. 95, §2, 3° WOG) te wensen ontvangen, hetwelk hem werd overgemaakt op20 KB (2,982 words) - 17:00, 12 December 2023
- APD/GBA (Belgium) - 136/2022 (category Article 4(1) GDPR)right of access (Article 12(4) GDPR). The DPA held that data concerning the vehicle of the complainant is personal data (Article 4(1) GDPR), since the data19 KB (2,700 words) - 08:49, 29 June 2023
- CE - 449212 (category Article 94 GDPR)supervisory authority. The court stated that Article 82 of the Law Informatique et Libertés was a transposition of article 5(3) of the Directive 2002/58/CE into20 KB (2,932 words) - 09:51, 10 September 2021
- APD/GBA (Belgium) - 154/2023 (category Article 5(1)(b) GDPR)complies with the provisions of the GDPR (Article 28.1 GDPR) and concludes an agreement with the processor (Article 28.3 GDPR). 5. To the extent that this decision21 KB (3,034 words) - 15:30, 26 January 2024
- DSB (Austria) - D122.844/0006-DSB/2018 (category Article 12(5) GDPR)under Article 15 GDPR and demanded free access to the historic bank transaction data. The bank argued that this would be a misuse of Article 15 GDPR and19 KB (2,936 words) - 13:55, 12 May 2023
- AEPD (Spain) - PS/00335/2019 (category Article 6(1)(a) GDPR)subjects infringes Article 6 (1) (a) GDPR. The AEPD fined the data processor in an amount of 4,000 Euro for the violation of Article 6 (1) (a) GDPR. Since the21 KB (3,281 words) - 14:30, 13 December 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- Court of Appeal of Brussels - 2021/AR/205 (category Article 6 GDPR)complaint; b. give notice to the second defendant, pursuant to Article 58(2)(a) AVG and Article 100(1)(5) WOG, that it will not take part in the proceedings92 KB (14,873 words) - 09:03, 20 August 2021
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)of a link to this information. This was a violation of Article 12. Based on Article 13(2)(a) GDPR and WP29 guidelines on transparency, the CNIL noted that48 KB (7,404 words) - 17:09, 6 December 2023
- BGH - I ZR 7/16 (category Article 94 GDPR)meaning of Article 5(3) and Article 2(f) of Directive 2002/58/EC, as amended by Article 2(5) of Directive 2009/136/EC, in conjunction with Article 2(h) of Directive52 KB (8,575 words) - 15:55, 22 March 2022
- APD/GBA (Belgium) - 11/2024 (category Article 5(2) GDPR)4 and article 15 of the GDPR (right of access), for reasons set out below. Furthermore, in accordance with article 58.2.c) of the GDPR and article 95, §26 KB (3,856 words) - 08:51, 19 March 2024
- APD/GBA (Belgium) - 08/2019 (category Article 13(2)(b) GDPR)violated Articles 12(3), (4), 13(2)(b), 30(1)(d) and (g) of the GDPR and issued a warning by virtue of Article 58(2)(b) of the GDPR. Due to the anonimisation24 KB (3,843 words) - 16:51, 12 December 2023
- APD/GBA (Belgium) - 11/2019 (category Article 5(1)(b) GDPR)1(e) and 5.2 of the DGPS and Article 6 of the DGPS; 2.the defendant has not complied with the obligations imposed by sections 12.1. and 12.2. of the DGPS24 KB (3,844 words) - 16:51, 12 December 2023
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)obtained from them, as required under Article 14(1)(a) AVG and Article 14(2)(c)(e) and point (f) AVG; c. article 12 j° article 14 AVG, in view of the defendant62 KB (10,509 words) - 16:58, 12 December 2023
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)the Personal Data Act and the Privacy Ordinance, cf. section 2 and Article 2 of the Ordinance 2. The Personal Data Act and the Privacy Ordinance are coming49 KB (7,646 words) - 07:56, 7 March 2022
- VGH Baden-Württemberg - 1 S 397/19 (category Article 18(2) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)"accept all" button be considered a breach of GDPR Article 4(11) and Article 7, read in conjunction with GDPR Article 5(3) -Privacy while the data controller120 KB (19,650 words) - 09:00, 6 April 2022
- Court of Appeal of Brussels - 2022/AR/1085 (category Article 52 GDPR)contentious phase (Article 98 WOG) (own underlining): Preco ntious phase: "Subsection 2. -Procedure vggrgfgggnd ggn the decisions grgnd Art. 94. Once apprehended30 KB (4,204 words) - 09:54, 14 December 2023
- BVwG - W211 2227144-1 (category Article 2 GDPR)the violation of his GDPR rights by the parliamentary committee? The BVwG initially held that the exemption under Article 2(2)(a) GDPR (processing of personal38 KB (5,801 words) - 10:08, 10 September 2021
- AEPD (Spain) - EXP202206825 (category Article 6(1) GDPR)established in article 58.2 of the GDPR. Between They have the power to impose an administrative fine in accordance with the article 83 of the RGPD -article 58.231 KB (4,864 words) - 13:27, 13 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)Human Rights. According to settled case-law, it follows from Article 1.2 and Article 59.2 of the Basic Law that there is an obligation to use the Human133 KB (21,944 words) - 15:59, 22 March 2022
- Datatilsynet (Norway) - 0/02422 (category Article 58(2)(i) GDPR)violation of Article 12(3) GDPR and Article 15 GDPR due to a failure to respond to an access request that was submitted around a month after the GDPR became162 KB (24,007 words) - 19:41, 15 February 2023
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)also be subject to the provisions of Article 6.1(e) DSGVO in conjunction with Article 6.1(b) DSGVO. Article 2, 28.2 no. 2 BayDSG without the consent of the31 KB (5,184 words) - 17:19, 15 April 2023
- the obligations under Article 6, §2, al. 5 and Article 9 of the Camera Act 1 2. there is a serious indication that article 6, § 2, al. 4 of the aforementioned35 KB (5,303 words) - 17:01, 12 December 2023
- APD/GBA (Belgium) - 10/2019 (category Article 5(1)(b) GDPR)provided for in Article 83 of the PGRD and having regard to the assessment factors listed in Article 83.2. of the RGPD, a reprimand (Article 100 § 1, 5° LCA)32 KB (5,190 words) - 16:51, 12 December 2023
- AN - SAN 3073/2022 (category Article 5(1)(c) GDPR)union enshrined in Article 7 of the Spanish Constitution. Therefore, such processing would be lawful in accordance with Article 6(1) GDPR. Share your comments34 KB (5,374 words) - 14:21, 24 November 2022
- OLG Stuttgart - 2 U 257/19 (category Article 13 GDPR)supervisory authorities (Article 58(2) DSGVO), in particular the fines to be imposed (Article 58(2)(i) DSGVO), for which Article 83 DSGVO contains a detailed52 KB (8,574 words) - 16:03, 10 March 2022
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)3 Sentence 2 GDPR is in accordance and whether there is a conflict of interest within the meaning of. Article 38 Paragraph 6 Sentence 2 GDPR applies if40 KB (6,019 words) - 14:13, 28 November 2023
- VG Köln - 25 K 2138/19 (category Article 16 GDPR)claim was Article 16 GDPR, as § 12 Bundesmeldegesetz (BMG - Federal Registration Act) clarifies. Then, it held that the legal requirements of Article 16 GDPR39 KB (6,235 words) - 11:14, 15 June 2022
- AEPD (Spain) - PS/00093/2019 (category Article 5(1)(f) GDPR)parties (Article 83.2.k of the RGPD in relation to Article 76.2.b of the LOPDGDD) - The turnover or activity figure of the entity (article 83.2.a, of the37 KB (5,995 words) - 13:58, 13 December 2023
- IP - 0712-1/2019/2419 (category Article 5(1)(f) GDPR)first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette RS, No. 94/07-UPB1 - hereinafter ZVOP-1); Article 2 of the Information11 KB (1,558 words) - 14:43, 17 March 2022
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- Court of Appeal of Brussels - 2020/AR/582 (category Article 58(2)(a) GDPR)investigation in accordance with article 91 2. In this regard, it follows from the text of the contested decision: Pursuant to Article 95, §2 of the Law of 3 December26 KB (3,871 words) - 07:59, 24 August 2023
- APD/GBA (Belgium) - 61/2020 (category Article 5(1)(d) GDPR)this regard within the meaning of Article 2 (2) point d) GDPR. Whichcertain officials of the defendant under Article 5, §2 of the Second Ordinanceare appointed41 KB (6,354 words) - 16:59, 12 December 2023
- OLG Hamm - 20 U 146/22 (category Article 12(5)(b) GDPR)meaning of Article 4(1) GDPR. Nevertheless, in this case the controller had the right to disregard the request in light of Article 12(5)(b) GDPR, as the latter30 KB (4,784 words) - 08:39, 8 August 2023
- APD/GBA (Belgium) - 19/2020 (category Article 5(2) GDPR)established by the GDPR.The principle of liability set out in Article 5.2 of the GDPR and developed in Article 24 are at the heart of the GDPR and reflect the39 KB (6,246 words) - 16:55, 12 December 2023
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)whether Art. 15 GDPR applies to the investigation files at all, since according to Art. 2 Para. 2 d GDPR, Section 2a Para. 4 AO, the GDPR does not apply97 KB (16,519 words) - 09:57, 22 February 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(2) GDPR)for the violation of Article 5(1)(f) GDPR and Article 5(2) GDPR. The AEPD considered that the fine was proportional, since the GDPR establishes that fines270 KB (43,335 words) - 12:39, 13 December 2023
- CNIL (France) - SAN-2020-008 (category Article 13(2)(a) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- specified in Article 83 of the GDPR. 92. 92. Firstly, the restricted formation emphasises that, in this case, the criterion provided for in Article 83(2)(a) of73 KB (11,864 words) - 17:03, 6 December 2023
- IP - 0712-1/2019/2725 (category Article 58(3) GDPR)of Article 49 of the Personal Data Protection Act (Official Gazette RS, No. 94/07, officially consolidated text, hereinafter ZVOP-1) and Article 2 of the5 KB (506 words) - 14:45, 17 March 2022
- IP - 07121-1/2021/517 (category Article 55(3) GDPR)paragraph of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, no. 94/07; hereinafter ZVOP-1) and Article 2 of the5 KB (679 words) - 10:42, 6 May 2021
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)information”, article 83.2 f) of the GDPR. (IV) "The non-existence of benefits obtained through the infringement", article 83.2 k) of the GDPR and 76.2 c) of the49 KB (7,973 words) - 13:25, 13 December 2023
- IP - 07121-1/2020/1242 (category Article 58 GDPR)of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP-1) and Article 2 of the6 KB (806 words) - 11:06, 13 January 2021
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)reasoned in accordance with Article 4(24) GDPR and, after conducting its own assessment of the factors under Article 83(2) GDPR, found that the proposed fine468 KB (51,340 words) - 14:10, 30 January 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)fine, the criteria specified in the same Article 83." 112. Under Article 83 of the GDPR, as referred to in Article 20(III) of the Data Protection Act: "182 KB (13,463 words) - 17:03, 6 December 2023
- AEPD (Spain) - EXP202203956 (category Article 6(1) GDPR)” Regarding section k) of article 83.2 of the GDPR, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions52 KB (8,323 words) - 13:17, 13 December 2023
- IP - 07121-1/2021/597 (category Article 2(2) GDPR)individual, it should be clarified at the outset that, in accordance with Article 2 (2) of the General Regulation, the General Regulation does not apply to6 KB (911 words) - 16:58, 13 April 2021
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)before May 25, 2018. 2.2. Consent and the lawfulness of the processing (Article 4, point 11, Article 6 (1) in conjunction with Article 7 GDPR) 121. With regard113 KB (18,732 words) - 16:50, 12 December 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR. The complainants are clients52 KB (8,603 words) - 16:55, 12 December 2023
- IP - 07121-1/2021/662 (category Article 4(1) GDPR)of the first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07, officially consolidated7 KB (1,003 words) - 09:57, 14 April 2021
- IP - 07121-1/2020/195 (category Article 35 GDPR)Republic of Slovenia (IP), provided a non-binding opinion pursuant to Article 58(3) GDPR. The IP pronounced itself on the use of drones. The question concerned9 KB (839 words) - 14:07, 24 February 2022
- IP - 07121-1/2020/1677 (category Article 9 GDPR)personal data. This type of health data, the DPA held, belongs to Article 9 of the GDPR and cannot be processed without specific authorization. The DPA then7 KB (846 words) - 11:07, 13 January 2021
- IP - 07120-1/2021/168 (category Article 15 GDPR)of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP-1) and Article 2 of the7 KB (1,000 words) - 10:10, 14 April 2021
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- IP - 07121-1/2021/540 (category Article 5(1)(c) GDPR)of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP-1) and Article 2 of the7 KB (882 words) - 08:16, 7 April 2021
- APD/GBA (Belgium) - 161/2023 (category Article 4(11) GDPR)hereinafter “GDPR”; 14See also article 100 of the LCA. 15See section 6.3.2. and sections 94-97 of the LCA. 16 Cfr. Article 94, 1° and 2° of LCA; also61 KB (8,521 words) - 14:59, 6 February 2024
- APD/GBA (Belgium) - 159/2023 (category Article 4(11) GDPR)Regulation), hereinafter “GDPR”; 14See article 100 WOG. 15See section 6.3.2. and articles 94-97 of the WOG. 16 Cfr. Article 94, 1° and 2° WOG; also compare the54 KB (7,683 words) - 16:04, 10 January 2024
- IP - 07121-1/2021/400 (category Article 4(15) GDPR)of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP-1) and Article 2 of the7 KB (1,034 words) - 11:06, 27 October 2021
- IP - 07121-1/2021/563 (category Article 6(1)(f) GDPR)of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP-1) and Article 2 of the7 KB (1,014 words) - 10:42, 6 May 2021
- IP - 07121-1/2021/577 (category Article 37 GDPR)of the first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07, official consolidated7 KB (978 words) - 10:41, 6 May 2021
- LG Berlin - 31 O 714/21 (category Article 15 GDPR)The Regional Court of Berlin held that a right to information under Article 15 GDPR cannot be enforced by way of an interim injunction, since there is no94 KB (15,693 words) - 13:55, 6 April 2022
- VG Cottbus - VG 4 K 1191/19 (category Article 4(2) GDPR)is done using a water meter and its readout. Article 12(5) GDPR in conjunction with Article 18(1)(d) GDPR does not prevent the charging of an administrative75 KB (12,396 words) - 12:11, 30 March 2022
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)infringements of Article 5(1)(f), Article 24, and Article 32 GDPR, and to the objection of the IT SA on the possible infringement of Article 5(2) GDPR, the EDPB183 KB (30,819 words) - 09:50, 20 January 2023
- IP - 07120-1/2020/628 (category Article 6(1) GDPR)meetings, one of the legal bases for the processing of personal data from Article 6(1) GDPR must be provided. The DPA suggested to determine the rules regarding8 KB (1,139 words) - 08:18, 7 April 2021
- IP - 07121-1/2021/678 (category Article 6(1)(b) GDPR)of the first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07, officially consolidated8 KB (1,055 words) - 16:21, 15 April 2021
- IP - 0712-1/2019/2504 (category Article 5(1)(c) GDPR)first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette RS, No. 94/07-UPB1, hereinafter: ZVOP-1), and 2 Article 43 of the Information8 KB (1,114 words) - 14:44, 17 March 2022
- IP - 07121-1/2020/428 (category Article 6 GDPR)such as an insurance company, should have an adequate legal basis under Article 6 GDPR to lawfully do so. An individual notified the IP about a car accident9 KB (1,211 words) - 11:57, 24 March 2022
- IP - 07121-1/2020/693 (category Article 13 GDPR)first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette RS, No. 94/07-UPB1, hereinafter ZVOP-1), and Article 2 of the Information9 KB (1,166 words) - 15:24, 17 March 2022
- IP - 07121-1/2020/390 (category Article 6(1)(c) GDPR)first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette RS, No. 94/07-UPB1, hereinafter ZVOP-1), and 2 Article 43 of the Information8 KB (1,260 words) - 14:29, 24 February 2022
- IP - 07121-1/2020/2281 (category Article 6(1) GDPR)Interestingly, Slovenia still has not implemented fully the GDPR. They are still relying on ZVOP-1, as ZVOP-2 (national data protection act) still has not been introduced8 KB (1,224 words) - 07:36, 4 October 2021
- CNIL (France) - SAN-2019-001 (category Article 4(11) GDPR)comprehensible character, within the meaning of Article 12 of the GDPR, of the information provided for in Article 13 of the Regulation must be assessed. The90 KB (14,556 words) - 17:08, 6 December 2023
- AEPD (Spain) - EXP202204881 (category Article 6(1) GDPR)information”, article 83.2 f) of the GDPR. (IV) "The non-existence of benefits obtained through the infringement", article 83.2 k) of the GDPR and 76.2 c) of the55 KB (9,017 words) - 10:46, 13 December 2023
- HDPA (Greece) - 44/2019 (category Article 5(2) GDPR)internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its127 KB (21,184 words) - 15:39, 6 December 2023
- AEPD (Spain) - PS/00028/2022 (category Article 5(1)(f) GDPR)" Regarding section k) of article 83.2 of the GDPR, the LOPDGDD, article 76, "Sanctions and corrective measures", provides: "2. In accordance with the provisions58 KB (9,301 words) - 12:39, 13 December 2023
- IP - 07121-1/2020/1043 (category Article 4(1) GDPR)signatures personal data within the meaning of Article 4(1) GDPR? Is there a legal basis under Article 6 GDPR that would justify the disclosure of the signatures9 KB (1,251 words) - 11:05, 13 January 2021
- Court of Appeal of Brussels - 2019/AR/1006 (category Article 16 GDPR)accordance with Article 4(1) GDPR, according to the DPA. The Court of Appeal of Brussels held that, in accordance with Article 16 GDPR, the data subject59 KB (9,290 words) - 09:10, 5 May 2024
- IP - 07120-1/2021/181 (category Article 6 GDPR)of the first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07, official consolidated9 KB (1,291 words) - 08:23, 20 April 2021
- IP - 07121-1 / 2020/2260 (category Article 4(11) GDPR)of article 6 (1) GDPR? The Slovenian DPA finds itself competent of deciding upon the legal basis and the conditions of a lawful processing. Article 6 (1)9 KB (1,371 words) - 23:06, 10 February 2021
- CE - 449209 (category Article 55(1) GDPR)the GDPR, article 94 of which repeals this directive while specifying that references to the repealed directive s understand as made under the GDPR. 5.36 KB (5,595 words) - 16:12, 2 February 2022
- IP - 07120-1/2020/358 (category Article 9(2)(c) GDPR)illustrate how the GDPR could be applied to allow the NIJZ data to be used in this way, the IP cited examples from Article 9(2) GDPR, which lists the exceptions10 KB (1,384 words) - 16:52, 9 June 2020
- IP - 07121-1 / 2020/2263 (category Article 5 GDPR)accordance with Article 2 ZInfP autonomous and independent state body that, in addition to the tasks set out in that Article, on the basis of Article 49 of the9 KB (1,363 words) - 23:05, 10 February 2021
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)breach of Article 13 (2) of the GDPR. 43. Consequently, the restricted panel considers that the company has committed a breach of Article 13 of the GDPR. It56 KB (8,757 words) - 14:12, 28 February 2024
- IP - 07121-1/2020/1570 (category Article 6(3) GDPR)the Slovenian National Institute of Public Health? The IP held that Article 6(3) GDPR applies in this context. As such the legal basis for processing is9 KB (1,289 words) - 11:06, 13 January 2021
- IP - 07120-1/2020/290 (category Article 58 GDPR)first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette RS, No. 94/07-UPB1, hereinafter ZVOP-1), and Article 2 of the Information11 KB (1,577 words) - 14:48, 17 March 2022
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- CJEU - C807/21 - Deutsche Wohnen (category Article 83(4) GDPR)administrative fine under Article 83 GDPR. That question is exhaustively regulated by Article 58(2) and Article 83(1) to (6) GDPR. Thus the concept of an10 KB (1,543 words) - 13:53, 8 December 2023
- IP - 07120-1/2020/345 (category Article 9(2)(b) GDPR)of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP- 1) and Article 2 of11 KB (1,695 words) - 11:11, 13 January 2021
- APD/GBA (Belgium) - 63/2023 (category Article 5(1)(c) GDPR)this, the two files have been joined. 4. Pursuant to article 95 § 2, 3° of the LCA as well as article 47 of the rules of order inside the DPA, a copy of14 KB (1,869 words) - 14:49, 13 June 2023
- IP - 07121-1/2020/196 (category Article 6 GDPR)first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette RS, No. 94/07-UPB1, hereinafter: ZVOP-1) and Article 2 of the Information12 KB (1,459 words) - 14:07, 24 February 2022
- IP - 07121-1/2020/1869 (category Article 6(1)(c) GDPR)persons and their immediate family members in accordance with Article 6(1)(c) GDPR. Article 6(1)(c) stipulates that processing is lawful when it is necessary10 KB (1,413 words) - 11:07, 13 January 2021
- IP - 07121-1/2020/527 (category Article 58(3) GDPR)first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette RS, No. 94/07-UPB1, hereinafter ZVOP-1 ) and Article 2 of the Information10 KB (1,467 words) - 15:22, 17 March 2022
- APD/GBA (Belgium) - 01/2024 (category Article 5(1)(c) GDPR)infringement of Article 5.1.b), c) and e) GDPR and Article 5.1.a) j° Article 6.1 GDPR; - on the basis of Article 58.2.c) of the GDPR and Article 95, § 1, 5°38 KB (5,767 words) - 16:10, 19 March 2024
- IP - 07121-1/2020/701 (category Article 4(1) GDPR)first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette RS, No. 94/07-UPB1, hereinafter ZVOP-1 ) and Article 2 of the Information11 KB (1,636 words) - 15:24, 17 March 2022
- CJEU - C-687/21 - MediaMarktSaturn (category Article 4 GDPR)of the GDPR? Does unintenional disclosure (via a breach) to a third party constitute unlawful further processing as per Article 2(1), 5(1)(f), 6(2) and Article11 KB (1,606 words) - 09:59, 15 February 2024
- IP - 07121-1/2020/1555 (category Article 6(1)(c) GDPR)paragraph of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP-1) and 2 In accordance11 KB (1,657 words) - 12:04, 16 September 2020
- APD/GBA (Belgium) - 10/2023 (category Article 12(3) GDPR)set out by Article 12(4) GDPR. The DPA ordered the controller to comply with the access request pursuant Article 58(2)(c) GDPR and Article 95(1)(5) LCA14 KB (1,967 words) - 15:07, 22 February 2023
- APD/GBA (Belgium) - 02/2023 (category Article 12(3) GDPR)measures referred to in Article 100 WOG. 2 1Section 3, Subsection 2 WOG (Articles 94 through 97). 2 1° to dismiss a complaint; 2° to order the exclusion15 KB (2,043 words) - 15:41, 24 January 2023
- IP - 07121-1/2020/2187 (category Article 9(2)(h) GDPR)of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP-1 ) and Article 2 of13 KB (1,905 words) - 14:28, 4 February 2021
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)Failure to ensure data protection by default (Article 25(2) GDPR) The DPA also found a violation of Article 25(2) GDPR regarding the controllers “X” icon at the59 KB (9,566 words) - 17:03, 6 December 2023
- DSB (Austria) - 2020-0.829.566 (category Article 15(3) GDPR): Article 15,, Article 17,, Article 21,, Article 51, paragraph one,, Article 57, paragraph one, litera f,, Article 77, paragraph one, and Article 91 of41 KB (6,603 words) - 07:12, 1 August 2023
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 9(2)(a) GDPR)that the Medical List does today, cf. GDPR Article 4, No. 11, Article 6 No. 1 letter a, Article 7 and Article 9 No. 2 letter a If current practice is invalid144 KB (23,058 words) - 18:48, 5 March 2022
- IP - 07121-1/2020/1180 (category Article 6(1)(a) GDPR)of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP-1) and Article 2 of the12 KB (1,804 words) - 11:06, 13 January 2021
- IP - 07120-1/2021/182 (category Article 6(1) GDPR)of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP-1 ) and Article 2 of13 KB (2,014 words) - 15:15, 21 April 2021
- IP - 07121-1/2020/197 (category Article 58(3) GDPR)first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette RS, No. 94/07-UPB1, hereinafter: ZVOP-1) and Article 2 of the Information12 KB (1,773 words) - 14:49, 17 March 2022
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)disregarded the provisions of Article 5-1 e) of the GDPR. C. On the breach of the obligation to inform people 65. Article 13 of the GDPR requires the data controller61 KB (10,028 words) - 17:09, 6 December 2023
- APD/GBA (Belgium) - 09/2023 (category Article 58(2) GDPR)controller has acted in violation of Article 12.3 and 12.4 GDPR, as well as Article 17.1 GDPR. 2 1 Article 12 GDPR […] 3. The controller shall provide the16 KB (2,239 words) - 19:52, 15 February 2023
- APD/GBA (Belgium) - 06/2023 (category Article 15(1)(a) GDPR)pursuant to Article 12(2) GDPR. The DPA ordered the controller to comply with the access request pursuant to Article 58(2)(c) GDPR and Article 95(1)(5) LCA16 KB (2,242 words) - 10:12, 8 February 2023
- APD/GBA (Belgium) - 127/2022 (category Article 5(1)(f) GDPR)measures under Article 24 GDPR and 25 GDPR. However, the DPA considered that in this case, the violations of Article 5(1)(f) GDPR and 32 GDPR were sufficient14 KB (1,993 words) - 14:36, 14 September 2022
- APD/GBA (Belgium) - 19/2023 (category Article 12 GDPR)responsibility – article 5.2. GDPR). It must also implement all the measures necessary for this. effect (Article 24 GDPR). 6. Pursuant to Article 15 § 1 of the16 KB (2,244 words) - 23:23, 12 March 2023
- APD/GBA (Belgium) - 40/2024 (category Article 12(3) GDPR)basis of article 62, § 1 2 of the WOG transferred to the Disputes Chamber. 4. In accordance with Article 95, § 2, 3° of the WOG as well as Article 47 of the15 KB (2,218 words) - 08:27, 14 March 2024
- IP - 07121-1/2020/199 (category Article 6(1)(e) GDPR)Republic of Slovenia (IP), provided a non-binding opinion pursuant to Article 58 GDPR. The subject matter of the opinion regarded the legality of installing15 KB (1,752 words) - 14:07, 24 February 2022
- CTPDA (Andalusia) - RPS-2023/001 (category Article 6 GDPR)alleged infringement of article 6 GDPR, classified in article 83.5.a) GDPR, and punishable with warning in accordance with article 77.2 LOPDGDD. Nineth. Notified46 KB (7,089 words) - 14:00, 29 March 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 24(2) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- IP - 07121-1/2020/519 (category Article 13 GDPR)data and a legal basis would be needed according to Article 6 GDPR and the principles of Article 5 GDPR should be respected. The employer who decides that15 KB (2,192 words) - 15:21, 17 March 2022
- APD/GBA (Belgium) - 145/2022 (category Article 12(2) GDPR)complaint with Article 5(1)(c) GDPR. However, Article 58(2)(b) GDPR contains the authority of the DPA to reprimand a controller. Article 58(2)(c) GDPR contains18 KB (2,545 words) - 16:10, 25 October 2022
- APD/GBA (Belgium) - 109/2023 (category Article 21(2) GDPR)2023. The Belgian DPA found a violation of Article 21(2) GDPR and Article 12(3) GDPR. Firstly, Article 21(2) establishes the right for a data subject to18 KB (2,545 words) - 14:46, 29 August 2023
- AG München - 322 C 3109/23 (2) (category Article 6(1)(f) GDPR)deletion under Article 17 GDPR is required. Even in the event of a proper and expert repair, a balancing of interests under Article 6(1)(f) GDPR indicates a17 KB (2,516 words) - 21:50, 10 March 2024
- APD/GBA (Belgium) - 17/2023 (category Article 5(2) GDPR)data against unauthorised access as stipulated in Article 5(1)(f) GDPR. The DPA referred to Article 32 GDPR and recommended a logging measure and to keep track17 KB (2,351 words) - 15:21, 8 March 2023
- VUSRH - Usž-670/21-2 (category Article 4(1) GDPR)original for more details. - 1 - Business number: Usž-670 / 21-2 Business number: Usž-670 / 21-2 U I M E R E P U B L I K E H R V A T S K E VERDICT The High16 KB (2,450 words) - 07:53, 8 February 2022
- APD/GBA (Belgium) - 160/2022 (category Article 12(3) GDPR)(Articles 15 and 17 GDPR). The DPA held that the controller breached Articles 12(3) GDPR, Article 15(1) GDPR and Article 17(1) GDPR by not responding to17 KB (2,401 words) - 16:49, 29 November 2022
- APD/GBA (Belgium) - 03/2024 (category Article 12 GDPR)the DPA held that the controller infringed Article 12(3) GDPR, Article 12(4) GDPR and Article 17(1) GDPR and ordered the controller to deal with the data17 KB (2,442 words) - 12:17, 27 March 2024
- NSA - III OSK 1789/22 (category Article 5(1)(c) GDPR)29 section 1 sentence 2 and section 2 and 3 of the annex to the resolution, as being inconsistent with Art. 35 section 3 point 2 of the Act on in connection74 KB (12,347 words) - 13:46, 9 October 2023
- Tietosuojavaltuutetun toimisto (Finland) - 1788/152/22 (category Article 58(2)(c) GDPR)within the meaning of Article 15 (4) of the Data Protection Regulation. Decision and justification of the EDPS Pursuant to Article 58 (2) (c) of the Data Protection17 KB (2,540 words) - 10:11, 7 June 2022
- APD/GBA (Belgium) - 75/2023 (category Article 12(2) GDPR)Authority. II.5.2. Established infringement of Article 5(1)(a) j° Article 6(1)(f) and Article 12(2) GDPR in conjunction with Article 17 (1) GDPR. II.5.2.1. Administrative77 KB (11,604 words) - 08:55, 29 June 2023
- APD/GBA (Belgium) - 60/2024 (category Article 5(1)(f) GDPR)transmitted to the Chamber st 2 Litigation under article 62, § 1 of the LCA. 10. Pursuant to article 95 § 2, 3° of the LCA as well as article 47 of the order regulations17 KB (2,386 words) - 07:43, 30 April 2024
- APD/GBA (Belgium) - 130/2021 (category Article 5(1)(b) GDPR)Pursuant to Article 58.2.a) GDPR and Article 95, § 1, 4° WOG, to contact the controller warn that intended processing infringes Article 5.1, b) GDPR and Article16 KB (2,341 words) - 06:44, 22 December 2021
- Tallinna Halduskohus - 3-19-579 (category Article 77(1) GDPR)terms of Article 77(1) GDPR. The complainant, however, expected the submission to be processed as a complaint within the meaning of Article 77(1) GDPR. The16 KB (2,518 words) - 14:09, 24 March 2022
- AEPD (Spain) - PS/00410/2020 (category Article 2(2)(c) GDPR)as established in article 2.2 of the RGPD and article 2.2.a) of the LO- PDGDD, the following should be noted: it says to article 2.2 of the RGPD: "two47 KB (7,334 words) - 17:00, 14 December 2022
- IP (Slovenia) - 0610-32/2021/7 (category Article 32 GDPR)paragraph of Article 29 of the ZIN and the powers under Article 19 of the ZIN, Articles 2 and 8 of the ZInfP, Articles 50, 51 and 53 of ZVOP-1 and Article 57 and16 KB (2,430 words) - 07:56, 6 July 2021
- AEPD (Spain) - EXP202100897 (category Article 83(2) GDPR)basis for the processing (Article 21(1) GDPR). Finally, the DPA fined the controller €12,000 for a violation of Article 6(1) GDPR due to the lack of a valid72 KB (11,671 words) - 13:34, 13 December 2023
- LG Feldkirch - 57 Cg 30/19b - 15 (category Article 9(1) GDPR)the GDPR, as the data falls under Article 9 GDPR and awarded € 800 in emotional damages. The Austrian Business Code cannot override Article 9 GDPR. There69 KB (11,077 words) - 16:48, 7 March 2022
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)consent of the 10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results73 KB (11,604 words) - 16:57, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)accordance with Article 58, paragraph 2, subparagraph b of the General Data Protection Regulation, and an order pursuant to Article 58, paragraph 2, subparagraph71 KB (11,552 words) - 13:40, 12 January 2024
- IP (Slovenia) - 0609-6/2024/7 (category Article 6(1)(a) GDPR)conjunction with Article 91(1)(1) ZVOP-1, for which a fine of EUR 830.00 is prescribed, taking into account Article 91(2) ZP-1 and Article 119(1) ZVOP-2 on the application19 KB (2,784 words) - 09:16, 25 April 2024
- LArbG Baden-Württemberg - 2 Sa 16/21 (category Article 12(1) GDPR)employer violated their Article 15 GDPR obligations as a data controller. The plaintiff requested information under Article 15 GDPR from its former employer49 KB (8,074 words) - 08:33, 6 October 2022
- LAG Schleswig-Holstein - 1 Sa 148/22 (category Article 4(1) GDPR)the data subject requested his personal information (Article 15 (1) GDPR and Article 15 (3) GDPR) from the controller. On the same day, the data subject51 KB (8,324 words) - 15:52, 18 January 2024
- APD/GBA (Belgium) - 51/2024 (category Article 5(1)(a) GDPR)6GDPR,Article 5.1.b),Article 5.1.a)j°Article 13andArticle 27 GDPR due to the current processing activities. 23. The purpose of this decision is to inform the19 KB (2,807 words) - 11:02, 17 April 2024
- APD/GBA (Belgium) - 137/2023 (category Article 12(1) GDPR)transparency under Article 12(1) GDPR and Article 14 GDPR, as the controller had failed to fulfill the informational obligations under Article 14 GDPR. The municipality52 KB (7,789 words) - 11:38, 11 October 2023
- IP (Slovenia) - 07121-1/2021/1039 (category Article 6 GDPR)information about his state of health are defined in Article 4 (15) GDPR as data concerning health. Article 48 of the Employment Relationships Act (ZDR-1),17 KB (2,618 words) - 12:59, 16 June 2021
- Tietosuojavaltuutetun toimisto (Finland) - 8086/182/2019 (category Article 4(11) GDPR)under Article 4 (11) GDPR when consent is a condition for participating in a lottery, and 2) has the data controller complied with Article 7(3) GDPR and17 KB (2,519 words) - 15:12, 25 April 2023
- APD/GBA (Belgium) - 04/2023 (category Article 5(2) GDPR)result, the controllers acted in 1 2 3 contravenes Articles 5.2 and 12.2 GDPR, as well as Article 17.1 GDPR. 1 Article 5.2 GDPR. The controller is responsible20 KB (2,870 words) - 10:07, 1 February 2023
- APD/GBA (Belgium) - 87/2023 (category Article 12(3) GDPR)Area exists. Article 3.1 of the GDPR is therefore not applicable. 6. The second case provided for in Article 3.2 GDPR specifies that the GDPR applies to21 KB (2,987 words) - 20:10, 4 July 2023
- APD/GBA (Belgium) - 32/2024 (category Article 15(1) GDPR)Subsection 2 of the WOG (Articles 94 to 97). Decision 32/2024 – 5/7 The Disputes Chamber has thus decided, on the basis of Article 58.2.c) GDPR and Article 9521 KB (3,062 words) - 07:42, 20 March 2024
- APD/GBA (Belgium) - 57/2024 (category Article 12 GDPR)basis of article 62, § 1 of the WOG transferred to the Disputes Chamber. 2 5. In accordance with Article 95, § 2, 3° of the WOG as well as Article 47 of the21 KB (3,085 words) - 14:47, 29 April 2024
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 38(2) GDPR)analyzes the criteria set by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches81 KB (11,895 words) - 16:58, 6 December 2023
- CNPD (Portugal) - Deliberação 2022/140 (category Article 13(2) GDPR)violation of Article 5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e)75 KB (12,306 words) - 10:02, 21 December 2022
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)the basis of Article 58, paragraph 2, point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the82 KB (12,100 words) - 17:01, 12 December 2023
- AP (The Netherlands) - 25.11.2021 (category Article 58(2)(i) GDPR)fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection87 KB (11,601 words) - 17:08, 12 December 2023
- the provisions as set out in article 95, § 2 as well as in article 98 of the LCA. They are also informed, pursuant to Article 99 of the LCA, of the deadlines21 KB (3,176 words) - 11:00, 7 December 2022
- APD/GBA (Belgium) - 189/2022 (category Article 5(2) GDPR)included in Article 15.1 AVG. As a result, the controller has acted in violation of Articles 12.3 and 12.4 1 2 GDPR , as well as Article 15.1 GDPR . 3 5. Specifically21 KB (3,086 words) - 08:57, 11 January 2023
- Garante per la protezione dei dati personali (Italy) - 9815665 (category Article 5(1)(a) GDPR)in the data controller" (Article 6, paragraph 1, letter e ), 2 and 3, and art. 9, par. 2, lett. g), of the Regulations; art. 2-ter of the Code, in the text59 KB (9,359 words) - 08:38, 16 November 2022
- ICO (UK) - Monetary Penalty Notice to Easylife Limited (category Article 5(1)(a) GDPR)the GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the GDPR. Article 5(2) makes77 KB (9,347 words) - 07:39, 13 October 2022
- OLG Celle - 13 U 84/19 (category Article 82(2) GDPR)from the scope of Article 16 GDPR, in my opinion, already follows from the word "inaccurate" in the first sentence of Article 16 GDPR and does not need53 KB (8,795 words) - 11:53, 2 March 2022
- APD/GBA (Belgium) - 52/2024 (category Article 5(1)(a) GDPR)basis of article 62, § 1 2 of the WOG transferred to the Disputes Chamber. 4. In accordance with Article 95, § 2, 3° of the WOG as well as Article 47 of the21 KB (3,024 words) - 09:26, 17 April 2024
- BGH - VI ZR 54/21 (category Article 6(1)(f) GDPR)clerk the office Reference book: yes BGHZ: no BGHR: yes GDPR Article 6 Paragraph 1 Letter f, Article 17 Paragraph 1 On the requirements for a claim for deletion20 KB (3,171 words) - 08:50, 9 February 2023
- IP - 07121-1/2020/638 (category Article 6(1)(c) GDPR)that teachers could withdraw their consent at any time according to Article 7(3) GDPR with regard to these recordings. For this reason is important to understand21 KB (3,055 words) - 15:23, 17 March 2022
- APD/GBA (Belgium) - 128/2023 (category Article 58(2)(c) GDPR)concluded a prima facie breach of Article 15 GDPR and Article 17 GDPR in combination with Article 12(3) GDPR and Article 12(4) GDPR, because the controller did23 KB (3,272 words) - 09:19, 13 September 2023
- OLG München - 18 U 1697/21 Pre (category Article 6(1)(f) GDPR)defining factor for the balancing act under Article 6(1)(f) GDPR. Second, the court decided that Article 17(1)(c) GDPR obliged a controller to delete personal22 KB (3,418 words) - 10:28, 14 November 2022
- APD/GBA (Belgium) - 143/2022 (category Article 4(1) GDPR)to comply with the request (Article 12(3) GDPR) or not (Article 12(4) GDPR). Without addressing a potential breach of the GDPR, the DPA ordered the controller23 KB (3,383 words) - 08:06, 3 November 2022
- processing requirement of the Section 2D of the Data Protection Act 1988. 2. Based on the Court’s analysis of Article 29 of the Data Protection Directive64 KB (9,589 words) - 16:15, 1 June 2022
- APD/GBA (Belgium) - 31/2022 (category Article 5(1)(a) GDPR)of his personal data would be based 5. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 67. Moreover, a controller, in this case defendant84 KB (12,933 words) - 16:46, 12 December 2023
- Upravni sud u Zagrebu - Usl-4017/23-6 (category Article 57(1)(a) GDPR)is carried out may, under the assumptions of Article 23, paragraph 5 of the ZUS and Article 24, paragraph 2. ZUS, file a lawsuit for failure to issue a22 KB (3,379 words) - 09:05, 28 March 2024
- APD/GBA (Belgium) - 55/2021 (category Article 25(2) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- APD/GBA (Belgium) - 34/2020 (category Article 5(1)(b) GDPR)GDPR and Article 66.2 WOG); and • compliance with the transparency obligations (Article 12 GDPR) and the te provide information (Article 13 GDPR). Page82 KB (13,250 words) - 16:57, 12 December 2023
- APD/GBA (Belgium) - 16/2023 (category Article 5(2) GDPR)Litigation Chamber st 2 pursuant to Article 62, § 1 of the LCA. 5. Pursuant to article 95 § 2, 3° of the LCA as well as article 47 of the rules of order27 KB (3,881 words) - 14:40, 14 March 2023
- IP (Slovenia) - 0611-608/2021/9 (category Article 4(2) GDPR)pursuant to Article 9 GDPR, and violated the principle of data minimisation, Article 5(1)(c) GDPR. The DPA ordered, pursuant to Article 58(2)(d), to bring23 KB (3,551 words) - 17:15, 23 February 2022
- APD/GBA (Belgium) - 11/2023 (category Article 21(2) GDPR)according to Article 19 GDPR. The DPA held that the controllers could have breached Article 21(2) GDPR, Article 21(3) GDPR and Article 17(1)(c) GDPR in combination25 KB (3,639 words) - 13:51, 28 February 2023
- Rb. Amsterdam - C/13/704937 / HA RK 21-247 (category Article 6(1)(c) GDPR)basis registering payment arrears with the BKR: either Article 6(1)(c) GDPR or Article 6(1)(f) GDPR. The Court referred to the conclusion of Advocate General25 KB (4,023 words) - 17:05, 23 March 2022
- VGH München - 6 ZB 23.530 (category Article 5(1) GDPR)Annexes K 2.1 to K 2.20 arises neither from Section 112 Paragraph 1 Sentence 1 No. 1 or 2 BBG nor from Section 113 Paragraph 1 No. 1 or Paragraph 2 BBG nor25 KB (3,717 words) - 09:07, 28 March 2024
- IP (Slovenia) - 0603-98/2022/6 (category Article 5(2) GDPR)first paragraph of Article 91 of ZVOP 1 and when applying the second paragraph of Article 26 of ZP 1, the first paragraph of Article 21 of ZP 1 and the25 KB (4,035 words) - 13:16, 26 July 2023
- IP - 07120-1/2020/25 (category Article 4(5) GDPR)emphasizes the inadequacy of the provisions of Article 4, paragraphs 1 and 2 and Article 5, paragraphs 1 and 2 of the Arrangement, since, as stated, the JSI24 KB (3,577 words) - 15:31, 14 April 2021
- AEPD (Spain) - PS/00126/2021 (category Article 6(1) GDPR)negligence of the infringement (Article 83(2)(b) GDPR) the impact on basic personal identifiers (Article 83(2)(g) GDPR) Share your comments here! Share26 KB (3,922 words) - 13:10, 9 June 2021
- APD/GBA (Belgium) - 77/2023 (category Article 5(1)(a) GDPR)storage (Article 5.1.b, 5.1.c, 5.1.d and 5.1.e of the GDPR); - Violation of the principle of legality (article 5.1.a of the GDPR); - Violation of Article 10150 KB (22,339 words) - 09:50, 21 June 2023
- VwGH - Ro 2020/04/0031-9 (category Article 6(1)(f) GDPR)use of your data 21 GDPR, he did not explain to what extent the Data processing based on Article 6 Paragraph 1 Letter f of the GDPR is nevertheless not74 KB (10,458 words) - 14:49, 27 March 2024
- OLG Linz - 2R149/21a (category Article 57(3) GDPR)successful legal representation in a procedure under Article 77 GDPR as a damage under Article 82 GDPR from the controller. A district authority had issued26 KB (4,023 words) - 11:52, 21 January 2022
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public bodies (the96 KB (13,984 words) - 16:57, 6 December 2023
- APD/GBA (Belgium) - 73/2020 (category Article 5 GDPR)accordance with article 15 AVG (section 2.1) - data processing officer (section 2.2) - cookie policy (section 2.3) - health data processing (section 2.4) - camera93 KB (14,040 words) - 17:00, 12 December 2023
- APD/GBA (Belgium) - 165/2022 (category Article 13(2) GDPR)and (2) GDPR, Article 14 (1) and (1) 2 GDPR, Article 5 (2) GDPR, Article 24 (1) GDPR and Article 25 (1) GDPR. II. Motivation II.1. Interest of the complainant28 KB (4,010 words) - 13:40, 14 December 2022
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)the basis of article 92, 3° of the WOG. 14. The inspection report shall identify potential breaches of Article 5(1). 2 of the AVG, Article 6 of the AVG84 KB (14,035 words) - 16:56, 12 December 2023
- APD/GBA (Belgium) - 103/2023 (category Article 5(2) GDPR)pursuant to Article 58.2.c) of the GDPR and Article 95, § 1, 4° of the LCA, to send a warning to the defendant. In accordance with Article 108, § 1 of31 KB (4,549 words) - 11:50, 10 August 2023
- APD/GBA (Belgium) - 18/2023 (category Article 5(1)(a) GDPR)could constitute a violation of Article 5.1.a and Article 6.1 of the GDPR. - pursuant to Article 58.2.c) of the GDPR and Article 95, §1, 5° of the LCA, to order29 KB (4,332 words) - 13:51, 21 March 2023
- LG Kassel - 5 O 1954/21 (category Article 15 GDPR)right to access under Article 15 GDPR. Second, the Court considered whether the claimant could have invoked their Article 15 GDPR rights if the data in27 KB (4,214 words) - 13:03, 31 August 2022
- OVG Lüneburg - 8 ME 36/20 (category Article 6 GDPR)HKG ND, Section 85a (1) S 1 HKG ND, Section 5 (1) S 2 DSG ND, Section 46 (2) KomWG ND, Section 51 S 2 WahlG ND PROCEDURE VG Stade, 3 April 2020, Ref: 6 B27 KB (4,222 words) - 15:16, 17 March 2022
- APD/GBA (Belgium) - 135/2023 (category Article 5(1)(b) GDPR)a breach of Article 6(1) GDPR and Article 13(1)(c) GDPR. The DPA found that the controller could not seek to rely on Article 6(1)(b) GDPR as a legal basis27 KB (4,043 words) - 11:36, 11 October 2023
- IP - 0613-438/2019/16 (category Article 32 GDPR)Act (Official Gazette of the Republic of Slovenia) , No 94/07 (hereinafter ZVOP-1), Article 58 (2) (d) of Regulation (EU) 2016/679 of the European Parliament29 KB (4,686 words) - 17:32, 25 April 2021
- OVG Bautzen - 3 B 357/20 (category Article 6(2) GDPR)accordance with Article 6(2) GDPR and Article 6(3) GDPR for adaptation to the application of Article 6(1)(c) GDPR and Article 6(1)(e) GDPR. The court stressed111 KB (18,198 words) - 11:22, 27 November 2023
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)After considering the objections in light of Article 4(24) GDPR and the factors outlined in Article 83(2) GDPR the EDPB instructed the DPC to impose an administrative289 KB (33,568 words) - 15:00, 1 February 2023
- Communications Act (ZEKom-1), the GDPR and the Data Protection Act (ZVOP-1). The principles of Article 5 of the GDPR must be followed and attention must29 KB (4,524 words) - 14:47, 17 March 2022
- VG Berlin - VG 3L 1028.19 (category Article 17(1)(a) GDPR)Buchner, GDPR BDSG, 2nd edition 2018, Art. 5 GDPR marginal 8). Even if the data is “only” incorrect, the requirements of Article 17 (1) (d) GDPR can be met30 KB (4,986 words) - 15:50, 17 March 2022
- IP (Slovenia) - 0611-623/2021/10 (category Article 13(2) GDPR)out SARS-CoV-2 self-testing procedures is Article 6(1)(c) GDPR (the necessity to comply with a legal obligation) and Article 9(2)(h) GDPR, in conjunction30 KB (4,690 words) - 04:23, 23 June 2022
- APD/GBA (Belgium) - 170/2022 (category Article 12(2) GDPR)service questioned compliance with Article 5(1)(b) GDPR). Additionally, the provisions of Articles 12(2), 21 and 25 GDPR did not appear to be satisfied because31 KB (4,450 words) - 11:01, 7 December 2022
- APD/GBA (Belgium) - 14/2023 (category Article 58(2)(c) GDPR)employment contract (article 17.1 of the GDPR), within 30 days of notification of the this decision; - under article 58.2.c) of the GDPR and article 95, §1, 4° of33 KB (4,897 words) - 14:05, 1 March 2023
- OLG Köln - 15 U 137/21 (category Article 15 GDPR)€500 under Article 82(1) GDPR due to a controller's delayed response in providing the data subject information pursuant to Article 15(1) GDPR. In September31 KB (5,138 words) - 08:10, 5 September 2022
- DSB (Austria) - 2021-0.432.224 (category Article 4(11) GDPR)woman Previous address: S***strasse 2-4/35 2***L*** The leave compartment is to be set up at: N***stelle 2*** F***gasse 7 2***L*** The incoming shipments are33 KB (5,026 words) - 12:07, 2 March 2022
- CE - N° 434684 (category Article 7 GDPR)associations under Article L. 761-1 of the Code of Administrative Justice. D E C I D E : -------------- Article 1: The fourth paragraph of Article 2 of the CNIL's32 KB (5,281 words) - 09:50, 10 September 2021
- PHR - 22/01253 (category Article 15 GDPR)personal data in that assessment pursuant to Article 15(1) GDPR. However, Article 23(1)(i) GDPR and Article 41 UAVG provide the possibility of a restriction241 KB (42,617 words) - 14:14, 13 September 2022
- lays down the provisions as stated in Article 95, § 2. This article provides in particular in the aforementioned § 2: "In the cases mentioned in §n1, 4 to31 KB (4,878 words) - 13:23, 31 March 2022
- APD/GBA (Belgium) - 105/2023 (category Article 5(2) GDPR)defendant 2. Also here is there therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a)102 KB (15,787 words) - 07:39, 6 September 2023
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)accountability pursuant to Article 5(2) UK GDPR because it failed to demonstrate compliance with Article 5(1)(a) and (c) UK GDPR principles of lawfulness129 KB (17,281 words) - 14:57, 10 April 2024
- HDPA (Greece) - 9/2024 (category Article 5(1)(a) GDPR)fine based on article 58 paragraph 2 subsection i of the GDPR is appropriate. 27. For Zitatel there is a violation of Article 32 of the GDPR in seven (7)102 KB (17,186 words) - 13:46, 26 April 2024
- VGH München - BeckRS 2021, 36742 (category Article 9(2)(i) GDPR)requirements of sentences 1 and 2 are met, Section 2 Paragraph 1 Clause 1 and Paragraph 2, Section 4 Paragraph 1 and Paragraph 2 No. 2 and Section 12 do not apply;33 KB (5,353 words) - 12:40, 26 January 2022
- LG Köln - 13 K 278/21 (category Article 9(1) GDPR)follow from Art. 82 (6) in conjunction with Art. 79 (2) GDPR. Art. 82 (6) GDPR refers to Art. 79 (2) GDPR with regard to responsibility. According to this35 KB (5,679 words) - 11:27, 2 August 2023
- VG Potsdam - 11 K 4526/16 (category Article 2(1) GDPR)provided for in Article 15(1) GDPR, which was kept by the Higher Administrative Court. The Court denied the request. Does Article 15 GDPR apply to hand written33 KB (5,306 words) - 15:12, 22 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 7099/183/2018 (category Article 7(2) GDPR)provider cannot be considered a processor as per Article 4(7) GDPR, Article 4(8) GDPR, and Article 28(3) GDPR. Therefore, the service provider acted as a data34 KB (5,367 words) - 08:14, 18 May 2022
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 35(2) GDPR)to or instead of the measures referred to in Article 58(2)(a) to (h) and (j) [..)', Article 83(2) of the GDPR recognizes the power of the national supervisory163 KB (27,222 words) - 16:54, 6 December 2023
- UOOU (Czech Republic) - UOOU-01025/20-121 (category Article 5 GDPR)legal basis under Article 6(1) GDPR and in violation of transparency obligations in the privacy policy under Article 5(1)(a) and 13 GDPR. The DPA in the246 KB (39,598 words) - 09:26, 24 April 2024
- Datatilsynet (Norway) - 21/02504 (category Article 5(2) GDPR)without a legal basis under Article 6(1) GDPR and for not adhering to the accountability principle as per Article 5(2) GDPR, cf. Article 24. The DPA also requires40 KB (5,993 words) - 05:16, 16 February 2022
- APD/GBA (Belgium) - 01/2022 (category Article 12(2) GDPR)for several persons involved. As such, no violation of Article 12(2)n Article 17(1) and Article 24. However, the private employment agency is reprimanded38 KB (5,715 words) - 13:33, 17 February 2022
- Supreme Court - III CZP 78/19 (category Article 5 GDPR)defendant is Article 159(2)(4) of the Polish Telecommunications Law, in conjunction with Article 30, Article 32(2), Article 42(1) and Article 45(1) of the39 KB (5,984 words) - 09:08, 2 November 2020
- FG München - 15 K 118/20 (category Article 4(7) GDPR)the GDPR under Article 2(2)(a) GDPR. Furthermore, the court extensively discussed the material scope of application according to Article 2(1) GDPR. At85 KB (14,338 words) - 22:04, 9 February 2022
- LG Bonn - 13 O 126/22 (category Article 82 GDPR)confidentiality of data pursuant to Article 5(1)(f) GDPR and violated the principle of privacy by default and by design (Article 24 GDPR). The controller was aware37 KB (5,954 words) - 13:58, 22 June 2023
- compliance of the provision in Article 25h, paragraph 2 of the LPPD with Article 10 ECHR, Article 19 of the UDHR and Article 19 of the ICCPR . Considers,91 KB (14,896 words) - 17:02, 7 March 2022
- Rb. Noord-Nederland - C/ 18/189406/HA ZA 19-6 (category Article 32(2) GDPR)content: [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted] [article quoted]105 KB (18,002 words) - 16:24, 10 March 2022
- APD/GBA (Belgium) - 24/2021 (category Article 35(2) GDPR)the basis of article 6.1 e) GDPR read together with articles 5.2 GDPR and 24.1 GDPR. 3) Violation of Articles 12.1, 12.6, 13.1 and 13.2 GDPR: the Inspection110 KB (18,238 words) - 16:56, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3895/83/22 (category Article 58(2)(a) GDPR)should rely on one of the legal basis under Article 6 and 9 GDPR. Specifically, Articles 9(2)(h) and 9(3) GDPR allow for processing of sensitive data for41 KB (6,305 words) - 11:34, 28 October 2022
- APD/GBA (Belgium) - 172/2022 (category Article 58(2) GDPR)controller and processor in the GDPR”, adopted on July 7, 2021. 6 GDPR, Art. 12. 7GDPR, Art. 12.2 and 12.3. 8 GDPR, Art. 12.3. 9 GDPR, art. 12.3. Decision 172/202243 KB (6,300 words) - 11:35, 20 December 2022
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 13(2)(a) GDPR)violation of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed60 KB (9,144 words) - 16:17, 22 March 2022
- APD/GBA (Belgium) - 158/2022 (category Article 6 GDPR)(pursuant to Article 95(1)(4) LCA and Article 58(2)(a) GDPR) for the controller because it seemed to fail to comply with Articles 6 and 24 GDPR. The DPA warned42 KB (6,128 words) - 12:47, 16 November 2022
- IMY (Sweden) - DI-2021-3399 (category Article 6(1) GDPR)follows from Article 58(2)(i) and Article 83(2) of the GDPR that the IMY has the power to impose administrative fines in accordance with Article 83. Depending54 KB (6,188 words) - 14:20, 1 March 2023
- Rb. Midden-Nederland - AWB - 20 3811 (category Article 5(1)(a) GDPR)2019: 376, para 4.2.2, of 28 May 2019, ECLI: NL: HR: 2019: 793, para. 2.4.5. and of 19 July 2019, ECLI: NL: HR: 2019: 1278, r.o. 2.13.2.38 KB (6,124 words) - 13:15, 19 May 2021
- DSB (Austria) - 2021-0.586.257 (category Article 4(2) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- BVwG - W274 2214412-1 (category Article 5(1)(d) GDPR)complaint pursuant to Article 77 of the GDPR on the grounds of infringement of the right to erasure of data pursuant to Article 17 of the GDPR and the right to40 KB (6,634 words) - 10:07, 10 September 2021
- ICO (UK) - LTH Holdings Limited (category Article 4(11) GDPR)("the GDPR"): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)54 KB (6,922 words) - 11:45, 16 June 2021
- mechanism (see Article 56 GDPR). During the appeal procedure, however, the AEPD claimed that only Article 22 LSSI (which also stems from Article 5(3) ePrivacy31 KB (4,895 words) - 11:51, 2 May 2024
- AEPD (Spain) - PS/00214/2022 (category Article 9(2) GDPR)Law", which is a requirement of Article 9(2)(j) GDPR. Therefore, the controller could not rely on Article 9(2)(j) GDPR for its processing. Third, the DPA131 KB (20,916 words) - 12:38, 13 December 2023
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 9(2) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- AEPD (Spain) - PS/00070/2019 (category Article 5(2) GDPR)referred to Article 5(1)(a) (principle of lawfulness, fairness and transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding422 KB (70,184 words) - 13:56, 13 December 2023
- ICO (UK) - The Central Young Men’s Christian Association (category Article 5(1)(f) GDPR)the UK GDPR and the DPA. They are obliged by Article 5(2) to adhere to the data processing principles set out in Article 5(1) of the UK GDPR. Article 5(2)54 KB (7,579 words) - 16:44, 7 May 2024
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include440 KB (73,154 words) - 09:44, 12 May 2021
- Tietosuojavaltuutetun toimisto (Finland) - 9707/152/19 (category Article 12(3) GDPR)sessions, within the Article 12(3) GDPR time limit. Moreover, the DPA declared that the therapist had breached Article 12(4) GDPR, as they did not inform46 KB (7,186 words) - 14:12, 18 October 2023
- CNIL (France) - SAN-2021-022 (category Article 13(2) GDPR)of the obligation to inform individuals pursuant to Article 13 of the GDPR 38. Article 13 of the GDPR requires the data controller to provide, at the time49 KB (7,295 words) - 10:16, 10 July 2022
- CNPD (Portugal) - Deliberaçao 2024/137 (category Article 13(2)(c) GDPR)provisions of Article 3o , Article 4(2) and Article 6(1)(b), all of the GDPR Implementing Law. 57. Under the terms of Article 55(1) of the GDPR, supervisory49 KB (7,923 words) - 14:36, 3 April 2024
- AEPD (Spain) - PS-00507-2022 (category Article 83(2) GDPR)were initiated, based on Article 63 and Article 64 LPACAP and an infringement of Article 6(1) GDPR typified in Article 83(5) GDPR. After the proceedings49 KB (7,832 words) - 10:54, 22 January 2024
- DSB (Austria) - 2023-0.594.826 (category Article 2(1) GDPR)up the material scope of application of Article 2 paragraph 1 GDPR; an exception under Article 2 paragraphs 2 to 4 is not apparent.Within the official56 KB (8,692 words) - 14:58, 10 April 2024
- LAG Berlin-Brandenburg - 10 Sa 2130/19 (category Article 9(2)(b) GDPR)rely on Article 9(2)(b) GDPR. The LArbG Berlin-Brandenburg also confirmed that the processing was not necessary in light of Article 9(2)(b) GDPR, and emphasised50 KB (8,194 words) - 12:05, 3 March 2022
- VG Hamburg - 21 K 1802/21 (category Article 9(2)(g) GDPR)§§ 2 ff. HmbKrebsRG Article 9 (1) GDPR, Article 6 (1) GDPR, Article 5 (1) in conjunction with Articles 12, 13 and/or Article 14 GDPR and/or Article 5 (1)115 KB (18,479 words) - 16:31, 25 January 2023
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)and the lack of control by Vodafone on that; - A € 2 000 000 fine for the infringement of Article 44 GDPR: due to the carrying out of international transfers287 KB (48,336 words) - 13:53, 13 December 2023
- CNIL (France) - SAN-2022-017 (category Article 21(2) GDPR)right of opposition of persons pursuant to Article 21 of the GDPR 60. According to Article 21.2 of the GDPR: “when the personal data are processed for59 KB (8,323 words) - 11:51, 31 August 2022
- CE - 451423 (category Article 55(1) GDPR)provided for by the GDPR. With regard to article 3 of the law of January 6, 1978: As to the scope of this article 3:9. According to I of article 3 of the law51 KB (8,228 words) - 17:33, 11 January 2023
- IP (Slovenia) - 0611-10/2021/11 (category Article 6(1)(f) GDPR)personal data (Article 4(2) GDPR) and the operator of video surveillance is responsible for complying with the principles set out in Article 5 GDPR, including53 KB (8,475 words) - 11:00, 7 July 2021
- ICO (UK) - AMEX (category Article 4(11) GDPR)communication. 2 • ICO. Information Commissioner's Office (4) A subscriber shall not permit his line to be used in contravention of paragraph (2)." 5. Section72 KB (8,623 words) - 10:38, 26 May 2021
- ICO (UK) - The Money Hive Limited (category Article 4(11) GDPR)("the GDPR"): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)63 KB (8,280 words) - 14:53, 2 March 2022
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 5(2) GDPR)this regard [GDPR Article 14 (2) b) ]. (iv) The prospectus did not provide any information regarding data subject rights [GDPR Article 14 (2) c)]. In the140 KB (23,189 words) - 08:25, 20 February 2024
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)data 9 2.1.1 Factual findings 9 2.1.2Legal assessment 9 2.2 Controller and processor(s) 10 2.2.1 Factual findings 10 2.2.2Legal assessment 12 2.3Security179 KB (22,957 words) - 17:07, 12 December 2023
- BVwG - W274 2239030-1/12E (category Article 4(7) GDPR)relationships are not conclusive when establishing controllership pursuant to Article 4(7) GDPR. A number of data subjects attended a festival, during which they were51 KB (8,406 words) - 16:39, 14 December 2022
- EDPB - Urgent Binding Decision 1/2021 - 'WhatsApp' (category Article 66(2) GDPR)EDPB. 2 COMPETENCE OF THE EDPB TO ADOPT AN URGENT BINDING DECISION UNDER ARTICLE 66(2) GDPR 2.1 Existence of a request pursuant to Article 66(2) GDPR coming188 KB (31,298 words) - 12:31, 20 January 2023
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include457 KB (75,575 words) - 09:36, 12 May 2021
- LG München I - 33 O 5976/22 (category Article 80(2) GDPR)associations based on Section 2 (2) sentence 1 no. 11 GDPR against GDPR Violations in accordance with Art. 80 Para. 2 GDPR can, provided that the data processing65 KB (9,647 words) - 11:40, 4 October 2023
- OVG Münster - 16 A 1582/21 (category Article 12(5) GDPR) (section Processing of Personal Data Partly by Automated Means, Article 2(1) GDPR)12(5)(1) GDPR apply. However, it leaves open whether the material scope of application of the GDPR is opened or not opened due to Article 2(2)(a) GDPR. In any123 KB (20,784 words) - 10:11, 26 November 2021
- DSB (Austria) - DPA 2023-0.594.826 (category Article 2(1) GDPR)up the material scope of application of Article 2 paragraph 1 GDPR; an exception under Article 2 paragraphs 2 to 4 is not apparent.Within the official56 KB (8,709 words) - 14:27, 10 April 2024
- OGH - 6Ob129/21w (category Article 4(1) GDPR)provisions of the GDPR under national law implementing Article 85 GDPR. Processing can be based on legitimate interests under Article 6(1)(f) GDPR. In 2019, the60 KB (9,555 words) - 14:13, 2 March 2022
- LAG Düsseldorf - 12 Sa 186/19 (category Article 9 GDPR)interests of the data subject. 174 (4.2.2.) Article 9 (2) (h) GDPR confirms the provision of Article 9 (2) (b) GDPR in relation to the health sector (Weichert120 KB (20,753 words) - 17:06, 7 March 2022
- OLG München - 18 U 5493/19 Pre (category Article 99(2) GDPR)Art. 3 para. 1 BGB § 307 para. 1, para. 2, para. 3 TMG § 3 para. 2 p. 1, § 13 As. 4 p. 1 GDPR Art. 99 para. 2 Guiding principles: (1) The operator of a58 KB (9,657 words) - 14:01, 20 September 2021
- Rb. Den Haag - C/09/550982/HA ZA 18/388 (category Article 5(1)(b) GDPR)account the purpose of limitation principle (Article 5(1)(b) GDPR) and data minimization (Article 5(1)(c) GDPR). For example, the Court noticed that the data128 KB (21,722 words) - 16:14, 10 March 2022
- EWCA - Open Rights Group & Anor, R v Secretary of State for the Home Department & Anor (category Article 23 GDPR)paragraph 4 of Schedule 2 to the Data Protection Act 2018 is contrary to Article 23 of the GDPR and Article 23 of the UK GDPR: [2021] EWCA Civ 800, [2021]53 KB (8,584 words) - 16:13, 14 December 2021
- APD/GBA (Belgium) - 62/2022 (category Article 12 GDPR)controller violated Article 6 GDPR because it had no legal basis to disclose the email addresses. It reasoned that Article 6(1)(a) GDPR was not applicable58 KB (9,477 words) - 18:41, 1 June 2022
- TA Luxembourg - 45717 (category Article 15 GDPR)pronounce on the applicability of the GDPR in the context of a claim ? 2.2. Article 78 (1) and (2) of the GDPR, and/or Article 47 of the Bill of Rights fundamental58 KB (9,280 words) - 12:38, 28 June 2023
- CNIL (France) - SAN-2021-012 (category Article 14 GDPR)the meaning of the provisions of article 3-2)-b) of the GDPR and therefore falls within the territorial scope of the GDPR and the provisions of the Data55 KB (8,897 words) - 13:56, 21 November 2023
- EDPB - Urgent Binding Decision 01/2023 (category Article 58(2)(f) GDPR)under Article 66(2) GDPR.......... 15 2.1 The SA has taken provisional measures under Article 66(1) GDPR....................................... 15 2.2 Existence346 KB (48,181 words) - 16:39, 12 December 2023
- APD/GBA (Belgium) - 165/2023 (category Article 5(2) GDPR)of: 1. Article 5.1.f) and 5.2 of the GDPR, Article 24.1 of the GDPR, Article 25.1 of the GDPR and Articles 32.1 and 32.2 GDPR; 2. Articles 35.1, 35.2, 3567 KB (9,908 words) - 11:09, 10 January 2024
- VGH München - 5 BV 20.2104 (category Article 2(2)(d) GDPR)the GDPR pursuant to Article 2(2)(d). Article 79 GDPR does not explicitly limit judicial remedies to the rights enshrined in Chapter III of the GDPR. Following61 KB (10,218 words) - 12:31, 13 June 2023
- APD/GBA (Belgium) - 110/2023 (category Article 5(2) GDPR)breach of the principle of accountability under Article 5(2) GDPR and Article 33(5) GDPR. Article 5(2) GDPR establishes the principle of accountability which66 KB (9,820 words) - 10:13, 13 September 2023
- ICO (UK) - Cabinet Office (category Article 5(1)(f) GDPR)the GDPR and DPA 2018. They are obliged by Article 5(2) of the GDPR to adhere to the data processing principle set out in Article 5(1). 8. Article 5(1)(f)79 KB (10,566 words) - 10:48, 7 December 2021
- ICO (UK) - Tuckers Solicitors LLP (category Article 5(1)(f) GDPR)By Article 58(2)(d) of the GDPR, the Commissioner has the power to notify controllers of alleged infringementof GDPR. By Article 58(2)(i) he has the power87 KB (10,588 words) - 14:32, 16 March 2022
- NAIH (Hungary) - NAIH-4667-10/2022 (category Article 10 GDPR)paragraph (2) of Article 15-22, the data controller you may not refuse to fulfill your request to exercise your rights according to Article, unless you62 KB (9,999 words) - 10:21, 7 December 2022
- HmbBfDI (Hamburg) - Vermerk: Abdingbarkeit von TOMs (category Article 6(1)(a) GDPR)not necessarily meet the requirements of Article 32 GDPR. To what extent are the provisions in Article 32 GDPR obligatory and thus, not subject to the preferences30 KB (4,562 words) - 15:27, 6 December 2023
- IP (Slovenia) - 0612-23/2019/19 (category Article 5(2) GDPR)purposes and means of processing, it is actually a controller. Article 24 GDPR and Article 5(2) GDPR establish the principle of responsibility, which means that64 KB (10,160 words) - 13:24, 27 July 2022
- CNIL (France) - SAN-2023-015 (category Article 7(1) GDPR)of Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 15 GDPR, Article 28 GDPR, Article 32 GDPR and Article 33 GDPR, as well as of Article L. 34-567 KB (10,546 words) - 13:55, 25 October 2023
- APD/GBA (Belgium) - 07/2024 (category Article 5(1)(c) GDPR)the GDPR: i. Articles 5.1.a) and 5.2, as well as Article 6.1 GDPR; ii. Articles 12.1 and 12.2, Article 15.1, Article 5.2, Article 24.1, and Article 25.1350 KB (51,369 words) - 09:25, 31 January 2024
- VGH Baden-Württemberg - 1 S 1739/20 (category Article 5 GDPR)freedom (Article 2.2 sentence 2 of the Basic Law) and her general right of personality (Article 2.1 of the Basic Law in conjunction with Article 1.1 of the66 KB (10,911 words) - 08:49, 21 June 2022
- APD/GBA (Belgium) - 85/2022 (category Article 5(2) GDPR)consent was given obtained (potential violation of Article 6.1 a) GDPR): ▪ Article 6.1 a) GDPR and Article 129 of the law on electronic communication (WEC)171 KB (24,826 words) - 15:55, 18 June 2022
- CNIL (France) - SAN-2021-021 (category Article 12 GDPR)arising from Article 25 of the GDPR. 5. The breach relating to the obligation to ensure the security of personal data 97. Article 32 of the GDPR provides that:69 KB (11,291 words) - 15:15, 19 January 2022
- CNIL (France) - SAN-2024-004 (category Article 4(11) GDPR)there was a breach of Article 14 GDPR. Finally, regarding the security of processing, the CNIL indicated that under Article 32 GDPR, the controller must69 KB (10,971 words) - 11:00, 17 April 2024
- NAIH (Hungary) - NAIH-2727-2/2022. (category Article 5(2) GDPR)and Article 58 (2) GDPR (b) condemns the Applicant for violating: - Article 5 (1) (a) and (b) of the GDPR, - Article 5 (2) of the GDPR, - Article 6 (1)79 KB (12,461 words) - 16:08, 22 June 2022
- Datainspektionen - DI-2018-9274 (category Article 5(1)(b) GDPR)May 2018. 2.2 Follow-up of complaints 2 2.2.1 What has emerged during the proceedings During a control search on 8 June 2018 of complaint 2, the Data Inspectorate96 KB (12,267 words) - 11:43, 7 April 2022
- Tietosuojavaltuutetun toimisto (Finland) - 8422/161/21 (category Article 12(2) GDPR)and of the Council ((EU) 2016/679) Article 12(1), (2) and (6), Article 15(3), Article 58(2)(b) and (i), Article 83(1), (2), (5) and (6). Data Protection Act74 KB (11,917 words) - 06:52, 27 September 2023
- CNIL (France) - SAN-2023-024 (category Article 6(1) GDPR)regarding the controllership, the CNIL noted that Article 4(7) GDPR applied due to the reference made by Article 2 of the ePrivacy directive. The CNIL considered76 KB (12,140 words) - 13:55, 28 February 2024
- CNIL (France) - Deliberation SAN-2022-024 of December 20, 2022 (category Article 4(11) GDPR)the aforementioned article . 2. On the conditions for obtaining consent 60. In law, the "ePrivacy" directive provides in its article 2, f), that the consent73 KB (11,822 words) - 11:58, 11 January 2023
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)(2) (f) and Article 14 (2) (g), Article 14 (1) andArticle 15 (1) (h) and Article 21 (1)infringement of Article 18 (1) (a) and (d).order the restriction192 KB (30,170 words) - 10:11, 17 November 2023
- CNIL (France) - SAN-2023-009 (category Article 7(1) GDPR)violation of Article 7(1) GDPR. D. On the breach of the obligations of information and transparency 81. Article 12, paragraph 1, of the GDPR provides that:78 KB (12,701 words) - 10:11, 28 June 2023
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA206 KB (30,485 words) - 09:54, 14 December 2023
- FG Berlin-Brandenburg - 16 K 16155/21 (category Article 79(2) GDPR)ordinary courts (Article 34 GG, Article 40(2) VwGO). Moreover, the Court considered the reference to Article 79(2) GDPR from Article 82(6) GDPR, and the fact19 KB (2,925 words) - 11:09, 27 July 2022
- APD/GBA (Belgium) - 149/2022 (category Article 5(2) GDPR)of Article 5(1)(a) and (2) GDPR, Article 6(1) GDPR with regard to the principle of legality; 2. there is an infringement of Article 5 GDPR, Article 2489 KB (13,017 words) - 15:07, 2 November 2022
- APD/GBA (Belgium) - 66/2021 (category Article 4(3) GDPR)integrality of the indictments. 2.2. Identification of the controller (Article 4.7 GDPR) 71. In accordance with Article 4.7 of the GDPR, the controller should be88 KB (13,010 words) - 20:12, 30 December 2021
- APD/GBA (Belgium) - 46/2022 (category Article 5(1)(a) GDPR)responsibility – article 5.2. of the GDPR) and to implement all the measures necessary for this purpose (Article 24 of the GDPR). 26. Pursuant to Article 5.1.a)86 KB (12,864 words) - 06:37, 23 February 2023
- APD/GBA (Belgium) - 101/2022 (category Article 5(2) GDPR)amount of EUR 20,000 (Article 83, paragraph 2 GDPR; Article 100, §1, 13° WOG and Article 101 WOG). 27 94. Taking into account Article 83 AVG and the case88 KB (13,264 words) - 09:09, 29 June 2022
- AEPD (Spain) - EXP202210101 (category Article 6(1) GDPR)criteria established in section 2 of the aforementioned article. 2. In accordance with the provisions of article 83.2.k) of Regulation (EU) 2016/679 may85 KB (13,823 words) - 12:51, 3 April 2024
- OLG Koblenz - 5 U 2141/21 (category Article 82 GDPR)compare § 31(2) BDSG). The court further assessed the requirements of Article 82 GDPR in length. It established that the Article 82(1) GDPR requires the81 KB (13,639 words) - 18:14, 7 June 2022
- APD/GBA (Belgium) - 188/2022 (category Article 5(2) GDPR)is: 1. a breach of Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) paragraph 2 of the GDPR; and 2. a breach of Article 12 paragraph 1 and95 KB (14,325 words) - 14:27, 25 January 2023
- NAIH (Hungary) - NAIH – 6427-1/2023 (category Article 5(1)(b) GDPR)were in violation of Article 5(1)(e) GDPR and Article 32 GDPR, but the DPA dismissed its previous finding of the Article 5(1)(b) GDPR violation. The DPA87 KB (14,360 words) - 08:30, 27 September 2023
- APD/GBA (Belgium) - 11/2022 (category Article 4(1) GDPR)fairness (article 5.1. a) and the information obligations of Article 13.2 (a) and (e) of the GDPR). 54. Under Articles 5.2 and 24 of the GDPR, the controller92 KB (13,989 words) - 14:56, 3 February 2022
- OLG Hamm - 11 U 88/22 (category Article 82 GDPR)2022, Article 82 GDPR, paragraph 20; Nemitz, in: Ehmann/Selmayr, GDPR, 2nd edition 2018, Article 82, paragraph 20; Gola/Piltz, in: Gola/Heckmann, GDPR/ BDSG85 KB (14,523 words) - 05:28, 26 April 2023
- APD/GBA (Belgium) - 57/2023 (category Article 12(2) GDPR)of: 1. Article 5 (1) (a) and (2) and Article 6 (1) GDPR; 2. Article 5, Article 24 (1) and 25 (1) and (2) GDPR; 3. Article 12 paragraph 1, paragraph 2, paragraph99 KB (15,129 words) - 09:21, 31 May 2023
- APD/GBA (Belgium) - 57/2021 (category Article 5(2) GDPR)result of the violations of article 5.1 a), article 5.2, article 6.1, article 12.1, article 13.1 c) and d) and article 13.2 b) GDPR. 21. On 17 June 2020, the99 KB (15,064 words) - 14:05, 2 June 2021
- APD/GBA (Belgium) - 15/2023 (category Article 5(2) GDPR)of Article 6(1)(e) are met. II.2. Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) and (2) of the AVG II.2.1. Article 5 (2) GDPR, Article105 KB (15,883 words) - 15:05, 8 March 2023
- First-tier Tribunal - Clearview AI Inc. v ICO (category Article 3(2)(b) GDPR)also submits that were the criteria in Article 3(2)(b) to be met, both Article 2(2)(a) GDPR/ Article 3(2A) UK GDPR operate to take this case beyond the material99 KB (16,103 words) - 08:41, 25 October 2023
- FG München - 15 K 1212/19 (category Article 2(2)(d) GDPR)whether Art. 15 GDPR applies to the investigation files at all, since according to Art. 2 Para. 2 d GDPR, Section 2a Para. 4 AO, the GDPR does not apply98 KB (16,511 words) - 08:37, 9 May 2022
- LG Rostock - 3 O 762/19 (category Article 4(2) GDPR)a legal consequence reference to the GDPR pursuant to Article 94(2) of the GDPR. Therefore, the norms of the GDPR, specifically Art. Art. 4 No. I I , Art103 KB (16,959 words) - 13:58, 20 September 2021
- UODO (Poland) - DKN.5131.59.2022 (category Article 33(1) GDPR)should have notified the DPA under Article 33(1) GDPR and the data subjects affected by the breach under Article 34(1) GDPR. Regarding the corrective measure108 KB (17,728 words) - 07:57, 25 April 2024
- LAG Düsseldorf - 12 Sa 18/23 (category Article 82 GDPR)tried to base the processing on contract (Article 6(1)(b) GDPR) or legitimate interest (Article 6(1)(f) GDPR), the requirement of necessity was not met102 KB (17,108 words) - 09:44, 15 February 2024
- Datatilsynet (Denmark) - 2021-432-0063 (category Article 58(2)(b) GDPR)cf. Article 35 of the Data Protection Regulation. The order is announced in accordance with the data protection regulation, article 58, subsection 2, letter35 KB (5,141 words) - 14:34, 28 September 2022
- AEPD (Spain) - PS/00281/2022 (category Article 58(2)(c) GDPR)for a violation of article 58.2 c) of the GDPR, in accordance with article 83.6 of the GDPR, classified as very serious in article 72.1.m) of the LOPDGDD313 KB (53,033 words) - 10:20, 7 June 2023
- NS - 30 Cdo 3909/2023-174 (category Article 85 GDPR)of Directive 2002/58 and Article 1 paragraph 2 and points 3, 10 and 51 of the GDPR) and in the domestic context also Article 10, paragraph 3 of the Charter103 KB (16,947 words) - 08:34, 24 April 2024
- Datatilsynet (Norway) - 23-114365TVI-TOSL/08 and 23-114359TVI-TOSL/08 (category Article 6(1)(b) GDPR)because, under the GDPR, Facebook Norway could not be considered a data controller under Article 4(7) GDPR and Articles 66(1) and 61(8) GDPR were used incorrectly113 KB (18,098 words) - 11:57, 13 September 2023
- CNIL (France) - SAN-2023-021 (category Article 5(1)(c) GDPR)highly intrusive and therefore could not be based on Article 6(1)(f) GDPR. Secondly, Article 5(1)(c) GDPR indicates that personal data should be adequate,115 KB (18,607 words) - 11:00, 6 February 2024
- DPC (Ireland) - IN-19-7-6 (category Article 17 GDPR)from the GDPR under Article 2(2) of the GDPR. 165. Article 2(2) of the GDPR outlines certain types of processing of personal data to which the GDPR does not513 KB (85,155 words) - 13:25, 8 July 2023
- AEPD (Spain) - PS/00477/2019 (category Article 6 GDPR)Violation of article 24.2 of the Constitution, presumption of innocence. First, it invokes Articles 24.2, 103.1 and 2 of the EC, and Article 6 of the Convention566 KB (93,179 words) - 13:43, 13 December 2023
- OGH - 6Ob56/21k (category Article 2(2)(c) GDPR)obliged to comply with the GDPR provisions as a processor, while the controller could invoke the exemption of Article 2(2)(c) GDPR. The court then refers to127 KB (21,056 words) - 08:17, 19 August 2021
- Garante per la protezione dei dati personali (Italy) - 10002324 (category Article 33(2) GDPR)Garante found a violation of the processing principle under Article 5(1)(f) GDPR and Article 32 GDPR related to the security of processing which was compromised129 KB (20,678 words) - 08:25, 8 May 2024
- RvS (Netherlands) - 202006082/1/A3 (category Article 11 GDPR)the identity of a data subject requesting access. And, following Article 12(6) GDPR, if there is reason to doubt the identity, additional information may21 KB (3,219 words) - 12:03, 11 August 2021
- NAIH (Hungary) - NAIH-5114-35/2022 (category Article 58(2)(f) GDPR)legitimate interest. Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data management in this case. GDPR Article 4, point 1: "personal data":146 KB (22,679 words) - 15:52, 3 May 2023
- NAIH (Hungary) - NAIH-85-3/2022 (category Article 5(2) GDPR) (section Fine and order to comply with GDPR)(EU) No Article 5 (1) (a) and (b), Article 6 (1), Article 6 (4) Article 12 (1), Article 13, Article 21 (1) and (2), Article 24 (1), Article 25 Article 1 (1)147 KB (23,028 words) - 13:36, 28 February 2023
- official report was drawn up. 2.2 After the oral hearing, the court ruled on September 1, 2022 or as soon as possible. 2.3 In its appeal, ING requested27 KB (4,150 words) - 13:42, 27 July 2022
- Court of Appeal - (2021) IECA 53 (category Article 4(11) GDPR)particular regard to Article 5(2) of the GDPR which established the principle of accountability in respect of a data controller. Article 5(1) provides, in136 KB (23,256 words) - 13:47, 29 April 2021
- violation of Article 5.1.c) of the GDPR, Article 6 of the GDPR, Article 9 of the GDPR, Article 12 of the GDPR, Article 35 of the RGPD, Article 13 of the RGPD337 KB (50,591 words) - 15:29, 5 August 2021
- Tietosuojavaltuutetun toimisto (Finland) - 8492/163/20 (category Article 58(2)(d) GDPR)administrative penalty fee: 1) Article 5, Paragraph 1, subparagraphs d and a; 2) Article 13; 3) paragraph 3 of Article 12; and 4) Article 15(1). Viking Line Oy149 KB (24,224 words) - 12:20, 2 January 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)to work. 1 2See, among other things, article 4 paragraph 1 SUWI and the ZBO register of the Dutch central government. See article 2 paragraph 2 SUWI and106 KB (14,502 words) - 17:09, 12 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 46(2)(c) GDPR)(VWA ./05, see point II.2), the XXXX (VWA ./06, see point II.2) and a certificate of representation (VWA ./07, see point II.2). I.2. As a result, the BA continued158 KB (26,392 words) - 08:25, 7 June 2023
- ICO - Monetary Penalty on Marriott International Inc. (category Article 5(1)(f) GDPR)and Article 5, Chapter IV and Article 83. The relevant obligations 2.5. Chapter 1 GDPR sets out the general provisions. Article 5 of Chapter I GDPR sets241 KB (31,368 words) - 09:59, 9 May 2022
- the meaning of Article 9 of the GDPR must indeed be based on Article 9.2 of the GDPR, read in conjunction with Article 6.1 of the GDPR. 24 This has been207 KB (31,357 words) - 14:21, 8 June 2022
- AEPD (Spain) - PS/00226/2020 (category Article 6 GDPR)violation of Article 7(4) GDPR. Based on these considerations, the AEPD issued a €2,000,000 fine against Caixabank for infringing Article 6 GDPR in relation373 KB (61,959 words) - 14:17, 9 March 2022
- Datatilsynet (Norway) - 21/03126 (category Article 58(2)(i) GDPR)currently pending. Pursuant to Article 58(2)(i) GDPR and Article 83(4)(a) GDPR, the DPA imposed an administrative fine of €220,337 (NOK 2 500 000) against Argon133 KB (19,309 words) - 05:16, 24 March 2023
- AEPD (Spain) - EXP202305587 (category Article 5(1)(f) GDPR)sanction for both Article 5(1)(f) and 32 GDPR in this case would constitute a double violation of the GDPR, when in fact Article 5(1)(f) GDPR is merely a concretion285 KB (44,507 words) - 11:21, 30 April 2024
- VG Köln - 6 K 3228/19 (category Article 6(1)(f) GDPR)found that GDPR does not prevent the claimant from exercising their basic right. In this regard the court referred to Article 6(1)(f) GDPR to highlight68 KB (11,146 words) - 17:16, 9 March 2022
- LG Deggendorf - 33 O 461/22 (category Article 82 GDPR)Para. 94Art. Article 82 paragraph 2 GDPR, which specifies the liability regime, the principle of which is laid down in paragraph 1 of this article, adopts66 KB (11,183 words) - 09:28, 12 July 2023
- DPC (Ireland) - WhatsApp Ireland Limited - IN-18-12-2 (category Article 13(2)(a) GDPR) (section Articles 13(1) and 13(2) GDPR)the relevant provisions of the GDPR are Article 14, read in conjunction with Article 12(1). 28. Article 14 of the GDPR concerns transparency in the context830 KB (115,261 words) - 15:37, 22 February 2022
- AEPD (Spain) - PS/00140/2020 (category Article 58(2)(d) GDPR)according to Article 58(2)(d) GDPR. First, the AEPD established that the GDPR was applicable under Article 3(1) GPDR or, if not, at least Article 3(2)(a) GDPR390 KB (63,154 words) - 07:08, 9 June 2022
- AEPD (Spain) - PS/00500/2020 (category Article 4(4) GDPR)Therefore, consent was not valid as a legitimate basis from Article 6(1) GDPR, in relation to Article 7 GDPR, and thus processing was unlawful. On these grounds408 KB (64,616 words) - 14:28, 24 November 2022
- OLG Köln - 6 U 58/23 (category Article 44 GDPR)plaintiff derives his legitimacy from Section 2 Paragraph 2 Sentence 1 No. 11 UKlaG or from Article 80 Paragraph 2 GDPR and only has to show that it concerns data118 KB (19,824 words) - 10:49, 6 February 2024