Search results
From GDPRhub
- Article 5 GDPR (section (c) Data minimisation)Outdated personal data is a subset of inaccurate personal data, as the data became inaccurate over time. The consequences for data subjects can be very51 KB (6,355 words) - 08:25, 18 April 2024
- of the data subject could in particular override the interest of the data controller where personal data are processed in circumstances where data subjects108 KB (17,005 words) - 15:39, 18 March 2024
- personal data are collected from the data subject, the data subject should also be informed whether he or she is obliged to provide the personal data and of76 KB (11,304 words) - 08:37, 4 March 2024
- Article 4 GDPR (section (1) Personal data)as such, covered by the GDPR. Personal data is often contrasted with 'anonymous' data. Anonymous data is data relating to a person that is not identifiable125 KB (16,328 words) - 16:01, 8 March 2024
- require the controller to comunicate a personal data breach to a data subject, if it considers that the data breach is resulting in a high risk. The order46 KB (5,825 words) - 11:12, 7 November 2023
- Article 32 GDPR (section (c) Ability to restore availability and access to personal data in a timely manner)where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are41 KB (5,197 words) - 12:17, 17 April 2024
- Article 15 GDPR (section Passive ex-post information about the personal data of the specific data subject)provided by the data subject (e.g. account data submitted via forms, answers to a questionnaire); observed data or raw data provided by the data subject by73 KB (9,896 words) - 15:46, 18 March 2024
- Article 13 GDPR (section (1) Information the controller shall provide at the time personal data is obtained)provided where personal data are collected from the data subject 1. Where personal data relating to a data subject are collected from the data subject, the controller71 KB (9,532 words) - 13:30, 6 March 2024
- office is in Madrid. The requirement to have a data protection authority stems from Article 44 of the Spanish Data Protection Act, which is the national act4 KB (386 words) - 15:29, 3 September 2021
- applies to personal data which concerns the data subject. This primarily includes the data subject's own personal data, including profiling data, and not those61 KB (8,488 words) - 15:47, 18 March 2024
- Article 9 GDPR (section (e) Related to personal data which are manifestly made public by the data subject)processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural44 KB (5,905 words) - 14:00, 24 October 2023
- Articles 5, 6, 7 and 9; (b) the data subjects' rights pursuant to Articles 12 to 22; (c) the transfers of personal data to a recipient in a third country55 KB (7,622 words) - 14:04, 7 November 2023
- Article 25 GDPR (section Designed to implement data-protection principles in an effective manner and protecting data subjects' rights and freedoms)of data protection by design and data protection by default. Such measures could consist, inter alia, of minimising the processing of personal data, pseudonymising43 KB (4,675 words) - 06:43, 16 June 2023
- Article 14 GDPR (section (1) Information the controller shall provide when personal data has not been obtained from the data subject)provided where personal data have not been obtained from the data subject 1. Where personal data have not been obtained from the data subject, the controller47 KB (5,644 words) - 17:49, 5 March 2024
- that the data is first processed. However, if data is collected directly from the data subject, Article 13(2)(b) GDPR requires that the data subject will49 KB (5,993 words) - 06:22, 16 June 2023
- Article 24 GDPR (section (2) Data protection policies)where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are30 KB (3,458 words) - 10:31, 25 April 2024
- corrective measures requested, as well as the identification of the data controller or data processor, where known. If possible, the complaint shall contain7 KB (808 words) - 08:17, 16 February 2023
- shall be able to demonstrate that the data subject has consented to processing of his or her personal data. 2. If the data subject's consent is given in the31 KB (3,489 words) - 16:00, 8 March 2024
- inform the affected data subjects. The EDPB emphasizes that a data breach is ultimately a matter of data security directly affecting the data subjects' interests54 KB (6,536 words) - 08:22, 16 June 2023
- Article 28 GDPR (section (e) Assisting with the controller's obligation to respond to data subject's requests)security measures, compliance with data retention requirements, data location, data transfers, data access, recipients of data, use of sub-processors, and other72 KB (9,140 words) - 13:12, 2 June 2023
- personal data; Recommendations relating to social, economical and technological developments that can impact on the processing of personal data. Headed9 KB (993 words) - 07:10, 28 July 2022
- persons based on profiling those data or following the processing of special categories of personal data, biometric data, or data on criminal convictions and52 KB (7,297 words) - 08:05, 18 July 2023
- personal data in compliance with GDPR. This can be done by ordering return of data to the EU/EEA, banning future processing of respective data outside the60 KB (7,796 words) - 20:12, 1 April 2024
- where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are33 KB (4,215 words) - 09:57, 19 March 2024
- Article 2 GDPR (section Personal data)the GDPR, this also includes so-called 'pseudonymised data'. However, truly anonymous data and data not relating to a person is not regulated by the GDPR34 KB (4,652 words) - 12:07, 12 November 2023
- controller, or processor must have processed the personal data of the data subject. Consequently, if no data processing has ever occurred, there is obviously no33 KB (3,641 words) - 09:51, 19 March 2024
- because data subjects residing on their territory are substantially affected, or because a complaint has been lodged with them. Also where a data subject35 KB (4,017 words) - 16:04, 18 March 2024
- Article 34 - Communication of a personal data breach to the data subject 1. When the personal data breach is likely to result in a high risk to the rights37 KB (3,962 words) - 15:20, 16 June 2023
- Datatilsynet (Denmark) (section Data Council)The Danish Data Protection Authority (Datatilsynet) is the national Data Protection Authority for Denmark. It resides in Copenhagen and is in charge of6 KB (605 words) - 14:08, 27 April 2021
- processing of personal data is carried out at that location. The presence and use of technical means and technologies for processing personal data or processing55 KB (7,446 words) - 22:28, 1 April 2024
- personal data are collected from the data subject, the data subject should also be informed whether he or she is obliged to provide the personal data and of31 KB (4,768 words) - 06:24, 16 June 2023
- activities shall describe the categories of data subjects and the categories of personal data. Examples of categories of data subjects are "website visitors", "clinic31 KB (3,327 words) - 15:31, 5 June 2023
- access to data by the third country’s authorities, because contractual guarantees, such as the standard data protection clauses agreed between the data exporter34 KB (3,646 words) - 08:53, 27 March 2023
- special categories of personal data and data relating to criminal convictions and offences, a person with expert knowledge of data protection law and practices43 KB (4,904 words) - 12:59, 21 July 2023
- personal data, the right to data portability, the right to object, decisions based on profiling, as well as the communication of a personal data breach to44 KB (4,896 words) - 06:25, 16 June 2023
- Principles of Data Processing Any processing of personal data should be lawful and fair. It should be transparent to natural persons that personal data concerning23 KB (2,489 words) - 23:24, 6 March 2024
- Authority for Personal Data Processing (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal) is the national Data Protection Authority3 KB (270 words) - 08:26, 2 April 2021
- The Hellenic Data Protection Authority (Αρχή προστασίας δεδομένων προσωπικού χαρακτήρα) is the national Data Protection Authority for Greece. It resides23 KB (2,039 words) - 08:15, 25 April 2024
- special categories of personal data and data relating to criminal convictions and offences, a person with expert knowledge of data protection law and practices29 KB (2,951 words) - 14:19, 25 July 2023
- specific national rules on data protection, such as on special categories of data (Article 9 GDPR) or human resources data (Article 88 GDPR). It is not35 KB (3,971 words) - 21:34, 1 April 2024
- Article 18 GDPR (section (b) Processing is unlawful, data should be erased, but the data subject opposes the erasure)preventing the data controller from erasing the personal data. The data subjects may want to oppose the erasure of their personal data for different reasons32 KB (3,730 words) - 08:43, 7 March 2024
- Article 10: Processing of personal data relating to criminal convictions and offences Processing of personal data relating to criminal convictions and17 KB (1,768 words) - 15:41, 18 March 2024
- General Data Protection Regulation (GDPR) 2016/679 was enacted, it was transposed into national law through the Data Protection Act 2018. The Data Protection18 KB (2,488 words) - 15:22, 14 December 2021
- their personal data in non-compliance with the GDPR. Article 79 GDPR is a data subject right. Resultantly, the plaintiff must be a data subject within31 KB (3,550 words) - 11:11, 29 November 2023
- new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly. Technology allows21 KB (1,831 words) - 08:51, 27 March 2023
- unduly burdened by data protection rules. Article 85(1) GDPR sets out a legal framework to reconcile the data subject’s right to data protection with the33 KB (3,748 words) - 14:25, 7 November 2023
- or services to data subjects in the Union. Recital 24: Applicable if Monitoring EU Data Subjects The processing of personal data of data subjects who are37 KB (4,635 words) - 13:29, 24 October 2023
- freedoms of data subjects pursuant to this Regulation; (d) where applicable, the contact details of the data protection officer; (e) the data protection31 KB (3,646 words) - 08:51, 21 July 2023
- The Icelandic Data Protection Authority (Persónuvernd) is the national Data Protection Authority for Iceland. It resides in Reykjavík and is in charge2 KB (139 words) - 15:11, 1 December 2020
- Office of the Data Protection Ombudsman is headed by the Data Protection Ombudsman (tietosuojavaltuutettu / dataombudsman) and two Deputy Data Protection5 KB (492 words) - 18:09, 19 March 2024
- special categories of personal data and data relating to criminal convictions and offences, a person with expert knowledge of data protection law and practices23 KB (2,165 words) - 15:10, 27 July 2023
- effective and enforceable data subject rights and effective administrative and judicial redress for the data subjects whose personal data are being transferred;43 KB (5,641 words) - 14:58, 28 April 2022
- should be issued, namely profiling, data breaches, risk to data subject rights and freedoms, binding corporate rules, and data transfers. As Schiedermair emphasises27 KB (3,038 words) - 12:19, 11 October 2023
- respect to the storage of the data. Each entity of the group enters the data of its own clients and prospects and processes such data for its own purposes only37 KB (3,915 words) - 12:49, 24 May 2023
- independent body and it oversees personal data protection and access to public information in Slovenia. In the field of data protection, it has competencies under10 KB (1,242 words) - 10:51, 6 February 2024
- overlap in text with the LED. The European Data Protection Supervisor (European Data Protection Supervisor) is the data protection authority for European Union3 KB (351 words) - 12:54, 10 May 2024
- Article 49 GDPR (section (b) Necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request)relevant is the incapacity of the data subject to provide consent. If the data subject is able to consent, even if the data transfer is necessary to protect29 KB (3,500 words) - 08:54, 27 March 2023
- If a data subject’s personal data is otherwise affected by the SA decision, for example in case of a data breach in which the data subject’s data was disclosed30 KB (3,874 words) - 10:46, 7 December 2023
- controller or a processor not established in the Union is processing personal data of data subjects who are in the Union whose processing activities are related22 KB (2,042 words) - 14:29, 20 November 2023
- relating to data protection, in a manner that would negatively affect the free flow of personal data. Nevertheless, given that the right to data protection27 KB (2,604 words) - 14:24, 16 January 2024
- General Data Protection Regulation (GDPR) 2016/679 was enacted, it was transposed into national law through the Personal Data Act. The Personal Data Act is10 KB (1,078 words) - 06:40, 26 March 2023
- Article 20 GDPR (section (1) Right to data portability)compliance for the new data controller. A data portability request only applies to personal data concerning the data subject. Pseudonymous data is within the scope40 KB (5,349 words) - 07:05, 1 June 2023
- collection of personal data; (d) the pseudonymisation of personal data; (e) the information provided to the public and to data subjects; (f) the exercise44 KB (5,008 words) - 14:50, 28 July 2023
- controller or of the processor, who has access to personal data, shall not process those data except on instructions from the controller, unless required13 KB (674 words) - 13:15, 2 June 2023
- Article 27 GDPR (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)EU-based data subjects is not reduced where non-EU based controllers or processors process their data. It aims to both provide a contact point for data subjects25 KB (2,418 words) - 14:11, 24 May 2023
- of the general data protection principles, in particular purpose limitation, data minimisation, limited storage periods, data quality, data protection by29 KB (2,823 words) - 15:15, 28 April 2022
- Article 80 - Representation of data subjects 1. The data subject shall have the right to mandate a not-for-profit body, organisation or association which26 KB (2,575 words) - 15:50, 9 November 2023
- identify the purpose of personal data processing for scientific research purposes at the time of data collection. Therefore, data subjects should be allowed29 KB (3,695 words) - 13:44, 21 March 2024
- further! The CNIL takes the view that the data subject is not a party to a complaints procedure. It only informs the data subject about the status of its complaint8 KB (824 words) - 22:52, 27 February 2024
- pose significant risks for the rights and freedoms of data subjects and/or the free flow of data. The majority of the objections raised on the substance33 KB (4,185 words) - 16:09, 2 November 2023
- relation to the processing of personal data. Such specific protection should, in particular, apply to the use of personal data of children for the purposes of19 KB (1,335 words) - 13:56, 24 October 2023
- protection of personal data. Recital 7: Control Over Own Personal Data Those developments require a strong and more coherent data protection framework in28 KB (3,831 words) - 16:21, 14 March 2024
- DSB (Austria) (section Relevant Elements under the Austria Data Protection Act and Administrative Procedural Act)email or via phone. Each party (data subject and controller) have all procedural rights under the AVG. The national Data Protection Act (Datenschutzgesetz11 KB (1,468 words) - 13:27, 14 May 2023
- processing the data contrary to the exercise of the data subject's rights, and whether the communication is actually in the interest of the data subject. The19 KB (1,436 words) - 12:35, 12 May 2023
- special categories of data, video surveillance, the processing of employee data documentation, and the compensation of employees for data breaches. → You can32 KB (3,228 words) - 13:32, 30 November 2023
- certification bodies which have an appropriate level of expertise in relation to data protection shall, after informing the supervisory authority in order to allow22 KB (1,634 words) - 14:40, 28 July 2023
- identification. Recital 26: Applicable to Pseudonymous Data, Not Applicable to Anonymous Data The principles of data protection should apply to any information concerning20 KB (1,854 words) - 16:32, 8 March 2024
- adopt a list of the processing operations subject to the requirement for a data protection impact assessment pursuant to Article 35(4); (b) concerns a matter23 KB (2,079 words) - 16:07, 2 November 2023
- protect the rights and freedoms of data subjects, in particular when the danger exists that the enforcement of a right of a data subject could be considerably20 KB (1,590 words) - 16:11, 2 November 2023
- in relation to the processing of their personal data and to facilitate the free flow of personal data within the internal market. For that purpose, the24 KB (2,181 words) - 11:46, 15 January 2024
- out tasks conferred on the European Data Protection Supervisor. 4. Where appropriate, the Board and the European Data Protection Supervisor shall establish20 KB (1,347 words) - 14:21, 17 October 2023
- certification mechanisms and data protection seals and marks should be encouraged, allowing data subjects to quickly assess the level of data protection of relevant27 KB (2,452 words) - 14:26, 28 July 2023
- personal data are collected from the data subject Article 14: Information to be provided where personal data have not been obtained from the data subject12 KB (295 words) - 08:25, 19 October 2023
- right to the protection of personal data and the right to freedom of information (access to data of public interest and data accessible on public interest grounds)7 KB (821 words) - 14:16, 7 March 2024
- protection of personal data pursuant to this Regulation. Recital 4: Balance Against Other Fundamental Rights The processing of personal data should be designed22 KB (2,177 words) - 10:01, 19 March 2024
- protection of personal data; (b) provide international mutual assistance in the enforcement of legislation for the protection of personal data, including through17 KB (1,142 words) - 15:41, 28 April 2022
- The President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) is the national Data Protection Authority for Poland. It3 KB (249 words) - 14:38, 1 December 2020
- Article 68 - European Data Protection Board 1. The European Data Protection Board (the ‘Board’) is hereby established as a body of the Union and shall20 KB (1,632 words) - 10:01, 11 October 2023
- specific to data processing or have broader application (e.g. laws on cybersecurity, fraud and alike). For example, under § 63 of the Austrian Data Protection19 KB (1,477 words) - 14:12, 7 November 2023
- of consistency” in data protection law. This is particularly relevant given the fact that Member States may give effect to EU data protection law in ways30 KB (2,720 words) - 14:02, 28 July 2023
- level of data protection offered by a third country should be “essentially equivalent” to that of the EU. Zerdick, in Kuner et al., The EU General Data Protection16 KB (778 words) - 08:24, 19 October 2023
- Processing of Personal Data established by Article 29 of Directive 95/46/EC shall be construed as references to the European Data Protection Board established13 KB (530 words) - 09:40, 3 October 2023
- objectives of which are to protect the right to data protection and facilitate the free flow of personal data within the Union. Especially relevant to the34 KB (3,649 words) - 13:19, 30 October 2023
- establishments in several Member States or where a significant number of data subjects in more than one Member State are likely to be substantially affected22 KB (1,915 words) - 13:46, 15 January 2024
- used only under appropriate safeguards for the rights and freedoms of the data subject pursuant to this Regulation. National identification numbers (NIN)15 KB (660 words) - 09:37, 1 December 2023
- Rights The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must25 KB (2,482 words) - 10:04, 19 March 2024
- personal data, the EPD also protects the legitimate interests of legal persons. Moreover, whilst the GDPR specifically protects personal data in accordance20 KB (1,539 words) - 08:21, 19 October 2023
- persons based on profiling those data or following the processing of special categories of personal data, biometric data, or data on criminal convictions and15 KB (1,196 words) - 08:15, 19 October 2023
- clear that the competent SA when examining a data subject's claim relating to the third-country transfer of data "must be able to examine, with complete independence47 KB (5,594 words) - 22:45, 1 April 2024
- in the area of personal data protection, required to perform its duties and exercise its powers. In addition to expertise in data protection law, in particularly29 KB (2,894 words) - 23:06, 1 April 2024
- third countries regulating the transfer of personal data including appropriate safeguards for the data subjects. Member States may conclude international14 KB (716 words) - 15:19, 28 April 2022
- processing of genetic data, biometric data or data concerning health. However, this should not hamper the free flow of personal data within the Union when18 KB (1,599 words) - 12:26, 29 April 2022
- assisted by a secretariat provided by the European Data Protection Supervisor. The staff of the European Data Protection Supervisor involved in carrying out15 KB (808 words) - 09:44, 17 October 2023
- third countries regulating the transfer of personal data including appropriate safeguards for the data subjects. Member States may conclude international13 KB (450 words) - 08:22, 19 October 2023
- General Data Protection Regulation (GDPR), Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020). Docksey, in Kuner et al., The EU General Data Protection15 KB (787 words) - 08:17, 19 October 2023
- Personal Data established by Directive 95/46/EC. It should consist of the head of a supervisory authority of each Member State and the European Data Protection18 KB (1,327 words) - 12:36, 14 December 2023
- important role is the European Data Protection Board (EDPB). The ultimate goal of ensuring consistency in the European data protection system is implemented15 KB (851 words) - 06:55, 29 April 2022
- Overview of GDPR (section GDPR as a raw data law)French 1978 Data Protection Act. Realizing that protections would be undermined when personal data is sent across boarders, but the limitation of data flows48 KB (5,978 words) - 15:57, 1 February 2024
- of Union Acts relating to data protection in a manner which corresponds with the GDPR's regulatory framework. Given that data protection affects several15 KB (943 words) - 09:58, 8 November 2023
- particular their right to the protection of personal data and to ensure the free movement of personal data within the Union, the power to adopt acts in accordance19 KB (1,525 words) - 08:18, 19 October 2023
- different SAs over new or contentious data protection issues. Additionally, the reports can be a good reference point for data protection officers. If a breach15 KB (718 words) - 15:31, 19 October 2023
- personal data are collected from the data subject Article 14: Information to be provided where personal data have not been obtained from the data subject17 KB (1,096 words) - 08:19, 19 October 2023
- the processing of personal data, such as the legal grounds for processing or data protection principles. The European Data Protection Board established22 KB (2,266 words) - 08:26, 17 October 2023
- Personal Data established by Directive 95/46/EC. It should consist of the head of a supervisory authority of each Member State and the European Data Protection19 KB (1,530 words) - 14:23, 12 October 2023
- supervisory authorities (“SA”), but also between the SAs and the European Data Protection Board (“EDPB”). The necessity of a reliable and efficient system15 KB (810 words) - 16:13, 2 November 2023
- suspension of judicial proceedings in multiple Member States in the context of data protection. The Article addresses issues of coordination where parallel proceedings27 KB (2,619 words) - 14:52, 16 November 2023
- The data controller also failed to inform the Data Protection Commission of the data breach for 29 weeks. You can help us filling this section! Data Protection8 KB (1,034 words) - 14:13, 20 August 2021
- page. The CNPD verifies if personal data is processed in accordance with the following provisions: the General Data Protection Regulation (GDPR); the Act10 KB (1,199 words) - 10:14, 19 October 2022
- The Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka) is the national Data Protection Authority for Croatia. It resides in2 KB (158 words) - 17:18, 22 October 2023
- The Commissioner for Personal Data Protection (Επίτροπος Δεδομένων Προσωπικού Χαρακτήρα) is the national Data Protection Authority for Cyprus. It resides2 KB (144 words) - 15:13, 1 December 2020
- The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) is the national Data Protection Authority for Netherlands. It resides in The Hague and4 KB (380 words) - 12:08, 1 July 2023
- The Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) is the national Data Protection Authority for Estonia. It resides in Tallinn and is2 KB (154 words) - 14:37, 1 December 2020
- the Information and Data Protection Commissioner (Office of the Information and Data Protection Commissioner) is the national Data Protection Authority4 KB (483 words) - 08:17, 12 July 2022
- The Data State Inspectorate (Datu valsts inspekcija, "DVI") is the national Data Protection Authority for Latvia and was established in 2001. It resides6 KB (544 words) - 04:39, 11 October 2022
- The European Data Protection Board (EDPB) coordinates the national data protection authorities. It replaces the previous Article 29 Working Party. All2 KB (207 words) - 14:56, 7 December 2023
- The Portuguese Data Protection Authority (Comissão Nacional de Protecção de Dados) is the national Data Protection Authority for Portugal. It resides in5 KB (531 words) - 13:25, 3 May 2023
- The European Data Protection Supervisor (EDPS) is the Data Protection Authority for European Union Institutions. The EDPS resides in Bruxelles and is in8 KB (1,078 words) - 12:58, 10 May 2024
- The Office for Personal Data Protection (Úřad pro ochranu osobních údajů) is the national Data Protection Authority for the Czech Republic. It resides5 KB (441 words) - 09:34, 17 September 2022
- The Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov) is the national Data Protection Authority for Slovakia9 KB (1,006 words) - 07:13, 7 July 2021
- The Data Protection Office (Valstybinė duomenų apsaugos inspekcija) is the national Data Protection Authority for Lithuania. It resides in Vilnius and2 KB (155 words) - 08:58, 17 November 2023
- the basic principles for data processing are mentioned. The third section contains provisions about specific situations of data processing. The provisions4 KB (363 words) - 22:01, 7 December 2020
- The Bulgarian Data Protection Authority (Комисия за защита на личните данни) is the national Data Protection Authority for Bulgaria. It resides in Sofia2 KB (158 words) - 14:35, 1 December 2020
- Bundesbeauftragte für den Datenschutz und die Informationsfreiheit) is the federal Data Protection Authority for Germany. It resides in Bonn and is in charge of3 KB (297 words) - 14:49, 1 December 2020
- (Berliner Beauftragte für Datenschutz und Informationsfreiheit) is the state Data Protection Authority for the German state of Berlin. It is in charge of enforcing2 KB (164 words) - 09:53, 18 May 2022
- GDPR and references data processing on which the GDPR shall be applicable (§ 2 NDSG). It is more specific to the German Federal Data Protection Act (Bu5 KB (465 words) - 08:57, 9 January 2024
- LVwVfG) unless there are rules in the Data Protection Act of Baden-Württemberg (Landesdatenschutzgesetz - LDSG), in the Data Protection Act for Judicial and4 KB (275 words) - 11:13, 8 May 2022
- Bavaria DPA (Bayerisches Landesamt für Datenschutzaufsicht) is the state Data Protection Authority for the German state of Bavaria. It is in charge of2 KB (174 words) - 13:49, 23 December 2021
- The State Data Protection Inspectorate (Datenschutzstelle) is the national Data Protection Authority for Liechtenstein. It resides in Vaduz and is in charge2 KB (153 words) - 09:41, 30 April 2024
- or Autoridad Catalana de Protección de Datos, in Spanish) is the regional Data Protection Authority for the Spanish autonomous region of Catalonia. It is3 KB (182 words) - 13:19, 15 September 2021
- own data protection law. In addition, some provisions of the Federal Data Protection Act apply. These include representation in the European Data Protection4 KB (372 words) - 10:45, 22 September 2021
- sector DPA (Bayerischer Landesbeauftragter für den Datenschutz) is the state Data Protection Authority for the public sector for the German state of Bavaria2 KB (169 words) - 15:54, 21 September 2021
- (Hessischer Beauftragter für Datenschutz und Informationsfreiheit) is the state Data Protection Authority for the German state of Hesse. It is in charge of enforcing2 KB (164 words) - 13:59, 28 June 2022
- den Datenschutz und die Informationsfreiheit Rheinland-Pfalz) is the state Data Protection Authority for the German state of Rhineland-Palatinate. It is2 KB (170 words) - 22:26, 7 December 2020
- The Saarland DPA (Unabhängiges Datenschutzzentrum Saarland) is the state Data Protection Authority for the German state of Saarland. It is charge of enforcing2 KB (160 words) - 14:50, 1 December 2020
- The Saxony DPA (Sächsische Datenschutzbeauftragte) is the state Data Protection Authority for the German state of Saxony. It is in charge of enforcing2 KB (160 words) - 22:28, 7 December 2020
- Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen) is the state Data Protection Authority for the German state of Bremen. It is in charge of enforcing2 KB (167 words) - 22:24, 7 December 2020
- DPA (Landesbeauftragter für den Datenschutz Sachsen-Anhalt) is the state Data Protection Authority for the German state of Saxony-Anhalt. It is in charge2 KB (167 words) - 22:23, 7 December 2020
- (Landesbeauftragte für den Datenschutz Mecklenburg-Vorpommern) is the state Data Protection Authority for the German state of Mecklenburg-Vorpommern. It is2 KB (167 words) - 22:25, 7 December 2020
- (Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht) is the state Data Protection Authority for the German state of Brandenburg. It is in charge2 KB (168 words) - 22:22, 7 December 2020
- (Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein) is the state Data Protection Authority for the German state of Schleswig-Holstein. It is in2 KB (167 words) - 22:29, 7 December 2020
- Landesbeauftragte für den Datenschutz und die Informationsfreiheit) is the state Data Protection Authority for the German state of Thuringia. It is charge of enforcing2 KB (165 words) - 14:54, 1 December 2020
- or AVPD, Agencia Vasca de Protección de Datos, in Spanish) is the regional Data Protection Authority for the Spanish autonomous region of the Basque Country3 KB (195 words) - 13:21, 15 September 2021
- The Ålandic DPA (Datainspektionen på Åland, in Swedish) is the regional Data Protection Authority for Finland's autonomous region of Åland. It is in charge3 KB (209 words) - 14:42, 30 November 2021
- (Consejo de Transparencia y Protección de Datos de Andalucía) is the regional Data Protection Authority for the Spanish autonomous region of Andalusia. It is3 KB (211 words) - 09:58, 18 June 2021
- The Swedish Data Protection Authority (Integritetsskyddsmyndigheten - "IMY"), formerly Datainspektionen, is the national Data Protection Authority for4 KB (356 words) - 11:51, 20 October 2022
- CJEU - C-311/18 - Schrems II (redirect from CJEU - C-311/18 - Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems)that regulation, any data subject is entitled to lodge where that data subject considers that the processing of his or her personal data infringes the regulation12 KB (1,780 words) - 17:22, 10 March 2022
- of the data subject could in particular override the interest of the data controller where personal data are processed in circumstances where data subjects182 KB (24,065 words) - 13:40, 9 July 2021
- The birthday of data protection law in Germany is 30 September 1970, the date on which the Hessian state parliament passed the Data Protection Act. On18 KB (1,831 words) - 13:49, 3 November 2022
- CJEU - C‑131/12 - Google Spain (section Scope of the data subject’s rights guaranteed by Directive 95/46)"that it has the power to require the withdrawal of data and the prohibition of access to certain data by the operators of search engines when it considers16 KB (2,423 words) - 13:03, 1 June 2023
- directive establishes a difference between the collection of “personal data” and other data. The Court referenced the earlier opinion of the AG, noting that6 KB (893 words) - 15:22, 24 March 2022
- for processing health data for research purposes. Among other aspects, the use of pseudonymised data is considered lawful, if the data is pseudonymised by15 KB (1,875 words) - 16:18, 13 July 2022
- that even if there had been a data transfer to Google LLC in the U.S., the transferred data do not qualify as personal data under Article 4(1) GDPR as they108 KB (17,097 words) - 13:52, 12 May 2023
- GDPR. It was ruled that there is no threshold for non-material damages for a data subject to receive compensation. The Austrian Postal Service (Österreichische5 KB (683 words) - 12:50, 28 June 2023
- the property owners have forwarded their personal data to a facility (server) for data storage and data processing belonging to the operator of the website13 KB (1,888 words) - 13:07, 1 June 2023
- controller to delete their data. Example: Not The data subject asked the controller to delete his or her data. On GDPRhub all cases are named by Court/DPA, a17 KB (2,510 words) - 13:56, 24 April 2023
- contact details of the data controller and, where applicable, the joint data controller, the data controller's representative and the data protection adviser;48 KB (7,442 words) - 10:24, 12 September 2022
- that since the data shared were associated with/included advertising ID provided by the mobile devices, the data at stake are personal data. The NO DPA referred18 KB (2,375 words) - 16:17, 6 December 2023
- controller to disclose the identity of specific recipients of personal data if the data subject requests it, unless the request is manifestly unfounded or8 KB (992 words) - 17:03, 4 February 2023
- transparency) a copy of data undergoing processing must reproduce data “fully and faithfully” in a manner that enables the data subject to exercise their3 KB (417 words) - 15:20, 8 May 2023
- concerning the processing of personal data by a German state agency with respect to a dynamic IP address of a data subject. Mr. Breyer accessed several9 KB (1,113 words) - 13:10, 1 June 2023
- area of personal data protection, and, in particular, the principles relating to the quality of such data and the criteria for making data processing legitimate6 KB (766 words) - 21:17, 5 March 2024
- protection of personal data and the free movement of such data; Considering the law n o 78-17 of January 6, 1978 relating to data processing, files and93 KB (14,936 words) - 17:09, 6 December 2023
- Diagnostic Data Lack of authority for Google to process personal data as data controller Lack of control over the way Google processes personal data Lack of117 KB (18,075 words) - 10:19, 12 September 2022
- the data subjects and therefore had not given rise to reporting a breach of personal data security to the Data Protection Authority, cf. the data protection75 KB (11,733 words) - 16:33, 21 August 2022
- provided a table that contained the personal data (name, date of birth, address data business functions of the data subject) in an aggregated form but refused51 KB (8,592 words) - 07:03, 2 November 2021
- encryption technology to protect personal data, so-called “data in rest" ("data at rest") in data centers, where user data is stored on a disk or backup media113 KB (12,773 words) - 15:20, 6 December 2023
- personal data of the employee, as well as personal data of the employee's children and other members of his/her family, if the provision of such data is necessary9 KB (1,215 words) - 16:58, 18 May 2021
- retention and erasure of personal data, and indicate how long such personal data is likely to be retained. Where personal data is processed in reliance of this14 KB (2,011 words) - 15:42, 25 November 2020
- section! You can help us fill this section! The Data Protection Authority (Datenschutzstelle) is the national data protection authority for Liechtenstein. →2 KB (111 words) - 08:57, 25 April 2024
- the processing of personal data for journalistic purposes. In particular, Article 137 of the Code provides that personal data, including those referred6 KB (757 words) - 13:53, 16 August 2022
- Communications) Regulations 2011) The Data Protection Commission (Data Protection Commission) is the national data protection authority for Ireland. → Details2 KB (166 words) - 10:38, 11 September 2020
- cookies constitutes personal data, The Norwegian Data Protection Authority will handle the complaint. The Norwegian Data Protection Authority handles8 KB (1,064 words) - 12:53, 23 June 2023
- help us fill this section! The Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) is the national data protection authority for Estonia. → Details2 KB (114 words) - 23:24, 14 January 2020
- fill this section! The Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) is the national data protection authority for Finland. →2 KB (117 words) - 09:51, 24 April 2024
- the data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where those data have15 KB (2,180 words) - 08:23, 13 December 2023
- to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). An English16 KB (2,260 words) - 19:26, 30 November 2021
- whether Article 7(f) of DPD imposes an obligation on a Data Controller to disclose all the personal data necessary to start court proceedings against a person5 KB (749 words) - 12:58, 1 June 2023
- General Data Protection Regulation (GDPR) 2016/679 was enacted, it was transposed into national law through the Personal Data Act. The Personal Data Act is5 KB (427 words) - 15:48, 24 January 2022
- activities included the processing of tenants' personal data. The data handled included: proof of identity, data on health and social insurance, tax, and information7 KB (936 words) - 16:39, 12 December 2023
- when a data subject did not know about the specific recipients." "The DPA held that even the probability of political affiliations constitutes data revealing17 KB (2,638 words) - 11:18, 19 February 2024
- requested the data subject's consent to the fact that the data subject's health data from different health care units can be handed over to the data controller49 KB (7,496 words) - 14:44, 24 January 2024
- which the data controller is authorized to manage legally collected data, nor to determine that the can the latter data controller copy this data into a test49 KB (7,800 words) - 09:22, 5 January 2024
- and even if these data were to be qualified as personal data they would not qualify as special categories of personal data. Do data on a natural person's79 KB (12,652 words) - 09:41, 10 September 2021
- encryption technology to protect personal data, so-called “data in rest" ("data at rest") in data centers, where user data is stored on a disk or backup media131 KB (14,752 words) - 08:36, 5 July 2023
- encryption technology to protect personal data, so-called “data in rest" ("data at rest") in data centers, where user data is stored on a disk or backup media121 KB (13,722 words) - 15:16, 5 July 2023
- encryption technology to protect personal data, so-called “data in rest" ("data at rest") in data centers, where user data is stored on a disk or backup media115 KB (12,842 words) - 08:38, 5 July 2023
- persoonsgegevens established a stronger data protection by emphasizing individuals' rights over their personal data and giving the Dutch Data Protection Authority (DPA)7 KB (764 words) - 07:50, 6 May 2024
- No separate data protection law. Directive 95/46/EC was implemented by the Personal Data Protection Act (Закон за защита на личните данни), promulgated10 KB (1,440 words) - 08:54, 17 January 2020
- personal data of the applicants, not limited to criminal record but wide-ranging data from the data subject's police records, such as cases where data subject41 KB (6,555 words) - 08:37, 4 March 2024
- protection of personal data. In Cyprus the GDPR is implemented by the Data Protection Act (2018). According to Article 8 of the Data Protection Act (2018)6 KB (580 words) - 23:49, 18 January 2020
- protection of individuals from the processing of personal data. By this law the Hellenic Data Protection Authority was established. From 29.8.2019 this10 KB (1,037 words) - 14:52, 10 July 2020
- Databeskyttelsesloven (Data Protection Act). The age of consent is 13 years under § 6 of the Data Protection Act. According to § 3(8) of the Data Protection Act5 KB (582 words) - 17:53, 3 March 2020
- Sweden introduced one of the first data protection laws in the world in 1973 with the introduction of the Data Act (Datalagen). The supervisory authority7 KB (793 words) - 14:08, 1 October 2021
- Personvernnemnda (Norway) - 2018-14 (15/01355) (section Legal grounds for processing personal data about the users)the Article 29 Data Protection Working Party guidelines 225, number 2: «Does the data subject play a role in public life? Is the data subject a public144 KB (23,058 words) - 18:48, 5 March 2022
- Austria has passed the first data protection law in 1979 (BGBl I Nr. 565/1978). Directive 95/46/EC was implemented by the Data Protection Act 2000 (Datenschutzgesetz8 KB (721 words) - 09:32, 24 April 2024
- specifies the concrete form of the data (positive data) in a descriptive manner: "Positive data, i.e. personal data which do not contain payment experiences66 KB (9,990 words) - 12:30, 29 January 2024
- establishing the Data Protection Authority (BDPA Act). You can help us fill this section! In Belgium the GDPR is implemented by the Data Protection Act (2019)5 KB (503 words) - 10:13, 18 October 2020
- concept of personal data and the possibilities for processing and protection will be defined by the law. The same article reaffirms the data subjects' rights3 KB (332 words) - 13:31, 3 May 2023
- the Information and Data Protection Commissioner (Office of the Information and Data Protection Commissioner) is the national data protection authority2 KB (132 words) - 23:46, 14 January 2020
- to the data subjects when their data is processed. However, it is obvious, the AEPD, that Equifax did not notify all the data subjects which data were processing602 KB (102,229 words) - 14:21, 13 December 2023
- The Slovenian Constitution of 1991 guarantees the protection of personal data at the constitutional level and within the framework of guaranteed human4 KB (391 words) - 09:57, 17 May 2021
- National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság) is the national data protection authority2 KB (124 words) - 23:32, 14 January 2020
- can help us fill this section! The Icelandic Data Protection Authority (Persónuvernd) is the national data protection authority for Iceland. → Details see2 KB (116 words) - 23:33, 14 January 2020
- this section! The Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka) is the national data protection authority for Croatia.2 KB (117 words) - 10:43, 26 February 2020
- this section! The Luxemburg Data Protection Commission (Commission Nationale pour la Protection des Données) is the national data protection authority for2 KB (121 words) - 23:46, 14 January 2020
- You can help us fill this section! The Data State Inspectorate (Datu valsts inspekcija) is the national data protection authority for Latvia. → Details2 KB (123 words) - 23:45, 14 January 2020
- section! The Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov) is the national data protection authority for Slovakia2 KB (124 words) - 09:38, 24 April 2024
- can help us fill this section! The Data Protection Office (Valstybinė duomenų apsaugos inspekcija) is the national data protection authority for Lithuania2 KB (112 words) - 10:25, 15 October 2020
- fill this section! The Office for Personal Data Protection (Úřad pro ochranu osobních údajů) is the national data protection authority for the Czech Republic2 KB (123 words) - 00:01, 15 January 2020
- personal data and on the free movement of such data ; Having regard to the amended law n° 78-17 of 6 January 1978 relating to data processing, data files41 KB (6,558 words) - 17:09, 6 December 2023
- containing personal data, or is it limited to a copy of the patient's personal data, allowing the treating physician to decide how to compile the data concerning10 KB (1,478 words) - 11:17, 2 November 2023
- 9 July 2004. The French Data Protection Commission (Commission Nationale de l’Informatique et des Libertés) is the national data protection authority for10 KB (1,108 words) - 09:37, 29 September 2021
- CJEU - C-136/17 - GC and Others (redirect from CJEU - C-136/17 - GC and Others (de-referencing of sensitive data))request made by the data subject. Instead, in order to determine whether to remove links to pages that contain sensitive personal data, the search engine4 KB (438 words) - 14:23, 11 August 2022
- The CJEU ruled that the fear of a data subject over the possible misuse of their data from a data breach counts as a non-material damage and can lead to13 KB (1,963 words) - 11:04, 5 January 2024
- of the data subject could not be considered “freely given”. Firstly, there existed a clear imbalance of power between data controller and data subject53 KB (8,413 words) - 14:10, 30 January 2023
- 5 and 6 GDPR. Concerning specifically data of people other than the users, namely those data subjects whose data were collected on the internet, the DPA14 KB (2,049 words) - 07:46, 1 August 2023
- to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (general data protection regulation). IPAGE60 KB (9,144 words) - 16:17, 22 March 2022
- to a complete overview of all personal data, in a form that enables the data subject to inspect his or her data and to check that they are correct and14 KB (2,154 words) - 16:27, 10 March 2022
- infringement fee and the Data Inspectorate states that these are not emphasized by the Data Inspectorate. § 2 letter e. The Danish Data Protection Agency assessed31 KB (5,018 words) - 18:44, 5 March 2022
- regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)). The storage51 KB (8,215 words) - 09:55, 13 May 2022
- the applicable data protection law. The use of A's services violates applicable data protection law, as it is considered unlawful data processing pursuant62 KB (10,113 words) - 12:48, 17 August 2022
- third-party websites and apps (“off-Facebook data”) and links such data to the users’ accounts. The aggregate view of the data allows Meta to draw detailed conclusions8 KB (1,231 words) - 08:22, 6 July 2023
- 4624/2019, because of an unresolved data breach, which allowed unauthorised users to access citizens' personal data via URL manipulation. On 20 June 20239 KB (1,211 words) - 20:32, 8 January 2024
- 101/2000 with respect to the protection of personal data. In particular, he was found to be a data controller who used the camera system to collect information6 KB (580 words) - 13:05, 1 June 2023
- described as "processing of personal data". (46) "Personal data" is defined in Article 4 (1) and includes "any data relating to an identified or identifiable46 KB (7,024 words) - 06:18, 6 March 2022
- predictions about the political affiliation of a data subject does not itself constitute "special categories of data" under Article 9 GDPR. What is the relationship8 KB (611 words) - 16:12, 6 December 2023
- transmission of personal data to Facebook Ireland. Facebook Ireland also had a commercial benefit of processing such personal data. Thus, the fact that Fashion6 KB (492 words) - 13:09, 1 June 2023
- advised the data subject that it was likely that Wise was compliant with the UK GDPR, making clear that no further action would be taken. The data subject9 KB (1,191 words) - 08:44, 23 January 2024
- an infringement? (2) In the event that the data subject – in whose opinion the processing of personal data relating to him has infringed the GDPR – simultaneously9 KB (1,308 words) - 12:54, 28 June 2023
- to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation, hereinafter8 KB (1,156 words) - 16:56, 12 December 2023
- processing of personal data and the free movement of such data, and repealing Directive 95/46 / EC (general regulation on data protection), hereinafter19 KB (2,707 words) - 16:50, 12 December 2023
- Deputy Data Protection Commissioner and Sanctions Board Thing The data subject's right to have access to data ("right of inspection"), informing data subjects52 KB (7,936 words) - 22:32, 2 March 2024
- the protection of personal data to the data subject. The storage of personal data cannot be justified by the fact that the data subject may later exercise77 KB (12,352 words) - 07:20, 23 April 2024
- of the data subject by using the right to inspect the data subject's own data referred to in Article 15 of the Data Protection Regulation. The Data Protection73 KB (11,237 words) - 05:34, 21 July 2022
- personal data. The General Data Protection Regulation has been applied since May 25, 2018, and the Personal Data Act has been repealed by the Data Protection60 KB (9,117 words) - 14:46, 24 January 2024
- of the General Data Protection Regulation to comply with the initiator's request for access to data insofar as it concerns data whose data controller is22 KB (3,193 words) - 10:34, 29 February 2024
- movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), [in:] General Data Protection Regulation. Personal Data Protection58 KB (9,357 words) - 10:02, 17 November 2023
- freedoms of the data subjects. Since Intervare has not already informed the data subjects of the breach of the personal data security, the Data Inspectorate24 KB (3,365 words) - 16:37, 6 December 2023
- default data would be unreasonable from the point of view of the data subjects. It is not reasonable for the data controller to gain access to the data subject's41 KB (6,133 words) - 10:29, 25 March 2024
- expression of the data subject, by which the data subject, by declaration or clear confirmation, agrees that personal data relating to the data subject is made65 KB (9,767 words) - 16:22, 6 December 2023
- rejected a data subject's appeal against a decision of the Austrian DPA regarding data erasure: Credit reference agencies are allowed to store data on insolency39 KB (6,244 words) - 09:40, 10 September 2021
- Office of the Data Protection Commissioner investigated the procedures of OP-Henkivaukutus Oy (the data controller) in situations where the data controller22 KB (3,290 words) - 10:29, 25 March 2024
- freedoms of the data subjects; the nature of the data; the way that data are being processed; the source and accessibility of the data; the reasonable99 KB (14,431 words) - 16:20, 6 December 2023
- HR-related) data concerning him was being processed, to provide a copy of his personal data and to restrict the processing of his personal data, while objecting61 KB (9,971 words) - 14:28, 4 January 2024
- risks taken by a data exporter when transferring data to third countries. If the data exporter is not able to meet these requirements, data transfers are158 KB (26,392 words) - 08:25, 7 June 2023
- to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 11971 KB (11,304 words) - 10:01, 17 November 2023
- supplementary measure: 1. A data exporter transfers personal data to a data importer in a jurisdiction ensuring adequate protection, the data is transported over30 KB (4,708 words) - 16:56, 6 December 2023
- processes the data on behalf of the data controller; "data subject" means an individual who is the subject of personal data; "personal data" means87 KB (14,773 words) - 09:28, 1 March 2022
- personal data and in particular special categories are collected (health data), the data subject is informed of the processing of the data and its consent29 KB (4,557 words) - 15:33, 6 December 2023
- was low. Did the data breach involve a high risk to data subjects and therefore should the university have notified the DPA and data subjects? The Polish66 KB (10,785 words) - 10:00, 17 November 2023
- categories of data that will be subjected to data processing. For example, there was no mention in the policy that BBVA gathered data on the data subject through422 KB (70,184 words) - 13:56, 13 December 2023
- such as the processing of genetic data, biometric data to uniquely identify a person, data relating to health or data relating to a person's sexual life163 KB (27,222 words) - 16:54, 6 December 2023
- loan. The data subject was refused credit by a third party that used the controller's credit score on the data subject. Subsequently, the data subject demanded52 KB (8,534 words) - 12:58, 15 December 2021
- and the Data Protection Act (1050/2018). When deciding the matter, the Deputy Data Protection Commissioner also takes into account the European Data Protection26 KB (4,072 words) - 12:18, 27 March 2024
- have responded to the data subject and inform that they no longer process the data subjects personal data. In case 6707/154/2018 data subject requested to7 KB (858 words) - 15:55, 11 December 2023
- "personal data concerning [the data subject]," because the data subject requested access to the Directorate's entire database (containing other data subject's14 KB (2,181 words) - 11:27, 13 September 2023
- APD/GBA (Belgium) - 21/2022 (section Processing of personal data in the context of the Transparency and Consent Framework)personal data have been obtained from the data subject); ▪ Article 14 (information to be provided when personal data have not been obtained from the data subject);429 KB (58,279 words) - 09:12, 2 November 2022
- to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter48 KB (7,926 words) - 16:56, 12 December 2023
- responsibility, as a data processor, to inform the data subject for all the data being kept and processed and to fulfil the data subject's right to access20 KB (2,270 words) - 15:37, 6 December 2023
- relating to data processing under Article 5(1) GDPR constitute a prerequisite for the legality of data processing? What is the meaning of the data processor's20 KB (2,519 words) - 15:36, 6 December 2023
- is a data controller involved in a case regarding the violation of data protection regulations under the GDPR. DEYA X processed the personal data of an61 KB (10,257 words) - 10:15, 1 November 2023
- of data to the Director of the SIS Data Center or to the Director of the SIED Data Center, to the electronic communications service provider, data depositary233 KB (37,080 words) - 20:01, 31 March 2021
- in the processing of personal data Data, on the free movement of data and on the repeal of Directive 95/46/EC (General Data Protection Regulation) - GDPR47 KB (7,519 words) - 09:28, 13 February 2024
- Article 3(2) of the Data Protection Directive 95/46. Therefore the processing of personal data in question fell within the scope of the Data Protection Directive10 KB (1,282 words) - 14:38, 7 June 2023
- of the data subject's right to access their data and came to highlight that the data subject has the right to know whether their personal data are being9 KB (1,089 words) - 15:35, 6 December 2023
- shall apply: α) "personal data" means any information relating to the data subject. Personal data shall not include aggregated data of a statistical nature36 KB (5,761 words) - 17:19, 22 April 2024
- of the personal data in the CKI, the answer to the second preliminary question is therefore, that the data subject whose personal data have been registered29 KB (4,605 words) - 17:00, 15 December 2021
- When the data subject contacts the data controller and demands correction of incorrect personal data, this requires somewhat more of the data controller26 KB (4,150 words) - 16:14, 6 December 2023
- controller. The data subject appealed, requesting an on-site investigation of the data held by the controller. The Court rejected the data subject's appeal48 KB (7,816 words) - 11:04, 29 July 2022
- the processing of genetic data, biometric data aimed at uniquely identifying a natural person, data relating to health or data relating to sexual life or66 KB (10,558 words) - 13:14, 13 December 2023
- CNIL (France) - SAN-2020-009 (section On the violation of the obligation to fairly process personal data)the title "Protection of Banking Data" does not make it easy for the data subjects that this tab refers the personal data protection. On the other hand,48 KB (7,404 words) - 17:09, 6 December 2023
- protection of personal data and the free movement of such data; Considering the law n o 78-17 of January 6, 1978 relating to data processing, files and26 KB (4,050 words) - 17:10, 6 December 2023
- held that data regarding data subjects' presumed affinity to a political party, constitute special category data. This applies even where data is derived27 KB (4,090 words) - 09:54, 10 September 2021
- the website where data is collected personal data through multiple forms, only one informs about the treatment of data, violating data protection regulations29 KB (4,482 words) - 14:06, 5 March 2024
- guaranteeing the minimization of the use of data, so only aggregated data was processed. Only the following data was gathered: Identification of the geographic44 KB (6,642 words) - 10:34, 13 December 2023
- ordered a controller to reply to a data subject's request to delete personal data, to an objection of processing of data for marketing purposes, transfer20 KB (3,078 words) - 13:05, 13 December 2023
- and process personal data of a data subject without complying with general data protection principles such as timely information, access and the principle127 KB (21,484 words) - 17:01, 12 December 2023
- cancel his data from the file of Judicial Incidents and Complaints of Public Bodies, his data had been cancelled, and informing that the cancelled data were26 KB (4,231 words) - 14:44, 13 December 2023
- Where personal data relating to a data subject are obtained from that data subject, the controller shall provide him/her, at the time the data in question20 KB (3,137 words) - 16:51, 12 December 2023
- process the personal data, the processed’ personal data was inaccurate, and these entries should have been deleted after the data subject requested the43 KB (6,671 words) - 08:49, 27 January 2022
- protection of personal data and on the free movement of such data; Having regard to Law No. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual62 KB (10,001 words) - 17:09, 6 December 2023
- not respond to data subject's right to access. The HDPA highlighted that even when the data controller does not keep any record of the data subject's personal12 KB (1,773 words) - 15:33, 6 December 2023
- process the personal data, the processed’ personal data was inaccurate, and these entries should have been deleted after the data subject requested the43 KB (6,677 words) - 08:47, 27 January 2022
- personal data and on the free movement of this data and the repeal of Directive 95/46/EC (hereinafter the Data Protection Regulation), the data subject61 KB (9,876 words) - 21:38, 24 March 2024
- received, the data controller has refused to delete the data in question because, based on the content of the operative parts of the judgments, the data controller42 KB (6,579 words) - 08:46, 27 January 2022
- union, as well as genetic data, biometric data with a view to the undeniable identification of a person, health data or data relating to the sexual life29 KB (4,578 words) - 15:35, 6 December 2023
- of personal data and to the free movement of such data, and repealing Directive 95/46/EC (General Regulation on the free movement of data protection),35 KB (5,853 words) - 16:58, 12 December 2023
- personal data relating to him or her, standardized in Art. 15 GDPR, is part of the “Magna Carta” of the data protection individual rights of the data subject32 KB (5,093 words) - 16:07, 11 September 2022
- the data subject. When balancing these interests, the Board found several matters to support the data subject's erasure request. First, when a data subject36 KB (5,859 words) - 06:40, 6 July 2022
- personal data and on the free movement of such data ; Having regard to Law No. 78-17 of 6 January 1978, as amended, relating to data processing, data files90 KB (14,556 words) - 17:08, 6 December 2023
- of personal data; [...]. 15. "Health data" means personal data relating to the physical or mental health of a natural person, including data relating to67 KB (11,415 words) - 17:15, 12 December 2023
- information in the case, the Data Inspectorate believes that COOP FINNMARK SA has violated the rules in the Personal Data Act, and sees reason to impose49 KB (7,646 words) - 07:56, 7 March 2022
- This resulted in a data breach concerning 533 million people in 106 different countries. The data subject lamented that since the data breach they received39 KB (6,362 words) - 14:01, 22 June 2023
- processing of personal data and to the free movement of these data, and repealing Directive 95/46/EC (General Regulation on the data protection), hereinafter113 KB (17,325 words) - 08:50, 19 March 2024
- standards for processing data for credit scoring purposes in light of Articles 5(1)(c), 5(1)(e) and 6(1)(f) GDPR and held that financial data may be stored for8 KB (987 words) - 10:01, 12 May 2022
- should have been provided to data subject at the data collection stage so that data subjects know that their personal data will be used for an additional8 KB (1,028 words) - 12:49, 24 November 2021
- email address of the Delegate of Data Protection and a link to the website of the Spanish Data Protection Agency Data. The treatment appears in the Registry62 KB (9,703 words) - 13:05, 13 December 2023
- personal data are collected from the data subject 1. Where personal data are collected from the data subject, the controller shall inform the data subject92 KB (15,435 words) - 16:00, 22 March 2022
- to the interests of the data subjects when a decision on [production] must be made which involves the processing of personal data? In such circumstances9 KB (1,372 words) - 10:12, 7 June 2023
- to the processing of personal data and the free movement of such data, and repealing the Directive 95/46 / EC (General Data Protection Regulation) (hereinafter:66 KB (9,458 words) - 19:42, 4 September 2021
- personal data was legitimate. The Italian DPA stroke a balance between freedom of information and right to privacy. Health data are sensitive data covered16 KB (2,354 words) - 15:45, 6 December 2023
- the data subject. The AEPD pointed out a violation of Article 6(1) GDPR by processing data without an adequate basis of legitimacy, since the data subject45 KB (7,135 words) - 13:08, 13 December 2023
- controller included the data subject's data in the 'common credit information system' associating them with the alleged debt. The data subject then filed a26 KB (4,147 words) - 13:27, 13 December 2023
- to a complete overview of all personal data, in a form that enables the data subject to inspect his or her data and to check that they are correct and15 KB (2,504 words) - 16:27, 10 March 2022
- personal data. In response to the request, only one of the controllers provided a copy of the data and stated that the critical personal data had already11 KB (1,492 words) - 13:09, 23 November 2022
- objection allows the data subject, in the cases provided for in the RGPD, to object to the processing of his/her personal data. And the data controller will26 KB (4,032 words) - 14:31, 13 December 2023
- process such special categories of personal data. Also, it was stated that the controller does not use such data for scientific purposes, as claimed, but31 KB (4,648 words) - 13:56, 12 May 2023
- no establishment in the European Union (EU), but processes personal data of EU data subjects. Specifically, it collects online content in which faces appear11 KB (1,452 words) - 17:03, 6 December 2023
- did not specify if the data targeted was exclusively the data relating to the data subject’s private life or the professional data. Furthermore, it stated37 KB (5,765 words) - 09:53, 14 December 2023
- third party also asked the controller to send him two of the data subjects invoices. After the data subject became aware of this change, she filed a complaint27 KB (4,121 words) - 15:06, 13 December 2023
- evidence, it occurred a personal data security breach, categorized as a breach of confidentiality as the data subject’s personal data was improperly exposed by34 KB (5,184 words) - 13:22, 13 December 2023
- video of them (recorded when the data subject was still a minor) and some other implicit mentions to the data subject. The data subject asked the individual22 KB (3,319 words) - 13:00, 13 December 2023
- with the data of the holder (Name, Surname and DNI). If the tenant, or any other person, has made a bad use of the supply point holder's data (data that have39 KB (6,623 words) - 14:08, 13 December 2023
- to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), to that8 KB (1,074 words) - 13:50, 11 August 2022
- personal data of its users (i.e. individuals who have created an account with WhatsApp) as well as the personal data of non-users. Users’ personal data include29 KB (4,384 words) - 16:00, 6 December 2023
- considered personal data. The AEPD, however, dissented and stated that what the data subject asked for was not included within the framework of data protection16 KB (2,362 words) - 13:37, 13 December 2023
- told the data subject that the photograph contained no personal data of his. Therefore, they falsely confirmed that no personal data of the data subject6 KB (695 words) - 16:39, 9 January 2024
- longer harmed. A data subject filed an access request with a transport company regarding the results of a selection process for a job. The data subject did20 KB (3,087 words) - 13:30, 13 December 2023
- informed that the data subject was subject to a claim and that their personal data had been shared with AFS, which was managing the claim. The data subject submitted6 KB (694 words) - 14:25, 20 January 2024
- presented by data processing, in particular as consequence of the accidental or unlawful destruction, loss or alteration of data personal data transmitted79 KB (12,408 words) - 13:24, 13 December 2023
- of the data must be taken into account. personal data, such as the accidental or unlawful destruction, loss or alteration of data personal data transmitted270 KB (43,335 words) - 12:39, 13 December 2023
- of personal data in the case, summarized below. The DPA described various categories of personal data processing: Objective personal data about healthcare16 KB (2,111 words) - 06:21, 6 March 2022
- information from the data subject's doctor in the form of a medical report, which was then distributed to the data subject's coworkers. The data subject believed14 KB (1,916 words) - 16:03, 2 February 2024
- status as unemployed. The data subject had requested from the data controller information on how and why their personal data was processed but did not12 KB (1,733 words) - 15:34, 6 December 2023
- personal data, cf. the Privacy Ordinance Article 4 No. 2 and the Personal Data Act § 1. Article 6 (1) of the Privacy Regulation requires that the data controller40 KB (5,943 words) - 18:54, 5 March 2022
- encompassed public data or personal data contained in an official public document, as is the case, for example, with the NIF, as well as fiscal data that does not6 KB (657 words) - 10:02, 6 October 2021
- available a substantial amount of personal data, as in this case. Hence, the DPA ruled that the processing of personal data, in particular of children was in breach36 KB (5,598 words) - 10:15, 8 February 2023
- processing, which led to a data breach, affecting 99,623 data subjects, and imposed a fine of €13,000. Billing information of the affected data subjects was wrongfully7 KB (900 words) - 15:18, 13 December 2023
- provide the data subject with all the information referred to in Articles 13 and 14 of the GDPR in order to inform the data subject that his or her data are to54 KB (8,916 words) - 15:22, 22 February 2022
- unlawfully processed personal data after the cancellation of an energy and gas supply contract. On 14 July 2021 the data subject mistakenly signed a contract32 KB (4,952 words) - 13:11, 13 December 2023
- parties outweighed the data subject's interests. The controller is Google and the data subject is a plastic surgeon. One of data subject's patients filed5 KB (641 words) - 10:50, 28 February 2022
- sensitive data. Article 10 of the GDPR refers to these data collections which are capable to give rise to social disapproval. The at-issue grant of data access12 KB (1,792 words) - 18:13, 1 February 2023
- headquarters of the data subject, during which a total of 16 random samples were taken from the data stock of the data subject and the data subject informed36 KB (5,810 words) - 13:09, 21 January 2022
- disclosed personal data of one of its members in a Whatsapp group was fined €3,000 for violating Articles 5(1)(f) and 32 GDPR. The data subject was a member22 KB (3,386 words) - 16:05, 13 December 2023
- rejected a data subject's access request to obtain information on the reasoning behind adjustments made to their health insurance premiums, as the data subject17 KB (2,758 words) - 14:10, 15 December 2021
- collection and processing of the data subject's voice, i.e., their personal data. Therefore, the controller processed such personal data without a legitimate basis74 KB (11,726 words) - 13:02, 13 December 2023
- constituted a transfer of personal data. 47The data transfer was based on Art.6 Para. 1 GDPR, which stipulates the legality of Data processing determined, unlawful27 KB (4,216 words) - 13:26, 8 January 2024
- image of a person is personal data within the meaning of Article 4(1) GDPR. Therefore, their processing is subject to data protection regulations. The DPA22 KB (3,427 words) - 13:26, 13 December 2023
- individuals with regard to the processing of personal data and on the free movement of such data ("General Data Protection Regulation" - hereinafter, the "Regulation")9 KB (1,280 words) - 15:53, 6 December 2023
- removing sensitive data). Notably, the published information, whilst removing what was obviously special categories of personal data, would still include6 KB (522 words) - 13:15, 1 June 2023
- the ads displayed to the data subject in the App Store would be personalized using this data. If this setting was disabled, data subjects would receive an82 KB (13,463 words) - 17:03, 6 December 2023
- certain personal data to a tax authority, as long as there is a clear legal basis in national law for such a type of data transfer and the data requested are8 KB (1,081 words) - 13:13, 1 June 2023
- Spanish Protection Agency of data. Likewise, article 63.2 of the LOPDGDD determines that: "The procedures processed by the Spanish Data Protection Agency will35 KB (5,475 words) - 13:21, 13 December 2023
- of the data. Article 13 GDPR “Information that must be provided when personal data are obtained from the interested party." 1. When personal data relating22 KB (3,303 words) - 13:28, 13 December 2023
- policy for data subjects to request access to their data and this procedure had not been followed. The Hellenic DPA acknowledged the fact that the data subject6 KB (634 words) - 17:48, 17 July 2023
- with regard to the processing of personal data, as well as the free circulation of such data ("General Data Protection Regulation" - hereinafter, the "Regulations");17 KB (2,519 words) - 15:55, 6 December 2023
- EUR fine on a municipal golf centre for violation of a data subject's right of access under the data protection legislation prior to the GDPR. The complainant19 KB (3,034 words) - 15:33, 6 December 2023
- Greek original for more details. PROTECTION OF PERSONAL DATA 38/2020 (Department) The Personal Data Protection Authority met in a department composition at14 KB (2,070 words) - 15:38, 6 December 2023
- processing of personal data and on the free movement of such data. Satakunnan Markkinapörssi Oy collected for its own use tax data on individuals available5 KB (663 words) - 08:15, 27 April 2023
- area without information of the data controller, the purpose of the system and the proper address for the exercise of data subject's rights. The Spanish22 KB (3,257 words) - 13:28, 13 December 2023
- personal data and to the free movement of such data, and repealing Directive 95/46/EC (General Regulation on the free movement of data). Data Protection)131 KB (22,429 words) - 16:57, 12 December 2023
- Please refer to the Norwegian original for more details. The Data Inspectorate's reference: The Data Inspectorate's reference: 20 / 02178-10 The Privacy Board's25 KB (4,046 words) - 18:37, 5 March 2022
- Greek original for more details. PROTECTION OF PERSONAL DATA 37/2020 (Department) The Personal Data Protection Authority met in a department composition at14 KB (2,127 words) - 15:37, 6 December 2023
- the French Data Protection Act The DPA explained that Article 82 of the French Data Protection Act required the provider to ask consent of data subjects73 KB (11,864 words) - 17:03, 6 December 2023
- to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter16 KB (2,492 words) - 15:59, 6 December 2023
- twice via e-mail all data that the Centre as data controller held on his minor child. The controller refused to provide the data because of the complainant's18 KB (2,865 words) - 15:33, 6 December 2023
- presented by data processing, in particular as consequence of the accidental or unlawful destruction, loss or alteration of data personal data transmitted33 KB (4,835 words) - 13:26, 13 December 2023
- if personal data are collected by the data subject) and 14 (concerning information provided if personal data are not collected from the data subject) of45 KB (7,165 words) - 15:22, 22 February 2022
- the personal data protection in written form. The Greek DPA deals with certain requirements of lawfulness of CCTV systems. The Greek Data Protection Officer6 KB (719 words) - 15:36, 6 December 2023
- "correction" of "incorrect" data (or, if applicable, alternatively a claim for deletion of data due to "unlawful data processing"), it is the data subject who wishes112 KB (19,310 words) - 08:08, 23 June 2022
- fundamental rights and freedoms of the data subject prevail require the protection of personal data, in particular when the data subject is a child. The provisions75 KB (12,421 words) - 13:23, 13 December 2023
- Independent Data Protection Authorities of Germany (Datenschutzkonferenz or "DSK") is a body that deals with and comments on current issues of data protection1 KB (88 words) - 08:43, 14 April 2022
- used by 3802 persons. The application collected the following personal data from data subjects: their national identity number, geographical location, residential9 KB (1,234 words) - 12:48, 25 January 2024
- candidate €2000 for processing personal data for the purpose of political communication via email without the data subject's consent. The complainant received3 KB (228 words) - 08:44, 23 November 2021
- to prove, that processing of that data was done in compliance with GDPR and ensuring security and integrity of the data processing techniques used and verify7 KB (810 words) - 15:52, 6 December 2023
- personal data of others. In reaction to this refusal, the doctor filed a complaint with the APD/GBA. If an external expert examines personal data at the7 KB (890 words) - 16:58, 12 December 2023
- party ‘draws strongly’ from it. A data subject was refused a loan after Schufa (the controller) had provided the data subject’s bank with a negative credit6 KB (783 words) - 16:05, 12 December 2023
- (criticality) and scope of the data concerned (loc. cit., marginal 105 f.) but also the imminent consequences of the data processing for the data subject (loc. cit121 KB (20,412 words) - 15:58, 10 March 2022
- facilitate the compliance of personal data processing with the texts relating to the protection of personal data. It was in this context the DPA had issued120 KB (19,650 words) - 09:00, 6 April 2022
- (criticality) and scope of the data concerned (loc. cit., marginal 105 f.) but also the imminent consequences of the data processing for the data subject (loc. cit143 KB (24,273 words) - 15:59, 10 March 2022
- Spanish law for sanction procedures. The Spanish Tax authority did not hold any data on the controller either and therefore it was not possible to launch a sanction10 KB (1,288 words) - 13:39, 13 December 2023
- parent's additional request for the school to erase their son's personal data pertaining to his religious beliefs was also rejected, while the complainant12 KB (1,464 words) - 15:37, 6 December 2023
- with Autoriteit Persoonsgegevens against a data broker called Focum. In his view, Focum processed his data unlawfully and wrongly rejected his erasure25 KB (3,954 words) - 13:39, 16 November 2020
- Hellenic Data Protection Authority (HDPA) fined politician € 2.500 for sending unsolicited political SMSs to people without their consent. Data subjects2 KB (168 words) - 15:35, 6 December 2023
- in connection with cross-border data processing if it is not the lead supervisory authority for that cross-border data processing? (2) Does the answer10 KB (1,311 words) - 15:26, 13 June 2023
- Affairs as being the data controller according to VIS Regulation and VIS Decision. VIS is an information system for exchanging data among states within3 KB (224 words) - 15:35, 6 December 2023
- physician (pediatrician), because of her refusal to satisfy a data access request to health data of a minor, coming from his father who was separated from3 KB (293 words) - 17:15, 3 March 2022
- the context of a previous similar contact with the data subjects, not necessarily political, the data subjects have been informed that they will be contacted5 KB (613 words) - 15:34, 6 December 2023
- individuals with regard to the processing of personal data and on the free movement of such data (OJ 1995 L 281, p. 31; 'DSRL 95/46/EC'), which required133 KB (21,944 words) - 15:59, 22 March 2022
- persons in the Processing of personal data, free movement of data and repeal of Directive 95/46/EC (General Data Protection Regulation - GDPR). The defendant40 KB (6,325 words) - 16:12, 18 May 2022
- of personal data has a legal basis. After investigating a complaint about the use of a surveillance camera in the salon premises, the Data Inspectorate's7 KB (801 words) - 06:28, 6 March 2022
- persons in processing of personal data, on the free movement of data and on the repeal of Directive 95/46/EC (General Data Protection Regulation - Regulation14 KB (1,999 words) - 14:20, 18 July 2023
- processing of personal data and concerning the free movement of such data and repealing Directive 95/46/EC (General Regulation data protection) * "In exceptional25 KB (3,812 words) - 10:03, 20 August 2021
- Recital 63 is to enable the data subject to be aware of, and verify, the lawfulness of the processing. The court ruled that the data subject was obviously not24 KB (3,847 words) - 15:19, 11 September 2022
- held that the politician is a data controller under the GDPR and needs to establish a valid legal basis to process personal data. Unsolicited political communication56 KB (7,755 words) - 15:39, 6 December 2023
- legal basis, information to the data subject and the duty to assess the employee's protest. . On the basis of this, the Data Inspectorate has decided that7 KB (802 words) - 18:53, 17 May 2022
- the musician. Is data portability applicable here? In this context, are all the data of the fanpage to be considered as personal data concerning the musician96 KB (15,396 words) - 16:50, 12 December 2023
- identity of the data subject and thus check whether the data subject's personal data can be found in the data controller's registers. The data controller's31 KB (4,693 words) - 11:50, 6 March 2024
- processes purchase data. The principle of data minimization does not mean that as little data as possible is collected, but that the collected data should be limited61 KB (9,477 words) - 13:38, 12 January 2024
- personal data. The data collection page of the form contained the following information text: express consent. ". The data provided by the Data Controller67 KB (10,815 words) - 10:11, 17 November 2023
- name and address data in the context of the request for data provision from the personal data and address register to the Personal Data and Licensing Department140 KB (23,189 words) - 08:25, 20 February 2024
- the employees' location data, the controller processed the personal data in violation of the principles of lawfulness and data minimisation. On the basis39 KB (6,038 words) - 17:39, 29 April 2024
- was its data processing continues to harm Data Subject 1 and Data Subject 2 (hereinafter collectively: Data Subjects), also the rights of other data subjects69 KB (11,255 words) - 10:08, 17 November 2023
- general data protection statement shall inform the processing of data in so far as such data do not survive security camera surveillance detailed data protection111 KB (17,604 words) - 13:08, 3 March 2024
- reform of Union data protection law, the Personal Data Protection Act (523/1999) on personal data protection was repealed by the Data Protection Act (1050/2018)41 KB (6,220 words) - 09:48, 17 November 2023
- controller's] data protection principles -> Data protection officer's contact information. According to the data controller, if necessary, the data protection21 KB (3,097 words) - 13:40, 12 January 2024
- measures. Insofar data processing concerns only personal data, that does not qualify as special categories of personal data (such as health data under Article25 KB (3,096 words) - 17:48, 25 November 2021
- provisions on data management for marketing purposes with the provisions on data management (or create a separate data management information sheet for data management24 KB (3,815 words) - 10:11, 17 November 2023
- paragraph 63 of the General Data Protection Regulation, the data subject's right to access personal data includes the data subject's right to gain access21 KB (3,204 words) - 13:37, 12 January 2024
- General Data Protection Regulation, he or she is involved in a data protection incident the general data protection regulation applies to data processing67 KB (10,492 words) - 10:11, 17 November 2023
- that the data subject had already received the requested data and information on 28 October 2018. Complaint 2: Polish data subject 1 This Polish data subject42 KB (5,838 words) - 10:27, 13 December 2023
- of the General Data Protection Regulation to refuse the data subject's request for data deletion. Decision and reasons of the Deputy Data Protection Commissioner25 KB (3,865 words) - 21:38, 20 May 2024
- (f) of the General Data Protection Regulation(Also in relation to Data Management 1 and Data Management 2) is that the Applicant as data controllercarry out192 KB (30,170 words) - 10:11, 17 November 2023
- processing of personal data in a specific case if there is a clear bias between the data subject and the data controller, in particular if the data controller is46 KB (7,192 words) - 12:37, 19 December 2023
- the General Data Protection Regulation, the data subject has the right to have the data controller delete personal data concerning the data subject without56 KB (8,980 words) - 08:47, 4 March 2024
- to (2) of the General Data Protection Regulation: '1. Where personal data concerning a data subject are collected from the data subject, the controller58 KB (9,413 words) - 10:11, 17 November 2023
- involved in the data controller's processing of personal data. Thus, the data controller has a duty to identify the risks that the data controller's processing20 KB (3,045 words) - 16:40, 6 December 2023
- access to all the data in the main database of the National Health Data System. The data controller undertakes to only process data that is relevant, adequate46 KB (7,106 words) - 17:06, 6 December 2023
- transfers of personal data to insecure third countries, are in line with the GDPR. Describe all data flows and identify the personal data that are shared with25 KB (3,660 words) - 08:42, 14 September 2022
- Telecommunications providers' processing of personal data is regulated in both the Data Protection Regulation and the Data Protection Act as well as telecommunications33 KB (5,177 words) - 16:23, 6 December 2023
- personal data by the controller. In March 2019, the complainant withdrew his consent to the processing of personal data. Rejsekort then informed the data subject24 KB (3,763 words) - 16:23, 6 December 2023
- 1) the data processor has verified that there is a legal basis for data transmission; 2) the data processor has checked the correctness of the data; 3) the23 KB (3,657 words) - 11:23, 17 April 2024
- personal data for direct marketing requires the data subject's consent. Since there was no legal basis to disclose the students' personal data, the controller20 KB (2,859 words) - 13:11, 13 March 2024
- 64 of the Data Protection Regulation, Data Protection Supervisor's Guide on the rights of data subjects, section 2.6 and report 1565 on the Data Protection18 KB (2,773 words) - 16:22, 6 December 2023
- 6 (1) (a) of the Data Protection Regulation on consent. 3.2 The duty of disclosure When collecting personal data on data subjects, data controllers must18 KB (2,667 words) - 16:29, 6 December 2023
- unlikely that annual cardholders data were exposed to unauthorized parties. The Zoo partially notified the data breach to data subjects on 3 January 2020 via33 KB (5,347 words) - 16:39, 6 December 2023
- the data protection commissioner emphasized the risks posed to the data subject by the processing of the personal data in question. 9. The Data Protection71 KB (11,552 words) - 13:40, 12 January 2024
- involved in the data controller's processing of personal data. Thus, the data controller has a duty to identify the risks that the data controller's processing46 KB (7,343 words) - 16:39, 6 December 2023
- processing of personal data comes from Article 5(1)(c) of the Data Protection Regulation (minimization of data), according to which personal data must be appropriate54 KB (8,279 words) - 13:53, 21 March 2024
- request for deletion, data subject was asked to fill in an online form where data subject had to provide even more personal data. Data subject refused and28 KB (4,501 words) - 13:07, 3 March 2024
- Article 23 of the Data Regulation and Article 26 of the Personal Data Processing Law define the data restrictions on the rights of data subjects and their90 KB (14,351 words) - 16:10, 6 December 2023
- personal data and on the free movement of such data, and repealing Directive 96/46 / EC [general regulation on data protection], in: General Data Protection156 KB (25,012 words) - 10:01, 17 November 2023
- shipment data, usage data, document content data, identification data (e.g. ID card data, company register number, KSV number, UJD number), image data. The conclusion69 KB (11,077 words) - 16:48, 7 March 2022
- and practically applicable to both the data controller / data processor and to the Data Inspectorate. The Danish Data Protection Auhtority thus emphasizes21 KB (3,119 words) - 16:22, 6 December 2023
- assess whether it was possible to use anonymized data or a narrower data selection. The personal data was exposed online in a total of 87 days. As soon50 KB (8,081 words) - 18:52, 5 March 2022
- and freedoms of the data subjects. Not having already informed the data subjects of the breach of the personal data security, the Data Inspectorate has,21 KB (2,901 words) - 16:37, 6 December 2023
- the data processing services personal data will instruct the data importer to process the personal data transferred only at the expense of the data exporter83 KB (12,999 words) - 15:30, 6 March 2024
- inherent in the data controller's processing of personal data. In the opinion of the Data Inspectorate, this means, among other things, that as data controller27 KB (4,231 words) - 16:38, 6 December 2023
- the General Data Protection Regulation, the data subject has the right to have the data controller delete the personal data concerning the data subject without19 KB (2,951 words) - 12:30, 23 April 2024
- personal data controller or personal data assistant has done to limit the effects of the infringement, and if the data controller or the personal data assistant43 KB (4,945 words) - 15:22, 6 December 2023
- of the personal data after the data subject contacted the controller, as another legal basis was already relied upon to process the data. Datatilsynet examined26 KB (4,157 words) - 16:23, 6 December 2023
- concerning both personal data processing Personal data responsibility The Regional Board is responsible for personal data for the personal data processing that43 KB (4,600 words) - 17:08, 23 March 2022
- to notify a personal data breach without undue delay to data subjects. In May 2020, the authority was notified of a personal data breach. It consisted47 KB (7,608 words) - 10:00, 17 November 2023
- sensitive data or data of a highly personal nature; processing of data on a large scale; and processing personal data concerning vulnerable data subjects129 KB (17,281 words) - 14:57, 10 April 2024
- Sections 1 and 2 of the Data Protection Regulation. According to the data provided by the data protection officer to the data protection officer's office25 KB (3,734 words) - 19:37, 27 March 2024
- 15 and 16 August 2019, respectively, the data controllers reported breaches of personal data to the Danish Data Protection Agency, as they had become aware14 KB (2,119 words) - 16:36, 6 December 2023
- health data.) The Deputy Data Protection Commissioner directs the data controller to note that the data security risks associated with the data controller's25 KB (3,651 words) - 09:37, 3 April 2024
- a data subject is collected from the data subject, the data controller at the time when the personal data is collected, gives the data subject all of the27 KB (4,300 words) - 16:36, 6 December 2023
- scope of data which was unauthorized disclosure constitutes basic data, not behavioral data (falling within the scope of the so-called behavioral data). We50 KB (8,066 words) - 10:00, 17 November 2023
- this does not mean that these data may be re-used and disclosed for any purpose. Data that is disclosed in the open data portal can be unrestricted reused16 KB (2,456 words) - 10:29, 13 December 2023
- the data subject was suspected of cheating. It is not clear from the decision if the data subject was banned from the game. On 30 May 2019, the data subject26 KB (3,820 words) - 16:22, 6 December 2023
- personal data of the applicant. The data controller has refused to delete the data due to the data subject's obligation to retain personal data. Statement20 KB (3,108 words) - 13:02, 3 March 2024
- appointment of a data protection officer. The data protection officer has the task of ensuring effective self-monitoring of the data protection regulations48 KB (7,320 words) - 12:44, 4 October 2021
- regarding the notification of DPA and data subjects about a data breach. Share your comments here! The communication to the data subjects by waste management company63 KB (10,088 words) - 09:52, 17 November 2023
- restricted if the data controller no longer needs the personal data data for data processing purposes, but the data subject requests them for legal claims60 KB (9,820 words) - 10:08, 17 November 2023
- and informed. The Data Protection Commissioner considers that the data controller had informed the data subjects that their personal data would be processed13 KB (1,847 words) - 15:52, 11 December 2023
- collect data on the customer for the purposes stated by the restaurant? The DSB held, that the data provided by the customer qualify as health data under50 KB (8,015 words) - 13:52, 12 May 2023
- disclosure or access to personal data of transferred, stored or otherwise processed personal data. A legal question The Deputy Data Protection Commissioner assesses14 KB (1,978 words) - 16:09, 21 February 2024
- the categories of data subjects and personal data registers concerned and, approximately, the number data subjects and personal data registers concerned;82 KB (13,250 words) - 16:57, 12 December 2023
- processing of personal data and on the free movement of such data (the Data Protection Act). [3] Reference is made to section 7 of the Danish Data Protection Agency's26 KB (3,931 words) - 16:25, 6 December 2023
- according to its privacy policy. Could a data controller limit the access right to personal data because these personal data are include in a internal document33 KB (5,189 words) - 16:23, 6 December 2023
- § of the Data Protection Act and Article 83 (4) and 83 (5) of the Data Protection Ordinance. If a personal data controller or a personal data assistant47 KB (5,207 words) - 18:51, 21 March 2022
- protection of personal data do not override the data controller's legitimate interest in processing personal data, especially if the data subject is a child45 KB (5,016 words) - 14:14, 21 March 2024
- of which the data controller has an obligation to ensure that the data controller's processing of personal data is transparent to the data subject (s).40 KB (6,369 words) - 16:39, 6 December 2023
- available to the data processor. It also follows from Article 32 (1) of the Data Protection Regulation 1, that the data controller and the data processor must18 KB (2,710 words) - 16:34, 6 December 2023
- affected data subjects and categories of data which had been stolen. The controller alleged that it had orally informed the data subjects about the data breach105 KB (17,237 words) - 09:22, 10 May 2023
- General Data Protection Regulation, the data subject is entitled to: receive feedback from the data controller on the processing of your personal data is in27 KB (4,159 words) - 10:13, 17 November 2023
- GDPR, when personal data are processed by the data controller the data controller must inform the data subject when the personal data are obtained directly61 KB (9,973 words) - 13:55, 13 December 2023
- personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation), personal data must be processed43 KB (6,678 words) - 08:41, 4 March 2024
- provide the data subject with their personal data? The DPA held that Google had not provided the Claimant with a substantive response to their data subject27 KB (4,279 words) - 10:12, 17 November 2023
- processing of health data for the purpose of performing a contract. According to Article 9 (2) (a) of the GDPR, health data may be processed if data subjects give72 KB (11,159 words) - 10:09, 17 November 2023
- personal data and on the free movement of such data (Personal Data Directive). The Personal Data Directive has been repealed by the General Data Protection29 KB (4,610 words) - 13:07, 3 March 2024
- communicate a personal data breach to all affected data subjects due to a lack of contact data. Following the disclosure of a data breach, the controller8 KB (1,064 words) - 09:48, 17 November 2023
- 2 (1) of the General Data Protection Regulation, the Regulation covers data management and data processing that concerns the data of a natural person.33 KB (5,033 words) - 10:12, 17 November 2023
- persons when processing personal data Data, the free movement of data and the repeal of Directive 95/46/EC (General Data Protection Regulation) - GDPR reads:87 KB (14,194 words) - 10:07, 15 February 2024
- inform data subject's about the processing of their data; It failed to perform an assessment of the impact of the processing of biometric data, in violation53 KB (2,523 words) - 09:19, 17 November 2023
- individuals in connection with the processing of personal data and on the free movement of such data data and repealing Directive 95/46/EC (hereinafter referred17 KB (2,433 words) - 15:45, 30 October 2023
- with the data subject. Does the unavailability of personal data constitute a data breach? The Cyprus DPA held that unavailability of personal data constitutes61 KB (9,412 words) - 16:52, 6 December 2023
- review of data, including content in free-text fields, to determine which data controllers and data subjects were affected. The fact that some data controllers14 KB (1,696 words) - 16:30, 6 December 2023
- operations performed on the personal data are considered data processing. A separate issue is that personal data and data processing are related only to the48 KB (7,727 words) - 10:11, 17 November 2023
- transparent processing of personal data, and especially the data minimisation principle. The Croatian DPA decided to reprimand the data controller. Share blogs or20 KB (3,166 words) - 15:36, 30 October 2023
- should be considered a data processor. The DPA pointed out that the lack of a written agreement between the data controller and the data processor represented16 KB (2,367 words) - 10:06, 17 November 2023
- for processing of her personal data did not cover the communication of this data on Instagram. Does the doctor, as data controller, need the patient's2 KB (151 words) - 16:53, 6 December 2023
- The AEPD found that a data controller may not require from the data subject to collect the personal data requested himself or on his behalf if it can be17 KB (2,691 words) - 14:52, 13 December 2023
- the categories of data subjects and personal data registers concerned and, approximately, the number of data subjects and personal data registers concerned;35 KB (5,526 words) - 16:56, 12 December 2023
- obligation to inform the data subject when the personal data is not obtained from the data subject. Regarding the collection of data subjects' names and their13 KB (1,936 words) - 16:37, 6 December 2023
- access to the user's data that has been processed outside the user's Google account; certain information on data recipients and data sources as far as those107 KB (17,615 words) - 09:42, 10 September 2021
- the Norwegian Data Protection Authority. The Norwegian Data Protection Authority informed A in an e-mail the same day that the Norwegian Data Protection Authority24 KB (3,609 words) - 09:07, 20 January 2023
- to obtain the erasure of data, the right to the rectification of data or to object to processing of personal data (12 630 data subjects have exercised this52 KB (8,444 words) - 10:01, 17 November 2023
- whether the Respondent had the right to process data , ADP confirmed that processing of data for building data models constitutes processing for a new purpose46 KB (7,313 words) - 10:11, 16 May 2024
- processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general regulation on data protection) (Journal of51 KB (8,322 words) - 09:51, 17 November 2023
- GDPR; 4. The data controller did not inform the data subjects in a transparent and prescribed manner about the processing of their health data in the privacy13 KB (1,934 words) - 20:55, 1 November 2023
- of personal data and on the free movement of such data and repealing Directive 95/46 / EC: General Data Protection Regulation personal data must be processed18 KB (2,722 words) - 15:26, 30 October 2023
- regulation. The data protection regulation is specified in the national data protection act (1050/2018). According to Article 5(1)(c) of the Data Protection15 KB (2,137 words) - 20:18, 27 March 2024
- and the “data processing and freedoms” law. On the duration of data retention: The data will be accessible for five years. Beyond that, the data will be18 KB (2,536 words) - 17:11, 6 December 2023
- personal data and the right of the data subject to have their personal data deleted Keywords: access to information the right to be forgotten data deletion15 KB (2,249 words) - 13:05, 3 March 2024
- personal data of a data subject as the data was not publicly available and the public interest did not prevail over the right to privacy of the data subject19 KB (2,955 words) - 16:29, 5 December 2023
- CE - N° 429571 (section On the alleged confusion of credit card data with special categories of data)card data as a special category of personal data (Article 9 GDPR)? Does the data controller have a legitimate interest to process credit card data of recurring19 KB (2,790 words) - 09:50, 10 September 2021
- of data subjects about their personal data. Likewise, the categories of the recipients of the personal data not sufficiently clearly defined. Data subjects113 KB (18,732 words) - 16:50, 12 December 2023
- to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation ) (Journal60 KB (9,755 words) - 09:58, 17 November 2023