Search results
From GDPRhub
- Article 5 GDPR (category GDPR Articles)under Article 6(4) GDPR and further processing for a compatible purpose under Article 6(4) GDPR. See the commentary on Article 6(4) GDPR for details on the51 KB (6,355 words) - 08:25, 18 April 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)Charter, Article 5(1)(a) GDPR and Article 6(1) GDPR. At the same time Article 6(4) GDPR clearly only further defines Article 5(1)(b) GDPR. Against the clear108 KB (17,005 words) - 15:39, 18 March 2024
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)(Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data portability46 KB (5,825 words) - 11:12, 7 November 2023
- Article 4 GDPR (category GDPR Articles)(Article 4(20) GDPR, Article 47 GDPR); The data transfer for internal administrative purposes (Article 6(1)(f) GDPR) with Recital 48 GDPR); The determination125 KB (16,328 words) - 16:01, 8 March 2024
- Article 12 GDPR (category GDPR Articles)dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 32 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 32 GDPR, p. 636 (Oxford University Press 2020). Jandt, in Kühling, Buchner, DS-GVO BDSG, Article 32 GDPR, margin number41 KB (5,197 words) - 12:17, 17 April 2024
- Article 15 GDPR (category GDPR Articles)of Articles 13 or 14 GDPR and Article 15(1) GDPR often overlaps, the controller has a different obligation under Article 15 GDPR to include the ex-post73 KB (9,896 words) - 15:46, 18 March 2024
- Article 13 GDPR (category GDPR Articles)rights under the GDPR, when relevant information is provided. Article 13 GDPR embodies the principle of transparency in Article 5(1)(a) GDPR, outlining the71 KB (9,532 words) - 13:30, 6 March 2024
- Spain. The AEPD is an independent public body in charge of enforcing the GDPR in Spain. Its head office is in Madrid. The requirement to have a data protection4 KB (386 words) - 15:29, 3 September 2021
- Article 17 GDPR (category GDPR Articles)(Article 12(1) GDPR), facilitate the data subject (Article 12(2) GDPR), respond and communicate the measures taken (Article 12(3) and (4) GDPR), the principle61 KB (8,488 words) - 15:47, 18 March 2024
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)the SA pursuant to Article 58(2) GDPR or failure to provide access in violation of Article 58(1) GDPR. Article 83(6) GDPR is a superfluous provision and55 KB (7,622 words) - 14:04, 7 November 2023
- of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific legal44 KB (5,905 words) - 14:00, 24 October 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)Article 25 GDPR or Article 32 GDPR. This provision assigns a proactive role to the controller who has to ensure compliance with the GDPR at all stages30 KB (3,458 words) - 10:31, 25 April 2024
- Article 21 GDPR (category GDPR Articles)21(3) GDPR and Article 17 GDPR on the right to erasure must be considered. The tight relationship between Article 21(3) and Article 17(1)(c) GDPR seems49 KB (5,993 words) - 06:22, 16 June 2023
- Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR. While Article47 KB (5,644 words) - 17:49, 5 March 2024
- Article 25 GDPR (category GDPR Articles)since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- Garante per la protezione dei dati personali (Italy) (section Complaints Procedure under Art 77 GDPR)protezione dei dati personali) resides in Rome and is in charge of enforcing GDPR and Directive 2002/58/CE (e-Privacy Directive) in Italy. The Garante is a7 KB (808 words) - 08:17, 16 February 2023
- Article 7 GDPR (category GDPR Articles)Regulation (GDPR), Article 7 GDPR, p. 350 (Oxford University Press 2020). Heckmann, Paschke, in Ehmann, Selmayr, Datenschutz-Grundverordnung, Article 7 GDPR, margin31 KB (3,489 words) - 16:00, 8 March 2024
- compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor should72 KB (9,140 words) - 13:12, 2 June 2023
- Article 33 GDPR (category GDPR Articles)Article 28 of the GDPR. Article 33(2) GDPR instructs processors to notify controllers once they become “aware” of a personal data breach. The GDPR does not elaborate54 KB (6,536 words) - 08:22, 16 June 2023
- Article 82 GDPR – like almost all provisions of the GDPR – is directly applicable in all Member States without any act of implementation. Article 82 GDPR leaves33 KB (4,215 words) - 09:57, 19 March 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA is also60 KB (7,796 words) - 20:12, 1 April 2024
- Authority for Belgium. It resides in Brussels and is in charge of enforcing GDPR in Belgium. The DPA consists of five bodies and an Executive Committee. The9 KB (993 words) - 07:10, 28 July 2022
- Article 35 GDPR (category GDPR Articles)of the most innovative elements in the GDPR related to the accountability principle (see Articles 5(2) and 24 GDPR). This provision regulates the cases in52 KB (7,297 words) - 08:05, 18 July 2023
- Article 60 GDPR (category GDPR Articles)resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in cross-border35 KB (4,017 words) - 16:04, 18 March 2024
- Article 77 GDPR (category GDPR Articles)compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Article 2 GDPR (category GDPR Articles)processing of personal data of deceased persons. Article 2 GDPR sets out the material scope of the GDPR. Paragraph 1 clarifies that the Regulation applies to34 KB (4,652 words) - 12:07, 12 November 2023
- Article 34 GDPR (category GDPR Articles)meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- Authority for Denmark. It resides in Copenhagen and is in charge of enforcing GDPR in Denmark. Datatilsynet is made up of the Data Council (Datarådet) and a6 KB (605 words) - 14:08, 27 April 2021
- Authority for Romania. It resides in Bucharest and is in charge of enforcing GDPR in Romania. The Romanian DPA is a public authority with legal personality3 KB (270 words) - 08:26, 2 April 2021
- Article 22 GDPR (category GDPR Articles)22(2)(c) GDPR. Finally, decisions based on explicit consent are also subjected to the safeguards laid down in Article 22(3) GDPR. Article 22(3) GDPR lays down31 KB (4,768 words) - 06:24, 16 June 2023
- Article 30 GDPR (category GDPR Articles)provisions of the GDPR require the controller to keep track of individual recipients. For example, Article 15(1)(c) GDPR and Article 19 GDPR require the disclosure31 KB (3,327 words) - 15:31, 5 June 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))(Article 12 GDPR), information (Articles 13 and 14 GDPR), access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction44 KB (4,896 words) - 06:25, 16 June 2023
- Article 46 GDPR (category GDPR Articles)(Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR) and the34 KB (3,646 words) - 08:53, 27 March 2023
- Article 37 GDPR (category GDPR Articles)Article 9 GDPR or Article 10 GDPR data on a large-scale. A DPO is always required when processing is carried out by a public authority or body. The GDPR does43 KB (4,904 words) - 12:59, 21 July 2023
- Article 16 GDPR (category GDPR Articles)5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article 16 GDPR, titled23 KB (2,489 words) - 23:24, 6 March 2024
- Authority for Iceland. It resides in Reykjavík and is in charge of enforcing GDPR in Iceland. You can help us filling this section! You can help us filling2 KB (139 words) - 15:11, 1 December 2020
- Article 55 GDPR (category GDPR Articles)application of the GDPR from Article 3 GDPR confirming that there is always a SA competent to supervise and enforce the application of the GDPR whenever it applies35 KB (3,971 words) - 21:34, 1 April 2024
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)their rights under the GDPR, (ii) as a result of the processing of their personal data in non-compliance with the GDPR. Article 79 GDPR is a data subject right31 KB (3,550 words) - 11:11, 29 November 2023
- Article 38 GDPR (category GDPR Articles)Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Article 44 GDPR (category GDPR Articles)important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)prevention (Article 23(1)(a-j) GDPR) allow for far fewer GDPR restrictions than those granted by freedom of expression. Article 85(2) GDPR poses one condition for33 KB (3,748 words) - 14:25, 7 November 2023
- Article 36 GDPR (category GDPR Articles)(Article 36(3)(c) GDPR); the contact details of the Data Protection Officer (DPO) (Article 36(3)(d) GDPR); a copy of the DPIA (Article 36(3)(e) GDPR) as well as31 KB (3,646 words) - 08:51, 21 July 2023
- Article 10 GDPR (category GDPR Articles)the scope of the LED from the scope of the GDPR. Article 10 GDPR is intended to extend the protection of the GDPR to the processing of certain criminal data17 KB (1,768 words) - 15:41, 18 March 2024
- occurs when the GDPR simply refers to applicable national law as a preliminary question under a GDPR provision. In some situations where the GDPR refers to national37 KB (4,635 words) - 13:29, 24 October 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not make any32 KB (3,730 words) - 08:43, 7 March 2024
- 57 GDPR should be deemed inadmissible for the purposes of Article 31 GDPR. Article 31 GDPR can be read as a supporting provision to Article 58 GDPR. In22 KB (2,042 words) - 14:29, 20 November 2023
- deals with processing within the scope of the GDPR. Part 2 deals with processing outside of the scope of the GDPR. Part 3 deals with processing by competent18 KB (2,488 words) - 15:22, 14 December 2021
- Authority for Greece. It resides in Athens and is in charge of enforcing GDPR in Greece, the Greek Data Protection Act 2019, the ePrivacy Directive implementation23 KB (2,039 words) - 08:15, 25 April 2024
- Article 78 GDPR (category GDPR Articles)or infringes the GDPR or any other applicable laws, including national ones. See commentary under Article 77 GDPR. Article 78(1) GDPR establishes both30 KB (3,874 words) - 10:46, 7 December 2023
- Article 70 GDPR (category Article 70 GDPR)exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward its27 KB (3,038 words) - 12:19, 11 October 2023
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide concrete44 KB (5,008 words) - 14:50, 28 July 2023
- Regulation (GDPR) is in Slovenia directly applicable, as well as in other EU member states. There are however problems in the practical use of the GDPR which10 KB (1,242 words) - 10:51, 6 February 2024
- Authority for Finland. It resides in Helsinki and is in charge of enforcing GDPR in Finland. The Office of the Data Protection Ombudsman is headed by the5 KB (492 words) - 18:09, 19 March 2024
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- (Articles 55-59 GDPR). The GDPR provides for exceptions from provisions entailed in Chapter VI (independent supervisory authorities). Article 85(2) GDPR mandates27 KB (2,604 words) - 14:24, 16 January 2024
- Article 26 GDPR (category GDPR Articles)encompasses other obligations of controllers under the GDPR. EDPB: This extends to various obligations under the GDPR, including but not limited to the implementation37 KB (3,915 words) - 12:49, 24 May 2023
- Article 65 GDPR (category GDPR Articles)(“LSA”) (Article 65(1)(b) GDPR), and where a SA is not following an opinion of the EDPB (Article 6(1)(c) GDPR). Article 65(1)(a) GDPR addresses the cases where33 KB (4,185 words) - 16:09, 2 November 2023
- Article 45 GDPR (category GDPR Articles)Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- dialogue, complaints handling and inspection, Datatilsynet oversees the GDPR in Norway and supervises that authorities, companies, organisations and individuals10 KB (1,078 words) - 06:40, 26 March 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- Article 49 GDPR (category GDPR Articles)decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate rules29 KB (3,500 words) - 08:54, 27 March 2023
- pursuant to Article 77 GDPR. Lastly, the NPO may file a legal remedy under Article 79 GDPR against a controller or processor regarding a GDPR infringement. The26 KB (2,575 words) - 15:50, 9 November 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)with the GDPR (Article 31 GDPR). Direct liability of the representative is limited to the obligations set out in Article 30 and Article 58(1)(a) GDPR. Article25 KB (2,418 words) - 14:11, 24 May 2023
- Article 61 GDPR (category Article 61 GDPR)authority. Article 61(1) GDPR regulates how independent authorities are to cooperate to enable the uniform application of the GDPR. Supervisory authorities24 KB (2,181 words) - 11:46, 15 January 2024
- Article 47 GDPR (category GDPR Articles)Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p. 194 (Oxford29 KB (2,823 words) - 15:15, 28 April 2022
- Article 64 GDPR (category Article 64 GDPR)of the GDPR enforcement across the Member States. → You can find all related decisions in Category:Article 64 GDPR Caspar in Kühling, Buchner, GDPR Article23 KB (2,079 words) - 16:07, 2 November 2023
- Article 8 GDPR (category GDPR Articles)directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing of data19 KB (1,335 words) - 13:56, 24 October 2023
- France. The authority is established in Paris and is in charge of enforcing GDPR for France, as well as the national law for data protection "Loi Informatique8 KB (824 words) - 22:52, 27 February 2024
- Article 89 GDPR (category Article 89 GDPR)Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. Article 89(1) GDPR provides that when29 KB (3,695 words) - 13:44, 21 March 2024
- the GDPR by Brave, page 6 - https://brave.com/wp-content/uploads/2020/04/Brave-2020-DPA-Report.pdf Report: Europe’s governments are failing the GDPR by11 KB (1,468 words) - 13:27, 14 May 2023
- Article 88 GDPR (category Article 88 GDPR)88(1) GDPR) and a conditional function (Article 88(2) GDPR). While Article 88(2) GDPR determines the scope of the opening clause, Article 88(1) GDPR establishes32 KB (3,228 words) - 13:32, 30 November 2023
- Article 43 GDPR (category GDPR Articles)Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- Article 66 GDPR (category Article 66 GDPR)60, 63, 64 and 65 GDPR) immediately adopt provisional measures intended to produce legal effects on its own territory. Article 66 GDPR creates strict conditions20 KB (1,590 words) - 16:11, 2 November 2023
- Article 19 GDPR (category GDPR Articles)Article 19 GDPR therefore requires controllers, subject to certain exceptions, to communicate their exercise to recipients under Article 4(9) GDPR. The first19 KB (1,436 words) - 12:35, 12 May 2023
- Article 1 GDPR (category GDPR Articles)consideration when the GDPR was drafted. There is consequently no need to 'balance' the GDPR against other rights for a second time, as the GDPR is already the28 KB (3,831 words) - 16:21, 14 March 2024
- Article 20 GDPR (category GDPR Articles)Article 20(3) GDPR clarifies that the exercise of the right to data portability does not preclude the exercise of any other rights under the GDPR. Thus, if40 KB (5,349 words) - 07:05, 1 June 2023
- Article 54 GDPR (category GDPR Articles)outlined under other Articles of the GDPR, namely in Articles 51, 52 and 53 GDPR. The second objective, under Article 54(2) GDPR, seeks to regulate the confidentiality34 KB (3,649 words) - 13:19, 30 October 2023
- Article 75 GDPR (category Article 75 GDPR)Protection Regulation (GDPR), Article 75 GDPR, p. 1105 (Oxford University Press 2020). Dix, in Kühling, Buchner, DS-GVO BDSG, Article 75 GDPR, margin number 620 KB (1,347 words) - 14:21, 17 October 2023
- Article 99 GDPR (category Article 99 GDPR)apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force and application12 KB (295 words) - 08:25, 19 October 2023
- Article 42 GDPR (category GDPR Articles) (section (7-8) What processing operations can be certified under the GDPR)between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter, the applicant27 KB (2,452 words) - 14:26, 28 July 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Articles 13 or 14 GDPR. This can be drawn from the final sentence of Article 11(1) GDPR. It must be assessed with the utmost attention whether GDPR provisions20 KB (1,854 words) - 16:32, 8 March 2024
- Article 41 GDPR (category GDPR Articles)undefined in the GDPR. “Expertise” is only referred to again under Article 41(2)(a) GDPR, although briefly. Additionally, Article 41(1) GDPR specifies that30 KB (2,720 words) - 14:02, 28 July 2023
- Article 52 GDPR (category GDPR Articles)purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the Case of47 KB (5,594 words) - 22:45, 1 April 2024
- Article 62 GDPR (category Article 62 GDPR)Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters Kluwer22 KB (1,915 words) - 13:46, 15 January 2024
- Article 68 GDPR (category Article 68 GDPR)decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set forth20 KB (1,632 words) - 10:01, 11 October 2023
- conduct under Article 83 GDPR should be excluded from penalties issued under Article 84 GDPR is debated. Whilst the wording of the GDPR is simply unclear in19 KB (1,477 words) - 14:12, 7 November 2023
- Category:Article 86 GDPR At para. 120 Kranenborg, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 86 GDPR, p. 1216 (Oxford University22 KB (2,177 words) - 10:01, 19 March 2024
- Article 97 GDPR (category Article 97 GDPR)Article 97 GDPR. Article 97 GDPR imposes a "comprehensive reporting obligation" upon the Commission. The first paragraph of Article 97 GDPR sets out the16 KB (778 words) - 08:24, 19 October 2023
- Article 95 GDPR (category Article 95 GDPR)situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- Article 53 GDPR (category GDPR Articles)n Recital 121 GDPR. Hijmans, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 53 GDPR, p. 888 (Oxford29 KB (2,894 words) - 23:06, 1 April 2024
- rights to data subjects as the GDPR. When the provisions of Regulation 2018/1725 follow the same principles as the GDPR, they should be interpreted homogeneously3 KB (351 words) - 12:54, 10 May 2024
- Article 87 GDPR (category Article 87 GDPR)Simkus, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 87 GDPR, p. 1226 (Oxford University Press 2020). EU Commission, Survey on15 KB (660 words) - 09:37, 1 December 2023
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- Article 74 GDPR (category Article 74 GDPR)in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C.H. Beck15 KB (808 words) - 09:44, 17 October 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)of the European Union ("TFEU"), within the scope of the GDPR. The function of Article 92 GDPR is to lay down conditions for the delegation of power as19 KB (1,525 words) - 08:18, 19 October 2023
- Article 50 GDPR (category GDPR Articles)of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs, across17 KB (1,142 words) - 15:41, 28 April 2022
- interpreted Recital 144 GDPR to have limited the scope of Article 81 GDPR, as applying only to proceedings instigated under Article 78 GDPR. The first sentence27 KB (2,619 words) - 14:52, 16 November 2023
- Article 93 GDPR (category Article 93 GDPR) (section GDPR cases where the examination procedure is referred to)Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats and17 KB (1,096 words) - 08:19, 19 October 2023
- Article 72 GDPR (category Article 72 GDPR)Article 72 GDPR regulates the Board's voting procedure. Generally, the GDPR grants the EDPB a high degree of autonomy. In particular, Article 72(2) GDPR entitles22 KB (2,266 words) - 08:26, 17 October 2023
- Article 69 GDPR (category Article 69 GDPR)proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- Article 76 GDPR (category Article 76 GDPR)76 GDPR, margin number 1 (C.H. Beck 2020, 3rd edition). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p15 KB (787 words) - 08:17, 19 October 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)true also under Article 91 GDPR”. See, Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University25 KB (2,482 words) - 10:04, 19 March 2024
- Article 71 GDPR (category Article 71 GDPR)published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public is15 KB (1,196 words) - 08:15, 19 October 2023
- Article 96 GDPR (category Article 96 GDPR)Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 63 GDPR (category Article 63 GDPR)Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR. In these cases15 KB (851 words) - 06:55, 29 April 2022
- Article 73 GDPR (category Article 73 GDPR)majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple majority19 KB (1,530 words) - 14:23, 12 October 2023
- Authority for Poland. It resides in Warsaw and is in charge of enforcing GDPR in Poland. The President of the Personal Data Protection Office performs3 KB (249 words) - 14:38, 1 December 2020
- Article 90 GDPR (category Article 90 GDPR)with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand, and18 KB (1,599 words) - 12:26, 29 April 2022
- Article 67 GDPR (category Article 67 GDPR)provisions of the GDPR. This decision refers to the Administrative cooperation between SAs (covering cooperation under Articles 56, 60, 61 and 62 GDPR) and the15 KB (810 words) - 16:13, 2 November 2023
- when passing the GDPR. In fact, all but one EU Member State (who has sought higher protections) have voted in favor the GDPR. The GDPR is not just consisting48 KB (5,978 words) - 15:57, 1 February 2024
- Article 48 GDPR (category GDPR Articles)subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 98 GDPR (category Article 98 GDPR)data as well (see Recital 163 GDPR). Tosoni in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 98 GDPR, p. 1315 (Oxford University15 KB (943 words) - 09:58, 8 November 2023
- Article 59 GDPR (category GDPR Articles)enforcement of the GDPR. → You can find all related decisions in Category:Article 59 GDPR Selmayr, in Ehmann, Selmayr, DS-GVO Kommentar, Article 59 GDPR, margin number15 KB (718 words) - 15:31, 19 October 2023
- Authority for Hungary. It resides in Budapest and is in charge of enforcing GDPR in Hungary. The National Authority for Data Protection and Freedom of Information7 KB (821 words) - 14:16, 7 March 2024
- organisation-fined-for-gdpr-rule-breach-1.4255692?mode=amp https://www.irishlegal.com/article/tusla-fined-40-000-in-second-gdpr-breach https://www.dataprotection8 KB (1,034 words) - 14:13, 20 August 2021
- Authority for Croatia. It resides in Zagreb and is in charge of enforcing GDPR in Croatia. You can help us by filling in this section! You can help us by2 KB (158 words) - 17:18, 22 October 2023
- Authority for Netherlands. It resides in The Hague and is in charge of enforcing GDPR in Netherlands. The AP has three commissioners: Aleid Wolfsen (head), Monique4 KB (380 words) - 12:08, 1 July 2023
- Authority for Cyprus. It resides in Nicosia and is in charge of enforcing GDPR in Cyprus. You can help us filling this section! You can help us filling2 KB (144 words) - 15:13, 1 December 2020
- Authority for Estonia. It resides in Tallinn and is in charge of enforcing GDPR in Estonia. You can help us by filling in this section! You can help us by2 KB (154 words) - 14:37, 1 December 2020
- Luxembourg, headquartered in Belvaux, municipality of Salem. The CNPD oversees the GDPR in Luxembourg and advises the national parliament, the government and other10 KB (1,199 words) - 10:14, 19 October 2022
- Protection Authority for the German state of Berlin. It is in charge of enforcing GDPR in the private sector, within the German state of Berlin. You can help us2 KB (164 words) - 09:53, 18 May 2022
- Protection Authority for Malta. It resides in Sliema and is in charge of enforcing GDPR in Malta. You can help us by filling in this section! You can help us by4 KB (483 words) - 08:17, 12 July 2022
- Authority for Portugal. It resides in Lisbon and is in charge of enforcing GDPR in Portugal. The CNPD, the Portuguese Data Protection Authority, is composed5 KB (531 words) - 13:25, 3 May 2023
- in Riga and is in charge of enforcing GDPR in Latvia. The DVI is functionally independent institution. Besides GDPR, the regulation of the operation of6 KB (544 words) - 04:39, 11 October 2022
- Spanish autonomous region of Catalonia. It is in charge of enforcing the GDPR in the public sector within Catalonia. You can help us by filling in this3 KB (182 words) - 13:19, 15 September 2021
- Authority for Lithuania. It resides in Vilnius and is in charge of enforcing GDPR in Lithuania. You can help us by filling in this section! You can help us2 KB (155 words) - 08:58, 17 November 2023
- Protection Authority for Germany. It resides in Bonn and is in charge of enforcing GDPR for Germany for the federal government and private telecommunication services3 KB (297 words) - 14:49, 1 December 2020
- Authority for Bulgaria. It resides in Sofia and is in charge of enforcing GDPR for Bulgaria. You can help us by filling in this section! You can help us2 KB (158 words) - 14:35, 1 December 2020
- entity that allegedly violates the GDPR description of the data processing activities that allegedly violate the GDPR list of the personal data (or at least5 KB (441 words) - 09:34, 17 September 2022
- complementary arrangements to the provisions of the GDPR and references data processing on which the GDPR shall be applicable (§ 2 NDSG). It is more specific5 KB (465 words) - 08:57, 9 January 2024
- complementary arrangements to the GDPR and regulates specific situations of data processing for which the GDPR is not applicable. So the GDPR is the applicable law4 KB (363 words) - 22:01, 7 December 2020
- Authority for the German state of Baden-Württemberg. It is in charge of enforcing GDPR in the private sector within the German state of Baden-Württemberg and all4 KB (275 words) - 11:13, 8 May 2022
- public sector for the German state of Bavaria. It is in charge of enforcing GDPR in the public sector, within the German state of Bavaria. You can help us2 KB (169 words) - 15:54, 21 September 2021
- Protection Authority for the German state of Hesse. It is in charge of enforcing GDPR in the private sector, within the German state of Hesse. You can help us2 KB (164 words) - 13:59, 28 June 2022
- for the German state of Rhineland-Palatinate. It is in charge of enforcing GDPR in the private sector, within the German state of Rhineland-Palatinate. You2 KB (170 words) - 22:26, 7 December 2020
- in articles 70 and 71 GDPR. It includes ensuring the consistent application of GDPR and advising the Commission. Article 71 GDPR states that the EDPB must2 KB (207 words) - 14:56, 7 December 2023
- Protection Authority for the German state of Saarland. It is charge of enforcing GDPR in the private sector, within the German state of Saarland. You can help2 KB (160 words) - 14:50, 1 December 2020
- Protection Authority for the German state of Saxony. It is in charge of enforcing GDPR in the private sector, within the German state of Saxony. You can help us2 KB (160 words) - 22:28, 7 December 2020
- Protection Authority for the German state of Bavaria. It is in charge of enforcing GDPR in the private sector, within the German state of Bavaria. Bavaria has a2 KB (174 words) - 13:49, 23 December 2021
- Protection Authority for the German state of Bremen. It is in charge of enforcing GDPR in the private sector, within the German state of Bremen. You can help us2 KB (167 words) - 22:24, 7 December 2020
- Authority for the German state of Saxony-Anhalt. It is in charge of enforcing GDPR in the private sector, within the German state of Saxony-Anhalt. You can2 KB (167 words) - 22:23, 7 December 2020
- the German state of Mecklenburg-Vorpommern. It is in charge of enforcing GDPR in the private sector, within the German state of Mecklenburg-Vorpommern2 KB (167 words) - 22:25, 7 December 2020
- Authority for Slovakia. It resides in Bratislava and is in charge of enforcing GDPR and national data protection act in Slovakia. All decisions of the Slovak9 KB (1,006 words) - 07:13, 7 July 2021
- Authority for Liechtenstein. It resides in Vaduz and is in charge of enforcing GDPR in Liechtenstein. You can help us filling this section! You can help us filling2 KB (153 words) - 09:41, 30 April 2024
- Authority for the German state of Brandenburg. It is in charge of enforcing GDPR in the private sector, within the German state of Brandenburg. You can help2 KB (168 words) - 22:22, 7 December 2020
- for the German state of Schleswig-Holstein. It is in charge of enforcing GDPR in the private sector, within the German state of Schleswig-Holstein. You2 KB (167 words) - 22:29, 7 December 2020
- Protection Authority for the German state of Thuringia. It is charge of enforcing GDPR in the private sector, within the German state of Thuringia. You can help2 KB (165 words) - 14:54, 1 December 2020
- autonomous region of the Basque Country. It is in charge of enforcing the GDPR in the public sector within the Basque Country. You can help us by filling3 KB (195 words) - 13:21, 15 September 2021
- for Finland's autonomous region of Åland. It is in charge of enforcing the GDPR in the regional and municipal governments within the Åland Islands. The Region3 KB (209 words) - 14:42, 30 November 2021
- German state of North Rhine-Westphalia. It is in charge of enforcing the GDPR in the private sector in the German state of North Rhine-Westphalia and for4 KB (372 words) - 10:45, 22 September 2021
- Spanish autonomous region of Andalusia. It is in charge of enforcing the GDPR in the public sector within Andalusia. You can help us by filling in this3 KB (211 words) - 09:58, 18 June 2021
- Authority for Sweden. It resides in Stockholm and is in charge of enforcing the GDPR in Sweden. On 1 January 2021, the Swedish data protection authority changed4 KB (356 words) - 11:51, 20 October 2022
- CJEU - C-311/18 - Schrems II (category Article 2(2) GDPR)practice with the “essentially equivalent” level of protection guaranteed by the GDPR to EU citizens. Maximillian Schrems, an Austrian citizen, had been a Facebook12 KB (1,780 words) - 17:22, 10 March 2022
- inviolability of human dignity. You can help us fill this section! In Germany the GDPR is implemented by the Bundesdatenschutzgesetz (BDSG). You can help us fill18 KB (1,831 words) - 13:49, 3 November 2022
- Recitals GDPR (section Recitals from the GDPR)In progress. Fill in the name used for the recital if you use it so we can ensure a somewhat streamlined practice. Recital 1: The protection of natural182 KB (24,065 words) - 13:40, 9 July 2021
- Regulation provides the new data protection rules for EUls which matches the GDPR, the latter applicable across the EU/European Economic Area. By the end of8 KB (1,078 words) - 12:58, 10 May 2024
- Directive 2002/58/EC, and the GDPR to the CJEU. The case was referred to the Court of Justice on 5 October 2017 - before the GDPR became applicable on 25 May6 KB (893 words) - 15:22, 24 March 2022
- CJEU - C-300/21 - Österreichische Post AG (category Article 82 GDPR)the mere infringement of GDPR provisions in itself is sufficient for the right to receive compensation under Article 82 GDPR or is it required that an5 KB (683 words) - 12:50, 28 June 2023
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)law would undoubtedly not be compatible with Art. 5(1)(f) GDPR, Art. 5(1)(a) GDPR and Art. 6 GDPR. A.9 In its final submission of August 12, 2021, the Second108 KB (17,097 words) - 13:52, 12 May 2023
- GDPRhub style guide (section GDPR)the Member States. Example: Article 6(1)(a) GDPR Example: Not Art. 6 Abs 1 Lit a GDPR or Article 6 GDPR or GDPR Article 6, Sec 1(a) Recitals are also not17 KB (2,510 words) - 13:56, 24 April 2023
- protection authorities (Art. 78.1 GDPR), as well as by the possibility to bring actions directly in court (Art. 79 GDPR). Against the decisions that put15 KB (1,875 words) - 16:18, 13 July 2022
- CJEU - C-154/21 - RW v Österreichische Post (category Article 5(1)(a) GDPR)interpretation of Article 15 GDPR. The Supreme Court asked the following preliminary question: 'Is Article 15(1)(c) of the GDPR to be interpreted as meaning8 KB (992 words) - 17:03, 4 February 2023
- Infringement of Article 6 and 9 GDPR qualifies for the maximum amount for administrative fines as set out in Article 83(5) GDPR: 20,000,000 € or 4% of the total18 KB (2,375 words) - 16:17, 6 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 5(1)(c) GDPR)not fulfilled its obligations under the GDPR in a number of ways: It infringed Articles 5(1)(c), (f) and 5(2) GDPR by not considering the risks to students'48 KB (7,442 words) - 10:24, 12 September 2022
- CJEU - C-487/21 - F.F. v DSB (category Article 15(3) GDPR)of data undergoing processing pursuant to Article 15(3) GDPR. According to the CJEU, the GDPR does not contain any definition of “copy”. However, this3 KB (417 words) - 15:20, 8 May 2023
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)60 GDPR applicable in this case? Are Google LLC and Google Ireland LTD to be considered as joint controllers within the meaning of article 26 GDPR? Does93 KB (14,936 words) - 17:09, 6 December 2023
- CJEU - C-434/16 - Peter Nowak (category Article 15 GDPR)Peter Nowak Court: CJEU Jurisdiction: European Union Relevant Law: Article 15 GDPR Article 2(a) Directive 95/46/EC Decided: 20.12.2017 Parties: Peter Nowak6 KB (766 words) - 21:17, 5 March 2024
- CJEU - Joined Cases C‑26/22 and C‑64/22 - SCHUFA (category Article 6(1) GDPR)interests under Article 6(1)(f) GDPR. On the erasure obligations under Article 17 GDPR, the CJEU held that under Article 17(1)(d) GDPR SCHUFA will be under the15 KB (2,180 words) - 08:23, 13 December 2023
- BVwG - W211 2222613-2/12E (category Article 15(3) GDPR)personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the nature51 KB (8,592 words) - 07:03, 2 November 2021
- BlnBDI (Berlin) - C-807/21 - Deutsche Wohnen (category Article 83 GDPR)law, specifically Article 83 GDPR read in conjunction with Articles 101 and 102 TFEU, would require Germany to allow that GDPR fines may be initiated directly7 KB (936 words) - 16:39, 12 December 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(1)(a) GDPR)Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA noted75 KB (11,733 words) - 16:33, 21 August 2022
- In United Kingdom, the GDPR has been transposed into national law through the Data Protection Act 2018. The application of the GDPR is, however, limited14 KB (2,011 words) - 15:42, 25 November 2020
- CJEU - C-13/16 - Rīgas satiksme (category Article 6(1)(f) GDPR)Regulation (GDPR). That approach of the CJEU seems consistent with Article 6 of the General Data Protection Regulation. In addition, the GDPR's article does5 KB (749 words) - 12:58, 1 June 2023
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the113 KB (12,773 words) - 15:20, 6 December 2023
- right. In Italy the GDPR is implemented by the Codice in materia di protezione dei dati personali. Following the introduction of the GDPR, the Code has undergone6 KB (757 words) - 13:53, 16 August 2022
- How to add a new decision (section Add a GDPR Article)6(1)(a) and 4(11) GDPR in a case concerning the requirements of consent). Always use the most specific sub-paragraph (e.g. Article 6(1)(a) GDPR for consent and17 KB (2,638 words) - 11:18, 19 February 2024
- help us fill this section! You can help us fill this section! In Estonia the GDPR is implemented by the Isikuandmete kaitse seadus. You can help us fill this2 KB (114 words) - 23:24, 14 January 2020
- help us fill this section! You can help us fill this section! In Finland the GDPR is implemented by the Act 1050/2018. You can help us fill this section! You2 KB (117 words) - 09:51, 24 April 2024
- help us fill this section! You can help us fill this section! In Ireland the GDPR is implemented by the Data Protection Act 2018 (DPA). You can help us fill2 KB (166 words) - 10:38, 11 September 2020
- fill this section! You can help us fill this section! In Liechtenstein the GDPR is implemented by the Datenschutzgesetz (DSG). You can help us fill this2 KB (111 words) - 08:57, 25 April 2024
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 35(1) GDPR)Workspace for Education until they have brought the processing in line with the GDPR. This is the Danish DPA's third decision in the case relating to Helsingor117 KB (18,075 words) - 10:19, 12 September 2022
- now follows from § 102 of the Constitution. The national implementation of GDPR follows from the Personal Data Act of 2018 (personopplysningsloven), as well8 KB (1,064 words) - 12:53, 23 June 2023
- has been a member of the European Union since May 1, 2004. In Poland the GDPR is implemented by the Personal Data Protection Act of May 10, 2018. By the9 KB (1,215 words) - 16:58, 18 May 2021
- provisions in the national law, meaning the age of consent under GDPR is kept, namely 16 (art. 8.1 GDPR). See Article 7 of the national implementing law. See Article16 KB (2,260 words) - 19:26, 30 November 2021
- chapters with 34 paragraphs, followed by the GDPR full text. When the General Data Protection Regulation (GDPR) 2016/679 was enacted, it was transposed into5 KB (427 words) - 15:48, 24 January 2022
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 4 GDPR)65(5) GDPR without delay after the IE SA has notified its final decision to the controller920. 919 Article 65(6) GDPR. 920 Article 65(5) and (6) GDPR. Adopted53 KB (8,413 words) - 14:10, 30 January 2023
- CJEU - C‑307/22 - Copies of Medical Records (category Article 12(5) GDPR)the first sentence of recital 63 GDPR. Neither the wording of Article 12(5) GDPR nor that of Article 15(1) and (3) GDPR condition the provision (to access10 KB (1,478 words) - 11:17, 2 November 2023
- CJEU - C-136/17 - GC and Others (category Article 9(1) GDPR)convictions’ within the meaning of Article 8(5) of Directive 95/46 (and Article 10 GDPR). In addition the court judged that a search engine operator does not need4 KB (438 words) - 14:23, 11 August 2022
- CJEU - C‑340/21 - Natsionalna agentsia za prihodite (category Article 5 GDPR)Article 32 GDPR? 4) Does Article 82(3) GDPR allow the controller to be exempt from liability for damages if the data breach as defined by 4(12) GDPR was caused13 KB (1,963 words) - 11:04, 5 January 2024
- CJEU - C-252/21 - Meta Platforms and Others v Bundeskartellamt (category Article 6 GDPR)consistent with the underlying values of the GDPR and cannot be justified in the light of Article 6(1) and Article 9(2) GDPR. It followed, that the companies brought8 KB (1,231 words) - 08:22, 6 July 2023
- CJEU - C-132/21 - Nemzeti Adatvédelmi és Információszabadság Hatóság (category Article 77(1) GDPR)Must Articles 77(1) and 79(1) GDPR be interpreted as meaning that the administrative appeal provided for in Article 77 GDPR constitutes an instrument for9 KB (1,308 words) - 12:54, 28 June 2023
- Norges Høyesterett - 2021-2403-A (category Article 4(11) GDPR)(2000) | Disputes Act (2005) §20-2 | The Personal Data Act (2018) §1, GDPR A4, GDPR A5 (1) Judge Thyness: Questions and background of the case (2) The case46 KB (7,024 words) - 06:18, 6 March 2022
- Delo, R (On the Application Of) v The Information Commissioner - 2023 EWCA Civ 1141 (category Article 15 GDPR)UK GDPR remains substantively the same as the EU's GDPR. This is acknowledged by the judges in this case at [11] who state 'the content of the GDPR [remains]9 KB (1,191 words) - 08:44, 23 January 2024
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)regarding Articles 5(1)(b) GDPR and 5(1)(e) GDPR and held that national courts had to determine, using the factors of Article 6(4) GDPR, whether further processing49 KB (7,800 words) - 09:22, 5 January 2024
- Garante per la protezione dei dati personali (Italy) - 9870832 (category Article 5 GDPR)obligation to provide data subjects with a privacy policy pursuant to Article 13 GDPR. Moreover, the collection of personal data and their use in the training14 KB (2,049 words) - 07:46, 1 August 2023
- erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 6 months after51 KB (8,215 words) - 09:55, 13 May 2022
- DSB (Austria) - Austrian Postal Service (category Article 6(1)(f) GDPR)categories of data" under Article 9 GDPR. What is the relationship between national laws (like § 151 GewO) and GDPR? Is a prediction of a political affiliation8 KB (611 words) - 16:12, 6 December 2023
- 9(1) GDPR, Article 15 GDPR, Article 16 GDPR, Article 18(1)(a) GDPR, Article 18(1)(b) GDPR, Article 18(1)(d) GDPR, Article 20 GDPR and Article 21 GDPR for10 KB (1,037 words) - 14:52, 10 July 2020
- LG Köln - 33 O 376/22 (category Article 6(1)(b) GDPR)the meaning of Article 45 of the GDPR and without appropriate safeguards within the meaning of Article 46 of the GDPR. Furthermore, the plaintiff claims66 KB (9,990 words) - 12:30, 29 January 2024
- Personvernnemnda (Norway) - 2021-20 (20/01648) (category Article 5(1)(a) GDPR)Board assessed if a fine could be imposed as per Article 83(5) GDPR, cf. Article 83(2) GDPR, and in which case, how large it should be. The Board agreed31 KB (5,018 words) - 18:44, 5 March 2022
- BVwG - W258 2217446-1 (category Article 4(1) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO, ordered79 KB (12,652 words) - 09:41, 10 September 2021
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated. Due to62 KB (10,113 words) - 12:48, 17 August 2022
- Tietosuojavaltuutetun toimisto (Finland) - 4680/182/18 (category Article 9 GDPR)according to Article 9(2)(a) GDPR. On the basis of the information gathered, the DPA held that the controller had violated Article 9 GDPR. As a result, and in49 KB (7,496 words) - 14:44, 24 January 2024
- Personvernnemnda (Norway) - 2018-14 (15/01355) (category Article 4(11) GDPR)the applicable law, as the GDPR had entered into force since the initial complaints dating back to 2012. They found that the GDPR would indeed apply. The144 KB (23,058 words) - 18:48, 5 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 6689/186/20 (category Article 5(1) GDPR)controller, to correct its data processing practice in accordance with the GDPR. This decision does not assess the activities of the police in relation to41 KB (6,555 words) - 08:37, 4 March 2024
- many waivers from GDPR for research purposes under Article 89 GDPR. It is questionable of the law is constitutional and in line with GDPR. § 151 of the Austrian8 KB (721 words) - 09:32, 24 April 2024
- certain provisions of the GDPR that do not apply –Article 6 GDPR, Article 9 GDPR, Article 10 GDPR, Article 30 GDPR and Article 34 GDPR, as well as the provision10 KB (1,440 words) - 08:54, 17 January 2020
- HDPA (Greece) - 28/2023 (category Article 58(2) GDPR)council in Greece to cease their processing activities, under Article 58(2) GDPR and Article 15(8) of Law 4624/2019, because of an unresolved data breach9 KB (1,211 words) - 20:32, 8 January 2024
- Court of Appeal of Brussels - 2019/AR/1600 (category Article 5(1)(c) GDPR)of Article 6(1) GDPR; 2. Did not provide the complainant with enough information prior to the processing, in violation of Article 13 GDPR; 3. Processed more60 KB (9,144 words) - 16:17, 22 March 2022
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR. The customer41 KB (6,558 words) - 17:09, 6 December 2023
- of law. In Netherlands the GDPR is implemented by the Uitvoeringswet Algemene verordening gegevensbescherming (“Dutch GDPR Implementation Act”). In relation7 KB (764 words) - 07:50, 6 May 2024
- Convention of Human Rights. According to Article 29(2), Article 14 GDPR and Article 15 GDPR apply insofar as the right to freedom of expression and information6 KB (580 words) - 23:49, 18 January 2020
- APD/GBA (Belgium) - 01/2021 (category Article 60 GDPR)interlocutory decision, on the language to be used in a procedure concerning GDPR complaints filed by complainants in various Member States against IAB Europe19 KB (2,707 words) - 16:50, 12 December 2023
- judicial order, as well as § 71 which concerns personal liberty. In Denmark the GDPR is implemented by the Databeskyttelsesloven (Data Protection Act). The age5 KB (582 words) - 17:53, 3 March 2020
- Rb. Rotterdam - C/10/576091/HA RK 19-701 (category Article 15(3) GDPR)the documents or files containing their personal data under Article 15(3) GDPR and Article 12 of the ePrivacy Directive. However, there is a right to a14 KB (2,154 words) - 16:27, 10 March 2022
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)Article 46 GDPR. In 2020, noyb lodged a complaint with the Austrian DPA alleging that the controller breached the provisions of Chapter V GDPR. The complaint121 KB (13,722 words) - 15:16, 5 July 2023
- CJEU - C-40/17 - Fashion ID (category Article 80 GDPR)Fashion ID Court: CJEU Jurisdiction: European Union Relevant Law: Article 80 GDPR Article 1 Directive 95/46 Article 1(1) Directive 2009/22/EC Article 10 Directive6 KB (492 words) - 13:09, 1 June 2023
- Protection Authority (BDPA Act). You can help us fill this section! In Belgium the GDPR is implemented by the Data Protection Act (2019). You can help us fill this5 KB (503 words) - 10:13, 18 October 2020
- APD/GBA (Belgium) - 26/2021 (category Article 6 GDPR)repealing Directive 95/46 / EC (General Data Protection Regulation, hereinafter “GDPR”); In view of the law of 3 December 2017 establishing the Data Protection8 KB (1,156 words) - 16:56, 12 December 2023
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the115 KB (12,842 words) - 08:38, 5 July 2023
- rights. This right is explicitly enshrined in Article 38. In Slovenia the GDPR is not implemented by the national law. Slovenia remains the only EU country4 KB (391 words) - 09:57, 17 May 2021
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the131 KB (14,752 words) - 08:36, 5 July 2023
- help us fill this section! You can help us fill this section! In Hungary the GDPR is implemented by the Act CXII of 2011. You can help us fill this section2 KB (124 words) - 23:32, 14 January 2020
- help us fill this section! You can help us fill this section! In Iceland the GDPR is implemented by the Lög um persónuvernd og vinnslu persónuupplýsinga. You2 KB (116 words) - 23:33, 14 January 2020
- help us fill this section! You can help us fill this section! In Croatia the GDPR is implemented by the Zakon o Provedbi Opće Uredbe o Zaštiti Podataka. You2 KB (117 words) - 10:43, 26 February 2020
- us fill this section! You can help us fill this section! In Luxembourg the GDPR is implemented by the Loi du 1er août 2018. You can help us fill this section2 KB (121 words) - 23:46, 14 January 2020
- help us fill this section! You can help us fill this section! In Latvia the GDPR is implemented by the Fizisko personu datu apstrādes likums. You can help2 KB (123 words) - 23:45, 14 January 2020
- us fill this section! You can help us fill this section! In Slovakia the GDPR is implemented by the Zàkon o ochrane osobných údajov. You can help us fill2 KB (124 words) - 09:38, 24 April 2024
- us fill this section! You can help us fill this section! In Lithuania the GDPR is implemented by the Asmens Duomenų Teisinės Apsaugos Įstatymas. You can2 KB (112 words) - 10:25, 15 October 2020
- help us fill this section! You can help us fill this section! In Malta the GDPR is implemented by the Data Protection Act (2018). You can help us fill this2 KB (132 words) - 23:46, 14 January 2020
- fill this section! You can help us fill this section! In Czech Republic the GDPR is implemented by the Zákon č. 110/2019. You can help us fill this section2 KB (123 words) - 00:01, 15 January 2020
- attribution to an unique national number to the citizens. In Portugal the GDPR is implemented by the Lei n.º 58/2019. In Portugal the Age of consent is3 KB (332 words) - 13:31, 3 May 2023
- Chapter 2 § 1 The Fundamental Law on Freedom of Expression. It is unsure if the GDPR is compatible to the constitutional protection. The stance of the Swedish7 KB (793 words) - 14:08, 1 October 2021
- reference to which the Constitutionnal Council can adjudicate. In France the GDPR is implemented by the Law "Informatique et Libertés", as modified by the10 KB (1,108 words) - 09:37, 29 September 2021
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)infringing Article 6(1) GDPR, in relation with the lawfulness principle established by Article 5(1)(a) GDPR. Article 5(1)(d) GDPR establishes that personal602 KB (102,229 words) - 14:21, 13 December 2023
- CJEU - C-645/19 - Facebook Ireland and others v Gegevensbeschermingsautoriteit (category Article 55(1) GDPR)DPA is competent to act under Articles 55 and 56 GDPR, it may exercise the powers conferred by the GDPR on its national territory, irrespective of the Member10 KB (1,311 words) - 15:26, 13 June 2023
- HDPA (Greece) - 23/2020 (category Article 4(1) GDPR)(Article 8(1) CFR, Article 9A Greek Constitution, Recital 64 GDPR), underlined that the GDPR totally respects all fundamental rights and freedoms included9 KB (1,089 words) - 15:35, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9485681 (category Article 5 GDPR)telemarketing practices which revealed that Vodafone was in violation of several GDPR articles. Vodafone was ordered to implement more appropriate measures to7 KB (810 words) - 15:52, 6 December 2023
- HDPA (Greece) - 33/2020 (category Article 4(7) GDPR)the principles of data processing of Article 5(1) GDPR, underlined that, based on Article 5(2) GDPR, it is the data processor's responsibility to conform20 KB (2,270 words) - 15:37, 6 December 2023
- CNIL (France) - SAN-2022-019 (category Article 3(2) GDPR)did not react either. GDPR applicable? (Article 3(2) GDPR) The DPA held that the GDPR was applicable pursuant of Article 3(2) GDPR. Because the controller11 KB (1,452 words) - 17:03, 6 December 2023
- CJEU - C-667/21 - Krankenversicherung Nordrhein (category Article 5(1)(f) GDPR)processing of data concerning health laid down in Article 9(1) GDPR is possible under Article 9(2)(h) GDPR) in a case such as the present one, are there further14 KB (1,916 words) - 16:03, 2 February 2024
- HDPA (Greece) - 30/2020 (category Article 2(2)(c) GDPR)Article 58(2) GDPR and impose on the respondent the responsibility to restore the fulfilment of Article 5(1)(a) GDPR and of Article 5(1)(b-f) GDPR, as well20 KB (2,519 words) - 15:36, 6 December 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing of data relating31 KB (4,648 words) - 13:56, 12 May 2023
- HDPA (Greece) - 48/2021 (category Article 4(11) GDPR)The Greek DPA also considered whether or not the criteria of Article 6(4) GDPR had been respected. In this respect, the DPA found that the customers had8 KB (1,028 words) - 12:49, 24 November 2021
- compliance with the principles of Article 5 GDPR and that they could be based on the legal basis of Article 6(1)(f) GDPR. The BVwG ruled that the principle of8 KB (987 words) - 10:01, 12 May 2022
- HDPA (Greece) - 20/2023 (category Article 12(2) GDPR)violation of article 15 (1) cond. 12 par. 2, 3 and 4 GDPR and c) 30,000 euros for violation of Article 25 (1) GDPR because it did not in practice have the necessary6 KB (634 words) - 17:48, 17 July 2023
- Datatilsynet (Norway) - 15/01355 (category Article 4(11) GDPR)continued into 2018 (and later), after the GDPR had taken effect, everything above is referenced with GDPR Articles. Consequently, the DPA's decision item16 KB (2,111 words) - 06:21, 6 March 2022
- EDPB - Binding Decision 1/2021 - 'WhatsApp' (category Article 4(24) GDPR) (section Additional infringement of Article 13(2)(e) GDPR)application of the GDPR. While the DPC was arguing that it had purposefully limited the scope of its own-volition inquiry to Articles 12, 13 and 14 GDPR, and that29 KB (4,384 words) - 16:00, 6 December 2023
- Datatilsynet (Norway) - 20/02178 (category Article 5(1)(a) GDPR)electronically stored material, that they had no legal basis as per Article 6(1)(f) GDPR and that they had failed to inform the employee as per Article 13 and the7 KB (802 words) - 18:53, 17 May 2022
- HDPA (Greece) - 20/2020 (category Article 2(2)(a) GDPR)point (g) of GDPR and 13 par. 1 point g. 4624/2019, and to exercise respectively the powers conferred on it by the provisions of Articles 58 GDPR and 15 Law29 KB (4,578 words) - 15:35, 6 December 2023
- VG Wiesbaden - 6 K 788/20.WI (category Article 4(4) GDPR)15(1)(h) of the GDPR, the right of data subjects to object under Article 21(1)(1)(2) of the GDPR and - in essence - in Article 22 of the GDPR as a general52 KB (8,534 words) - 12:58, 15 December 2021
- CJEU - C-175/20 - SIA ‘SS’ (Opinion of AG Bobek) (category Article 4(1) GDPR)website. AG Bobek is also of the opinion that Article 6(1)(c) GDPR and Article 6(3) GDPR do not preclude national rules from laying down, without any limit8 KB (1,081 words) - 13:13, 1 June 2023
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)1 lit. f GDPR (for the protection of the processor's legitimate interests)? Right to erasure (Art. 17 GDPR); right to object (Art. 21 GDPR)? Locations29 KB (4,605 words) - 17:00, 15 December 2021
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)e) of the GDPR). 8.1.4. As for breaches of Articles 5.2. and 24 of the GDPR 88. Article 24.1 of the GDPR which covers Chapter IV of the GDPR devoted to127 KB (21,484 words) - 17:01, 12 December 2023
- HDPA (Greece) - 18/2020 (category Article 5(1)(a) GDPR)governed by the basic principle of GDPR, the principle of transparency (relevant Articles 12-14 of the GDPR). 4. The GDPR introduces the principle of accountability12 KB (1,733 words) - 15:34, 6 December 2023
- CJEU - C-683/21 - Nacionalinis visuomenės sveikatos centras (category Article 4(2) GDPR)and 35 GDPR. As a result, the DPA imposed an administrative fine of €12,000 on the CNSP and €3,000 on ITSS as joint-controller, under Article 83 GDPR. The9 KB (1,234 words) - 12:48, 25 January 2024
- APD/GBA (Belgium) - 41/2020 (category Article 12 GDPR)the processing complied with the GDPR, with the APD/GBA explicitly referring to the obligation under Article 12 GDPR to facilitate the exercise by data7 KB (890 words) - 16:58, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8493/161/21 (category Article 5(1)(a) GDPR)controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article 15 GDPR and Article 25(1) GDPR. As a result, the DPA issued a reprimand52 KB (7,936 words) - 22:32, 2 March 2024
- Datatilsynet (Norway) - 20/01648 (category Article 5(1)(a) GDPR)that the controller had breached Articles 5(1)(a) and (c), 6, 12(1) and 13 GDPR and for this fined the controller NOK 100,000 (approximately €9,473). The7 KB (801 words) - 06:28, 6 March 2022
- HDPA (Greece) - 25/2023 (category Article 5(1) GDPR)sufficient organizational and technical measures according to Article 25 GDPR. Piraeus Bank S.A., the controller, sent the data subject a letter informing6 KB (694 words) - 14:25, 20 January 2024
- Garante per la protezione dei dati personali (Italy) - 9574709 (category Article 12 GDPR)the information provided as per Article 13 GDPR were not compliant with the requirements of Article 12 GDPR in light of the fact that TikTok services are17 KB (2,519 words) - 15:55, 6 December 2023
- HDPA (Greece) - 6/2020 (category Article 5 GDPR)subject pursuant to Article 9 (2) (a) of the GDPR ΕΙΣ/7564/05.11.2019 and the invocation of recital 47 of the GDPR 2016/679, inter alia, informed the Authority29 KB (4,557 words) - 15:33, 6 December 2023
- HDPA (Greece) - 31/2020 (category Article 4(1) GDPR)CCTV system shall be handled as subject to Article 4(1) and Article 4(2) of GDPR Regulation. That judgment does not mean that any CCTV surveillance in workplaces6 KB (719 words) - 15:36, 6 December 2023
- OGH - 6Ob35/21x (category Article 4(1) GDPR)laid down in the GDPR, so that the general conditions for claims were decisive, unless the GDPR contained special rules; even under the GDPR, only non-material27 KB (4,090 words) - 09:54, 10 September 2021
- CJEU - C‑634/21 - SCHUFA (category Article 22(1) GDPR)relationship between Article 22(2)(b) GDPR and national law. Article 22(2)(b) GDPR provides that Article 22(1) GDPR does not apply if a decision is ‘authorised6 KB (783 words) - 16:05, 12 December 2023
- HDPA (Greece) - 3/2022 (category Article 4(7) GDPR)exercise the right of access under Article 15 GDPR and the right to restriction of processing under Article 18 GDPR against three mobile telephone service providers11 KB (1,492 words) - 13:09, 23 November 2022
- Datatilsynet (Norway) - 21/03530 (category Article 6(1)(b) GDPR)should have under Article 60 GDPR - Article 61(8) GDPR applied, which meant that the urgent need to act under Article 66(1) GDPR was presumed to be met and99 KB (14,431 words) - 16:20, 6 December 2023
- HDPA (Greece) - 34/2023 (category Article 5(1)(c) GDPR)in violation of Article 5(1)(c) GDPR and Article 15(1) GDPR. Firstly, the DPA found a violation of Article 5(1)(c) GDPR, as the controller had retained6 KB (695 words) - 16:39, 9 January 2024
- APD/GBA (Belgium) - 149/2023 (category Article 5(1)(a) GDPR)of the GDPR – (article 13.1. c) of the GDPR) and does not mention the data retention periods personal data processed (article 13.2. a) of the GDPR more precisely);113 KB (17,325 words) - 08:50, 19 March 2024
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)for the year, thus violating Article 39(1)(b) GDPR regarding the DPO's duties to monitor compliance with GDPR. In view of those violations, the CNPD: imposed66 KB (9,458 words) - 19:42, 4 September 2021
- CJEU - C-184/20 - Vyriausioji Tarnybinės Etikos Komisija (category Article 6(1) GDPR)(e), 6(3) and 9(1) GDPR. The preliminary questions concern the issue whether the existence of a legal obligation – Article 6(1)(c) GDPR – or a public interest6 KB (522 words) - 13:15, 1 June 2023
- Helsingin hallinto-oikeus (Finland) - 3620/2023 (category Article 5(1)(a) GDPR)the GDPR. In light of this, the Court agreed with the DPA that the controller had violated Article 5(1)(a) GDPR, Article 12 GDPR, Article 13 GDPR, Article22 KB (3,193 words) - 10:34, 29 February 2024
- LAG Hessen - 9 Sa 1431/19 (category Article 15(1) GDPR)defendant to the extent stipulated by the labor court, § 15 GDPR. 1. According to Art. 99 (2) GDPR, the GDPR has been in force since May 25, 2018. It is directly32 KB (5,093 words) - 16:07, 11 September 2022
- HDPA (Greece) - 4/2020 (category Article 5(2) GDPR)thus violating Article 15(1) and (4) GDPR as well as the principle of accountability pursuant to Article 5(2) GDPR. The complainant requested twice via18 KB (2,865 words) - 15:33, 6 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))and by default (Art. 25 GDPR), integrity and confidentiality (Art. 5.1.f GDPR), as well as security ofprocessing(Art. 32GDPR)......101 B.4.4. - Additional429 KB (58,279 words) - 09:12, 2 November 2022
- BVwG - W211 2210458-1/10 (category Article 2(1) GDPR)as well as Article 6(1) GDPR and (II.) §§ 12, 50a and 50d of the Austrian Data Protection Act (DSG). The violations of the GDPR was taxed with EUR 1,20092 KB (15,435 words) - 16:00, 22 March 2022
- CJEU - C-439/19 - B v. Latvijas Republikas Saeima (category Article 2(2)(a) GDPR)should be well-known to everyone that the GDPR provides enhanced protection to sensitive data. Article 10 of the GDPR refers to these data collections which12 KB (1,792 words) - 18:13, 1 February 2023
- AEPD (Spain) - EXP202205353 (category Article 5(1)(f) GDPR)alleged violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in article 83.5 and 83.4 of the GDPR. The initiation agreement, which was22 KB (3,386 words) - 16:05, 13 December 2023
- APD/GBA (Belgium) - 06/2019 (category Article 5(1)(c) GDPR)(e) and 13(2)(a) GDPR. Thus, it ordered the controller to comply with the GDPR. In addition it fined € 10,000 under Article 58(2)(i) GDPR for the violation20 KB (3,137 words) - 16:51, 12 December 2023
- UODO (Poland) - ZSPR.421.2.2019 (category Article 5(1)(f) GDPR)5(1)(f) GDPR Article 5(1)(a) GDPR Article 5(2) GDPR Article 6(1) GDPR Article 7(1) GDPR Article 24(1) GDPR Article 25(1) GDPR Article 32(1)(b) GDPR Article71 KB (11,304 words) - 10:01, 17 November 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3216/452/17 (category Article 5(1)(a) GDPR)Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR. As a result, and in accordance with Article 58(2)(d) GDPR, the DPA ordered60 KB (9,117 words) - 14:46, 24 January 2024
- Garante per la protezione dei dati personali (Italy) - 9852214 (category Article 5 GDPR)Under Article 58(2)(f) GDPR, the Italian DPA imposed a temporary limitation on processing of an AI-powered ChatBot. The privacy policy did not clarify36 KB (5,598 words) - 10:15, 8 February 2023
- CJEU - C-268/21 - Norra Stockholm Bygg (category Article 6(3) GDPR)proportionality of the measure under Article 6(4) GDPR, in accordance with the objectives referred to in Article 23(1) GDPR. It recalled that these objectives include9 KB (1,372 words) - 10:12, 7 June 2023
- Personvernnemnda (Norway) - 2021-03 (category Article 5(1)(a) GDPR)Relevant Law: Article 5(1)(a) GDPR Article 5(2) GDPR Article 6(1)(f) GDPR Article 13 GDPR Article 21 GDPR Article 24 GDPR §§2-3 Forskrift om arbeidsgivers25 KB (4,046 words) - 18:37, 5 March 2022
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)consent under Article 8 GDPR also apply? Did the defendant, as the controller, fail to adhere to the data transparency (Article 5(1)(a) GDPR) and the data minimisation48 KB (7,926 words) - 16:56, 12 December 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)pursuant to Art. 53 Para. 2 GDPR) are met is the responsibility of the respondent, in accordance with Art. 54 Para. 1 lit. a) GDPR, which has to monitor and14 KB (1,999 words) - 14:20, 18 July 2023
- AEPD (Spain) - EXP202209001 (category Article 5(1)(c) GDPR)the private property of the controller's, violating Article 5(1)(c) and 13 GDPR. On 1st of August 2022, the data subject submitted a complaint against a22 KB (3,303 words) - 13:28, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8211/161/19 (category Article 5(1)(d) GDPR)pursuant to Article 83(7) GDPR). Hence, the DPA merely ordered the controller to bring implement measures to ensure compliance with the GDPR, pursuant to Article42 KB (6,579 words) - 08:46, 27 January 2022
- BVwG - W211 2225136-1 (category Article 5 GDPR)of the GDPR, and even less than one month between the deletion from the edict file and the request for deletion pursuant to Article 17 of the GDPR. Furthermore39 KB (6,244 words) - 09:40, 10 September 2021
- AEPD (Spain) - EXP202202164 (category Article 5(1) GDPR)AEPD fined in €2,000 a website for non-GDPR compliant privacy policy, violating Article 13 GDPR. On January 16, 2022 the data subject complaint against29 KB (4,482 words) - 14:06, 5 March 2024
- CJEU - C-61/19 - Orange Romania (category Article 4(11) GDPR)(Maciej Szpunar) assessed the case both under the Directive 95/46 and under the GDPR and came to the same opinion under both legal frameworks: Assessing the meaning8 KB (1,074 words) - 13:50, 11 August 2022
- Helsingin hallinto-oikeus (Finland) - 116/2024 (category Article 5(1)(a) GDPR)insurance company had breached Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR as its as its practice was to process the health41 KB (6,133 words) - 10:29, 25 March 2024
- HDPA (Greece) - 27/2020 (category Article 32 GDPR)audit was focused on security issues, which are provided for in Article 32 GDPR and Article 32 of VIS Regulation. Further security requirements are provided3 KB (224 words) - 15:35, 6 December 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 9(1) GDPR)therefore violated Articles 9(1) GDPR out of negligence. The DPA fined the controller €1,600,000 pursuant of Article 83(5)(a) GDPR and considered this a high163 KB (27,222 words) - 16:54, 6 December 2023
- HDPA (Greece) - 2/2020 (category Article 12(4) GDPR)to as ‘GDPR’), which replaced Directive 95/56, has been applicable since 25 May 2018. In accordance with the provisions of Article 15 (1) GDPR, the data12 KB (1,773 words) - 15:33, 6 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does the26 KB (4,050 words) - 17:10, 6 December 2023
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not only to36 KB (5,810 words) - 13:09, 21 January 2022
- HDPA (Greece) - 26/2021 (category Article 12 GDPR)medical exams. HDPA accepted that the physician violated also art. 12 par. 1 GDPR obligation to facilitate the exercise of applicant’s right of access by imposing3 KB (293 words) - 17:15, 3 March 2022
- AEPD (Spain) - EXP202100764 (category Article 5(1)(f) GDPR)means of such activity, by virtue of article 4.7 of the GDPR. Article 4 section 12 of the GDPR broadly defines “violations of security of personal data”34 KB (5,184 words) - 13:22, 13 December 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)protection of Art. 82 GDPR does not cover violations of Art. 13, 14, 15, 24, 25 and Art. 34 GDPR. In addition, there is no breach of the GDPR by the defendant39 KB (6,362 words) - 14:01, 22 June 2023
- APD/GBA (Belgium) - 53/2020 (category Article 5(1)(a) GDPR)This principle has, logically, been taken up again at Article 5.1(b) of the GDPR under the Principles for the Processing of Personal Data (Chapter II). 1635 KB (5,853 words) - 16:58, 12 December 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)norm addressee of Chapter V GDPR. The bB be directly responsible for BF2, which violated Art. 44 ff GDPR. Regarding The GDPR is applicable to the processing158 KB (26,392 words) - 08:25, 7 June 2023
- AEPD (Spain) - EXP202209511 (category Article 6(1) GDPR)mandatory legal requirements to do so, violating Article 6(1) and Article 13 GDPR. A resident has installed, without the authorization of the Comunidad de22 KB (3,257 words) - 13:28, 13 December 2023
- AEPD (Spain) - EXP202301529 (category Article 17 GDPR)the Articles 12 of the GDPR and 12 of the LOPDGDD. It also takes into account what is stated in Considering 59 et seq. of the GDPR. In accordance with the20 KB (3,078 words) - 13:05, 13 December 2023
- Rb. Midden-Nederland - UTR- 20 817 en UTR 20 3081 (category Article 77 GDPR)referred to in Article 78, second paragraph, of the GDPR is free of form. There are no requirements in the GDPR that such a message must meet. It is true that25 KB (3,954 words) - 13:39, 16 November 2020
- HDPA (Greece) - 31/2023 (category Article 5(1)(c) GDPR)principles of article 5 par. 1 GDPR. It is no coincidence that the GDPR includes accountability (see Article 5 para. 2 GDPR) in the regulation of the principles61 KB (10,257 words) - 10:15, 1 November 2023
- HDPA (Greece) - 32/2020 (category Article 5(1) GDPR)The HDPA of Greece examined the complaint for the violation of GDPR against the Greek Ministry of Education and Religion of a parent who had filed a request12 KB (1,464 words) - 15:37, 6 December 2023
- Personvernnemnda (Norway) - 2021-18 (20/02059) (category Article 5(1)(d) GDPR)around the processing of personal data subject to Article 10 GDPR. Pursuant to Article 6(1)(f) GDPR, the Privacy Appeals Board conducted a balancing test, in36 KB (5,859 words) - 06:40, 6 July 2022
- Tietosuojavaltuutetun toimisto (Finland) - 4356/532/19 (category Article 5(1)(a) GDPR)between 2011 and 2017, the issues had continued since the GDPR entered into force, and therefore, the GDPR applied to this case. Second, the DPA stated that that43 KB (6,671 words) - 08:49, 27 January 2022
- Tietosuojavaltuutetun toimisto (Finland) - 834/532/18 (category Article 5(1)(a) GDPR)between 2011 and 2017, the issues had continued since the GDPR entered into force, and therefore, the GDPR applied to this case. Second, the DPA stated that that43 KB (6,677 words) - 08:47, 27 January 2022
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled to compensation27 KB (4,216 words) - 13:26, 8 January 2024
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)ensure the adequate level of protection of the personal data required by the GDPR, given Cloudflare's network extended to more than one hundred countries.30 KB (4,708 words) - 16:56, 6 December 2023
- AEPD (Spain) - EXP202210525 (category Article 6(1) GDPR)possible GDPR violations. The Spanish DPA highlighted that the physical image of a person is personal data within the meaning of Article 4(1) GDPR. Therefore22 KB (3,427 words) - 13:26, 13 December 2023
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting beyond47 KB (7,519 words) - 09:28, 13 February 2024
- HDPA (Greece) - 26/2023 (category Article 15 GDPR)Article 15 GDPR." The DPA rejected the request for review. Genealogical research on a family surname did not fall within the scope of Article 15 GDPR, as "personal14 KB (2,181 words) - 11:27, 13 September 2023
- AEPD (Spain) - EXP202203969 (category Article 6(1) GDPR)LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SEVENTH: Notification of the aforementioned initiation45 KB (7,135 words) - 13:08, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6633/182/2018, 6707/154/2018 and 7685/152/2020 (category Article 15(1) GDPR)subject when his data would be removed. DPA hold that Alektum Oy has violated GDPR Article 15 Subsection 1 and 2 as well as Article 12 Subsection 3 in all three7 KB (858 words) - 15:55, 11 December 2023
- ANSPDCP (Romania) - Fine against Telekom Romania mobile communications S.A. 2 (category Article 32(1) GDPR)and unauthorised access to the data. The infringement of Article 32 of the GDPR led to a €10,000 fine (RON 48,748). The infringement of Article 3 of Law7 KB (900 words) - 15:18, 13 December 2023
- AEPD (Spain) - EXP202201746 (category Article 5(1)(f) GDPR)infringement of Article 32 GDPR. Therefore, the Spanish DPA issued a warning sanction for each violation of Article 5(1)(f) and Article 32 GDPR. AEPD highlighted62 KB (9,703 words) - 13:05, 13 December 2023
- AEPD (Spain) - EXP202102430 (category Article 32 GDPR)system of the penitentiary center of Villena (Alicante), violating Article 32 GDPR. On 14, 19 and 21 September 2021, three penitentiary associations lodged33 KB (4,835 words) - 13:26, 13 December 2023
- CNIL (France) - SAN-2019-010 (category Article 5(1)(c) GDPR)investigations the CNIL found five breaches of the GDPR: - Violation of the right to object, Article 21(2) GDPR: no procedure was implemented to ensure effectively62 KB (10,001 words) - 17:09, 6 December 2023
- AEPD (Spain) - EXP202105680 (category Article 9 GDPR)justification or basis for the processing, violating Article 9 GDPR. AEPD highlighted that Recital 46 GDPR already recognizes that, in exceptional situations, such66 KB (10,558 words) - 13:14, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 7285/183/18 (category Article 5(1)(a) GDPR)processing (Article 5(1)(a) GDPR), data minimisation (Article 5(1)(c) GDPR), and data protection by default (Article 25(2) GDPR). The DPA suggested that if73 KB (11,237 words) - 05:34, 21 July 2022
- LG Krefeld - 2 O 448/20 (category Article 15(1) GDPR)an access request under Article 15(1) GDPR. According to Recital 63 GDPR, the right of access under Article 15 GDPR serves data subjects to be informed about17 KB (2,758 words) - 14:10, 15 December 2021
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)data without a legitimate basis, in breach of Article 6 GDPR. For the violation of Article 6 GDPR, the AEPD fined the controller €6,000. In order to determine74 KB (11,726 words) - 13:02, 13 December 2023
- Gerechtshof Amsterdam - 200.248.187/01 (category Article 17 GDPR)who had been subject to a disciplinary procedure, pursuant to Article 17 GDPR, because the interests of Google and third parties outweighed the data subject's5 KB (641 words) - 10:50, 28 February 2022
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that this24 KB (3,847 words) - 15:19, 11 September 2022
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)5(1)(a) GDPR? Is the information relating to personal data processing operations easily accessible within the meaning of Articles 12 and 13 GDPR? Is the48 KB (7,404 words) - 17:09, 6 December 2023
- AEPD (Spain) - EXP202201721 (category Article 6(1) GDPR)the sanctioning regime imposed by the GDPR. And this is because the GDPR is a closed and complete system. The GDPR is a European standard directly applicable79 KB (12,408 words) - 13:24, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9524194 (category Article 58(2)(f) GDPR)personali (Italy) Jurisdiction: Italy Relevant Law: Article 58(2)(f) GDPR Article 66(1) GDPR Type: Investigation Outcome: Violation Found Started: Decided: 229 KB (1,280 words) - 15:53, 6 December 2023
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)party, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notification of the Commencement Agreement, through26 KB (4,147 words) - 13:27, 13 December 2023
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)constitutes a special rule with regard to the GDPR, since it prohibits the legal bases mentioned in Article 6 GDPR from being invoked in order to be able to120 KB (19,650 words) - 09:00, 6 April 2022
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)Article 16 sentence 1 GDPR is the legal basis for a request for rectification, even if the request has been submitted before the GDPR entered into force:112 KB (19,310 words) - 08:08, 23 June 2022
- HDPA (Greece) - 11/2024 (category Article 17 GDPR)"one-stop mechanism" according to Articles 56 and 60 of the GDPR does not apply established by the GDPR and, therefore, in accordance with the provisions of articles36 KB (5,761 words) - 17:19, 22 April 2024
- HDPA (Greece) - 8/2021 (category Article 4(7) GDPR)the political communication legal under article 4 GDPR? The DPA held that in the light of Article 4 GDPR, Article 13 of the national law 3471/2006 and Article3 KB (228 words) - 08:44, 23 November 2021
- BVwG - W176 2244407-1/18E (category Article 15(4) GDPR)Article 23 GDPR. Restrictions on the right to information under Art. 15 GDPR result in particular from the express provision in Art. 15 (4) GDPR that the48 KB (7,816 words) - 11:04, 29 July 2022
- AEPD (Spain) - EXP202205932 (category Article 6(1) GDPR)under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful processing32 KB (4,952 words) - 13:11, 13 December 2023
- AEPD (Spain) - EXP202206626 (category Article 5(1)(c) GDPR)article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 The GDPR defines the concept35 KB (5,475 words) - 13:21, 13 December 2023
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)the controller had not violated Article 45 GDPR nor any of the subsequent Articles from Chapter V of the GDPR. The AEPD took into account that the controller44 KB (6,642 words) - 10:34, 13 December 2023
- Helsingin hallinto-oikeus (Finland) - 117/2024 (category Article 9 GDPR)processing operations. The controller was found to have breached Article 9 GDPR as its practice was to process the health data of life insurance applicants22 KB (3,290 words) - 10:29, 25 March 2024
- HDPA (Greece) - 56/2021 (category Article 13 GDPR)the GDPR in conjunction with Article 83(1)(a) of the GDPR. 5 of the GDPR, and with Article 21(5) of the GDPR, and with Article 21(2)(a) of the GDPR. 1(b)54 KB (8,916 words) - 15:22, 22 February 2022
- HDPA (Greece) - 19/2020 (category Article 5(2) GDPR)having any previous relationship with her. The HDPA held that according to the GDPR and Article 11 of L. 3471/2006, in electronic political communication a politician2 KB (168 words) - 15:35, 6 December 2023
- UODO (Poland) - ZSPU.421.3.2019 (category Article 5(1)(a) GDPR)with the GDPR at the Municipal Office of the Mayor of Aleksandrów Kujawski. The UODO found that the local government did not comply with the GDPR because58 KB (9,357 words) - 10:02, 17 November 2023
- AEPD (Spain) - EXP202105644 (category Article 5(1)(f) GDPR)000: €50,000 for the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. The original fine of €80,000 was reduced to €4827 KB (4,121 words) - 15:06, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 918/154/2019 (category Article 17(1) GDPR)outdated and was no longer of importance to society. Pursuant to Article 17(1) GDPR, the data subject had requested Google LLC (the controller) to remove several26 KB (4,072 words) - 12:18, 27 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant to77 KB (12,352 words) - 07:20, 23 April 2024
- Datatilsynet (Norway) - 20/02375 (category Article 6(1)(f) GDPR)breaching Article 6(1) GDPR, and required the company to implement a policy for conducting credit ratings per Article 24 GDPR. A person lodged a complaint40 KB (5,943 words) - 18:54, 5 March 2022
- HDPA (Greece) - 3/2020 (category Article 15 GDPR)implementation of Regulation (EU) 2016/679 (GDPR).As the processing activity does not relate to a period of time during which the GDPR applied and, according to the19 KB (3,034 words) - 15:33, 6 December 2023
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 4(11) GDPR)reprimand concerning the requirements for consent as required by Article 6(1)(a) GDPR. Datatilsynet examined a complaint regarding the processing of personal data65 KB (9,767 words) - 16:22, 6 December 2023
- CNIL (France) - SAN-2019-001 (category Article 4(11) GDPR)imposed a record fine of €50 million on Google for several violations of GDPR including processing personal data without a lawful basis, violating the90 KB (14,556 words) - 17:08, 6 December 2023
- Datatilsynet (Norway) - 20/01790 (category Article 5(1)(a) GDPR)personal data from a surveillance footage, thus breaching Article 5(1)(a) GDPR and Article 6. The company appealed to the Norwegian Privacy Appeals Board49 KB (7,646 words) - 07:56, 7 March 2022
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)article 4.1 of the GDPR, is data personnel and their protection, therefore, is the subject of said Regulation. In article 4.2 of the GDPR defines the concept75 KB (12,421 words) - 13:23, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)that “Recital 65 of the GDPR also includes the exception of the legal defense as provided for in article 17.3.e of the GDPR to the right to erasure",37 KB (5,765 words) - 09:53, 14 December 2023
- AEPD (Spain) - EXP202100300 (category Article 16 GDPR)that the controller had not answered a rectification request from Article 16 GDPR. The data subject wanted the employer to rectify a productivity record deriving16 KB (2,362 words) - 13:37, 13 December 2023
- Supreme Administrative Court (Portugal) - 0856/20.0BELRA (category Article 4(1) GDPR)concept of "personal data", currently translated into Article 4(1) of the GDPR. With the amendment of 2013 and the introduction of a new exception in the6 KB (657 words) - 10:02, 6 October 2021
- Rb. Rotterdam - C/10/576074/HA RK 19-694 (category Article 15(3) GDPR)Directive and the right to access under the GDPR. First the Court clarified that both the ePrivacy Directive and the GDPR apply. It considered that the right of15 KB (2,504 words) - 16:27, 10 March 2022
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)Data Protection Regulation - GDPR). The defendant has a right of refusal under Art. 12 Para. 5 Sentence 2 Letter b) GDPR to. The provision only lists the40 KB (6,325 words) - 16:12, 18 May 2022
- Datatilsynet (Norway) - 20/01868 (category Article 5(1)(d) GDPR)Privacy Ordinance, Legislative Commentary, and Öman, Data Protection Ordinance (GDPR) etc. A comment, Norsteds Juridik AB, 2019, page 329. There is no statutory26 KB (4,150 words) - 16:14, 6 December 2023
- UODO (Poland) - DKN.5131.6.2020 (category Article 33(1) GDPR)subjects? The Polish DPA found that the University violated Article 33(1) GDPR and Article 34, because it had notified neither the supervisory authority66 KB (10,785 words) - 10:00, 17 November 2023
- HDPA (Greece) - 57/2021 (category Article 13 GDPR)calls, and for not providing relevant information under Articles 13 and 14 GDPR during the calls. The controller – PLUS REAL ADVERTISEMENT – provides marketing45 KB (7,165 words) - 15:22, 22 February 2022
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)found that the Socialist Party of Catalonia (PSC-PSOE) violated Article 21 GDPR due to unsolicited political propaganda sent after the data subject exercised26 KB (4,032 words) - 14:31, 13 December 2023
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)of article 32 of the GDPR since they are not referred to by the GDPR and were created without being related to or based on the GDPR. The AP disagrees with67 KB (11,415 words) - 17:15, 12 December 2023
- Helsingin hallinto-oikeus (Finland) - H6072/2021 (category Article 6(1)(f) GDPR)freedom of expression and information within the meaning of Article 17(3)(a) GDPR. The controller also stated that there were compelling legitimate grounds61 KB (9,876 words) - 21:38, 24 March 2024
- AEPD (Spain) - PS/00070/2019 (category Article 4(11) GDPR)transparency as found in Articles 12, 13 and 14 GDPR. The second fine was imposed as BBVA breached Article 6 GDPR (legality of processing). The decision relates422 KB (70,184 words) - 13:56, 13 December 2023
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)made without legitimizing cause of those included in article 6 of the GDPR. The GDPR applies to personal data. Said regulation defines as «data personal”22 KB (3,319 words) - 13:00, 13 December 2023
- AEPD (Spain) - E/03276/2021 (category Article 6(1)(a) GDPR)Authority: AEPD (Spain) Jurisdiction: Spain Relevant Law: Article 6(1)(a) GDPR Regulation 1024/2012 (IMI Regulation) Article 21(1) LSSI Article 22(2) LSSI10 KB (1,288 words) - 13:39, 13 December 2023
- AEPD (Spain) - TD/00183/2021 (category Article 15 GDPR)processing of personal data and the free circulation of these data (hereinafter, GDPR); and in article 47 of the Law Organic 3/2018, of December 5, Protection20 KB (3,087 words) - 13:30, 13 December 2023
- Datatilsynet (Denmark) - 2019-441-1581 (category Article 34 GDPR)Obligation to notify the registered (customers) pursuant to GDPR art. 34? It follows from GDPR art. 34 that Nemlig and Intervare as data controllers in case24 KB (3,365 words) - 16:37, 6 December 2023
- HDPA (Greece) - 38/2020 (category Article 4(7) GDPR)from my list of recipients, in accordance with the provisions of Article 18 GDPR. 4) He proceeded to remove the recipient’s e-mail address from the list of14 KB (2,070 words) - 15:38, 6 December 2023
- HDPA (Greece) - 37/2020 (category Article 4(7) GDPR)Authority: HDPA (Greece) Jurisdiction: Greece Relevant Law: Article 4(7) GDPR Article 11 L. 3471/2006 Type: Complaint Outcome: Upheld Started: Decided:14 KB (2,127 words) - 15:37, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9860529 (category Article 9 GDPR)and right to privacy. Health data are sensitive data covered by Article 9 GDPR. According to Article 137 of the Italian Data Protection Code, health data16 KB (2,354 words) - 15:45, 6 December 2023
- OLG Köln - 15 U 126/19 (category Article 17(1)(d) GDPR)Article 17(1)(d) GDPR since the data was unlawfully processed. The defendant claimed that its activities fall under exception in (Article 85 GDPR) read in conjunction121 KB (20,412 words) - 15:58, 10 March 2022
- APD/GBA (Belgium) - 02/2021 (category Article 6 GDPR)to them after they exercised their right to data portability (Article 20 GDPR) and right to object (Article 21). After a contractual relationship with96 KB (15,396 words) - 16:50, 12 December 2023
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)gas distribution company €12,000 for a violation of Article 5(1)(f) of the GDPR. A customer of a gas distribution company (Madrileña Red De Gas, S.A.U) complained39 KB (6,623 words) - 14:08, 13 December 2023
- AEPD (Spain) - PS/00451/2019 (category Article 6(1)(f) GDPR)Authority: AEPD (Spain) Jurisdiction: Spain Relevant Law: Article 6(1)(f) GDPR Type: Complaint Outcome: Upheld Started: Decided: 09.06.2020 Published: 0926 KB (4,231 words) - 14:44, 13 December 2023
- CNIL (France) - SAN-2022-025 (category Article 4(11) GDPR)that the French DPA was not competent in this case. Apple argued that the GDPR was applicable and that the Irish DPA was instead the competent authority82 KB (13,463 words) - 17:03, 6 December 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- HDPA (Greece) - 39/2020 (category Article 4(7) GDPR)communication? The HDPA held that the politician is a data controller under the GDPR and needs to establish a valid legal basis to process personal data. Unsolicited56 KB (7,755 words) - 15:39, 6 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)serious breach of the GDPR. The violation of Article 17, 1., a) constitutes also a violation of an essential principle of the GDPR and constitutes at least131 KB (22,429 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not demand270 KB (43,335 words) - 12:39, 13 December 2023
- OLG Köln - 15 U 89/19 (category Article 17(3) GDPR)Article 17(3) GDPR. Two doctors sued a platform for deletion of their basic profile set up on the platform without their consent under Article 17 GDPR. They argued143 KB (24,273 words) - 15:59, 10 March 2022
- Court of Appeal of Brussels - 2022/AR/292 (category Article 5(1)(f) GDPR)that use the TC-string? (Article 4(1) GDPR) 2) a) Is IAB a (joint) controller (Article 4(7) GDPR and Article 24(1) GDPR)? b) Does it matter whether or not6 KB (675 words) - 09:55, 14 December 2023
- DPC (Ireland) - Meta Platforms Ireland Limited (Facebook) - IN-18-5-5 (category Article 4 GDPR)Article 6(1)(b) GDPR, and to bring its processing into compliance with Article 6(1) GDPR. Furthermore, pursuant to Articles 58(2)(i) and 83 GDPR, and under21 KB (3,005 words) - 14:16, 1 February 2023
- DPC (Ireland) - Meta Platforms Ireland Limited (Instagram) - IN-18-5-7 (category Article 4 GDPR)Article 6(1)(b) GDPR, and to bring its processing into compliance with Article 6(1) GDPR. Furthermore, pursuant to Articles 58(2)(i) and 83 GDPR, and under21 KB (3,069 words) - 14:17, 1 February 2023
- 99 GDPR |GDPR_Article_Link_3=Article 99 GDPR |GDPR_Article_4= |GDPR_Article_Link_4= |GDPR_Article_5= |GDPR_Article_Link_5= |GDPR_Article_6= |GDPR_Article_Link_6=32 KB (6,006 words) - 16:33, 7 July 2021
- HDPA (Greece) - 4/2022 (category Article 5(1)(a) GDPR)35(7) GDPR, for not complying with the principle of transparency under Article 5(1) GDPR and for not anonymising the data under Article 25(1) GDPR, among11 KB (1,274 words) - 10:37, 23 February 2022
- 99 GDPR |GDPR_Article_Link_3=Article 99 GDPR |GDPR_Article_4= |GDPR_Article_Link_4= |GDPR_Article_5= |GDPR_Article_Link_5= |GDPR_Article_6= |GDPR_Article_Link_6=34 KB (5,924 words) - 18:14, 20 April 2021
- CJEU - C-601/20 - SOVIM (category Article 5(1)(b) GDPR)on the free movement of such data, and repealing Directive 95/46/EC (the ‘GDPR’), which requires data to be processed lawfully, fairly and in a transparent9 KB (1,176 words) - 13:29, 5 January 2024
- Datatilsynet (Norway) - 21/02873 (category Article 3(1) GDPR)cross-border processing (Article 4(23) GDPR). Therefore, the cooperation mechanism was applicable (Articles 56(1) GDPR and 60 GDPR), with the Norwegian DPA as lead13 KB (1,583 words) - 16:20, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.010.199 (category Article 2(2)(c) GDPR)2(2)(c) GDPR Article 4(1) GDPR Article 4(2) GDPR Article 4(7) GDPR Article 4(11) GDPR Article 6 GDPR Article 9 GDPR Article 31 GDPR Article 58 GDPR Type:4 KB (264 words) - 10:29, 7 June 2023
- APD/GBA (Belgium) - 136/2023 (category Article 5(1)(f) GDPR)5(1)(f) GDPR, Article 5(1)(a) GDPR, Article 5(2) GDPR, Article 12 GDPR, Article 13 GDPR, Article 14 GDPR, Article 24(1) GDPR, and Article 25 GDPR, as a result58 KB (9,184 words) - 16:49, 12 December 2023
- HDPA (Greece) - 24/2020 (category Article 4(2) GDPR)exercising their right to access (Article 15 GDPR), not mentioning any of the elements of Article 14 GDPR regarding the processing of data, but only mentioning8 KB (879 words) - 15:37, 6 December 2023
- HDPA (Greece) - 65/2022 (category Article 12(1) GDPR)The Greek DPA found that a polling company had violated Articles 12 and 15 GDPR, for failing to respond to an access request submitted by a participant in5 KB (571 words) - 16:39, 28 February 2023
- HDPA (Greece) - 50/2021 (category Article 5(1)(a) GDPR)accordance with Article 13 GDPR. In addition, the HDPA found that the Ministry violated the obligation of Article 35(9) GDPR in relation to the expression5 KB (548 words) - 09:23, 12 October 2022
- ANSPDCP (Romania) - Asociația de proprietari Bl. FC 5, orașul Năvodari, județul Constanța (category Article 5 GDPR)the building lawful in accordance with Articles 5, 6, 12, 13, 25, and 32 GDPR? The ANSPDCP first held that the processing of the image coming from the6 KB (779 words) - 15:16, 13 December 2023
- HDPA (Greece) - 41/2019 (category Article 12(3) GDPR)12(3) GDPR and Article 12(4) GDPR when a data subject may exercise their right of access according to Article 15(1) GDPR and Article 15(3) GDPR. Then,4 KB (322 words) - 15:39, 6 December 2023
- HDPA (Greece) - 43/2019 (category Article 5(1)(a) GDPR)force until GDPR came into force. It, thus, violated the principle of accountability according to Article 5(2) GDPR and Article 5(1)(a) GDPR. The HDPA found5 KB (459 words) - 15:39, 6 December 2023
- CNPD (Portugal) - Deliberação 2021/1569 (category Article 5(1)(a) GDPR)Article 5 (1)(e)GDPR, the duty to provide information under Article 13 GDPR, and the obligation to carry out a DPIA under Article 35(3)(b) GDPR. The CNDP also11 KB (1,491 words) - 16:54, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.008.029 (category Article 5(1) GDPR)CYTA violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures and practices, so3 KB (193 words) - 16:52, 6 December 2023
- HG Wien - 57 Cg 32/20m (category Article 4(2) GDPR) (section Clause 1: Various Breaches of the GDPR)Protection Act may also be based on violations of the GDPR, despite the lack of implementation of Article 80(2) GDPR in Austria. Matching customer data with a data24 KB (3,579 words) - 12:05, 7 July 2021
- DSB (Austria) - D130.206/0006-DSB/2019 (category Article 3(2)(a) GDPR)line with Article 13 GDPR. On the DSB's request, the controller declared R*** Hotels GmbH as its representative under Article 27 GDPR and sent a reply to40 KB (6,007 words) - 13:59, 12 May 2023
- ANSPDCP (Romania) - Natural Person (category Article 5(1)(a) GDPR)constituted a violation of the provisions of Article 5(1)(a) GDPR, Article 5(1)(f) GDPR, Article 6(1)(a) GDPR. As such, the DPA imposed a fined on the controller5 KB (507 words) - 14:47, 5 October 2022
- HDPA (Greece) - 61/2022 (category Article 5(1)(a) GDPR)information provided to data subjects was less than that required by the GDPR, and the information was not provided in an intelligible and easily accessible6 KB (663 words) - 15:31, 6 December 2023
- OGH - 6Ob77/20x (category Article 25 GDPR)Does the GDPR preclude national regulations which, among other things, grant associations the power to take action for violations of the GDPR by way of7 KB (658 words) - 13:16, 8 July 2021
- FiS - 7679-22 (category Article 13(1)(c) GDPR)personal data under Article 17 GDPR, to restrict processing of personal data Article 18 GDPR, to data portability under Article 20 GDPR and to object to the processing13 KB (1,616 words) - 09:14, 2 May 2024
- Commissioner (Cyprus) - Α/Π 68/2017 (category Article 32(1)(d) GDPR)DPA (Commissioner) fined the Cyprus Police €6000 for violating Article 32 GDPR for disclosing personal data to unauthorised persons. A series of media publications6 KB (649 words) - 16:51, 6 December 2023
- HDPA (Greece) - 48/2023 (category Article 5(1)(a) GDPR)data in violation of Article 5(1)(a) GDPR, Article 6(1) GDPR, Article 12(3) GDPR, Article 12(4) GDPR and Article 15 GDPR. As such, the DPA issued a fine of6 KB (685 words) - 14:58, 21 March 2024
- HDPA (Greece) - 33/2023 (category Article 5(1)(a) GDPR)could not rely on Article 6(1)(c) GDPR as a legal basis. This made the processing also unlawful under Article 5(1)(a) GDPR. The HDPA fined the municipality4 KB (367 words) - 14:07, 20 December 2023
- APD/GBA (Belgium) - 103/2022 (category Article 4(11) GDPR)personal data - for which a violation was established - in compliance with the GDPR within 3 months. This is the second decision following this investigation6 KB (569 words) - 12:31, 3 August 2022
- VDAI - NVSC vs UAB (category Article 5 GDPR)13, 24, 32, 35 and 58(2)(f) GDPR. UAB IT Solutions Success was fined €3,000 for violating Articles 5, 13, 24, 32 and 35 GDPR. The Lithuanian DPA (VDAI)11 KB (1,573 words) - 09:18, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9556958 (category Article 5(1)(a) GDPR)Article 25 GDPR and the liability principle of 5(2) GDPR. The DPA finally found out that the provision on impact assessment, as per Article 35 GDPR was also4 KB (505 words) - 15:55, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9283029 (category Article 5(1)(a) GDPR)the prohibition under Article 9 (1) GDPR and without relying on any specific exemptions under Article 9 (2) (4) GDPR. Feel free to add your comment here6 KB (316 words) - 15:47, 6 December 2023
- DPC (Ireland) - Inquiry into Airbnb Ireland UC - 28 September 2023 (category Article 5(1)(c) GDPR)supervisory authority under Article 56 GDPR, which initiated the cooperation mechanism according to Article 60 GDPR. The controller explained in its submissions17 KB (2,411 words) - 09:25, 27 November 2023
- Court of Appeal of Brussels - 2022/AR/723 (category Article 5(1)(c) GDPR)21(2) and 21(4) GDPR. Moreover, the DPA held that the controller violated Article 5(1)(a), 5(1)(c), 5(2), 6(1), 12(2), 21(2) and 21(4) GDPR. The controller8 KB (919 words) - 09:54, 14 December 2023
- Garante per la protezione dei dati personali (Italy) - 9518890 (category Article 5(1)(a) GDPR)of employment as per Article 88 GDPR. For these reasons, the Garante: - With the power conferred by Article 58(2)(i) GDPR, imposed a fine of €20,000 on Gaypa4 KB (460 words) - 15:53, 6 December 2023
- HDPA (Greece) - 38/2019 (category Article 4(1) GDPR)reprimand to the telecommunication company Wind Hellas for violation of the GDPR and of the national law implementing the ePrivacy Directive and it issued4 KB (347 words) - 15:37, 6 December 2023
- CNIL (France) - 2023-097 (category Article 5(1)(c) GDPR)imposed by the GDPR. Firstly, that the purpose of processing was determined, explicit and legitimate in accordance with Article 5(1)(b) GDPR when considering18 KB (2,536 words) - 17:11, 6 December 2023
- CNPD (Portugal) - Deliberação 2021/622 (category Article 5(1)(b) GDPR)nor clear. Therefore, the purpose limitation principle from Article 5(1)(b) GDPR had been infringed. The DPA also added that the fact that the use of the11 KB (1,409 words) - 16:54, 6 December 2023
- HDPA (Greece) - 1/2023 (category Article 17 GDPR)in accordance with Article 51 and 55 GDPR, this authority is competent to supervise the application of the GDPR to this case. This is because, while Google6 KB (760 words) - 15:52, 28 February 2023
- APD/GBA (Belgium) - 19/2021 (category Article 12 GDPR)object under Article 21(2) GDPR in conjunction with Article 12(1) GDPR, Article 12(2) GDPR, Article 13 GDPR and Article 14 GDPR. Telenet asked for permission10 KB (1,290 words) - 16:55, 12 December 2023
- AZOP (Croatia) - Decision 26-09-2023 (category Article 6(1) GDPR)its web form and via e-mail, acting contrary to Article 13(1) GDPR and Article 13(2) GDPR. Further, the AZOP held that the controller failed to adopt appropriate12 KB (1,634 words) - 17:02, 6 November 2023
- Garante per la protezione dei dati personali (Italy) - 9283014 (category Article 5(1)(a) GDPR)their health status, without appropriate legal grounds, as required by art. 6 GDPR and art 2-ter and 2-septies of the Italian Privacy Code, and going against6 KB (437 words) - 15:47, 6 December 2023
- Court of Appeal of Brussels - 2022/AR/953 (category Article 4(11) GDPR)2022, the DPA issued decision 103/2022, fining the controller for several GDPR related violations. The controller appealed this decision at the Market Court7 KB (681 words) - 10:43, 15 January 2024
- BVwG - W258 2227269-1/14E (category Article 4(7) GDPR)Article 5(1) GDPR Article 6 (1) GDPR Article 6(4) GDPR Article 9 GDPR Article 14 GDPR Article 30 GDPR Article 35 GDPR and Article 36 GDPR. The fine was47 KB (7,345 words) - 09:41, 10 September 2021
- EWHC (QB) - Sanso Rondon v LexisNexis Risk Solutions UK Ltd (category Article 2 GDPR)that nominate a representative under Article 27 GDPR do not outsource liability for breaches of the GDPR. A representative can only be held responsible4 KB (474 words) - 08:41, 22 February 2022
- Garante per la protezione dei dati personali (Italy) - 9544504 (category Article 5(1)(a) GDPR)(f), 9 and 32(1)(b) GDPR.” Pursuant to Article 58(2)(i), the DPA hence imposed an administrative fine as per Article 83(4) and (5) GDPR. Given that the conduct10 KB (1,206 words) - 15:54, 6 December 2023
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 4 GDPR)Adopted 13 GDPR for processing on foot of Article 6(1)(b) GDPR . The IE recalls the general requirement of transparencyunder Article5(a)GDPR 54,anditsp289 KB (33,568 words) - 15:00, 1 February 2023
- Garante per la protezione dei dati personali (Italy) - 9525315 (category Article 5(1)(a) GDPR)violation of article 5(a), 6 and 9 GDPR definition of the data retention period, in violation of Article 5(1)(e) GDPR adequate definition of the relationship3 KB (297 words) - 15:54, 6 December 2023
- HDPA (Greece) - 50/2022 (category Article 5(1)(b) GDPR)the GGC. 2(i) of the GDPR, the effective, proportionate and dissuasive administrative fine provided for in Article 83 of the GDPR, both to remedy compliance19 KB (2,790 words) - 15:32, 6 December 2023
- BAC (Bulgaria) - 2606/2021 (category Article 4(12) GDPR)obligations under Articles 24 and 32 of the GDPR which led to the personal data breach, as per Article 4(12) of the GDPR, including with regards to the complainant’s13 KB (1,761 words) - 09:58, 14 December 2023
- CNIL (France) - SAN-2020-016 (category Article 2(2) GDPR)out in their entirety from Morocco, so that the GDPR did not apply in this case. As per Articles 3 GDPR and 8 of the French Data Protection Act, the CNIL12 KB (1,602 words) - 17:10, 6 December 2023
- Datatilsynet (Norway) - 20/01949 (category Article 5 GDPR)their response cf. Article 15 - fulfill the other requirements as per the GDPR, including the fundamental principles for processing personal data cf. Article49 KB (7,572 words) - 16:14, 6 December 2023
- AZOP (Croatia) - Decision 05-10-2023 (category Article 5 GDPR)on EOS Matrix as a data controller due to the multiple violations of the GDPR. The DPA received an anonymous petition stating that EOS Matrix had unauthorized13 KB (1,934 words) - 20:55, 1 November 2023
- Commissioner (Cyprus) - 12.10.001.011.001 (category Article 32 GDPR)negotiated the role of data management procedures of a bank, under the aegis of GDPR. In April 2019, Client A asked Hellenic Bank to update his information. During7 KB (861 words) - 16:53, 6 December 2023
- HmbBfDI (Hamburg) - Vermerk: Abdingbarkeit von TOMs (category Article 6(1)(a) GDPR)omission of TOMs (Art. 32 GDPR) The requirements of the European fundamental rights, which the GDPR in accordance with Art. 1 Para. 2 GDPR therefore suggest that30 KB (4,562 words) - 15:27, 6 December 2023
- AEPD (Spain) - PS/00292/2019 (category Article 5(1)(a) GDPR)Articles 5(1)(a) and 6(1)(b) GDPR. In addition, the AEPD decided to impose a fine of 1.000 € in accordance with Article 83(5)(a) GDPR by taking into consideration4 KB (355 words) - 14:26, 13 December 2023
- AEPD (Spain) - PS/00136/2020 (category Article 6(1)(a) GDPR)Comunicación with €8,000 for the infringement of Articles 6(1), 13 and 14 GDPR, as the company gathered and re-used data from the Andalusian Education Department3 KB (337 words) - 14:04, 13 December 2023
- APD/GBA (Belgium) - 20/2023 (category Article 2(4) GDPR)for data processing under Article 21 GDPR and the principle of liability under Article 2(4) GDPR and Article 24 GDPR. The complainant, the data subject,14 KB (1,883 words) - 16:59, 20 March 2023
- HDPA (Greece) - 36/2023 (category Article 5(1)(a) GDPR)request, violating GDPR Article 12(3) and Article 15. The delay also led to the deletion of requested data, violating Article 5(1) GDPR. A complainant legally7 KB (890 words) - 15:02, 15 January 2024
- Commissioner (Cyprus) - 11.17.001.010.007 (category Article 5(1)(c) GDPR)supervisory authority in the case under Article 56 GDPR. The DPC started a cooperation procedure under Article 60 GDPR and opened an investigation. In its submissions20 KB (3,082 words) - 13:42, 31 January 2024
- ANSPDCP (Romania) - Fine to a physician for recording a patient on his personal telephone (category Article 5 GDPR)Article 5 GDPR, Article 6(1) GDPR and Article 9 GDPR. Article 5 GDPR establishes the principles of data processing. Firstly, Article 5(1)(a) GDPR notes that7 KB (876 words) - 15:12, 13 December 2023
- of the GDPR. 92. 92. Firstly, the restricted formation emphasises that, in this case, the criterion provided for in Article 83(2)(a) of the GDPR relating73 KB (11,864 words) - 17:03, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.007.125 (category Article 12(2) GDPR)the GDPR and additional mechanisms should be implemented so that users with hacked accounts could be also identified according to Article 12(6) GDPR. Share3 KB (221 words) - 16:51, 6 December 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 4 GDPR)with GDPR transparencyobligations under Article 13(1)(c) GDPR involves a separateand different legalassessment tothatrequired in Article6(1)(b) GDPR.TheIE468 KB (51,340 words) - 14:10, 30 January 2023
- Datatilsynet (Norway) - 20/01865 (category Article 2 GDPR)Article 4(1) GDPR. These statistics even included health data which qualify as a special category of personal data under Article 9(1) GDPR. The Datatilsynet19 KB (2,942 words) - 09:03, 14 September 2023
- HDPA (Greece) - 5/2023 (category Article 5(1)(a) GDPR)and transparency established in Article 5(1)(a) GDPR. Moreover, the DPA found a violation of Article 13 GDPR, since the controller did not correctly inform5 KB (578 words) - 05:32, 26 April 2023
- BVwG - W211 2222613-2/llE (category Article 5 GDPR)recipients of personal data constitute a violation of the GDPR. It also held that Article 77 GDPR grants an independent right to lodge a complaint with a6 KB (692 words) - 13:15, 24 August 2022
- AEPD (Spain) - PS/00187/2019 (category Article 4(11) GDPR)contrary to GDPR, specifically, articles Articles 5(1)(a) and 6(1)(a) GDPR. Though the Hospital acknowledged that the form was not adapted to the new GDPR rules5 KB (497 words) - 14:08, 13 December 2023
- APD/GBA (Belgium) - 11/2024 (category Article 5(2) GDPR)and (4) GDPR. Therefore, the Belgian DPA found the controller to have breached Article 15 GDPR in conjunction with Article 12(3) and (4) GDPR, and it mandated26 KB (3,856 words) - 08:51, 19 March 2024
- DSB (Austria) - 2020-0.111.488 (category Article 4(15) GDPR)(Datenschutzbehörde - DSB) held that the doctor had violated Article 5(1)(a) GDPR and Article 9(1) and (2) GDPR as the patients had not given their ecplicit consent to the8 KB (1,048 words) - 13:50, 12 May 2023
- DSB (Austria) - 2020-0.605.768 (category Article 40 GDPR)under Article 41 GDPR (redacted as "code S***", code M*** and code U***"). These codes had been approved by the DSB under Article 40(5) GDPR. Inverstigations19 KB (2,799 words) - 13:52, 12 May 2023
- VDAI (Lithuania) - UAB vs FITNESS (category Article 5(1)(c) GDPR)possible breach of the GDPR. The VDAI found that the sports club had violated the following GDPR provisions: It violated Article 9(1) GDPR by processing the53 KB (2,523 words) - 09:19, 17 November 2023
- HDPA (Greece) - 36/2022 (category Article 5(1)(a) GDPR)Article 33 GDPR. The DPA also ordered the controller to communicate the data breach to the affected data subjects pursuant to Article 34 GDPR. The specific11 KB (1,522 words) - 09:35, 13 September 2022
- LG Wiesbaden - 10 O 14/21 (category Article 4(11) GDPR)infringement of Article 6(1) GDPR. Furthermore, he argued the infringement of Article 26 GDPR (joint responsibility) and Article 44 GDPR (third country transfer)8 KB (1,078 words) - 15:36, 14 February 2023
- HDPA (Greece) - 52/2021 (category Article 28(3) GDPR)000 under Article 58(2) GDPR and Article 83(4) GDPR for the breach of Article 32(2), Article 32(4) GDPR and Article 28(3) GDPR. As for the controller,8 KB (861 words) - 10:00, 22 December 2021
- APD/GBA (Belgium) - 56/2021 (category Article 5(2) GDPR)addition to the violation of Article 32 GDPR, the Chamber found that the financial institution had violated: Article 25 GDPR on data protection by design and5 KB (671 words) - 17:03, 12 December 2023
- Datatilsynet (Norway) - 20/02162 (category Article 6(1)(f) GDPR)for monitoring the former employee's email account, as per Article 6(1)(f) GDPR. The DPA further held that the company failed to: provide the data subjects5 KB (483 words) - 18:55, 5 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 3818/161/2020 (category Article 5(1)(a) GDPR)Article 12(1) GDPR. 2) Whether the controller has provided the data subject with adequate information under Article 13(1)(d) and 2(b) GDPR in connection3 KB (313 words) - 13:05, 3 March 2024
- APD/GBA (Belgium) - 16/2020 (category Article 5(2) GDPR)Article 30(1) GDPR, despite employing fewer than 250 persons, because of the risk to the rights and freedoms of the data subject (article 30(5) GDPR). Share3 KB (316 words) - 16:55, 12 December 2023
- CJEU - C-768/21 - Land Hessen (category Article 57(1)(a) GDPR)and repealing Directive 95/46/EC (General Data Protection Regulation, ‘the GDPR’, OJ 2016 L 119, p. 1), read in combination with Article 77(1) thereof, to2 KB (133 words) - 11:33, 28 February 2022
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)“anonymisation”. Recital 26 of the GDPR clarifies that anonymous information does not fall within the scope of the GDPR. The GDPR does not explicitly define “anonymisation”59 KB (8,242 words) - 10:47, 17 March 2021
- CJEU - T-709/21 - WhatsApp Ireland v European Data Protection Board (category Article 4(1) GDPR)as required under Article 263 TFEU. Following the entry into force of the GDPR, the Irish DPA received complaints from users and non-users (the data subjects)8 KB (1,160 words) - 14:25, 15 December 2022
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 5(1)(a) GDPR)fraud prevention under Article 6(1)(f) GDPR. Did the company’s policy breach Article 6 or any other articles of the GDPR? The Garante held that the policy breached33 KB (5,342 words) - 15:52, 6 December 2023
- Datatilsynet (Norway) - 20/02059 (category Article 5(1)(d) GDPR)complaint against Google. The DPA noted that the lawful basis was Article 6(1)(f) GDPR and referred to the Article 29 Group's guidelines WP225 relating to search5 KB (532 words) - 06:53, 6 March 2022
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)(Article 5(2) GDPR), of engagement of a processor (Article 28 GDPR), and in respect of the security of processing of personal data (Article 32 GDPR). However183 KB (30,819 words) - 09:50, 20 January 2023
- HDPA (Greece) - 2/2023 (category Article 4(7) GDPR)the principles of Article 5 GDPR is not cured by the existence of a legitimate purpose and legal basis (cf. GDPR 38/2004, GDPR 43/2019). In addition, the31 KB (5,021 words) - 16:15, 18 July 2023
- Datatilsynet (Denmark) - 2022-63-0003 (category Article 5(1)(f) GDPR)The DPA assessed the appropriate sanctions in accordance with Article 83(2) GDPR and suggested a fine of approximately €67,000 (DKK 500,000). The DPA in Denmark6 KB (769 words) - 08:12, 3 August 2022
- NAIH (Hungary) - NAIH-1091-10/2022 (NAIH-6936/2021) (category Article 5(2) GDPR)(2) point b) of the GDPR, because violated: - Article 6 (1) of the GDPR, 16 - Article 5 (2) of the GDPR, - Article 7 (1) of the GDPR, - Paragraphs (1) –69 KB (11,255 words) - 10:08, 17 November 2023
- APD/GBA (Belgium) - 24/2021 (category Article 6 GDPR)Article 6.1 GDPR, read in conjunction with Articles 5.2 GDPR and 24.1 GDPR; 5) the performance of a data protection impact assessment (Article 35 GDPR) the framework110 KB (18,238 words) - 16:56, 12 December 2023
- DSB (Austria) - 2020-0.349.984 (category Article 4(2) GDPR)(Art. 6 Para. 1 lit. f GDPR). In this context, Art. 6 Para. 1 lit. c GDPR in conjunction with the PMG and Art. 6 Para. 1 lit. f GDPR relevant: The Respondent28 KB (4,228 words) - 14:00, 12 May 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision, the276 KB (38,206 words) - 09:46, 20 January 2023
- AKI (Estonia) - 2.1.-1/19/126 (category Article 12(1) GDPR)access request, provided an incomplete dataset in English. Could Article 15 GDPR be exercised although the personal are expected to be already possessed by3 KB (195 words) - 10:30, 13 December 2023
- HDPA (Greece) - 35/2022 (category Article 5(1)(a) GDPR)and transparency (Article 5(1)(a), 6 and 9 GDPR) as well as its obligations under Article 12, 14, 15 and 27 GDPR. The DPA fined the controller €20,000,0008 KB (1,122 words) - 12:31, 20 July 2022
- IP - 7121-1/2020/369 (category Article 6 GDPR)period. The IP clarified that under the GDPR consent does not have to be handwritten. According to Article 4(11) GDPR, "consent of the data subject means any10 KB (1,406 words) - 15:25, 17 March 2022
- AEPD (Spain) - PS/00192/2022 (category Article 4(1) GDPR)5(1)(c) GDPR, the DPA fined the controller €50,000. In its assessment of the fine, the DPA noted three aggravating factors per Article 83(2) GDPR: (1) the15 KB (2,257 words) - 13:02, 13 December 2023
- DPC (Ireland) - IN-21-3-1 (category Article 4 GDPR)(the controller); an access request under Article 15 GDPR and an erasure request under Article 17 GDPR. Regarding the erasure request specifically, when the20 KB (3,069 words) - 18:48, 24 January 2023
- LAG Baden-Württemberg - 17 Sa 37/20 (category Article 6(1)(f) GDPR)suffice to claim damages under Article 82 GDPR? The court held that neither §26(1) BDSG nor Article 6(1)f GDPR legitimize the processing of employee data4 KB (398 words) - 14:25, 17 September 2021
- Tietosuojavaltuutetun toimisto (Finland) - 137/161/20 (category Article 5(1)(a) GDPR)contrary to Article 9(1) GDPR. The DPA’s decision focused more on the national privacy law within the employment context rather than GDPR. Share blogs or news3 KB (249 words) - 13:04, 3 March 2024
- AEPD (Spain) - PS/00273/2019 (category Article 5(1)(c) GDPR)capture images of common areas of the neighborhood violates Article 5 of the GDPR (data minimization). A neighbor had placed cameras in his door directed to16 KB (2,359 words) - 14:24, 13 December 2023
- ANSPDCP (Romania) - ING Bank N.V. Amsterdam – Bucharest Branch (category Article 5(1)(a) GDPR)system error fails to register the account closing, lead to a violation of the GDPR? The ANSPDCP found that the controller sent, to the e-mail address of a natural5 KB (653 words) - 15:18, 13 December 2023
- ANSPDCP (Romania) - Actamedica SRL (category Article 12(3) GDPR)processing. This lead to a security incident, in breach of Article 28(1) and 32 GDPR, for which the controller was fined RON 9,836.6 (approximately €2,000). Additionally7 KB (900 words) - 15:23, 13 December 2023
- AKI (Estonia) - 2.1.-1/22/1396 (category Article 5 GDPR)principles in Article 5 GDPR. This includes notifying the data subjects about processing in accordance with Articles 12 and 13 GDPR. The DPA held that the34 KB (5,305 words) - 08:40, 29 June 2023
- AP (The Netherlands) - 09.04.2021 (category Article 12(1) GDPR)12(1) GDPR. The AP outlined that, in the event of an infringement of Article 12(1) of the GDPR, pursuant to Article 58(2)(i) and Article 83(5) GDPR, read12 KB (1,616 words) - 17:08, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9446730 (category Article 5(1)(e) GDPR)to the GDPR, imposed a fine in the amount of € 10.000 and ordered Cavauto srl. to communicate the proposed changes in view of compliance with GDPR. The Italian34 KB (5,420 words) - 15:51, 6 December 2023
- AZOP (Croatia) - Decision 18-05-2023 (category Article 6(1) GDPR)violating Articles 6(1), 13(1) and (2), and 25(1) and (2) and 32(1)(a) and (d) GDPR. A sports betting agency, acting as the controller, offered players (the9 KB (1,276 words) - 15:25, 30 October 2023
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg56 KB (8,326 words) - 16:57, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.009.232 (category Article 12(3) GDPR)breaching Article 12(3) GDPR, since it failed to notify the data subject that her erasure request was satisfied, as well as Article 24(1) GDPR, given that the17 KB (2,515 words) - 11:17, 6 February 2024
- HDPA (Greece) - 22/2023 (category Article 12(2) GDPR)the electricity supplier has committed three violations of Article 12(3) GDPR , because the company delayed to satisfy the complainants' right to access5 KB (616 words) - 09:37, 24 October 2023
- ANSPDCP (Romania) - Fine to Dante Internațional SA (category Article 6 GDPR)although the individual had objected to that according to Article 21(3) GDPR. The complainant received a commercial message from Dante Internațional SA4 KB (414 words) - 11:04, 6 February 2024
- VDAI (Lithuania) - VDAI vs UAB Prime Leasing (category Article 32(1)(a) GDPR)Article 32(1)(a), Article 32(1)(b), Article 32(1)(d) GDPR to be breached. Pursuant to Article 82(2) GDPR, the DPA took several aggravating factors into account37 KB (4,319 words) - 09:20, 17 November 2023
- AEPD (Spain) - PS/00438/2019 (category Article 6(1)(a) GDPR)personal data is consent (Article 6(1)(a) GDPR) given while registering to the newsletter. Article 8(1) GDPR establishes the age at which a minor can legally3 KB (335 words) - 14:40, 13 December 2023
- APD/GBA (Belgium) - 51/2023 (category Article 5(1)(b) GDPR)under Article 37(7) GDPR. The DPA ordered the controller to comply with his obligations under Article 13(1)(b) GDPR and Article 37(7) GDPR and to publish the18 KB (2,611 words) - 12:45, 16 June 2023
- APD/GBA (Belgium) - 36/2021 (category Article 5(1) GDPR)Article 83.7 GDPR, but it is in any case established that in its interpretation the context of Article 83.7 GDPR and the purpose of the GDPR. 26. The Belgian62 KB (9,417 words) - 16:57, 12 December 2023
- DSB (Austria) - 2020-0.816.655 (category Article 3 GDPR)the time of the first communication (Art. 14(3)(a) and (b) GDPR). However, Art. 14(1) to (4) GDPR shall not apply if and to the extent that the data subject28 KB (4,230 words) - 13:53, 12 May 2023
- APD/GBA (Belgium) - 135/2022 (category Article 4(23) GDPR)in both Belgium and the UK, violated Article 15(1) GDPR, Article 15(3) GDPR and Article 12(3) GDPR GDPR for deleting data instead of providing access to39 KB (5,674 words) - 08:57, 29 June 2023
- Commissioner (Cyprus) - 11.17.001.008.222 (category Article 12(3) GDPR)trained in GDPR matters. With GDPR in force for over a year, the controller should have had at least measures in place concerning the Articles 15-22 GDPR and16 KB (2,438 words) - 09:07, 9 June 2023
- Commissioner (Cyprus) - 11.17.001.007.219 (category Article 4(1) GDPR)system of an individual shall be handled as subject to Article 4(1) of the GDPR Regulation. The meaning of that conclusion is that the Data Controller is4 KB (392 words) - 16:52, 6 December 2023
- Commissioner (Cyprus) - 11.17.001.008.042 (category Article 4(11) GDPR)employer should explore the specific exceptions in Article 9(2)(b) GDPR to Article 9(2)(j) GDPR to lawfully process health-related data of employees. An employee4 KB (472 words) - 16:52, 6 December 2023