Search results
From GDPRhub
- access to personal data transmitted, stored or otherwise processed. Recital 83 GDPR also suggests that not all of these are actually relevant. Indeed, the41 KB (5,197 words) - 12:17, 17 April 2024
- HmbBfDI (Hamburg) - Vermerk: Abdingbarkeit von TOMs (category Article 6(1)(a) GDPR)as the type, scope, circumstances and the purpose of the processing. Recital 83 GDPR shows the standards according to which this balancing is to be carried30 KB (4,562 words) - 15:27, 6 December 2023
- APD/GBA (Belgium) - 07/2021 (category Article 5(1) GDPR)explains that Article 33 GDPR relates to violations regarding the security of personal data as described in Article 32 GDPR. Recital 83 GDPR 12 determines that72 KB (11,208 words) - 16:51, 12 December 2023
- Article 83 GDPR (category GDPR Articles) (section (6) Non-compliance with orders pursuant to Article 58(2) GDPR)Category:Article 83 GDPR The wording “infringements of this Regulation” in Article 83(1) GDPR is slightly imprecise. In fact, Article 83(5)(d) GDPR also provides55 KB (7,622 words) - 14:04, 7 November 2023
- GDPR. Recital 71 sentence 1 GDPR. Recital 71 sentence 1 GDPR. Recital 28 sentence 1 GDPR, such as Hansen, in Simitis, Hornung, Spieker, Datenschutzrecht125 KB (16,328 words) - 16:01, 8 March 2024
- Article 83(4) GDPR. Example: A controller is processing the pictures of data subjects. The controller complies with all requirements under the GDPR, but did51 KB (6,355 words) - 08:25, 18 April 2024
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)(Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data portability46 KB (5,825 words) - 11:12, 7 November 2023
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)Article 25 GDPR or Article 32 GDPR. This provision assigns a proactive role to the controller who has to ensure compliance with the GDPR at all stages30 KB (3,458 words) - 10:31, 25 April 2024
- Regulation (GDPR), Article 7 GDPR, p. 350 (Oxford University Press 2020). Heckmann, Paschke, in Ehmann, Selmayr, Datenschutz-Grundverordnung, Article 7 GDPR, margin31 KB (3,489 words) - 16:00, 8 March 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)BDSG, Article 6 GDPR, margin number 20 (C.H. Beck 2020). Recital 32 sentence 1 GDPR. Recital 32 sentence 2 GDPR. Recital 32 sentence 3 GDPR. CJEU, C‑673/17108 KB (17,005 words) - 15:39, 18 March 2024
- natural persons”. The GDPR does not define what constitutes a “risk to the rights and freedoms of natural persons”. Recital 75 GDPR only outlines potential54 KB (6,536 words) - 08:22, 16 June 2023
- catalogue of penalties in Article 83 GDPR. National legislators may add provisions to fill these gaps. Under Recital 152 GDPR, these provisions may either be19 KB (1,477 words) - 14:12, 7 November 2023
- of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific legal44 KB (5,905 words) - 14:00, 24 October 2023
- (Article 12(1) GDPR), facilitate the data subject (Article 12(2) GDPR), respond and communicate the measures taken (Article 12(3) and (4) GDPR), the principle61 KB (8,488 words) - 15:47, 18 March 2024
- Article 31 GDPR gains an independent significance as it is included the Regulation’s sanctions framework through Article 83(4) GDPR. Article 83(4) GDPR provides22 KB (2,042 words) - 14:29, 20 November 2023
- dealt with in Article 12(6) GDPR. It is unclear why Article 12(2) GDPR refers to Articles 15 to 22 GDPR, while Article 11(2) GDPR only refers to Articles Articles76 KB (11,304 words) - 08:37, 4 March 2024
- Article 82 GDPR – like almost all provisions of the GDPR – is directly applicable in all Member States without any act of implementation. Article 82 GDPR leaves33 KB (4,215 words) - 09:57, 19 March 2024
- 88(1) GDPR) and a conditional function (Article 88(2) GDPR). While Article 88(2) GDPR determines the scope of the opening clause, Article 88(1) GDPR establishes32 KB (3,228 words) - 13:32, 30 November 2023
- in other parts of the GDPR. To begin with, Recital 141 GDPR clarifies that an SA must “act on a complaint”. Article 57(1)(f) GDPR, in turns, establishes30 KB (3,874 words) - 10:46, 7 December 2023
- of Articles 13 or 14 GDPR and Article 15(1) GDPR often overlaps, the controller has a different obligation under Article 15 GDPR to include the ex-post73 KB (9,896 words) - 15:46, 18 March 2024
- processing of personal data of deceased persons. Article 2 GDPR sets out the material scope of the GDPR. Paragraph 1 clarifies that the Regulation applies to34 KB (4,652 words) - 12:07, 12 November 2023
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)Article 23(1)(e) GDPR, which sets out strict requirements for the Union or Member State's law restricting GDPR rights, Article 18(2) GDPR does not make any32 KB (3,730 words) - 08:43, 7 March 2024
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))(Article 12 GDPR), information (Articles 13 and 14 GDPR), access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction44 KB (4,896 words) - 06:25, 16 June 2023
- 14(2)(g) and 15(1)(h) GDPR. Recital 50 GDPR. Dix, in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 13 GDPR, margin number 20 (C.H71 KB (9,532 words) - 13:30, 6 March 2024
- the meaning Recital 86 GDPR). However, Article 34 GDPR does not provide a specific deadline of 72 hours as is the case in Article 33 GDPR. Instead, timelines37 KB (3,962 words) - 15:20, 16 June 2023
- of the most innovative elements in the GDPR related to the accountability principle (see Articles 5(2) and 24 GDPR). This provision regulates the cases in52 KB (7,297 words) - 08:05, 18 July 2023
- important to note that Article 13(1)(f) GDPR, Article 14(1)(f) GDPR, Article 15(1)(c) GDPR and Article 15(2) GDPR, make specific reference to transfers of personal21 KB (1,831 words) - 08:51, 27 March 2023
- exists only in cases of Article 64(2) GDPR but not the context of Article 70(2) GDPR. According to Article 70(3) GDPR, the EDPB is obligated to “forward its27 KB (3,038 words) - 12:19, 11 October 2023
- purposes outlined in Article 23(1)(a) to (j) GDPR (e.g. national and public security) as well as Recital 73 GDPR (e.g. protection of human life). In any case49 KB (5,993 words) - 06:22, 16 June 2023
- personal data as well (see Recital 163 GDPR). Tosoni in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 98 GDPR, p. 1315 (Oxford University15 KB (943 words) - 09:58, 8 November 2023
- 22(2)(c) GDPR. Finally, decisions based on explicit consent are also subjected to the safeguards laid down in Article 22(3) GDPR. Article 22(3) GDPR lays down31 KB (4,768 words) - 06:24, 16 June 2023
- compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor should72 KB (9,140 words) - 13:12, 2 June 2023
- since, under Article 28(1) GDPR, a controller shall only use processors providing the same standards under Article 25 GDPR. Manufacturers or producers43 KB (4,675 words) - 06:43, 16 June 2023
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA is also60 KB (7,796 words) - 20:12, 1 April 2024
- out data relating to deceased persons, this Recital confirms Recital 27 GDPR, according to which the GDPR “does not apply to the personal data of deceased29 KB (3,695 words) - 13:44, 21 March 2024
- Data Protection Regulation (GDPR): A Commentary, Article 55 GDPR, page 909 (Oxford University Press 2020). See Recital 20 GDPR and CJEU, in C-245/20 - Autoriteit35 KB (3,971 words) - 21:34, 1 April 2024
- Berlin. If their behaviour is monitored by an app, the GDPR applies. In light of Recital 14 GDPR and the EDPB guidelines, the targeting criterion covers37 KB (4,635 words) - 13:29, 24 October 2023
- Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR. While Article47 KB (5,644 words) - 17:49, 5 March 2024
- under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- consideration when the GDPR was drafted. There is consequently no need to 'balance' the GDPR against other rights for a second time, as the GDPR is already the28 KB (3,831 words) - 16:21, 14 March 2024
- Article 57 GDPR (tasks of SAs), Article 58 GDPR (powers of SAs), as well as Article 65 GDPR (dispute resolution by the board), Article 63 GDPR (consistency55 KB (7,446 words) - 22:28, 1 April 2024
- You can find all related decisions in Category:Article 36 GDPR Recital 89 GDPR. Article 36 GDPR must therefore be read as one element within a wider framework31 KB (3,646 words) - 08:51, 21 July 2023
- Article 79 GDPR (category GDPR Articles) (section Infringement of the plaintiff’s rights under the GDPR)Article 79 GDPR, margin number 14 (rdb.at 2018). Jahnel in Jahnel, DSGVO, Article 79 GDPR, margin number 29 (Jan Sramek 2021). See Recital 141 GDPR. Moos,31 KB (3,550 words) - 11:11, 29 November 2023
- situation, Article 95 GDPR will not be relevant, and the GDPR applies as normal. Notably, Recital 173 GDPR, which relates to Article 95 GDPR, omits reference20 KB (1,539 words) - 08:21, 19 October 2023
- (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), objection (Article 21 GDPR) and the34 KB (3,646 words) - 08:53, 27 March 2023
- Article 93 GDPR (category Article 93 GDPR) (section GDPR cases where the examination procedure is referred to)Article 45(5) GDPR (revocation, change of such determinations); Articles 46(2)(c) and (d) GDPR (standard protection clauses); Article 47(3) GDPR (formats and17 KB (1,096 words) - 08:19, 19 October 2023
- (Articles 55-59 GDPR). The GDPR provides for exceptions from provisions entailed in Chapter VI (independent supervisory authorities). Article 85(2) GDPR mandates27 KB (2,604 words) - 14:24, 16 January 2024
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)Protection Regulation (GDPR): A Commentary, Article 27 GDPR, pp. 595-596 (Oxford University Press 2020). Recital 80 sentence 5 GDPR. Ziebarth, in Sydow,25 KB (2,418 words) - 14:11, 24 May 2023
- resolution mechanism under Article 65 GDPR in connection with Article 63 GDPR is triggered (Article 60 (4) GDPR). Article 60(2) GDPR clarifies that also in cross-border35 KB (4,017 words) - 16:04, 18 March 2024
- interpreted Recital 144 GDPR to have limited the scope of Article 81 GDPR, as applying only to proceedings instigated under Article 78 GDPR. The first sentence27 KB (2,619 words) - 14:52, 16 November 2023
- Article 11 GDPR (category GDPR Articles) (section (1) If the data subject is not identified, the GDPR applies in part)Articles 13 or 14 GDPR. This can be drawn from the final sentence of Article 11(1) GDPR. It must be assessed with the utmost attention whether GDPR provisions20 KB (1,854 words) - 16:32, 8 March 2024
- published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures that the public is15 KB (1,196 words) - 08:15, 19 October 2023
- decision pursuant to Article 45 GDPR shall be used, when it exists; second, appropriate safeguards under Article 46 GDPR, such as binding corporate rules29 KB (3,500 words) - 08:54, 27 March 2023
- from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- Article 40 GDPR (category GDPR Articles) (section (3) Controllers and processors that are not subject to the GDPR)Although Article 40(5) GDPR mentions that the competent DPA will be determined through the application of Article 55 GDPR, the GDPR does not provide concrete44 KB (5,008 words) - 14:50, 28 July 2023
- Category:Article 86 GDPR At para. 120 Kranenborg, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 86 GDPR, p. 1216 (Oxford University22 KB (2,177 words) - 10:01, 19 March 2024
- the scope of the LED from the scope of the GDPR. Article 10 GDPR is intended to extend the protection of the GDPR to the processing of certain criminal data17 KB (1,768 words) - 15:41, 18 March 2024
- subject to the GDPR or, in cases where they are not established in the EU, act within the material and territorial scope of the GDPR. Article 48 GDPR refers to14 KB (716 words) - 15:19, 28 April 2022
- Article 72 GDPR regulates the Board's voting procedure. Generally, the GDPR grants the EDPB a high degree of autonomy. In particular, Article 72(2) GDPR entitles22 KB (2,266 words) - 08:26, 17 October 2023
- provisions of the GDPR. This decision refers to the Administrative cooperation between SAs (covering cooperation under Articles 56, 60, 61 and 62 GDPR) and the15 KB (810 words) - 16:13, 2 November 2023
- Article 46(2)(d) GDPR, contractual clauses referred to in Article 46(3)(a) GDPR, or binding corporate rules within the meaning of Article 47 GDPR. In these cases15 KB (851 words) - 06:55, 29 April 2022
- directly to children. As such, Article 8 GDPR stipulates additional requirements for consent by children. Article 8 GDPR applies only if the processing of data19 KB (1,335 words) - 13:56, 24 October 2023
- Article 91 GDPR (category Article 91 GDPR) (section Rules that are comprehensive and in line with the GDPR)true also under Article 91 GDPR”. See, Tosoni, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 91 GDPR, p. 1263 (Oxford University25 KB (2,482 words) - 10:04, 19 March 2024
- authority. Article 61(1) GDPR regulates how independent authorities are to cooperate to enable the uniform application of the GDPR. Supervisory authorities24 KB (2,181 words) - 11:46, 15 January 2024
- of knowledge between them. This way, Article 50 GDPR expands the exhortation under Article 57(1)(g) GDPR that calls for cooperation between EU DPAs, across17 KB (1,142 words) - 15:41, 28 April 2022
- large-scale, or involve processing of data under Article 9 GDPR or Article 10 GDPR. Recital 97 GDPR clarifies that the core activities of a controller are43 KB (4,904 words) - 12:59, 21 July 2023
- application of Article 65(1)(a) GDPR, (13 April 2021), margin number 57 (available here). See also Recital 143 GDPR. See Article 78(2) GDPR. Hijmans, in Kuner et33 KB (4,185 words) - 16:09, 2 November 2023
- provisions of the GDPR require the controller to keep track of individual recipients. For example, Article 15(1)(c) GDPR and Article 19 GDPR require the disclosure31 KB (3,327 words) - 15:31, 5 June 2023
- provisions under Article 75(3) GDPR. The employees of the Board's secretariat only report to the Chair (Recital 140 GDPR). In this respect, they are therefore20 KB (1,347 words) - 14:21, 17 October 2023
- proposed amendments to the GDPR (pursuant to Article 70(1)(b) GDPR). Although not explicitly mentioned in Article 69(2) GDPR, the requirement that the Board18 KB (1,327 words) - 12:36, 14 December 2023
- sors_en Recital 121 GDPR. Hijmans, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 53 GDPR, p. 88829 KB (2,894 words) - 23:06, 1 April 2024
- 5(1)(d) GDPR gives the controller some leeway to continue processing inaccurate data - see more details under Article 5(1)(d) GDPR. Article 16 GDPR, titled23 KB (2,489 words) - 23:24, 6 March 2024
- 60, 63, 64 and 65 GDPR) immediately adopt provisional measures intended to produce legal effects on its own territory. Article 66 GDPR creates strict conditions20 KB (1,590 words) - 16:11, 2 November 2023
- purpose (Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the Case of47 KB (5,594 words) - 22:45, 1 April 2024
- It shall apply from 25 May 2018. There is no relevant recital for Article 99 GDPR. Article 99 GDPR sets out the dates of the Regulation's entry into force12 KB (295 words) - 08:25, 19 October 2023
- exclusion of Article 82 GDPR is confirmed by the last sentence of Recital 142 GDPR. In addition, Article 80(2) GDPR does not permit Member States to allow NPOs26 KB (2,575 words) - 15:50, 9 November 2023
- differences between portability and access under Article 15(3) GDPR. According to Recital 68, the data should be available in an "interoperable format"40 KB (5,349 words) - 07:05, 1 June 2023
- decisions pursuant to Article 65 GDPR (Article 70(1)(t) GDPR). Article 68 GDPR is the first of nine Articles (Articles 68-76 GDPR) governing the EDPB set forth20 KB (1,632 words) - 10:01, 11 October 2023
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)prevention (Article 23(1)(a-j) GDPR) allow for far fewer GDPR restrictions than those granted by freedom of expression. Article 85(2) GDPR poses one condition for33 KB (3,748 words) - 14:25, 7 November 2023
- Article 29 GDPR (category GDPR Articles) (section Commonalities and differences in relation to Article 28(3)(b) GDPR)relevance of Article 29 GDPR were rooted in the fact that Article 28(3)(b) GDPR already seems to cover much of the scope of Article 29 GDPR. More specifically13 KB (674 words) - 13:15, 2 June 2023
- with Article 58(1) GDPR. Article 90 GDPR was drafted with a view to regulate potential conflicts between the application of the GDPR on the one hand, and18 KB (1,599 words) - 12:26, 29 April 2022
- compliance with the GDPR under Article 58(2)(d) GDPR or even ban it under Article 58(2)(f) GDPR. Therefore, complaints under Article 77 GDPR should extend to33 KB (3,641 words) - 09:51, 19 March 2024
- Category:Article 45 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 45 GDPR, p. 774 (Oxford43 KB (5,641 words) - 14:58, 28 April 2022
- Article 96 GDPR if it is found to be incompatible with other GDPR provisions. → You can find all related decisions in Category:Article 96 GDPR It follows13 KB (450 words) - 08:22, 19 October 2023
- Article 62 GDPR, margin number 11 (Beck 2018, 2nd edition). Riccio, Scorza, Belisario, GDPR e normativa privacy – Commentario, Article 62 GDPR (Wolters Kluwer22 KB (1,915 words) - 13:46, 15 January 2024
- in Category:Article 74 GDPR For more on this point, see Article 72 GDPR. Dix in Kühling, Buchner, DS-GVO BDSG, Article 74 GDPR, margin number 7 (C.H. Beck15 KB (808 words) - 09:44, 17 October 2023
- 76 GDPR, margin number 1 (C.H. Beck 2020, 3rd edition). Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p15 KB (787 words) - 08:17, 19 October 2023
- Article 42 GDPR (category GDPR Articles) (section (7-8) What processing operations can be certified under the GDPR)between Article 42(1) GDPR and Article 42(2) GDPR is that in the former, the applicant for certification is subject to the GDPR, while in latter, the applicant27 KB (2,452 words) - 14:26, 28 July 2023
- outlined under other Articles of the GDPR, namely in Articles 51, 52 and 53 GDPR. The second objective, under Article 54(2) GDPR, seeks to regulate the confidentiality34 KB (3,649 words) - 13:19, 30 October 2023
- encompasses other obligations of controllers under the GDPR. EDPB: This extends to various obligations under the GDPR, including but not limited to the implementation37 KB (3,915 words) - 12:49, 24 May 2023
- Article 19 GDPR therefore requires controllers, subject to certain exceptions, to communicate their exercise to recipients under Article 4(9) GDPR. The first19 KB (1,436 words) - 12:35, 12 May 2023
- mentioned in Recital 167 GDPR and Article 291 TFEU, the aim of implementing acts is to “ensure uniform conditions for implementing” the GDPR. In its GDPR Certification22 KB (1,634 words) - 14:40, 28 July 2023
- majority principle under Article 72(1) GDPR would have applied regardless of Article 73(1) GDPR. In addition, the GDPR explicitly legislates for a simple majority19 KB (1,530 words) - 14:23, 12 October 2023
- Article 92 GDPR (category Article 92 GDPR) (section (2) Delegation of power under Article 12(8) and 43(8) GDPR)of the European Union ("TFEU"), within the scope of the GDPR. The function of Article 92 GDPR is to lay down conditions for the delegation of power as19 KB (1,525 words) - 08:18, 19 October 2023
- of the GDPR enforcement across the Member States. → You can find all related decisions in Category:Article 64 GDPR Caspar in Kühling, Buchner, GDPR Article23 KB (2,079 words) - 16:07, 2 November 2023
- Regulation (GDPR): A Commentary, Article 38 GDPR, p. 707 (Oxford University Press 2020). Bergt, in Kühling, Buchner, DS-GVO BDSG, Article 38 GDPR, margin number29 KB (2,951 words) - 14:19, 25 July 2023
- Category:Article 47 GDPR Kuner, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR) Update of Selected Articles, Article 68 GDPR, p. 194 (Oxford29 KB (2,823 words) - 15:15, 28 April 2022
- Recitals GDPR (section Recitals from the GDPR)progress. Fill in the name used for the recital if you use it so we can ensure a somewhat streamlined practice. Recital 1: The protection of natural persons182 KB (24,065 words) - 13:40, 9 July 2021
- when passing the GDPR. In fact, all but one EU Member State (who has sought higher protections) have voted in favor the GDPR. The GDPR is not just consisting48 KB (5,978 words) - 15:57, 1 February 2024
- per Article 45(3) GDPR, and subject to regular reporting, which Article 97(2) GDPR provides for. The third paragraph of Article 97 GDPR, obliges the Commission16 KB (778 words) - 08:24, 19 October 2023
- enforcement of the GDPR. → You can find all related decisions in Category:Article 59 GDPR Selmayr, in Ehmann, Selmayr, DS-GVO Kommentar, Article 59 GDPR, margin number15 KB (718 words) - 15:31, 19 October 2023
- undefined in the GDPR. “Expertise” is only referred to again under Article 41(2)(a) GDPR, although briefly. Additionally, Article 41(1) GDPR specifies that30 KB (2,720 words) - 14:02, 28 July 2023
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the113 KB (12,773 words) - 15:20, 6 December 2023
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)understood as made to the GDPR, in accordance with article 94 of the last. Likewise, it is apparent from recital 173 of the GDPR that this text explicitly93 KB (14,936 words) - 17:09, 6 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)Article 32 GDPR. Retaining personal data of an applicant for a lease after another applicant has been selected also violates Article 5(1)(e) GDPR. The customer41 KB (6,558 words) - 17:09, 6 December 2023
- CNIL (France) - SAN-2022-019 (category Article 3(2) GDPR)did not react either. GDPR applicable? (Article 3(2) GDPR) The DPA held that the GDPR was applicable pursuant of Article 3(2) GDPR. Because the controller11 KB (1,452 words) - 17:03, 6 December 2023
- LG Berlin - (526 OWi LG) 212 Js-OWi 1/20 (1/20), 526 OWiG LG 1/20 (category Article 83(4) GDPR)Pursuant to Article 83 GDPR in conjunction with Article 4 No. 7 and 8 GDPR, fines for violations of the GDPR pursuant to Article 83(4) to (6) GDPR are not only36 KB (5,810 words) - 13:09, 21 January 2022
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)Article 46 GDPR. In 2020, noyb lodged a complaint with the Austrian DPA alleging that the controller breached the provisions of Chapter V GDPR. The complaint121 KB (13,722 words) - 15:16, 5 July 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the131 KB (14,752 words) - 08:36, 5 July 2023
- AEPD (Spain) - EXP202105680 (category Article 83(5)(a) GDPR)justification or basis for the processing, violating Article 9 GDPR. AEPD highlighted that Recital 46 GDPR already recognizes that, in exceptional situations, such66 KB (10,558 words) - 13:14, 13 December 2023
- CJEU - C‑340/21 - Natsionalna agentsia za prihodite (category Article 5 GDPR)Article 32 GDPR? 4) Does Article 82(3) GDPR allow the controller to be exempt from liability for damages if the data breach as defined by 4(12) GDPR was caused13 KB (1,963 words) - 11:04, 5 January 2024
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)of Chapter V GDPR. The complaint was transferred to the Swedish DPA in its quality of lead supervisory authority pursuant to Article 56 GDPR. Following the115 KB (12,842 words) - 08:38, 5 July 2023
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)e) of the GDPR). 8.1.4. As for breaches of Articles 5.2. and 24 of the GDPR 88. Article 24.1 of the GDPR which covers Chapter IV of the GDPR devoted to127 KB (21,484 words) - 17:01, 12 December 2023
- HDPA (Greece) - 6/2020 (category Article 5 GDPR)subject pursuant to Article 9 (2) (a) of the GDPR ΕΙΣ/7564/05.11.2019 and the invocation of recital 47 of the GDPR 2016/679, inter alia, informed the Authority29 KB (4,557 words) - 15:33, 6 December 2023
- CJEU - C-667/21 - Krankenversicherung Nordrhein (category Article 5(1)(f) GDPR)damage which arose as the consequence of an infringement of the GDPR. Recitals 4 to 8 GDPR indicate that the aim of the Regulation is to establish a balance14 KB (1,916 words) - 16:03, 2 February 2024
- UODO (Poland) - ZSPR.421.2.2019 (category Article 83(3) GDPR)32(1)(b), Article 32(1)(c) and Article 32(1)(d). d, 32(2), 58(2)(i) and 83(3), 83(4)(a), 83(5)(a) of Regulation 2016/679 of the European Parliament and of the71 KB (11,304 words) - 10:01, 17 November 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)5(1)(a) GDPR? Is the information relating to personal data processing operations easily accessible within the meaning of Articles 12 and 13 GDPR? Is the48 KB (7,404 words) - 17:09, 6 December 2023
- OGH - 6Ob35/21x (category Article 4(1) GDPR)laid down in the GDPR, so that the general conditions for claims were decisive, unless the GDPR contained special rules; even under the GDPR, only non-material27 KB (4,090 words) - 09:54, 10 September 2021
- AEPD (Spain) - EXP202201721 (category Article 83(4)(a) GDPR)losses physical, material or immaterial. In this same sense, recital 83 of the GDPR states that: “(83) In order to maintain security and prevent the treatment79 KB (12,408 words) - 13:24, 13 December 2023
- AEPD (Spain) - EXP202203969 (category Article 83(5)(a) GDPR)LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SEVENTH: Notification of the aforementioned initiation45 KB (7,135 words) - 13:08, 13 December 2023
- UODO (Poland) - DKN.5131.6.2020 (category Article 33(1) GDPR)well as Article 57 (1) (a), Article 58 (2) (e) and (i), Article 83 (1) - (3) and Article 83 (4) (a) in connection with Article 33 (1) and Article 34 (1),66 KB (10,785 words) - 10:00, 17 November 2023
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)gas distribution company €12,000 for a violation of Article 5(1)(f) of the GDPR. A customer of a gas distribution company (Madrileña Red De Gas, S.A.U) complained39 KB (6,623 words) - 14:08, 13 December 2023
- LG Bonn - 29 OWi 1/20 (category Article 83(1) GDPR)Article 83(4) to (6) of the GDPR. This view, in the Court's opinion, is correct. The Court stressed that when creating Article 83 (4) to (6) GDPR, the European58 KB (9,577 words) - 08:06, 16 September 2021
- HDPA (Greece) - 33/2020 (category Article 83 GDPR)fulfilment provided by Article 12(3) & (4) GDPR. For this reason, an administrative fine of 1000 EUR was imposed (83(5)b GDPR). Lastly, the HDPA held that the College20 KB (2,270 words) - 15:37, 6 December 2023
- NAIH (Hungary) - NAIH/2020/34/3 (category Article 83(2)(a) GDPR)of access under Article 15 GDPR? By denying the complainant access, did the respondent infringe Articles 12(1) or 12(2) GDPR? The NAIH that the complainant's48 KB (7,727 words) - 10:11, 17 November 2023
- AEPD (Spain) - EXP202201746 (category Article 83(4) GDPR)infringement of Article 32 GDPR. Therefore, the Spanish DPA issued a warning sanction for each violation of Article 5(1)(f) and Article 32 GDPR. AEPD highlighted62 KB (9,703 words) - 13:05, 13 December 2023
- AEPD (Spain) - PS/00070/2019 (category Article 4(11) GDPR)transparency), Article 12(1), Article 7, Article 13 and Article 14 GDPR, the corresponding GDPR recitals (32, 39, 42, 47, 58, 60, 61, and 72), as well are Articles422 KB (70,184 words) - 13:56, 13 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)serious breach of the GDPR. The violation of Article 17, 1., a) constitutes also a violation of an essential principle of the GDPR and constitutes at least131 KB (22,429 words) - 16:57, 12 December 2023
- AEPD (Spain) - EXP202105344 (category Article 6(1) GDPR)alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: Notification of the aforementioned start-up agreement in accordance22 KB (3,319 words) - 13:00, 13 December 2023
- AEPD (Spain) - EXP202202164 (category Article 83(5) GDPR)information.” Recitals 39 and 60 of the GDPR help clarify the scope of the right of information provided to interested parties. Recital 39 establishes:29 KB (4,482 words) - 14:06, 5 March 2024
- UODO (Poland) - ZSZZS.440.768.2018 (category Article 83(2) GDPR)point f, point g and point i and with Article 83 paragraph 2 and 3, Article 83 paragraph 5 point a, Article 83 paragraph 7 of the Regulation of the European32 KB (5,139 words) - 10:02, 17 November 2023
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)principle enclosed in Article 5(1)(b) GDPR. On this matter, the AEPD argued that, according to Article 5(1)(a) GDPR, Recital 39 and Article 6(1)(f), an interest602 KB (102,229 words) - 14:21, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches66 KB (9,458 words) - 19:42, 4 September 2021
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)amount of the fine, the criteria specified in the same article 83. 40. Article 83 of the GDPR provides: 1. Each supervisory authority shall ensure that administrative26 KB (4,050 words) - 17:10, 6 December 2023
- AEPD (Spain) - EXP202205104 (category Article 6(1) GDPR)party, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notification of the Commencement Agreement, through26 KB (4,147 words) - 13:27, 13 December 2023
- AEPD (Spain) - EXP202205932 (category Article 83(5) GDPR)under Article 6(1) GDPR. In light of this, the DPA issued a fine of €70,000 to másLUZ Energía (SIE) by virtue of Article 83(5) GDPR for unlawful processing32 KB (4,952 words) - 13:11, 13 December 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 83(3) GDPR)a) of paragraph 5 of article 83 both GDPR; ii. The combined provisions of Articles 12 and 13 and Article 83(5)(b) both GDPR; iii. The combined provisions163 KB (27,222 words) - 16:54, 6 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))kind of complementary measure). The criminal provisions of Sections 83.4 to 83.6 GDPR allow the imposition of an administrative fine for most infringements429 KB (58,279 words) - 09:12, 2 November 2022
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)administrative fines set out in Article 83.5 of the AVG. 51. Taking into account the criteria contained in article 83.2 of the AVG as well as the case law27 KB (4,363 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not demand270 KB (43,335 words) - 12:39, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.010.007 (category Article 5(1)(c) GDPR)Article 34(1) GDPR as it failed to communicate the data breach to its users in an appropriate way. In this, the DPC also referred to Recital 86 GDPR which foresees20 KB (3,082 words) - 13:42, 31 January 2024
- CNIL (France) - SAN-2019-001 (category Article 4(11) GDPR)no consent in the event of silence, default boxes or inactivity. Recital 43 of the GDPR states that: Consent is presumed not to have been freely given if90 KB (14,556 words) - 17:08, 6 December 2023
- APD/GBA (Belgium) - 36/2021 (category Article 83(7) GDPR)in Article 83.7 GDPR, but it is in any case established that in its interpretation the context of Article 83.7 GDPR and the purpose of the GDPR. 26. The62 KB (9,417 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00043/2020 (category Article 83(5) GDPR)of article 83, the aforementioned RGPD provides the possibility of sanctioning with warning, in relation to what is indicated in the Recital 148: "In the24 KB (3,838 words) - 13:51, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.008.001 (category Article 5(1)(f) GDPR)individuals. " . 2.5.5. With regard to Rule 32 of the Rules of Procedure, recital 83 of the Rules of Procedureadds that:"To maintain security and avoid processing61 KB (9,412 words) - 16:52, 6 December 2023
- AEPD (Spain) - PS/00332/2019 (category Article 83 GDPR)to 2019 that it was operating. Following Article 83(5)(a)GDPR, read in the lights of Recital (148) GDPR, the AEPD issued a reprimand to the owner of the15 KB (2,275 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00367/2019 (category Article 83(5)(a) GDPR)infringement at stake is subject to a fine according to Article 83.5 GDPR, in the lights of Recital (148) GDPR. Share your comments here! Share blogs or news articles3 KB (210 words) - 14:32, 13 December 2023
- HDPA (Greece) - 44/2019 (category Article 83(5)(a) GDPR)compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its compliance127 KB (21,184 words) - 15:39, 6 December 2023
- NAIH (Hungary) - NAIH/2020/974/4 (category Article 5(1)(a) GDPR)prohibition of processing sensitive data under Article 9(2)? Were there any other GDPR violations incurred by the processing? The DPA held that there was no lawful67 KB (10,815 words) - 10:11, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9856694 (category Article 5(1)(a) GDPR)of Articles 5(1)(a), 6 and 28(3) GDPR and adopted an administrative fine on the basis of Articles 58(2)(i) and 83 GDPR. The total amount of the fine took49 KB (7,758 words) - 15:44, 6 December 2023
- IMY (Sweden) - DI-2019-9457 (category Article 32(1) GDPR)the processing operations were halted). The IMY took into account Recital 75 and 76 GDPR in order to carry out an assessment of the responsibilities of the43 KB (4,600 words) - 17:08, 23 March 2022
- AEPD (Spain) - PS/00023/2020 (category Article 83(5) GDPR)alleged violation of Article 5.1.c) of the RGPD, as defined in Article 83.5 of the GDPR. SIXTH: Formal notification of the agreement to initiate the proceedings21 KB (3,298 words) - 13:46, 13 December 2023
- AEPD (Spain) - PS/00128/2020 (category Article 83(5)(b) GDPR)hours of employees without having informed them in accordance with Article 13 GDPR. The AEPD received a letter filed by the interested party against the respondent39 KB (5,912 words) - 14:02, 13 December 2023
- CNIL (France) - SAN-2020-008 (category Article 83 GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading the104 KB (16,646 words) - 17:09, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9524194 (category Article 58(2)(f) GDPR)institutions, the child's best interests must be a primary consideration'; - recital 38 of the Regulation, according to which children deserve specific protection9 KB (1,280 words) - 15:53, 6 December 2023
- Datatilsynet (Denmark) - 2022-63-0003 (category Article 83(2) GDPR)The DPA assessed the appropriate sanctions in accordance with Article 83(2) GDPR and suggested a fine of approximately €67,000 (DKK 500,000). The DPA in6 KB (769 words) - 08:12, 3 August 2022
- AEPD (Spain) - PS/00341/2019 (category Article 21 GDPR)administrative sanction to be imposed, we should read certain recitals of the RGPD, among others, recital 148, which indicates the following: 'In order to strengthen26 KB (4,032 words) - 14:31, 13 December 2023
- AEPD (Spain) - EXP202206542 (category Article 5(1) GDPR)was in violation of Article 13 GDPR. For this violation, the DPA fined the controller €2,000 pursuant of Article 83(5) GDPR. The DPA also ordered the controller24 KB (3,749 words) - 13:19, 13 December 2023
- IMY (Sweden) - DI-2021-5595 (category Article 5(1)(f) GDPR)other GDPR provisions, such as those related to the transfer of personal data to third countries. The IMY took into account Recital 75 and 76 GDPR in order47 KB (5,207 words) - 18:51, 21 March 2022
- AEPD (Spain) - PS/00172/2020 (category Article 6(1) GDPR)(Regulation General Data Protection, hereinafter RGPD) typified in article 83.5 of the aforementioned rule, granting a period of ten days to present allegations38 KB (6,160 words) - 14:06, 13 December 2023
- DSB (Austria) - 2020-0.550.322 (category Article 83(5)(a) GDPR)provisions of the GDPR that are directly applicable do not supersede the provisions of the VStG and to the extent that Art. 83 (8) GDPR and recital 148 are ordered26 KB (4,098 words) - 13:51, 12 May 2023
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)described in the conclusion (Article 83.2, c) AVG 83.2 (c) AVG); the absence of previous relevant infringements (Section 83.2 (e) AVG), as well as the cooperation90 KB (14,937 words) - 12:35, 3 August 2022
- AEPD (Spain) - PS/00065/2020 (category Article 13 GDPR)Article 13 of the GDPR GDPR. The form used violated Article 13 of the GDPR conduct that is subsumi- ble under Article 83(5) of the GDPR, which provides:61 KB (9,973 words) - 13:55, 13 December 2023
- AEPD (Spain) - EXP202104875 (category Article 5(1)(f) GDPR)damages physical, material or immaterial. In this sense, recital 83 of the GDPR states that: "(83) In order to maintain security and prevent processing from54 KB (8,451 words) - 13:35, 13 December 2023
- AEPD (Spain) - EXP202105669 (category Article 5(1)(f) GDPR)f) of the GDPR, typified in article 83.5 of the GDPR, a warning sanction and for a violation of article 32 of the GDPR, typified in article 83.4 of the45 KB (6,998 words) - 12:58, 13 December 2023
- IMY (Sweden) - DI-2020-10561 (category Article 12(3) GDPR)AB for violating Article 17 GDPR by not deleting personal data of the complainant without undue delay and Article 23 GDPR by providing incorrect information17 KB (1,940 words) - 15:23, 6 December 2023
- AEPD (Spain) - PS/00127/2020 (category Article 13 GDPR)of the general information duty included in Article 13 GDPR. Is this a violation of Article 13 GDPR? The AEPD held that there had been a violation of Article35 KB (5,363 words) - 14:02, 13 December 2023
- UODO (Poland) - DKN.5131.7.2020 (category Article 33(1) GDPR)as well as Art. 57 sec. 1 lit. a), art. 58 sec. 2 lit. i), art. 83 sec. 1 - 3 and art. 83 sec. 4 lit. a) in connection with Art. 33 sec. 1 of the Regulation50 KB (8,066 words) - 10:00, 17 November 2023
- DPA should have paid more attention to the following factors: (Article 83 GDPR) The Airport had fully cooperated with the DPAs during the procedure The206 KB (30,485 words) - 09:54, 14 December 2023
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)(Articles 83(4) and (5) GDPR) 7.36 The infringement of Article 5(1)(f) GDPR falls within Article 83(5)(a) GDPR, whereas Article 32 falls within Article 83(4)(a)130 KB (21,195 words) - 13:52, 25 April 2021
- AEPD (Spain) - EXP202104917 (category Article 4(11) GDPR)consent under Article 4(11) GDPR and Article 6(1) LOPDGDD (National data protection law aimed at the implementation of the GDPR). In both articles, consent27 KB (4,356 words) - 12:41, 13 December 2023
- IMY (Sweden) - DI-2020-10518 (category Article 12(3) GDPR)58 (2) (i) and Article 83 (2) state that the IMY has the power to impose administrative penalty fees in accordance with Article 83. the circumstances of18 KB (2,003 words) - 15:22, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 5(1) GDPR)the administrative sanctions referred to in art. 83, para. 4 and 5, of the GDPR. In this regard, art. 83, par. 3, of the RGPD, provides that «If, in relation57 KB (9,144 words) - 15:55, 6 December 2023
- CNIL (France) - SAN-2021-023 (category Article 56 GDPR) (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)understood as made to the GDPR , in accordance with Article 94 of the latter. Similarly, it appears from recital 173 of the GDPR that this text explicitly120 KB (19,650 words) - 09:00, 6 April 2022
- AEPD (Spain) - PS/00341/2020 (category Article 5 GDPR)under Article 5(1)(a) and Article 5(2) GDPR respectively]. The Spanish DPA even made reference to Recital 40 GDPR on the legality of processing. The Spanish32 KB (4,831 words) - 14:31, 13 December 2023
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)article 12, second paragraph, of the GDPR. 78. Recital 59 of the GDPR further clarifies the standard in Article 12 of the GDPR: “There should be arrangements77 KB (11,604 words) - 08:55, 29 June 2023
- AEPD (Spain) - EXP202204631 (category Article 5(1)(f) GDPR)violation of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in articles 83.5 and 83.4 of the GDPR, respectively The initiation agreement36 KB (5,485 words) - 13:19, 13 December 2023
- AEPD (Spain) - EXP202200999 (category Article 6(1) GDPR)regarding the consent request and referred to Article 7 GDPR and Recital 32 GDPR. Specifically, the use of pre-ticked boxes rendered consent invalid, resulting51 KB (7,867 words) - 13:10, 13 December 2023
- HDPA (Greece) - 4/2022 (category Article 83 GDPR)35(7) GDPR, for not complying with the principle of transparency under Article 5(1) GDPR and for not anonymising the data under Article 25(1) GDPR, among11 KB (1,274 words) - 10:37, 23 February 2022
- in Article 83 of the GDPR. 92. 92. Firstly, the restricted formation emphasises that, in this case, the criterion provided for in Article 83(2)(a) of the73 KB (11,864 words) - 17:03, 6 December 2023
- AEPD (Spain) - PS/00408/2019 (category Article 58(2) GDPR)with NIF *** NIF.1 , for a violation of Article 58.1 of the GDPR,typified in Article 83.5 of the RGPD, with a warning sanction.Likewise, the procedure12 KB (1,812 words) - 14:35, 13 December 2023
- AEPD (Spain) - PS/00335/2020 (category Article 5(1)(f) GDPR)own security protocols. This therefore breached Article 5(1)(f) GDPR and Article 32 GDPR. The initial sanction for infringing Article 5(1)(f) was a fine34 KB (5,427 words) - 14:30, 13 December 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 83(2) GDPR)of the Debtor [Article 83 (2) (k) GDPR]; - the processing did not affect specific categories of personal data [Article 83 (2) GDPR paragraph (g)]; - the60 KB (9,820 words) - 10:08, 17 November 2023
- AEPD (Spain) - PS/00093/2019 (category Article 5(1)(f) GDPR)Vodaphone violated Article 5(1)(f) GDPR, as interpreted in the light of the last sentence of the recital 39 GDPR. Share your comments here! Share blogs37 KB (5,995 words) - 13:58, 13 December 2023
- BAC (Bulgaria) - 2606/2021 (category Article 83(2) GDPR)under Article 58(2)(d) supra Article 57(1)(a) and Article 83(2)(a), (c), (d), (f) and (g) of the GDPR for undertaking suitable technical and organizational13 KB (1,761 words) - 09:58, 14 December 2023
- Personvernnemnda (Norway) - PVN-2022-22 (category Article 83(2) GDPR)sensitive personal data under Article 9 GDPR and their lack of valid consent to do so under Article 6(1) GDPR. In 2020, the Norwegian Consumer Council91 KB (14,440 words) - 10:06, 17 November 2023
- UODO (Poland) - DKN.5130.1354.2020 (category Article 83(1) GDPR)and art. 57 sec. 1 lit. a, art. 58 sec. 2 lit. i, art. 83 sec. 1-3, art. 83 sec. 4 lit. a and art. 83 sec. 5 lit. and in connection with Art. 5 sec. 1 lit74 KB (11,513 words) - 09:58, 17 November 2023
- AEPD (Spain) - PS/00006/2019 (category Article 6(1)(a) GDPR)violated the GDPR. A citizen submitted a complaint before the AEPD stating that privacy policy of www.banderacatalana.cat did not comply with the GDPR. GRUP BC27 KB (4,517 words) - 13:44, 13 December 2023
- AEPD (Spain) - PS/00273/2019 (category Article 83(2) GDPR)Article 83 of the GPRS, the said Regulation Article 58(2)(b) provides for the possibility of a warning in relation to with what is stated in Recital 148:16 KB (2,359 words) - 14:24, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9446730 (category Article 83 GDPR)to the GDPR, imposed a fine in the amount of € 10.000 and ordered Cavauto srl. to communicate the proposed changes in view of compliance with GDPR. The Italian34 KB (5,420 words) - 15:51, 6 December 2023
- OGH - 6Ob35/21x (request for preliminary ruling under Article 267 TFEU) (category Article 82 GDPR)laid down in the GDPR, so that the general conditions for claims were decisive, unless the GDPR contained special rules; even under the GDPR, only non-material23 KB (3,551 words) - 09:54, 10 September 2021
- AEPD (Spain) - EXP202203914 (category Article 6(1) GDPR)of the GDPR and may be constituting the offense classified in article 83.5.a) of the aforementioned Regulation 2016/679. In this sense, Recital 40 of the37 KB (5,914 words) - 10:42, 13 December 2023
- HDPA (Greece) - 50/2022 (category Article 5(1)(b) GDPR)the GGC. 2(i) of the GDPR, the effective, proportionate and dissuasive administrative fine provided for in Article 83 of the GDPR, both to remedy compliance19 KB (2,790 words) - 15:32, 6 December 2023
- CNIL (France) - SAN-2020-018 (category Article 12 GDPR) (section Violations of the obligations to inform as prescribed by Article 12 and 13 GDPR:)amount of the fine, the criteria specified in the same article 83. Article 83 of the GDPR provides that Each supervisory authority shall ensure that the69 KB (11,007 words) - 17:10, 6 December 2023
- UODO (Poland) - DKN.5131.5.2020 (category Article 83(1) GDPR)subjects, according to Article 33(1) GDPR and Article 34(1) GDPR? The PUODO held that the insurance company infringed the GDPR provisions, failing to notify a47 KB (7,608 words) - 10:00, 17 November 2023
- AEPD (Spain) - PS/00070/2020 (category Article 5(1)(a) GDPR)the publication of the judgment breach the GDPR? The AEPD held that the respondent’s actions violated the GDPR Article 5(1)(a) requirement that processing43 KB (7,001 words) - 13:56, 13 December 2023
- NAIH (Hungary) - NAIH/2020/2555 (category Article 4(1) GDPR)However, the DPA concluded that the controller did not violate Article 15(2) GDPR by asking for more information to identify the data subject when the data33 KB (5,033 words) - 10:12, 17 November 2023
- Court of Appeal of Brussels - 2020/AR/813 (category Article 5(1)(c) GDPR)6.1.f) GDPR) and in this balancing the considerations of the GDPR related to Art. 6.1.f) GDPR eligible [...] be taken, in particular Recital 47. Thus85 KB (12,340 words) - 15:30, 19 August 2022
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 83(3) GDPR)with the power conferred by Article 58(2)(d) and (f) and Article 83(3) and (5) GDPR, imposed to Fastweb multiple corrective measures and a fine of € 4131 KB (21,014 words) - 15:55, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9547248 (category Article 17(1)(a) GDPR)meaning of Article 83 and recital 148 of the Regulation”. The Garante hence reprimanded Barclays pursuant to Article 58(2)(b) GDPR. Share your comments22 KB (3,235 words) - 15:55, 6 December 2023
- UODO (Poland) - DKN.5131.31.2021 (category Article 5(1)(a) GDPR)i), Art. 83 sec. 1-3, art. 83 sec. 4 lit. a) in connection with art. 28 sec. 1, 3 and 9, art. 33 sec. 1 and art. 34 sec. 1 and 2 and art. 83 sec. 5 lit105 KB (17,237 words) - 09:22, 10 May 2023
- AEPD (Spain) - EXP202203617 (category Article 5(1)(c) GDPR)provisions of article 83.1 of the GDPR. In order to determine the administrative fine to be imposed, the provisions of article 83.2 of the GDPR and article 7674 KB (11,726 words) - 13:02, 13 December 2023
- APD/GBA (Belgium) - 73/2020 (category Article 83(7) GDPR)processing of personal data is carried out in accordance with the GDPR. In doing so, the GDPR requires, among other things, that the nature and scope of the93 KB (14,040 words) - 17:00, 12 December 2023
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)understood as references to the GDPR, in accordance with Article 94 of the latter. 34. Similarly, it follows from recital 173 of the GDPR that this text explicitly82 KB (13,428 words) - 17:02, 6 December 2023
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)established in article 6 of the GDPR, for which they suppose the commission of an offense classified in article 83.5 of the GDPR, which gives rise to the application75 KB (12,421 words) - 13:23, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9542096 (category Article 83 GDPR)Article 12(3) in relation to Article 15 GDPR. The Garante hence applied an administrative fine as per Article 83(5) GDPR. The amount of such fine was set at21 KB (3,092 words) - 15:54, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 83 GDPR)the criteria set by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches56 KB (8,326 words) - 16:57, 6 December 2023
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)consent under Article 8 GDPR also apply? Did the defendant, as the controller, fail to adhere to the data transparency (Article 5(1)(a) GDPR) and the data minimisation48 KB (7,926 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00322/2020 (category Article 83(2)(b) GDPR)damages physical, material or immaterial. In this same sense, recital 83 of the RGPD states that: “(83) In order to maintain security and prevent the treatment26 KB (3,840 words) - 14:28, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445550 (category Article 83(2) GDPR)of the fine under Article 83(2) GDPR. The data subjects complains about the violation of its right of access (Article 15 GDPR) by the Istituto Nazionale22 KB (3,478 words) - 15:51, 6 December 2023
- AEPD (Spain) - PS/00454/2019 (category Article 5(1)(c) GDPR)the claimed, by thealleged violation of Article 5.1.c) of the GDPR, typified in Article 83.5 of theRGPD. FIFTH: Consulted the database of this Agency on12 KB (1,832 words) - 14:41, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9435807 (category Article 83(5)(e) GDPR)can be classified as 'minor' infringements in the light of Article 83(2) and recital 148 of the Rules of Procedure and that, therefore, it may be sufficient58 KB (9,448 words) - 15:50, 6 December 2023
- AEPD (Spain) - PS/00272/2019 (category Article 83(5) GDPR)with the GDPR. Especially, if the installation of surveillance camera is contrary to the data minimisation principle, under Article 5(1)(c) GDPR. First,22 KB (3,438 words) - 14:24, 13 December 2023
- AEPD (Spain) - PS/00227/2020 (category Article 6(1) GDPR)Articles 6 and 13 GDPR? The AEPD decided to impose, for infringement of Article 6 GDPR, a fine of € 10000 and, for infringement of Article 13 GDPR, a fine of46 KB (7,230 words) - 14:20, 13 December 2023
- AEPD (Spain) - EXP202204530 (category Article 83(5)(b) GDPR)with the article 83.1 of the GDPR. In order to determine the administrative fine to be imposed, to observe the provisions of article 83.2 of the RGPD, which26 KB (3,971 words) - 13:26, 13 December 2023
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 5(1)(b) GDPR)negligently (GDPR Article 83 (2) point b). (ii) The Authority has not previously established a relevant data protection violation against Customer 1 (GDPR Article140 KB (23,189 words) - 08:25, 20 February 2024
- ANSPDCP (Romania) - 04.03.2021 (category Article 5(1)(f) GDPR)of Article 32 GDPR in conjunction with Article 5(1)(f) GDPR? The Romanian DPA (ANSPDCP) found that the controller violated Article 32 GDPR as they had not7 KB (1,035 words) - 15:19, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8393/161/2019 (category Article 5(1)(c) GDPR)accordance with Article 6(1)(f) GDPR? - Does the controller process audio and video data in accordance with 5(1)(c) GDPR? - Does the information provided111 KB (17,604 words) - 13:08, 3 March 2024
- CNPD (Luxembourg) - Délibération n° 6FR/2023 (category Article 31 GDPR)fines as provided for in Article 83 of the RGPD, except against the State or municipalities. 54. Article 83(1) of the GDPR provides that each supervisory55 KB (9,079 words) - 16:57, 6 December 2023
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)the provisions of the GDPR, in particular Article 5 (1) GDPR, article 24 and article 28 GDPR, all this based on article 58.2, d) GDPR and article 100, §1113 KB (18,732 words) - 16:50, 12 December 2023
- UODO (Poland) - DKE.561.17.2020 (category Article 31 GDPR)entrepreneur. The DPA found that the controller violated Article 31 GDPR and Article 58(1)(e) GDPR and issued a warning to the entrepreneur. The entrepreneur was22 KB (3,364 words) - 09:52, 17 November 2023
- AEPD (Spain) - PS/00173/2020 (category Article 5(1)(d) GDPR)to be imposed, they mustobserve the provisions contained in articles 83.1 and 83.2 of the RGPD, whichpoint out:"one. Each supervisory authority shall ensure22 KB (3,424 words) - 14:06, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9461168 (category Article 5(1)(f) GDPR)administrative sanction envisaged by art. 83, par. 4 and 5 of the Regulation, pursuant to art. 58, par. 2, lett. i), and 83, par. 5, of the same Regulation as50 KB (8,001 words) - 15:52, 6 December 2023
- AEPD (Spain) - PS/00340/2019 (category Article 83(5) GDPR)data subject under Article 21(1) GDPR had been violated by the PAR. Did Mrs AAA have a right to object under Article 21 GDPR? Had the PAR infringed this right23 KB (3,554 words) - 14:31, 13 December 2023
- AEPD (Spain) - PS/00308/2020 (category Article 5(1)(a) GDPR)constitutive of the offense typified in article 83.5.a) of the aforementioned Regulation 2016/679. In this sense, Recital 40 of the RGPD states: " (40) For the treatment25 KB (4,016 words) - 14:27, 13 December 2023
- AEPD (Spain) - PS/00054/2021 (category Article 32(1) GDPR)damages physical, material or immaterial. In this same sense, recital 83 of the RGPD states that: “(83) In order to maintain security and prevent the treatment27 KB (3,993 words) - 13:52, 13 December 2023
- AEPD (Spain) - PS/00048/2021 (category Article 5 GDPR)Articles 5 and 6 GDPR? The AEPD held that publishing personal data on Twitter without the consent of the claimant is a violation of Article 6 GDPR, due to the17 KB (2,458 words) - 13:51, 13 December 2023
- NAIH (Hungary) - NAIH-1091-10/2022 (NAIH-6936/2021) (category Article 5(2) GDPR)to Article 13 (1) of the GDPR of what is written in paragraph Recital (39) of the GDPR and Article 5 (1) point a) of the GDPR stipulate that the information69 KB (11,255 words) - 10:08, 17 November 2023
- UODO (Poland) - DKE.561.2.2020 (category Article 58(1)(e) GDPR)connection with Article 31, Article 58(1)(e) in connection with Article 83(1-3) and Article 83(5)(e) of Regulation 2016/679 of the European Parliament and of the27 KB (4,390 words) - 09:50, 17 November 2023
- LG München - 31 O 16606/20 (category Article 5(1)(f) GDPR)causality between the "GDPR breach" and the "damage". Article 82(1) GDPR requires that the damage occurs as a result of a specific GDPR breach. Although it25 KB (4,028 words) - 07:10, 8 February 2022
- AEPD (Spain) - PS/00464/2020 (category Article 32(1) GDPR)damages physical, material or immaterial. In this same sense, recital 83 of the RGPD states that: “(83) In order to maintain security and prevent the treatment29 KB (4,300 words) - 14:41, 13 December 2023
- AEPD (Spain) - EXP202202837 (category Article 83(2) GDPR)Article 6(1)(a) GDPR since the consent could not be considered valid. Finally, the DPA applied two aggravating circumstances of Article 83(2) GDPR: the nature58 KB (8,995 words) - 13:00, 13 December 2023
- AP (The Netherlands) - 24.03.2020 (category Article 4(15) GDPR)conjunction with Article 83, paragraph 4, of the GDPR and article 14, third paragraph, of the UAVG is authorized to apply to GDPR breaches None administrative48 KB (7,461 words) - 17:04, 12 December 2023
- AEPD (Spain) - PS/00389/2019 (category Article 83 GDPR)damage physical, material or immaterial. In the same sense, recital 83 of the RGPD states that "(83) In order to maintain security and to prevent the processing31 KB (4,819 words) - 14:34, 13 December 2023
- AEPD (Spain) - PS/00287/2020 (category Article 5(1)(f) GDPR)damages physical, material or immaterial. In this same sense, recital 83 of the RGPD states that: “(83) In order to maintain security and prevent the treatment32 KB (4,837 words) - 14:26, 13 December 2023
- AEPD (Spain) - PS/00082/2020 (category Article 5(1)(c) GDPR)consequent infringement of the data minimisation principle (Article 5(1)(c) GDPR). The decision is the consequence of a complaint submitted by a Spanish citizen18 KB (2,749 words) - 13:57, 13 December 2023
- AEPD (Spain) - PS/00483/2020 (category Article 5(1)(f) GDPR)damages, material les or immaterial. In this same sense, recital 83 of the RGPD states that: “(83) In order to maintain security and prevent treatment from32 KB (4,834 words) - 14:43, 13 December 2023
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)51 51and imposed a fine on him [Article 83 (2) (e) of the General Data Protection Regulationand (i)].Article 83 (2) of the General Data Protection Regulation192 KB (30,170 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS/00269/2019 (category Article 83(5) GDPR)violation of the GDPR? The AEPD held that the senders of the email violated the principle of data confidentiality under Article 5(1)(f) GDPR, by revealing30 KB (4,761 words) - 14:24, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509515 (category Article 83(2)(b) GDPR)fraud prevention under Article 6(1)(f) GDPR. Did the company’s policy breach Article 6 or any other articles of the GDPR? The Garante held that the policy breached33 KB (5,342 words) - 15:52, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9435753 (category Article 83(2) GDPR)doubts about the identity of the person making the request”. Moreover, Recital 64 GDPR require the measures adopted to identify data subjects to be “reasonable”129 KB (21,020 words) - 15:49, 6 December 2023
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)member states is superimposed (see Recital 146 S 4 and 5 on the GDPR; cf. also Frenzel in Paal / Pauly, GDPR-BDSG3 Art 82 GDPR margin no.1; Wybitul / Haß / Albrecht122 KB (20,253 words) - 08:17, 19 August 2021
- Garante per la protezione dei dati personali (Italy) - 9451734 (category Article 5(1)(c) GDPR)administrative sanction pursuant to Article 83, par. 5, letter a) of the Regulation. In this regard, Art. 83, par. 3, of the RGPD, provides that "If, in24 KB (3,697 words) - 15:52, 6 December 2023
- AEPD (Spain) - PS/00247/2020 (category Article 7 GDPR)Articles 13 GDPR and 7 GDPR respectively? To determine the amount of the penalty, the AEPD took into account three criteria in Article 83(2) GDPR: unintentional24 KB (3,893 words) - 14:22, 13 December 2023
- AEPD (Spain) - EXP202206825 (category Article 6(1) GDPR)with the article 83.1 of the GDPR. In order to determine the administrative fine to be imposed, to observe the provisions of article 83.2 of the RGPD, which31 KB (4,864 words) - 13:27, 13 December 2023
- AEPD (Spain) - PS/00205/2021 (category Article 6(1) GDPR)constitutes personal data according with Article 4(1) GDPR therefore its processing falls within the scope of GDPR. The DPA also analysed whether the controller28 KB (4,527 words) - 12:35, 13 December 2023
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)established in article 5 of the GDPR. The security of personal data is regulated in articles 32, 33 and 34 of the GDPR. III The GDPR defines personal data security100 KB (16,401 words) - 14:07, 13 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)Data Protection Regulation - GDPR). The defendant has a right of refusal under Art. 12 Para. 5 Sentence 2 Letter b) GDPR to. The provision only lists the40 KB (6,325 words) - 16:12, 18 May 2022
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)administrative as provided for in Article 83 of the GDPR, except against the State or of the municipalities. 62. Article 83 of the GDPR provides that each supervisory82 KB (11,472 words) - 16:58, 6 December 2023
- AEPD (Spain) - EXP202309109 (category Article 5(1)(c) GDPR)means of such activity, by virtue of article 4.7 of the GDPR. For its part, article 5.1.c) of the GDPR regulates the “principles relating to processing” establishing18 KB (2,733 words) - 13:18, 13 December 2023
- APD/GBA (Belgium) - 12/2019 (category Article 4(11) GDPR)the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a decision107 KB (17,697 words) - 16:52, 12 December 2023
- AEPD (Spain) - PS/00446/2021 (category Article 5(1)(c) GDPR)alleged violation of article 5.1.c) of the GDPR and article 13 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Once the aforementioned initiation24 KB (3,717 words) - 13:04, 13 December 2023
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)of the GDPR according to Art. 99 Para. 2 GDPR as of May 25, 2018 follows from Art. 79 Para. 2 Sentence 1 GDPR in conjunction with recital 22 GDPR as well130 KB (21,874 words) - 09:43, 15 February 2024
- APD/GBA (Belgium) - 37/2021 (category Article 5(1)(b) GDPR)with article 24 GDPR. They are contained in article 25 of the AVG mentioned above and are explained in more detail in recital 78 GDPR. The defendant therefore45 KB (6,780 words) - 16:57, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9269618 (category Article 5(1)(f) GDPR)guarantee an adequate level of security to the risk (on this point, see also recital 83 of the Regulation in the part where it states that "the data controller34 KB (4,967 words) - 15:46, 6 December 2023
- CE - N° 430810 (category Article 6(1)(a) GDPR)Article 6(1)(a) of the PGRD for all those purposes, do Article 7(2) and Recital 32 of the PGRD require the controller to give the data subject the possibility42 KB (6,800 words) - 09:50, 10 September 2021
- AEPD (Spain) - PS/00152/2020 (category Article 33 GDPR)was responsible for violating Article 33 GDPR, and issued it with a warning pursuant to Article 58(2)(b) GDPR. The AEPD did not find the former Secretary27 KB (4,243 words) - 14:06, 13 December 2023
- AEPD (Spain) - EXP202202898 (category Article 6(1) GDPR)LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned start-up agreement34 KB (5,358 words) - 13:16, 13 December 2023
- UODO (Poland) - DKE.561.11.2020 (category Article 83(1) GDPR)(Journal of Laws of 2019, item 1781) and Article 57(1)(a), Article 83(1)-(2) and Article 83(6) in connection with Article 58(2)(e) and (i) of the Regulation46 KB (7,322 words) - 09:51, 17 November 2023
- Commissioner (Cyprus) - 17.05.23 (category Article 5(1)(c) GDPR)perpetrator (Article 83(2) GDPR). Lastly, the amount of the fine shall not exceed the maximum amounts provided for in Articles 83(4) (5) and (6) GDPR. The quantification31 KB (4,973 words) - 16:50, 6 December 2023
- AEPD (Spain) - PS/00113/2019 (category Article 5(1)(a) GDPR)defendant for an infringement of Article 5(1)(a) GDPR a warning penalty in accordance with Article 58(2)(b) GDPR. Share your comments here! Share blogs or news23 KB (3,836 words) - 14:01, 13 December 2023
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)meaning of the GDPR, and such processing of personal data did not fall within the scope of the "household exemption". Therefore, the GDPR applied in full84 KB (14,035 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)considers that, in accordance with the provisions of recital 63 of the GDPR and Article 15(4) of the GDPR, it is not obliged to respond to them if it would59 KB (9,623 words) - 17:03, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9861827 (category Article 5(1)(a) GDPR)under Article 13 GDPR. Incidentally, the DPA also found that such a privacy policy was not complete and did not comply with the GDPR requirements. In addition87 KB (14,525 words) - 15:45, 6 December 2023
- NAIH (Hungary) - NAIH/2020/6484 (category Article 15(1)(a) GDPR)The Hungarian DPA (NAIH) found a violation of Article 15 GDPR and obliged a controller to grant a complainant access to his personal data. A complainant27 KB (4,159 words) - 10:13, 17 November 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 37(7) GDPR)the criteria set by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches81 KB (11,895 words) - 16:58, 6 December 2023
- DVI (Latvia) - SIA “Lursoft IT” (category Article 5(1)(a) GDPR)proceeding personal data under Article 5(1)(a) GDPR. Lursoft claim to be have such a legal basis under Article 6(1)(c) GDPR. However, this was rejected by the Latvian90 KB (14,351 words) - 16:10, 6 December 2023
- AEPD (Spain) - PS/00214/2022 (category Article 6(1) GDPR)of the GDPR, which implies the commission of an infringement classified in section 5.a) of the Article 83 of the GDPR. Article 83.5.a) of the GDPR, under131 KB (20,916 words) - 12:38, 13 December 2023
- CNPD (Portugal) - Deliberação 984/2018 (category Article 5(1)(f) GDPR)d) and article 83, paragraph 4, al. a), all documented regulation.-In addition, under the terms of article 83, paragraph 3 of the GDPR, the fine of € 40040 KB (5,935 words) - 16:55, 6 December 2023
- AEPD (Spain) - PS/00274/2019 (category Article 5(1)(f) GDPR)to be imposed, they mustobserve the provisions contained in articles 83.1 and 83.2 of the RGPD, whichpoint out:"one. Each supervisory authority shall ensure37 KB (5,700 words) - 14:24, 13 December 2023
- NAIH (Hungary) - NAIH/2020/32/4 (category Article 5(1) GDPR)[Article 83(2)(b) GDPR] - The obligor has not yet been convicted for violating the General Data Protection Regulation.[Article 83(2)(e) GDPR] - The Authority75 KB (12,586 words) - 10:10, 17 November 2023
- AEPD (Spain) - PS/00247/2019 (category Article 32(2) GDPR)under Article 83.4.a of the GDPR. Assessing the circumstances modifying liability, both adverse and favourable, contemplated in article 83.2 GDPR, the AEPD39 KB (6,720 words) - 14:22, 13 December 2023
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)infringements committed by DIGI (art. 83.2 e) GDPR). At no time have special categories of data been processed (Art. 83.2 g) GDPR) The degree of cooperation of49 KB (7,973 words) - 13:25, 13 December 2023
- LG Magdeburg - 9 O 1571/20 (category Article 6(1) GDPR)Article 82 (1) and (2) GDPR, any person who has suffered material or non-material damage as a result of a violation of the GDPR is entitled to compensation27 KB (4,216 words) - 13:26, 8 January 2024
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)as “anonymisation”. Recital 26 of the GDPR clarifies that anonymous information does not fall within the scope of the GDPR. The GDPR does not explicitly59 KB (8,242 words) - 10:47, 17 March 2021
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)data in the context of telephone jokes. Article 6 GDPR (legality of processing) and Articles 13 and 14 GDPR (transparency) were infringed. The decision is206 KB (32,869 words) - 14:36, 13 December 2023
- AEPD (Spain) - PS/00477/2019 (category Article 6 GDPR)with the requirements of Articles 13 and 14 of the GDPR? In relation to Article 13 and 14 of the GDPR, the AEPD held that the information CaixaBank provided566 KB (93,179 words) - 13:43, 13 December 2023
- DSB (Austria) - D550.038/0003-DSB/2018 (category Article 5(1)(a) GDPR)still covered as a "legitimate interest" in Article 6(1)(f) GDPR? How are penalties under GDPR and the Austrian Data Protection Act ("DSG") to be calculated31 KB (5,161 words) - 14:02, 12 May 2023
- AEPD (Spain) - EXP202102778 (category Article 6(1)(f) GDPR)purposes of the GDPR and that the sanction to be imposed should be graduated with the aggravation of negligence Article 83(2)(b) GDPR, since the controller84 KB (13,036 words) - 13:26, 13 December 2023
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)amount of the fine, the criteria specified in the same article 83. 97. Article 83 of the GDPR provides: 1. Each supervisory authority shall ensure that administrative61 KB (10,028 words) - 17:09, 6 December 2023
- AEPD (Spain) - EXP202204881 (category Article 6(1) GDPR)infringements committed by DIGI (art. 83.2 e) GDPR). At no time have special categories of data been processed (Art. 83.2 g) GDPR) The degree of cooperation of55 KB (9,017 words) - 10:46, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)fines as provided for in Article 83 of the GDPR, except against the state or municipalities. 46. Article 83 of the GDPR provides that each supervisory authority52 KB (7,520 words) - 13:13, 20 July 2021
- AEPD (Spain) - PS/00062/2020 (category Article 13 GDPR)Article 13 GDPR even if the contact form is not operational? The Spanish DPA (AEPD) held that the defendant, PSI, violated Article 13 GDPR by failing to44 KB (7,162 words) - 13:53, 13 December 2023
- UODO (Poland) - ZSPR.421.3.2018 (category Article 14 GDPR)pursuant to Art. 14 par. 5 lit. b GDPR? The President of UODO found that: 1) The applicable provision is the Art. 14 GDPR since the data controller collects52 KB (8,444 words) - 10:01, 17 November 2023
- AEPD (Spain) - PS/00054/2020 (category Article 5(1)(c) GDPR)of the data processing, in violation of Article 13 and Article 5 (1) (c) GDPR. The complainant lodged a complaint with the AEPD about the installation37 KB (6,022 words) - 13:52, 13 December 2023
- IMY (Sweden) - DI-2021-4355 (category Article 32 GDPR)5(6) Date:2023-01-19 Choice of intervention Article 58(2) and Article 83(2) of the GDPR give IMY the authority to impose an administrative fine. Depending28 KB (3,101 words) - 09:49, 7 June 2023
- AEPD (Spain) - PS/00239/2022 (category Article 15 GDPR)of the GDPR, typified in Article 83.5 of the GDPR, as well as for the alleged infringement of Article 17 of the GDPR, typified in the Article 83.5 of the60 KB (9,630 words) - 12:34, 13 December 2023
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)personal data of French data subject and held that the GDPR was applicable pursuant of Article 3(2)(a) GDPR. The DPA determined that the controller offered services59 KB (9,566 words) - 17:03, 6 December 2023
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 83 GDPR)considering the objections in light of Article 4(24) GDPR and the factors outlined in Article 83(2) GDPR the EDPB instructed the DPC to impose an administrative289 KB (33,568 words) - 15:00, 1 February 2023
- AEPD (Spain) - PS/00029/2020 (category Article 5(1)(f) GDPR)Article 58(2)(b) GDPR. The Authority ordered the Health Service to carry out a DPIA and bring its processing operations in line with the GDPR within six months44 KB (6,943 words) - 13:49, 13 December 2023
- AEPD (Spain) - EXP202205820 (category Article 6 GDPR)provisions of article 6 of the GDPR, which supposes the commission of an infraction typified in article 83.5 of the GDPR, which provides the following:61 KB (9,700 words) - 13:21, 13 December 2023
- AEPD (Spain) - PS/00132/2022 (category Article 6(1) GDPR)violation of the provisions of Article 83(5)(b) of the GDPR. committed, in violation of the provisions of Article 6.1 of the GDPR, allows for an initial sanction52 KB (8,416 words) - 12:59, 13 December 2023
- AEPD (Spain) - EXP202100897 (category Article 83(2) GDPR)the processing (Article 21(1) GDPR). Finally, the DPA fined the controller €12,000 for a violation of Article 6(1) GDPR due to the lack of a valid legal72 KB (11,671 words) - 13:34, 13 December 2023
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)whether Art. 15 GDPR applies to the investigation files at all, since according to Art. 2 Para. 2 d GDPR, Section 2a Para. 4 AO, the GDPR does not apply97 KB (16,519 words) - 09:57, 22 February 2023
- AEPD (Spain) - EXP202203956 (category Article 6(1) GDPR)LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned start-up agreement52 KB (8,323 words) - 13:17, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.007.220 (category Article 7(4) GDPR)Company claimed that under the GDPR, there is no right that a trade union can exercise. They thought that the justiciability of GDPR is limited only to the natural56 KB (8,913 words) - 16:52, 6 December 2023
- AEPD (Spain) - PS/00183/2022 (category Article 5(1)(d) GDPR)for which you are responsible, typified in article 83.5.b) RGPD, the provisions of articles 83.1 and 83.2 of the RGPD must be observed, precepts that state:63 KB (10,203 words) - 13:01, 13 December 2023
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)data under Article 4(1) GDPR, especially because they allow to single out a data subject within the meaning of recital 26 of the GDPR. It is sufficient that108 KB (17,097 words) - 13:52, 12 May 2023
- UODO (Poland) - ZSOŚS.421.25.2019 (category Article 83(1) GDPR)39 sec. 2, art. 30 sec. 1 lit. d, as well as art. 83 sec. 1 - 3, art. 83 sec. 4 letter a and art. 83 sec. 5 lit. a Regulation of the European Parliament156 KB (25,012 words) - 10:01, 17 November 2023
- UODO (Poland) - DKN.5112.7.2020 (category Article 5(1)(a) GDPR)the appropriate category of breaches, i.e. those indicated in Article 83(4) or 83(5) and (6) of Regulation 2016/679. The assessment of the severity of the29 KB (4,687 words) - 09:56, 17 November 2023
- AEPD (Spain) - PS/00422/2018 (category Article 2 GDPR)for alleged infringement of Article 5.1 f) of the GDPR, in accordance with Article 83.5.a) of the GDPR- Initiate sanctioning procedure against PROYECTO25 KB (3,933 words) - 14:37, 13 December 2023
- AEPD (Spain) - PS/00120/2020 (category Article 13 GDPR)warning to Escuela Infantil (nursery school) for the infringement of Article 13 GDPR. The decision is the consequence of a complaint filed by a Spanish citizen31 KB (4,808 words) - 14:01, 13 December 2023
- VSL (Slovenia) - 9267/2022 (category Article 12 GDPR)manner as to the places monitored. However, the EDPB also referred to Recital 47 GDPR, according to which the existence of a legitimate interest also needs24 KB (3,757 words) - 16:27, 31 October 2023
- AEPD (Spain) - PS/00234/2020 (category Article 7 GDPR)AEPD concluded that the defendant could have breached Article 13 GDPR, Article 7 GDPR and Article 22(2) LSSI: there was no identification of the data controller47 KB (7,368 words) - 14:21, 13 December 2023
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)(articles 12 and 14 of the GDPR); A breach of his right of access (article 15 of the GDPR); A breach of Article 28 of the GDPR with regard to its status72 KB (11,389 words) - 08:59, 20 August 2021
- AEPD (Spain) - PS/00040/2020 (category Article 15 GDPR)is the Purpose of the data processing of the claimed person. III Recital 61 of the GDPR indicates: "Information on the processing of their data must be38 KB (6,303 words) - 13:50, 13 December 2023
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)such acts and uploaded the video to Instagram had infringed Article 6(1) GDPR, for processing personal data without a legitimate basis (namely without47 KB (7,616 words) - 14:35, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)number of data subjects (Article 83.2.a) of the GDPR), the As for the number of data subjects (Article 83.2.a) of the GDPR), the Panel notes that these are69 KB (11,315 words) - 13:30, 19 January 2022
- AEPD (Spain) - PS/00028/2022 (category Article 5(1)(f) GDPR)LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned start-up agreement58 KB (9,301 words) - 12:39, 13 December 2023
- KG Berlin - 3 Ws 250/21 - 161 AR 64/21 (category Article 83 GDPR)following preliminary questions to the CJEU: (1) Is Article 83(4) to Article 83(6) GDPR of the GDPR to be interpreted as incorporating into national law the38 KB (5,956 words) - 11:41, 21 January 2022
- HDPA (Greece) - 12/2022 (category Article 5(1)(a) GDPR)fairness and transparency under Article 5(1)(a) GDPR, and the principle of accountability under Article 5(2) GDPR. Additionally, the HDPA held that the employer’s46 KB (7,390 words) - 08:07, 1 April 2022
- CNPD (Portugal) - Deliberação 2022/140 (category Article 5(1)(e) GDPR)5(1)(f) GDPR and a fine of €100,000 for the violation of Article 37 GDPR. The DPA issued a reprimand for the violations of Article 5(1)(e) GDPR and Article75 KB (12,306 words) - 10:02, 21 December 2022
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 4 GDPR)(2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently, the Garante144 KB (23,155 words) - 15:46, 6 December 2023
- LArbG Nürnberg - 4 Sa 201 22 (category Article 83(5)(b) GDPR)under Article 15(1) GDPR are not covered as such by Article 82(1) GDPR. The court reached this conclusions by looking at Recital 146 GDPR and at the original19 KB (2,972 words) - 05:25, 9 May 2023
- UODO (Poland) - ZSPR.421.7.2019 (category Article 7(3) GDPR)paragraph 2 point d and point i, as well as in connection with Article 83 paragraph 3, Article 83 paragraph 5 point a and point b of Regulation 2016/679 of the60 KB (9,815 words) - 10:02, 17 November 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)to Article 2 (1) of the GDPR, the GDPR applies to the processing of data in the present case. The relevant provisions of the GDPR in the present case are72 KB (11,159 words) - 10:09, 17 November 2023
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)amount of the fine, the criteria specified in the same article 83". 91. Article 83 of the GDPR provides that "each supervisory authority shall ensure that56 KB (9,069 words) - 17:02, 6 December 2023
- AEPD (Spain) - PS/00006/2022 (category Article 12 GDPR)LPACAP, for the alleged violation of Article 12 of the GDPR, typified in Article 83.5 of the GDPR, in which it is indicated that you have a period of ten54 KB (8,870 words) - 10:43, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/549 (category Article 17(3)(e) GDPR)proceedings”, that “Recital 65 of the GDPR also includes the exception of the legal defense as provided for in article 17.3.e of the GDPR to the right to erasure"37 KB (5,765 words) - 09:53, 14 December 2023
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)Charter. 61 First, it should be noted that, in the light of recital 19 of the GDPR and recitals 9 to 12 of Directive 2016/680 and by virtue of Article 2(1)110 KB (18,000 words) - 08:01, 5 June 2023
- UODO (Poland) - DKN.5130.2815.2020 (category Article 5(1)(f) GDPR)breached provisions, i.e. those indicated in Article 83(4) of Regulation 2016/679 and/or Article 83(5) and (6) of Regulation 2016/679. The assessment of37 KB (5,819 words) - 09:58, 17 November 2023
- CJEU - C-741/21 - juris (category Article 83 GDPR)for determining fines set out in Article 83 of the GDPR, in particular in Article 83(2) and 83(5) of the GDPR? 4. Must the compensation be determined for2 KB (216 words) - 09:59, 27 April 2022
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw conclusions32 KB (5,236 words) - 16:00, 10 March 2022
- AEPD (Spain) - PS/00365/2019 (category Article 31 GDPR)Article 31 GDPR in conjunction with Article 58(1)(e) GDPR. The AEPD, therefore, agreed to impose a penalty of € 20000 under Article 83(5)(e) GDPR. The fact86 KB (14,295 words) - 14:32, 13 December 2023
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)precepts of the article 83.4 of the GDPR correspond to minor infractions and the precepts of article 83.5 or article 83.6 of the GDPR correspond to serious195 KB (30,495 words) - 12:40, 13 December 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 83 GDPR)in Article 83(2) GDPR in deciding whether to impose an administrative fine for the infringement of its transparency obligations under the GDPR (Paras 293468 KB (51,340 words) - 14:10, 30 January 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)Article 83(1) GDPR and taking into account the criteria of Article 83(2) GDPR. This decision is the first decision of the EDPC under Article 65(1) GDPR. it183 KB (30,819 words) - 09:50, 20 January 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)fines as provided for in article 83 of the GDPR, except against of the state or municipalities. 91. Article 83.1 of the GDPR provides that each supervisory96 KB (13,984 words) - 16:57, 6 December 2023
- BVwG - W258 2217446-1 (category Article 4(1) GDPR)personal data under Article 9(1) GDPR. Their processing would require the data subjects' explicit consent under Article 9(2)(a) GDPR and § 151(4) GewO, ordered79 KB (12,652 words) - 09:41, 10 September 2021
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)as well as Article 83 AVG, is justified, taking into account the following considerations elements. 101. Taking into account article 83 AVG and the case62 KB (10,509 words) - 16:58, 12 December 2023
- AEPD (Spain) - EXP202211953 (category Article 5(1)(a) GDPR)information under Article 13 GDPR, and for the processing of personal data in a manner contrary to Article 5(1)(a) of the GDPR. A data subject submitted a85 KB (13,042 words) - 12:42, 13 December 2023
- APD/GBA (Belgium) - 24/2021 (category Article 6 GDPR)Article 6.1 GDPR, read in conjunction with Articles 5.2 GDPR and 24.1 GDPR; 5) the performance of a data protection impact assessment (Article 35 GDPR) the framework110 KB (18,238 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2020-013 (category Article 83 GDPR)only investigating GDPR infringements but also breaches of the Directive ePrivacy, transcribed into French law. It reminded that GDPR and ePrivacy each82 KB (13,424 words) - 17:10, 6 December 2023
- AEPD (Spain) - PS-00563-2022 (category Article 83(2) GDPR)against the controller for the infringement of Article 13 GDPR as defined in Article 83(5)(b) GDPR. This initiation agreement was notified and delivered to8 KB (1,017 words) - 09:54, 18 January 2024
- IMY (Sweden) - IMY-2022-695 (category Article 4(15) GDPR)violations referred to in article 83.4, 83.5 and 83.6 of the data protection regulation and that Article 83.1, 83.2 and 83.3 of the regulation shall then43 KB (5,076 words) - 09:32, 21 November 2023
- AP (The Netherlands) - 14.01.2022 (category Article 5(1)(c) GDPR)17 of the AVG) are included below. Recital 59 of the GDPR further clarifies the standard in Article 12 of the GDPR: Arrangements should be made available50 KB (7,656 words) - 17:05, 12 December 2023
- DSB (Austria) - D122.844/0006-DSB/2018 (category Article 12(5) GDPR)account data under Article 15 GDPR? Is GDPR applicable to a case that was still pending before the DPA on 25. 5. 2018? GDPR applies to cases pending before19 KB (2,936 words) - 13:55, 12 May 2023
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(1) GDPR)justified to impose a data protection fine on Client 1. E Article 83 (2) of the GDPR and Infotv. 75 / A. § considered by the all the circumstances of the67 KB (10,492 words) - 10:11, 17 November 2023
- AEPD (Spain) - EXP202103039 (category Article 13 GDPR)Article 13 GDPR. In the present case, the controller omitted this obligation. The DPA therefore held that the controller violated Article 13 GDPR by neither22 KB (3,385 words) - 13:35, 13 December 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)provided additional submissions regarding Article 83(3) GDPR (“Meta IE Submissions on Article 83(3) GDPR”). December 2021 On3December2021,theIESAsharedi276 KB (38,206 words) - 09:46, 20 January 2023
- DSB (Austria) - DSB 2023-0.404.421 (category Article 83(2)(b) GDPR)Article 5(1)(b) GDPR and against the provisions of Article 5(1)(a) GDPR and Article 6(1)(f) GDPR in conjunction with Article 6(4) GDPR. Further, the DSB40 KB (6,348 words) - 09:05, 16 November 2023
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include440 KB (73,154 words) - 09:44, 12 May 2021
- AEPD (Spain) - PS/00080/2022 (category Article 83(2)(a) GDPR)Article 5 and Articles 32 and 33 GDPR. First, there was the duration of the infringement under Article 83(2)(a) GDPR; second, there was the categories47 KB (7,265 words) - 10:05, 21 July 2022
- HDPA (Greece) - 35/2023 (category Article 4(12) GDPR)par. 2 sec. i of the GDPR, effective, proportionate and dissuasive administrative money fine according to article 83 of the GDPR, both to restore compliance52 KB (8,460 words) - 10:54, 10 January 2024
- Garante per la protezione dei dati personali (Italy) - 9983210 (category Article 5(1) GDPR)and Article 13 GDPR. The Italian DPA ordered the controller to bring processing operations into conformity with the provisions of GDPR and imposed a fine89 KB (14,466 words) - 15:14, 20 February 2024
- AEPD (Spain) - PS/00388/2020 (category Article 7 GDPR)option. The AEPD also found that there had been a violation of Article 7 GDPR before the controller allowed the user to choose what specific processing52 KB (8,471 words) - 14:33, 13 December 2023
- UODO (Poland) - DKN.5131.11.2020 (category Article 83(1) GDPR)sec. 1 lit. a) and h), art. 58 sec. 2 lit. e) and lit. i), art. 83 sec. 1-2 and art. 83 sec. 4 lit. a) in connection with Art. 33 paragraph 1 and art. 3451 KB (8,179 words) - 12:07, 11 August 2021
- UODO (Poland) - DKN.5130.3114.2020 (category Article 83(1) GDPR)in conjunction with Articles 24(1), 31, 32(1) and (2), 34(1), and 83(1) and (2) and 83(4)(a) of Regulation EU 2016/679 of the European Parliament and of105 KB (16,833 words) - 13:48, 15 November 2021
- DSB (Austria) - 2023-0.789.858 (category Article 83 GDPR)of the GDPR are regulated conclusively in Article 83, Paragraphs 1 to 6 of the GDPR and are regulated in Article 83, Paragraphs 1 to 6 of the GDPR (paragraph57 KB (9,442 words) - 08:55, 17 January 2024
- AEPD (Spain) - PS/00044/2020 (category Article 13 GDPR)(AEPD) imposed a warning on a Spanish public notary for infringing Article 13 GDPR by not offering the claimant relevant information when obtaining a copy of39 KB (6,270 words) - 13:51, 13 December 2023
- APD/GBA (Belgium) - 57/2021 (category Article 5(1)(a) GDPR)c) GDPR in conjunction with Article 5.1 a) GDPR and Article 5.2 GDPR. - Violation of article 13.1 d) GDPR in conjunction with article 5.1 a) GDPR and99 KB (15,064 words) - 14:05, 2 June 2021
- DSB (Austria) - 2023-0.603.142 (category Article 31 GDPR)of the GDPR are regulated conclusively in Article 83, Paragraphs 1 to 6 of the GDPR and are regulated in Article 83, Paragraphs 1 to 6 of the GDPR (paragraph76 KB (12,550 words) - 09:24, 28 February 2024
- AEPD (Spain) - PS/00126/2021 (category Article 6(1) GDPR)negligence of the infringement (Article 83(2)(b) GDPR) the impact on basic personal identifiers (Article 83(2)(g) GDPR) Share your comments here! Share blogs26 KB (3,922 words) - 13:10, 9 June 2021
- DSB (Austria) - 2023-0.583.644 (category Article 5(1)(a) GDPR)fine under Article 83 of the GDPR are regulated conclusively in Article 83, Paragraphs 1 to 6 of the GDPR and are regulated in Article 83, Paragraphs 1 to93 KB (15,554 words) - 10:04, 15 February 2024
- Administrative Court Stockholm - Mål nr 1930-23 (category Article 32(1) GDPR)violations referred to in article 83.4, 83.5 and 83.6 of the data protection regulation and that Article 83.1, 83.2 and 83.3 of the regulation shall then79 KB (9,390 words) - 09:30, 27 November 2023
- Commissioner (Cyprus) - 11.17.001.010.045 (category Article 5(1)(c) GDPR)perpetrator (Article 83(2) GDPR). Finally, the amount of the fine shall not exceed the maximum amounts provided for in Articles 83(4) (5) and (6) GDPR. The quantification74 KB (12,375 words) - 10:07, 4 October 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)Articles 6, 7 and 12 of the GDPR. In the contested decision, the Belgian DPA found the infringement of Article 6, 7, 12, 13 and 24 GDPR sufficiently proven. In67 KB (10,544 words) - 09:24, 10 September 2021
- APD/GBA (Belgium) - 15/2021 (category Article 5(2) GDPR)morespecifically the articulation between article 15.4 of the GDPR and recital 63 of the GDPR, as well asbalancing the right to access and obtain data against85 KB (13,724 words) - 16:52, 12 December 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)which it is up to him to implement (article5.1.a) of the GDPR - explained in recital 39 of the GDPR). Different consequencesarising from one or the other81 KB (13,211 words) - 16:59, 12 December 2023
- BVwG - W214 2233132-1/13E (category Article 15(1)(c) GDPR)Article 77 GDPR was very clear and limited in scope. However, the DSB went on to assert a violation of Article 12 GDPR and Article 15(1)(h) GDPR, acting beyond47 KB (7,519 words) - 09:28, 13 February 2024
- UODO (Poland) - DKN.5112.13.2020 (category Article 5(1)(a) GDPR)with the principle of lawfulness in Article 5(1)(a) GDPR, as none of the conditions of Article 6 GDPR were satisfied. The data disclosed in the land register60 KB (9,755 words) - 09:58, 17 November 2023
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)powers of the GDPR are linked to the application of the GDPR. National legislation may assign functions and powers inspired by the GDPR, but can also grant287 KB (48,336 words) - 13:53, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9853446 (category Article 12 GDPR)remedy (Article 12(4) GDPR). Accordingly, as they failed to respond in such a way, the authority had infringed Articles 12 and 15 GDPR. With regard to corrective49 KB (7,823 words) - 16:26, 28 February 2023
- APD/GBA (Belgium) - 57/2023 (category Article 5(1) GDPR)Article 13(1)(c) and (2)(a) of the GDPR. II.4. Article 5 GDPR, Article 24 (1) GDPR and Article 25 (1) and (2) GDPR II.4.1. Findings in the Inspection Report99 KB (15,129 words) - 09:21, 31 May 2023
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include457 KB (75,575 words) - 09:36, 12 May 2021
- Garante per la protezione dei dati personali (Italy) - 9751362 (category Article 5(1)(b) GDPR)privacy policy did not refer to GDPR. Clearview did not have a representative in the Union as mandated by Article 27 GDPR. Accordingly, the activities of134 KB (21,856 words) - 05:16, 25 May 2022
- DVI (Latvia) - SIA "TET" (category Article 5(1)(a) GDPR)5(1)(a), (b), (d) and (e) GDPR. Furthermore, there was no legal basis for these processing operations under Article 6(1) GDPR. The DPA took into account114 KB (17,942 words) - 15:46, 2 November 2022
- IMY (Sweden) - DI-2021-10263 (category Article 5(1)(a) GDPR)comply with Article 5(2) GDPR. The DPA determined that the controller violated Article 15 GDPR. The DPA stated that Article 15(1)(c) GDPR must be interpreted20 KB (2,207 words) - 13:45, 9 January 2023
- IMY (Sweden) - DI-2021-4664 (category Article 5(1)(f) GDPR)Article 32(1) GDPR. The DPA reprimanded the controller pursuant of Article 58(2)(b) GDPR and held that this was a minor infringement (recital 148 GDPR). It considered21 KB (2,284 words) - 14:03, 9 November 2022
- DSB (Austria) - 2023-0.637.760 (category Article 83 GDPR)with Article 83 of the GDPR:Article 83 of the GDPR imposes the following penalty: Fine of euros According to €10,000 Art. 83 para. 4 lit. a GDPR OJ L 2016/11982 KB (13,593 words) - 11:03, 24 January 2024
- APD/GBA (Belgium) - 29/2024 (category Article 12(3) GDPR)view to vigorous enforcement of the rules of the GDPR. 24. As is clear from recital 148 GDPR, the GDPR stipulates that in every serious infringement - therefore27 KB (4,073 words) - 10:26, 21 February 2024
- AG Hamburg-Bergedorf - 410d C 197/20 (category Article 83(2) GDPR)violated Article 6(1) GDPR. However, this violation alone was not sufficient to justify a claim for damages. Pursuant to Article 82(1) GDPR, a claim for damages19 KB (3,009 words) - 12:26, 2 February 2022
- Garante per la protezione dei dati personali (Italy) - 9994882 (category Article 83(2)(e) GDPR)reply to the request for information. In its decision, the DPA cited Recital 35 GDPR which specifies that data related to health ‘includes information on44 KB (6,958 words) - 13:31, 23 April 2024
- AEPD (Spain) - PS-00587-2021 (category Article 83(4) GDPR)processing activities. compliance with the GDPR, including the effectiveness of the measures (GDPR recital 74). In summary, this principle requires a conscious79 KB (12,131 words) - 15:30, 17 January 2024
- Garante per la protezione dei dati personali (Italy) - 9960875 (category Article 12(3) GDPR)Article 12(3) GDPR. Therefore, the DPA ruled that because the processing carried out by the controller breached Article 12 GDPR and Article 15 GDPR. Since the34 KB (5,386 words) - 16:16, 19 December 2023
- Datatilsynet (Norway) - 21/03126 (category Article 83(4)(a) GDPR)Article 4(16) GDPR." Consequently, the DPA concluded that the cooperation mechanism and procedure set out in Article 56(1) GDPR and Article 60 GDPR did not apply133 KB (19,309 words) - 05:16, 24 March 2023
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)10 complainant (article 6.1 a) of the GDPR combined with article 7 of the GDPR), (2) article 6.1 c) of the GDPR in that the publication results on the73 KB (11,604 words) - 16:57, 12 December 2023
- AEPD (Spain) - PS/00413/2021 (category Article 5(1)(c) GDPR)sedeagpd.gob.es 18/21 See the provisions contained in articles 83.1 and 83.2 of the GDPR, which state: "1. Each control authority will guarantee that the69 KB (11,301 words) - 10:49, 23 March 2023
- Garante per la protezione dei dati personali (Italy) - 9868111 (category Article 5(1)(f) GDPR)The DPA fined the controller € 5,000 pursuant to Articles 58(2)(i) and 83 GDPR. Share your comments here! Share blogs or news articles here! The decision47 KB (7,337 words) - 11:31, 4 April 2023
- Garante per la protezione dei dati personali (Italy) - 9954241 (category Article 5(1)(a) GDPR)to be in violation of Article 5(1)(a) GDPR, Article 6 GDPR, Article 9 GDPR, Article 12 GDPR and Article 13 GDPR and started a procedure to adopt corrective77 KB (12,282 words) - 16:43, 12 December 2023
- UODO (Poland) - DKN.5112.5.2021 (category Article 5(1)(a) GDPR)with GDPR provisions, this includes obtaining proof of consent in line with Article 7(1) GDPR. Especially in the context of Article 9(2)(a) GDPR, the explicit82 KB (13,363 words) - 14:11, 18 January 2023
- Datainspektionen - DI-2018-9274 (category Article 5(1)(b) GDPR)data in violation of the GDPR. The DPA also held that Google had processed personal data in violation of Articles 5(1)(b) and 6 GDPR by sending notifications96 KB (12,267 words) - 11:43, 7 April 2022
- AEPD (Spain) - PS/00259/2020 (category Article 6(1)(f) GDPR)responsible, article 6.1.f) RGPD, typified in article 83.5.a RGPD, the provisions of articles 83.1 and 83.2 of the RGPD, precepts that indicate: "Each control158 KB (25,857 words) - 13:56, 14 July 2021
- APD/GBA (Belgium) - 47/2022 (category Article 5(1)(b) GDPR)Articles 6.1.C and 9.2.i) of the GDPR. 86. In accordance with Article 6.3 of the GDPR, read in the light of recital 41 of the GDPR, the processing of 26 personal207 KB (31,357 words) - 14:21, 8 June 2022
- IMY (Sweden) - DI-2021-10488 (category Article 12(3) GDPR)Article 58(2)(i) and Article 83(2) of the GDPR that the IMY has the power to impose administrative fines in accordance with Article 83. Depending on the circumstances18 KB (2,020 words) - 12:13, 12 October 2022
- IMY (Sweden) - DI-2019-6523 (category Article 13(1)(c) GDPR)(Article 6(1)(b) GDPR) and legitimate interests (Article 6(1)(f) GDPR), the DPA found that the controller violated Article 13(1)(c) GDPR by indicating an17 KB (1,990 words) - 09:02, 8 May 2024
- KamR Stockholm - Case No. 5888-20 (category Article 5 GDPR)infringements referred to in Article 83 (4), 83 (5) and 83 (6) of the Data Protection Regulation. In that case, Article 83 (1), (2) and (3) of the Regulation62 KB (7,607 words) - 08:56, 7 October 2021
- UODO (Poland) - DKN.5110.12.2021 (category Article 33(1) GDPR)57 sec. 1 lit. a) and lit. h), art. 58 sec. 2 lit. i), art. 83 sec. 1 and 2 and article. 83 sec. 4 lit. a) in connection with art. 33 paragraph 1 and art51 KB (8,343 words) - 14:16, 15 June 2022
- APD/GBA (Belgium) - 18/2020 (category Article 5 GDPR)(Article 31 GDPR); - failure to comply with both the accountability obligation (Article 5.2 of the GDPR) and the duty to cooperate (Article 31 of the GDPR) with55 KB (8,810 words) - 16:55, 12 December 2023
- UODO (Poland) - DKN.5131.33.2021 (category Article 83(1) GDPR)breach, pursuant to the obligation expressed in Article 34 GDPR, in conjunction with Article 12 GDPR. Based on this assessment, the DPA issued an administrative81 KB (13,351 words) - 14:48, 2 March 2022
- AEPD (Spain) - EXP202206805 (category Article 83(2)(c) GDPR)complaining party, thereby contravening article 6 of the GDPR. In this sense, Recital 40 of the GDPR states: “(40) For the processing to be lawful, personal37 KB (5,879 words) - 07:09, 4 October 2023
- APD/GBA (Belgium) - 74/2020 (category Article 6(1)(f) GDPR)point b) GDPR and Article 100, §1, 5 ° WOG to be reprimanded for the infringement of Article 25 (1) GDPR; b. on the basis of Article 83 GDPR and Articles82 KB (12,100 words) - 17:01, 12 December 2023
- IMY (Sweden) - DI-2019-4062 (category Article 5(1)(a) GDPR)these breaches also entailed a violation of Articles 12(1) GDPR, 5(1)(a) GDPR and 5(2) GDPR. Regarding the information provided by Klarna on the purpose118 KB (13,497 words) - 16:24, 6 April 2022
- AEPD (Spain) - PS/00197/2020 (category Article 5(1)(b) GDPR)Articles 6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the129 KB (21,793 words) - 14:09, 13 December 2023
- Datainspektionen - DI-2019-3839 (category Article 5(1)(f) GDPR)whether the infringement concerns articles covered by Article 83(4) or 83.5 of the GDPR. Article 83(2) sets out the factors to be taken into account in determining60 KB (9,524 words) - 11:43, 7 April 2022
- Garante per la protezione dei dati personali (Italy) - 9991183 (category Article 5(1)(a) GDPR)company. Lastly, The DPA found a breach of Article 5(1)(a) GDPR and Article 12 GDPR and Article 13 GDPR regarding the sharing of patient clinical data through96 KB (15,258 words) - 16:36, 19 March 2024
- Garante per la protezione dei dati personali (Italy) - 9891673 (category Article 5(1)(a) GDPR)without prejudice to what has already been reported on the provision of Recital 63 GDPR, of explicit protection of industrial and corporate secrets and intellectual78 KB (12,604 words) - 09:01, 7 June 2023
- Garante per la protezione dei dati personali (Italy) - 9828901 (category Article 3(2)(a) GDPR)facilitator but, as specified in Recital 80 GDPR, the person who acts on behalf of the controller with regard to the GDPR obligations. The DPA held that91 KB (14,709 words) - 13:02, 14 December 2022
- WSA w Warszawie - II SA/Wa 809/20 (category Article 4(14) GDPR)sec. 2 lit. f, lit. g and lit and and with Art. 83 sec. 2 and 3, art. 83 sec. 5 lit. a, art. 83 sec. 7 GDPR - ordered the complainant School to delete personal82 KB (13,213 words) - 12:13, 10 May 2021
- AEPD (Spain) - EXP202210101 (category Article 6(1) GDPR)infraction classified in article 83.5.a) of the aforementioned Regulation 2016/679. In this sense, Recital 40 of the GDPR states: “(40) For the processing85 KB (13,823 words) - 12:51, 3 April 2024
- UODO (Poland) - DKN.5131.16.2021 (category Article 83(1) GDPR)33(3)(d), as Article 34(2) GDPR prescribes. Therefore, the DPA decided to impose an administrative fine pursuant to Article 83(1) GDPR. It considered the elements88 KB (14,432 words) - 10:31, 24 November 2021
- AP (The Netherlands) - Decision of 11 December 2023 imposing administrative fine on Uber (category Article 83 GDPR)thereby violating Article 13(2)(b) GDPR. In light of the above, in accordance with Article 58(2)(i) GDPR and Article 83 GPDR, the AP considered it appropriate80 KB (11,628 words) - 11:41, 23 February 2024
- UODO (Poland) - DKN.5131.43.2022 (category Article 5(2) GDPR)controller was in breach of Article 33(1) GDPR, Article 33(3) GDPR, Articles 34(1) and 34(2) GDPR, and Article 5(2) GDPR, Firstly, the Polish DPA held that the57 KB (9,261 words) - 08:13, 25 October 2023
- DSB (Austria) - 2023-0.420.407 (category Article 5(1)(a) GDPR)provisions of the GDPR do not supersede the provisions of the VStG and to the extent required by Article 83 Para. 8 GDPR and Recital 148 with regard to35 KB (5,572 words) - 14:56, 27 March 2024
- AEPD (Spain) - PS/00003/2021 (category Article 4(16) GDPR)definition of Article 4(16) GDPR, and therefore declared its competency to act as the lead supervisory authority under Article 56(1) GDPR. The AEPD then investigated115 KB (18,312 words) - 11:58, 16 March 2022
- Datainspektionen - DI-2019-7782 (category Article 5(1)(a) GDPR)depending on whether the infringement concerns articles covered by Article 83 (4) or 83.5 of the Data Protection Regulation. Section 25 (4) KBL also states that52 KB (8,101 words) - 11:43, 7 April 2022
- DSB (Austria) - 2022-0.585.764 (category Article 2(2)(c) GDPR)Article 83 paragraph 1 and 5 lit. a GDPR in conjunction with § 16 Administrative Penal Act 1991 - VStGArticle 83, paragraph one, and 5 lit. a, GDPR in conjunction77 KB (13,004 words) - 14:44, 9 May 2023
- Garante per la protezione dei dati personali (Italy) - 9815665 (category Article 5(1)(a) GDPR)definition of "personal data" in Article 4(1) GDPR. The DPA reminded the controller that, as defined in Recital 26 GDPR, pseudonymisation is a mere technical measure59 KB (9,359 words) - 08:38, 16 November 2022
- AEPD (Spain) - PS/00587/2021 (category Article 5(1)(f) GDPR)infringement of article 5.1.f) of the GDPR and article 32 of the GDPR, typified in articles 83.5 and 83.4 of the GDPR, respectively. The startup agreement81 KB (12,762 words) - 12:51, 29 November 2022
- AEPD (Spain) - EXP202205850 (category Article 5(1)(c) GDPR)excessive for the intended purpose of processing as per Article 5(1)(c) GDPR and Recital 39 GDPR. The AEPD issued a reprimand on the controller. Share your comments29 KB (4,590 words) - 15:06, 19 April 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)Data, https://wetten.overheid.nl/BWBR0033572/2013-03-01. 47See also recital 75 of the GDPR. 12/41Date Unidentified May 31, 2021 [CONFIDENTIAL] processing infringes106 KB (14,502 words) - 17:09, 12 December 2023
- AEPD (Spain) - PS/00131/2020 (category Article 13 GDPR)system. When the workers asked about the information listed under Article 13 GDPR, they only received a generic answer saying that the personal data were being45 KB (6,923 words) - 08:41, 16 June 2021
- Datainspektionen - DI-2019-9432 (category Article 5(1)(f) GDPR)proportionate and deterrent. This is stated in Article 83 (1) of the Data Protection Regulation. Article 83 (2) sets out the factors to be taken into account59 KB (8,959 words) - 11:43, 7 April 2022
- OLG Hamm - 11 U 88/22 (category Article 82 GDPR)2022, Art. 82 GDPR marginal number 14). With regard to recital 146 sentence 1 of the GDPR, however, processing must have violated the GDPR (Nemitz, in:85 KB (14,523 words) - 05:28, 26 April 2023
- DPC (Ireland) - WhatsApp Ireland Limited - IN-18-12-2 (category Article 4(1) GDPR) (section WhatsApp’s transparency obligations in the context of non-users under Articles 14 and 12(1) GDPR)4(1) of the GDPR. I further note that the text of the accompanying recital (Recital 26 of the Directive) is very similar to the text of Recital 26 of the830 KB (115,261 words) - 15:37, 22 February 2022
- Datatilsynet (Norway) - 20/02136 (notification) (category Article 6(1) GDPR)Articles 57 and 58 GDPR. The NO DPA is the supervisory authority established in line with Article 51(1) GDPR to monitor the application of the GDPR on the territory77 KB (11,517 words) - 10:36, 22 October 2022
- UODO (Poland) - DKN.5131.34.2021 (category Article 33(1) GDPR)Art. 57 sec. 1 it. a) and h), art. 58 sec. 2 it. e) i i), Art. 83 sec. 1-3 and art. 83 sec. 4 it. a) in connection with Art. 33 paragraph 1 and art. 3461 KB (9,994 words) - 08:37, 14 September 2022
- IMY (Sweden) - DI-2020-10547 (category Article 6(1) GDPR)DPA initiated supervision pursuant to Article 56 GDPR in accordance with the Article 60 GDPR cooperation mechanism. The handover of the complaint was made37 KB (4,294 words) - 15:52, 25 October 2022
- AEPD (Spain) - EXP202102056 (category Article 83 GDPR)Article 5.1.f) of the GDPR, typified in Article 83.5 of the GDPR and of Article 32 of the GDPR, typified in Article 83.4 of the GDPR. In order to issue said15 KB (2,206 words) - 13:53, 12 April 2023
- Garante per la protezione dei dati personali (Italy) - 9960948 (category Article 5(1)(f) GDPR)personal data securely, in violation of Articles 5(1)(f) GDPR and Article 32(1)(b) and (d) GDPR. Two aspects of the decisions are interesting. First, the86 KB (13,819 words) - 21:32, 8 February 2024
- VG Hamburg - 21 K 1802/21 (category Article 4(1) GDPR)information required under Art. 14 GDPR. recital 60 The defendant requests Recital 61 reject the complaint. Recital 62 As justification, she repeats her115 KB (18,479 words) - 16:31, 25 January 2023
- VG Mainz - 1 K 584/19.MZ (category Article 9(1) GDPR)of Art. 9 GDPR do not apply because the plaintiff did not seek to process that kind of data. The legality is thus determined by Art. 6 GDPR. In the absence58 KB (9,665 words) - 08:51, 25 November 2020
- Garante per la protezione dei dati personali (Italy) - 9872646 (category Article 5(1)(a) GDPR)Article 88 GDPR, which holds that it is permissible for national laws to provide a greater standard of protection than already given by the GDPR with regard37 KB (5,802 words) - 09:38, 16 June 2023
- AEPD (Spain) - PS/00427/2020 (category Article 30 GDPR)Articles 30 of the RGPD and 31 of the LOPDGDD, typified in Article 83.4.a) of the GDPR. Likewise, it was proposed that by the Director of the Spanish Agency35 KB (5,459 words) - 12:40, 7 July 2021
- AEPD (Spain) - PS-00507-2022 (category Article 83(2) GDPR)and Article 64 LPACAP and an infringement of Article 6(1) GDPR typified in Article 83(5) GDPR. After the proceedings were initiated, the controller provided49 KB (7,832 words) - 10:54, 22 January 2024
- Garante per la protezione dei dati personali (Italy) - 9768387 (category Article 28(1) GDPR)related to identifiable physical persons (Recital 83, Article 4(1) GDPR, Article 25 GDPR and Article 32(1)(a) GDPR). Moreover, a hosting service provider99 KB (16,015 words) - 16:16, 1 June 2022
- Garante per la protezione dei dati personali (Italy) - 9838992 (category Article 5(1)(a) GDPR)Articles 5(1)(a) and 13 GDPR, in addition to Articles 114 and 157 of the Privacy Code. Pursuant to Article 58(2)(i) GDPR and 83 GDPR, the DPA imposed an administrative41 KB (6,437 words) - 12:47, 8 February 2023
- NAIH (Hungary) - NAIH-175-12/2022 (category Article 5(1)(b) GDPR)personal data [Article 83 (2) (a) GDPR]; - the Customer has infringed several provisions of the General Data Protection Regulation1 [GDPR 83. Article 2 (2) (a)];112 KB (17,918 words) - 08:55, 24 March 2022
- APD/GBA (Belgium) - 46/2022 (category Article 5(1)(a) GDPR)17 of the GDPR), the right to restriction (Article 18 GDPR), as well as the right of opposition (Article 21 GDPR) 91. Article 17 of the GDPR states: 186 KB (12,864 words) - 06:37, 23 February 2023
- Datainspektionen - DI-2019-3841 (category Article 5(1)(f) GDPR)infringement concerns articles covered by Article 83 (4) or 83.5 of the Data Protection Regulation. Article 83 (2) of the Data Protection Regulation sets out91 KB (11,084 words) - 11:43, 7 April 2022
- BVwG - W298 2269087-1 (category Article 83 GDPR)penalty, are as follows: Article 83 paragraph 1, 2 and 5 lit. a GDPR:Article 83, paragraph ,, 2 and 5 lit. a, GDPR: "Article 83 General conditions for imposing52 KB (8,464 words) - 11:50, 26 July 2023
- UODO (Poland) - DKN. 5131.27.2022 (category Article 33(1) GDPR)57 sec. 1 lit. a) and h), art. 58 sec. 2 lit. e) and i), Art. 83 sec. 1 and sec. 2, art. 83 sec. 4 lit. a) in connection with Art. 33 paragraph 1 and art80 KB (13,127 words) - 07:57, 14 September 2022
- NAIH (Hungary) - NAIH-2501-10/2022 (category Article 5(1)(a) GDPR)required under Article 13 GDPR, as well as the fact of data transfer abroad, were completely missing. The DPA stated that Article 13 GDPR only provides the bare90 KB (14,299 words) - 13:52, 2 February 2023
- IMY (Sweden) - DI-2021-6140 (category Article 12(3) GDPR)Article 58(2)(i) and Article 83(2) of the GDPR that the IMY has the power to impose administrative fines in accordance with Article 83. Depending on the circumstances42 KB (4,784 words) - 08:22, 20 October 2022
- UODO (Poland) - DKN.5131.42.2022 (category Article 33 GDPR)authority to verify compliance with GDPR by the controller (the court) involved in the incident. Referencing Article 4(12) GDPR, the DPA found that the event95 KB (15,337 words) - 16:38, 19 March 2024
- Garante per la protezione dei dati personali (Italy) - 9826417 (category Article 4(11) GDPR)indicated in art. 83, par. 2, of the Regulation; In the present case, the following are relevant: 1) the seriousness of the violations (Article 83, paragraph90 KB (14,621 words) - 09:55, 7 December 2022
- Datainspektionen - DI-2019-3840 (category Article 83 GDPR)infringement concerns articles covered by Article 83 (4) or 83.5 of the Data Protection Regulation. Article 83 (2) of the Data Protection Regulation sets out87 KB (13,573 words) - 11:43, 7 April 2022
- Tietosuojavaltuutetun toimisto (Finland) - 3592/152/2019 (category Article 12(1) GDPR) (section On the application of the GDPR to an audio recording involving a private trader)Article 15 GDPR. The Finnish DPA then examined in which format the Company had to provide a copy of the personal data, in light of Article 15(3) GDPR. In this19 KB (3,000 words) - 11:39, 1 December 2021
- NAIH (Hungary) - NAIH-7058-5/2022 (category Article 6(1) GDPR)to be unlawful. The processing violated Article 7(2) GDPR, Article 7(4) GDPR and Article 6(1)(a) GDPR. The controller was fined 2,000,000 HUF (approx. €566 KB (10,499 words) - 08:55, 10 February 2023
- Datainspektionen - DI-2019-7024 (category Article 5(1)(f) GDPR)Article 83 (4) of the Data Protection Regulation and up to a maximum of 10 SEK 000 000 for infringements referred to in Article 83 (5) and 83 (6). Violations70 KB (11,103 words) - 11:43, 7 April 2022
- APD/GBA (Belgium) - 77/2023 (category Article 5(1)(a) GDPR)the data. 81 82 Respondent's Summary Submissions, p. 30, § 73. 83 GDPR, recital 39. GDPR, art. 4.5°; This is the “processing of personal data in such a150 KB (22,339 words) - 09:50, 21 June 2023
- IMY (Sweden) - DI-2021-3399 (category Article 6(1) GDPR)Article 58(2)(i) and Article 83(2) of the GDPR that the IMY has the power to impose administrative fines in accordance with Article 83. Depending on thePrivacy54 KB (6,188 words) - 14:20, 1 March 2023
- AEPD (Spain) - PS/00375/2022 (category Article 5(1)(b) GDPR)losses physical, material or immaterial. In this same sense, recital 83 of the GDPR states that: “(83) In order to maintain security and prevent the treatment55 KB (8,720 words) - 10:46, 18 January 2024
- VwGH - Ro 2019/04/0229 (category Article 83 GDPR)regarding GDPR-violations against the legal person. The Austrian Data Protection Authority (DSB) had issued a fine of EUR 4,800 under Article 83 GDPR against59 KB (8,848 words) - 12:41, 16 September 2021
- Datainspektionen - DI-2019-3844 (category Article 5(1)(f) GDPR)determines whether the data processing involves a risk or a high risk. Recitals 39 and 83 also contain writings that provide guidance on it the meaning of the91 KB (11,182 words) - 11:43, 7 April 2022
- AEPD (Spain) - EXP202204501 (category Article 5(1)(f) GDPR)the Article 83.5 of the GDPR. - Has violated the provisions of Article 32 of the RGPD, an offense classified in the Article 83.4 of the GDPR. - Has violated57 KB (8,604 words) - 15:40, 20 March 2024
- Garante per la protezione dei dati personali (Italy) - 9949494 (category Article 5(1) GDPR)Therefore, the controller violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR and Article 6(1) GDPR considering that the first camera was also framing17 KB (2,504 words) - 07:59, 29 November 2023
- Garante per la protezione dei dati personali (Italy) - 9842783 (category Article 5 GDPR)Italian DPA concluded that the controller breached Article 5 GDPR, Article 6 GDPR and Article 9 GDPR and Articles 2-ter as well as 2-septies (8) of the Code51 KB (8,159 words) - 00:03, 18 January 2023
- AEPD (Spain) - PS/00078/2021 (category Article 5(1)(c) GDPR)process this data under Article 6(1)(b) GDPR for the performance of a contract, and as well as Article 6(1)(c) GDPR to comply with legal obligations for lodging118 KB (19,187 words) - 17:08, 9 March 2022
- AEPD (Spain) - PS/00120/2021 (category Article 83(4)(a) GDPR) (section On Articles 6, 9 and 5(1)(c) GDPR)alleged violation of Article 5.1.c) of the GDPR, Article 6 of the GDPR, Article 9 of the GDPR, Article 12 of the GDPR, Article 35 of the RGPD, Article 13 of337 KB (50,591 words) - 15:29, 5 August 2021
- Garante per la protezione dei dati personali (Italy) - 9900808 (category Article 28 GDPR)administrative sanction envisaged by art. 83, par. 4, of the Regulation, pursuant to articles 58, par. 2, lit. i), and 83, par. 3, of the same Regulation, as157 KB (25,874 words) - 14:36, 27 June 2023
- APDCAT (Catalonia) - IAI 68/2021 - IAI 71/2021 (category Article 9 GDPR)One on hand, the APDCAT stated that under Article 2 GDPR, Article 4(1) GDPR and Recital 14 GDPR, any information regarding administrative procedures for42 KB (6,128 words) - 11:58, 20 January 2022
- ICO - Monetary Penalty on Marriott International Inc. (category Article 5(1)(f) GDPR)fining tier(s) (Articles 83(4) and (5) GDPR) 7.56. The infringement of Article 5(1)(f) GDPR falls within Article 83(5)(a) GDPR, whereas Article 32 falls241 KB (31,368 words) - 09:59, 9 May 2022
- APD/GBA (Belgium) - 71/2022 (category Article 5(1)(c) GDPR)view to a powerful enforcement of the rules of the GDPR. As is clear from Recital 148 GDPR, the GDPR states after all, it is important to note that for69 KB (10,468 words) - 07:37, 9 June 2022
- APD/GBA (Belgium) - 07/2024 (category Article 5(1)(c) GDPR)DPA considered the infringement of Article 5 GDPR, Article 24(1) GDPR, as well as Articles 25(1) and (2) GDPR. Secondly, the DPA addressed the access request350 KB (51,369 words) - 09:25, 31 January 2024
- Tietosuojavaltuutetun toimisto (Finland) - 10587/161/21 (category Article 83(2) GDPR)express its opinion, provide an explanation, or raise issues under Article 83(2) GDPR that the DPA would assess when imposing a fine. On 31 January 2022, the24 KB (3,719 words) - 15:57, 1 June 2022
- APD/GBA (Belgium) - 85/2022 (category Article 4(11) GDPR)and 7(1) GDPR; Articles 5, paragraph 2 and 24 GDPR; Articles 12, paragraph 1, j° 13 and 14 GDPR; Article 5(1)(e) GDPR; and Article 7(3) GDPR. - order the171 KB (24,826 words) - 15:55, 18 June 2022
- AEPD (Spain) - PS/00226/2020 (category Article 6 GDPR)of Article 7(4) GDPR. Based on these considerations, the AEPD issued a €2,000,000 fine against Caixabank for infringing Article 6 GDPR in relation to Article373 KB (61,959 words) - 14:17, 9 March 2022
- BVwG - W256 2235360-1 (category Article 4 GDPR)58 (2) GDPR (see Art 83 GDPR, which in its (3) and (4) summarises the possible infringements in connection with data processing; see also Art 83(3) GDPR67 KB (10,431 words) - 08:39, 21 February 2024
- CNPD (Luxembourg) - Délibération n° 11FR/2021 (category Article 5(1)(e) GDPR)the GDPR (see statement of objections, page 2, Ad.A.1.). 11See in particular articles 5,1, a) and 12 of the GDPR, see also recital (39) of the GDPR. 1260 KB (8,610 words) - 11:12, 16 June 2021
- APD/GBA (Belgium) - 33/2022 (category Article 5(1)(f) GDPR)against accidental loss, destruction or alteration of data. 23. Recital 83 of the GDPR envisages that “[...] the controller [...] assesses the risks inherent26 KB (4,116 words) - 15:36, 30 March 2022
- IMY (Sweden) - DI-2019-11737 (category Article 4(4) GDPR)proportionate and dissuasive. The stated in Article 83.1 of the Data Protection Regulation. Article 83.2 specifies the factors that must taken into account103 KB (15,684 words) - 07:17, 12 July 2023
- AEPD (Spain) - EXP202104896 (category Article 9(2) GDPR)the alleged violation of the articles: -6.1 of the GDPR, in accordance with article 83.5.a) of the GDPR and article 72.1.b) of the LOPDGDD. C/ Jorge Juan103 KB (17,238 words) - 13:27, 3 April 2023
- AEPD (Spain) - PS/00178/2021 (category Article 5(1)(f) GDPR)determine the administrative fine to be imposed, the provisions of articles 83.1 and 83.2 of the RGPD, provisions that state: "one. Each control authority will20 KB (3,078 words) - 14:26, 24 November 2022
- FG Berlin-Brandenburg - 16 K 16155/21 (category Article 79(2) GDPR)the reference to Article 79(2) GDPR from Article 82(6) GDPR, and the fact that one could argue that Article 82(6) GDPR overrides Member State procedural19 KB (2,925 words) - 11:09, 27 July 2022
- NAIH (Hungary) - NAIH-2857-20/2021 (category Article 83(2) GDPR)satisfaction surveys, because the necessary prerequisites explained in Recital (47) of the GDPR regarding reasonable expectations and other guarantees have not79 KB (12,495 words) - 11:03, 21 January 2022
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)not override the data subject's right to privacy. Pursuant to Article 17(1) GDPR, the data subject had requested Google LLC (the controller) to remove several60 KB (9,713 words) - 13:07, 26 March 2024
- Garante per la protezione dei dati personali (Italy) - 9995680 (category Article 5(1)(a) GDPR)the provisions of GDPR does not exclude the controller from the liability, given that the controller, in light of Article 5(2) GDPR is responsible for105 KB (16,849 words) - 11:58, 11 April 2024
- AEPD (Spain) - PS/00191/2022 (category Article 5(1)(c) GDPR)considered together with the voice. It highlighted that, in line with Recital 75 GDPR, risk must be interpreted as any circumstance that may give rise to11 KB (1,598 words) - 05:19, 26 April 2023
- CE - 451423 (category Article 83 GDPR)mechanism of Article 56 GDPR. The luxembourg DPA started an investigation regarding Amazon's use of cookies and its compliance with the GDPR and the ePrivacy51 KB (8,228 words) - 17:33, 11 January 2023
- Garante per la protezione dei dati personali (Italy) - 9917728 (category Article 5(1)(a) GDPR)i), and 83 of the Regulation, as well as art. 166 of the Code, has the power to "impose a pecuniary administrative sanction pursuant to article 83, in addition60 KB (9,523 words) - 08:00, 23 August 2023
- VG Gelsenkirchen - 20 K 6392/18 (category Article 12(5) GDPR)Para. 5 GDPR were met in the present case. According to Art. 12 Para. 5 GDPR, the first-time provision of the information under Art. 15 Para. 3 GDPR had to98 KB (16,595 words) - 15:50, 17 March 2022
- CJEU - C-768/21 - TR v Land Hessen (category Article 57(1) GDPR)and 57(1)(a) GDPR, national DPAs are responsible for monitoring compliance with the GDPR (§35 of the Opinion). Under Article 57(1)(f) GDPR, each DPA is9 KB (1,244 words) - 13:31, 23 April 2024
- DVI (Latvia) - SIA "Fitsypro" (category Article 83(2) GDPR)force the controller to comply with the GDPR. In the quantification of such a fine pursuant to Article 83(2) GDPR, the DPA particularly stressed as an aggravating29 KB (4,404 words) - 07:53, 23 August 2023
- NAIH (Hungary) - NAIH-3734-15/2023 (category Article 83 GDPR)Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data processing in this case. (31) Recital (47) GDPR: The data controller - including48 KB (7,721 words) - 11:09, 10 January 2024
- Garante per la protezione dei dati personali (Italy) - 9685994 (category Article 5(1)(c) GDPR)negligent conduct"; "The Group has recently completed a GDPR audit undertaken as part of Phase 2 of GDPR compliance activities"; "The path undertaken from June235 KB (38,572 words) - 10:19, 20 July 2022
- IMY (Sweden) - IMY-2022-1032 (category Article 12(2) GDPR)breach of Article 12(2) of the GDPR. Choice of corrective measure It follows from Article 58(2)(i) and Article 83(2) of the GDPR that IMY has the power to impose37 KB (4,179 words) - 07:51, 7 June 2023
- UODO (Poland) - DKN.5130.2215.2020 (category Article 5(1)(f) GDPR)sec. 1 and 2 and article. 34 sec. 1, as well as art. 83 sec. 1-3 and art. 83 sec. 4 lit. a) and art. 83 sec. 5 lit. a) Regulation of the European Parliament110 KB (17,650 words) - 12:27, 29 April 2022
- UODO (Poland) - DKN.5131.59.2022 (category Article 33(1) GDPR)have notified the DPA under Article 33(1) GDPR and the data subjects affected by the breach under Article 34(1) GDPR. Regarding the corrective measure taken108 KB (17,728 words) - 07:57, 25 April 2024
- DPC - Health Service Executive - August 2020 (IN-19-9-1) (category Article 5(1)(f) GDPR)consider the factors identified above under Articles 83(2)(c), 83(2)(e), and 83(2)(f) of the GDPR mitigating. To account for the action taken by the HSE142 KB (23,134 words) - 15:51, 19 July 2021
- AEPD (Spain) - PS/00193/2021 (category Article 83 GDPR)infringement for which the claimed entity is responsible is found typified in article 83 of the RGPD that, under the heading "General conditions for the imposition27 KB (4,223 words) - 10:01, 22 September 2021
- Datainspektionen - DI-2020-1539 (category Article 9(1) GDPR)provided for in Article 83 (5) and violations of Article 32 are covered by the lower maximum amount according to Article 83.4. Article 83 (2) of the Data Protection23 KB (3,553 words) - 09:02, 13 May 2022
- VG Berlin - 1 K 391/20 (category Article 91(1) GDPR)also supported by Recital 128 GDPR. Therefore, the court found the independent nature of the church supervisory authorities to be GDPR-compliant. Second36 KB (5,768 words) - 14:17, 18 May 2022
- Garante per la protezione dei dati personali (Italy) - 9993548 (category Article 5(1)(f) GDPR)integrity outlined in Article 5(1)(f) GDPR and Article 32 GDPR. Moreover, the DPA found that relying on Article 6(1)(f) GDPR as legal basis for processing notaries'42 KB (6,554 words) - 12:35, 27 March 2024
- IMY (Sweden) - DI-2020-10549 (category Article 5(1)(c) GDPR)for GDPR violations before. Thus, the DPA issued a reprimand to the controller for breaching Article 5(1)(c) GDPR, Article 12(2) GDPR and 12(6) GDPR. Share56 KB (6,423 words) - 08:14, 30 April 2024
- DSB (Austria) - 2021-0.518.795 (category Article 83(1) GDPR)provisions of the GDPR that are directly applicable do not supersede the provisions of the VStG and to the extent that Art. 83 (8) GDPR and recital 148 with regard29 KB (4,581 words) - 10:13, 10 March 2022
- OLG Stuttgart - 2 U 257/19 (category Article 13 GDPR)Court of Stuttgart points out that the absence of information of Article 13 GDPR constitutes an unfair trade-based action as understood by § 3 of the national52 KB (8,574 words) - 16:03, 10 March 2022
- OGH - 6Ob56/21k (category Article 2(2)(c) GDPR)member states is superimposed (see Recital 146 S 4 and 5 on the GDPR; cf. also Frenzel in Paal / Pauly, GDPR-BDSG3 Art 82 GDPR margin no.1; Wybitul / Haß / Albrecht127 KB (21,056 words) - 08:17, 19 August 2021
- Datainspektionen - DI-2020-4534 (category Article 6(1)(f) GDPR)impose administrative penalty fees in accordance with with Article 83. Pursuant to Article 83 (2), administrative penalty fees, depending on the circumstances34 KB (3,985 words) - 11:43, 7 April 2022
- Garante per la protezione dei dati personali (Italy) - 9827446 (category Article 5(1)(a) GDPR)(Article 83(2)(a) GDPR and Article 83(2)(g) GDPR). It also considered the cooperation of the controller to remedy the infringement (Article 83(2)(f) GDPR) and70 KB (11,425 words) - 13:47, 7 December 2022
- UODO (Poland) - DKN.5131.31.2022 (category Article 5(1) GDPR)Protection Office, pursuant to Art. 83 section 4 lit. a) and art. 83 section 5 lit. a) in connection with Art. 83 section 3 of Regulation 2016/679 and71 KB (11,306 words) - 10:51, 22 January 2024
- AEPD (Spain) - EXP202207494 (category Article 5(1)(f) GDPR)(“integrity and confidentiality"). In relation to this principle, Recital 39 of the aforementioned GDPR states that “(…) Personal data must be processed in a way26 KB (3,952 words) - 09:44, 14 February 2024
- AEPD (Spain) - PS/00362/2021 (category Article 83 GDPR)damages physical, material or immaterial. In this same sense, recital 83 of the RGPD states that: “(83) In order to maintain security and prevent the treatment31 KB (4,769 words) - 08:00, 8 September 2021
- VG Ansbach - 14 K 19.01274 (category Article 77 GDPR)the GDPR also applied to facts before the above-mentioned date. The Court noted that the entry-into-force of the GDPR according to Article 99 GDPR represents33 KB (5,554 words) - 11:06, 19 November 2021
- Garante per la protezione dei dati personali (Italy) - 9782890 (category Article 5(1)(a) GDPR)Article 46(2) GDPR. For these violations, the DPA reprimanded the controller and ordered it to comply with the GDPR (specifically Article 46 GDPR) within 9047 KB (7,604 words) - 07:01, 20 July 2022
- VG Karlsruhe - 7 K 2578/22 (category Article 15(1) GDPR)data within the meaning of Article 4(1) GDPR and thus cannot be object of an access request under Article 15(3) GDPR. Making reference to CJEU case C-434/1683 KB (13,935 words) - 10:24, 17 January 2024
- AEPD (Spain) - EXP202202960 (category Article 13 GDPR)of Article 35 of the GDPR, Article 32 of the GDPR and Article 13 of the GDPR, typified in Articles 83.5 of the RGPD and Article 83.4 of the RGPD. SIXTH:149 KB (22,597 words) - 12:34, 3 April 2024
- AEPD (Spain) - PS/00505/2021 (category Article 6(1) GDPR)administrative fine to be imposed, observe the provisions contained in articles 83.1 and 83.2 of the RGPD, which point out: "1. Each control authority will guarantee28 KB (4,283 words) - 09:43, 24 March 2022
- AEPD (Spain) - PS/00140/2022 (category Article 13 GDPR)on a large scale. Despite The GDPR does not define what is meant by large-scale processing, both the recital 91 of the GDPR as the Working Party of article151 KB (23,196 words) - 05:40, 9 May 2023
- APD/GBA (Belgium) - 158/2022 (category Article 6 GDPR)July 2021. 7GDPR, Art. 12. 8 GDPR, Art. 12.2 and 12.3. 9GDPR, Art. 12.3. 1 GDPR, Art. 12.3. 1 GDPR, Art. 12.4. Decision 158/2022 - 6/13 26. Secondly, it42 KB (6,128 words) - 12:47, 16 November 2022