Search results
From GDPRhub
- AEPD (Spain) - EXP202201247 (category Article 83(5) GDPR)hereinafter, LPACAP), for the alleged violation of article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid17 KB (2,350 words) - 13:17, 13 December 2023
- AEPD (Spain) - PS/00003/2020 (category Article 5(1)(c) GDPR)of Article 5.1.c) of the RGPD, typified in Article 83.5 of the RGPD, a fine of FIVE THOUSAND EUROS (€ 5,000). That, under the provisions of article 5850 KB (7,524 words) - 13:44, 13 December 2023
- Court of Appeal of Brussels - 2023/AR/801 (category Article 96 GDPR)Appeal considered that Article 96 GDPR does not provide a time limit for the validity of international agreements concluded prior GDPR and that a ban on some11 KB (1,467 words) - 09:40, 6 July 2023
- Datatilsynet (Norway) - 20/02225 (category Article 5(2) GDPR)dissuasive" as per Article 83(1). In addition to a breach of Article 6(1)(f), the lack of organisational measures pursuant to Article 5(2) was weighted when45 KB (7,286 words) - 18:55, 5 March 2022
- AEPD (Spain) - E/08205/2019 (category Article 5(1)(f) GDPR)following chronology of events: FIRST: PROMOFARMA, on August 6, 2019, at 5:30 p.m., was aware of a news item published in a foreign media regarding an17 KB (2,577 words) - 13:42, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4359/163/2018 (category Article 5(1)(e) GDPR)from the Accounting Act, with more detailed reasons for the decision. Article 5 (1) (e) of the General Data Protection Regulation provides for restrictions15 KB (2,249 words) - 13:05, 3 March 2024
- OGH - 6Ob56/21k (request for preliminary ruling under Article 267 TFEU) (category Article 5(1)(c) GDPR)requirements of Article 6(1)(a) in conjunction with Article 7 GDPR, which cannot be superseded by relying on Article 6(1)(b) GDPR? Is Article 5(1)(c) GDPR (data122 KB (20,253 words) - 08:17, 19 August 2021
- Council of State - 251.378 (category Article 28(1) GDPR)ruling and the GDPR; breach of Article 28 GDPR (the choice of a the processor does not provide sufficient guarantees); breach of Article 32 GDPR (lack of appropriate40 KB (6,324 words) - 15:34, 1 September 2021
- CNIL (France) - SAN-2023-082 (category Article 5(2) GDPR)include the elements listed in this methodology. 6.2.5. In accordance with Article 30 of the GDPR, the data controller maintains, within the register of46 KB (7,106 words) - 17:06, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg81 KB (11,895 words) - 16:58, 6 December 2023
- AEPD (Spain) - PS/00333/2019 (category Article 5 GDPR)infringement of article 5.1(b), as defined in Article 83(5)(a) and considered for the purposes of the statute of limitations in Article 72(1)(a), a fine16 KB (2,625 words) - 14:29, 13 December 2023
- UODO (Poland) - DKE.561.11.2020 (category Article 34(4) GDPR)(2), Article 60, Article 101, Article 101a and Article 103 of the Act of 10 May 2018 on personal data protection (Journal of Laws of 2019, item 1781) and46 KB (7,322 words) - 09:51, 17 November 2023
- AEPD (Spain) - E/01090/2021 (category Article 4(9) GDPR)is part of the confidentiality and professional secrecy established in article 5 of the code of ethics of the Spanish Lawyers, not having violated the right17 KB (2,544 words) - 13:39, 13 December 2023
- AEPD (Spain) - PS/00479/2019 (category Article 5(1)(c) GDPR)minimisation principle related, as per Article 5(1)(c) GDPR, and the lack of transparent information, as per Article 12 GDPR. The decision is the consequence17 KB (2,541 words) - 14:43, 13 December 2023
- AEPD (Spain) - EXP202309109 (category Article 5(1)(c) GDPR)purposes and means of such activity, by virtue of article 4.7 of the GDPR. For its part, article 5.1.c) of the GDPR regulates the “principles relating to processing”18 KB (2,733 words) - 13:18, 13 December 2023
- DSB (Austria) - 2020-0.743.659 (category Article 5(1)(a) GDPR)requirements of Article 9 GDPR. In the DSB held that the processing violated Articles 5, 6 and 9 GDPR: Consent under Articles 6(1)(a), 7 and 9(2)(a) GDPR cannot50 KB (8,015 words) - 13:52, 12 May 2023
- AEPD (Spain) - E/07449/2019 (category Article 13 GDPR)accordance with the provisions of Article 37.2 of the LOPD, in the wording given by Article 82 of Law 62/2003, of 30 December, on fiscal, administrative11 KB (1,680 words) - 13:41, 13 December 2023
- AZOP (Croatia) - Decision 28-08-2019 (category Article 5(1) GDPR)violation of Article 5, Article 6, and Article 25 GDPR. It ordered the controller to comply with the data subject's erasure request pursuant to Article 17(1)(d)16 KB (2,373 words) - 15:31, 30 October 2023
- AZOP (Croatia) - Decision 29-06-2022 (Center for Social Welfare) (category Article 5 GDPR)not under a legal obligation to process these data. Article 29 of the Croatian Labour Act and Article 5(4) of the Labour Law Rulebook (Official Gazette, no17 KB (2,660 words) - 15:35, 30 October 2023
- AEPD (Spain) - PS/00082/2020 (category Article 5(1)(c) GDPR)procedure to the claimed, by thealleged violation of Article 5.1.c) of the RGPD, typified in Article 83.5 of theRGPD.FIFTH: On 06/22/20, this Agency received18 KB (2,749 words) - 13:57, 13 December 2023
- AEPD (Spain) - PS/00187/2020 (category Article 5(1)(f) GDPR)the alleged violation of Article 32 of the RGPD, Article 5.1.f) of the RGPD, Article 25 of the RGPD, typified in Article 83.5 of the RGPD. FOURTH: On October51 KB (7,770 words) - 14:08, 13 December 2023
- UODO (Poland) - DKN.5131.5.2020 (category Article 33(1) GDPR)subjects, according to Article 33(1) GDPR and Article 34(1) GDPR? The PUODO held that the insurance company infringed the GDPR provisions, failing to notify47 KB (7,608 words) - 10:00, 17 November 2023
- AEPD (Spain) - PS/00197/2020 (category Article 5(1)(b) GDPR)Articles 6(1)(b), 5(1)(b) and 5(1)(c) GDPR? The Spanish DPA (AEPD) deemed itself competent under Article 58(2) GDPR in conjunction with Article 47 of the Spanish129 KB (21,793 words) - 14:09, 13 December 2023
- AEPD (Spain) - EXP202201746 (category Article 5(1)(f) GDPR)violation of article 5.1.f) of the GDPR SAW The violation of article 5.1.f) of the RGPD implies the commission of the violations typified in article 83.5 of the62 KB (9,703 words) - 13:05, 13 December 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)of article 32, paragraph 1, GDPR further elaborated in article 32, paragraph 2, subaenk, VIS Regulation. 2.5AccessrightstoNVISandstaffprofiles 2.5.1Legal179 KB (22,957 words) - 17:07, 12 December 2023
- VG Regensburg - RN 9 K 19.1061 (category Article 2 GDPR)under Article 77(1) GDPR and subsequently the right of judicial remedy against the supervisory authority under Article 78(1) GDPR. Article 79 (1) GDPR provides94 KB (15,537 words) - 09:09, 25 August 2020
- APD/GBA (Belgium) - 04/2021 (category Article 5(1) GDPR)of the GDPR: art. 5.1 a, 12.1, 13, 14, 6, 7, 5.1.c in conjunction with 25, 5.2, 28.3, 31, 37 and 38 AVG. 63. With regard to Article 5 (1) (a) GDPR, the defendant113 KB (18,732 words) - 16:50, 12 December 2023
- HDPA (Greece) - 50/2022 (category Article 5(1)(b) GDPR)limitation under Article 5(1)(a) of the GDPR. 1(b) and the obligation (principle) of accountability under Article 5(1)(b). 2 of the GDPR, that is to say19 KB (2,790 words) - 15:32, 6 December 2023
- Datatilsynet (Denmark) - 2019-431-0048 (category Article 28(1) GDPR)municipalities has not complied with Article 28 (1) of the Data Protection Regulation. Article 32 (3) (f), cf. Article 32, as the company has not implemented18 KB (2,633 words) - 16:36, 6 December 2023
- AEPD (Spain) - PS/00031/2020 (category Article 21 GDPR)complainant had a right to object to processing for marketing purposes under Article 21 GDPR. Despite no further contact being made the company, the AEPD still fined15 KB (2,411 words) - 13:49, 13 December 2023
- AG Pankow - 4 C 199/21 (category Article 15 GDPR)according to Article 82 GDPR. The District Court rejected the claim of the data subject. It held that the controller did not violate Article 15(1) GDPR. It found17 KB (2,569 words) - 07:15, 17 May 2022
- AEPD (Spain) - EXP202208230 (category Article 28(2) GDPR)violation of article 28.2 typified in Article 83.4 a) GDPR. SIXTY THOUSAND EUROS (€60,000) for alleged violation of article 28.3 typified in Article 83.4 a)45 KB (6,904 words) - 13:12, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3216/452/17 (category Article 5(1)(a) GDPR)violated Article 5(1)(a) GDPR, Article 5(1)(c) GDPR, Article 9 GDPR and Article 25(2) GDPR. As a result, and in accordance with Article 58(2)(d) GDPR, the60 KB (9,117 words) - 14:46, 24 January 2024
- DPC (Ireland) - Inquiry into Airbnb Ireland UC - 28 September 2023 (category Article 5(1)(c) GDPR)follows: Article 5(1)(c) , Article 5(1)(e) and Article 6(1)(f) of the GDPR The DPC found that Airbnb did not validly rely on Article 6(1)(f) of the GDPR as the17 KB (2,411 words) - 09:25, 27 November 2023
- AEPD (Spain) - TD/00133/2020 (category Article 12 GDPR)has been received. Does the GDPR allow the data controller to ignore a request for erasure? The AEPD found that Article 12 GDPR does not allow the data controller18 KB (2,721 words) - 14:51, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445796 (category Article 5(1)(b) GDPR)the protection of legally relevant interests in accordance with Article 5-bis" (Article 5, paragraph 2, Legislative Decree no. 33/2013). In relation to the16 KB (2,430 words) - 15:51, 6 December 2023
- the terms required by article 22.2. ”, which may be sanctioned nothing with a fine of up to € 30,000, in accordance with article 39 of the aforementioned34 KB (5,222 words) - 12:58, 13 December 2023
- AEPD (Spain) - PS/00268/2020 (category Article 13 GDPR)Policy on their website (Article 13 GDPR) and for the absence of a reject button on the second layer of their Cookie Policy (Article 22(2) LSSI). The claimant17 KB (2,700 words) - 14:23, 13 December 2023
- AZOP (Croatia) - Decision 21-01-2022 (category Article 5(1)(a) GDPR)basis to process data subject’s phone number, and violated Article 5 and Article 6 GDPR. Second, the DPA found that data subject was insufficiently informed18 KB (2,722 words) - 15:26, 30 October 2023
- AEPD (Spain) - EXP202207084 (category Article 2(2)(c) GDPR)remind you not in vain, (...)". SECOND: In accordance with article 65.4 of Organic Law 3/2018, of 5 December, Protection of Personal Data and guarantee of15 KB (2,384 words) - 10:46, 13 December 2023
- AZOP (Croatia) - Decision 10-08-2023 (category Article 5 GDPR)this the AZOP held that the controller acted contrary to Article 5(1)(a) GDPR and Article 6 GDPR. Moreover, the AZOP reiterated the fact that the pictures19 KB (2,955 words) - 16:29, 5 December 2023
- AEPD (Spain) - PS/00410/2019 (category Article 7 GDPR)Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 5 5/5set forth in article 25 and section 5 of the fourth additional provision of the Law29/1998,15 KB (2,192 words) - 14:36, 13 December 2023
- CNIL (France) - Google Analytics (no case number) (category Article 4(7) GDPR)be personal data per Article 4 GDPR. The CNIL then assessed whether the transfers of the data to the US comply with Article 44 GDPR. It considered whether40 KB (5,904 words) - 16:51, 24 February 2022
- OLG Innsbruck - 1 R 182/19b (category Article 82 GDPR)of Innsbruck held that the right to compensation in accordance with article 82(1) GDPR is subject to two cumulative conditions. They must be met by the data54 KB (7,916 words) - 12:06, 9 May 2022
- LfDI (Baden-Württemberg) - O 1018/115 (category Article 32(1)(a) GDPR)data security when processing personal data in accordance with Art. 32(1)a GDPR. The company had contacted the LfDI on 8 September 2018 with a data breach13 KB (1,926 words) - 10:22, 17 November 2023
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)for an infractionof article 6 of the RGPD, typified in article 83.5.a) and classified as very serious toprescription effects in article 72.1.b) of the LOPDGDD206 KB (32,869 words) - 14:36, 13 December 2023
- UODO (Poland) - ZSPR.421.3.2018 (category Article 14 GDPR)disproportionate pursuant to Art. 14 par. 5 lit. b GDPR? The President of UODO found that: 1) The applicable provision is the Art. 14 GDPR since the data controller collects52 KB (8,444 words) - 10:01, 17 November 2023
- where, after a data subject makes a complaint under section 165 or Article 77 of the GDPR, the Commissioner- (a) fails to take appropriate steps to respond12 KB (1,722 words) - 14:39, 21 December 2023
- AEPD (Spain) - PS/00139/2020 (category Article 5(1)(a) GDPR)violation of Article 5(1)(d) of the GPRS, in relation to Article 4(1) of the LOPDGDD, which governs the principle of accuracy of personal data. IV Article 72.120 KB (3,086 words) - 14:04, 13 December 2023
- APD/GBA (Belgium) - 154/2023 (category Article 5(1)(b) GDPR)principle (Article 5.1 b) GDPR) and the principle of minimum data processing (Article 5.1 c) GDPR). This follows from both provisions of the GDPR camera surveillance21 KB (3,034 words) - 15:30, 26 January 2024
- DPC (Ireland) - IN-21-3-1 (category Article 5 GDPR)controller had infringed Article 6(1) GDPR, in addition to violating the principle of data minimisation in Article 5(1)(c) GDPR. Concerning the second issue20 KB (3,069 words) - 18:48, 24 January 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)made to the GDPR, it follows that the "consent" provided for in Article 5, paragraph 3, of the "ePrivacy" directive as transposed in article 82 of the "Informatique82 KB (13,428 words) - 17:02, 6 December 2023
- AZOP (Croatia) - Decision 29-06-2022 (bank) (category Article 5 GDPR)the principles of lawfulness and fairness of Article 5 GDPR and without a legal basis under Article 6 GDPR. A bank (the controller) organized prize games20 KB (3,166 words) - 15:36, 30 October 2023
- Rb. Gelderland - C/05/391171 / HA RK 21-135 (category Article 5(1)(c) GDPR)personal data in accordance with the basic principles of Article 5 of the GDPR. Article 5(1)(a) of the GDPR states that personal data must be processed in a manner56 KB (9,287 words) - 16:00, 26 January 2022
- AEPD (Spain) - EXP202200429 (category Article 5(1)(c) GDPR)infringement of the GDPR, articles: -12 of the GDPR, in accordance with article 83.5.b) of the GDPR and 72.1.k) of the LOPDGDD, and -5.1.c) of the GDPR, in accordance56 KB (9,356 words) - 10:43, 13 December 2023
- UODO (Poland) - DKE.561.3.2020 (category Article 31 GDPR)protected (Article 32, Article 24 (1) and (2) of Regulation 2016/679). Has the Chief Surveyor of the country appointed a data protection officer (Article 37 of51 KB (8,322 words) - 09:51, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9435753 (category Article 5(1) GDPR)by Wind Tre a breach of Articles 5, 6 and 24 GDPR? Was the processing by Wind Tre in violation of Articles 5 and 6 GDPR? Was the information provided by129 KB (21,020 words) - 15:49, 6 December 2023
- AEPD (Spain) - PS/00388/2020 (category Article 7 GDPR)regards to a violation of Article 7 GDPR, for gathering consent in a generic way. To fine the controller €3000 for infringing Article 22(2) LSSI, for installing52 KB (8,471 words) - 14:33, 13 December 2023
- Rb. Den Haag - C/09/581973/KG ZA 19/1024 (category Article 82 GDPR)pursuant to Article 12(3) of the AVG. If, as in this case, such a decision is taken by an administrative body, then, pursuant to Article 34 of the GDPR Implementing20 KB (3,086 words) - 16:15, 10 March 2022
- AEPD (Spain) - PS/00405/2020 (category Article 6(1)(a) GDPR)complained party, by the alleged infringement of article 6.1.a) of the RGPD, typified in article 83.5 of the GDPR. EIGHTH: The agreement to initiate this sanctioning20 KB (3,047 words) - 14:35, 13 December 2023
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)purpose constituted a breach of Article 5(1)(e) GDPR. Secondly, the CNIL indicated that the controller breached Article 13 GDPR by failing to include the right56 KB (8,757 words) - 14:12, 28 February 2024
- AEPD (Spain) - PS/00386/2019 (category Article 7 GDPR)in the terms required by article 22.2. ”, and may be sanctionednothing with a fine of up to € 30,000, in accordance with article 39 of the aforementioned16 KB (2,335 words) - 14:33, 13 December 2023
- AEPD (Spain) - PS/00275/2019 (category Article 5(1)(f) GDPR)LPACAP), for the alleged infringement of Article 5.1(f) of the GDPR, as defined in Article 83.5(a) of the GDPR. FOURTH: Having been notified of the above-mentioned21 KB (3,335 words) - 14:25, 13 December 2023
- AEPD (Spain) - PS/00272/2019 (category Article 5(1)(c) GDPR)with the GDPR. Especially, if the installation of surveillance camera is contrary to the data minimisation principle, under Article 5(1)(c) GDPR. First,22 KB (3,438 words) - 14:24, 13 December 2023
- Gerechtshof Amsterdam - 200.251.466/01 (category Article 21 GDPR)request under Article 21 GDPR can be made at any time and several times. It also found that a provisional measure can be granted under Article 21 GDPR if an urgent19 KB (3,021 words) - 15:48, 15 March 2022
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 5(1)(a) GDPR) (section 5. Justification for Datatilsynet's decision)the data subject's consent in Article 4(11), and the basic principle of legality, reasonableness and transparency in Article 5(1)(a). Furthermore, Datatilsynet65 KB (9,767 words) - 16:22, 6 December 2023
- EDPB - Binding Decision 5/2022 - 'Whatsapp' (category Article 5 GDPR)of an infringement of the Article 5(1)(a) GDPR principle of fairness, and infringements of the Article 5(1)(b) and (c) GDPR principles of purpose limitation289 KB (33,568 words) - 15:00, 1 February 2023
- Rb. Rotterdam - 9436020 \ CV EXPL 21-30289 (category Article 4(2) GDPR)data is a form of processing as referred to in the GDPR (article 4 sub 2 GDPR). Article 6 of the GDPR provides that the processing of personal data is only19 KB (2,828 words) - 10:09, 18 March 2022
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)violation of article 5.1.f) of the GDPR (LCEur 2016, 605) , typified in article 83.5.a) of the GDPR, a penalty of warning, of in accordance with article 77 of195 KB (30,495 words) - 12:40, 13 December 2023
- AZOP (Croatia) - Decision 17-05-2022 (category Article 6 GDPR)consent, in line with Article 6(1)(a) GDPR. The Court recalled that Article 31 of the Croatian Law on the Implementation of the GDPR stipulates that the15 KB (2,261 words) - 15:55, 30 October 2023
- AEPD (Spain) - PS/00306/2019 (category Article 5(1)(c) GDPR)consequent infringement of the data minimisation principle related, as per Article 5(1)(c) GDPR. The decision is the consequence of a complaint submitted by a Spanish22 KB (3,421 words) - 14:27, 13 December 2023
- AEPD (Spain) - PS/00390/2019 (category Article 32 GDPR)criminal proceedings for the alleged violation of Article 32 of the GDPR, as defined in Article 83.4 of the GDPR. FOURTH:Notified of the abovementioned agreement12 KB (1,838 words) - 14:34, 13 December 2023
- AEPD (Spain) - PS/00335/2019 (category Article 6(1)(a) GDPR)subjects infringes Article 6 (1) (a) GDPR. The AEPD fined the data processor in an amount of 4,000 Euro for the violation of Article 6 (1) (a) GDPR. Since the21 KB (3,281 words) - 14:30, 13 December 2023
- AEPD (Spain) - E/07796/2020 (category Article 32(1) GDPR)control authority, and according to the provisions of article 47 of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee18 KB (2,698 words) - 13:41, 13 December 2023
- AEPD (Spain) - PS/00491/2020 (category Article 6(1) GDPR)violation of Article 13 GDPR and issued a warning to the controller. The AEPD took into account the following aggravating factors (Article 83 (2) GDPR) to determine19 KB (2,957 words) - 14:45, 13 December 2023
- AEPD (Spain) - PS/00436/2021 (category Article 13(1) GDPR)forseen in Articles 15 to 22 GDPR. Failure to provide this information constitutes a "serious infraction" per Article 83.5 GDPR. However, the DPA held that20 KB (3,085 words) - 12:24, 13 December 2023
- AZOP (Croatia) - Decision 18-12-2020 (category Article 5(1)(c) GDPR)this case failed to respect the principle of data minimisation of Article 5(1)(c) GDPR since information about these kinds of grants and how they are calculated21 KB (3,345 words) - 15:24, 30 October 2023
- AEPD (Spain) - EXP202204881 (category Article 6(1) GDPR)the LPACAP, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On January 23, 2023, DIGI requests a55 KB (9,017 words) - 10:46, 13 December 2023
- AEPD (Spain) - PS/00092/2020 (category Article 83(5)(b) GDPR)reprimand to the company for not complying with Article 13 GDPR, since it failed to even mention the GDPR in its Privacy Policy. Share your comments here22 KB (3,514 words) - 13:58, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.010.201 (category Article 5(1)(a) GDPR)the operation of the GDPR, lacks legality and, therefore, I find a violation of Article 6, as well as Article 5(1)(a) of the GDPR. In the absence of legality23 KB (3,737 words) - 10:30, 7 June 2023
- AEPD (Spain) - PS/00036/2020 (category Article 13 GDPR)based comply with Article 13 of the GDPR? The Spanish DPA found that the facts constituted an infringement for violation of Article 13 of the RGPD, and16 KB (2,587 words) - 13:50, 13 December 2023
- AKI (Estonia) - 2.1.-1/23/2891-5 (category Article 6(1)(a) GDPR)it was not possible to rely on Article 6(1)(a) GDPR. Secondly, the DPA recalled that, according to Article 6(1)(f) GDPR, processing of personal data on23 KB (3,657 words) - 11:23, 17 April 2024
- AEPD (Spain) - PS/00134/2019 (category Article 5(1)(a) GDPR)a violation of article 5.1 a) of the RGPD, ofin accordance with article 83.5 of the RGPD, a fine of APPEARANCE, in accordancewith article 58.2.b) of the26 KB (4,034 words) - 14:04, 13 December 2023
- Rb. Amsterdam - C/13/696660/HA RK - 21-37 (category Article 79(2) GDPR)been stated nor has it been proven. 3.11. The GDPR also has a jurisdiction regulation. Article 79(2) of the GDPR provides that proceedings against a controller18 KB (2,617 words) - 08:23, 2 September 2021
- AEPD (Spain) - PS/00028/2021 (category Article 5(1)(c) GDPR)(hereinafter, LPA- CAP), for the alleged violation of Article 5.1.c) of the RGPD, typified in Article 83.5 of the GDPR. SEVENTH: Once the aforementioned commencement25 KB (3,876 words) - 13:48, 13 December 2023
- AEPD (Spain) - EXP202200999 (category Article 6(1) GDPR)processing is based on consent under Article 6(1)(a) GDPR, the consent must meet the requirements of, among others, Article 7 GDPR. The DPA observed deficiencies51 KB (7,867 words) - 13:10, 13 December 2023
- Datatilsynet (Norway) - 20/02147 (category Article 5 GDPR)the lack of security routines, thus breaching Article 32(1)(b) cf. Article 5 GDPR, Article 35 and Article 24(1), respectively. Teachers at two junior high24 KB (3,591 words) - 18:57, 5 March 2022
- AEPD (Spain) - PS/00278/2019 (category Article 83(5) GDPR)lack of valid consent under Article 6(1)(a) GDPR. Thus, it imposed VODAFONE a fine of EUR 75,000 under Article 83(5) GDPR, being indecisive whether there23 KB (3,672 words) - 14:25, 13 December 2023
- AEPD (Spain) - PS/00010/2020 (category Article 83(5) GDPR)AEPD held that the telecoms company 's actions were a breach of Article 6(1) GDPR. Article 6(1) does not apply here because they failed to prove that they22 KB (3,523 words) - 13:45, 13 December 2023
- Commissioner (Cyprus) - 11.17.001.008.222 (category Article 12(3) GDPR)Moreover, following an infringement of Article 12(3) GDPR, as explained above, under the provisions of Article 83 of the GDPR, I take into account the following16 KB (2,438 words) - 09:07, 9 June 2023
- AEPD (Spain) - PS/00340/2019 (category Article 83(5) GDPR)as a data subject under Article 21(1) GDPR had been violated by the PAR. Did Mrs AAA have a right to object under Article 21 GDPR? Had the PAR infringed23 KB (3,554 words) - 14:31, 13 December 2023
- AZOP (Croatia) - Decision 31-05-2022 (category Article 25 GDPR)Croatian DPA did not explain which specific corrective powers under Article 58(2) GDPR it used. Share blogs or news articles here! The decision below is17 KB (2,433 words) - 15:45, 30 October 2023
- Personvernnemnda (Norway) - 2023-14 (21/01067) (category Article 57(1)(f) GDPR)subject's right to lodge a complaint as per Article 77 GDPR, in conjunction with Recital 141, and Article 57(1)(f) GDPR. The Board referenced an earlier decision16 KB (2,363 words) - 19:27, 13 November 2023
- where, after a data subject makes a complaint under section 165 or Article 77 of the GDPR, the Commissioner (a) fails to take appropriate steps to respond15 KB (2,203 words) - 14:39, 21 December 2023
- UODO (Poland) - ZSPR.421.7.2019 (category Article 5(1)(a) GDPR)connection with Article 5 paragraph 1 point a, Article 5 paragraph 2, Article 6 paragraph 1, Article 7 paragraph 3, Article 12 paragraph 2, Article 17 paragraph60 KB (9,815 words) - 10:02, 17 November 2023
- CNIL (France) - SAN-2020-008 (category Article 5(1)(e) GDPR)violation of Article 12 GDPR ? Are the following practices an infringement on data subjects' information right as described in Article 12 GDPR ? Spreading104 KB (16,646 words) - 17:09, 6 December 2023
- costs that the right to freely request inspection is infringed. 5.3. The argument fails. 5.4. 5.4. [appellant under 1] has also requested compensation for exceeding19 KB (3,135 words) - 12:38, 16 September 2021
- AZOP (Croatia) - Decision 16-11-2021 (category Article 4(1) GDPR)wearing a protective mask did not consitute personal data according to Article 4(1) GDPR because it was impossible for the average person to identify the individual12 KB (1,882 words) - 15:24, 30 October 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments60 KB (9,713 words) - 13:07, 26 March 2024
- CNPD (Luxembourg) - Délibération n°37FR/2021 (category Article 37(7) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg26 KB (3,862 words) - 17:41, 25 June 2022
- AEPD (Spain) - PS/00415/2020 (category Article 5 GDPR)imposed a fine of €60000 for the violating Article 5(1)(d) GDPR and €30000 for violating Article 5(1)(f) GDPR. In imposing the fine, the AEPD factored in30 KB (4,436 words) - 14:36, 13 December 2023
- AEPD (Spain) - PS/00220/2020 (category Article 5(1)(d) GDPR)claimed, by the alleged infringement of article 5.1.d) of the RGPD, article 17 of the RGPD, typified in the Article 83.5 of the RGPD. FOURTH: Once the aforementioned28 KB (4,295 words) - 14:11, 13 December 2023
- APD/GBA (Belgium) - 63/2020 (category Article 12(4) GDPR)2020 en deze voor de conclusie van repliek van de verweerder op 22 mei 2020. 5. Op 25 maart 2020 meldt de verweerder aan de Geschillenkamer een kopie van20 KB (2,982 words) - 17:00, 12 December 2023
- Datatilsynet (Denmark) - 2019-41-0028 (category Article 32 GDPR)security . That Krifa - in accordance with Article 5 (1) of the Data Protection Regulation. 2, cf. Article 32 (1) (f), cf. 1 and 2 - has demonstrated that24 KB (3,947 words) - 16:24, 6 December 2023
- UODO (Poland) - DKN.5101.25.2020 (category Article 5(1)(f) GDPR)finding an infringement by U. Sp. z o.o. with its registered office in G. Article. 5 sec. 1 lit. f, art. 24 sec. 1, art. 25 sec. 1, art. 32 sec. 1 lit. d,63 KB (10,088 words) - 09:52, 17 November 2023
- ICO (UK) - Chief Constable West Midlands Police (category Article 34(3) GDPR)either actually or potentially inappropriately disclosed. Section 34(3) 1.5 WMP failed to demonstrate that they have ensured the accuracy and security18 KB (2,476 words) - 09:10, 14 May 2024
- BVwG - W211 2230221-1 (category Article 15(1)(c) GDPR)Court's request for preliminary ruling regarding the interpretation of Article 15(1)(c) GDPR is published. The data subject filed a complaint with the Austrian19 KB (2,825 words) - 09:42, 26 November 2021
- Datatilsynet (Norway) - 21/00480 (category Article 5(1)(f) GDPR)municipality €409,768 (NOK 4,000,000) for breaches of Article 5(1)(f) GDPR, Article 24 GDPR and Article 32 GDPR after a serious ransomware attack led to highly31 KB (4,380 words) - 06:12, 14 March 2023
- AEPD (Spain) - PS/00278/2020 (category Article 5(1)(a) GDPR)images, in violation of Article 5(1)(a) GDPR? The Spanish DPA (AEPD) found that the defendant's conduct violated Article 5(1)(a) GDPR, as a broader principle28 KB (4,592 words) - 14:25, 13 December 2023
- LG München - 31 O 16606/20 (category Article 5(1)(f) GDPR)subject pursuant to Article 82(1) GDPR, for a theft of their personal identity and financial data, because it violated Article 32(1) GDPR which led to a data25 KB (4,028 words) - 07:10, 8 February 2022
- APD/GBA (Belgium) - 07/2021 (category Article 5(1) GDPR)infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been72 KB (11,208 words) - 16:51, 12 December 2023
- NAIH (Hungary) - NAIH/2020/3479 (category Article 5(1)(d) GDPR)suspension. " 5 Pursuant to Article 83 (2), (5) and (7) of the General Data Protection Regulation: “[...] administrative fines in accordance with Article 58 (2)30 KB (4,563 words) - 10:12, 17 November 2023
- APD/GBA (Belgium) - 75/2023 (category Article 6(1)(f) GDPR)Authority. II.5.2. Established infringement of Article 5(1)(a) j° Article 6(1)(f) and Article 12(2) GDPR in conjunction with Article 17 (1) GDPR. II.5.2.1. Administrative77 KB (11,604 words) - 08:55, 29 June 2023
- AEPD (Spain) - PS/00065/2020 (category Article 13 GDPR)required by Article 13 of the GDPR GDPR. The form used violated Article 13 of the GDPR conduct that is subsumi- ble under Article 83(5) of the GDPR, which provides:61 KB (9,973 words) - 13:55, 13 December 2023
- AEPD (Spain) - PS/00247/2020 (category Article 7 GDPR)L. for the infringement of Article 13 GDPR (data privacy policy) and a warning penalty for the infringement of Article 7 GDPR regarding the collection of24 KB (3,893 words) - 14:22, 13 December 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- DVI (Latvia) - SIA "TET" (category Article 5(1)(a) GDPR)violation of Article 5(1)(a), (b), (d) and (e) GDPR. Furthermore, there was no legal basis for these processing operations under Article 6(1) GDPR. The DPA114 KB (17,942 words) - 15:46, 2 November 2022
- AKI (Estonia) - 2.1-3/20/347 (category Article 15(1) GDPR)of the recognition for internal use is 5 + 5 + 5 years. The normal term is 5 years, which can be extended once by 5 years . Ten years may be too short to26 KB (4,193 words) - 10:30, 13 December 2023
- AP (The Netherlands) - 26.11.2020 (category Article 32(1) GDPR)that the letter in question referred to Article 58(1)(a) of the GDPR and Article 5:16 in conjunction with Article 5:17 of the Awb does not make this any different67 KB (11,415 words) - 17:15, 12 December 2023
- relation to contraventions of the UK-GDPR, section 168 DPA 2018 provides that "non-material damage" in Article 82 GDPR includes distress. In relation to breaches61 KB (8,986 words) - 08:40, 22 February 2022
- until the 5th of the second following or immediate business month. In accordance with the provisions of article 82 of Law 62/2003, of December 30- of fiscal14 KB (2,070 words) - 13:43, 13 December 2023
- HDPA (Greece) - 55/2021 (category Article 33 GDPR)measures to security of processing, in accordance with Article 32 GDPR, in connection with Article 24 GDPR, as the controller did not take into account the risks65 KB (10,533 words) - 10:28, 27 January 2022
- Datatilsynet (Norway) - 20/01879 (category Article 24 GDPR)highly sensitive personal data exposed, thus breaching Article 32(1)(b) GDPR and Article 32(2), cf. Article 24. An employee in a municipal health care center30 KB (4,302 words) - 18:53, 5 March 2022
- DSB (Austria) - 2021-0.347.702 (category Article 6(1)(f) GDPR)or by a third party. The court used Article 9(2)(f) GDPR to interpret legitimate interests under Article 6(1)(f) GDPR as including the establishment, exercise25 KB (3,875 words) - 10:36, 11 January 2024
- AEPD (Spain) - PS/00484/2020 (category Article 6(1)(a) GDPR)messages. Is this a violation of Article 6(1)(a) GDPR? The AEPD held that this behaviour was a violation of Article 6(1)(a) GDPR and fined Vodafone €100,00027 KB (4,189 words) - 14:44, 13 December 2023
- AEPD (Spain) - E/02666/2020 (category Article 14 GDPR)fulfilled the duty of information in accordance with GDPR. The Spanish DPA considered that Article 35 GDPR applies in this case and thus a DPIA is necessary24 KB (3,690 words) - 13:39, 13 December 2023
- AEPD (Spain) - PS/00135/2021 (category Article 6(1) GDPR)violated Article 6(1)GDPR, for processing personal data without a legal basis. Hence, the AEPD decided to fine Telefónica for the violation of Article 6(1)GDPR30 KB (4,631 words) - 13:00, 13 December 2023
- AEPD (Spain) - PS/00221/2020 (category Article 14 GDPR)for an infringement of article 14 of the RGPD, typified in article 83.5 of the RGPD, a warning sanction, in in relation to article 74.a) of the LOPDGDD.29 KB (4,537 words) - 14:19, 13 December 2023
- AEPD (Spain) - PS/00068/2020 (category Article 6(1) GDPR)violation of the article6.1. of the RGPD, in relation to article 20 e) of the LOPDGDD, typifiedin article 83.5.a) of the aforementioned GDPR.2. TO appoint27 KB (4,106 words) - 13:55, 13 December 2023
- AEPD (Spain) - PS/00006/2019 (category Article 6(1)(a) GDPR)contravene Articles 13(1), 6(1)(a) and 8 GDPR? The AEPD found that GRUP BC S.L violated Article 13(1), 6(1)(a) and 8 GDPR. Share your comments here! Share blogs27 KB (4,517 words) - 13:44, 13 December 2023
- AEPD (Spain) - EXP202207270 (category Article 19 GDPR)(hereinafter, LPACAP), for the alleged violation of Article 19.1 of the LOPDGDD, typified in the Article 83.5 of the RGPD. C/ Jorge Juan, 6 www.aepd.es 2800126 KB (3,901 words) - 13:19, 13 December 2023
- AEPD (Spain) - PS/00085/2021 (category Article 6(1)(a) GDPR)A.U., with NIF A80907397, for the alleged violation of article 6.1. GDPR typified in article 83.5.a) of the aforementioned RGPD. 1. APPOINT Mr. D.D.D. as28 KB (4,350 words) - 13:57, 13 December 2023
- Rb. Amsterdam - 8598127 KK EXPL 20-357 (category Article 5 GDPR)the data could be processed under the legitimate interest basis (ARTICLE 6(1)(f) GDPR). The tribunal weighted the different interests at stake and decided27 KB (4,437 words) - 09:17, 22 August 2020
- AEPD (Spain) - PS/00554/2021 (category Article 5(1)(b) GDPR)for by Article 25 GDPR. In view of the above, DPA fined the controller 75.000 euros for violating Article 5(1)(a), 5(1)(b), 5(1)(e), 13, 12(2), 30(1), 88 KB (928 words) - 15:15, 4 April 2023
- CJEU - C-60/22 - Federal Republic of Germany (category Article 5(2) GDPR)of the electronic MARIS file with the combined provisions of Article 5(1) and Article 30 GDPR due to the Federal Office failing to produce a complete record5 KB (663 words) - 12:50, 28 June 2023
- AEPD (Spain) - EXP202100639 (category Article 5(1)(c) GDPR)alleged infringement of article 5.1.c) of the RGPD and article 13 of the RGPD, typified in Article 83.5 a) and b) of the GDPR. FIFTH: On 12/17/2021 the32 KB (4,945 words) - 13:25, 13 December 2023
- an article about the alleged harassment, unnecessary and illegal detention of a Turkish Cypriot woman who was on the Police Alert-List. The article revealed22 KB (3,496 words) - 12:08, 17 February 2022
- AKI (Estonia) - 2.1.-1/21/129 (category Article 6 GDPR)reply. The AKI reminded the defendant of its obligation under Article 13 GDPR and Article 14 GDPR to inform the data subject in a concise, clear, comprehensible22 KB (3,237 words) - 12:25, 17 June 2022
- APD/GBA (Belgium) - 81/2023 (category Article 30(2)(a) GDPR)is no infringement of Article 5 (1) (a) and (2), Article 6 (1) GDPR and Article 24 GDPR 2. there is no infringement of Article 5 of the Act of 21 March31 KB (4,462 words) - 12:25, 3 July 2023
- APD/GBA (Belgium) - 170/2023 (category Article 24 GDPR)accordance with Article 33 GDPR to the Belgian DPA. Nonetheless, there were suspicions that the controller did not comply with Article 32 GDPR. Especially24 KB (3,525 words) - 15:29, 26 January 2024
- AEPD (Spain) - EXP202202937 (category Article 12 GDPR)subject within 30 days, exempt in cases which it cannot identify the data subject and it shall justify the reasons, as per Article 12(3) GDPR. AEPD stated26 KB (3,997 words) - 18:59, 26 February 2024
- AEPD (Spain) - PS/00050/2020 (category Article 5(1)(a) GDPR)restaurant owner lawful in line of Article 5(1)(a) GDPR? The Spanish DPA concluded that there has been a breach of Article 5(1)(a) GDPR because the uploading of31 KB (5,083 words) - 13:51, 13 December 2023
- UODO (Poland) - DKE.561.17.2020 (category Article 31 GDPR)entrepreneur. The DPA found that the controller violated Article 31 GDPR and Article 58(1)(e) GDPR and issued a warning to the entrepreneur. The entrepreneur22 KB (3,364 words) - 09:52, 17 November 2023
- Datatilsynet (Norway) - 21/01057 (category Article 57(1) GDPR)in Article 6 GDPR. If the information also includes sensitive data specified in Article 9(1) GDPR, there must be a basis for processing in Article 9(2)17 KB (2,399 words) - 16:20, 6 December 2023
- APD/GBA (Belgium) - 149/2022 (category Article 5(1)(b) GDPR)Violations of Article 5(1)(a) GDPR and Article 6(1) GDPR The DPA held that the controller did not violate Article 5(1)(a) GDPR and Article 6(1) GDPR. The DPA89 KB (13,017 words) - 15:07, 2 November 2022
- Persónuvernd (Island) - 2021051091 (category Article 5(1)(b) GDPR)controller under Article 83 GDPR due to the controller’s violations of Article 5(1) GDPR, Article 6 GDPR, Article 12 GDPR and Article 13 GDPR. Share your comments7 KB (797 words) - 09:35, 27 March 2024
- LG Münster I - ECLI:DE:LGMS:2023:0704.16O238.22.00 (category Article 6(1)(f) GDPR)personal data under Article 17(1)(d) GDPR, and ordered the controller to pay the data subject €579.17 in damages under Article 82(1) GDPR. Share your comments28 KB (4,215 words) - 15:09, 6 December 2023
- CNIL (France) - SAN-2023-003 (category Article 5(1)(c) GDPR)of the purposes justified collecting location data every 30 seconds, in violation of Article 5(1)(c). Second, as regards the relationship between the controller8 KB (971 words) - 07:54, 5 April 2023
- KG Berlin - 3 Ws 250/21 - 161 AR 64/21 (category Article 83(5) GDPR)Deutsche Wohnen SE € 14,500,000 for violating Article 5(1)(e) and Article 25(1) GDPR as the company's archive system was structurally unable to delete unnecessary38 KB (5,956 words) - 11:41, 21 January 2022
- AEPD (Spain) - PS/00185/2020 (category Article 13 GDPR)security of processing (Article 32 GDPR), the transparency principle (Article 13 GDPR) and its information duties related to cookies (Article 22(2) of the Spanish20 KB (3,162 words) - 14:08, 13 December 2023
- AEPD (Spain) - EXP202204501 (category Article 5(1)(f) GDPR)communication or access to said data.” III Violation of article 5.1 f) of the GDPR Article 5.1.f) of the GDPR, Principles relating to processing, states the following:57 KB (8,604 words) - 15:40, 20 March 2024
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- WSA Warszawa - II SA/Wa 2826/19 (category Article 5(1)(e) GDPR)4. [Article 5 GDPR#1f|Article 5(1)(f)]] in conjunction with Article 5(2), i.e. the principles of integrity and confidentiality, and Article 32 GDPR by failing75 KB (12,225 words) - 23:47, 7 December 2021
- HDPA (Greece) - 13/2024 (category Article 5(1)(a) GDPR)processing under Article 9 GDPR. Second, the HDPA also found a violation of the principle of lawfulness under Article 5(1a) of the GDPR. It found that the12 KB (1,511 words) - 16:01, 10 April 2024
- AKI (Estonia) - 2.1-3/20/172 (category Article 16 GDPR)implement Regulation 2016/679 in order to comply with Article 84 and the right / obligation under Article 58 (5) of the Regulation to effectively punish the perpetrators28 KB (4,711 words) - 10:30, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 5(1) GDPR)reasons the Italian DPA, with the power conferred by Article 58(2)(d) and (f) and Article 83(3) and (5) GDPR, imposed to Fastweb multiple corrective measures131 KB (21,014 words) - 15:55, 6 December 2023
- APD/GBA (Belgium) - 10/2019 (category Article 5(1)(b) GDPR)been taken up in Article 5(1)(b) of the GDPR under the Principles relating to the processing of personal data (Chapter II). Article 5(1)(b) of the RGPD32 KB (5,190 words) - 16:51, 12 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2023:56 (category Article 5(1)(c) GDPR)Protection Regulation) Article 5, paragraph 1, subparagraph c, Article 25, Article 58, paragraph 2, subparagraph d, and Article 87, Section 29, subsection45 KB (5,016 words) - 14:14, 21 March 2024
- AEPD (Spain) - EXP202102056 (category Article 5(1)(f) GDPR)violations of Article 5.1.f) of the GDPR, typified in Article 83.5 of the GDPR and of Article 32 of the GDPR, typified in Article 83.4 of the GDPR. In order15 KB (2,206 words) - 13:53, 12 April 2023
- NAIH (Hungary) - NAIH/2020/6484 (category Article 15(1)(a) GDPR)the general rule of Article 15 (1) (a), c) and d) of the GDPR by not giving substantive, specific answers to the request under Article 15 and by sharing27 KB (4,159 words) - 10:13, 17 November 2023
- APD/GBA (Belgium) - 28/2020 (category Article 6(1)(f) GDPR)in his e-mail dated 5 July 2019. By doing so, the data subject invokes his right under Article 17 of the AVG. 27. Pursuant to Article 17(1)(c) AVG, the data27 KB (4,363 words) - 16:56, 12 December 2023
- Digitaliseringsstyrelsen - Decision against Meta of 30 October 2023 (category Article 4(11) GDPR)implementation and specify and supplement the GDPR. § 3(1) mentioned in this case corresponds to Article 5(3) of the ePrivacy Directive. In Denmark, the37 KB (5,636 words) - 05:01, 23 November 2023
- APD/GBA (Belgium) - 15/2023 (category Article 5(1) GDPR)of Article 6(1)(e) are met. II.2. Article 5 of the GDPR, Article 24(1) of the GDPR and Article 25(1) and (2) of the AVG II.2.1. Article 5 (2) GDPR, Article105 KB (15,883 words) - 15:05, 8 March 2023
- Garante per la protezione dei dati personali (Italy) - 9874702 (category Article 12 GDPR)under Article 58 of the Regulation carries the administrative fine referred to in Article 83(5)(e) of the Regulation. Under the terms of Article 78 of57 KB (9,318 words) - 16:01, 19 April 2023
- AEPD (Spain) - EXP202205791 (category Article 17 GDPR)observations. Firstly, the right to be forgotten can be found in Article 17 GDPR and Article 93 of the LOPDGDD, the Spanish data protection law. It establishes29 KB (4,648 words) - 12:38, 13 December 2023
- HDPA (Greece) - 39/2020 (category Article 4(7) GDPR)under the GDPR and needs to establish a valid legal basis to process personal data. Unsolicited political communication is regulated with Article 11 L. 3471/200656 KB (7,755 words) - 15:39, 6 December 2023
- Datainspektionen - DI-2019-3844 (category Article 5(1)(f) GDPR)measures in accordance with Article 5 (1) (f) and Article 32 (1) and (2) in order to ensure and, in accordance with Article 5 (2), be able to show that the91 KB (11,182 words) - 11:43, 7 April 2022
- Garante per la protezione dei dati personali (Italy) - 9832838 (category Article 5(1)(a) GDPR)fairness (Article 5(1)(a) GDPR). Thus by not providing sufficient information, the controller breached Article 5(1)(a) GDPR and Article 13 GDPR. Additionally41 KB (6,619 words) - 13:06, 18 January 2023
- VGH München – 11 ZB 19.991 (category Article 5(1)(b) GDPR)(1) lit. d GDPR. The procedure was also compatible with the principle of purpose limitation within the meaning of Article 5 para. 1 lit. b GDPR. In September31 KB (5,184 words) - 17:19, 15 April 2023
- AEPD (Spain) - PS/00427/2020 (category Article 30 GDPR)Spanish city council for infringing Article 30 GDPR by not maintaining a record of its processing activities, and Article 31 of the Spanish Data Protection35 KB (5,459 words) - 12:40, 7 July 2021
- VwGH - Ro 2019/04/0229 (category Article 4(7) GDPR)compatibility of § 30 DSG with Article 83 GDPR, to the CJEU for a preliminary ruling under Article 267 TFEU. This case law has a wide-ranging impact on GDPR-fines in59 KB (8,848 words) - 12:41, 16 September 2021
- Tietosuojavaltuutetun toimisto (Finland) - 8314/182/20 (category Article 5 GDPR)given the unilateral judgment. Recovery shall be requested in writing within 30 days of the date on which the applicant for recovery is informed of the unilateral29 KB (4,701 words) - 13:03, 3 March 2024
- NAIH (Hungary) - NAIH/2020/2555 (category Article 5(1) GDPR)Debtor pursuant to Article 58 (2) (b) of the General Data Protection Regulation because its data processing activities violated Article 5 (1) (d) of the General33 KB (5,033 words) - 10:12, 17 November 2023
- AEPD (Spain) - EXP202200439 (category Article 83(5)(a) GDPR)constitutes sensitive data within the meaning of Article 9 GDPR. The DPA alluded to Article 9(1) GDPR which prohibits the processing of these special categories36 KB (5,608 words) - 13:01, 13 December 2023
- GHAL - 200.256.387 (category Article 6(1)(c) GDPR)certain data to be delete. It brought a legal action based on Article 17 GDPR and Article 21 GDPR, read in conjunction with the Dutch Data Protection Act (Wet27 KB (4,289 words) - 07:57, 7 March 2022
- Garante per la protezione dei dati personali (Italy) - 9995680 (category Article 5(1)(a) GDPR)processing lack any applicable conditions found in Article 9(2) GDPR and was found in breach of Article 5(2) GDPR. Additionally, the Garante reiterated that the105 KB (16,849 words) - 11:58, 11 April 2024
- DSB (Austria) - 2023-0.789.858 (category Article 12(3) GDPR)according to €9,500 Art 83 Paragraph 5 Letter b GDPR OJ L 2016/119, p. 1, as amended Article 83, Paragraph 5, Letter b, GDPR OJ L 2016/119, p. 1, as amended57 KB (9,442 words) - 08:55, 17 January 2024
- CNPD (Luxembourg) - Délibération n° 17FR/2021 (category Article 5(1)(c) GDPR)non-compliance with the requirements of Article 5.1.c) of the GDPR and non-compliance with the requirements of article 5.1.e) of the GDPR. 10. On February 28, 2020,44 KB (6,212 words) - 08:28, 16 June 2021
- AEPD (Spain) - PS/00475/2021 (category Article 13 GDPR)violation of Article 6 GDPR, nor of Article 8 GDPR. There was also no violation of Article 9 GDPR, since the exception for explicit consent from Article 9(2)(a)64 KB (10,187 words) - 14:26, 24 November 2022
- APD/GBA (Belgium) - 22/2020 (category Article 5(1)(f) GDPR)observations, which, in accordance with Article 54(1)(b), (3) and (4), (4) and (4), (5) and (5), (5) and (5), (5) and (5), (5) and (6). 2 of the Rules of Procedure35 KB (5,526 words) - 16:56, 12 December 2023
- AEPD (Spain) - EXP202306257 (category Article 44 GDPR)EDREAMS, S.L. was ordered for a violation of the Article 44 of the GDPR, typified in Article 83.5 of the GDPR, adapt the activity of data processing carried83 KB (12,999 words) - 15:30, 6 March 2024
- AKI (Estonia) - 2.1.-1/22/1396 (category Article 5 GDPR)protection principles in Article 5 GDPR. This includes notifying the data subjects about processing in accordance with Articles 12 and 13 GDPR. The DPA held that34 KB (5,305 words) - 08:40, 29 June 2023
- BVwG - W176 2249328-1/4Z (category Article 6(1)(a) GDPR)these violations in accordance with Section 30 (1) and (2) DSG in conjunction with Article 83 (5) (a) GDPR. On the other hand, XXXX GmbH filed a complaint18 KB (2,717 words) - 12:08, 5 August 2022
- CNPD (Portugal) - Deliberação 984/2018 (category Article 5(1)(f) GDPR)ofcombined provisions of Articles 5, paragraph 1 to 1. c) and article 5, paragraph 1 al. f) with article83, paragraph 5, al. a), the General Data Protection40 KB (5,935 words) - 16:55, 6 December 2023
- AEPD (Spain) - EXP202208091 (category Article 5(1)(f) GDPR)for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned40 KB (6,014 words) - 13:24, 13 December 2023
- NS - 30 Cdo 3909/2023-174 (category Article 85 GDPR)of 15/06/2016, sp. stamp 30 Cdo 3598/2014, dated 15 June 2016, file no. stamp 30 Cdo 5027/2014, or from 28/05/2018, sp. stamp 30 Cdo 4231/2016) that the103 KB (16,947 words) - 08:34, 24 April 2024
- VwGH - Ra 2020/04/0187 (category Article 83 GDPR)under Article 83 GDPR and the question of the compatibility of § 30 Datenschutzgesetz (Austrian Data Protection Act - DSG) with Article 83 GDPR to the16 KB (2,370 words) - 14:56, 6 December 2023
- APD/GBA (Belgium) - 47/2022 (category Article 5(1)(b) GDPR) (section 5. Obligation to conduct a data protection impact assessment (DPIA))in accordance with article 38.3. GDPR 5. On May 5, 2021, the Litigation Division decides, pursuant to Article 95, § 1, 1° and Article 98 to the ACL, that207 KB (31,357 words) - 14:21, 8 June 2022
- APD/GBA (Belgium) - 165/2023 (category Article 5(1)(f) GDPR)violation of: 1. Article 5.1.f) and 5.2 of the GDPR, Article 24.1 of the GDPR, Article 25.1 of the GDPR and Articles 32.1 and 32.2 GDPR; 2. Articles 3567 KB (9,908 words) - 11:09, 10 January 2024
- RvS - 201901832/1/A3 (category Article 4(7) GDPR)referred to in Article 2.3.2 or by virtue of Article 2.3.8, 5.2.2, 5.2.3, 5.2.4 or 5.2.5 and necessary for the implementation of Article 2.1.4, 2.1.5, 2.3.2,19 KB (3,012 words) - 15:09, 17 March 2022
- AEPD (Spain) - PS/00406/2020 (category Article 6(1)(f) GDPR)violation of article 6.1. f) of the RGPD, in relation with article 20.1 c) of the LOPDGDD, typified in article 83.5.a) of the cited GDPR That by writing36 KB (5,582 words) - 14:35, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9917900 (category Article 5(1)(a) GDPR)was unlawful for the purposes of Articles 5(1)(a), 5(1)(c), 5(1)(d) GDPR, Article 9 GDPR, and Article 85 GDPR when read in line with domestic legislation8 KB (928 words) - 08:31, 23 August 2023
- OLG Nürnberg - 4 U 347/21 (category Article 12(5) GDPR)access to an “excessive” request under Article 12(5) GDPR. In particular, the court considered that under that Article nothing suggests that an access request35 KB (5,672 words) - 08:48, 30 January 2024
- DSB (Austria) - 2023-0.603.142 (category Article 31 GDPR)accordance with Article 31 of the GDPR, Article 31, due to the security breach , GDPR. According to Article 83 Paragraph 4 Letter a of the GDPR, these two provisions76 KB (12,550 words) - 09:24, 28 February 2024
- AEPD (Spain) - PS/00093/2019 (category Article 5(1)(f) GDPR)violation of Article 5.1.f) of the RGPD, an action that can be subsumed under the sanctioning type of article 83.5 of the RGPD. IV Article 58 of the RGPD37 KB (5,995 words) - 13:58, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9971433 (category Article 5(1)(a) GDPR)party. Therefore, the controller breached Article 5(1)(a) GDPR, Article 6(1)(a) GDPR, Article 7 GDPR, and Article 130 of the Italian privacy code, since the51 KB (7,993 words) - 12:39, 6 February 2024
- VG München - M 3 E 22.667 (category Article 6(1)(c) GDPR)these purposes (Article 5 (1) (b) GDPR) and must be limited to what is necessary for the purposes of processing (Article 5 (1) (c) GDPR). The purposes of34 KB (5,550 words) - 14:38, 15 June 2022
- NAIH (Hungary) - NAIH/2020/5553 (category Article 12(3) GDPR)request under Article 15 and with the one month deadline under Article 12(3). Was Google Ireland Ltd in breach of its obligations under GDPR Article 15(1) and27 KB (4,279 words) - 10:12, 17 November 2023
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9964761 (category Article 5(1)(a) GDPR)Therefore, the DPA confirmed a breach of Article 5(1)(a) GDPR, Article 6(1)(a) GDPR, Article 7 GDPR and of Article 130 of the Italian Privacy Code for having65 KB (10,464 words) - 09:48, 17 January 2024
- DSB (Austria) - 2023-0.637.760 (category Article 31 GDPR)powers (Article 58, paragraphs 1 and 2 of the GDPR). The DSB is a supervisory authority within the meaning of Article 51 GDPR Article 51, GDPR (see also82 KB (13,593 words) - 11:03, 24 January 2024
- APD/GBA (Belgium) - 62/2022 (category Article 30 GDPR)controller violated Article 6 GDPR because it had no legal basis to disclose the email addresses. It reasoned that Article 6(1)(a) GDPR was not applicable58 KB (9,477 words) - 18:41, 1 June 2022
- ANSPDCP (Romania) - Fine against a Property Owners Association (category Article 83(5)(e) GDPR)The Romanian DPA fined a controller €500 (RON 2,463.30) for violating its obligation to cooperate with the DPA during an investigation by failing to provide4 KB (360 words) - 12:52, 26 May 2021
- APD/GBA (Belgium) - 07/2024 (category Article 5(1)(c) GDPR)of the GDPR has violated: iv. Article 4.11), Article 5.1.a) and 5.2, Article 6.1.a), as well as Article 7.1 and 7.3 GDPR; v. Article 5, Article 24.1, as350 KB (51,369 words) - 09:25, 31 January 2024
- Garante per la protezione dei dati personali (Italy) - 9936215 (category Article 5(1)(a) GDPR)authorisation from the data subject. This breached Article 5(1)(a) GDPR, Article 6 GDPR, Article 13 GDPR, and Article 157 of the Italian Privacy Code. GFB One s30 KB (4,688 words) - 08:49, 15 November 2023
- AEPD (Spain) - PS/00127/2020 (category Article 13 GDPR)information duty included in Article 13 GDPR. Is this a violation of Article 13 GDPR? The AEPD held that there had been a violation of Article 13. According to the35 KB (5,363 words) - 14:02, 13 December 2023
- AEPD (Spain) - EXP202203914 (category Article 6(1) GDPR)correspond would be for the infringement of article 6.1 of the GDPR, typified in article 83.5 a) of the GDPR, the sanction that would correspond would be37 KB (5,914 words) - 10:42, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9920942 (category Article 5(1)(b) GDPR)fairness and transparency, as stipulated by Article 5(1)(a) GDPR, Article 12(1) GDPR, as well as Article 13(2) GDPR due to the lack of information on the period111 KB (17,635 words) - 13:18, 13 September 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 5 GDPR)infringement of Article 6(1) GDPR (440), and to take into account the additional infringement of the principle of fairness in Article 5(1)(a) GDPR in its adoption468 KB (51,340 words) - 14:10, 30 January 2023
- Rb. Amsterdam - C/13/696010 / HA ZA 21-81 (category Article 22 GDPR)consequently dismissed by Uber by solely algorithmic means in the sense of Article 22 GDPR. The Uber drivers were represented by the App Drivers & Couriers Union11 KB (1,518 words) - 09:26, 29 April 2021
- APD/GBA (Belgium) - 41/2022 (category Article 5(1)(c) GDPR)with the principles of data minimisation (Article 5(1)(c) GDPR) and of storage limitation (Article 5(1)(e) GDPR). Share your comments here! Share blogs or17 KB (2,519 words) - 16:04, 23 March 2022
- HmbBfDI (Hamburg) - Vermerk: Abdingbarkeit von TOMs (category Article 6(1)(a) GDPR)not necessarily meet the requirements of Article 32 GDPR. To what extent are the provisions in Article 32 GDPR obligatory and thus, not subject to the preferences30 KB (4,562 words) - 15:27, 6 December 2023
- DSB (Austria) - DSB-D213.1759 (category Article 5(1)(c) GDPR)hereinafter: GDPR), OJ L 119, 4 May 2016, p. 1.: Article 4, Article 5 Paragraph 1 Letter c, Article 6, Article 12 Paragraph 3, Article 51 Paragraph 172 KB (11,993 words) - 14:21, 10 April 2024
- AEPD (Spain) - PS/00227/2019 (category Article 6(1)(a) GDPR)Protection Agency to sanction XFERA for infringement of Article 6.1(a) of the RGPD, typified in Article 83.5(a) of the RGPD, with a fine of 60,000 euros. It was36 KB (5,821 words) - 14:20, 13 December 2023
- BVwG - W101 2218962-1 (category Article 4(1) GDPR)standard B-VG Art133 Para.4 DSG §24 paragraph 1 DSG §24 paragraph 5 GDPR Art12 GDPR Art15 GDPR Art4 VwGVG §28 paragraph 2 WTBG 2017 §80 saying W101 2218962-1/10E42 KB (6,586 words) - 09:33, 17 September 2022
- CNIL (France) - SAN-2021-014 (category Article 30 GDPR)for in Article 17 of the Rules. 3. On the breach of the obligation to implement a register of processing activities 52. Article 30 of the GDPR provides37 KB (6,021 words) - 07:23, 23 September 2021
- Parliament and of the Council of May 30, 2018 amending AMLD4 entered into force (AMLD5). The amended article 30 paragraph 5 stipulates that information about46 KB (7,547 words) - 10:47, 24 March 2021
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)Court found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw32 KB (5,236 words) - 16:00, 10 March 2022
- ANSPDCP (Romania) - 23.03.2023 (category Article 5(1)(a) GDPR)means were possible. The controller thus violated Article 5(1)(a), 5(1)(c), 5(1)(e), 5(2) and Article 6 GDPR. As such, the DPA imposed a fine in the amount8 KB (1,015 words) - 07:23, 5 April 2023
- AP (The Netherlands) - 10.12.2020 (Booking.com) (category Article 33(1) GDPR)referred to in Article 33(1) of the AVG.15 15 File note 1, Notification of personal data breach 7-2-2019. P 5. 3.4.3 Assessment Article 33(1) of the AVG77 KB (12,915 words) - 17:15, 12 December 2023
- AEPD (Spain) - EXP202104460 (category Article 7 GDPR)service in the terms required by article 22.2.”, and may be sanctioned with a fine of up to €30,000, in accordance with article 39 of the aforementioned LSSI31 KB (4,923 words) - 12:39, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9909907 (category Article 5 GDPR)anonymized. Therefore, the DPA found a violation of Article 5(1)(a), (b), (c), and (e) and Article 12(1) GDPR. For the reasons above, the DPA imposed a fine122 KB (19,640 words) - 08:16, 3 August 2023
- AEPD (Spain) - PS-00371-2021 (category Article 5(1)(f) GDPR)an infringement of article 32 of the RGPD and article 5.1.f) of the RGPD, typified, respectively, in article 83.4 and 83.5 of the GDPR. And that HERTZ DE46 KB (7,141 words) - 13:00, 18 January 2024
- DSB (Austria) - 2023-0.592.319 (category Article 83(5) GDPR)the GDPR against the controller, the DPA issued a fine of €12.100 in accordance with Article 83(4) GDPR, Article 83(5) GDPR and Article 83(6) GDPR. Both80 KB (13,263 words) - 13:06, 17 May 2024
- HDPA (Greece) - 10/2024 (category Article 5(1)(f) GDPR)right to the protection of personal data pursuant to Article 5(5)(a) of the GDPR. 1(f) of the GDPR. β. They have not implemented appropriate data protection25 KB (3,916 words) - 14:34, 24 April 2024
- Garante per la protezione dei dati personali (Italy) - 9685994 (category Article 5(1)(c) GDPR)it had found violations of Articles 5(1)(a)(c)(e), 13, 22(3), 25, 30(1)(c)(f)(g), 32, 35, 37(7), and 88 of the GDPR. In defensive briefs, UK Roofoods contended235 KB (38,572 words) - 10:19, 20 July 2022
- IMY (Sweden) - DI-2019-6696 (category Article 12(1) GDPR)required by Article 15(1)(a)-(h) and 15(2) GDPR via an online function. When Spotify provides a copy of personal data under Article 15(3) GDPR it includes157 KB (18,556 words) - 12:00, 28 June 2023
- Garante per la protezione dei dati personali (Italy) - 9803345 (category Article 5(1)(a) GDPR)controller violated Article 5(1)(a), 5(1)(c) and 6(1)(a)(f) GDPR and imposed a fine of €5,000. The motivation stated that Articles 5(1)(a), 5(1)(c) and 6(1)(a)(f)50 KB (7,892 words) - 15:00, 28 September 2022
- IP (Slovenia) - 0603-98/2022/6 (category Article 5(2) GDPR)first paragraph of Article 91 of ZVOP 1 and when applying the second paragraph of Article 26 of ZP 1, the first paragraph of Article 21 of ZP 1 and the25 KB (4,035 words) - 13:16, 26 July 2023
- Persónuvernd (Iceland) - 2020061954 (category Article 14(1) GDPR)6. tölul. Article 3 of the Act and point 7. Article 4 of the Regulation. The Chief Epidemiologist is required according to point 2. Article 5 Epidemiology88 KB (14,189 words) - 09:58, 7 December 2021
- BVwG - W176 2255954-1 (category Article 1 GDPR)even if Article 77 GDPR were considered to be applicable, there would be no incompatibility between Article 24 DSG and Article 77 GDPR: the GDPR does not27 KB (4,362 words) - 14:08, 5 July 2023
- BlnBDI (Berlin) - 521.11.871 (category Article 5(1)(a) GDPR)grounds., - 3 - Outfittery GmbH has thus violated Article 17(1), Article 5(1)(a) and Article 6(1) GDPR. III. As a result, we have decided not to take any12 KB (1,330 words) - 10:52, 30 June 2022
- AEPD (Spain) - PS/00194/2020 (category Article 6 GDPR)norm therefore by article 19 of the LOPD as business data. We consider relevant the legal basis by which, according to the article Article 65 of the LOPD33 KB (5,338 words) - 14:09, 13 December 2023
- CNIL (France) - SAN-2020-015 (category Article 32(1) GDPR)private doctor for violating Article 32 GDPR by making his patients' health data freely accessible on the web, and Article 33 GDPR by not notifying the DPA29 KB (4,374 words) - 16:03, 19 January 2024
- APD/GBA (Belgium) - 25/2024 (category Article 5(1)(d) GDPR)obligation in accordance with Article 5.1a) GDPR, in conjunction with Article 13 GDPR has not been fulfilled. 23. In accordance with Article 95, § 2, 3° of the WOG24 KB (3,474 words) - 13:30, 14 February 2024
- BVwG - W298 2252644-1 (category Article 5 GDPR)Chapter 3 of this federal law take precedence 2.3. Art. 5 GDPR reads: 2.3. Article 5, GDPR reads: "Article 5 Principles for the processing of personal data (1)59 KB (9,918 words) - 11:29, 21 June 2023
- Garante per la protezione dei dati personali (Italy) - 9983244 (category Article 5(1)(f) GDPR)considering that the controller violated Article 5 GDPR, Article 9 GDPR and Article 32 GDPR, as well as Article 2-septies(8) of the Italian Privacy Code47 KB (7,566 words) - 09:15, 28 February 2024
- CE - 431875 (category Article 4 GDPR)decision. Article 4: The State will pay the sum of 3,000 euros to Mr. A ...- C ... under article L. 761-1 of the code of administrative justice. Article 5: this19 KB (2,735 words) - 09:38, 26 November 2021
- RvS - 202000944/1/A3 (category Article 15(1) GDPR)of State in the Netherlands (RvS) held that a complainant cannot use Article 15 GDPR to find out who reported to the municipality that he may not be entitled16 KB (2,464 words) - 11:43, 10 September 2021
- Garante per la protezione dei dati personali (Italy) - 9864063 (category Article 5(1)(b) GDPR)justify it, in breach of Articles 5(1)(a) and 6 GDPR. Finally, the Italian DPA found a violation of Article 25(1) and (2) GDPR because the controller had not152 KB (24,743 words) - 14:39, 21 March 2023
- TS - 1039/2022 (category Article 5(1)(c) GDPR)provided for in Article 18 GDPR. As explained by the Court, Article 18(1) GDPR, in particular in paragraph (d), is linked to Article 21(1) GDPR, which guarantees44 KB (6,561 words) - 14:24, 24 November 2022
- Commissioner (Cyprus) - Decision of 27 November 2023 (category Article 5(2) GDPR)measures, thereby violating Article 32 GDPR and the principle of accountability under Article 5(2) GDPR. In light of Article 83 GDPR and taking all the above6 KB (661 words) - 09:16, 14 February 2024
- Supreme Court - C.20.0323.N (category Article 5(1)(c) GDPR)minimisation under Article 5(1)(c) GDPR, and contrary to the obligation to obtain the freely given consent of the data subject under Article 6(1)(a) GDPR, when refusal43 KB (6,749 words) - 07:07, 28 October 2021
- Garante per la protezione dei dati personali (Italy) - 9675440 (category Article 5(1)(c) GDPR)(Garante) held that Foodinho had violated Articles 5(1)(a), (c) and (e), 13, 22, 25, 30, 32, 35 and 37 of the GDPR through its use of algorithms to manage riders180 KB (29,599 words) - 13:51, 28 July 2021
- Garante per la protezione dei dati personali (Italy) - 9682641 (category Article 5 GDPR)personali” and of Article 9 GDPR as well as the principles of lawfulness, integrity and confidentiality of the processing as per Article 5 GDPR. In fact, according54 KB (8,636 words) - 08:47, 28 July 2021
- AEPD (Spain) - PS/00070/2020 (category Article 5(1)(a) GDPR)publication of the judgment breach the GDPR? The AEPD held that the respondent’s actions violated the GDPR Article 5(1)(a) requirement that processing must43 KB (7,001 words) - 13:56, 13 December 2023
- AEPD (Spain) - E/13223/2021 (category Article 5 GDPR)the necessary checks in accordance with Article 16 of the Spanish Citizen Safety Law (Ley Orgánica 4/2015, de 30 de marzo, de protección de la seguridad19 KB (2,818 words) - 17:41, 23 February 2022
- VG Hannover - 10 A 502/19 (category Article 5(1)(a) GDPR)Schantz, in: BeckOK Datenschutzrecht, 37th Ed., As of May 1st, 2020, Article 5 GDPR, Rn. 5) .27 The collection and processing of the date of birth in the ordering41 KB (6,779 words) - 12:35, 24 November 2021
- RvS - 201902925/1/A3 (category Article 5(1)(b) GDPR)request from Article 17(3)(e) to Article 6(4) GDPR without properly documenting or demonstrating how purpose compatibility criteria in GDPR are met. The23 KB (3,632 words) - 11:43, 10 September 2021
- APD/GBA (Belgium) - 135/2022 (category Article 4(23) GDPR)held that the controller violated Article 12(1) GDPR, Article 12(2) GDPR, Article 15(1) GDPR and Article 15(3) GDPR. The controller had deleted the data39 KB (5,674 words) - 08:57, 29 June 2023
- LG Augsburg - 022 O 2669/22 (category Article 5(1)(f) GDPR)Articles 5, 13, 14 GDPR), also the defendant clearly and in ease language pointed to the default settings, so no breach of Article 25 GDPR or Article 32 GDPR26 KB (4,101 words) - 10:24, 13 March 2024
- OLG Köln - 20 U 295/21 (category Article 12(5) GDPR)invoked the excessiveness of the request under Article 12(5) GDPR alleging that the data subject uses Article 15 GDPR only to verify the validity of the premium42 KB (6,689 words) - 08:30, 21 November 2022
- Garante per la protezione dei dati personali (Italy) - 9920977 (category Article 13 GDPR)conformity with the data subject’s rights of information under Article 13 GDPR and Article 14 GDPR, the hospital should firstly make clear what the legal basis92 KB (14,476 words) - 08:25, 19 September 2023
- APD/GBA (Belgium) - 172/2022 (category Article 6 GDPR)in the GDPR”, adopted on July 7, 2021. 6 GDPR, Art. 12. 7GDPR, Art. 12.2 and 12.3. 8 GDPR, Art. 12.3. 9 GDPR, art. 12.3. Decision 172/2022 - 5/13 16. In43 KB (6,300 words) - 11:35, 20 December 2022
- Garante per la protezione dei dati personali (Italy) - 9779098 (category Article 5 GDPR)dati personali - GDPD) found that the controller had violated Article 5 and Article 9 GDPR; it fined the controller €40,000, balancing, among other things30 KB (4,446 words) - 14:47, 13 June 2022
- VG Köln - 25 K 2138/19 (category Article 16 GDPR)claim was Article 16 GDPR, as § 12 Bundesmeldegesetz (BMG - Federal Registration Act) clarifies. Then, it held that the legal requirements of Article 16 GDPR39 KB (6,235 words) - 11:14, 15 June 2022
- Garante per la protezione dei dati personali (Italy) - 9979112 (category Article 37(7) GDPR)procedure under Article 58(2) GDPR. The DPA also invited the controller to provide its defence in writing. The Italian DPA noted that Article 37(7) GDPR not only34 KB (5,295 words) - 10:52, 21 February 2024
- AEPD (Spain) - PS/00040/2020 (category Article 15 GDPR)(hereinafter, LPACAP), for the alleged violation of article 15 of the RGPD, in accordance with article 83.5 b) of the RGPD. Against the initial agreement, no38 KB (6,303 words) - 13:50, 13 December 2023
- VG Berlin - 1 K 561/21 (category Article 4(1) GDPR)constitute perosnal data under Article 4(1) GDPR, since the individuals are identifiable and also because under Article 11 GDPR, it is not mandatory that individuals57 KB (9,204 words) - 10:55, 23 November 2023
- CJEU - C-280/22 - Kinderrechtencoalitie Vlaanderen and Liga voor Mensenrechten v Belgian State (category Article 5 GDPR)Are Article 3(5) and (6) and Article 14 of Regulation (EU) 2019/1157, read in conjunction with Commission Implementing Decision C(2018) 7767 of 30 November7 KB (740 words) - 11:43, 7 September 2022
- Garante per la protezione dei dati personali (Italy) - 9778996 (category Article 5(1) GDPR)and (1)(e) of Article 6 GDPR. The violation of Article 2-ter of the Code is a direct consequence of the violation of Articles 5 and 6 GDPR. Finally, the49 KB (7,883 words) - 15:12, 13 July 2022
- HDPA (Greece) - 4/2023 (category Article 5(1)(a) GDPR)organization (definition) Article 5.1 : Principles of data processing Article 5.1.a : Principle of legality, objectivity and transparency Article 5.1.b : Principle10 KB (1,249 words) - 12:16, 8 May 2023
- APD/GBA (Belgium) - 145/2022 (category Article 5(1)(c) GDPR)complaint with Article 5(1)(c) GDPR. However, Article 58(2)(b) GDPR contains the authority of the DPA to reprimand a controller. Article 58(2)(c) GDPR contains18 KB (2,545 words) - 16:10, 25 October 2022
- APD/GBA (Belgium) - 99/2023 (category Article 5(1)(c) GDPR)compliance with Article 5.1.c) of the GDPR (minimization) 30. The Litigation Chamber also recalls that pursuant to Article 5.1.c) of the GDPR, personal data33 KB (5,012 words) - 14:07, 26 July 2023
- CNIL (France) - SAN-2020-056 (category Article 5(1)(d) GDPR)to compliance with transparency obligations (Articles 5.1.a) and 12 to 14 of the GDPR), Article 5 of the draft decree specifies, on the one hand, that data43 KB (6,847 words) - 17:11, 6 December 2023
- paragraph of Article 5 of ZKme-11, the second paragraph of Article 3 of the Rulebook on RKG2 and point a) of the third paragraph of Article 5 of the Rulebook30 KB (4,951 words) - 10:08, 8 March 2023
- UODO (Poland) - DKN.5131.31.2021 (category Article 5(1)(a) GDPR)controller violated Article 33(1) GDPR by failing to inform the DPA of the data breach. Second, the DPA held that the controller violated Article 28(1), (3) and105 KB (17,237 words) - 09:22, 10 May 2023
- DSB (Austria) - 2021-0.119.956 (category Article 5(1)(e) GDPR)2 a) Basic information about Article 15 GDPRa) Basic information about Article 15 GDPR Pursuant to Article 15 Para. 1 GDPR, the data subject has the right50 KB (8,021 words) - 15:40, 18 January 2024
- Garante per la protezione dei dati personali (Italy) - 9682619 (category Article 5(1)(a) GDPR)that the Local Health Authority of Romagna violated art. 5(2)(a), 5(2)(f), and 9 of the GDPR because the data processing (the transfer of the personal45 KB (7,200 words) - 08:46, 28 July 2021
- Garante per la protezione dei dati personali (Italy) - 9754332 (category Article 28(2) GDPR)out its obligations related to the security of data processing under Article 32 GDPR. Additionally, the Garante held that Hostinger, the third party sub-contracted37 KB (6,034 words) - 16:59, 23 March 2022
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose52 KB (7,520 words) - 13:13, 20 July 2021
- Persónuvernd - 2020010616 (category Article 5(1)(c) GDPR)processing principles under Article 5 GDPR? Did an exception to the prohibition of processing of health data under Article 9(2) GDPR apply? The Icelandic DPA23 KB (3,612 words) - 13:17, 17 July 2020
- Garante per la protezione dei dati personali (Italy) - 9920664 (category Article 5(1)(a) GDPR)with a private company without comply with the Article 28 GDPR, Article 5 (1)(a) GDPR and Article 6 GDPR. The municipality of Modica has concluded an agreement40 KB (6,389 words) - 16:19, 5 September 2023
- Garante per la protezione dei dati personali (Italy) - 9885127 (category Article 5(1)(c) GDPR)residents. The Italian DPA issued €2,000 fine for violation of Article 9(1) and (2) GDPR. On 5 August 2021, a condominium manager, acting as the controller30 KB (4,806 words) - 10:14, 7 June 2023
- Garante per la protezione dei dati personali (Italy) - 9973790 (category Article 5(1)(f) GDPR)Italian DPA reprimanded a processor for having breached Article 5(1)(f) GDPR and Article 32 GDPR since, following a software update, the platform of a healthcare89 KB (14,492 words) - 12:52, 14 February 2024
- APD/GBA (Belgium) - 67/2024 (category Article 5(1)(c) GDPR)deemed liable under Article 5(2) GDPR to be responsible for compliance with the provisions referred to in paragraph 1 of this article principles regarding35 KB (5,196 words) - 15:50, 7 May 2024
- FG Niedersachsen - 12 K 213/19 (category Article 2(2)(a) GDPR)accordance with Article 15 (1) GDPR. They argued that the scope of application of the GDPR is not excluded according to Article 2 (2) because the GDPR should be14 KB (2,189 words) - 12:34, 4 March 2022
- Garante per la protezione dei dati personali (Italy) - 9825667 (category Article 5(1)(e) GDPR)violated Articles 5(2), 24 and 25(1) GDPR. At last, the DPA established a violation of Article 5(2), Article 24 and Article 13 GDPR, for failing to provide131 KB (21,176 words) - 12:52, 20 December 2022
- APD/GBA (Belgium) - 159/2022 (category Article 5(1)(b) GDPR)processed (Article 5.1.b) and (e) GDPR). 1 11. Indeed, by virtue of the combination of the principles of finality (article 5.1.b) of the GDPR) and limitation28 KB (4,300 words) - 15:48, 16 November 2022
- Garante per la protezione dei dati personali (Italy) - 9893718 (category Article 5(1)(a) GDPR)Article 5(2), 6, 7, 13, 28, 29, and 30 GDPR; SESTA IMPRESA was fined €300,000 for violating Articles 5(1)(a), 6, 7, 28, 29, and 32 GDPR as well as Art. 2-quaterdecies141 KB (23,423 words) - 08:10, 14 June 2023
- APD/GBA (Belgium) - 03/2024 (category Article 12 GDPR)infringed Article 12(3) GDPR, Article 12(4) GDPR and Article 17(1) GDPR and ordered the controller to deal with the data subject's request within 30 days after17 KB (2,442 words) - 12:17, 27 March 2024
- APD/GBA (Belgium) - 135/2023 (category Article 5(1)(b) GDPR)warning in response to violations of Articles 5(1)(b) and 5(1)(c) GDPR, Article 6(1) GDPR and Article 13(1)(c) GDPR committed by an employer, who had continued27 KB (4,043 words) - 11:36, 11 October 2023
- Garante per la protezione dei dati personali (Italy) - 9880336 (category Article 5(1) GDPR)DPA found that the controller violated the following GDPR provisions: Articles 5(1), 6(1) and 7 GDPR for acquiring personal data from a third party for marketing52 KB (8,324 words) - 15:03, 9 May 2023
- CNPD (Luxembourg) - Délibération n°18FR/2021 (category Article 38(1) GDPR)investigation relates to Article 38.1 of the GDPR so that the explanations of the agent of the controlled under Article 37.2 of the GDPR are not relevant in57 KB (8,374 words) - 08:31, 16 June 2021
- APD/GBA (Belgium) - 161/2023 (category Article 4(11) GDPR)(implementing provisions of the “e-Privacy Directive”) and 3 Article 6.1.a. of the GDPR. In accordance with article 61 of the LCA, the Litigation Chamber informs the61 KB (8,521 words) - 14:59, 6 February 2024
- Garante per la protezione dei dati personali (Italy) - 9960920 (category Article 5(1)(a) GDPR)and transparency, as outlined in Article 5(1)(a) GDPR. In the exercise of its authority under Article 58(2)(f) GDPR, the DPA imposed a ban on the processing27 KB (4,036 words) - 13:37, 2 January 2024
- AEPD (Spain) - EXP202204836 (category Article 15 GDPR)violation of article 15 of the RGPD. V Classification of the violation of article 15 of the GDPR If confirmed, the aforementioned violation of article 15 of the52 KB (8,320 words) - 13:18, 14 February 2024
- APD/GBA (Belgium) - 160/2022 (category Article 12(3) GDPR)(Articles 15 and 17 GDPR). The DPA held that the controller breached Articles 12(3) GDPR, Article 15(1) GDPR and Article 17(1) GDPR by not responding to17 KB (2,401 words) - 16:49, 29 November 2022
- RvS - 201901006/1/A2 (category Article 79 GDPR)and annulled that decision, in so far as it did not award any compensation. 5. 5. [Appellant] claims to be entitled to higher compensation than € 300.00.34 KB (5,179 words) - 07:10, 7 April 2020
- VG Berlin - 1 K 391/20 (category Article 91(1) GDPR)nature. As Article 91(2) GDPR explicitly mentions that the specific supervisory authority must fulfill the conditions of Chapter VI of the GDPR, such reference36 KB (5,768 words) - 14:17, 18 May 2022
- ICO - Monetary Penalty on Marriott International Inc. (category Article 5(1)(f) GDPR)1 GDPR sets out the general provisions. Article 5 of Chapter I GDPR sets out the principles relating to the processing of personal data. Article 5(1) lists241 KB (31,368 words) - 09:59, 9 May 2022
- BVwG - W256 2234976-1 and W256 2234976-2 (category Article 5 GDPR)the basis of consent by the data subject under Article 6(1)(a) GDPR. Hence, pursuant to Article 6(1)(f) GDPR, the court further examined whether processing65 KB (10,586 words) - 15:06, 18 January 2024
- Datatilsynet (Denmark) - 2019-31-1424 (category Article 15 GDPR)Thus, it violated Article 15 GDPR. The Datatilsynet issued an injunction and ordered the company, as foreseen under 58(2)(c) GDPR, to carry out a concrete33 KB (5,189 words) - 16:23, 6 December 2023
- APD/GBA (Belgium) - 165/2022 (category Article 5(1)(a) GDPR)violation of Article 5 (1) (a) and (2) GDPR, Article 6 (1) GDPR and Article 24 (1) of the GDPR; and - no violation of Article 12 (1) GDPR, Article 13 (1) and28 KB (4,010 words) - 13:40, 14 December 2022
- HDPA (Greece) - 25/2022 (category Article 5(1)(a) GDPR)principles of article 5 par. 1 GDPR. It's not a coincidence that the GDPR includes accountability (already mentioned above article 5 par. 2 GDPR) in the regulation48 KB (7,803 words) - 13:29, 11 October 2022
- Datatilsynet (Norway) - 20/01626 (category Article 5(1)(a) GDPR)processing as per Article 5(1)(b), nor legal grounds as per Article 6. In sum, the DPA found that NIF had breached Article 5(1)(a), (c) and (f), Article 6, and Article50 KB (8,081 words) - 18:52, 5 March 2022
- APD/GBA (Belgium) - 52/2024 (category Article 5(1)(a) GDPR)the Disputes Chamber judges that it is possible Article 5.1.a), Article 5.1.b) and Article 6.1 of the GDPR has been infringed. II.2. The basic principle21 KB (3,024 words) - 09:26, 17 April 2024
- APD/GBA (Belgium) - 35/2024 (category Article 5(1)(a) GDPR)accordance with Article 5.1.a) j° Article 6.1 of the GDPR, any processing of personal data have a legal basis. Article 6.1 of the GDPR stipulates that27 KB (4,006 words) - 10:14, 17 March 2024
- Rb. Overijssel - ZWO 22/775 (category Article 4(1) GDPR)that the plaintiff violates Article 5, first paragraph under a, jo. Article 6(1) of the GDPR has processed personal data. 5. The documents submitted by26 KB (4,142 words) - 15:30, 27 March 2024
- Datatilsynet (Denmark) - 2021-423-0234 (category Article 32 GDPR)appropriate technical and organisational measures, as required by Article 32(1) GDPR, to ensure the proper administration of welfare. In summer 2021, the14 KB (2,094 words) - 11:21, 26 January 2022
- APD/GBA (Belgium) - 79/2023 (category Article 5(1)(d) GDPR)Decision 79/2023 - 5/11 15. Article 16 of the GDPR is closely linked to the principle of correctness enshrined in Article 5.1.d) of the GDPR according to which31 KB (4,567 words) - 14:00, 5 July 2023
- AEPD (Spain) - PS/00301/2020 (category Article 5(1)(d) GDPR)B28905784, for an infringement of the article 5.1.d) of the GDPR, in accordance with article 83.5 a) of the GDPR, with a fine of 10,000 euros (ten honey28 KB (4,554 words) - 11:33, 30 June 2021
- Garante per la protezione dei dati personali (Italy) - 9897055 (category Article 5 GDPR)above, the DPA concluded that the processing violated Article 5(1)(a) and (c) as well as Article 9 GDPR, prohibiting the controller to further process the19 KB (2,912 words) - 12:00, 26 July 2023
- Garante per la protezione dei dati personali (Italy) - 0007060 (category Article 5(1)(e) GDPR)breach of Article 5(1)(e) GDPR regarding storage limitation. As a result of the foregoing, Coop Italia was held liable for breach of Article 5(1)(e), Article94 KB (14,814 words) - 14:42, 30 April 2024
- NSA - III OSK 6781/21 (category Article 17 GDPR)exemptions from the applicability of the GDPR for journalistic activity, based on Article 85(2) GDPR. According to Article 2(1) of the Polish Data Protection49 KB (7,938 words) - 15:32, 28 March 2023
- Garante per la protezione dei dati personali (Italy) - 9955735 (category Article 5(1)(a) GDPR)further data dissemination on the controller for violating Article 5 GDPR and Article 12 GDPR. The case involves a complaint filed against Edizioni Proposta31 KB (4,659 words) - 15:22, 12 December 2023
- AEPD (Spain) - PS/00044/2020 (category Article 13 GDPR)of article Article 24.1, and in relation to the obligations referred to in the previous section, The information obligation provided for in Article 5 of39 KB (6,270 words) - 13:51, 13 December 2023
- ICO (UK) - Cabinet Office (category Article 5(1)(f) GDPR)the GDPR and DPA 2018. They are obliged by Article 5(2) of the GDPR to adhere to the data processing principle set out in Article 5(1). 8. Article 5(1)(f)79 KB (10,566 words) - 10:48, 7 December 2021
- LG Heidelberg - 4 S 1/21 (category Article 82 GDPR)term "pain and suffering" is not used in Art. 82 GDPR or in the other norms of the GDPR. Art. 82 (1) GDPR only standardizes a “claim for damages” for every19 KB (3,085 words) - 15:59, 20 April 2022
- Garante per la protezione dei dati personali (Italy) - 9828059 (category Article 5(1) GDPR)data protection and breached the GDPR (article 5(1)(a) and (c) and 6 GDPR) as well as the Legislative Decree no. 196 of 30 June 2003 on the "Personal Data29 KB (4,487 words) - 12:48, 16 June 2023
- Garante per la protezione dei dati personali (Italy) - 9677521 (category Article 5(1)(a) GDPR)patients with HIV infections can access dental services. Meanwhile, Article 5 GDPR provides that personal data must be processed in a lawful and transparent56 KB (8,926 words) - 14:57, 14 July 2021
- Garante per la protezione dei dati personali (Italy) - 9838992 (category Article 5(1)(a) GDPR)violation the Article 5(1)(a) GDPR principle of lawfulness, fairness, and transparency, and the transparency obligations in Article 13 GDPR. Furthermore41 KB (6,437 words) - 12:47, 8 February 2023
- of the controller to cease unlawful treatment, and a fine under the Article 83(1) GDPR. Considering the facts of the case and the changes requested by the6 KB (483 words) - 12:23, 27 February 2024
- DBEB/AVPD (Basque Country) - DICTAMEN No D22-013 (category Article 5 GDPR)limitation contained in Article 5(1)(b) GDPR. In the case of the principle of integrity and confidentiality of Article 5(1)(f) GDPR, it is mandatory to guarantee24 KB (3,389 words) - 16:31, 15 November 2022
- OVG Saarlouis - 2 A 370/20 (category Article 15 GDPR)the existence of a legal or legitimate interest. According to Article 15(1) of the GDPR, the data subject had the right to request confirmation from the60 KB (10,075 words) - 12:52, 4 October 2021
- ICO - FS50867142 (category Article 5(1)(a) GDPR)according to Article 5(1)(a) GDPR. As for the lawfulness, the ICO considers that there is a legitimate interest according to Article 6(1)(f) GDPR. However4 KB (402 words) - 16:37, 7 March 2022
- Garante per la protezione dei dati personali (Italy) - 9932951 (category Article 5 GDPR)data controller) to exercise her rights provided for from Article 15 GDPR to Article 22 GDPR but did not receive feedback. On 2 March 2023, the Italian39 KB (6,150 words) - 07:57, 4 October 2023
- APD/GBA (Belgium) - 02/2023 (category Article 12(3) GDPR)on the merits in accordance with Article 98 ff. WOG , at: - on the basis of Article 58.2, c) GDPR and Article 95, §1, 5° WOG, to order the defendant to15 KB (2,043 words) - 15:41, 24 January 2023
- OLG Dresden - 4 U 1158/21 (category Article 5(1)(b) GDPR)"controllers" within the meaning of Article 4(7) GDPR. On the award of damages, the Court pointed out that, under Article 82 GDPR, any assessment of harm must4 KB (494 words) - 11:50, 21 January 2022
- APD/GBA (Belgium) - 84-2022 (category Article 5(1)(a) GDPR)processing of the personal data (Article 5(1) GDPR). The controller did not demonstrate a contractual relationship (Article 6(1)(b)) with the lawyers concerned14 KB (2,020 words) - 16:07, 22 June 2022
- BVwG - W176 2247074-1 (category Article 5 GDPR)12/21/2022 standard B-VG Art133 Para.4 DSG §1 GDPR Art16 GDPR Art17 GDPR Art18 GDPR Art21 GDPR Art4 GDPR Art5 GDPR Art6 Para.1 litf Trade Regulations 1994 §15263 KB (10,263 words) - 09:09, 16 February 2023
- BVwG - W274 2240078-1 (category Article 5 GDPR)concerned initially presented Article 17 (1) (a) GDPR and Article 6 (1) (f) GDPR in more detail, as well as Article 5 (1) (b) GDPR. She also referred to her37 KB (5,980 words) - 11:06, 21 January 2022
- VG Mainz - 1 K 467/19.MZ (category Article 5(1)(a) GDPR)constituted health data under Article 9(1) and Article 4(15) GDPR but the transfer was nevertheless admissible pursuant to Article 9 GDPR, as the strict requirements34 KB (5,514 words) - 15:11, 22 March 2022
- Garante per la protezione dei dati personali (Italy) - 9973749 (category Article 5(1)(c) GDPR)contravening Article 6 GDPR and the principle of data minimization outlined in Article 5(1)(c) GDPR. The alleged justifications under Article 6(1)(c) GDPR and Article38 KB (6,029 words) - 11:02, 13 March 2024
- Garante per la protezione dei dati personali (Italy) - 9880317 (category Article 5(1)(a) GDPR)Articles 5(1)(a) and 6(1)(a) GDPR. The Italian DPA ordered the controller to erase personal data and stop the processing pursuant to Article 58(2)(d) and40 KB (6,513 words) - 13:47, 3 May 2023
- AP (The Netherlands) - 14.01.2022 (category Article 5(1)(c) GDPR)2019 Pursuant to article 58, second paragraph, opening words and article 83, fifth paragraph, of the GDPR, read in in connection with article 14, third paragraph50 KB (7,656 words) - 17:05, 12 December 2023
- Datatilsynet (Norway) - 20/01813 (category Article 5(1)(f) GDPR)safety for the processing of personal data under Article 32 GDPR, Article 24, Article 5(1)(f) and Article 5(2), as well as § 26(1) of the Personal Data Act36 KB (5,150 words) - 17:58, 31 October 2021
- Garante per la protezione dei dati personali (Italy) - 9873031 (category Article 5(1)(a) GDPR)DPA found a violation of Article 5(1)(a) GDPR and adopted a ban on further processing operations pursuant to Article 58(2)(f) GDPR. However, the DPA held40 KB (6,428 words) - 08:45, 12 April 2023
- APD/GBA (Belgium) - 101/2022 (category Article 5(1)(f) GDPR)arising from Article 5.2 and Article 24 GDPR whereby it is up to the defendant to demonstrate that it also acts in accordance with Article 5.1.f GDPR namely:88 KB (13,264 words) - 09:09, 29 June 2022
- Garante per la protezione dei dati personali (Italy) - 9994882 (category Article 5(1)(f) GDPR)elements according to Article 83 GDPR, the DPA imposed a fine in the amount of €18,000 for a violation of Article 5, 9, 32 GPDR and Article 157 of the Italian44 KB (6,958 words) - 13:31, 23 April 2024
- Garante per la protezione dei dati personali (Italy) - 9925674 (category Article 5(1)(a) GDPR)constituting a breach of Article 12(2) GDPR and Article 12(3) GDPR, as well as Article 15 GDPR, Article 17 GDPR and Article 21(2) GDPR. Thus, the calls carried63 KB (9,986 words) - 12:04, 11 October 2023
- DSB (Austria) - DSB-D770.1336 (category Article 6(1)(e) GDPR)paragraph 5, as well as paragraph 30, paragraph 5, of the Data Protection Act (DSG), Federal Law Gazette Part One, No. 165 from 1999, idgF; Article 51, paragraph31 KB (4,841 words) - 16:21, 19 December 2023
- Garante per la protezione dei dati personali (Italy) - 9771545 (category Article 5(1)(a) GDPR)duties under Article 13 GDPR, as the information allegedly provided to the data subject lacked the requirements laid down in said Article, and the relevant43 KB (6,766 words) - 14:59, 2 May 2023
- AEPD (Spain) - TD/00277/2020 (category Article 17 GDPR)of these data (hereinafter, GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish40 KB (6,518 words) - 13:29, 13 December 2023
- Datatilsynet (Denmark) - 2021-442-12924 (category Article 32(1) GDPR)security, cf. Article 4, no. 12 of the Data Protection Regulation. 3.1. Article 32 of the Data Protection Regulation It follows from Article 32 (1) of the29 KB (4,593 words) - 07:34, 11 April 2022
- AP (The Netherlands) - 16.06.2020 (category Article 4(12) GDPR)under Article 4(12) GDPR. Second, the AP found that PVV Overijssel was obliged to notify the data breach to the AP within 72 hours pursuant to Article 33(1)54 KB (8,224 words) - 17:07, 12 December 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 5(1)(f) GDPR)infringements of Article 5(1)(f), Article 24, and Article 32 GDPR, and to the objection of the IT SA on the possible infringement of Article 5(2) GDPR, the EDPB183 KB (30,819 words) - 09:50, 20 January 2023
- VG Berlin - VG 3L 1028.19 (category Article 17(1)(a) GDPR)Buchner, GDPR BDSG, 2nd edition 2018, Art. 5 GDPR marginal 8). Even if the data is “only” incorrect, the requirements of Article 17 (1) (d) GDPR can be met30 KB (4,986 words) - 15:50, 17 March 2022
- RvS - 202001436/1/A2 (category Article 15(3) GDPR)additions were complex in fact or in law. - Article 47 of the Charter and Article 6 of the ECHR 5.7. Article 47 of the Charter states that the right to21 KB (3,368 words) - 20:43, 26 July 2020
- APD/GBA (Belgium) - 57/2021 (category Article 5(1)(a) GDPR)result of the violations of article 5.1 a), article 5.2, article 6.1, article 12.1, article 13.1 c) and d) and article 13.2 b) GDPR. 21. On 17 June 2020, the99 KB (15,064 words) - 14:05, 2 June 2021
- FG Berlin-Brandenburg - 16 K 2059/21 (category Article 14(5)(b) GDPR)court emphasised that some scholars even apply Article 14(5)(b) GDPR analogously to Article 15(1) GDPR even though it did not create an analogy itself117 KB (19,778 words) - 14:27, 13 April 2022
- Garante per la protezione dei dati personali (Italy) - 9996588 (category Article 12(3) GDPR)ordered to comply with the access request according to Article 15 GDPR and fined in the amount of €5,000. Share your comments here! Share blogs or news articles36 KB (5,693 words) - 11:50, 3 April 2024
- ICO - FS50883133 (category Article 5(1)(a) GDPR)to the Art. 5(1)(a) of the GDPR. With regards to the lawfulness of the request, one of the legal bases listed in Article 6(1) of the GDPR must apply to6 KB (687 words) - 13:45, 16 July 2020
- ICO - FS50834927 (category Article 5(1)(a) GDPR)lawfulness principle in Article 5(1)(a) of the GDPR would be contravened by the disclosure of information, Article 6(1) of the GDPR (lawfulness) is to be24 KB (3,788 words) - 16:22, 7 March 2022
- APD/GBA (Belgium) - 158/2022 (category Article 6 GDPR)and 12.4 of the GDPR, as well as Article 17.1 of the GDPR, which in this case justifies taking a decision on the basis of Article 95, § 1, 5° of the LCA,42 KB (6,128 words) - 12:47, 16 November 2022
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)time, which is a violation of the GDPR. As to the claim for damages, the CoS notes that though Article 82(1) of the GDPR states that full compensation for37 KB (5,721 words) - 12:41, 16 September 2021
- IP (Slovenia) - 0609-20/2024/6 (category Article 6(1)(a) GDPR)court fee of €30. Article 96(1)(1) ZVOP 2 (infringements of the provisions of Article 83(4) GDPR) (1) A fine of between EUR 100 and EUR 5 000 shall be imposed14 KB (2,075 words) - 14:30, 30 April 2024
- APD/GBA (Belgium) - 60/2024 (category Article 5(1)(f) GDPR)first paragraph of the same article (principle commonly called “accountability”). 12. Point f) of Article 5.1 of the GDPR more specifically provides that17 KB (2,386 words) - 07:43, 30 April 2024
- OLG Dresden - 4 U 324/21 (category Article 15 GDPR)pecuniary damages under Article 1, in conjunction with Article 2(1) Grundgesetz or for non-pecuniary damages under Article 82 GDPR because of the loss of28 KB (4,704 words) - 15:29, 10 November 2021
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On October 13, 2022, DIGI requests the49 KB (7,973 words) - 13:25, 13 December 2023
- EFTA Court - Joined Cases E-11/19 and E-12/19 (category Article 57(3) GDPR)complaint lodged under Article 77 of the GDPR, or proceedings based on Article 78(1) of the GDPR, is not precluded by the GDPR or any other provision of59 KB (8,242 words) - 10:47, 17 March 2021
- APD/GBA (Belgium) - 188/2022 (category Article 5(1) GDPR)stipulated in Article 5 (1) GDPR. Although Article 5(1) and (2) GDPR are closely related means any violation of the accountability of Article 5 (2) GDPR is not95 KB (14,325 words) - 14:27, 25 January 2023
- LAG Düsseldorf - 12 Sa 18/23 (category Article 82 GDPR)tried to base the processing on contract (Article 6(1)(b) GDPR) or legitimate interest (Article 6(1)(f) GDPR), the requirement of necessity was not met102 KB (17,108 words) - 09:44, 15 February 2024
- APD/GBA (Belgium) - 09/2023 (category Article 12(3) GDPR)controller violated Article 12(3) GDPR, 12(4) GDPR and Article 17(1) GDPR and ordered it to comply with the erasure request within a timeframe of 30 days from the16 KB (2,239 words) - 19:52, 15 February 2023
- Garante per la protezione dei dati personali (Italy) - 9817535 (category Article 5(2) GDPR)transparency from Article 5(1)(a) GDPR. Therefore, the controller violated the principle of accountability provided by Article 5(2) and 24 GDPR for the failure56 KB (8,922 words) - 10:20, 16 November 2022
- AEPD (Spain) - PS/00247/2019 (category Article 32(2) GDPR)employee of the entity - infringes Article 32. 2 and 32.4 of the RGPD, an infringement punishable under Article 83.4.a of the GDPR. Assessing the circumstances39 KB (6,720 words) - 14:22, 13 December 2023
- APD/GBA (Belgium) - 51/2024 (category Article 5(1)(a) GDPR)6GDPR,Article 5.1.b),Article 5.1.a)j°Article 13andArticle 27 GDPR due to the current processing activities. 23. The purpose of this decision is to inform the19 KB (2,807 words) - 11:02, 17 April 2024
- IDPC (Malta) - CDP/COMP/344/2022 (category Article 5(2) GDPR)controller within the meaning of Article 4(7) GDPR. The DPA analysed the requirements under Article 4(7) GDPR and Article 5(2) GDPR, together with the EDPB guidelines6 KB (693 words) - 09:56, 13 November 2023
- Garante per la protezione dei dati personali (Italy) - 9921112 (category Article 5(1)(a) GDPR)personal data during the promotional phone call. Article 5(1)(a), Article 6(1)(a) and Article 7 GDPR, for having carried out promotional telephone calls87 KB (13,867 words) - 13:11, 28 September 2023
- Garante per la protezione dei dati personali (Italy) - 9791886 (category Article 35 GDPR)consultation. of the Guarantor pursuant to article 36 of the Regulation "(article 110 of the Code, article 9, paragraph 2, letter j) and par. 4 of the97 KB (15,437 words) - 11:27, 16 August 2022
- BGH - I ZR 7/16 (category Article 4(11) GDPR)and Article 2(f) of Directive 2002/58/EC, as amended by Article 2(5) of Directive 2009/136/EC, in conjunction with Article 2(h) of Directive 95/46/EC, if52 KB (8,575 words) - 15:55, 22 March 2022
- NAIH (Hungary) - NAIH-180-16/2022 (category Article 5(2) GDPR)grounds for processing under Article 6(1) GDPR. Finally, the NAIH held that the controller was in breach of Article 12(2) GDPR for mis-registering the data57 KB (9,033 words) - 16:35, 27 April 2022
- APD/GBA (Belgium) - 18/2023 (category Article 5(1)(a) GDPR)constitute a violation of Article 5.1.a and Article 6.1 of the GDPR. - pursuant to Article 58.2.c) of the GDPR and Article 95, §1, 5° of the LCA, to order29 KB (4,332 words) - 13:51, 21 March 2023
- RvS - 202100165/1/A3 (category Article 17(3)(e) GDPR)the GDPR, a controller may first assess, in view of the system and the text of that Article, whether the exception in Article 17(3)(e) of the GDPR applies27 KB (4,241 words) - 11:28, 28 July 2022
- IP (Slovenia) - 0603-46/2023/13 (category Article 13 GDPR)amount of 30.00 euros based on the first paragraph of Article 143 in relation to the first paragraph of Article 144 and the second paragraph of Article 58 of12 KB (1,770 words) - 16:59, 5 December 2023
- AEPD (Spain) - 0098/2022 (category Article 6(1)(e) GDPR)assessment and an additional DPIA under Article 35 GDPR, in order to guarantee the adherence to the principles of Article 5 GDPR. First, the Spanish DPA stated56 KB (8,102 words) - 13:57, 1 February 2023
- Datatilsynet (Denmark) - 2023-431-0001 (category Article 5(1)(a) GDPR)breached Article 6(1)(e) GDPR and ordered all 53 municipalities to bring their processing in line with Article 5(1)(a) GDPR, Article 6(1) GDPR, by ensuring158 KB (25,068 words) - 12:28, 14 February 2024
- OVG Hamburg - 5 Bs 152/20 (category Article 4(2) GDPR)decision based on Article 58(2)(d) GDPR. The property company filed an application for interim relief against this order. By decision of 30 July 2020, the45 KB (7,219 words) - 13:48, 24 January 2022
- APD/GBA (Belgium) - 72/2023 (category Article 15 GDPR)requirements of Article 15 of the GDPR. 23. Even assuming that the complaint should be interpreted as a request based on Article 15 of the GDPR (and to which21 KB (3,040 words) - 07:38, 21 June 2023
- APD/GBA (Belgium) - 95/2023 (category Article 4(1) GDPR)Litigation under article 62, § 1 of the LCA. er 8. On March 30, 2022, the Litigation Division decides, pursuant to Article 95, § 1, 1° and article 98 of the LCA27 KB (3,839 words) - 13:12, 18 July 2023
- AEPD (Spain) - PS-00563-2022 (category Article 5(2) GDPR)000 be set for the infringement of Article 13 GDPR as defined in Article 83(5) GDPR. Pursuant to Article 58(2)(d) GDPR the Spanish DPA ordered the controller8 KB (1,017 words) - 09:54, 18 January 2024
- OVG Bautzen - 3 B 357/20 (category Article 5 GDPR)accordance with Article 6(2) GDPR and Article 6(3) GDPR for adaptation to the application of Article 6(1)(c) GDPR and Article 6(1)(e) GDPR. The court stressed111 KB (18,198 words) - 11:22, 27 November 2023
- IP - 0610-376/2020/35 (category Article 13(1) GDPR)pursuant to Article 54 of ZVOP-1, points (a), (d) and (f) of Article 58 (2) of the General Regulation, Articles 29 and 32 of the ZIN and Article 221 ZUP,110 KB (17,995 words) - 11:15, 22 April 2021
- Gerechtshof Amsterdam - 200.280.852/01 (category Article 6(1)(e) GDPR) (section Was the introduction of Proctorio compliant with the GDPR?)processing is based on Article 6(1)(e) of the GDPR. This data processing also complies with the due care requirements set by the GDPR. There is therefore53 KB (8,177 words) - 12:30, 4 October 2021
- APD/GBA (Belgium) - 137/2023 (category Article 14(5)(c) GDPR)transparency under Article 12(1) GDPR and Article 14 GDPR, as the controller had failed to fulfill the informational obligations under Article 14 GDPR. The municipality52 KB (7,789 words) - 11:38, 11 October 2023
- Garante per la protezione dei dati personali (Italy) - 9842783 (category Article 5 GDPR)Italian DPA concluded that the controller breached Article 5 GDPR, Article 6 GDPR and Article 9 GDPR and Articles 2-ter as well as 2-septies (8) of the51 KB (8,159 words) - 00:03, 18 January 2023
- Supreme Court - III CZP 78/19 (category Article 5 GDPR)defendant is Article 159(2)(4) of the Polish Telecommunications Law, in conjunction with Article 30, Article 32(2), Article 42(1) and Article 45(1) of the39 KB (5,984 words) - 09:08, 2 November 2020
- Garante per la protezione dei dati personali (Italy) - 9670001 (category Article 5(1)(a) GDPR)and disadvantaged individuals on social media in violation of Article 5(1)(a) and (b) GDPR. Mr. Cateno De Luca, current Mayor of the City of Messina, posts48 KB (7,887 words) - 11:56, 30 June 2021
- Rb. Amsterdam - C/13/683377 / HA ZA 20-468 (category Article 5(1)(a) GDPR)introduction) the GDPR. 14.5. Article 11.7a Tw has been in force since 5 June 2012 (and amended in 2013, 2015 and 2018). Previously, Article 4.1 of the Decree243 KB (40,160 words) - 11:54, 5 April 2023
- BVwG - W245 2239715-1 (category Article 6 GDPR)processing principles of Article 5 GDPR and with a weighing of interests in accordance with Article 6 Paragraph 1 lit. f GDPR is a fundamentally irreversible62 KB (10,455 words) - 10:50, 7 September 2022
- Garante per la protezione dei dati personali (Italy) - 9744655 (category Article 12(3) GDPR)powers granted by Article 58(2) GDPR, Article 166 Codice in materia di protezione dei dati personali, and in line with Article 83(5) GDPR, it imposed a €400028 KB (4,506 words) - 07:53, 28 April 2023
- Garante per la protezione dei dati personali (Italy) - 9806053 (category Article 5(1)(a) GDPR)place per Article 46(2) GDPR. For these violations, the DPA reprimanded the controller and ordered it to comply with the GDPR (specifically Article 46 GDPR)91 KB (14,906 words) - 14:39, 5 October 2022
- APD/GBA (Belgium) - 110/2023 (category Article 5(2) GDPR)breach of the principle of accountability under Article 5(2) GDPR and Article 33(5) GDPR. Article 5(2) GDPR establishes the principle of accountability which66 KB (9,820 words) - 10:13, 13 September 2023
- APD/GBA (Belgium) - 14/2023 (category Article 5(1)(a) GDPR)legality (article 5.1.a and 6.1 GDPR) as well as the principle of minimization (article 5.1.c GDPR). II.1. Basis of lawfulness of processing (Article 5.1.a and33 KB (4,897 words) - 14:05, 1 March 2023
- Garante per la protezione dei dati personali (Italy) - 9938463 (category Article 5(1)(d) GDPR)invitation to comply, breaching Article 12 GDPR, Article 15 GDPR, Article 16 GDPR, Article 17 GDPR and Article 18 GDPR. Thus, due to the aformentioned73 KB (11,856 words) - 13:54, 25 October 2023
- APD/GBA (Belgium) - 109/2023 (category Article 12(3) GDPR)June 2023. The Belgian DPA found a violation of Article 21(2) GDPR and Article 12(3) GDPR. Firstly, Article 21(2) establishes the right for a data subject18 KB (2,545 words) - 14:46, 29 August 2023
- NAIH (Hungary) - NAIH-1006-3/2022 (category Article 5(1)(b) GDPR)the principles of purpose limitation under Article 5(1)(b) GDPR and data minimisation under Article 5(1)(c) GDPR, the controller must change the angles of66 KB (10,597 words) - 16:56, 18 May 2022
- Tietosuojavaltuutetun toimisto (Finland) - 3831/161/21 (category Article 5(1)(e) GDPR)Finnish DPA found a retail chain to have breached Article 5(1)(e) GDPR, Article 25(1) GDPR and Article 25(2) GDPR for its lengthy storage of purchase behaviour61 KB (9,477 words) - 13:38, 12 January 2024
- AP (The Netherlands) - 4.02.2021 (category Article 8 GDPR)administrative fine Under Article 58, second paragraph, preamble below i, the AP is read in conjunction with Article 83 of the GDPR, authorized to impose an57 KB (8,053 words) - 17:07, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9815745 (category Article 5(1)(a) GDPR)required by Article 13 GDPR. As a result, the processing activity carried out through the use of the video surveillance system violated Article 5(1)(a) and31 KB (4,916 words) - 10:32, 26 October 2022
- APD/GBA (Belgium) - 18/2020 (category Article 5 GDPR)therefore of the opinion that no breach of Article 5.2 of the GDPR, Article 24.1 of the GDPR and Article 33 of the GDPR can be established. - As regards the55 KB (8,810 words) - 16:55, 12 December 2023
- VG Gießen - 4 K 252/19.GI (category Article 4(10) GDPR)indeed a right of access under Article 15 GDPR in all taxation matters despite not being a natural person, in accordance with §2a(5) of the Abgabenordnung (national35 KB (5,815 words) - 15:51, 17 March 2022
- Garante per la protezione dei dati personali (Italy) - 9756869 (category Article 5(1)(a) GDPR)received a response to access and deletion requests under Article 15 GDPR and Article 17 GDPR respectively, which were forwarded to Studio Colli Aniene29 KB (4,566 words) - 14:22, 6 April 2022
- NSA - III OSK 1522/21 (category Article 4(1) GDPR)identification of the persons being inspected. Accordingly, pursuant to Article 5(2) of the Act on Access to Public Information, the right to public information47 KB (7,566 words) - 11:37, 15 November 2022
- EDPB - Urgent Binding Decision 01/2023 (category Article 6(1)(f) GDPR)advertising purposes on the basis of Article 6(1)(b) GDPR and Article 6(1)(f) GDPR, pursuant to Article 58(2)(f) GDPR, to be effective one week after notification346 KB (48,181 words) - 16:39, 12 December 2023
- APD/GBA (Belgium) - 189/2022 (category Article 5(2) GDPR)included in Article 15.1 AVG. As a result, the controller has acted in violation of Articles 12.3 and 12.4 1 2 GDPR , as well as Article 15.1 GDPR . 3 5. Specifically21 KB (3,086 words) - 08:57, 11 January 2023
- before the GDPR came into effect. Therefore, GDPR should not had applied. The Spanish National High Court (AN) analysed Recital 171 GDPR and noted that19 KB (3,026 words) - 09:52, 10 September 2021
- Personvernnemnda (Norway) - 2021-17 (20/02389) (category Article 6(1)(f) GDPR)legal basis for their processing in article 6(1)(f) GDPR. However, according to article 17(1)(c) and article 21(1) GDPR, upon receiving an erasure request45 KB (7,396 words) - 18:49, 5 March 2022
- AP (The Netherlands) - z2023-00037 (category Article 5(1)(a) GDPR)violation of Article 6 GDPR and Article 5(1)(a) GDPR (lawfulness) as it lacked a legal basis for processing. The Municipality sought to rely on Article 6(1)(e)42 KB (6,980 words) - 15:30, 21 November 2023
- BVwG - W256 2226003-1/5E (category Article 4 GDPR)personal data and to restrict processing in accordance with Article 45 DSG and Article 16 GDPR and any other conceivable legal basis. The incorrect data27 KB (4,141 words) - 09:12, 6 October 2022
- NAIH (Hungary) - NAIH-6484-2-2022 (category Article 12(3) GDPR)redress. Therefore, the DPA declared an infringement of Article 12(3) GDPR and Article 12(4) GDPR. Additionally, the DPA held that the controller, whether66 KB (10,501 words) - 14:46, 12 October 2022
- CE - 440376 (category Article 5(1)(c) GDPR)collected for other purposes which would be incompatible with Article 5(1)(b) GDPR and Article 6(4) GDPR. The CE dismissed that claimed by recalling that both33 KB (5,152 words) - 14:48, 12 January 2022
- Garante per la protezione dei dati personali (Italy) - 9815665 (category Article 5(1)(a) GDPR)definition of "personal data" in Article 4(1) GDPR. The DPA reminded the controller that, as defined in Recital 26 GDPR, pseudonymisation is a mere technical59 KB (9,359 words) - 08:38, 16 November 2022
- DSB (Austria) - 2022-0.876.190 (category Article 6(1) GDPR)the Austrian DPA pursuant to Article 55(1) GDPR. However, the DPA further considered the exception of Article 55(2) GDPR which states that local DPA's12 KB (1,696 words) - 09:17, 1 February 2023
- VG Frankfurt am Main - 5 L 1623/22.F (category Article 4(1) GDPR)transmission as a precautionary measure under Article 21 GDPR and requested a restriction of processing under Article 18 GDPR. Additionally, the data subject complained22 KB (3,418 words) - 10:05, 9 November 2022
- APD/GBA (Belgium) - 32/2024 (category Article 15(1) GDPR)97). Decision 32/2024 – 5/7 The Disputes Chamber has thus decided, on the basis of Article 58.2.c) GDPR and Article 95, § 1, 5° of the WOG, to order the21 KB (3,062 words) - 07:42, 20 March 2024
- Garante per la protezione dei dati personali (Italy) - 9861356 (category Article 5(1) GDPR)set out in Articles 5(1)(f) and 9 GDPR. Pursuant to Articles 58(2)(i) and 83(5) GDPR, the DPA issued an administrative sanction of €5,000. Considering that59 KB (9,485 words) - 13:30, 29 March 2023
- Garante per la protezione dei dati personali (Italy) - 9815931 (category Article 31 GDPR)controller of the initiation of sanctioning proceedings pursuant to Article 166(5) of the Personal Data Protection Code (Codice in materia di protezione30 KB (4,724 words) - 13:41, 2 November 2022
- Garante per la protezione dei dati personali (Italy) - 9819792 (category Article 5(1)(a) GDPR)aforementioned principles of Article 5(1)(a) GDPR but also a breach of the principle of integrity and confidentiality under Article 5(1)(f) GDPR. Moreover, there had122 KB (19,692 words) - 14:42, 10 January 2024
- OLG Stuttgart - 4 U 484/20 (category Article 16 GDPR)personality (Article 2 (in conjunction with Article 1 (1) of the Basic Law). ), or in his fundamental right to freedom of expression (Article 5(1) sentence75 KB (12,567 words) - 10:37, 14 November 2022
- Garante per la protezione dei dati personali (Italy) - 9843805 (category Article 12 GDPR)violation of the GDPR, in particular Articles 12 and 15. Pursuant to its powers under Article 58(2)(i) GDPR, and in accordance with Article 83 GDPR, they imposed76 KB (12,273 words) - 13:52, 1 February 2023
- Garante per la protezione dei dati personali (Italy) - 9853446 (category Article 12 GDPR)judicial remedy (Article 12(4) GDPR). Accordingly, as they failed to respond in such a way, the authority had infringed Articles 12 and 15 GDPR. With regard49 KB (7,823 words) - 16:26, 28 February 2023
- breach of Article 80(3) ZVOP-2 The DPA, therefore, reprimanded the controller for violations of Article 76(4) ZVOP-2, Article 78(1) ZVOP-2 and Article 80(3)21 KB (3,272 words) - 08:50, 1 March 2024
- Garante per la protezione dei dati personali (Italy) - 9819285 (category Article 12 GDPR)newsletter within the 30-day period indicated in Article 12(3) GDPR. Consequently, the Italian DPA did not find a breach of Article 21 GDPR. Second, the DPA34 KB (5,257 words) - 12:42, 9 November 2022
- Garante per la protezione dei dati personali (Italy) - 9880398 (category Article 5(1)(a) GDPR)the processing was lawful within the meaning of Article 5(1)(a) GDPR. According to Article 88 GDPR, the GDPR is applicable without prejudice to more protective123 KB (20,446 words) - 14:39, 13 June 2023
- EDPS - 2020-1013 (category Article 6 GDPR)of consent under Article 3(15) Regulation 2018/1725, nor did they meet the requirements of Article 37 Regulation 2018/1725 and Article 5(3) ePrivacy Directive66 KB (10,349 words) - 08:54, 19 January 2022
- NSA - III OSK 1789/22 (category Article 5(1)(c) GDPR)PESEL number was in breach of the principle of data minimisation (Article 5(1)(c) GDPR). The Voivode also found that the City Council, which is not the74 KB (12,347 words) - 13:46, 9 October 2023
- APD/GBA (Belgium) - 01/2024 (category Article 5(1)(c) GDPR)infringement of Article 5.1.b), c) and e) GDPR and Article 5.1.a) j° Article 6.1 GDPR; - on the basis of Article 58.2.c) of the GDPR and Article 95, § 1, 5° of the38 KB (5,767 words) - 16:10, 19 March 2024
- VG Potsdam - 1 L 134/20 (category Article 6(1)(e) GDPR)meeting of 22 August 2018, 5 - the minutes of the board meeting of 18 September 2018 and 6 - the auditor's report dated 30 August 2018 ("Statement on extended30 KB (4,818 words) - 11:28, 5 August 2020
- Garante per la protezione dei dati personali (Italy) - 9917820 (category Article 12(3) GDPR)violated the right to be forgotten under Article 17. While the DPA did not charge the controller under Article 12(4) GDPR, they reminded the controller that26 KB (4,162 words) - 08:14, 23 August 2023
- CJEU - C807/21 - Deutsche Wohnen (category Article 83(5) GDPR)administrative fine under Article 83 GDPR. That question is exhaustively regulated by Article 58(2) and Article 83(1) to (6) GDPR. Thus the concept of an10 KB (1,543 words) - 13:53, 8 December 2023
- Italian Dpa fined, under articles 19 and 20 d.lgs. 30 giugno 2003 n. 196 (before the implementation of GDPR), the "Ministero degli Interni" for having communicated58 KB (9,455 words) - 09:04, 15 May 2023
- Garante per la protezione dei dati personali (Italy) - 9756853 (category Article 12 GDPR)by art. 83, par. 5 of the Regulation. For the purposes of quantifying the administrative sanction, the aforementioned art. 83, par. 5, in setting the maximum23 KB (3,661 words) - 14:57, 6 April 2022
- APDCAT (Catalonia) - PS 54/2021 (category Article 32 GDPR)provided for in article 83.5.a), in relation to article 5.1.f); and, another infringement provided for in Article 83.4.a), in relation to Article 35; all of22 KB (3,269 words) - 17:08, 30 March 2022
- RvS - 202100213/1/A3 (category Article 12(3) GDPR)month as per Article 12(3) GDPR. Second, the Council of State held that the right to rectification of personal data pursuant to Article 16 GDPR only applies20 KB (3,092 words) - 09:01, 2 February 2022
- BGH - I ZR 2/21 (category Article 6(1)(f) GDPR)relief neither on the KUG nor on the GDPR because the comprehensive weighing required by both Article 6(1)(f) GDPR and §§ 22, 23 KUG led to the same result66 KB (11,440 words) - 15:55, 30 March 2022
- Garante per la protezione dei dati personali (Italy) - 9837981 (category Article 6(1) GDPR)Articles 17 and 6(1) GDPR. Pursuant to its powers under Article 58(2)(i) GDPR, and in accordance with Article 83 GDPR, it imposed an administrative fine of €1031 KB (4,943 words) - 15:30, 3 March 2023
- OLG Celle - 8 U 165/22 (category Article 12(5) GDPR)sense of Article 4(1) GDPR. Moreover, OLG Celle also held that a singular access request can never be excessive for the purposes of Article 12(5) GDPR as the62 KB (10,852 words) - 14:08, 7 January 2023
- Garante per la protezione dei dati personali (Italy) - 9963509 (category Article 5 GDPR)obligations related to the processing operations pursuant to Article 5(1)(a) GDPR and Article 14(5)(b) GDPR. In that case, the DPA recommended that the information51 KB (7,841 words) - 08:22, 21 December 2023
- (“the GDPR”): regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Article 4(11)31 KB (4,210 words) - 15:26, 20 June 2023
- Persónuvernd (Iceland) - 2021101909 (category Article 5(1)(d) GDPR)and teachers. As per Article 8 Section 4 of the Act on Data Protection and the Processing of Personal Data and Article 5(1)(d) GDPR, it is the controller's13 KB (1,928 words) - 13:08, 5 October 2022
- APD/GBA (Belgium) - 159/2023 (category Article 4(11) GDPR)done to meet the requirements of collecting valid consent under the GDPR and Article 5(3) ePrivacy Directive 2002/58/EC, as well as the following three additional54 KB (7,683 words) - 16:04, 10 January 2024
- Garante per la protezione dei dati personali (Italy) - 9782890 (category Article 5(1)(a) GDPR)pursuant to Article 166(5) of the Code, the alleged violations of the Regulation found with reference to Article 5(1)(a) and (2), Article 13, Article 24 as well47 KB (7,604 words) - 07:01, 20 July 2022
- Garante per la protezione dei dati personali (Italy) - 9917728 (category Article 5(1)(a) GDPR)The DPA found violations of Articles 5(1)(a)(c)(f), 9, 25(1)(2) and issued a fine of 25,000 euros under Article 83. An advertising billboard depicted60 KB (9,523 words) - 08:00, 23 August 2023
- Garante per la protezione dei dati personali (Italy) - 9754355 (category Article 5(1)(f) GDPR)violation of the principle of integrity and confidentiality under Article 5(1)(f) GDPR on behalf of the controller, since it is responsible for processing24 KB (3,767 words) - 10:54, 23 March 2022
- Garante per la protezione dei dati personali (Italy) - 9872646 (category Article 5(1)(a) GDPR)Articles 5 (1)(a) and 13 GDPR. The DPA stated that the processing of personal data must always comply with the general principles of Article 5, in particular37 KB (5,802 words) - 09:38, 16 June 2023
- UODO (Poland) - DKE.523.10.2021 (category Article 6(1)(c) GDPR)of the GDPR, the processing of the applicant's personal data by the bank took place on the basis of Article 6 (1)(b) GDPR and Article 6 (1)(c) GDPR. The32 KB (4,998 words) - 09:29, 26 May 2021
- AEPD (Spain) - PS/00467/2020 (category Article 5(1)(d) GDPR)relating to the treatment of the data collected in the article are complied with. Article 5 of the GDPR. A circumstance that in this case has not occurred149 KB (24,924 words) - 10:55, 11 August 2021
- Garante per la protezione dei dati personali (Italy) - 9817058 (category Article 5(1)(f) GDPR)data constituted a breach of Articles 5(1)(f) and 32 GDPR. Additionally, the controller violated Article 25(1) GDPR because it failed to implement a secure24 KB (3,588 words) - 13:43, 2 November 2022
- Rb. Gelderland - AWB - 19/3510 (category Article 57 GDPR)The claimant has submitted a request on the basis of Article 58 of the AVG . Pursuant to this article, the defendant may - prior to taking enforcement action19 KB (2,970 words) - 16:16, 10 March 2022
- AEPD (Spain) - EXP202205820 (category Article 6 GDPR)violating the provisions of article 6 of the GDPR, which supposes the commission of an infraction typified in article 83.5 of the GDPR, which provides the following:61 KB (9,700 words) - 13:21, 13 December 2023
- DSB (Austria) - DSB-D130.1174 (category Article 5(1)(a) GDPR)amended: Article 3,, Article 4, number 11,, Article 7,, Article 51, paragraph one,, Article 12, paragraph 3,, Article 17,, Article 19,, Article 57, paragraph86 KB (14,497 words) - 13:42, 3 April 2024
- NAIH (Hungary) - NAIH-7058-5/2022 (category Article 6(1) GDPR)processing violated Article 7(2) GDPR, Article 7(4) GDPR and Article 6(1)(a) GDPR. The controller was fined 2,000,000 HUF (approx. €5,080). In determining66 KB (10,499 words) - 08:55, 10 February 2023
- NAIH (Hungary) - NAIH-175-12/2022 (category Article 5(1)(b) GDPR)principle of accountability, Article 5(2) GDPR because the controllers could not provide their compliance with Article 5(1) GDPR. In particular, the controllers112 KB (17,918 words) - 08:55, 24 March 2022
- APD/GBA (Belgium) - 105/2022 (category Article 2(1) GDPR)notion of personal data as defined in Article 4.1) GDPR, which are processed within the meaning of Article 2. 1 GDPR. Not just any whole or in part automated44 KB (6,420 words) - 11:00, 6 July 2022
- VGH Baden-Württemberg - 1 S 1739/20 (category Article 5 GDPR)freedom (Article 2.2 sentence 2 of the Basic Law) and her general right of personality (Article 2.1 of the Basic Law in conjunction with Article 1.1 of the66 KB (10,911 words) - 08:49, 21 June 2022
- Garante per la protezione dei dati personali (Italy) - 9771184 (category Article 5(1)(a) GDPR)The DPA fined INAIL €50,000 for violating Article 5(1)(a) and (f), Article 6(1)(e), Article 9(2)(g) and Article 32, as well as articles 2-ter and 2-sexies86 KB (13,753 words) - 16:35, 15 June 2022
- Garante per la protezione dei dati personali (Italy) - 9902472 (category Article 5(1)(c) GDPR)these reasons, the DPA found violations of Article 5(1)(c) and (e) and Article 32(1)(b) and (d) and 32(2) GDPR, imposing a fine of €240,000. Share your comments63 KB (10,048 words) - 09:42, 2 August 2023
- APD/GBA (Belgium) - 128/2023 (category Article 12(3) GDPR)concluded a prima facie breach of Article 15 GDPR and Article 17 GDPR in combination with Article 12(3) GDPR and Article 12(4) GDPR, because the controller did23 KB (3,272 words) - 09:19, 13 September 2023
- Court of Appeal of Brussels - 2021/AR/320 (category Article 5(1)(a) GDPR)Chamber, in accordance with Article 62, § 1, WOG. The complainant will be informed of this at 30 September 2019 pursuant to Article 61 WOG.10 KB (1,379 words) - 09:08, 10 September 2021
- APD/GBA (Belgium) - 143/2022 (category Article 4(1) GDPR)to comply with the request (Article 12(3) GDPR) or not (Article 12(4) GDPR). Without addressing a potential breach of the GDPR, the DPA ordered the controller23 KB (3,383 words) - 08:06, 3 November 2022
- Garante per la protezione dei dati personali (Italy) - 9894662 (category Article 5(2) GDPR)According to the DPA, the accountability principle provided for by Article 5(2) GDPR implies that the controller must be proactive and constantly monitor245 KB (40,390 words) - 14:30, 21 June 2023
- Garante per la protezione dei dati personali (Italy) - 9954241 (category Article 5(1)(a) GDPR)controller to be in violation of Article 5(1)(a) GDPR, Article 6 GDPR, Article 9 GDPR, Article 12 GDPR and Article 13 GDPR and started a procedure to adopt77 KB (12,282 words) - 16:43, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9993531 (category Article 5(1)(a) GDPR)after the end of employment constituted a breach of Article 6(1)(b) GDPR and Article 6(1)(c) GDPR. At that time, the controller lacked an appropriate legal120 KB (19,784 words) - 12:02, 3 April 2024
- VG Potsdam - 11 K 4526/16 (category Article 2(1) GDPR)provided for in Article 15(1) GDPR, which was kept by the Higher Administrative Court. The Court denied the request. Does Article 15 GDPR apply to hand written33 KB (5,306 words) - 15:12, 22 March 2022
- NAIH (Hungary) - NAIH-3734-15/2023 (category Article 6(1)(f) GDPR)legislation (30) Based on Article 2 (1) of the GDPR, the GDPR must be applied to the data processing in this case. (31) Recital (47) GDPR: The data controller48 KB (7,721 words) - 11:09, 10 January 2024
- Garante per la protezione dei dati personali (Italy) - 9795404 (category Article 12 GDPR)information as laid down under Article 13 GDPR (the data subject invoked Article 13 GDPR but apparently meant Article 15 GDPR, see comment below). The controller32 KB (5,076 words) - 08:06, 5 September 2022
- HDPA (Greece) - 38/2023 (category Article 2(1) GDPR).]" 5. Because according to above article 17 of the GDPR, as it has been interpreted according to the content of the Guidelines 5/2019 of the GDPR1, the23 KB (3,704 words) - 18:18, 23 April 2024
- Court of Appeal of Brussels - 2020/AR/329 (category Article 57(1)(f) GDPR)submits that Article 77 AVG 2, interpreted in the light of Articles 1, 51(1) and 57 AVG, recitals 7, 10 and 141 AVG, Article 8 Charter and Article 16 TFEU,48 KB (7,560 words) - 09:03, 20 August 2021
- CNIL (France) - SAN-2022-024 (category Article 3 GDPR)offer services to data subjects in the EU (Article 3(2)(a) GDPR). The DPA concluded that Article 3(2)(b) GDPR was also not applicable. The DPA mentioned30 KB (4,714 words) - 10:34, 4 January 2023
- APD/GBA (Belgium) - 10/2023 (category Article 12(3) GDPR)out by Article 12(4) GDPR. The DPA ordered the controller to comply with the access request pursuant Article 58(2)(c) GDPR and Article 95(1)(5) LCA (Law14 KB (1,967 words) - 15:07, 22 February 2023
- Garante per la protezione dei dati personali (Italy) - 9828987 (category Article 5(1)(a) GDPR)thus violating Article 5(1)(a) and Article 5(1)(c) GDPR. The controller processed health data without a valid legal basis (Article 6(1) GDPR) and in breach41 KB (6,326 words) - 14:38, 20 December 2022
- Garante per la protezione dei dati personali (Italy) - 9996609 (category Article 5 GDPR)On 30 May 2023, the Garante notified the controller of the alleged violations and that it was initiating the procedure pursuant to Article 166(5) of the41 KB (6,369 words) - 15:47, 27 March 2024
- Garante per la protezione dei dati personali (Italy) - 9794895 (category Article 5(1)(e) GDPR)found a violation of art. 13 GDPR as well as the principles of storage limitation and accountability in art. 5(1)(e) and art. 5(2). It stated that "the longer90 KB (14,647 words) - 17:12, 8 November 2022
- Rb. Noord-Holland - 20/3831 (category Article 5(1)(e) GDPR)minimization of data processing as referred to in Article 5 of the GDPR. Plaintiff also refers to Article 32 of the GDPR and argues that the security of her personal30 KB (4,206 words) - 08:37, 14 October 2021
- Garante per la protezione dei dati personali (Italy) - 9988614 (category Article 14(5)(b) GDPR)provided to the interested parties based on Article 13 GDPR and to non-contactable persons based on Article 14 GDPR. The information notice includes the right115 KB (18,087 words) - 14:11, 17 April 2024
- DSB (Austria) - 2020-0.759.615 (category Article 6(1)(f) GDPR)Recital 51 GDPR, the DSB found that the pictures taken from the data subject did not constitute biometric data according to Article 9(1) GDPR because they21 KB (3,259 words) - 15:52, 20 April 2022
- Garante per la protezione dei dati personali (Italy) - 9811300 (category Article 5(1)(a) GDPR)information stated in Article 13 GDPR. The data subject didn’t receive an answer within the time limits set in Article 12(3) GDPR. The data subject filed27 KB (4,317 words) - 08:06, 20 October 2022
- APD/GBA (Belgium) - 115/2022 (category Article 5(1)(c) GDPR)/13 of the GDPR are processed, their processing must find a basis in article 9.2 of the GDPR read in conjunction with Article 6.1. of the GDPR. 29. Since42 KB (6,237 words) - 11:23, 5 August 2022
- CNIL (France) - SAN-2022-020 (category Article 5(1)(e) GDPR)obligations arising from Article 5(1)(e) of the GDPR. D. On the breach of the transparency obligation 36. Article 12(1) of the GDPR provides that "the controller59 KB (9,566 words) - 17:03, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9827446 (category Article 5(1)(a) GDPR)discipline (Article 9(2)(i) GDPR) and not in the consent of the data subject. The Italian DPA held that the infringement of Article 5(1)(a) GDPR and Article 5(1)(b)70 KB (11,425 words) - 13:47, 7 December 2022
- Garante per la protezione dei dati personali (Italy) - 9808698 (category Article 5(2) GDPR)place per Article 46(2) GDPR. For these violations, the DPA reprimanded the controller and ordered it to comply with the GDPR (specifically Article 46 GDPR)91 KB (15,011 words) - 09:00, 5 October 2022
- Garante per la protezione dei dati personali (Italy) - 9960875 (category Article 12(3) GDPR)procedure under Article 166(5) of the Italian Privacy Code in relation to the alleged breaches of Article 12(3) GDPR and Article 15 GDPR. In light of the34 KB (5,386 words) - 16:16, 19 December 2023
- with the provisions of article 85 of the LPACAP. SECOND: NOTIFY this resolution to B.B.B.. In accordance with the provisions of article 50 of the LOPDGDD,52 KB (7,564 words) - 12:41, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9949453 (category Article 5(1)(a) GDPR)assessed that the controller violated Article 5(1)(a) GDPR, Article 6 GDPR, Article 7 GDPR, Article 13 GDPR and Article 130 of the Italian Privacy Code also44 KB (6,773 words) - 08:38, 29 November 2023
- APD/GBA (Belgium) - 11/2023 (category Article 12(3) GDPR)according to Article 19 GDPR. The DPA held that the controllers could have breached Article 21(2) GDPR, Article 21(3) GDPR and Article 17(1)(c) GDPR in combination25 KB (3,639 words) - 13:51, 28 February 2023
- IMY (Sweden) - DI-2019-11737 (category Article 4(4) GDPR)basis of consent in accordance with Article 5.3 of the eData Protection Directive or covered of the exceptions in Article 5.3 of that directive can only be103 KB (15,684 words) - 07:17, 12 July 2023
- AEPD (Spain) - PS/00448/2021 (category Article 5(1)(c) GDPR)claimed party, for the alleged infringement of Article 5.1.c) of the RGPD, typified in Article 83.5 of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid16 KB (2,431 words) - 11:46, 25 January 2022
- Garante per la protezione dei dati personali (Italy) - 9827402 (category Article 12 GDPR)failure to respond to an erasure request pursuant to Article 12 GDPR in relation to Article 17 GDPR. On September 17 2020 a data subject resigned as a voluntary34 KB (5,373 words) - 10:16, 16 June 2023
- Commissioner (Cyprus) - 11.17.001.008.147 (category Article 4 GDPR)provided for in article 28 of the Regulation, and an impact assessment, as provided for in article 35 of the Regulation. 6. On August 30, 2022, I received53 KB (8,451 words) - 22:10, 28 February 2024
- NAIH (Hungary) - NAIH-1743/2021 (category Article 5(1) GDPR)to as the GDPR) in accordance with Article 5 (1) (a), a The principle of purpose limitation under Article 5 (1) (b) of the GDPR and Article 5 (1) the principle47 KB (7,131 words) - 11:05, 21 January 2022
- the processing (article 21 of the GDPR) and the processing is necessary for freedom of expression and information (Article 17.3 of the GDPR). e - 3 plea:19 KB (2,637 words) - 10:37, 7 December 2021
- APD/GBA (Belgium) - 06/2023 (category Article 15(1)(a) GDPR)pursuant to Article 12(2) GDPR. The DPA ordered the controller to comply with the access request pursuant to Article 58(2)(c) GDPR and Article 95(1)(5) LCA (Law16 KB (2,242 words) - 10:12, 8 February 2023
- AEPD (Spain) - PS/00267/2021 (category Article 6 GDPR)provisions of Article 6 of the GDPR, in relation to Article 22 of the LOPDGDD, constituting an infringement as defined in Article 83.5.a) of the GDPR and 72.1193 KB (32,580 words) - 11:16, 15 June 2022
- disclosed: Possible violation of Article 129 of Law of 13 June 2005 (WEC - Wet elecktronische communicatie) as well as possible GDPR violations, especially but29 KB (3,892 words) - 13:46, 7 December 2022
- FG Nürnberg - 3 K 596/22 (category Article 6(1) GDPR)legislator used the open clause of Article 6(1)(c) and (e) GDPR, in combination with Article 6(2) and Article 6(3) GDPR, to create a legal basis for the38 KB (6,277 words) - 08:12, 18 May 2023
- LfDI (Baden-Württemberg) - 4 Sa 70/20 (category Article 4(15) GDPR)applied Article 9(2)(a) GDPR, according to which the data subject could have voluntarily disclosed their health data defined in Article 4(15) GDPR to the29 KB (4,815 words) - 08:48, 11 November 2022
- UODO (Poland) - DOKE.561.1.2023 (category Article 58(1)(a) GDPR)information and granting it access to personal data in accordance with Article 58 (1)(a) and (e) GDPR. The data subject filed a complaint with the Polish DPA, claiming45 KB (7,312 words) - 21:50, 8 August 2023
- Garante per la protezione dei dati personali (Italy) - 9746047 (category Article 5(1)(a) GDPR)violation of Articles 5(1)(a) and (c) GDPR, as well as in breach of the adequate information requirements under Article 13 GDPR. Based on these infringements15 KB (2,365 words) - 13:17, 23 February 2022
- CNIL (France) - SAN-2021-010 (category Article 5(1)(e) GDPR)responsibility under Article 83 GDPR? On the duration of data retention The CNIL found that the company had violated Article 5(1)(e) GDPR and several domestic47 KB (6,931 words) - 09:28, 28 July 2021
- IP (Slovenia) - SI – 07101-5-2023-16 (category Article 15(1) GDPR)accordance with Article 34(1) of the GDPR-2. The appeal procedure is provided for in the GDPR for personal data falling under Article 1(1) of the GDPR. This provides31 KB (4,975 words) - 10:15, 5 December 2023
- APD/GBA (Belgium) - 146/2022 (category Article 5(1) GDPR)that under the terms of the principle of minimization devoted to Article 5.1c) of the GDPR, the data processed must be adequate, relevant and limited to what18 KB (2,465 words) - 13:23, 31 October 2022
- Garante per la protezione dei dati personali (Italy) - 9835095 (category Article 5(1)(a) GDPR)the DPA held that the controller violated Articles 5(1)(a), 5(1)(b), and (6) GDPR as well as Article 2-ter of the Italian privacy code. The DPA also discovered100 KB (16,086 words) - 17:05, 8 February 2023
- APD/GBA (Belgium) - 17/2023 (category Article 5(1)(f) GDPR)data against unauthorised access as stipulated in Article 5(1)(f) GDPR. The DPA referred to Article 32 GDPR and recommended a logging measure and to keep track17 KB (2,351 words) - 15:21, 8 March 2023
- Garante per la protezione dei dati personali (Italy) - 9885177 (category Article 60 GDPR)Dutch DPA under Article 60(3) GDPR, by which the case was dismissed, the Italian DPA adopted the final decision under Article 60(8) GDPR and notified it25 KB (3,824 words) - 07:04, 31 May 2023
- TA Luxembourg - N° 46416 (category Article 96 GDPR)of the GDPR on data transfers outside the EU / EEA but would also violate Articles 5 (b) (limitation purposes), 5.1 (c) (data minimization), 5.1 (e) (limitation64 KB (10,128 words) - 08:51, 24 November 2021
- Datatilsynet (Norway) - 17/01281 (category Article 6(1)(f) GDPR)Privacy Ordinance Article 6 No. 1 letter f for this processing. Our legal basis for decisions on reprimands is the Privacy Ordinance, Article 58, No. 2, letter38 KB (6,275 words) - 16:13, 6 December 2023
- APD/GBA (Belgium) - 19/2023 (category Article 12 GDPR)responsibility – article 5.2. GDPR). It must also implement all the measures necessary for this. effect (Article 24 GDPR). 6. Pursuant to Article 15 § 1 of the16 KB (2,244 words) - 23:23, 12 March 2023
- Garante per la protezione dei dati personali (Italy) - 9761383 (category Article 5(1) GDPR)carried out on the basis of Article 6(1)(b) GDPR, as well as to fulfill a legal obligation pursuant to Article 6(1)(c) GDPR related to public entities’31 KB (4,945 words) - 16:11, 20 April 2022