Search results
From GDPRhub
- DSB (Austria) - 2021-0.024.862 (category Article 6(1)(f) GDPR)that Article 36(1) GDPR provides for a duty to consult if two conditions are met. First, a data protection impact assessment under Article 35 GDPR must38 KB (5,821 words) - 13:39, 12 May 2023
- AEPD (Spain) - PS/00278/2020 (category Article 5(1)(a) GDPR)principle to which Article 6(1) GDPR is linked, and imposed a fine of €2000 relying on Article 58(2) GDPR. The defendant ultimately paid €1200 for the breach28 KB (4,592 words) - 14:25, 13 December 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023
- APD/GBA (Belgium) - 61/2020 (category Article 6(1)(e) GDPR)is necessary in accordance with Article 6 (2) of the GDPRthe legal basis within the meaning of Article 6 (1) point e) GDPR. 2056. The question is also whether41 KB (6,354 words) - 16:59, 12 December 2023
- AEPD (Spain) - PS/00114/2019 (category Article 6(1) GDPR)AEPD fined telecoms company Telefonica EUR 55,000 for a breach of Article 6(1) GDPR. Personal data of the claimant were processed without her consent due60 KB (10,197 words) - 14:01, 13 December 2023
- AEPD (Spain) - PS/00006/2022 (category Article 12 GDPR)violation of the Article 12 of the GDPR, in conjunction with Article 17 of the GDPR. V Classification of the infringement of article 12 of the GDPR The aforementioned54 KB (8,870 words) - 10:43, 13 December 2023
- CE - N° 429571 (category Article 6(1)(a) GDPR) (section On the CNIL's competence to interpret Article 6 GDPR)not have a legitimate interest to store credit card data under Article 6(1)(f) GDPR. On 6 September 2018, the CNIL issued a Recommendation on the processing19 KB (2,790 words) - 09:50, 10 September 2021
- AEPD (Spain) - PS/00408/2020 (category Article 6(1) GDPR)as required by article 6 of the RGPD. The data processing carried out violates article 6 of the RGPD conduct that is subsumed in article 83.5 of the RGPD47 KB (7,616 words) - 14:35, 13 December 2023
- Datatilsynet (Denmark) - 2020-432-0034 (category Article 6(1) GDPR)take place within the framework of Article 5 of the Data Protection Regulation. Article 6 (1) (a) and (c) and Article 6 (1) 1, letter e, and the Data Protection40 KB (6,369 words) - 16:39, 6 December 2023
- AEPD (Spain) - PS/00335/2020 (category Article 5(1)(f) GDPR)protocols. This therefore breached Article 5(1)(f) GDPR and Article 32 GDPR. The initial sanction for infringing Article 5(1)(f) was a fine of €5000 and the34 KB (5,427 words) - 14:30, 13 December 2023
- APD/GBA (Belgium) - 39/2020 (category Article 5(1)(f) GDPR)conditions laid down in Article 6(1), - processing as described above, and in particular one of the conditions laid down in Article 6(1). 1 AVG. It should62 KB (10,509 words) - 16:58, 12 December 2023
- AEPD (Spain) - PS/00415/2020 (category Article 6(1) GDPR)imposed a fine of €60000 for the violating Article 5(1)(d) GDPR and €30000 for violating Article 5(1)(f) GDPR. In imposing the fine, the AEPD factored in30 KB (4,436 words) - 14:36, 13 December 2023
- ICO - FS50819531 (category Article 6(1)(f) GDPR)personal data pursuant to Section 3(2) of the Data Protection Act (DPA) and Article 4(1) GDPR. Pursuant to the FOIA and the GDPR, the ICO balanced the right3 KB (212 words) - 16:21, 7 March 2022
- Garante per la protezione dei dati personali (Italy) - 9445567 (category Article 6 GDPR)incorrect as until 9/3/2019 the Pec of the company was tbsrls@pec.it, therefore he [has] never heard of this request. I also specify that from 9/3/2019 to today16 KB (2,471 words) - 15:51, 6 December 2023
- AEPD (Spain) - PS/00054/2020 (category Article 5(1)(c) GDPR)Law. […] " III Article 6.1 of the RGPD establishes the cases in which the processing of personal data, providing within them - article 6.1.e) - the that37 KB (6,022 words) - 13:52, 13 December 2023
- AEPD (Spain) - PS/00149/2020 (category Article 6 GDPR)(hereinafter, LPACAP).C / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 6 6/8In accordance with the provisions of article 85 of the LPACAP, in the event19 KB (2,795 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00206/2020 (category Article 6 GDPR)established in article 6 of theRegulation (EU) 2016/679. "IIIThe documentation in the file accredits that the claimed,violated article 6.1 of the RGPD20 KB (3,078 words) - 14:10, 13 December 2023
- AZOP (Croatia) - Decision 17-05-2022 (category Article 6 GDPR)consent, in line with Article 6(1)(a) GDPR. The Court recalled that Article 31 of the Croatian Law on the Implementation of the GDPR stipulates that the15 KB (2,261 words) - 15:55, 30 October 2023
- Gerechtshof Amsterdam - 200.258.736/01 (category Article 15 GDPR)applicable (cf. Article 99(1) and (3) AVG). As of that date, the AVG is binding and directly applicable in every Member State (Article 99(3) AVG), i.e.: irrespective41 KB (7,150 words) - 12:30, 4 October 2021
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- Supreme Court - C.20.0323.N (category Article 6(1)(a) GDPR)minimisation under Article 5(1)(c) GDPR, and contrary to the obligation to obtain the freely given consent of the data subject under Article 6(1)(a) GDPR, when refusal43 KB (6,749 words) - 07:07, 28 October 2021
- Datatilsynet (Denmark) - 2019-441-1581 (category Article 34 GDPR)cf. GDPR Art. 34, 3 (b), it is our opinion that Namely and Intervare are not required to notify the data subjects pursuant to the GDPR art. 34, 1. 3. Justification24 KB (3,365 words) - 16:37, 6 December 2023
- AEPD (Spain) - PS/00069/2020 (category Article 6(1)(a) GDPR)processing laid down in Article 6 of the Regulation (EU) 2016/679. (…)” III The documentation in the file provides evidence that Article 6.1 of the RGPD was20 KB (3,066 words) - 13:55, 13 December 2023
- APD/GBA (Belgium) - 71/2020 (category Article 6(1) GDPR)resume. 3 The Marktenhof states in point 4.7. of the judgment article 6, d) and article 6, e) of the GBA law, but this should be read as article 6.1. d)79 KB (12,260 words) - 17:00, 12 December 2023
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include440 KB (73,154 words) - 09:44, 12 May 2021
- Garante per la protezione dei dati personali (Italy) - 9556625 (category Article 6(2) GDPR)art. 6, co. 3, 2nd para. of the GDPR, the law or regulation that constitutes the legal basis referred to in letters c) and e) of co. 1 of art. 6 of the57 KB (9,144 words) - 15:55, 6 December 2023
- AZOP (Croatia) - Decision 18-12-2020 (category Article 6 GDPR)information or to preserve authority (Article 3, paragraph 3 of the Media Act). Also, the Law on Media in Article 7 paragraph 3 stipulates that a person who statements21 KB (3,345 words) - 15:24, 30 October 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3021/452/2017 (category Article 12(6) GDPR) (section Application of Articles 12 and 15 GDPR to call records)(2016/679) Article 5 (1) (a), Article 12 (1), (2) and (6) , Article 13, Article 15 (1) (h), (3) and (4), Article 58 (2) (c) and (d) subparagraphs Article 34 (1)41 KB (6,220 words) - 09:48, 17 November 2023
- AEPD (Spain) - PS/00245/2019 (category Article 5(1)(a) GDPR)Articles 5(1)(a) GDPR and 13 GDPR. On the other hand, they disagreed with the infringement of Article 5(1)(a) GDPR in relation to Article 9(1) GDPR with regard116 KB (18,941 words) - 14:21, 13 December 2023
- Rb. Overijssel - AK 20 1535 (category Article 17(3)(b) GDPR)assistance under Article 2.3 of the Youth Act and that deletion would violate the Archives Act (Archiefwet) and Article 17(3)(b) GDPR. The mother objected23 KB (3,225 words) - 11:52, 4 October 2021
- CNIL (France) - MED-2019-027 (category Article 24(1) GDPR)law of 6 January 1978, it is the responsibility of the data controller to ensure the security of personal data. Thus, article 4-6° of the law of 6 January21 KB (3,274 words) - 17:08, 6 December 2023
- AEPD (Spain) - PS/00128/2020 (category Article 6(1)(b) GDPR)employer we must look for it in article 9 and 6 of the RGPD. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 4/13 Article 9 of the RGPD establishes39 KB (5,912 words) - 14:02, 13 December 2023
- AEPD (Spain) - TD/00164/2020 (category Article 12 GDPR)articles 12.5 and 15.3 of the Regulation (EU) 2016/679 and in sections 3 and 4 of article 13 of this organic law. " FIFTH: Article 17 of the RGPD provides17 KB (2,571 words) - 14:51, 13 December 2023
- Persónuvernd - 2020010678 (category Article 6(1)(f) GDPR)authorization provisions of Article 9. Act no. 90/2018. These include point 6. Article 9 of the Act, cf. point e of the first paragraph. Article 6 of the Regulation26 KB (4,135 words) - 09:59, 6 May 2021
- AEPD (Spain) - EXP202202898 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned start-up34 KB (5,358 words) - 13:16, 13 December 2023
- AKI (Estonia) - 2.1-3/20/172 (category Article 16 GDPR)implement Regulation 2016/679 in order to comply with Article 84 and the right / obligation under Article 58 (5) of the Regulation to effectively punish the28 KB (4,711 words) - 10:30, 13 December 2023
- AEPD (Spain) - EXP202200367 (category Article 6(1)(e) GDPR)processing is in the public interest arising from article 6.1.e) of the GDPR, authorized by article 46.3 of the LOU. v. The corresponding weighting judgment57 KB (8,117 words) - 10:35, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 6 GDPR)accountability (Article 5 (2) and 24 (1), (2) GDPR), privacy by design (Article 25 (1) GDPR) and as controller towards its data processors (Article 28 GDPR). Consequently144 KB (23,155 words) - 15:46, 6 December 2023
- AEPD (Spain) - PS/00187/2020 (category Article 5(1)(f) GDPR)by the alleged violation of Article 32 of the RGPD, Article 5.1.f) of the RGPD, Article 25 of the RGPD, typified in Article 83.5 of the RGPD. FOURTH: On51 KB (7,770 words) - 14:08, 13 December 2023
- UODO (Poland) - ZSPR.421.7.2019 (category Article 7(3) GDPR)connection with Article 5 paragraph 1 point a, Article 5 paragraph 2, Article 6 paragraph 1, Article 7 paragraph 3, Article 12 paragraph 2, Article 17 paragraph60 KB (9,815 words) - 10:02, 17 November 2023
- AEPD (Spain) - EXP202203606 (category Article 17(1)(a) GDPR)accordance with the provisions of article 17 of the RGPD, paragraph 3: C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 6/6 “Sections 1 and 2 will not22 KB (3,264 words) - 13:29, 13 December 2023
- AEPD (Spain) - PS/00067/2020 (category Article 13 GDPR)over employees in the workplace. This right is within Article 89 LOPDGDD. Similarly, Article 20(3) LOPDGDD enables the employer to adopt any measures it33 KB (5,347 words) - 13:55, 13 December 2023
- AEPD (Spain) - EXP202204515 (category Article 6(1)(a) GDPR)The issuer is identified as YOIGO. SECOND: In accordance with article 65.4 of Organic Law 3/2018, of 5 December, Protection of Personal Data and guarantee20 KB (3,159 words) - 13:20, 13 December 2023
- Datatilsynet (Norway) - 20/01865 (category Article 6 GDPR)processing might be based on Article 6(1)(f) GDPR (legitimate interest) and - regarding health data - on Article 9(2)b) GDPR (fulfilling obligations under19 KB (2,942 words) - 09:03, 14 September 2023
- HDPA (Greece) - 9/2024 (category Article 5(1)(a) GDPR)and takes all the necessary measures pursuant to article 32 of the GDPR. 6. In article 29 of the GDPR it is defined that "The processor and any person102 KB (17,186 words) - 13:46, 26 April 2024
- APD/GBA (Belgium) - 15/2021 (category Article 15(3) GDPR)rectification.(article 16 of the GDPR), the right to be forgotten (article 17 of the GDPR), and the right to limit the use ofdata processed unlawfully (article 1885 KB (13,724 words) - 16:52, 12 December 2023
- AEPD (Spain) - PS/00065/2020 (category Article 13 GDPR)from Article 6(1)(b) of the The GDPR - but from the consent given for that specific purpose (Article 6(1)(a) of the GDPR) of the GDPR). The GDPR (Article61 KB (9,973 words) - 13:55, 13 December 2023
- AEPD (Spain) - E/03884/2020 (category Article 4(6) GDPR)outside the material scope of the GDPR. Also, with regards to the definition of personal data from Article 4(1) GDPR, the DPA did not reach a firm conclusion56 KB (8,737 words) - 09:35, 26 May 2021
- ICO (UK) - Enforcement Notice and Warning Letter - Home Office (category Article 5(2) GDPR)sections 3.2, 3.3 and 3.4 of the DPIA, for clarity, the Commissioner also recommends that the Home Office links its purposes to both its Article 6(1)(e) public129 KB (17,281 words) - 14:57, 10 April 2024
- AP (The Netherlands) - AWB-21 3909 (category Article 15(1) GDPR)possible. 1 Article 6:2, preamble and under b, in conjunction with Article 7:1, first paragraph, preamble and under f, of the Awb 2 Article 6:12, second19 KB (3,027 words) - 17:13, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 6(1) GDPR)reasons the Italian DPA, with the power conferred by Article 58(2)(d) and (f) and Article 83(3) and (5) GDPR, imposed to Fastweb multiple corrective measures131 KB (21,014 words) - 15:55, 6 December 2023
- AEPD (Spain) - PS/00029/2020 (category Article 35(3)(b) GDPR)required by Article 35(3)(b). The AEPD also held that there had a been a violation of Article 32 because of a failure to comply with GDPR security measure44 KB (6,943 words) - 13:49, 13 December 2023
- AEPD (Spain) - TD/00129/2020 (category Article 4(1) GDPR)estimated your claim. " C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es Page 3 3/7 THIRD: Article 12 of Regulation (EU) 2016/679, of April22 KB (3,422 words) - 14:50, 13 December 2023
- AEPD (Spain) - PS/00279/2020 (category Article 6 GDPR)for the violation of Article 6 GDPR and € 4 000 for the violation of article 13, under the power conferred by Article 83(5) GDPR. Share your comments here21 KB (3,123 words) - 14:25, 13 December 2023
- AEPD (Spain) - PS/00334/2020 (category Article 6(1) GDPR)legitimate basis a violation of GDPR? The Spanish DPA considered that the processing of personal data was in breach of Article 6(1) GDPR, as the worker had processed16 KB (2,328 words) - 14:30, 13 December 2023
- AEPD (Spain) - TD/00013/2021 (category Article 12(6) GDPR)2021, for the purposes C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 3/6 provided for in article 64.2 of the LOPDGDD, the Director of the19 KB (3,027 words) - 14:48, 13 December 2023
- AEPD (Spain) - EXP202103878 (category Article 6(1) GDPR)Articles 57(1) and 58(2) GDPR for the processing of personal data without the consent of the data subject, as foreseen in Article 6 GDPR. Firstly, the DPA found20 KB (3,035 words) - 10:33, 13 December 2023
- AEPD (Spain) - EXP202102088 (category Article 13 GDPR)claimed party, for the alleged infringement of article 13 of the RGPD, typified in article 83.5 of the GDPR. FIFTH: After the period granted for the formulation26 KB (3,881 words) - 13:35, 13 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 28(3) GDPR)observations, which, in accordance with Article 54(1)(b), (3) and (4), (4) and (4), (5) and (5), (5) and (5), (5) and (5), (5) and (6). 2 of the Rules of Procedure35 KB (5,526 words) - 16:56, 12 December 2023
- CNIL (France) - SAN-2020-018 (category Article 15(3) GDPR) (section Violations of the obligations to inform as prescribed by Article 12 and 13 GDPR:)in violation of Article 13 GDPR. The questionnaire to subscribe to Nestor did not include all the information required by Article 13 GDPR: there was no information69 KB (11,007 words) - 17:10, 6 December 2023
- AEPD (Spain) - PS/00036/2020 (category Article 13 GDPR)based comply with Article 13 of the GDPR? The Spanish DPA found that the facts constituted an infringement for violation of Article 13 of the RGPD, and16 KB (2,587 words) - 13:50, 13 December 2023
- AEPD (Spain) - EXP202200439 (category Article 6(1) GDPR)constitutes sensitive data within the meaning of Article 9 GDPR. The DPA alluded to Article 9(1) GDPR which prohibits the processing of these special categories36 KB (5,608 words) - 13:01, 13 December 2023
- AEPD (Spain) - PS/00183/2022 (category Article 5(1)(d) GDPR)right of rectification of Article 16 GDPR and Article 14 of LOPDGDD, the national data protection law, the DPA stated that Article 12(4) LOPDGDD obliges the63 KB (10,203 words) - 13:01, 13 December 2023
- AEPD (Spain) - PS/00214/2022 (category Article 6(1) GDPR)legal bases of contract (Article 6(1)(b) GDPR), legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR) and determined that131 KB (20,916 words) - 12:38, 13 December 2023
- APD/GBA (Belgium) - 145/2023 (category Article 6(1)(f) GDPR)processing (Article 6.1.a. AVG), nor that there would be an agreement between the parties on which the personal data processing would be based (Article 6.1.b.39 KB (6,247 words) - 09:14, 15 November 2023
- BVwG - W214 2233132-1/27E (category Article 15 GDPR)also met. 3.3. In the matter 3.3.1. Legal situation: Article 12 of Regulation (EU) 2016/679 of the European Parliament and of the CouncilArticle 12, of Regulation87 KB (14,194 words) - 10:07, 15 February 2024
- AEPD (Spain) - PS/00291/2019 (category Article 6(1)(a) GDPR)AEPD imposed a fine of € 6.000 for unlawful processing data from a public registry without a legal basis under Article 6 GDPR. A citizen filled a complaint33 KB (5,396 words) - 14:26, 13 December 2023
- AEPD (Spain) - 0098/2022 (category Article 6(1)(e) GDPR)under Article 36 GDPR) regarding the compliance of the envisaged processing with the GDPR. According to the Commission, the legal basis was Article 6(1)(e)56 KB (8,102 words) - 13:57, 1 February 2023
- AEPD (Spain) - EXP202100897 (category Article 6(1) GDPR)basis for the processing (Article 21(1) GDPR). Finally, the DPA fined the controller €12,000 for a violation of Article 6(1) GDPR due to the lack of a valid72 KB (11,671 words) - 13:34, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8979/162/21 (category Article 6(1) GDPR)the social and health authority of a city to have breached Article 6(1) GDPR and Article 10 GDPR by requesting data subjects to provide it with personal data19 KB (2,906 words) - 09:35, 4 March 2024
- AEPD (Spain) - PS/00262/2020 (category Article 6(1) GDPR)defendant is accused of committing an offense for violation of the Article 6.1 of the RGPD. Article 6, Legality of treatment, of the RGPD establishes that: "1.22 KB (3,293 words) - 14:23, 13 December 2023
- Persónuvernd (Island) - 2022020363 (category Article 6 GDPR)and thus failed to fulfil its obligations under Article 5(1) GDPR, Article 24(1) GDPR and Article 28(1) GDPR. Second, the DPA found that, since the data processing142 KB (22,881 words) - 12:42, 16 January 2024
- Datatilsynet (Denmark) - 2019-431-0018 (category Article 6(1)(f) GDPR)legitimate and explicit purpose. Therefore, it was contrary to Article 5(1)(b) GDPR and Article 6 GDPR. In addition, the DPA found that the controller did not18 KB (2,667 words) - 16:29, 6 December 2023
- HmbBfDI (Hamburg) - Vermerk: Abdingbarkeit von TOMs (category Article 6(1)(a) GDPR)even though Article 32 GDPR stipulates such a technical measure for certain emails. It is important to note that only Article 6(1)(a) GDPR allows for such30 KB (4,562 words) - 15:27, 6 December 2023
- GDPRhub is a wiki with GDPR-related decisions and knowledge, enabling anyone to find and share GDPR insights across Europe! GDPRhub collects and summarises6 KB (277 words) - 12:46, 10 April 2024
- AEPD (Spain) - EXP202201987 (category Article 15 GDPR)accordance with article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), and this is not based on another legal basis; C/ Jorge Juan, 6 www.aepd21 KB (3,290 words) - 10:50, 13 December 2023
- AEPD (Spain) - PS/00143/2020 (category Article 5(1)(f) GDPR)violation of Article 5.1.f) of the RGPD, typified in Article 83.5 of the RGPD. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es Page 2 2/6 FOURTH:17 KB (2,578 words) - 14:05, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 6(4) GDPR)of Articles 6, 7 and 12 of the GDPR. In the contested decision, the Belgian DPA found the infringement of Article 6, 7, 12, 13 and 24 GDPR sufficiently67 KB (10,544 words) - 09:24, 10 September 2021
- AEPD (Spain) - PS/00291/2020 (category Article 6(1) GDPR)about it. In my personal view, this would be a violation of Article 13(1)(c) and (e) GDPR. Furthermore, it is unclear from the decision of the Spanish15 KB (2,246 words) - 14:26, 13 December 2023
- Rb. Amsterdam - 8598127 KK EXPL 20-357 (category Article 6(1)(f) GDPR)the data could be processed under the legitimate interest basis (ARTICLE 6(1)(f) GDPR). The tribunal weighted the different interests at stake and decided27 KB (4,437 words) - 09:17, 22 August 2020
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)contract Article 6.1.c: Legal basis for compliance with a legal obligation Article 6.1.d: Legal basis for safeguarding a vital interest Article 6.1.e: Legal9 KB (1,168 words) - 15:30, 6 December 2023
- IMY (Sweden) - DI-2020-10538 (category Article 12(3) GDPR)The Swedish DPA held that a controller has violated article 12(3) GDPR, because, although they complied with an erasure request, they did not subsequently14 KB (1,580 words) - 15:22, 6 December 2023
- AEPD (Spain) - PS/00430/2018 (category Article 6(1)(f) GDPR)there is legitimacy for it derived from the article 6.1. c) and 6.1.e) and at individual level 6.1.f) of the GDPR for the serious accusations that poured into40 KB (6,508 words) - 14:39, 13 December 2023
- regarding Article 6(1) GDPR and consent requirements regulated previously to GDPR. The fact that the infringements related to Article 25 GDPR did not include457 KB (75,575 words) - 09:36, 12 May 2021
- AEPD (Spain) - PS/00182/2020 (category Article 6(1) GDPR)established in article 6 of the Regulation (EU) 2016/679. " III The documentation in the file provides evidence that the claimed, violated article 6.1 of the21 KB (3,154 words) - 14:07, 13 December 2023
- under Article 6(1)(f) GDPR is not a valid legal basis for the processing of cookies. The Italian DPA also held that the controller violated Article 122 of57 KB (9,084 words) - 15:11, 13 July 2022
- AEPD (Spain) - PS/00079/2020 (category Article 6(1) GDPR)of Article 6(1) GDPR? The Spanish DPA held that the documentation in the file provides evidence that G.L.P. Instalaciones 86, S.L violated Article 6(1)20 KB (3,301 words) - 13:57, 13 December 2023
- HDPA (Greece) - 26/2023 (category Article 15 GDPR)under Article 15 GDPR." The DPA rejected the request for review. Genealogical research on a family surname did not fall within the scope of Article 15 GDPR14 KB (2,181 words) - 11:27, 13 September 2023
- AEPD (Spain) - PS/00379/2019 (category Article 6 GDPR)an alleged violation of article 6 of the GDPR typified as an infringement of basic principles for processing in article 83.5 GDPR. In determining the amount26 KB (4,235 words) - 14:33, 13 December 2023
- AEPD (Spain) - EXP202315744 (category Article 17 GDPR)purposes, in accordance with Article 89(1), to the extent that C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 6/6 the right indicated in paragraph20 KB (3,052 words) - 08:17, 16 April 2024
- AEPD (Spain) - PS/00060/2020 (category Article 58(1)(a) GDPR)offence of Article 37.1.f of the LOPD, classified as serious in Article 44.3.i of the LOPD C/ Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 6/11 The23 KB (3,695 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00268/2022 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD, Article 33 of the RGPD, Article 25 of the RGPD and Article 32 of the RGPD, typified in Article 83.5 of the RGPD63 KB (9,551 words) - 12:33, 13 December 2023
- AKI (Estonia) - 2.1.-1/22/1396 (category Article 6 GDPR)basis in line with Article 13(1)(d) GDPR. The DPA stated that it would impose a fine on the controller, pursuant to Article 58(2)(i) GDPR, if latter does34 KB (5,305 words) - 08:40, 29 June 2023
- AEPD (Spain) - EXP202202000 (category Article 17(3)(b) GDPR)information correctly published at the time. The DPA noted that under Article 17(3)(b) GDPR, personal data shall not be erased if their processing is necessary20 KB (3,107 words) - 10:49, 13 December 2023
- UODO (Poland) - ZSPR.421.3.2018 (category Article 14 GDPR)portability; (d) where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any52 KB (8,444 words) - 10:01, 17 November 2023
- AEPD (Spain) - PS/00172/2020 (category Article 6(1) GDPR)infringements of article 6.1 and 7 of Regulation (EU) 2016/679 (Regulation General Data Protection, hereinafter RGPD) typified in article 83.5 of the aforementioned38 KB (6,160 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00406/2020 (category Article 6(1)(f) GDPR)violation of article 6.1. f) of the RGPD, in relation with article 20.1 c) of the LOPDGDD, typified in article 83.5.a) of the cited GDPR That by writing36 KB (5,582 words) - 14:35, 13 December 2023
- Datatilsynet (Norway) - 20/01627 (category Article 6(1)(f) GDPR)the processing as per Article 6. The DPA therefore assumed that the legal basis would have been legitimate interest as per Article 6(1)(f). The DPA identified45 KB (6,973 words) - 05:12, 15 September 2022
- AEPD (Spain) - EXP202206825 (category Article 6(1) GDPR)regulated in article 6 of the GDPR. The assumptions that allow the processing of personal data to be considered lawful listed in article 6.1 of the GDPR: 1. Treatment31 KB (4,864 words) - 13:27, 13 December 2023
- HDPA (Greece) - 2/2023 (category Article 4(7) GDPR)protected by article 5 par. 1 item a) GDPR, in conjunction with Article 13 GDPR and b) directs a reprimand, according to article 58 par. 2 b) GDPR, to the complained31 KB (5,021 words) - 16:15, 18 July 2023
- AEPD (Spain) - PS/00322/2020 (category Article 5(1)(f) GDPR)constitute a violation of the GDPR? The AEPD held that the email constituted a confidentiality breach and violated Article 32 GDPR, as the law firm had failed26 KB (3,840 words) - 14:28, 13 December 2023
- AEPD (Spain) - TD/00248/2020 (category Article 12 GDPR)and the free circulation of these data (hereinafter, GDPR); and in article 47 of the Law Organic 3/2018, of December 5, Protection of Personal Data and25 KB (3,972 words) - 14:47, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8040/163/2019 (category Article 6(1) GDPR)and 5 (3) of Directive 2002/58, read in conjunction with Article 2 (h) of Directive 95/46 and Regulation 2016/679 4 Article 6 (11) and Article 6 (1) (a)29 KB (4,610 words) - 13:07, 3 March 2024
- Rb. Midden-Nederland - UTR- 20 817 en UTR 20 3081 (category Article 77 GDPR)wrongly not happened. 6. Plaintiff cannot be proved right. Article 78 of the GDPR does contain a decision period as referred to in Article 4:13 of the Awb.25 KB (3,954 words) - 13:39, 16 November 2020
- Rb. Gelderland - AWB - 18 3073 (category Article 6 GDPR)concerned is not in default of payment of court fee, as referred to in Article 8:41(6) of the General Administrative Law Act (Algemene wet bestuursrecht,10 KB (1,424 words) - 12:09, 9 May 2022
- AEPD (Spain) - PS/00062/2020 (category Article 13 GDPR)breach Article 13 GDPR even if the contact form is not operational? The Spanish DPA (AEPD) held that the defendant, PSI, violated Article 13 GDPR by failing44 KB (7,162 words) - 13:53, 13 December 2023
- AP (The Netherlands) - 24.02.2022 (category Article 13(1)(e) GDPR)Data Authority2019 53 3.3Penaltyforviolatingthesecurityofprocessing 53 3.3.1 Nature, seriousness and duration of the infringement 54 3.3.2 Negligent nature179 KB (22,957 words) - 17:07, 12 December 2023
- AEPD (Spain) - EXP202306257 (category Article 44 GDPR)EDREAMS, S.L. was ordered for a violation of the Article 44 of the GDPR, typified in Article 83.5 of the GDPR, adapt the activity of data processing carried83 KB (12,999 words) - 15:30, 6 March 2024
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)contract (Article 6(1)(b) GDPR), nor could be based on legitimate interest of the controller (Article 6(1)(f) GDPR). Consent (Article 6(1)(a) GDPR) could130 KB (21,874 words) - 09:43, 15 February 2024
- Rb. Amsterdam - C/13/692003/HA RK 20-302 (category Article 15(1) GDPR)All this is in violation of Article 22 GDPR. The requirements of proportionality and subsidiarity have also not been met. 3.3. Furthermore, prior to the30 KB (4,797 words) - 10:03, 19 May 2021
- AEPD (Spain) - PS/00278/2019 (category Article 6(1)(a) GDPR)lack of valid consent under Article 6(1)(a) GDPR. Thus, it imposed VODAFONE a fine of EUR 75,000 under Article 83(5) GDPR, being indecisive whether there23 KB (3,672 words) - 14:25, 13 December 2023
- AZOP (Croatia) - Decision 10-08-2023 (category Article 6 GDPR)this the AZOP held that the controller acted contrary to Article 5(1)(a) GDPR and Article 6 GDPR. Moreover, the AZOP reiterated the fact that the pictures19 KB (2,955 words) - 16:29, 5 December 2023
- AEPD (Spain) - PS/00251/2020 (category Article 37(1)(b) GDPR)company result in a breach of Article 37 GDPR? The Spanish DPA (AEPD) found that Conseguridad SL had violated Article 37(1)(b) GDPR by not having designated15 KB (2,245 words) - 14:22, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 24FR/2022 (category Article 12(1) GDPR)based on Article 6.1.f) of the GDPR, but not for all processing based on this article. […] 73 74Investigation report, page 22, point 4.4.2.3.3. WP 260 rev82 KB (11,472 words) - 16:58, 6 December 2023
- AEPD (Spain) - EXP202105333 (category Article 6(1) GDPR)hereinafter, LPACAP), for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On October 13, 2022, DIGI requests the49 KB (7,973 words) - 13:25, 13 December 2023
- AEPD (Spain) - PS/00200/2020 (category Article 6(1) GDPR)complaint - infringes Article 6(1) GDPR, by unlawfully processing the complainant's personal data, in relation to Article 5(1)(f) GDPR, which governs the30 KB (4,833 words) - 14:10, 13 December 2023
- AEPD (Spain) - PS/00474/2020 (category Article 21 GDPR)data subject has exercised their right to object under Article 21 GDPR. In the same way, Article 48(1)(b) of the Spanish General Telecommunications Act38 KB (5,945 words) - 12:14, 9 June 2021
- AEPD (Spain) - EXP202102778 (category Article 6(1)(f) GDPR)controller had violated Article 6(1) GDPR since the legitimate interest assessment on which the processing was based (Article 6(1)(f) GDPR) was understood as84 KB (13,036 words) - 13:26, 13 December 2023
- AEPD (Spain) - PS/00075/2020 (category Article 6(1)(a) GDPR)sanction is imposed for violation of Article 6.1.a) of the GDPR of 3,000 euros. VIII Infringement of Article 13 of the GDPR The facts claimed also provide evidence31 KB (4,909 words) - 13:56, 13 December 2023
- AEPD (Spain) - EXP202200436 (category Article 6(1) GDPR)claimed party, for the alleged infringement of Article 6.1 of the RGPD, typified in Article 83.5 of the GDPR. FIFTH: Notification of the aforementioned start-up8 KB (1,143 words) - 13:02, 13 December 2023
- AEPD (Spain) - PS/00227/2019 (category Article 6(1)(a) GDPR)set out in Article 6 of Regulation (EU) 2016/679. (…)” In accordance with the facts considered to be proven, the respondent violated Article 6.1.a) of the36 KB (5,821 words) - 14:20, 13 December 2023
- Rb. Noord-Holland - C/15/311101 / HA RK 20-227 (category Article 17(3)(b) GDPR)by law to retain the data. The municipality relied on Article 17(3)(b) GDPR and Article 7.3.8(3) of the Youth Act to argue that it was obliged to retain22 KB (3,333 words) - 13:22, 2 June 2021
- APD/GBA (Belgium) - 46/2024 (category Article 6(1) GDPR)determined in Article 6.1. GDPR. 36. To this end, the Disputes Chamber examines the extent to which the legal grounds as provided in Article 6.1. GDPR can be51 KB (8,174 words) - 14:08, 28 May 2024
- Helsingin hallinto-oikeus (Finland) - H5259/2022 (category Article 6 GDPR)the social and health authority of a city to had breached Article 6 GDPR and Article 10 GDPR by requesting data subjects to provide it with personal data43 KB (6,678 words) - 08:41, 4 March 2024
- AEPD (Spain) - EXP202203914 (category Article 6(1) GDPR)correspond would be for the infringement of article 6.1 of the GDPR, typified in article 83.5 a) of the GDPR, the sanction that would correspond would be37 KB (5,914 words) - 10:42, 13 December 2023
- AEPD (Spain) - PS/00320/2020 (category Article 6(1) GDPR)of the respondent a violation of the GDPR? The AEPD held that the actions of the company violated Article 6 GDPR. According to the decision, acting as18 KB (2,736 words) - 14:28, 13 December 2023
- AEPD (Spain) - EXP202202837 (category Article 6(1) GDPR)(Considering 40 GDPR), Article 6.1 of the GDPR is therefore applicable and not RD 1720/2007 used by the defendant. Thus, the aforementioned article 6.1 GDPR establishes58 KB (8,995 words) - 13:00, 13 December 2023
- AEPD (Spain) - PS/00326/2020 (category Article 37(1)(a) GDPR)obligation imposed on public authorities under Article 37(1) GDPR. This obligation is also within Article 34(1) and (3) of the Spanish data protection law (LOPDGDD)14 KB (1,992 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00257/2020 (category Article 37 GDPR)Decision understands that Article 45.6 of the LOPD confers on the AEPD C/ Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 3/7 a "power" different18 KB (2,737 words) - 14:23, 13 December 2023
- AEPD (Spain) - PS/00050/2020 (category Article 5(1)(a) GDPR)restaurant owner lawful in line of Article 5(1)(a) GDPR? The Spanish DPA concluded that there has been a breach of Article 5(1)(a) GDPR because the uploading of31 KB (5,083 words) - 13:51, 13 December 2023
- AEPD (Spain) - PS/00446/2021 (category Article 5(1)(c) GDPR)for the alleged violation of article 5.1.c) of the GDPR and article 13 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Once the aforementioned24 KB (3,717 words) - 13:04, 13 December 2023
- AEPD (Spain) - EXP202202183 (category Article 6(1) GDPR)provided for in Article 15 GDPR and Article 13 LOPDGDD was exercised. Secondly, the DPA noted that a valid legal basis under Article 6(1) GDPR is required22 KB (3,432 words) - 12:37, 13 December 2023
- Rb. Den Haag - C/09/581706 / HA RK 19-593 (category Article 12(5) GDPR)data concerning him / her on the basis of Article 6 (1) (f) of the GDPR . Should Article 21 (1) of the GDPR - and in particular the addition `` at any34 KB (5,811 words) - 09:44, 8 December 2020
- AEPD (Spain) - PS/00134/2019 (category Article 5(1)(a) GDPR)finepublic, as indicated in article 77.1. c) and 2. 4. 5. and 6. of the LOPDDGG: “ 1. Theregime established in this article will be applicable to the treatments26 KB (4,034 words) - 14:04, 13 December 2023
- AEPD (Spain) - EXP202202937 (category Article 12 GDPR)with Article 6(1)(a) or Article 9(2)(a) and this is not based on another legal basis; C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 6/8 c)26 KB (3,997 words) - 18:59, 26 February 2024
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)relation to the provisions of article 48 of Law 9/2014, of 9 of C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es Page 3 3/97 May, General Telecommunications287 KB (48,336 words) - 13:53, 13 December 2023
- AEPD (Spain) - PS/00006/2019 (category Article 6(1)(a) GDPR)contravene Articles 13(1), 6(1)(a) and 8 GDPR? The AEPD found that GRUP BC S.L violated Article 13(1), 6(1)(a) and 8 GDPR. Share your comments here! Share27 KB (4,517 words) - 13:44, 13 December 2023
- AEPD (Spain) - PS/00135/2020 (category Article 13 GDPR)portability of the data; (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a) the existence of the right to withdraw consent in at any47 KB (7,756 words) - 14:04, 13 December 2023
- AEPD (Spain) - PS/00235/2020 (category Article 6(1) GDPR)Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 3/8 Consequently, my client considers that there has been no violation of article 6.1 of the RGPD24 KB (3,766 words) - 14:21, 13 December 2023
- Rb. Rotterdam - ROT 20/3286 (category Article 82(1) GDPR)which article of the GDPR was violated. However, considering the plaintiff made a request for the removal of her data, it is likely that Article 17 GDPR12 KB (1,685 words) - 13:08, 28 July 2021
- AEPD (Spain) - TD/00251/2021 (category Article 15 GDPR)of these data (hereinafter, GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish20 KB (3,142 words) - 13:31, 13 December 2023
- AEPD (Spain) - EXP202204461 (category Article 5(1)(f) GDPR)Therefore, Article 5(1)(f) GDPR was considered violated by the community of owners as a whole and a fine according to Article 83(5) GDPR was imposed.24 KB (3,631 words) - 13:20, 13 December 2023
- AEPD (Spain) - EXP202204492 (category Article 6(1) GDPR)provisions of article 58.2.i) of the GDPR, for the alleged infringement of article 6.1 of the GDPR, typified in article 83.5.b) of the GDPR. SECOND: APPOINT26 KB (3,867 words) - 10:44, 13 December 2023
- AEPD (Spain) - EXP202104917 (category Article 6 GDPR)valid consent under Article 4(11) GDPR and Article 6(1) LOPDGDD (National data protection law aimed at the implementation of the GDPR). In both articles27 KB (4,356 words) - 12:41, 13 December 2023
- AEPD (Spain) - EXP202105693 (category Article 6(1) GDPR)The Spanish DPA fined an insurance company €24,000 for violating Article 6(1) GDPR due to the processing of personal data without a legal basis. The company49 KB (7,579 words) - 13:15, 13 December 2023
- AEPD (Spain) - EXP202206542 (category Article 5(1) GDPR)a violation of Article 13 of the GDPR, typified in Article 83.5 of the GDPR, a fine of 2000 euros (TWO THOUSAND euro). C/ Jorge Juan, 6 www.aepd.es 2800124 KB (3,749 words) - 13:19, 13 December 2023
- AEPD (Spain) - EXP202305050 (category Article 58(1) GDPR)LPACAP), for the alleged infringement of Article 58.1 of the GDPR, typified in the Article 83.5 of the GDPR Regulation (EU) 2016/679 (General Regulation57 KB (9,217 words) - 10:44, 13 December 2023
- AEPD (Spain) - PS/00491/2020 (category Article 6(1) GDPR)of Article 13 of the GDPR? Is the publication of a photograph and personal data without the data subject's express consent a violation of Article 6 (1)19 KB (2,957 words) - 14:45, 13 December 2023
- AEPD (Spain) - EXP202204881 (category Article 6(1) GDPR)the LPACAP, for the alleged infringement of Article 6.1 of the GDPR, typified in Article 83.5 of the GDPR. SIXTH: On January 23, 2023, DIGI requests a55 KB (9,017 words) - 10:46, 13 December 2023
- AEPD (Spain) - PS/00357/2020 (category Article 13 GDPR)accordance with provided for in article 58.2.b) of the RGPD, for an infringement of article 13 of the RGPD, typified in article 83.5 of the RGPD, a warning20 KB (3,075 words) - 14:32, 13 December 2023
- AEPD (Spain) - PS/00155/2021 (category Article 58(1) GDPR)sanction Vodafone in accordance with Article 83(5)(e) GDPR, for the non-compliance with an order pursuant to Article 58(1) GDPR. For this infringement, the AEPD20 KB (2,992 words) - 13:30, 13 December 2023
- AEPD (Spain) - PS/00502/2020 (category Article 21 GDPR)registered on the Robinson List in breach of Article 48(1)(b) LGT and Article 21 GDPR in conjunction with Article 23(4) LOPDGDD. Avilon Center SL made an voluntary23 KB (3,590 words) - 14:45, 13 December 2023
- OLG Linz - 6R49/19x (category Article 2(1) GDPR)interference that was unforeseeable for the defendant. As a result, under Article 82(3) the defendant cannot be held responsible for the processing of the claimant's33 KB (5,113 words) - 09:50, 14 December 2023
- CJEU - C-205/21 - Ministerstvo na vatreshnite raboti (category Article 9 GDPR)provided for in Article 9 of the GDPR or Article 51 of the ZZLD. 30 Under Article 27 of the ZMVR, data recorded by the police pursuant to Article 68 of that110 KB (18,000 words) - 08:01, 5 June 2023
- AEPD (Spain) - PS/00368/2020 (category Article 21 GDPR)company, Iberdrola Clientes, S.A.U for infringing Article 21 GDPR, Article 48(1)(b) LGT, and Article 23(4) LOPDGDD. The initial proposed fine was €1000021 KB (3,137 words) - 14:33, 13 December 2023
- Court of Appeal of Brussels - 2020/AR/1333 (category Article 6(1) GDPR)proportionate and complies with the article 83 of the GDPR. The Litigation Chamber fully complied with article 83.1 of the GDPR and principle of proportionality51 KB (7,792 words) - 11:43, 24 January 2022
- BVwG - W211 2230221-1 (category Article 15(1)(c) GDPR)Court's request for preliminary ruling regarding the interpretation of Article 15(1)(c) GDPR is published. The data subject filed a complaint with the Austrian19 KB (2,825 words) - 09:42, 26 November 2021
- APD/GBA (Belgium) - 11/2024 (category Article 12(3) GDPR)established in Article 12(3) and (4) GDPR. Therefore, the Belgian DPA found the controller to have breached Article 15 GDPR in conjunction with Article 12(3) and26 KB (3,856 words) - 08:51, 19 March 2024
- GHSHE (Netherlands) - 200.274.447 01 (category Article 5 GDPR)costs at law. 3.3. In the first instance, [the employee] put forward a substantiated defense seeking the rejection of Trigion's requests. 3.3.1. In the event60 KB (10,118 words) - 15:12, 5 October 2021
- Commissioner (Cyprus) - 11.17.001.010.007 (category Article 15(3) GDPR)intention to infringe either article 5(1)( c) or article 34(1) of the GDPR. Legal framework 8.1. Pursuant to Article 5(1)(c) of the GDPR “Personal Data shall be:20 KB (3,082 words) - 13:42, 31 January 2024
- AEPD (Spain) - PS/00043/2020 (category Article 13 GDPR)the treatment; C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 4/9 d) when the treatment is based on article 6, paragraph 1, letter f), the24 KB (3,838 words) - 13:51, 13 December 2023
- HDPA (Greece) - 53/2022 (category Article 6(1)(a) GDPR)his compliance with the principles of article 5 par. 1 of the GDPR. 5. Furthermore, Article 6 para. 1 of the GDPR provides, among other things, that the50 KB (8,004 words) - 04:49, 14 December 2022
- AEPD (Spain) - PS/00104/2020 (category Article 5(1)(f) GDPR)specified in article 32 GDPR (security of processing). In determining the amount of the fine, certain aggravating factors of article 83 GDPR were considered36 KB (6,022 words) - 13:59, 13 December 2023
- APD/GBA (Belgium) - 154/2023 (category Article 5(1)(b) GDPR)principle (Article 5.1 b) GDPR) and the principle of minimum data processing (Article 5.1 c) GDPR). This follows from both provisions of the GDPR camera surveillance21 KB (3,034 words) - 15:30, 26 January 2024
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)DSGVO/BDSG , Article 15 paragraph 33; Schaffland/Holthaus in Schaffland/Wiltfang, GDPR, Article 15 GDPR paragraph 44; loc. A. Härting, CR 2019, 219). 136 (3) In97 KB (16,519 words) - 09:57, 22 February 2023
- NAIH (Hungary) - NAIH/2020/34/3 (category Article 12(2) GDPR)right of access under Article 15 GDPR? By denying the complainant access, did the respondent infringe Articles 12(1) or 12(2) GDPR? The NAIH that the complainant's48 KB (7,727 words) - 10:11, 17 November 2023
- AEPD (Spain) - EXP202200429 (category Article 5(1)(c) GDPR)infringement of the GDPR, articles: -12 of the GDPR, in accordance with article 83.5.b) of the GDPR and 72.1.k) of the LOPDGDD, and -5.1.c) of the GDPR, in accordance56 KB (9,356 words) - 10:43, 13 December 2023
- AEPD (Spain) - PS/00452/2019 (category Article 6(1)(a) GDPR)pursuant to Article 47(1) and 48.1 of Law 39/2015 of 1 October, on the limitation of the infringement of article 6.1 of the RGPD typified in article 83.5 a)25 KB (4,037 words) - 14:55, 13 December 2023
- APD/GBA (Belgium) - 18/2020 (category Article 38(6) GDPR)therefore of the opinion that no breach of Article 5.2 of the GDPR, Article 24.1 of the GDPR and Article 33 of the GDPR can be established. - As regards the55 KB (8,810 words) - 16:55, 12 December 2023
- AEPD (Spain) - PS/00132/2022 (category Article 6(1) GDPR)their (c) where the processing is based on Article 6(1)(a) or Article 6(1)(b) or Article 6(1)(c) of the GDPR Article 9(2)(a), the existence of the right to52 KB (8,416 words) - 12:59, 13 December 2023
- APD/GBA (Belgium) - 82/2020 (category Article 6(1) GDPR)authentication via a third service provider cannot constitute a breach of Article 6 of the GDPR when it implies that the personal data of the data subjects are not124 KB (18,772 words) - 17:01, 12 December 2023
- AZOP (Croatia) - Decision 29-06-2022 (Center for Social Welfare) (category Article 6 GDPR)records. Article 5 paragraph 3 of the cited Ordinance stipulates 4 is how records of workers can be kept in written or electronic form, while in Article 8 of17 KB (2,660 words) - 15:35, 30 October 2023
- Court of Appeal of Brussels - 2021/AR/163 (category Article 83 GDPR)concerned, that they have entered into a breacha / 'article 14.1-2 combined' article 12.3, article 6, article 5.1, c) and articles 5.2 and 24.1-2 of the RGPO72 KB (11,389 words) - 08:59, 20 August 2021
- AEPD (Spain) - PS/00272/2019 (category Article 5(1)(c) GDPR)sanction with warning -article 58.2 b) -, the power to impose an administrative fine pursuant to article 83 of the GDPR -article 58.2 i) -, or the power22 KB (3,438 words) - 14:24, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 47FR/2021 (category Article 5(1)(c) GDPR)the processing is based on Article 6(1)(a) or on Article 9, (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the69 KB (11,315 words) - 13:30, 19 January 2022
- AEPD (Spain) - PS/00132/2020 (category Article 6(1) GDPR)laid down in Article 6 of Regulation (EU)2016/679. III The documentation in the file provides evidence that the party claimed violated Article 6.1 of the RGPD24 KB (3,939 words) - 14:03, 13 December 2023
- publication of the press release of 17 June 2020 infringed Article 54(2) GDPR and Article 48(1) and Article 64(3) WOG. This press release described that the DPA was206 KB (30,485 words) - 09:54, 14 December 2023
- AEPD (Spain) - PS/00415/2019 (category Article 6(1) GDPR)laid down in Article 6 of Regulation (EU)2016/679. III The documentation in the file offers evidence that the respondent violated Article 6.1 of the RGPD22 KB (3,521 words) - 14:36, 13 December 2023
- AEPD (Spain) - PS/00044/2020 (category Article 13 GDPR)Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 12/3 In consideration of the nature of the Public Authority of Notaries and based on article 37.1 a)39 KB (6,270 words) - 13:51, 13 December 2023
- CNIL (France) - SAN-2021-020 (category Article 28(3) GDPR) (section On the failure to comply with Article 28 GDPR)breach of Article 28 paragraphs 3 and 4 of the GDPR is clear. 2. On the breach of the obligation to ensure data security 49. According to Article 32 of the56 KB (9,069 words) - 17:02, 6 December 2023
- DSB (Austria) - 2020-0.605.768 (category Article 40 GDPR)conducts under Article 41 GDPR (redacted as "code S***", code M*** and code U***"). These codes had been approved by the DSB under Article 40(5) GDPR. Inverstigations19 KB (2,799 words) - 13:52, 12 May 2023
- AEPD (Spain) - PS/00450/2019 (category Article 5(1)(f) GDPR)telephone number of the complainant C/ Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 3/6 THIRD: On August 7, 2019, the claimant is notified17 KB (2,620 words) - 14:43, 13 December 2023
- AEPD (Spain) - E/02666/2020 (category Article 14 GDPR)fulfilled the duty of information in accordance with GDPR. The Spanish DPA considered that Article 35 GDPR applies in this case and thus a DPIA is necessary24 KB (3,690 words) - 13:39, 13 December 2023
- AEPD (Spain) - PS/00247/2020 (category Article 7 GDPR)L. for the infringement of Article 13 GDPR (data privacy policy) and a warning penalty for the infringement of Article 7 GDPR regarding the collection of24 KB (3,893 words) - 14:22, 13 December 2023
- AEPD (Spain) - EXP202204530 (category Article 6(1) GDPR)violation of article 6.1 of the RGPD, typified in article 83.5.a) of the GDPR. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 3/9 The proposed26 KB (3,971 words) - 13:26, 13 December 2023
- AEPD (Spain) - PS/00127/2020 (category Article 13 GDPR)information duty included in Article 13 GDPR. Is this a violation of Article 13 GDPR? The AEPD held that there had been a violation of Article 13. According to the35 KB (5,363 words) - 14:02, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8314/182/20 (category Article 5 GDPR)referred to in subsection 1 (6) has arisen, the information shall be deleted within two years of the entry. Pursuant to section 18 (3) of the Credit Information29 KB (4,701 words) - 13:03, 3 March 2024
- CNIL (France) - SAN-2020-013 (category Article 6 GDPR)derogant rule, based on the interpretation of Article 95 GDPR in the line of the Rec (173) GDPR and Article 1(2) and 15a of the ePrivacy Directive. The CNIL82 KB (13,424 words) - 17:10, 6 December 2023
- AEPD (Spain) - PS/00090/2020 (category Article 57(1) GDPR)the provisions of Article 76 of the LOPDGDD, with respect to paragraph k) of the aforementioned Article 83.2 RGPD. V C/ Jorge Juan, 6 www.aepd.es 2800116 KB (2,462 words) - 13:58, 13 December 2023
- AEPD (Spain) - PS/00366/2019 (category Article 5(1)(d) GDPR)authorities an infringement of Article 5 (1) (d) GDPR? The AEPD agreed to impose a penalty for infringement of Article 5 (1) (d) for lack of accuracy in29 KB (4,583 words) - 14:32, 13 December 2023
- DSB (Austria) - 2020-0.550.322 (category Article 6(1) GDPR)other legal basis for processing under Article 6 GDPR, the controller had violated Article 5(1)(a) and Article 6(1) GDPR. Taking into account the low income26 KB (4,098 words) - 13:51, 12 May 2023
- Persónuvernd - 2020051604 (category Article 2 GDPR)in the public interest, cf. Item 5 Article 9 Act no. 90/2018 and paragraph 3 e. Article 6 Regulation (EU) 2016/679. 3. Conclusion Privacy protects that13 KB (1,930 words) - 09:33, 13 May 2022
- AEPD (Spain) - EXP202211953 (category Article 5(1)(a) GDPR)adequate information under Article 13 GDPR, and for the processing of personal data in a manner contrary to Article 5(1)(a) of the GDPR. A data subject submitted85 KB (13,042 words) - 12:42, 13 December 2023
- AEPD (Spain) - PS/00102/2021 (category Article 6(1) GDPR)pictures of the individuals without their consent was a violation of Article 6 GDPR. Because of that, they fined Hazte Oir €5000, with a possibility of21 KB (3,099 words) - 13:59, 13 December 2023
- Datatilsynet (Norway) - 20/03293 (category Article 30 GDPR)Privacy Ordinance article 58 no. 2. 4.2 Requirements for treatment protocol Pursuant to Article 30 of the Privacy Regulation (and Article 24 of Directive18 KB (2,525 words) - 08:44, 11 July 2022
- AEPD (Spain) - PS/00070/2020 (category Article 6(1)(f) GDPR)publication of the judgment breach the GDPR? The AEPD held that the respondent’s actions violated the GDPR Article 5(1)(a) requirement that processing must43 KB (7,001 words) - 13:56, 13 December 2023
- AEPD (Spain) - E/03003/2020 (category Article 32(1) GDPR)this data breach a violation of Article 32(1) GDPR? The AEPD concluded that there was no violation of Article 32(1) GDPR, because the company had implemented21 KB (3,039 words) - 13:39, 13 December 2023
- DSB (Austria) - 2020-0.303.727 (category Article 17(1) GDPR)and Article 85 GDPR. In June 2019, the complainant requested erasure of her personal data from the respondent's website, claiming that an article on that21 KB (3,266 words) - 13:51, 12 May 2023
- DVI (Latvia) - SIA "TET" (category Article 6(1) GDPR)violation of Article 5(1)(a), (b), (d) and (e) GDPR. Furthermore, there was no legal basis for these processing operations under Article 6(1) GDPR. The DPA114 KB (17,942 words) - 15:46, 2 November 2022
- AP (The Netherlands) - 10.12.2020 (Booking.com) (category Article 33(1) GDPR)pursuant to Article 55 In section 3.3 it was established that Booking is the data controller. In section 3.1, the AP established that, pursuant to Article 56 of77 KB (12,915 words) - 17:15, 12 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 137/161/20 (category Article 6(1) GDPR)accordance with Article 3 and 5 of the Finnish Act on the Protection of Privacy in Working Life and Article 5(1)(a) and (c), 6(1) and 9(1) GDPR? The Finnish3 KB (249 words) - 13:04, 3 March 2024
- AEPD (Spain) - PS/00329/2020 (category Article 37 GDPR)having appointed a data protection officer, thus breaching Article 37 GDPR. After the GDPR came into force, the Burgos city Council did not appoint a DPO13 KB (2,002 words) - 14:29, 13 December 2023
- APD/GBA (Belgium) - 08/2019 (category Article 12(3) GDPR)violated Articles 12(3), (4), 13(2)(b), 30(1)(d) and (g) of the GDPR and issued a warning by virtue of Article 58(2)(b) of the GDPR. Due to the anonimisation24 KB (3,843 words) - 16:51, 12 December 2023
- basis under Article 6 GDPR to collect and process vehicle registration numbers. The legal basis is a statutory obligation prescribed by Article 229 of the16 KB (2,404 words) - 15:46, 30 October 2023
- Digitaliseringsstyrelsen - Decision against Google of 30 October 2023 (category Article 4(11) GDPR)implementation and specify and supplement the GDPR. § 3(1) mentioned in this case corresponds to Article 5(3) of the ePrivacy Directive. In Denmark, the52 KB (8,025 words) - 05:01, 23 November 2023
- AEPD (Spain) - PS/00040/2020 (category Article 15 GDPR)Madrid 6 sedeagpd.gob.es 12/13 public, as indicated in article 77.1. c) and 2. 4. 5. and 6. of the LOPDDGG: “1. The regime established in this article will38 KB (6,303 words) - 13:50, 13 December 2023
- AKI (Estonia) - 2.1-1/19/4627 (category Article 6 GDPR)(Ref. 2). As the legal basis for the commercial register derives from Article 6 (1) of the CCIP even in this case, your consent to the processing of personal16 KB (2,456 words) - 10:29, 13 December 2023
- RvS - 201902417/1/A2 (category Article 6(1)(e) GDPR)Member State (Article 99(3) of the AVG). Claims for compensation in the event of acts contrary to the AVG arise directly from the AVG. Article 82(6) of the AVG37 KB (5,721 words) - 12:41, 16 September 2021
- Garante per la protezione dei dati personali (Italy) - 9445180 (category Article 5(1)(a) GDPR)referred to in Article 10, paragraph 3, of Legislative Decree no. 150 of 1/9/2011 provided for the lodging of the appeal as indicated below (Article 166, paragraph34 KB (5,414 words) - 15:50, 6 December 2023
- AEPD (Spain) - PS/00014/2020 (category Article 6(1) GDPR)violation of article 6 of the RGPD, typified in article 83.5 of the RGPD. C / Jorge Juan, 6 28001 - Madrid www.aepd.es sedeagpd.gob.es 3/8 FOURTH: Once21 KB (3,441 words) - 13:46, 13 December 2023
- DPC (Ireland) - Meta Platforms Ireland Limited (Instagram) - IN-18-5-7 (category Article 6 GDPR)of Article 6(1)(b) GDPR, and to bring its processing into compliance with Article 6(1) GDPR. Furthermore, pursuant to Articles 58(2)(i) and 83 GDPR, and21 KB (3,069 words) - 14:17, 1 February 2023
- NAIH (Hungary) - NAIH-373-31/2023 (category Article 5(1)(b) GDPR)according to Article 6 (1) point f) of the GDPR. (99) In the case of data management based on point f) of Article 6, paragraph (1) of the GDPR, the data controller140 KB (23,189 words) - 08:25, 20 February 2024
- AEPD (Spain) - TD/00133/2020 (category Article 12 GDPR)has been received. Does the GDPR allow the data controller to ignore a request for erasure? The AEPD found that Article 12 GDPR does not allow the data controller18 KB (2,721 words) - 14:51, 13 December 2023
- OVG Saarlouis - 2 A 355/19 (category Article 6(1)(a) GDPR)right to refer to both laws in this matter. 3) Even if, as the plaintiff argued, a recourse to Article 6(1)(f) GDPR were to be considered as an alternative7 KB (754 words) - 08:18, 29 December 2021
- AEPD (Spain) - TD/00263/2020 (category Article 13 GDPR)and the free circulation of these data (hereinafter, GDPR); and in article 47 of the Law Organic 3/2018, of December 5, Protection of Personal Data and22 KB (3,544 words) - 14:48, 13 December 2023
- AP (The Netherlands) - 04.11.2019 (category Article 32 GDPR)payment to be appropriate. 3. Findings 3.1 Findings prior to the on-site visit of 18 June 2018 Menzis sent documents to the AP on 3 and 29 May 2018 to demonstrate36 KB (5,914 words) - 17:13, 12 December 2023
- AEPD (Spain) - EXP202309109 (category Article 5(1)(c) GDPR)purposes and means of such activity, by virtue of article 4.7 of the GDPR. For its part, article 5.1.c) of the GDPR regulates the “principles relating to processing”18 KB (2,733 words) - 13:18, 13 December 2023
- AEPD (Spain) - EXP202104873 (category Article 5(1)(f) GDPR)for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned24 KB (3,512 words) - 10:43, 13 December 2023
- AEPD (Spain) - PS/00227/2020 (category Article 6(1) GDPR)Articles 6 and 13 GDPR? The AEPD decided to impose, for infringement of Article 6 GDPR, a fine of € 10000 and, for infringement of Article 13 GDPR, a fine46 KB (7,230 words) - 14:20, 13 December 2023
- AEPD (Spain) - PS/00448/2020 (category Article 5(1)(f) GDPR)for infringing the following provisions: -Article 17 GDPR – Right to Erasure - €50000 fine -Article 32 GDPR – Failure to implement appropriate technical45 KB (7,217 words) - 14:40, 13 December 2023
- APD/GBA (Belgium) - 10/2019 (category Article 6(4) GDPR)logically been taken up in Article 5(1)(b) of the GDPR under the Principles relating to the processing of personal data (Chapter II). Article 5(1)(b) of the RGPD32 KB (5,190 words) - 16:51, 12 December 2023
- AEPD (Spain) - EXP202105669 (category Article 5(1)(f) GDPR)violation of article 5.1.f) of the GDPR, typified in article 83.5 of the GDPR, a warning sanction and for a violation of article 32 of the GDPR, typified45 KB (6,998 words) - 12:58, 13 December 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)security at all times”. 3.3.2Assessment From both article 13 of the Wb and article 32, first and second paragraph, of the GDPR it follows that the controller106 KB (14,502 words) - 17:09, 12 December 2023
- AEPD (Spain) - PS/00110/2020 (category Article 7 GDPR)Thus, the AEPD understood that the defendant has infringed Article 7 of the GDPR and Article 6(3) of the Spanish Law on Data Protection and Digital Rights32 KB (4,992 words) - 14:00, 13 December 2023
- NAIH (Hungary) - NAIH/2020/1154/9 (category Article 6(1)(f) GDPR)general data protectionArticle 5 (1) (a), Article 5 (2), Article 12 (1) and (4) ofArticle 14, Article 15 and Article 21 (4).1.3. The Authority condemns192 KB (30,170 words) - 10:11, 17 November 2023
- AEPD (Spain) - PS/00071/2020 (category Article 5(1)(a) GDPR)P3120800B, for the alleged violation of article 5.1.b) in relation to article 6.4 of the RGPD, in accordance with article 83.5.a) of the RGPD. SECOND: INITIATE45 KB (7,267 words) - 13:56, 13 December 2023
- AEPD (Spain) - PS/00099/2022 (category Article 5(1)(f) GDPR)controller with €10,000 for the violation of Article 5(1)(f) GDPR and €25,000 for the violation of Article 32 GDPR. There is a pattern in the Spanish DPA resolutions38 KB (5,920 words) - 12:43, 13 December 2023
- AEPD (Spain) - EXP202103746 (category Article 5(1)(c) GDPR)violation of data minimisation, Article 5(1)(c) GDPR. No fines can be imposed against the controller and Article 83(5) GDPR can therefore not be imposed.16 KB (2,041 words) - 13:34, 13 December 2023
- AEPD (Spain) - PS/00101/2020 (category Article 6 GDPR)electronic communications for marketing purposes, connected to Article 6, 7 and 17 of the GDPR. The decision is the consequence of a complaint submitted by13 KB (1,871 words) - 13:59, 13 December 2023
- AEPD (Spain) - EXP202208091 (category Article 5(1)(f) GDPR)for the alleged violation of Article 5.1.f) of the GDPR and Article 32 of the GDPR, typified in Article 83.5 of the GDPR. FIFTH: Notified of the aforementioned40 KB (6,014 words) - 13:24, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9778094 (category Article 5(1)(a) GDPR)the processing of personal data of the data subject (Article 5(1)(a) GDPR; Article 6 and Article 8 of the Italian Legislative Decree No. 101 of August66 KB (10,708 words) - 11:29, 16 August 2022
- AEPD (Spain) - PS/00076/2021 (category Article 6(1) GDPR)procedure to the claimed, by the alleged violation of Article 6 of the RGPD, typified in Article 83.5 b) of the RGPD. SIXTH: Notified the initiation agreement15 KB (2,292 words) - 13:56, 13 December 2023
- AEPD (Spain) - PS/00274/2020 (category Article 21 GDPR)Raise Marketing violated the data subject's right to object (Article 21 GDPR and Article 23 LOPDGDD). The DPA fined Raise Marketing €1500 for this violation16 KB (2,544 words) - 14:25, 13 December 2023
- AEPD (Spain) - EXP202104006 (category Article 4(12) GDPR)The AEPD fined VODAFONE €50,000 for violating Article 5(1)(f) GDPR and €20,000 for violating Article 32 GDPR. However, in this case, the AEPD gave two possibilities31 KB (4,578 words) - 12:11, 6 March 2024
- AEPD (Spain) - EXP202200471 (category Article 5(1)(f) GDPR)the violation of Article 5(1)(f) GDPR and €30,000 for the violation of Article 32 GDPR. According to the national legislation (Article 76(2)(b) LOPDGDDon40 KB (6,014 words) - 13:21, 13 December 2023
- AEPD (Spain) - PS/00232/2020 (category Article 6(1) GDPR)series of measures pre-contractual, in accordance with article 6.1b) RGPD or pursuant to article 6.1 a) RGPD. It also states that the breach would be attributable29 KB (4,386 words) - 14:20, 13 December 2023
- CPDP (Bulgaria) - PNN-01-433/2019 (category Article 6(1)(a) GDPR)for processing personal data without a legal ground as required by Article 6(1) GDPR, after hiring a handwriting expert to determine that an alleged signature18 KB (2,987 words) - 16:49, 6 December 2023
- AZOP (Croatia) - Decision 04-07-2022 (category Article 6(1) GDPR)space. The DPA found a violation of Article 6(1) GDPR and ordered the controller, pursuant to Article 58(2)(d) GDPR, to adjust the location of the cameras14 KB (2,038 words) - 15:20, 30 October 2023
- HDPA (Greece) - 38/2019 (category Article 6 GDPR)that: 1) The telephone number constitutes personal data according to Article 4(1) GDPR as the owner can be indirectly identified. 2) In both cases above,4 KB (347 words) - 15:37, 6 December 2023
- AEPD (Spain) - E/03624/2021 (category Article 6(1)(a) GDPR) (section DPA mutual assistance under Article 61 GDPR)data subject’s consent under Article 6(1)(a) GDPR, which in turn meets the conditions for consent laid out in Article 7 GDPR. The AEPD highlighted that this58 KB (8,665 words) - 16:10, 1 February 2022
- data in the deeds, based on Article 40(2)(c) of the Dutch Civil-law notaries act (Wet op het notarisambt) and Article 18(1)(3) of the Land registry act (Kadasterwet);16 KB (2,099 words) - 12:30, 4 October 2021
- AEPD (Spain) - TD/00254/2020 (category Article 15 GDPR)and the free circulation of these data (hereinafter, GDPR); and in article 47 of the Law Organic 3/2018, of December 5, Protection of Personal Data and25 KB (3,791 words) - 14:47, 13 December 2023
- APD/GBA (Belgium) - 07/2021 (category Article 6(1) GDPR)infringement of Article 5.1 b) in conjunction with Article 6.4. AVG, on article 5.1 a) in conjunction with article 6.1. AVG and on article 5.1 c) GDPR has been72 KB (11,208 words) - 16:51, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9356568 (category Article 36 GDPR)to in par. 3 and the IP address referred to in par. 7 to whose content please refer in full. 6. Subjects involved in the treatment Article. 6, paragraphs71 KB (11,426 words) - 15:49, 6 December 2023
- AEPD (Spain) - PS/00317/2020 (category Article 13 GDPR)the lack of a privacy and cookie policy on a website infringe Article 13 GDPR and Article 22(2) LSSI? The AEPD decided to impose a fine to the clinic: €31 KB (4,862 words) - 14:28, 13 December 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 6(1) GDPR)data, recorded in copies Article 6 (1) of the GDPR and, in the case of health data, Article 9 of the GDPR. Article 1 (1); (3) did not provide clear and72 KB (11,159 words) - 10:09, 17 November 2023
- AEPD (Spain) - PS/00190/2020 (category Article 5(1)(f) GDPR)claimed, by the alleged violation of article 5.1.f) of the RGPD, typified in article 83.5 of the GDPR. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd14 KB (2,143 words) - 14:09, 13 December 2023
- AEPD (Spain) - PS/00287/2020 (category Article 5(1)(f) GDPR)confidentiality established by Article 5(1)(f) GDPR? Was there a personal data breach? The AEPD considered that there was an infringement of Article 5(1)(f), as there32 KB (4,837 words) - 14:26, 13 December 2023
- NAIH (Hungary) - NAIH/2020/974/4 (category Article 6(1)(a) GDPR)Data Protection Regulation5. Article 5 (1) (a), Article 5 (2) and Article 13 Article 1 (1) to (2). III.3. JogkövetkezményekIII.3.1. The Authority is responsible67 KB (10,815 words) - 10:11, 17 November 2023
- AEPD (Spain) - TD/00317/2019 (category Article 12 GDPR)48.6 of the LOPDGDD, and in accordance with the provisions of article 123 of theC / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 6 6/6LPACAP18 KB (2,591 words) - 14:47, 13 December 2023
- AEPD (Spain) - PS/00129/2022 (category Article 83(5) GDPR)council for an infringement of Article 32 GDPR. The AEPD dropped the case due to the time limitations outlined in Article 72 and 73 LOGPD. The access to22 KB (3,420 words) - 12:59, 13 December 2023
- AEPD (Spain) - E/07796/2020 (category Article 32(1) GDPR)addresses from which the access took place. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 3/7 Regarding the causes that made the breach possible18 KB (2,698 words) - 13:41, 13 December 2023
- AEPD (Spain) - PS/00332/2020 (category Article 7 GDPR)The Spanish DPA (AEPD) fined Borjamotor, S.A. for infringing Article 7 GDPR and Article Article 21(1) of the Spanish Law on Information Society Services (LSSI)45 KB (6,853 words) - 14:29, 13 December 2023
- AEPD (Spain) - PS/00477/2019 (category Article 6 GDPR)violation of Articles 13 and 14 of the GDPR, and a fine of €4 million for a violation of Article 6 of the GDPR, and ordered CaixaBank, to conduct a review566 KB (93,179 words) - 13:43, 13 December 2023
- AEPD (Spain) - PS/00374/2018 (category Article 5(1)(c) GDPR)with NIF A85850394, for the presumed infringement of Article 6.1 of the RGPD typified in Article 83.5 a) of the aforementioned RGPD". opting for a penalty18 KB (2,711 words) - 13:43, 13 December 2023
- BAC (Bulgaria) - № 11179 (category Article 5(1)(c) GDPR)violated the principle of data minimisation as prescribed my Article 5, para. 1, b. 'c' of the GDPR, with regards to document content. Regarding administrative13 KB (1,908 words) - 13:41, 15 September 2021
- abusive multiple evaluations. 3.2.3. To an objection by the BF according to Art 21 GDPR According to Article 21 Paragraph 1 GDPR, every person concerned has30 KB (4,834 words) - 13:14, 10 November 2021
- AEPD (Spain) - PS/00402/2019 (category Article 6 GDPR)second complaint alleging the ongoing violation of Article 6 GDPR. The AEPD finds the violation of Article 6 quite apparent and focuses on the criteria to assess15 KB (2,327 words) - 14:34, 13 December 2023
- AEPD (Spain) - PS/00194/2020 (category Article 6 GDPR)personal data by a law firm contrary to data protection regulations (Article 6 GDPR). A lawyer from the Cabrera y Gil law firm, sent a letter to a third33 KB (5,338 words) - 14:09, 13 December 2023
- NAIH (Hungary) - NAIH-2020/2204/8 (category Article 12(4) GDPR)Under the conditions set out in Article 15 (1) and (3) of the GDPR, thereby infringing the GDPR Article 25 (1). III.3.2. Designed to handle requests to60 KB (9,820 words) - 10:08, 17 November 2023
- AEPD (Spain) - PS/00219/2019 (category Article 5(1)(d) GDPR)infractions of article 48 of Law 9/2014, of May 9, General of Telecommunications (hereinafter LGT), in accordance with the provisions of the article 84.3 of the37 KB (5,785 words) - 14:11, 13 December 2023
- AEPD (Spain) - EXP202104875 (category Article 5(1)(f) GDPR)of the article 5.1.f) of the RGPD, infringement typified in its article 83.5.a) of the aforementioned regulation. IV. Article 83.5 a) of the GDPR, considers54 KB (8,451 words) - 13:35, 13 December 2023
- AEPD (Spain) - PS/00215/2020 (category Article 5(1)(c) GDPR)installing surveillance cameras in public spaces without a lawful basis under Article 6 GDPR. An individual lodged a complaint with the Spanish DPA (AEPD) arguing18 KB (2,721 words) - 14:11, 13 December 2023
- APD/GBA (Belgium) - 137/2022 (category Article 12(3) GDPR)the DPA held that it had violated Article 12(3) GDPR (the controller failed to answer within a month), Article 12(4) GDPR (The controller failed to provide14 KB (1,946 words) - 08:50, 29 June 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8235/154/18 (category Article 6 GDPR)personal data was based on an agreement under Article 6 (b) and a legitimate interest of the controller under Article 6 (f) to continue processing the data in28 KB (4,501 words) - 13:07, 3 March 2024
- AEPD (Spain) - PS/00483/2020 (category Article 5(1)(f) GDPR)VII The violation of article 32 of the RGPD is typified in article C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 6/11 83.4.a) of the aforementioned32 KB (4,834 words) - 14:43, 13 December 2023
- NAIH (Hungary) - NAIH/2020/2000/5 (category Article 5(1)(a) GDPR)of a Commission decision on adequacy , or in Article 46, Article 47 or the second subparagraph of Article 49 (1) (a) the period for which the personal24 KB (3,815 words) - 10:11, 17 November 2023
- subject's data under Article 6(1)(c) GDPR. Thus, the data subject was entitled to have the controller delete his personal data per Article 17(1)(d), which allows33 KB (5,254 words) - 13:33, 12 May 2023
- AEPD (Spain) - EXP202203996 (category Article 15 GDPR)circulation of these data (hereinafter GDPR); and in article 47 of the LOPDGDD. SECOND: In accordance with the provisions of article 55 of the RGPD, the Agency Spanish26 KB (4,017 words) - 12:37, 13 December 2023
- VG Regensburg - RN 9 K 19.1061 (category Article 2 GDPR)Fundamental Rights (Article 8 (1) in conjunction with Article 8 (3) CFR) is protected by Article 77 (1) GDPR in conjunction with Article 77 (1) CFR. Art.94 KB (15,537 words) - 09:09, 25 August 2020
- Rb. Noord-Nederland - C/ 18/189406/HA ZA 19-6 (category Article 6 GDPR)loss of control of personal data and a breach of Article 5(1)(f) GDPR, Article 6 GDPR and Article 32(2) GDPR. The first complainant is a company that is engaged105 KB (18,002 words) - 16:24, 10 March 2022
- AEPD (Spain) - PS/00324/2020 (category Article 5(1)(f) GDPR)criteria stated in Article 83(5)(a) GDPR. In imposing the fine, the AEPD factored in accordance with Article 83(2) GDPR and Article 76 LOPDGDD the following25 KB (3,670 words) - 14:28, 13 December 2023
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)section 3.3 >>.<< 3.3. Informed manifestation of willThe GDPR reinforces the requirement that consent must be informed. In accordance with theArticle 5 of206 KB (32,869 words) - 14:36, 13 December 2023
- AEPD (Spain) - E/00739/2021 (category Article 12(5) GDPR)exercising their rights in bad faith. The AEPD brought forward Article 12(5) GDPR, as well as Article 7 of the Spanish Civil Code, that states that rights must29 KB (4,607 words) - 13:38, 13 December 2023
- Datatilsynet (Norway) - 20/01896 (category Article 6(1)(f) GDPR)rating without a legal basis under Article 6(1)(f) GDPR and for not adhering to the accountability principle as per Article 5(2). The DPA also requires that28 KB (4,387 words) - 18:58, 5 March 2022
- AEPD (Spain) - PS/00473/2019 (category Article 5 GDPR)unsubscribed from the organization. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es Page 3 12/3 c) .- The staff will only access those data and35 KB (5,635 words) - 14:41, 13 December 2023
- NAIH (Hungary) - NAIH/2020/2729/15 (category Article 5(1)(b) GDPR)the existence or absence of a decision in accordance with Article 46, Article 47 or Article 49 (1). in the case of the transmission referred to in the58 KB (9,071 words) - 10:12, 17 November 2023
- RvS - 201905319/1/A3 (category Article 12(6) GDPR)appeal is brief, it contains a ground as referred to in Article 6: 5, read in conjunction with Article 6:24 of the General Administrative Law Act. The appeal21 KB (3,337 words) - 10:08, 16 December 2020
- AEPD (Spain) - PS/00191/2020 (category Article 5(1)(c) GDPR)constitute a breach of Article 5(1)(c) GDPR? The AEPD held, that the actions of the defendant constitute an infringement of Article 5(1)(c) GDPR " Data Minimisation20 KB (2,973 words) - 14:09, 13 December 2023
- HDPA (Greece) - 12/2022 (category Article 5(1)(a) GDPR)lawfulness, fairness and transparency under Article 5(1)(a) GDPR, and the principle of accountability under Article 5(2) GDPR. Additionally, the HDPA held that the46 KB (7,390 words) - 08:07, 1 April 2022
- Personvernnemnda (Norway) - 2022-14 (20/02368) (category Article 6(1)(f) GDPR)protection regulation article 6 no. 1 letter f, for failure to assess protests, cf. article 21 and for missing information, cf. Article 13. X AS has also complained26 KB (4,039 words) - 09:08, 20 January 2023
- OLG Stuttgart - 9 U 34/21 (category Article 82 GDPR)data breach (Article 32 GDPR). Does the plaintiff have a right to compensation according to Article 82(1) GDPR and does Article 82(3) GDPR stipulate a reversal60 KB (10,254 words) - 11:22, 22 December 2021
- Personvernnemnda (Norway) - 2021-09 & PVN-2021-15 (20/01790) (category Article 6 GDPR)personal data from a surveillance footage, thus breaching Article 5(1)(a) GDPR and Article 6. The complainant argued that the size of the administrative40 KB (6,549 words) - 18:49, 5 March 2022
- AEPD (Spain) - EXP202209175 (category Article 13 GDPR)alleged violation of Article 5.1.c) of the RGPD and Article 13 of the RGPD, typified in Article 83.5 of the RGPD. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid17 KB (2,368 words) - 13:28, 13 December 2023
- CJEU - C-534/20 - Leistritz (category Article 38(3) GDPR)the first question is answered in the affirmative: 3. Is the second sentence of Article 38(3) GDPR based on a sufficient enabling clause, in particular5 KB (710 words) - 13:30, 11 August 2022
- AEPD (Spain) - PS/00117/2022 (category Article 6 GDPR)staff. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 3/11 SECOND: In accordance with article 65.4 of Organic Law 3/2018, of 5 December, Protection30 KB (4,623 words) - 12:58, 13 December 2023
- AEPD (Spain) - EXP202204806 (category Article 5(1)(b) GDPR)the recorded images” (folio nº 1). SECOND: In accordance with article 65.4 of Organic Law 3/2018, of 5 December, of Protection of Personal Data and guarantee15 KB (2,313 words) - 10:35, 13 December 2023
- GHAL - 200.266.445 (category Article 6 GDPR)concerning him based on Article 6 (1) (e) and (f) GDPR at any time for reasons related to his specific situation . Pursuant to Article 17, paragraph 1, preamble15 KB (2,380 words) - 13:35, 5 July 2022
- CNIL (France) - SAN-2021-024 (section The material competence of the CNIL and the non-application of the "one-stop shop" mechanism provided for by the GDPR)made to the GDPR, it follows that the "consent" provided for in Article 5, paragraph 3, of the "ePrivacy" directive as transposed in article 82 of the "Informatique82 KB (13,428 words) - 17:02, 6 December 2023
- LG München - 31 O 16606/20 (category Article 82(3) GDPR)subject pursuant to Article 82(1) GDPR, for a theft of their personal identity and financial data, because it violated Article 32(1) GDPR which led to a data25 KB (4,028 words) - 07:10, 8 February 2022
- AEPD (Spain) - EXP202100639 (category Article 5(1)(c) GDPR)minimisation principle under Article 5(1)(c) GDPR, and €500 for a violation of the information requirements under Article 13 GDPR). Additionally, the AEPD32 KB (4,945 words) - 13:25, 13 December 2023
- AEPD (Spain) - EXP202204631 (category Article 5(1)(f) GDPR)comes regulated in article 32 of the GDPR. II Article 5.1.f) of the GDPR Article 5.1.f) of the GDPR establishes the following: "Article 5 Principles relating36 KB (5,485 words) - 13:19, 13 December 2023
- OLG Innsbruck - 1 R 182/19b (category Article 82 GDPR)had fulfilled its obligation to provide information pursuant to Article 12(3) and Article 4(7) of the Basic Law (Voriger SuchbegriffDSGVONächster Suchbegriff)54 KB (7,916 words) - 12:06, 9 May 2022
- AP (The Netherlands) - 16.06.2020 (category Article 4(12) GDPR)2020 [CONFIDENTIAL] 3.3 Report obligation in connection with personal data on AP 3.3.1 Breach of Personal Data On the basis of Article 33, first paragraph54 KB (8,224 words) - 17:07, 12 December 2023
- LG Essen - 6 O 190/21 (category Article 33 GDPR)violated Article 34(2) GDPR, because he only informed the data subject of the alleged data loss. However, the information obligations of Article 34 GDPR provide28 KB (4,596 words) - 18:30, 18 November 2021
- ANSPDCP (Romania) - 24.04.2023 (category Article 12(3) GDPR)6(1)(e) GDPR (public interest) or Article 6(1)(f) GDPR (legitimate interest). Moreover, Article 21(2) GDPR specifically grants data subjects the right to6 KB (707 words) - 15:15, 13 December 2023
- Datatilsynet (Denmark) - 2018-7320-0166 (category Article 12(6) GDPR)accordance with Article 12 (2) of the Data Protection Regulation. 6 and Article 5 (2). 1 (c). The Data Inspectorate has hereby emphasized that Article 12 (2) of18 KB (2,773 words) - 16:22, 6 December 2023
- APD/GBA (Belgium) - 72/2020 (category Article 7(3) GDPR)juncto 7.3 of the RGPD; - that it is not necessary to pronounce one of the measures provided for in Article 100, §1 of the ACL. Pursuant to Article 108, §34 KB (5,677 words) - 17:00, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9435753 (category Article 6(1)(a) GDPR)Wind Tre a breach of Articles 5, 6 and 24 GDPR? Was the processing by Wind Tre in violation of Articles 5 and 6 GDPR? Was the information provided by Wind129 KB (21,020 words) - 15:49, 6 December 2023
- AEPD (Spain) - TD/00071/2020 (category Article 17 GDPR)accordance is basedC / Jorge Juan 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 4 4/7with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a)19 KB (2,948 words) - 14:50, 13 December 2023
- CE - N° 433311 (category Article 5(1)(e) GDPR)company for faulty website security (article 32 GDPR) and violation of the storage limitation principle (article 5(1)(e) GDPR). After a complaint in 2018, the18 KB (2,677 words) - 09:50, 10 September 2021
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)three years, which was in violation of Article 12(3) GDPR. The DPA also determined a violation of Article 17(1)(a) GDPR, because data subject's e-mail accounts59 KB (9,623 words) - 17:03, 6 December 2023
- RvS - 201901006/1/A2 (category Article 79 GDPR)Member State (Article 99(3) of the AVG). Claims for compensation in the event of acts contrary to the AVG derive directly from the AVG. Article 82(6) of the34 KB (5,179 words) - 07:10, 7 April 2020
- with the obligations under Article 6, §2, al. 5 and Article 9 of the Camera Act 1 2. there is a serious indication that article 6, § 2, al. 4 of the aforementioned35 KB (5,303 words) - 17:01, 12 December 2023
- AEPD (Spain) - PS/00220/2020 (category Article 5(1)(d) GDPR)significant negligent action (Article 83(2)(b) GDPR) and that basic personal identifiers were affected (Article 83(2)(g) GDPR). The economic volume of the28 KB (4,295 words) - 14:11, 13 December 2023
- DPC (Ireland) - Inquiry into Airbnb Ireland UC - 28 September 2023 (category Article 6(1)(f) GDPR)follows: Article 5(1)(c) , Article 5(1)(e) and Article 6(1)(f) of the GDPR The DPC found that Airbnb did not validly rely on Article 6(1)(f) of the GDPR as the17 KB (2,411 words) - 09:25, 27 November 2023
- IMY (Sweden) - DI-2019-9457 (category Article 32(1) GDPR)communicated via e-mail. 3 4See recitals 75 and 76 of the Data Protection Regulation. See Article 87 of the Data Protection Ordinance and Chapter 3. Section 10 of43 KB (4,600 words) - 17:08, 23 March 2022
- Commissioner (Cyprus) - 11.17.001.008.222 (category Article 12(3) GDPR)infringement of Article 12(3) GDPR, as explained above, under the provisions of Article 83 of the GDPR, I take into account the following mitigating (1-3) and aggravating16 KB (2,438 words) - 09:07, 9 June 2023
- IP - 0610-376/2020/35 (category Article 13(1) GDPR)should comply with the criteria set out in Article 6. (4) General Regulations. The application of Article 6 (4) of the General Regulation to a change in110 KB (17,995 words) - 11:15, 22 April 2021
- Datatilsynet (Denmark) - 2019-431-0052 (category Article 6(1)(a) GDPR)taken place in accordance with Article 5 (1) of the Data Protection Regulation. 1, letter e, and Article 6, para. 1, cf. Article 4, point 11. The Danish Data27 KB (4,300 words) - 16:36, 6 December 2023
- Rb. Den Haag - C/09/581973/KG ZA 19/1024 (category Article 82 GDPR)pursuant to Article 12(3) of the AVG. If, as in this case, such a decision is taken by an administrative body, then, pursuant to Article 34 of the GDPR Implementing20 KB (3,086 words) - 16:15, 10 March 2022
- AEPD (Spain) - PS/00123/2020 (category Article 5(1)(f) GDPR)entities, as indicated in article 77.1. c) and 2. 3. 4. 5. and 6. of the LOPDDGG: “1. The regime established in this article will apply to the treatments21 KB (3,254 words) - 14:02, 13 December 2023
- LG Bonn - 29 OWi 1/20 (category Article 32(1) GDPR)253 of the Article - 29 - Working Party of 3 October 2017, page 6). e) The latter view is correct. aa) When creating Article 83 (4) to (6) GDPR, the European58 KB (9,577 words) - 08:06, 16 September 2021
- HDPA (Greece) - 25/2022 (category Article 6(1)(b) GDPR)prove the lawfulness of processing according to Article 6(1)(b) GDPR and for violating Article 12(2) GDPR by creating undue barriers to the exercise of the48 KB (7,803 words) - 13:29, 11 October 2022
- AEPD (Spain) - PS/00436/2021 (category Article 13(1) GDPR)that, in cases of video surveillance, Article 22.4 LOPDGDD provides that the duty of disclosure in Article 12 GDPR may be fulfilled by placing a sign near20 KB (3,085 words) - 12:24, 13 December 2023
- LG Feldkirch - 57 Cg 30/19b - 15 (category Article 9(1) GDPR)the GDPR, as the data falls under Article 9 GDPR and awarded € 800 in emotional damages. The Austrian Business Code cannot override Article 9 GDPR. There69 KB (11,077 words) - 16:48, 7 March 2022
- AEPD (Spain) - PS/00388/2020 (category Article 7 GDPR)regards to a violation of Article 7 GDPR, for gathering consent in a generic way. To fine the controller €3000 for infringing Article 22(2) LSSI, for installing52 KB (8,471 words) - 14:33, 13 December 2023
- AEPD (Spain) - PS/00247/2019 (category Article 32(2) GDPR)employee of the entity - infringes Article 32. 2 and 32.4 of the RGPD, an infringement punishable under Article 83.4.a of the GDPR. Assessing the circumstances39 KB (6,720 words) - 14:22, 13 December 2023
- AZOP (Croatia) - Decision 29-06-2022 (bank) (category Article 6 GDPR)the principles of lawfulness and fairness of Article 5 GDPR and without a legal basis under Article 6 GDPR. A bank (the controller) organized prize games20 KB (3,166 words) - 15:36, 30 October 2023
- AEPD (Spain) - TD/00277/2020 (category Article 17 GDPR)search the following urls: 1. *** URL.1 2. *** URL.2 3. *** URL.3 SECOND: In accordance with article 65.4 of the LOPDGDD, which has provided for a mechanism40 KB (6,518 words) - 13:29, 13 December 2023
- AEPD (Spain) - PS/00189/2020 (category Article 58(2) GDPR)authority with pursuant to article 58 (2), or failure to provide access in breach of article 58, Paragraph 1." Organic Law 3/2018, on Protection of Personal22 KB (3,343 words) - 14:08, 13 December 2023
- AEPD (Spain) - EXP202101314 (category Article 15 GDPR)Madrid sedeagpd.gob.es 6/6 Against this resolution, which puts an end to the administrative procedure in accordance with article 48.6 of the LOPDGDD, and18 KB (2,693 words) - 13:31, 13 December 2023
- AEPD (Spain) - PS/00306/2019 (category Article 5(1)(c) GDPR)- Madridsedeagpd.gob.es Page 6 6/8the power to impose an administrative fine pursuant to article 83 of the GDPR-article 58.2 i) -, or the power to order22 KB (3,421 words) - 14:27, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 310/161/23 (category Article 83(6) GDPR)aggravating circumstance according to Article 83(2)(i) or as a separate violation according to Article 83(5)(e) or Article 83(6). Since the situation at hand now71 KB (11,552 words) - 13:40, 12 January 2024
- AEPD (Spain) - PS/00113/2019 (category Article 5(1)(a) GDPR)the defendant for an infringement of Article 5(1)(a) GDPR a warning penalty in accordance with Article 58(2)(b) GDPR. Share your comments here! Share blogs23 KB (3,836 words) - 14:01, 13 December 2023
- Datatilsynet (Norway) - 21/01057 (category Article 57(1) GDPR)in Article 6 GDPR. If the information also includes sensitive data specified in Article 9(1) GDPR, there must be a basis for processing in Article 9(2)17 KB (2,399 words) - 16:20, 6 December 2023
- AEPD (Spain) - TD/00109/2020 (category Article 15 GDPR)prejudice to Articles 12(5) and 15(3) of the EU Regulation 2016/679 and in Article 13(3) and (4) of this Organic Law". FIFTH: Article 15 of the RGPD provides that19 KB (3,100 words) - 14:50, 13 December 2023
- APD/GBA (Belgium) - 141/2021 (category Article 38(6) GDPR)of the legitimate interest of the Respondent (Article 6.1(f) of the AVG). 44. In accordance with Article 6.1(f) AVG and the case-law of the Court of Justice90 KB (14,937 words) - 12:35, 3 August 2022
- CNIL (France) - 2023-097 (category Article 6(1)(e) GDPR)the public interest, per Article 6(1)(e) GDPR, and was also necessary for scientific research purposes under Article 9(2)(j) GDPR. Thirdly, that the data18 KB (2,536 words) - 17:11, 6 December 2023
- AEPD (Spain) - EXP202105923 (category Article 5(1)(d) GDPR)controller violated Article 5(1)(d) GDPR ("accuracy"), but a more natural conclusion would be to find a violation of Article 32(1)(d) GDPR ("adoption of adequate26 KB (3,846 words) - 12:42, 13 December 2023
- ANSPDCP (Romania) - Actamedica SRL (category Article 12(3) GDPR)lead to a security incident, in breach of Article 28(1) and 32 GDPR, for which the controller was fined RON 9,836.6 (approximately €2,000). Additionally, the7 KB (900 words) - 15:23, 13 December 2023
- AEPD (Spain) - PS/00030/2020 (category Article 12 GDPR)installing a video surveillance camera system violating Article 22 LOPDGDD and Article 12 GDPR? The Spanish DPA found that the defendant could install19 KB (2,965 words) - 13:49, 13 December 2023
- AEPD (Spain) - PS/00058/2020 (category Article 5(1)(f) GDPR)violation of article 5.1f) of the RGPD in relation to the Article 5 of the LOPDGDD, typified in article 83.5 a) of the RGPD. C / Jorge Juan, 6 www.aepd.es28 KB (4,619 words) - 13:53, 13 December 2023
- AEPD (Spain) - EXP202104460 (category Article 7 GDPR)obligations established in article 22.2 of the LSSI those necessary cookies C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 6/10 for the intercommunication31 KB (4,923 words) - 12:39, 13 December 2023
- AEPD (Spain) - PS/00285/2020 (category Article 13 GDPR)2016/679, of April 27 (GDPR), and Organic Law 3/2018, of April 5 C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 3/6 December (LOPDGDD), in19 KB (2,923 words) - 14:26, 13 December 2023
- Persónuvernd (Iceland) - 2020061954 (category Article 28(3) GDPR)cf. Point 6 of Article 3 Act no. 90/2018 and item 7 of Article 4. of Regulation (EU) 2016/679, cf. and the first and second paragraphs. Article 4 Epidemiology88 KB (14,189 words) - 09:58, 7 December 2021
- Datatilsynet (Norway) - 20/02379 (category Article 85 GDPR)Personal Data Act 2018 § 3, but also a number of other places in the GDPR. Of particular importance in this case is Article 6 of the GDPR, which in paragraph29 KB (4,480 words) - 16:15, 6 December 2023
- C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 4/6 The physical image of a person, in accordance with article 4.1 of the GDPR, is data personnel17 KB (2,461 words) - 13:22, 13 December 2023
- AEPD (Spain) - PS/00274/2019 (category Article 6(1) GDPR)thearticle 5.1.f), in relation to article 6.1 of the RGPD.The violation of article 5.1.f) of the RGPD is typified in article 83.5.a)of the RGPD. The LOPDGDD37 KB (5,700 words) - 14:24, 13 December 2023
- AEPD (Spain) - TD/00034/2020 (category Article 17(3) GDPR)articles 12.5 and 15.3 of the Regulation (EU)2016/679 and in the paragraphs 3 and 4 of article 13 of this organic law " FIFTH: Article 17 of the RGPD states17 KB (2,730 words) - 14:50, 13 December 2023
- AEPD (Spain) - EXP202202088 (category Article 5(1)(c) GDPR)there was no justification for this, which constitutes a breach of Article 5(1)(c) GDPR. Furthermore, the nature of the breach is not deemed as grave. However22 KB (3,380 words) - 13:02, 13 December 2023
- AEPD (Spain) - PS/00221/2020 (category Article 14 GDPR)for an infringement of article 14 of the RGPD, typified in article 83.5 of the RGPD, a warning sanction, in in relation to article 74.a) of the LOPDGDD.29 KB (4,537 words) - 14:19, 13 December 2023
- APDCAT (Catalonia) - PS 49/2019 (category Article 5(1)(a) GDPR)out by the school). Article 9 GDPR, for having processed biometric data without any valid ground from Article 9(2). Article 13 GDPR, for not having informed38 KB (5,760 words) - 08:26, 8 September 2021
- UODO (Poland) - DKN.5112.13.2020 (category Article 6(1) GDPR)in line with the principle of lawfulness in Article 5(1)(a) GDPR, as none of the conditions of Article 6 GDPR were satisfied. The data disclosed in the land60 KB (9,755 words) - 09:58, 17 November 2023
- BVerfG - 1 BvR 2853/19 (category Article 82 GDPR)claim asserted here and based on Article 82 of the GDPR, appears questionable in view of sentence 3 of recital 146 of the GDPR. In the case in dispute, however19 KB (3,209 words) - 13:08, 15 September 2021
- AP (The Netherlands) - z2018-02009 (category Article 32 GDPR)(hereinafter: the GDPR) applies on 25 May 2018 become. The GDPR imposes the same obligation in Article 32, paragraph 1, as it applied under Article 13 6. The UWV33 KB (5,112 words) - 17:10, 12 December 2023
- over the right to access Article 15 GDPR. A citizen requested a copy of his personal data from a controller under Article 15 GDPR. The controller requested15 KB (2,321 words) - 16:01, 22 March 2022
- CJEU - C-597/19 - M.I.C.M. (category Article 6(1)(f) GDPR)(‘seeding’) be regarded as a communication to the public within the meaning of Article 3(1) of Directive 2001/29, even if the individual pieces as such are unusable7 KB (966 words) - 12:03, 1 November 2022
- CNIL (France) - SAN-2022-011 (category Article 12 GDPR)arising from Article 15 of the GDPR. 3. On the breach relating to the obligation to respect the right of opposition (article 21 of the GDPR) 45. The rapporteur48 KB (7,525 words) - 17:02, 6 December 2023
- AKI (Estonia) - 2.1-3/20/347 (category Article 15(1) GDPR)_______ Page 3 3 (7) 2.5. In our opinion, the PBGB has no legal basis for partially non-compliance with the request for information. 2.6. The PBGB cites26 KB (4,193 words) - 10:30, 13 December 2023
- AEPD (Spain) - PS/00100/2020 (category Article 13 GDPR)right to the storage of data; (c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the right to withdraw consent at any27 KB (4,296 words) - 13:59, 13 December 2023
- AZOP (Croatia) - Decision 05-10-2023 (category Article 6 GDPR)established legal basis from Article 6, paragraph 1 of the GDPR, and in this connection there was also a violation of Article 5, paragraph 2; 6. The controller did13 KB (1,934 words) - 20:55, 1 November 2023
- AEPD (Spain) - PS/00464/2020 (category Article 32(1) GDPR)such data. 3. Adherence to a code of conduct approved in accordance with article 40 or to a certification mechanism approved under article 42 may serve29 KB (4,300 words) - 14:41, 13 December 2023
- AEPD (Spain) - PS/00273/2020 (category Article 17 GDPR)DPA (AEPD) imposed a €1000 fine on a beauty salon for breaching Article 17 GDPR and Article 21 LSSI. The salon sent a marketing SMS to a client months after15 KB (2,337 words) - 14:24, 13 December 2023
- Datatilsynet (Denmark) - 2019-812-0035 (category Article 15 GDPR)same way as Article 12 (2) of the Directive. 4th 3.3.3. The Data Protection Authority's guidance on data protection in employment (2018) [3] shows the following35 KB (5,628 words) - 16:38, 6 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)that a controller is allowed to reject a request to access under Article 12(5)(b) GDPR as "excessive" if the request's sole purpose is to verify the validity40 KB (6,325 words) - 16:12, 18 May 2022
- Datatilsynet (Norway) - 20/01516 (category Article 6 GDPR)Administration Act. As such, the municipality did not have a legal basis cf. Article 6 GDPR. In addition, Datatilsynet found that the municipality lacked routines26 KB (3,885 words) - 08:43, 7 May 2022
- AEPD (Spain) - EXP202207270 (category Article 19 GDPR)LPACAP), for the alleged violation of Article 19.1 of the LOPDGDD, typified in the Article 83.5 of the RGPD. C/ Jorge Juan, 6 www.aepd.es 28001 – Madrid sedeagpd26 KB (3,901 words) - 13:19, 13 December 2023
- Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 3/20 cookies Domain Description cookie to maintain the status of the session. _ga_G4RJW5CDC3 ***DOMAIN52 KB (7,564 words) - 12:41, 13 December 2023
- AEPD (Spain) - E/08210/2021 (category Article 4(22) GDPR)authority. Under Article 60 GDPR, the following DPAs were identified as “concerned supervisory authorities” under Article 4(22) GDPR: the Netherlands,29 KB (4,457 words) - 10:34, 13 December 2023
- CNPD (Luxembourg) - Délibération n° 38FR/2021 (category Article 37(7) GDPR)breach of Article 38(2) GDPR; (6) the controller was not responsible for (potential) conflict of interest of the external DPO under Article 38(6) GDPR, the81 KB (11,895 words) - 16:58, 6 December 2023
- AEPD (Spain) - EXP202206302 (category Article 6 GDPR)sanctioning procedure, under Article 83(5)(a) of the GDPR, against AAA on 21 December 2022, due to a infringement of Article 6. AAA was the father of the28 KB (4,608 words) - 13:27, 13 December 2023
- Rb. Limburg - C/03/278775 / HA RK 20-119 (category Article 35 GDPR)Pursuant to Article 21(1) of the GDPR, persons such as [the claimant] can object to the processing of their personal data on the basis of Article 6(1)(e) or16 KB (2,580 words) - 10:43, 23 September 2020
- authority (cf. Article 36 (2) no. 7 lit. a DPA) for the purposes of military self-protection (cf. Article 36 (1) DPA in conjunction with Article 2 (1) no. 228 KB (3,418 words) - 13:49, 12 May 2023
- Court of Appeal of Brussels - 2022/AR/1085 (category Article 52 GDPR)complainant, prima facie cannot be placed in one of the cases listed in Article 35.3 GDPR. This brief explanation will suffice: the Litigation Chamber may conduct30 KB (4,204 words) - 09:54, 14 December 2023
- Datatilsynet (Norway) - 20/02291 (category Article 5(1)(f) GDPR)patient data cf. Article 32 GDPR and Article 5(1)(f) GDPR and inadequate internal controls cf. Article 24 GDPR and Article 5(2) GDPR. Østfold Hospital45 KB (6,645 words) - 14:40, 28 March 2022
- Court of Appeal of Brussels - 2020/AR/329 (category Article 57(1)(f) GDPR){kenk DOS 2019-06201) dismissing her complaint on the basis of Article 95 § 1, 3 of the Act of 3 December 2017 establishing the Data Protection Authority {hereinafter48 KB (7,560 words) - 09:03, 20 August 2021
- Garante per la protezione dei dati personali (Italy) - 9269618 (category Article 5(1)(f) GDPR)violation of art. 2-ter, paragraphs 1 and 3, of the Code and art. 6, par. 1, lett. c) and e), par. 2 and par. 3, lett. b) of the Regulations; c) in violation34 KB (4,967 words) - 15:46, 6 December 2023
- HDPA (Greece) - 29/2023 (category Article 12(3) GDPR)15(1)(a)-(h) GDPR. For these reasons, under Article 58 GDPR, the HDPA reprimanded the controller for violating Article 5(1)(c) GDPR and Article 15 GDPR. In addition21 KB (3,334 words) - 09:12, 25 October 2023
- AEPD (Spain) - PS/00141/2020 (category Article 6(1)(a) GDPR)Judiciales (JAVA). JAVA infringed Article 6(1)(a) GDPR by publishing illegal recordings on its website and also infringed Article 22(2) LSSI due to its cookie26 KB (4,150 words) - 14:05, 13 December 2023
- Norway, and not the GDPR. The DPA does, however, refer to corresponding Articles in the GDPR: Articles 5(1)(b) and (c), as well as Article 17. Share blogs43 KB (6,983 words) - 09:09, 21 August 2022
- DSB (Austria) - 2020-0.191.240 (category Article 4(1) GDPR)follows The appeal is dismissed as unfounded. Legal basis: Article 51(1), Article 57(1)(f) and Article 77(1) of Regulation (EU) 2016/679 (the basic data protection66 KB (10,546 words) - 13:50, 12 May 2023
- AEPD (Spain) - PS/00048/2021 (category Article 6 GDPR)Articles 5 and 6 GDPR? The AEPD held that publishing personal data on Twitter without the consent of the claimant is a violation of Article 6 GDPR, due to the17 KB (2,458 words) - 13:51, 13 December 2023
- IMY (Sweden) - DI-2021-5595 (category Article 5(1)(f) GDPR)other GDPR provisions, such as those related to the transfer of personal data to third countries. The IMY took into account Recital 75 and 76 GDPR in order47 KB (5,207 words) - 18:51, 21 March 2022
- Rb. Rotterdam - ROT 19/1393 (category Article 17(1) GDPR)application form can be found in Article 6, first paragraph, preamble and under e, of the General Data Protection Regulation ( GDPR ): the processing is necessary9 KB (1,203 words) - 16:30, 10 March 2022
- AEPD (Spain) - PS/00275/2019 (category Article 5(1)(f) GDPR)Vodafone on December 3 of the same year, for alleged infringement of Article 5.1.f) of the GDPR, typified in article 83.5 of the GDPR, proposing a fine of21 KB (3,335 words) - 14:25, 13 December 2023
- NAIH (Hungary) - NAIH/2020/2555 (category Article 12(3) GDPR)out in Article 12 (3) of the General Data Protection Regulation, the Debtor informed by electronic means on 7 March 2019, in accordance with Article 15 (1)33 KB (5,033 words) - 10:12, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9542071 (category Article 6 GDPR)documents or to ask to be heard by the Authority (Article 166, paragraphs 6 and 7, of the Code; as well as Article 18, paragraph 1, of Law no. 689 of 24/11/1981)25 KB (3,961 words) - 15:54, 6 December 2023
- CE - 437808 (category Article 83 GDPR)rejected. 3. Secondly, under Article 83 of the GDPR: "1. Each supervisory authority shall ensure that administrative fines imposed under this article for violations13 KB (1,928 words) - 09:51, 10 September 2021
- CNPD (Luxembourg) - Délibération n° 21FR/2021 (category Article 5(1)(c) GDPR)company was not compliant with Article 13 GDPR. The CNPD held that the controller infringed Article 5(1)(c) GDPR and Article 13 GDPR and decided to: - impose52 KB (7,520 words) - 13:13, 20 July 2021
- AEPD (Spain) - PS/00479/2019 (category Article 5(1)(c) GDPR)minimisation principle related, as per Article 5(1)(c) GDPR, and the lack of transparent information, as per Article 12 GDPR. The decision is the consequence17 KB (2,541 words) - 14:43, 13 December 2023
- AEPD (Spain) - PS/00461/2019 (category Article 5(1)(c) GDPR)fine on the defendant and stated he has to comply with Article 5(1)(c) and Article 83(2)(a)(b) GDPR. Share your comments here! Share blogs or news articles15 KB (2,366 words) - 14:41, 13 December 2023
- AEPD (Spain) - TD/00010/2020 (category Article 12 GDPR)AEPD pursuant to Article 72(1)(m). The AEPD does not specify the provision of Article 21 on which it bases its decision. Article 21 GDPR states that the16 KB (2,571 words) - 14:49, 13 December 2023
- AEPD (Spain) - PS/00082/2020 (category Article 5(1)(c) GDPR)areayou work with heavy machinery.C / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 3 3/7For all the above, I request the AEPD to have this18 KB (2,749 words) - 13:57, 13 December 2023
- APD/GBA (Belgium) - 170/2023 (category Article 24 GDPR)accordance with Article 33 GDPR to the Belgian DPA. Nonetheless, there were suspicions that the controller did not comply with Article 32 GDPR. Especially24 KB (3,525 words) - 15:29, 26 January 2024
- NAIH (Hungary) - NAIH/2020/6484 (category Article 15(1)(a) GDPR)the general rule of Article 15 (1) (a), c) and d) of the GDPR by not giving substantive, specific answers to the request under Article 15 and by sharing27 KB (4,159 words) - 10:13, 17 November 2023
- OGH - 6Ob35/21x (request for preliminary ruling under Article 267 TFEU) (category Article 82 GDPR)ruling under Article 267 TFEU on the requirements of awarding damages for GDPR violations and the assessment of such damage under Article 82 GDPR. For the23 KB (3,551 words) - 09:54, 10 September 2021
- AEPD (Spain) - PS/00152/2020 (category Article 33 GDPR)foundation was responsible for violating Article 33 GDPR, and issued it with a warning pursuant to Article 58(2)(b) GDPR. The AEPD did not find the former Secretary27 KB (4,243 words) - 14:06, 13 December 2023
- RvS - 202000948/1/A3 (category Article 12(6) GDPR)identity, additional information may be requested, as follows from Article 12(6) of the GDPR. In this case, the Council of State as of the opinion that there12 KB (1,870 words) - 12:37, 16 September 2021
- Datatilsynet (Norway) - 20/01879 (category Article 24 GDPR)highly sensitive personal data exposed, thus breaching Article 32(1)(b) GDPR and Article 32(2), cf. Article 24. An employee in a municipal health care center30 KB (4,302 words) - 18:53, 5 March 2022
- AEPD (Spain) - PS/00025/2019 (category Article 6(1) GDPR)established in article 6 of Regulation (EU) 2016/679 "IIIThe defendant in the present sanctioning procedure is attributed ainfringement of article 6.1 RGPD. The88 KB (14,301 words) - 13:48, 13 December 2023
- AEPD (Spain) - EXP202103039 (category Article 13 GDPR)Juan, 6 www.aepd.es 28001 – Madrid sedeagpd.gob.es 6/7 will be made of your personal data, in accordance with the provisions of article 13 of the GDPR. THIRD:22 KB (3,385 words) - 13:35, 13 December 2023
- Rb. Gelderland - AWB 19/2901 (category Article 6(1)(b) GDPR)whether Article 6 GDPR provides a legal basis for processing credit cards details and whether the processing is compliant with Article 5 GDPR. It also17 KB (2,610 words) - 16:18, 10 March 2022
- CNPD (Luxembourg) - Délibération n° 41FR/2021 (category Article 38(3) GDPR)Officer (DPO) under Section 4 of Chapter 4 of the GDPR (see in particular Article 37 GDPR to Article 39 GDPR). One of these audit proceedings concerned a Luxembourg56 KB (8,326 words) - 16:57, 6 December 2023
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)are subject to the GDPR pursuant to Article 3(2)(a) of this Regulation. B. On the competence of the CNIL 22. Article 55(1) of the GDPR provides that "each59 KB (9,566 words) - 17:03, 6 December 2023
- AEPD (Spain) - PS/00192/2022 (category Article 4(1) GDPR)violating Article 5(1)(c) GDPR, the DPA fined the controller €50,000. In its assessment of the fine, the DPA noted three aggravating factors per Article 83(2)15 KB (2,257 words) - 13:02, 13 December 2023
- DSB (Austria) - D122.844/0006-DSB/2018 (category Article 12(5) GDPR)under Article 15 GDPR and demanded free access to the historic bank transaction data. The bank argued that this would be a misuse of Article 15 GDPR and19 KB (2,936 words) - 13:55, 12 May 2023
- BVwG - W101 2132183-1 and W101 2132039-1 (category Article 15(3) GDPR) (section Use of online tools to provide access in line with Article 12 GDPR)personal data and information under Article 15 GDPR in his Google account, Google has not violated Article 15 GDPR concerning this data/information. As107 KB (17,615 words) - 09:42, 10 September 2021
- AEPD (Spain) - EXP202307481 (category Article 60 GDPR)violated the GDPR and the consent given through such a banner cannot be considered a valid consent under Article 6(1)(a) GDPR and Article 4(11) GDPR. Further36 KB (5,344 words) - 10:47, 13 December 2023
- APD/GBA (Belgium) - 20/2023 (category Article 21(3) GDPR)objection for data processing under Article 21 GDPR and the principle of liability under Article 2(4) GDPR and Article 24 GDPR. The complainant, the data subject14 KB (1,883 words) - 16:59, 20 March 2023
- AEPD (Spain) - PS/00054/2021 (category Article 32(1) GDPR)infringement of article 32.1 of the RGPD, typified in article 83.4.a) of the RGPD, a fine of € 3,000 (three thousand euros), in accordance with article 73.g) of27 KB (3,993 words) - 13:52, 13 December 2023
- AEPD (Spain) - PS/00120/2020 (category Article 13 GDPR)to have been adopted in this regard.C / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 3 3/11In view of all the actions, by the Spanish Agency31 KB (4,808 words) - 14:01, 13 December 2023
- CNIL (France) - SAN-2023-025 (category Article 6(1)(a) GDPR)the data subjects, therefore breaching Article 6 GDPR, as well as Article 5(1)(b) GDPR. Thirdly, Article 30 GDPR stipulates that the controller must keep53 KB (8,418 words) - 11:21, 6 February 2024
- Korkein hallinto-oikeus (Finland) - KHO:2021:125 (category Article 51 GDPR)Constitution, Article 19 TFEU and Article 47 CFR. As Mr A's mandate and termination had not been assessed in the light of the provisions of the GDPR, the Supreme46 KB (7,394 words) - 14:08, 21 March 2024
- in accordance with the provisions of the GDPR. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 6/11 Therefore, when the use of a cookie involves34 KB (5,222 words) - 12:58, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9509558 (category Article 5(1)(a) GDPR)art. 139 of the same Code; CONSIDERING that art. 137, paragraph 3 of the Code and art. 6 of the Deontological Rules identify as a limit to the dissemination24 KB (3,667 words) - 15:53, 6 December 2023
- AEPD (Spain) - PS/00234/2020 (category Article 7 GDPR)AEPD concluded that the defendant could have breached Article 13 GDPR, Article 7 GDPR and Article 22(2) LSSI: there was no identification of the data controller47 KB (7,368 words) - 14:21, 13 December 2023
- NAIH (Hungary) - NAIH/2020/5553 (category Article 12(3) GDPR)request under Article 15 and with the one month deadline under Article 12(3). Was Google Ireland Ltd in breach of its obligations under GDPR Article 15(1) and27 KB (4,279 words) - 10:12, 17 November 2023
- AEPD (Spain) - TD/00262/2019 (category Article 17 GDPR)articles 12.5 and 15.3 of the Regulation (UE)2016/679 and in the paragraphs 3 and 4 of article 13 of this organic law "FIFTH: The article 17 of the RGPD establishes17 KB (2,751 words) - 14:51, 13 December 2023
- APD/GBA (Belgium) - 63/2020 (category Article 12(4) GDPR)(algemene verordening gegevensbescherming), hierna AVG; Gelet op de wet van 3 december 2017 tot oprichting van de Gegevensbeschermingsautoriteit, hierna20 KB (2,982 words) - 17:00, 12 December 2023
- HDPA (Greece) - Opinion 2/2020 (category Article 35(1) GDPR)of Article 6(1)(e) GDPR -public interest and exercise of official authority vested in it, which falls within the exception of Article 9(2)(j) GDPR. It33 KB (5,266 words) - 15:32, 6 December 2023
- UODO (Poland) - DKN.5112.7.2020 (category Article 6(1)(c) GDPR)Acts, only in accordance with Article 5(1)(a) and Article 6(1)(c) of Regulation 2016/679. In turn, in accordance with Article 30a of the Act of 14 December29 KB (4,687 words) - 09:56, 17 November 2023
- Persónuvernd (Iceland) - 2020061951 (category Article 5(1) GDPR)defined in the first paragraph. Article 4 of the Act, cf. Points 2 and 4 Article 3 of the Act and points 1 and 2. Article 4 of the Regulation. According44 KB (7,044 words) - 08:42, 13 December 2021
- Datatilsynet (Denmark) - 2019-441-3399 (category Article 32 GDPR)processed in accordance with Article 32 (2) of the Regulation. 2nd 3.3. Article 33 (1) of the Data Protection Regulation 1 and Article 34 (1). 1 The Data Inspectorate27 KB (4,231 words) - 16:38, 6 December 2023
- AEPD (Spain) - E/08205/2019 (category Article 5(1)(f) GDPR)supervisory authority, and in accordance with the provisions of Article 47 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and the17 KB (2,577 words) - 13:42, 13 December 2023
- AEPD (Spain) - E/01090/2021 (category Article 4(9) GDPR)the Law Organic 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights (hereinafter LOPDGDD). On August 6, 2020, the respondent17 KB (2,544 words) - 13:39, 13 December 2023
- IMY (Sweden) - DI-2020-10518 (category Article 12(3) GDPR)Klarna violate Article 15 of the GDPR? The DPA considered that Klarna failed to process the request within the timeframe required by Article 12(3) and without18 KB (2,003 words) - 15:22, 6 December 2023
- Korkein hallinto-oikeus (Finland) - KHO:2024:34 (category Article 17(1) GDPR)Regulation) Article 1, paragraph 2, Article 5, Article 6, paragraph 1, subparagraph f, Article 17(1)(a), (c) and (d), Article 17(3)(a), Article 21(1) Judgments60 KB (9,713 words) - 13:07, 26 March 2024
- Datatilsynet (Denmark) - 2019-32-0639 (category Article 14(3) GDPR)12(1), 14(1)(c), 14(2) and 14(3) GDPR. In addition, Datatilsynet also issued criticism in relation to Article 5(1)(a) GDPR for the controller’s attempt26 KB (4,157 words) - 16:23, 6 December 2023
- LAG Berlin-Brandenburg - 10 Sa 443/21 (category Article 15 GDPR)meaning of Article 4 No. 7 GDPR. However, the defendant cannot be accused of violating an obligation to provide information under Art. 15, 12 GDPR. Paragraph28 KB (4,527 words) - 15:58, 26 April 2022
- Datatilsynet (Norway) - 18/02579 (category Article 5(1)(f) GDPR)subsequent violations of Article 32(1)(b) GDPR and Article 32(1)(d) GDPR and of the principle of accountability as foreseen in Article 5(2) GDPR read in conjunction41 KB (6,337 words) - 18:52, 5 March 2022
- AEPD (Spain) - PS/00475/2019 (category Article 17 GDPR)complainant as per Article 17 GDPR, as well as his/her right as a consumer to refuse unsolicited commercial phone calls, as per Article 21 GDPR in connection23 KB (3,481 words) - 14:42, 13 December 2023
- that a valid legal basis would be either Article 6(1)(c) GDPR, or Article 6(1)(d) GDPR or Article 9(2)(b) GDPR. The Data protection authority (the UOOU)25 KB (3,096 words) - 17:48, 25 November 2021
- AEPD (Spain) - PS/00423/2019 (category Article 13 GDPR)information under Article 13 GDPR is illegal. Consequently, the APED decided to issue a fine of €1.500 for the violation of Article 13 GDPR. Share your comments23 KB (3,636 words) - 14:38, 13 December 2023
- CPDP (Bulgaria) - PNN-01-137/2019 (category Article 6(1) GDPR)violation of Article 6(1) GDPR was lodged. A company providing utility services took enforcement actions for recovery of amounts receivable against 3 debtors4 KB (544 words) - 16:49, 6 December 2023
- AEPD (Spain) - PS/00112/2020 (category Article 13 GDPR)communications, as per Article 21(1) of the Spanish Law on Information Society Services (LSSI), as well as for the infringement of Article 13 of the GDPR. The decision29 KB (4,402 words) - 14:00, 13 December 2023
- DSB (Austria) - 2022-0.332.606 (category Article 2(2)(c) GDPR)case fell under the household exception found in Article 2(2)(c) GDPR. According to this provision, the GDPR does not apply to the processing of personal data21 KB (3,166 words) - 13:43, 12 May 2023
- NAIH (Hungary) - NAIH/2020/32/4 (category Article 5(1) GDPR)provided for in Article 6(1) of the GDPR should exist in order for the processing to be lawful. According to Article 6(1) of the GDPR, the consent of the75 KB (12,586 words) - 10:10, 17 November 2023
- DSB (Austria) - D123.921/0005-DSB/2019 (category Article 12(3) GDPR)request for information in accordance with Art. 15 GDPR and that the deadline of Art. 12 Para. 3 GDPR did not end until November 23, 2018 . In addition42 KB (6,592 words) - 13:58, 12 May 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)controlled (article 13.1.b) of the GDPR), information relating to the relevant legal basis under Article 6 of the GDPR (article 13.1.c) of the GDPR), the legitimate96 KB (13,984 words) - 16:57, 6 December 2023
- AEPD (Spain) - EXP202205791 (category Article 17 GDPR)of section 2 of article 56 in relation to section 1 f) of article 57, both of the RGPD; and in article 47 of the LOPDGDD. C/ Jorge Juan, 6 www.aepd.es 2800129 KB (4,648 words) - 12:38, 13 December 2023
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)purpose constituted a breach of Article 5(1)(e) GDPR. Secondly, the CNIL indicated that the controller breached Article 13 GDPR by failing to include the right56 KB (8,757 words) - 14:12, 28 February 2024
- CNIL (France) - SAN-2023-0076 (category Article 6(1)(e) GDPR)instance, the controller sought to rely upon Article 6(1)(e) GDPR and Article 9(2)(j) GDPR. Article 6(1)(e) GDPR establishes a lawful basis for the processing19 KB (2,826 words) - 17:01, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9685947 (category Article 28 GDPR)Guarantor or to ask to be heard by the Authority (Article 166, paragraphs 6 and 7, of the Code; as well as Article 18, paragraph 1, of the Law No. 689 of November115 KB (18,595 words) - 11:30, 16 August 2022
- CNIL (France) - SAN-2020-056 (category Article 6(1)(e) GDPR)French act n° 78-17 of 6 January 1978, modified, on information technology, data files and civil liberties, in particular its article 6-III; Having regard43 KB (6,847 words) - 17:11, 6 December 2023
- AP (The Netherlands) - 10.12.2020 (locatefamily.com) (category Article 27(1) GDPR)personal data within the meaning of Article 4, opening words and (1) of the AVG. Based on Article 2, paragraph 1 and Article 3, paragraph 2, of the AVG, the38 KB (6,339 words) - 17:14, 12 December 2023
- AEPD (Spain) - E/03379/2021 (category Article 13 GDPR)on Protection of Personal Data. C / Jorge Juan, 6 www.aepd.es 28001 - Madrid sedeagpd.gob.es 2/6 Article 2 of the same law establishes: 1. This Law shall18 KB (2,693 words) - 13:40, 13 December 2023
- ICO (UK) - Chief Constable West Midlands Police (category Article 34(3) GDPR)Chief Constable West Midlands Police (WMP), for violating Articles 34(3), 38(1)(3), 40 and 57(1)(2) of the UK Data Protection Act (DPA). ICO also recommended18 KB (2,476 words) - 09:10, 14 May 2024
- HDPA (Greece) - 20/2022 (category Article 12(3) GDPR)violation of article 17 in combination with article 21 par. 3 and article 12 paragraph 3 of the GDPR and article 25 paragraph 1 of the GDPR. For its judgment16 KB (2,374 words) - 11:46, 18 August 2022
- Regarding this, article 6.1 of the RGPD, establishes, on the legality of the treatment of personal data, the following: C/ Jorge Juan, 6 www.aepd.es 2800145 KB (7,313 words) - 10:32, 13 December 2023
- AEPD (Spain) - PS/00116/2020 (category Article 13 GDPR)cookies, as per Article 22(2) Spanish Law on Information Society Services (LSSI). This law regulates cookies, connected to Article 13 GDPR. The decision16 KB (2,380 words) - 14:01, 13 December 2023
- AEPD (Spain) - PS/00335/2019 (category Article 6(1)(a) GDPR)subjects infringes Article 6 (1) (a) GDPR. The AEPD fined the data processor in an amount of 4,000 Euro for the violation of Article 6 (1) (a) GDPR. Since the21 KB (3,281 words) - 14:30, 13 December 2023
- AEPD (Spain) - PS/00268/2019 (category Article 13 GDPR)specific enough and did not comply with Article 13 GDPR. Does the lack of precision enough to infrige Article 13 GDPR? The AEPD found that the information28 KB (4,435 words) - 14:23, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9435807 (category Article 5(1)(a) GDPR)indicated in point 3.3 of this decision. 4.3. Safety measures applied to the storage of traffic data. The conduct ascertained in point 3.4 of this decision58 KB (9,448 words) - 15:50, 6 December 2023
- LAG Mecklenburg-Western Pomerania - 5 Sa 108/19 (category Article 37 GDPR)2019, GDPR Art. 37, para. 1; Döpfler , EU-GDPR and BDSG, 2nd edition 2020, GDPR Art. 37, marginal 1; Paal / Pauly, DS-GVO BDSG, 2nd ed. 2018, GDPR Art.48 KB (7,320 words) - 12:44, 4 October 2021
- Datatilsynet (Norway) - 20/02162 (category Article 6(1)(f) GDPR)as per Article 6(1)(f) GDPR. The DPA further held that the company failed to: provide the data subjects with required information, as per Article 13 terminate5 KB (483 words) - 18:55, 5 March 2022
- company "bieNNova" infringed Article 21 LSSI (Ley de Servicios de Sociedad de la Información y de Comercio Electronico). Article 21 establishes that it is14 KB (2,070 words) - 13:43, 13 December 2023
- Garante per la protezione dei dati personali (Italy) - 9269629 (category Article 5(1)(f) GDPR)Consequently, based on Article 83(5)(a) GDPR, the hospital was fined to pay a fine of EUR 30.000,00 for violation of Article 5(1)(f) GDPR. Corrective measures38 KB (5,724 words) - 15:47, 6 December 2023
- Datatilsynet (Norway) - 20/01916 (category Article 6(1)(f) GDPR)had no legal basis as per Article 6(1)(f) GDPR and that they had failed to inform the employee sufficiently as per Article 13 GDPR. Consequently, they were5 KB (608 words) - 18:57, 5 March 2022
- AP (The Netherlands) - 24.03.2020 (category Article 4(15) GDPR)volition investigation into CP&A's compliance with Article 9, as well as Article 32 GDPR. Since Article 9 GDPR prohibits the processing of special categories48 KB (7,461 words) - 17:04, 12 December 2023
- Datatilsynet (Denmark) - 2020-432-0037 (category Article 28(3) GDPR)of Article 32(1) GDPR due to the scope of the data mishandling and the sensitivity of the subject. Moreover, the Family Court violated Article 28(3) with46 KB (7,343 words) - 16:39, 6 December 2023
- AEPD (Spain) - EXP202203923 (category Article 12 GDPR)with the provisions of section 2 of article 56 in relation to section 1 f) of article 57, both of the GDPR; and in article 47 of the LOPDGDD. SECOND: In accordance14 KB (2,139 words) - 10:50, 13 December 2023
- AP (The Netherlands) - 4.02.2021 (category Article 8 GDPR)interpretation of article 13 of the Wbp is no different from that of article 32 of the GDPR, described in paragraphs 2.3.2 and 2.3.3. Also in the period57 KB (8,053 words) - 17:07, 12 December 2023
- AEPD (Spain) - PS/00004/2020 (category Article 5(1)(c) GDPR)initiate andto solve this procedure.C / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 3 3/9IIIn the present case, the complaint dated 10/21/1918 KB (2,798 words) - 13:44, 13 December 2023
- DSB (Austria) - D123.768/0004-DSB/2019 (category Article 4(4) GDPR)CFR Art8 para 11 CFR Art11 para 1 ECHR Art10 para 1 GDPR Art4 no 2 GDPR Art4 no 7 GDPR Art85 para 1 GDPR Art85 para 2 Text GZ: DSB-D123.768/0004-DSB/201929 KB (4,637 words) - 13:57, 12 May 2023
- CNIL (France) - SAN-2021-003 (category Article 4(1) GDPR)data laid down by Article 4(1) and (2) GDPR. The DPA then quotes ECJ, 11 December 2014, Ryneš, case C-212/13 (point 22), EDPB Guidelines 3/2019 on processing39 KB (6,015 words) - 17:11, 6 December 2023
- AEPD (Spain) - PS/00339/2019 (category Article 5(1)(f) GDPR)against the respondent, for the alleged infringement of Article 6 of the RGPD, typified in Article 83.5 of the RGPD. In view of the foregoing, the following18 KB (2,781 words) - 14:30, 13 December 2023
- AEPD (Spain) - PS/00268/2020 (category Article 13 GDPR)Policy on their website (Article 13 GDPR) and for the absence of a reject button on the second layer of their Cookie Policy (Article 22(2) LSSI). The claimant17 KB (2,700 words) - 14:23, 13 December 2023
- AEPD (Spain) - PS/00028/2021 (category Article 6(1)(e) GDPR)obtain such recordings through the camera, with grounds on Article 6(1)(e) GDPR and Article 22 of the Spanish Data Protection Act (LOPDGDD), that allows25 KB (3,876 words) - 13:48, 13 December 2023
- AEPD (Spain) - PS/00269/2019 (category Article 5(1)(f) GDPR)infringement of article 5.1.f), in relation to article 6.1, of the RGPD. The infringement of article 5.1.f) of the RGPD is typified in article 83.5.a) of the30 KB (4,761 words) - 14:24, 13 December 2023
- IMY (Sweden) - DI-2021-4355 (category Article 32 GDPR)Authority Our ref: DI-2021-4355 5(6) Date:2023-01-19 Choice of intervention Article 58(2) and Article 83(2) of the GDPR give IMY the authority to impose28 KB (3,101 words) - 09:49, 7 June 2023
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR. The complainants are clients52 KB (8,603 words) - 16:55, 12 December 2023
- AEPD (Spain) - PS/00173/2020 (category Article 5(1)(d) GDPR)FOUNDATIONS OF LAWC / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 3 3/8IBy virtue of the powers that article 58.2 of the RGPD recognizes to22 KB (3,424 words) - 14:06, 13 December 2023
- AEPD (Spain) - PS/00023/2020 (category Article 5(1)(c) GDPR)street a violation of Article 5 (1) (c) GDPR? The Spanish DPA has found that the facts of the present proceedings show that 2 of the 3 cameras installed by21 KB (3,298 words) - 13:46, 13 December 2023
- HDPA (Greece) - 39/2020 (category Article 4(7) GDPR)rowspan="2" width="3"><img src="http://www.dpa.gr:80/APDPXPortlets/images/menutop_space.jpg" width="3" height="104"></td><!--/*++++++++++++++++++++++++3 Υπομενού56 KB (7,755 words) - 15:39, 6 December 2023
- APD/GBA (Belgium) - 135/2022 (category Article 12(3) GDPR)companies in both Belgium and the UK, violated Article 15(1) GDPR, Article 15(3) GDPR and Article 12(3) GDPR GDPR for deleting data instead of providing access39 KB (5,674 words) - 08:57, 29 June 2023
- AEPD (Spain) - TD/00325/2019 (category Article 12 GDPR)set out in Article 15(1) of Regulation (EU) 2016/679 that is not included in the remote access system.3. For the purposes set out in Article 12(5) of Regulation17 KB (2,691 words) - 14:52, 13 December 2023
- Datatilsynet (Denmark) - 2019-431-0048 (category Article 28(3)(f) GDPR)reactivated according to plan. It follows from Article 28 (1) of the Data Protection Regulation Article 3 (3) (f) requires the data controller to assist the18 KB (2,633 words) - 16:36, 6 December 2023
- Datatilsynet (Denmark) - 2019-423-0202 (category Article 12(3) GDPR)Datatilsynet hold that the Municipality of Odense infringed Article 12(3) GDPR and Article 15 GDPR due to delayed answers to access requests. The Datatilsynet20 KB (3,084 words) - 16:28, 6 December 2023
- AEPD (Spain) - PS/00185/2020 (category Article 13 GDPR)security of processing (Article 32 GDPR), the transparency principle (Article 13 GDPR) and its information duties related to cookies (Article 22(2) of the Spanish20 KB (3,162 words) - 14:08, 13 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 6652/154/19 (category Article 17(3)(b) GDPR)request because the processing was necessary according to Article 17(3)(b) GDPR and Article 17(3)(e) GDPR. The controller stated that, according to Chapter 819 KB (2,951 words) - 12:30, 23 April 2024
- UODO (Poland) - DKE.561.3.2020 (category Article 31 GDPR)protected (Article 32, Article 24 (1) and (2) of Regulation 2016/679). Has the Chief Surveyor of the country appointed a data protection officer (Article 37 of51 KB (8,322 words) - 09:51, 17 November 2023
- AEPD (Spain) - PS/00235/2019 (category Article 6(1)(a) GDPR)twenty thousand euros), under¬ Article 6.1 (a) and Article 5.1 (a) of the GDPR, under consideration as ‘very serious’, in¬ Article 71 (1) (a) and (b), respectively24 KB (4,074 words) - 14:21, 13 December 2023
- CJEU - C-645/19 - Facebook Ireland and others v Gegevensbeschermingsautoriteit (category Article 55(1) GDPR)decision under Article 66 GDPR when the lead SA fails to respond to provide mutual assistance within a month as per Article 61(8) GDPR. The CJEU adopted10 KB (1,311 words) - 15:26, 13 June 2023
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD typified in Article 83.5.a) of the RGPD and considered very serious, for the purposes of prescription, in Article 72.139 KB (6,623 words) - 14:08, 13 December 2023
- LG Gießen - 2 O 186/22 (category Article 15 GDPR)rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, and the right to restriction of processing under Article 18 GDPR. The court therefore16 KB (2,369 words) - 10:26, 7 December 2022
- Court of Appeal of Brussels - 2021/AR/74 (category Article 6 GDPR)against the Interactive Advertising Bureau Europe (IAB Europe) for various GDPR violations (including the principles of legality, transparency and fairness5 KB (518 words) - 15:08, 9 August 2022
- Datatilsynet (Denmark) - 2020-31-3354 (category Article 6(1)(a) GDPR)Justification for the Danish Data Protection Agency's decision 3.1 It is clear from Article 6 (1) of the Data Protection Regulation 1, letter a, that the20 KB (3,151 words) - 16:38, 6 December 2023
- Personvernnemnda (Norway) - 2020-14 (19/00110) (category Article 6(1)(f) GDPR)refers to the Privacy Ordinance Article 6 No. 1 letter f as the relevant valid basis for processing, as well as Article 21 No. 1 on the data subject's right32 KB (5,120 words) - 18:48, 5 March 2022
- The DPA first requested an overview of such processing (equivalent to Article 30 GDPR) for purposes related to the Norwegian Execution of Sentences Act, details16 KB (2,010 words) - 14:32, 8 November 2022
- AN - SAN 3073/2022 (category Article 5(1)(c) GDPR)union enshrined in Article 7 of the Spanish Constitution. Therefore, such processing would be lawful in accordance with Article 6(1) GDPR. Share your comments34 KB (5,374 words) - 14:21, 24 November 2022
- AEPD (Spain) - PS/00092/2020 (category Article 13 GDPR)reprimand to the company for not complying with Article 13 GDPR, since it failed to even mention the GDPR in its Privacy Policy. Share your comments here22 KB (3,514 words) - 13:58, 13 December 2023
- TS - 1039/2022 (category Article 18(1) GDPR)provided for in Article 18 GDPR. As explained by the Court, Article 18(1) GDPR, in particular in paragraph (d), is linked to Article 21(1) GDPR, which guarantees44 KB (6,561 words) - 14:24, 24 November 2022
- AEPD (Spain) - PS/00057/2020 (category Article 7 GDPR)processing of personal data, whose objectiveC / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 3 3/14The main objective was to guarantee compliance with31 KB (4,757 words) - 13:52, 13 December 2023
- BlnBDI (Berlin) - 20.09.2022 (category Article 38(6) GDPR)Protection and Freedom (BInBDI) fined a retail group €525,000 for violating Article 38(6) GDPR due to the conflict of interest of their DPO who independently monitored8 KB (1,011 words) - 16:35, 12 December 2023
- 23/15w Pkt 3. mwN). An employee's privacy is also one of the legal interests protected by § 96 Paragraph 1 Z 3 ArbVG (9 ObA 23/15w Pkt 3. mwN). 3.2 Human24 KB (3,763 words) - 09:49, 14 December 2023
- Garante per la protezione dei dati personali (Italy) - 9698724 (category Article 5(1)(a) GDPR)Guarantor or to ask to be heard by the Authority (Article 166, paragraphs 6 and 7, of the Code; as well as Article 18, paragraph 1, of Law no. . 689 of 11/24/1981)83 KB (13,648 words) - 11:30, 16 August 2022
- AEPD (Spain) - PS/00093/2019 (category Article 5(1)(f) GDPR)infringement of Article 5.1.f) of the RGPD, as defined in Article 83.5 of the RGPD, following the application of Article 85(1) and (3) of LPACAP, a fine37 KB (5,995 words) - 13:58, 13 December 2023
- OLG Frankfurt am Main - 13 U 206/20 (category Article 17(1) GDPR)by the plaintiff pursuant to Article 82(1) GDPR, since there have been violations of Article 6(1)(a) GDPR and Article 34 GDPR. The defendant also breached44 KB (7,334 words) - 09:02, 17 March 2022
- CNIL (France) - SAN-2020-015 (category Article 32(1) GDPR)obligation of Article 32 GDPR? Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? Does29 KB (4,374 words) - 16:03, 19 January 2024
- AEPD (Spain) - PS/00180/2020 (category Article 13 GDPR)this sanctioning procedure proceeds.C / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 6 6/13FOUNDATIONS OF LAWICompetition:- About the Privacy38 KB (5,879 words) - 14:07, 13 December 2023
- dismiss the complaint in accordance with Article 95, §1, 3° WOG, on the basis of the following justification. 6. When a complaint is dismissed, the Disputes12 KB (1,431 words) - 16:45, 12 December 2023
- Garante per la protezione dei dati personali (Italy) - 9685922 (category Article 5(1)(f) GDPR)processing carried out is in violation of Article 5(1)(f) GDPR, Article 25(1) GDPR, Article 32 GDPR and Article 35 GDPR. Especially, the controller cannot exclude119 KB (19,123 words) - 11:29, 16 August 2022
- AEPD (Spain) - PS/00188/2020 (category Article 5(1)(f) GDPR)violation of Article 5 (1) (f) GDPR? The Spanish DPA held that were clear indications that the defendant infringed Article 5 (1) (f) GDPR, principles relating24 KB (3,907 words) - 14:08, 13 December 2023
- AEPD (Spain) - PS/00433/2020 (category Article 58(2)(c) GDPR)authority ofcontrol pursuant to Article 58 (2), or failure to provide access in breachof article 58, paragraph 1. "Organic Law 3/2018, on the Protection of23 KB (3,592 words) - 14:40, 13 December 2023
- HDPA (Greece) - 20/2021 (category Article 17(1) GDPR)unanimously considers that in accordance with Article 17 in in conjunction with Article 21 para. 3 of the GCP and Article 25 para. 1 of the GCP the conditions for20 KB (2,936 words) - 14:58, 22 November 2021
- AEPD (Spain) - PS/00254/2019 (category Article 4(12) GDPR)infringement of Article 32.1 of the GDPR typified as a serious infringement in Article 73 f) of the LOPDGDD and in Article 83.4 of the GDPR. For its part39 KB (6,341 words) - 14:23, 13 December 2023
- AEPD (Spain) - EXP202104530 (category Article 28 GDPR)they filed a complaint, however the accused company acted according to Article 28 GDPR and the Spanish DPA ended the proceedings. A.A.A. (data subject) received12 KB (1,685 words) - 12:41, 13 December 2023
- HmbBfDI (Hamburg) - H&M (category Article 6 GDPR)German original. Please refer to the German original for more details. 35.3 million Euro fine for data protection violations in H&M's service centre 017 KB (901 words) - 15:25, 6 December 2023
- HDPA (Greece) - 55/2021 (category Article 33 GDPR)measures to security of processing, in accordance with Article 32 GDPR, in connection with Article 24 GDPR, as the controller did not take into account the risks65 KB (10,533 words) - 10:28, 27 January 2022