Search results
From GDPRhub
- freedoms of individuals", as stated in Article 35(1) and further elucidated in Article 35(3) and Article 35(4) GDPR. The WP29 developed a list of criteria52 KB (7,297 words) - 08:05, 18 July 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 1) (category Article 35(1) GDPR)Ordinance Article 5, paragraph Article 5 (2) 1, letter c and letter f., Article 5, paragraph Article 6 (1) (a) Article 32 (1), (1), (33) 1 and 35, para. 1. Below48 KB (7,442 words) - 10:24, 12 September 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 35(1) GDPR)regulation's article 5, subsection 2, cf. Article 5, subsection 1, letters c and f, and Article 5, subsection 1, letter a, cf. Article 6, subsection 1, and Article75 KB (11,733 words) - 16:33, 21 August 2022
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 3) (category Article 35(1) GDPR)regulation's article 5, subsection 2, cf. Article 5, subsection 1, letter a, Article 24, cf. Article 28, subsection 1, Article 35, subsection 1, as well as117 KB (18,075 words) - 10:19, 12 September 2022
- HDPA (Greece) - 30/2023 (category Article 35(1) GDPR)violation of article 5 par. 1 item. e' of the GDPR, b) reprimanded the OASA for the violations of the provisions of article 25 par. 1 and article 35 par. 1 of the6 KB (623 words) - 09:08, 25 October 2023
- VDAI (Lithuania) - UAB vs FITNESS (category Article 35(1) GDPR)this processing, in violation of Article 5(1)(c) GDPR; It violated Article 13(1) and (1) GDPR, and Article 5(1) GDPR by failing to adequately inform data53 KB (2,523 words) - 09:19, 17 November 2023
- HDPA (Greece) - Opinion 2/2020 (category Article 35(1) GDPR)of Article 6(1)(e) GDPR -public interest and exercise of official authority vested in it, which falls within the exception of Article 9(2)(j) GDPR. It33 KB (5,266 words) - 15:32, 6 December 2023
- DSB (Austria) - 2021-0.024.862 (category Article 35(1) GDPR)that Article 36(1) GDPR provides for a duty to consult if two conditions are met. First, a data protection impact assessment under Article 35 GDPR must38 KB (5,821 words) - 13:39, 12 May 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 35(1) GDPR)controller €400,000 pursuant of Article 83(4)(a) GDPR for the failure to conduct a DPIA in violation with Articles 35(1), 35(2), and 35(3)(b). The DPA stated that163 KB (27,222 words) - 16:54, 6 December 2023
- CNIL (France) - SAN-2022-020 (category Article 35(1) GDPR)obligations arising from Article 5(1)(e) of the GDPR. D. On the breach of the transparency obligation 36. Article 12(1) of the GDPR provides that "the controller59 KB (9,566 words) - 17:03, 6 December 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 35(1) GDPR)of Articles 5.1.a, 5.1.b, 6.1.c), 6.3, 9.2.i), 12.1, 13.1.c), 13.2.a), 13.2.d), 13.2.e), 30.1.a) and 30.1.d), 35.1 and 35.7 of the GDPR 9. The applicant83 KB (13,694 words) - 09:53, 14 December 2023
- IMY (Sweden) - IMY-2023-1647 (category Article 35(1) GDPR)Childrens and Education Board 300,000 SEK (around €26,524) for breaching Article 35(1) GDPR. The Board failed to conduct a data protection impact assesment prior5 KB (641 words) - 16:51, 5 December 2023
- DPC (Ireland) - 06/SIU/2018 (category Article 35(1) GDPR)Galway County Council, the DPC found violations of Article 5(1)(a) GDPR, Article 24 GDPR and Article 35(1) GDPR. The Irish DPC started an own volition inquiry9 KB (1,227 words) - 14:49, 3 October 2023
- HDPA (Greece) - 41/2022 (category Article 35(1) GDPR)thereby violating Article 13(2) GDPR. The investigated controllers did not comply with the storage limitation principle under Article 5(1) GDPR because the data14 KB (2,046 words) - 19:00, 21 September 2022
- airport for violation of Articles 5(1)(c), 6(1)(e), 9(2)(g), 12, 13(1)(c), 13(2)(e), 35(1), 35(3) and 35(7)(b) GDPR. It also fined the medical service €207 KB (874 words) - 16:47, 6 April 2022
- APD/GBA (Belgium) - 127/2022 (category Article 35(1) GDPR)measures under Article 24 GDPR and 25 GDPR. However, the DPA considered that in this case, the violations of Article 5(1)(f) GDPR and 32 GDPR were sufficient14 KB (1,993 words) - 14:36, 14 September 2022
- Tietosuojavaltuutetun toimisto (Finland) - 7684/171/22 (category Article 35(1) GDPR)the decision where it applied Article 35 GDPR in this case. This might imply that there was a confusion with Article 35 data protection impact assessment27 KB (4,068 words) - 10:13, 7 June 2023
- Persónuvernd (Iceland) - 202112772 (category Article 35(1) GDPR)violation of Article 24(1) and (2) GDPR (responsibility of the controller), Article 25 GDPR (privacy by design and by default) or of Article 32 GDPR (obligation46 KB (7,050 words) - 09:55, 16 December 2021
- AP (The Netherlands) - Decision of 18 December 2023 (category Article 35(1) GDPR)be equivalent to a DPIA under Article 35 GDPR. For this reason, the AP held that the controller violated Article 35(1) GDPR. In this, the AP considered it55 KB (8,007 words) - 09:50, 24 January 2024
- APD/GBA (Belgium) - 165/2023 (category Article 35(1) GDPR)of: 1. Article 5.1.f) and 5.2 of the GDPR, Article 24.1 of the GDPR, Article 25.1 of the GDPR and Articles 32.1 and 32.2 GDPR; 2. Articles 35.1, 35.2, 3567 KB (9,908 words) - 11:09, 10 January 2024