Search results
From GDPRhub
- Article 97 GDPR (category Article 97 GDPR)Category:Article 97 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 97 GDPR, margin numbers 1-3 (C. H. Beck 2020, 3rd edition). In the latter case16 KB (778 words) - 08:24, 19 October 2023
- Article 59 GDPR (category GDPR Articles)enforcement of the GDPR. → You can find all related decisions in Category:Article 59 GDPR Selmayr, in Ehmann, Selmayr, DS-GVO Kommentar, Article 59 GDPR, margin number15 KB (718 words) - 15:31, 19 October 2023
- Article 69 GDPR (category Article 69 GDPR)Regulation (GDPR), Article 68 GDPR, p. 1059 (Oxford University Press 2020); Brink, Wilhelm, in Wolff, Brink, DS-GVO, Article 69 GDPR, margin numbers 4-6 (C.H18 KB (1,327 words) - 12:36, 14 December 2023
- Article 71 GDPR (category Article 71 GDPR)edition). Körffer in Paal, Pauly, DS-GVO BDSG, Article 71 GDPR, margin numbers 4 (C.H. Beck 2021, 3rd edition). Dix in Kühling, Buchner, GDPR BDSG, Article15 KB (1,196 words) - 08:15, 19 October 2023
- Article 94 GDPR (category Article 94 GDPR)under the GDPR. → You can find all related decisions in Category:Article 94 GDPR Kühling, Raab, in Kühling, Buchner, GVO BDSG, Article 94 GDPR, margin numbers13 KB (530 words) - 09:40, 3 October 2023
- all related decisions in Category:Article 31 GDPR Hartung, in Kühling, Buchner, DS-GVO BDSG, Article 31 GDPR, margin numbers 1-4 (Beck 2020, 3rd edition)22 KB (2,042 words) - 14:29, 20 November 2023
- as profiling (see also Article 4(4) GDPR); Restriction (marking for limited further processing, see also Article 4(3) GDPR), such as deactivation of information125 KB (16,328 words) - 16:01, 8 March 2024
- Member State law under Article 6(4) GDPR; further processing based on the data subject's consent under Article 6(4) GDPR and further processing for a compatible51 KB (6,355 words) - 08:25, 18 April 2024
- which violates the GDPR. Article 4(12) of the GDPR clarifies that the regulation applies specifically in cases of personal data breaches. In such breaches,54 KB (6,536 words) - 08:22, 16 June 2023
- Article 17 GDPR (category GDPR Articles)compatible with the eliminated purpose” under Article 6(4) GDPR. Art 6(4) GDPR establishes that, in order for the controller to determine whether processing61 KB (8,488 words) - 15:47, 18 March 2024
- Article 57 GDPR (category GDPR Articles) (section (a) Monitor and enforce the application of the GDPR)to Article 60 GDPR, Article 61 GDPR, Article 62 GDPR, Article 63 GDPR, Article 64 GDPR, Article 65 GDPR, Article 66 GDPR and Article 56 GDPR. The SA is also60 KB (7,796 words) - 20:12, 1 April 2024
- Article 24 GDPR (category Article 24 GDPR) (section Shall implement appropriate technical and organisational measures to ensure GDPR compliance)Article 32 GDPR, margin numbers 23 (Manz 2022). Pollirer, in Knyrim, DatKomm, Article 32 GDPR, margin numbers 23 (Manz 2022). Pollirer, in Knyrim, DatKomm30 KB (3,458 words) - 10:31, 25 April 2024
- Article 25 GDPR (category GDPR Articles) (section Designed to implement data-protection principles in an effective manner and protecting data subjects' rights and freedoms)(available here). Bygrave, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 25 GDPR, p. 576 (Oxford University43 KB (4,675 words) - 06:43, 16 June 2023
- Article 87 GDPR (category Article 87 GDPR)Regulation. National identification numbers (NIN) or identifiers of general application as understood in Article 87 GDPR are numbers used by public authorities15 KB (660 words) - 09:37, 1 December 2023
- is intended to be, stored in a filing system. The term 'processing' is defined, and further discussed, in Article 4(2) GDPR. In general, processing includes34 KB (4,652 words) - 12:07, 12 November 2023
- specialis in relation to the GDPR - usually in the form of a Restriction under Article 23 GDPR - these other rights exist in parallel to the GDPR. This means73 KB (9,896 words) - 15:46, 18 March 2024
- Article 58 GDPR (category GDPR Articles) (section (d) Order to bring processing in compliance with the GDPR)(Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR), notification (Article 19 GDPR) or data portability46 KB (5,825 words) - 11:12, 7 November 2023
- on Article 6(1)(e) and (f) GDPR, “including profiling based on those provisions.” Profiling is defined in Article 4(4) GDPR as a form of automated processing49 KB (5,993 words) - 06:22, 16 June 2023
- Article 27 GDPR (category GDPR Articles) (section (a) Processing Which is Occasional and Does Not Include Data in the Sense of Articles 9 and 10 GDPR)80 sentence 5 GDPR. Ziebarth, in Sydow, Europäische Datenschutzgrundverordnung, Article 4 GDPR, margin number 204 (Nomos 2018). Klabunde, in Ehmann, Selmayr25 KB (2,418 words) - 14:11, 24 May 2023
- toimisto in Finnish or Dataombudsmannens byrå in Swedish) is the national Data Protection Authority for Finland. It resides in Helsinki and is in charge5 KB (492 words) - 18:09, 19 March 2024
- Article 6 GDPR (category GDPR Articles) (section Tension with Article 5 and 12 GDPR in case of routine reliance on Article 6(4) GDPR)Article 6(1)(4) GDPR, as illustrated by the rules in Articles 4(11), 7 or 8 GDPR, as well as Recital 43. If consent is "freely given" under the GDPR requires108 KB (17,005 words) - 15:39, 18 March 2024
- Article 54 GDPR (category GDPR Articles) (section In the course of the performance of their tasks or exercise of their powers)please refer to Article 51(1) GDPR and Article 52 GDPR in this Commentary. Article 54(1)(b) GDPR echoes Article 53(2) GDPR, which outlines the qualificatory34 KB (3,649 words) - 13:19, 30 October 2023
- categories of data established in Article 9(2)(a) GDPR, Article 9(2)(c) GDPR, Article 9(2)(g) GDPR and Article 9(2)(i) GDPR directly correlate with a specific44 KB (5,905 words) - 14:00, 24 October 2023
- Article 95 GDPR (category Article 95 GDPR)related decisions in Category:Article 95 GDPR Costa de Oliveira in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 95 GDPR, p. 1296 (Oxford20 KB (1,539 words) - 08:21, 19 October 2023
- exclude all sanctions mentioned in Chapter VIII GDPR, i.e. the damages under Article 82 GDPR and fines under Article 83 GDPR. In any case, should fines for19 KB (1,477 words) - 14:12, 7 November 2023
- Article 78 GDPR (category GDPR Articles) (section (4) Information on preceding EDPB opinion or decision)decisions in Category:Article 78 GDPR Tambou, in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 78 GDPR, margin numbers 3 and 7 (C30 KB (3,874 words) - 10:46, 7 December 2023
- n Recital 121 GDPR. Hijmans, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 53 GDPR, p. 888 (Oxford29 KB (2,894 words) - 23:06, 1 April 2024
- listed in Article 83(4), (5) and (6) GDPR. This specifically refers to violations of Articles 8, 11, 25 to 39, 41(4), 42, 43 of the GDPR (paragraph 4), Articles55 KB (7,622 words) - 14:04, 7 November 2023
- of the GDPR enforcement across the Member States. → You can find all related decisions in Category:Article 64 GDPR Caspar in Kühling, Buchner, GDPR Article23 KB (2,079 words) - 16:07, 2 November 2023
- requirements set forth in Article 12 GDPR. Dix in Simitis, Hornung, Spiecker gen. Döhmann, Datenschutzrecht, Article 34 GDPR, margin numbers 8-9 (C.H. Beck 2019)37 KB (3,962 words) - 15:20, 16 June 2023
- Article 39 GDPR (category GDPR Articles)from any of the GDPR’s protections. → You can find all related decisions in Category:Article 39 GDPR Just as Article 38 GDPR, Article 39 GDPR also shows similarities23 KB (2,165 words) - 15:10, 27 July 2023
- all related decisions in Category:Article 70 GDPR Schiedermair in Simitis et al., Data Protection Law, Article 70 GDPR, margin numbers 6-8 (C.H. Beck 201927 KB (3,038 words) - 12:19, 11 October 2023
- Article 72 GDPR (category Article 72 GDPR)under Article 65(3)(1) GDPR and for consistency decisions in the urgency procedure under Article 66(4) GDPR is necessary, as these are in this respect backward22 KB (2,266 words) - 08:26, 17 October 2023
- Article 90 GDPR (category Article 90 GDPR)Belisario, GDPR e normativa privacy – Commentario, Article 90 GDPR, p. 662 (Wolters Kluwer 2018). Piltz in Gola DS-GVO, Article 90 GDPR, margin numbers 6-7 (C18 KB (1,599 words) - 12:26, 29 April 2022
- controller (as defined under Article 4(7) GDPR) and a processor (as defined under Article 4(8) GDPR). As noted above, Article 79 GDPR imposes a two-stage cumulative31 KB (3,550 words) - 11:11, 29 November 2023
- activity in question. → You can find all related decisions in Category:Article 80 GDPR Leupold, Schrems in Knyrim, Der Datkomm, Article 80 GDPR, margin26 KB (2,575 words) - 15:50, 9 November 2023
- Article 52 GDPR (category GDPR Articles) (section In the context of mutual assistance, cooperation and participation in the EDPB)(Article 52(4)(5)(6) GDPR). Elements of SAs' complete independence are also addressed in Article 53 GDPR and Article 54 GDPR. The CJEU in the Case of Commission47 KB (5,594 words) - 22:45, 1 April 2024
- response under Article 12(4) GDPR. There is no definition of the term “manifestly ... excessive” in the GDPR. The example in the law “in particular because of76 KB (11,304 words) - 08:37, 4 March 2024
- Article 18 GDPR (category GDPR Articles) (section (d) Objection to processing under Article 21(1) GDPR)19 GDPR. → You can find all related decisions in Category:Article 18 GDPR The right to restriction of processing was introduced in 2016 by the GDPR although32 KB (3,730 words) - 08:43, 7 March 2024
- decisions in Category:Article 55 GDPR Hijmans, in Kuner, Bygrave, Docksey, The EU General Data Protection Regulation (GDPR): A Commentary, Article 55 GDPR, p35 KB (3,971 words) - 21:34, 1 April 2024
- established in 2001. It resides in Riga and is in charge of enforcing GDPR in Latvia. The DVI is functionally independent institution. Besides GDPR, the regulation6 KB (544 words) - 04:39, 11 October 2022
- BDSG, Article 75 GDPR, margin number 6 (C.H. Beck 2020, 3rd edition). Brink, Wilhelm, in BeckOK DatenschutzR, Article 75 GDPR, margin numbers 8-9 (C.H. Beck20 KB (1,347 words) - 14:21, 17 October 2023
- Article 10 GDPR (category GDPR Articles)of the GDPR. Article 10 GDPR is intended to extend the protection of the GDPR to the processing of certain criminal data that is not included in the scope17 KB (1,768 words) - 15:41, 18 March 2024
- 66(1)-(2) GDPR is the CSA within the meaning of Article 4(22) GDPR. In contrast, Article 66(3) refers to “any supervisory authority” (Article 4(21) GDPR) and20 KB (1,590 words) - 16:11, 2 November 2023
- Article 93 GDPR (category Article 93 GDPR) (section GDPR cases where the examination procedure is referred to)decisions in Category:Article 93 GDPR Herbst in Kühling, Buchner, DS-GVO BDSG, Article 93 GDPR, margin number 1 (C.H. Beck 2020, 3rd Edition). Ehmann, in Ehman17 KB (1,096 words) - 08:19, 19 October 2023
- Article 82 GDPR (category GDPR Articles) (section (4) Liability in the Case of Multiple Damaging Parties (Joint Liability))of Article 4(7) and (8) GDPR can be liable for compensation. A claim for damages first requires an infringement of the GDPR. Article 82 GDPR does not contain33 KB (4,215 words) - 09:57, 19 March 2024
- to damage referred to in Article 62(4) GDPR. According to Article 62(7) GDPR, if the lead SA does not invite the SA to take part in the joint operations22 KB (1,915 words) - 13:46, 15 January 2024
- is subject, under Article 6(1)(c) GDPR. In line with the general objectives of the GDPR, as outlined in Article 1 GDPR Article 16 TFEU, SAs are also required27 KB (2,604 words) - 14:24, 16 January 2024
- Article 13 GDPR (category GDPR Articles) (section Automated decision-making ... referred to in Article 22(1) and (4))as listed in Articles 13 GDPR. In certain cases, Article 23 GDPR may be used by Member States to exempt certain duties under Article 13 GDPR in certain situations71 KB (9,532 words) - 13:30, 6 March 2024
- Article 14 GDPR gives expression to the principle of transparency enshrined in Article 5(1)(a) GDPR and further defined in Article 12 GDPR. While Article47 KB (5,644 words) - 17:49, 5 March 2024
- business 'in accordance with community law' - not in violation of community law (such as the GDPR). While there is no general balancing test, the GDPR foresees28 KB (3,831 words) - 16:21, 14 March 2024
- Article 85 GDPR (category Article 85 GDPR) (section Scope of the exceptions within the GDPR framework)guidance on Article 85 GDPR can be found in the case-law of the ECtHR. See, Tinnefeld in Kühling, Buchner, GDPR BDSG, Article 85 GDPR, margin number 9 (C33 KB (3,748 words) - 14:25, 7 November 2023
- Article 23 GDPR (category GDPR Articles) (section Consultation with the DPAs (Articles 36(4) and 57(1)(c) GDPR))access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), notification obligation44 KB (4,896 words) - 06:25, 16 June 2023
- mentioned in paragraph 1. In other words, the examples provided in paragraph 3 are helpful in understanding the relevant risk indicators for the GDPR, which52 KB (7,297 words) - 08:05, 18 July 2023
- Article 4(7) GDPR (definition of controller), Article 4(8) GDPR (definition of processor), Article 4(16) GDPR (definition of main establishment), Article55 KB (7,446 words) - 22:28, 1 April 2024
- carried out in compliance with the GDPR. Article 28(3)(h) GDPR enables such a task in case processors are used. According to Article 28(3)(h) GDPR, the processor72 KB (9,140 words) - 13:12, 2 June 2023
- DSB (Austria) - 2021-0.586.257 (category Article 4(1) GDPR)controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google Analytics. Furthermore108 KB (17,097 words) - 13:52, 12 May 2023
- GDPRhub style guide (section GDPR)Lit a GDPR or Article 6 GDPR or GDPR Article 6, Sec 1(a) Recitals are also not shortened. Example: Recital 47 Example: Not R 47 or Recital 47 GDPR Other17 KB (2,510 words) - 13:56, 24 April 2023
- protection authorities (Art. 78.1 GDPR), as well as by the possibility to bring actions directly in court (Art. 79 GDPR). Against the decisions that put15 KB (1,875 words) - 16:18, 13 July 2022
- CJEU - C-175/20 - SIA ‘SS’ (Opinion of AG Bobek) (category Article 4(1) GDPR)In the opinion of AG Bobek, data such as phone number and car chassis number must be considered as personal data in the sense of Article 4(1) GDPR when8 KB (1,081 words) - 13:13, 1 June 2023
- HDPA (Greece) - 56/2021 (category Article 13 GDPR)(i.e. the differentiation of the numbers existed, in these cases, in the last two digits of the calling numbers). In one case, the complaint concerned54 KB (8,916 words) - 15:22, 22 February 2022
- HDPA (Greece) - 3/2022 (category Article 4(7) GDPR)meaning of Article 4(7) GDPR. Furthermore, the erasure or destruction of personal data is a form of processing based on Article 4(2) GDPR. The DPA has the11 KB (1,492 words) - 13:09, 23 November 2022
- HDPA (Greece) - 57/2021 (category Article 13 GDPR)GCP in in combination with article 83 par. 5 of the GCC, and with article 21 par. 1 lit. b 'of Law 2472/1997, in combination with article 13 par. 4 of law45 KB (7,165 words) - 15:22, 22 February 2022
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)even pseudonymised data (Art. 4 Para. 5 GDPR) from the term personal data are recorded in accordance with Art. 4 Para. 1 GDPR. It is undeniable that the MB158 KB (26,392 words) - 08:25, 7 June 2023
- LG Köln - 28 O 138/22 (category Article 82 GDPR)protection of Art. 82 GDPR does not cover violations of Art. 13, 14, 15, 24, 25 and Art. 34 GDPR. In addition, there is no breach of the GDPR by the defendant39 KB (6,362 words) - 14:01, 22 June 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)juris; Klar/Kühling: in: Kühling/Buchner, DS-GVO/BDSG, 2nd ed., Art. 4 DS-GVO marginal 8; Ernst, in: Paal/Pauly, DS-GVO/BDSG, 2nd ed., Art. 4 marginal 14). 39112 KB (19,310 words) - 08:08, 23 June 2022
- UODO (Poland) - DKN.5112.13.2020 (category Article 5(1)(a) GDPR)the GEOPORTAL2 was not in line with the principle of lawfulness in Article 5(1)(a) GDPR, as none of the conditions of Article 6 GDPR were satisfied. The data60 KB (9,755 words) - 09:58, 17 November 2023
- How to add a new decision (section Add a GDPR Article)6(1)(a) and 4(11) GDPR in a case concerning the requirements of consent). Always use the most specific sub-paragraph (e.g. Article 6(1)(a) GDPR for consent17 KB (2,638 words) - 11:18, 19 February 2024
- Garante per la protezione dei dati personali (Italy) - 9256486 (category Article 4 GDPR)relative numbers were included in the Company's denial black list; e) in the black list used by the partner XX Srl there were almost 200,000 numbers that did144 KB (23,155 words) - 15:46, 6 December 2023
- Datatilsynet (Denmark) - 2019-431-0037 (category Article 28(1) GDPR)Article 28(1) GDPR by allowing 84 Danish municipalities to wrongfully gain access to the social security numbers and employment information of 4.2 million18 KB (2,710 words) - 16:34, 6 December 2023
- HDPA (Greece) - 9/2024 (category Article 5(1)(a) GDPR)Article 32 GDPR in ten cases. Meanwhile, Zitatel was found to be in violation of Article 5(1) GDPR and Article 32 GDPR in two cases. With regards to Teleraise102 KB (17,186 words) - 13:46, 26 April 2024
- Korkein hallinto-oikeus (Finland) - KHO:2023:56 (category Article 5(1)(c) GDPR)things. (6) In the situation in question, children's personal identification numbers are not intended to be used for the purposes listed in paragraph 3845 KB (5,016 words) - 14:14, 21 March 2024
- Tietosuojavaltuutetun toimisto (Finland) - TSV/29/2020 (category Article 5(1)(c) GDPR)referred to in Section 29.4 of the Data Protection Act, in which the personal identification number should not be entered unnecessarily. In addition to25 KB (3,651 words) - 09:37, 3 April 2024
- Tietosuojavaltuutetun toimisto (Finland) - 1011/161/22 (category Article 5(1)(c) GDPR)account numbers. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant to Article 58(2)(d) GDPR, the15 KB (2,137 words) - 20:18, 27 March 2024
- Garante per la protezione dei dati personali (Italy) - 9570997 (category Article 5(1) GDPR)by e-mail. 1.4.4. With reference to the disputes referred to in points 4) and 5), in the initiation of the procedure it was noted that, in relation to the131 KB (21,014 words) - 15:55, 6 December 2023
- AEPD (Spain) - PS/00474/2020 (category Article 21 GDPR)checked whether the calling numbers indicated by the claimant in his claim are recorded in our database of telephone numbers that use our collaborators38 KB (5,945 words) - 12:14, 9 June 2021
- AEPD (Spain) - PS/00209/2019 (category Article 57(1) GDPR)calls to be made to the numbers included in the list of ADHD as well as in the internal Robinson List. In view of the above, my client understands that26 KB (4,212 words) - 14:10, 13 December 2023
- Rb. Rotterdam - C/10/576091/HA RK 19-701 (category Article 15(3) GDPR)awarded to an attorney at law salary. 4 The decision The court 4.1. Declares [the applicant]'s application inadmissible; 4.2. orders [the applicant] to pay14 KB (2,154 words) - 16:27, 10 March 2022
- UODO (Poland) - DKN.5131.5.2020 (category Article 83(4)(a) GDPR)protection breach resulting in the need to notify the authority and the data subjects, according to Article 33(1) GDPR and Article 34(1) GDPR? The PUODO held that47 KB (7,608 words) - 10:00, 17 November 2023
- CNIL (France) - MED-2019-027 (category Article 24(1) GDPR)November 2017 for complete numbers (i.e. for more than 13 months) and since 9 July 2014 for truncated numbers (i.e. for more than 4 years). However, the registration21 KB (3,274 words) - 17:08, 6 December 2023
- Gerechtshof Amsterdam - 200.258.736/01 (category Article 15 GDPR)of facts in a number of respects. In so far as relevant, the Court of Appeal will take this into account in the following. In this case - in so far as41 KB (7,150 words) - 12:30, 4 October 2021
- AEPD (Spain) - PS/00381/2019 (category Article 5(1)(f) GDPR)persons responsible or in charge listed in paragraph 1 commit any of the offences referred to in Articles 72 to 74 of this Organic Law. In the present case,22 KB (3,479 words) - 14:33, 13 December 2023
- DSB (Austria) - 2020-0.111.488 (category Article 4(15) GDPR)personal data (health data under Article 4(15 GDPR) and consisted of the patients' names and social security numbers, excerpts from patient letters, medical8 KB (1,048 words) - 13:50, 12 May 2023
- Rb. Limburg - C/03/278775 / HA RK 20-119 (category Article 35 GDPR)institutions) in this specific case outweigh the interests or the fundamental rights and freedoms of the data subject (recital 69 GDPR ). 4.4. This assessment16 KB (2,580 words) - 10:43, 23 September 2020
- AEPD (Spain) - PS/00059/2020 (category Article 28 GDPR)following sanctions, resulting in a record fine of € 8 125 000: - A € 4 000 000 fine for the infringement of Article 28 GDPR: due to the hiring of processors287 KB (48,336 words) - 13:53, 13 December 2023
- UODO (Poland) - ZSPR.421.3.2018 (category Article 4(1) GDPR)obligation mentioned in the Art. 14 GDPR. 4) No, in the assessment of the President of UODO, sending out information related to Art. 14 GDPR by regular mail52 KB (8,444 words) - 10:01, 17 November 2023
- BAC (Bulgaria) - 2606/2021 (category Article 4(12) GDPR)obligations under Articles 24 and 32 of the GDPR which led to the personal data breach, as per Article 4(12) of the GDPR, including with regards to the complainant’s13 KB (1,761 words) - 09:58, 14 December 2023
- HDPA (Greece) - 38/2019 (category Article 4(1) GDPR)purposes? 4) Is the data subjects’ consent valid? The HDPA found that: 1) The telephone number constitutes personal data according to Article 4(1) GDPR as the4 KB (347 words) - 15:37, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9778094 (category Article 5(1)(a) GDPR)complainant contained in a procedural document; in particular, a page of the procedural documents is taken up in which the claimant appears in a frontal position66 KB (10,708 words) - 11:29, 16 August 2022
- Misdemeanor Court in Zagreb ruled that municipal wardens have a valid legal basis under Article 6 GDPR to collect and process vehicle registration numbers. The legal16 KB (2,404 words) - 15:46, 30 October 2023
- APD/GBA (Belgium) - 25/2020 (category Article 5 GDPR)mobile phone numbers of contacts who do not use the app. In order to do so, it must first assess whether the holders of the mobile phone numbers in the address84 KB (14,035 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00026/2021 (category Article 21 GDPR)Article 48(1) LGT, Article 21 GDPR in link with Article 23 LOPDGDD and Article 28 GDPR? The Spanish DPA (AEPD) held that the facts in question indicated a breach33 KB (5,185 words) - 13:48, 13 December 2023
- HDPA (Greece) - 52/2021 (category Article 32(4) GDPR)000 under Article 58(2) GDPR and Article 83(4) GDPR for the breach of Article 32(2), Article 32(4) GDPR and Article 28(3) GDPR. As for the controller,8 KB (861 words) - 10:00, 22 December 2021
- HDPA (Greece) - 38/2022 (category Article 4 GDPR)provider, was processing personal data, in line with the definition of Article 4(1) GDPR. In accordance with Article 5(3) GDPR, the controller had an obligation9 KB (974 words) - 15:54, 20 December 2022
- UODO (Poland) - DKE.561.3.2020 (category Article 31 GDPR)control with reference number [...], in order to prevent its implementation in the scope indicated in points 1-5 and in point 6 (with regard to technical51 KB (8,322 words) - 09:51, 17 November 2023
- AEPD (Spain) - PS/00114/2019 (category Article 6(1) GDPR)04/25/2018 in which he makes these declarations: - That in a bank account of which he is the owner in the entity CAIXABANK, (number ended in the digits60 KB (10,197 words) - 14:01, 13 December 2023
- Rb. Amsterdam - 8598127 KK EXPL 20-357 (category Article 5 GDPR)[plaintiff] states - in brief - that, in view of the current facts, ABN AMRO's interests in maintaining the coding do not outweigh its interest in removing it.27 KB (4,437 words) - 09:17, 22 August 2020
- IMY (Sweden) - DI-2019-9457 (category Article 32(1) GDPR)privacy. In addition, the excel files contained social security numbers 4 which are considered to be particularly personal data. The information in e- the43 KB (4,600 words) - 17:08, 23 March 2022
- AEPD (Spain) - PS/00333/2019 (category Article 5 GDPR)which the agent contacted in a personal capacity the complainant does not belong to VODAFONE, i.e. it is not listed in the numbers assigned to the ATENTO16 KB (2,625 words) - 14:29, 13 December 2023
- BVwG (Austria) - W211 2268942-1 (category Article 55(3) GDPR)to secrecy in accordance with Section 1 Paragraph 1 of the GDPR by not observing the principles in accordance with Articles 5 and 6 of the GDPR. The complaint75 KB (12,118 words) - 15:46, 14 February 2024
- VDAI (Lithuania) - VDAI vs UAB Prime Leasing (category Article 32(1)(a) GDPR)the data breach within the time limits set out in Article 34 of the GDPR (Article 83(2)(h) of the GDPR). In view of the above, it is not considered that37 KB (4,319 words) - 09:20, 17 November 2023
- HDPA (Greece) - 24/2020 (category Article 4(2) GDPR)exercising their right to access (Article 15 GDPR), not mentioning any of the elements of Article 14 GDPR regarding the processing of data, but only mentioning8 KB (879 words) - 15:37, 6 December 2023
- UODO (Poland) - DKN.5131.7.2020 (category Article 33(1) GDPR)a person's behavior can be obtained by profiling, as referred to in art. 4 pts 4 GDPR. However, as part of our activities, we do not conduct profiling50 KB (8,066 words) - 10:00, 17 November 2023
- Datatilsynet (Norway) - 20/01516 (category Article 5 GDPR)personal data in question was not covered by the Public Administration Act. As such, the municipality did not have a legal basis cf. Article 6 GDPR. In addition26 KB (3,885 words) - 08:43, 7 May 2022
- CJEU - C-496/17 - Deutsche Post AG v. Hauptzollamt Köln (category Article 4(2) GDPR)collection of Tax Identification Numbers is neither necessary nor appropriate for determining the reliability of an entity, in terms of customs law, and the7 KB (1,005 words) - 13:10, 1 June 2023
- Garante per la protezione dei dati personali (Italy) - 9485681 (category Article 5 GDPR)document with a digital signature. In light of these facts, Italy’s DPA found Vodafone S.p.A in violation of the following GDPR provisions: Article 5(1) and7 KB (810 words) - 15:52, 6 December 2023
- AEPD (Spain) - PS/00374/2018 (category Article 5(1)(c) GDPR)of up to 4 % of the total annual turnover of the previous financial year, whichever is greater, in accordance with Article 83.5 of the RGPD. In accordance18 KB (2,711 words) - 13:43, 13 December 2023
- AEPD (Spain) - PS/00179/2020 (category Article 32(1) GDPR)the same. c. That in those cases in which a high risk could be observed one or more exceptions from those contained in art. 3. 4 GDPR. In this sense, those100 KB (16,401 words) - 14:07, 13 December 2023
- because there are more telephone numbers in Austria than residents and virtual telephone numbers can also be generated in the app for verification, then30 KB (4,834 words) - 13:14, 10 November 2021
- AEPD (Spain) - PS/00065/2020 (category Article 13 GDPR)Article 13 of the GDPR GDPR. The form used violated Article 13 of the GDPR conduct that is subsumi- ble under Article 83(5) of the GDPR, which provides:61 KB (9,973 words) - 13:55, 13 December 2023
- HDPA (Greece) - 4/2022 (category Article 5(1)(a) GDPR)35(7) GDPR, for not complying with the principle of transparency under Article 5(1) GDPR and for not anonymising the data under Article 25(1) GDPR, among11 KB (1,274 words) - 10:37, 23 February 2022
- CE - N° 429571 (category Article 6(1)(a) GDPR) (section On the CNIL's competence to interpret Article 6 GDPR)provisions mentioned in point 4, to giving its interpretation of the provisions of the regulation of 27 April 2016 mentioned in point 3 in as regards the modalities19 KB (2,790 words) - 09:50, 10 September 2021
- CNIL (France) - SAN-2022-020 (category Article 3(2)(a) GDPR)to in paragraphs 4, 5 and 6 are, in each case, effective, proportionate and dissuasive", before specifying the elements to be taken into account in deciding59 KB (9,566 words) - 17:03, 6 December 2023
- CJEU - C-264/19 - Constantin Film Verleih GmbH v. YouTube LLC and Google Inc. (Opinion of AG Saugmandsgaard Øe) (category Article 4(1) GDPR)of “names and addresses” in Article 8(2)(a) Directive 2004/48 which is not defined in that directive and has been implemented in the § 101(3)(1) of the German8 KB (1,020 words) - 13:14, 1 June 2023
- Tietosuojavaltuutetun toimisto (Finland) - 3425/157/2019, 3578/157/2019, 3846/157/2019, 3871/157/2019, 3891/152/2019, 3918/157/2019, 4338/157/2019, 4666/154/2019, 5973/157/2019, 6773/157/2019 ja 7022/157/2019 (category Article 4(11) GDPR)needed in such a case. Furthermore, some of the data subjects had submitted requests to the controller regarding exercising their rights under GDPR. The4 KB (359 words) - 13:03, 3 March 2024
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)under 6.3.2 (part 1, in marginal numbers 22.-24.), 6.4.2 (part 2, in marginal numbers 26.-32.), 6.5.2 (subpart 3.1, in marginal numbers 34.-39.) and 6.5.3103 KB (17,620 words) - 10:13, 29 November 2023
- AEPD (Spain) - PS/00502/2020 (category Article 21 GDPR)registered on the Robinson List in breach of Article 48(1)(b) LGT and Article 21 GDPR in conjunction with Article 23(4) LOPDGDD. Avilon Center SL made23 KB (3,590 words) - 14:45, 13 December 2023
- AEPD (Spain) - PS/00134/2019 (category Article 5(1)(a) GDPR)with a finepublic, as indicated in article 77.1. c) and 2. 4. 5. and 6. of the LOPDDGG: “ 1. Theregime established in this article will be applicable to26 KB (4,034 words) - 14:04, 13 December 2023
- Rb. Rotterdam - C/10/576074/HA RK 19-694 (category Article 15(3) GDPR)reasonableness and fairness. In the given circumstances [applicant] is in this case admissible in his application. assessment framework 4.4. The right of access15 KB (2,504 words) - 16:27, 10 March 2022
- CNIL (France) - SAN-2020-003 (category Article 5(1)(c) GDPR)32 GDPR). In that respect, CNIL imposed a fine of 250,000 euros and called SPARTOO SAS to bring its processing activities in conformity with GDPR in a61 KB (10,028 words) - 17:09, 6 December 2023
- Tietosuojavaltuutetun toimisto (Finland) - 8205/154/18 (category Article 5 GDPR)the data controller to bring the processing operations in line with the provisions of the GDPR in accordance with Article 58 (2) (d). Share blogs or news12 KB (1,810 words) - 13:07, 3 March 2024
- UODO (Poland) - ZSPR.421.19.2019 (category Article 4(1) GDPR)referred to in paragraphs 4, 5 and 6 of this Article are effective, proportionate and dissuasive in each individual case (paragraph 1). In accordance with29 KB (4,698 words) - 10:02, 17 November 2023
- OLG Hamm - 7 U 19/23 (category Article 82 GDPR)requirements of the GDPR; Because from Recital 171 Sentence 2 GDPR, from Art. 4 No. 2 GDPR and Art. 24 Para. 1, in particular Sentence 2 GDPR, the obligation130 KB (21,874 words) - 09:43, 15 February 2024
- UODO (Poland) - DKN.5131.31.2021 (category Article 5(1)(a) GDPR)category of personal data covered by the breach in question, in the form of PESEL numbers, series and numbers of ID cards, names and surnames, address of residence105 KB (17,237 words) - 09:22, 10 May 2023
- Persónuvernd (Island) - 2022020363 (category Article 5 GDPR)controller. In the case at issue, such processing should also be considered in violation of the GDPR. In particular, the DPA held that in any case, the142 KB (22,881 words) - 12:42, 16 January 2024
- AEPD (Spain) - PS/00262/2020 (category Article 5(2) GDPR)infringement; h) the way in which the supervisory authority learned of the infringement, in particular if the person in charge or the person in charge notified22 KB (3,293 words) - 14:23, 13 December 2023
- Datatilsynet (Norway) - 18/02579 (category Article 5(1)(f) GDPR)of Article 32(1)(b) GDPR and Article 32(1)(d) GDPR and of the principle of accountability as foreseen in Article 5(2) GDPR read in conjunction with Article41 KB (6,337 words) - 18:52, 5 March 2022
- Tietosuojavaltuutetun toimisto (Finland) - 2984/182/2019 (category Article 5(1)(c) GDPR)whether the person who parked the vehicle in the parking lot was entitled to park the vehicle in the parking lot in question. The controller has considered17 KB (2,614 words) - 13:05, 3 March 2024
- Datatilsynet (Denmark) - 2020-441-4364 (category Article 5(1)(a) GDPR)this possible. The vulnerability in Zoo's log-in allowed us to try to find a valid log-in (username and password), which in turn gave unauthorized access33 KB (5,347 words) - 16:39, 6 December 2023
- Garante per la protezione dei dati personali (Italy) - 9445324 (category Article 5(1)(a) GDPR)personal data, approved by resolution no. 98 of 4/4/2019, published in G.U. no. 106 of 8/5/2019 and in www.gpdp.it, web doc. no. 9107633 (hereinafter "Regulation19 KB (2,989 words) - 15:51, 6 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)February 4, 2019; Having regard to the written observations filed by the company SERGIC on March 4, 2019 ; Having regard to the observations in response41 KB (6,558 words) - 17:09, 6 December 2023
- AEPD (Spain) - E/06179/2019 (category Article 32 GDPR)through a specialized cyber team, without any results in the deep neither in the dark web, and (4) due to the huge volume of affected subjects, the data6 KB (386 words) - 13:40, 13 December 2023
- AEPD (Spain) - PS/00306/2019 (category Article 5(1)(c) GDPR)they comply with the provisionscurrent in the matter.C / Jorge Juan, 6www.aepd.es28001 - Madridsedeagpd.gob.es Page 4 4/8Only the community of owners, once22 KB (3,421 words) - 14:27, 13 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)provided for in Article 56(1), read in conjunction with Article 56(2), read in conjunction with Article 56(3), read in conjunction with Article 56(4), read in131 KB (22,429 words) - 16:57, 12 December 2023
- Datatilsynet (Norway) - 20/01627 (category Article 4(1) GDPR)concerning events in the city centre. As such, the DPA held that the recordings captured personal data pursuant to Article 4(1) GDPR. Since the controller45 KB (6,973 words) - 05:12, 15 September 2022
- DSB (Austria) - 2021-0.347.702 (category Article 6(1)(f) GDPR)as evidence in court proceedings under Article 6(1)(f) GDPR as the legitimate interest in doing so outweighed the data subject's interest in keeping his25 KB (3,875 words) - 10:36, 11 January 2024
- AEPD (Spain) - PS/00235/2020 (category Article 6(1) GDPR)infringement; h) the way in which the supervisory authority learned of the infringement, in particular if the person in charge or the person in charge notified24 KB (3,766 words) - 14:21, 13 December 2023
- Datatilsynet (Denmark) - 2023-432-0016 (category Article 4(11) GDPR)Article 9(2) GDPR and the conditions for consent pursuant to Article 4(11) GDPR had to be assessed in light of the relevant circumstances in which the consent46 KB (7,192 words) - 12:37, 19 December 2023
- Datatilsynet (Denmark) - 2019-41-0028 (category Article 32 GDPR)emails sent in connection with messages in respectively. Krifa Box and Secure @ Mail. In the case of an advisory email about new e-mail in Secure @ Mail24 KB (3,947 words) - 16:24, 6 December 2023
- UODO (Poland) - DKN.5130.2024.2020 (category Article 5(1)(f) GDPR)first time in the e-mail of [...] February 2020 addressed by AM to e. In a similar case, as of [...] February 2020. He mentioned in it that in connection75 KB (12,104 words) - 09:58, 17 November 2023
- Rb. Midden-Nederland - UTR- 20 817 en UTR 20 3081 (category Article 77 GDPR)78(2) GDPR defines the applicable time frame in line with Article 4:13(1) of the Dutch Administrative law. The reason for not putting a deadline in the law25 KB (3,954 words) - 13:39, 16 November 2020
- Datatilsynet (Denmark) - 2019-441-1581 (category Article 34 GDPR)registered (customers) pursuant to GDPR art. 34? It follows from GDPR art. 34 that Nemlig and Intervare as data controllers in case of security breach is obliged24 KB (3,365 words) - 16:37, 6 December 2023
- AP (The Netherlands) - 4.02.2021 (category Article 8 GDPR)Regulations on the Use of Citizen Service Numbers in Healthcare ('Regeling gebruik burgerservicenummer in de zorg') read in conjunction with the Act on Additional57 KB (8,053 words) - 17:07, 12 December 2023
- AEPD (Spain) - PS/00416/2019 (category Article 6 GDPR)from users of “*** APPLICATION.1”.m) In fact, certain numbers in the public numbering plan are included bydefect in said "black list" (091, 061, 112, 092206 KB (32,869 words) - 14:36, 13 December 2023
- DSB (Austria) - 2020-0.743.659 (category Article 4(15) GDPR)margin no. 50). According to Art. 4 No. 15 GDPR in conjunction with recital. 35, second sentence of the GDPR, also numbers, symbols or labels that have been50 KB (8,015 words) - 13:52, 12 May 2023
- AEPD (Spain) - PS/00058/2020 (category Article 5(1)(f) GDPR)and surname and only four NIF numbers, the rest of the numbers were hidden with an asterisk in the random. In our case, in the same way, when publishing28 KB (4,619 words) - 13:53, 13 December 2023
- AEPD (Spain) - EXP202104875 (category Article 5(1)(f) GDPR)is typified in article 83.4.a) of the aforementioned GDPR in the following terms: "4. Violations of the following provisions will be penalized, according54 KB (8,451 words) - 13:35, 13 December 2023
- AEPD (Spain) - PS/00024/2019 (category Article 5(1)(f) GDPR)namely Article 5(1)(f) GDPR, and thus, it did not comply with Article 5(2) GDPR referred as the principle of "proactive responsibility". In addition, it claimed53 KB (8,593 words) - 13:47, 13 December 2023
- AEPD (Spain) - EXP202210237 (category Article 6(1) GDPR)controller relied on Article (6)(1)(b) GDPR and Article 6(1)(c) GDPR as legal basis affects the holding of the DPA since in PS/00126/2021 the Spanish DPA held:32 KB (4,780 words) - 10:44, 13 December 2023
- AEPD (Spain) - PS/00268/2022 (category Article 5(1)(f) GDPR)the RGPD, typified in article 83.5 of the GDPR, with a warning. -For an infringement of Article 25 of the RGPD, typified in article 83.4 of the RGPD, with63 KB (9,551 words) - 12:33, 13 December 2023
- also stated in the decision. [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article73 KB (9,347 words) - 13:28, 26 July 2023
- AP (The Netherlands) - 10.12.2020 (Booking.com) (category Article 33(1) GDPR)of Booking is located in Amsterdam. 1 See section 3.4.2 in this respect. 3.2 Processing of personal data According to Article 4(1) of the AVG, personal77 KB (12,915 words) - 17:15, 12 December 2023
- HDPA (Greece) - 6/2020 (category Article 5 GDPR)erase personal data in accordance with Article 17(1) of the GDPR, except for the exceptions referred to in Article 17(3) of the GDPR.In this case, the deletion29 KB (4,557 words) - 15:33, 6 December 2023
- AEPD (Spain) - PS/00335/2020 (category Article 5(1)(f) GDPR)cards" showing masked numbers (except the last 4 digits) of a debit card. THIRD: In view of the facts denounced in the claim and the documents provided by34 KB (5,427 words) - 14:30, 13 December 2023
- AEPD (Spain) - EXP202200429 (category Article 5(1)(c) GDPR)of the GDPR, articles: -12 of the GDPR, in accordance with article 83.5.b) of the GDPR and 72.1.k) of the LOPDGDD, and -5.1.c) of the GDPR, in accordance56 KB (9,356 words) - 10:43, 13 December 2023
- AEPD (Spain) - EXP202206735 (category Article 6 GDPR)affected provided for in articles 12 must be fulfilled and 13 of the GDPR, and 22 of the LOPDGDD, in the terms already indicated. 4.- Images of the public75 KB (12,421 words) - 13:23, 13 December 2023
- DSB (Austria) - 2020-0.083.190 (category Article 82(6) GDPR)party in administrative criminal proceedings before the data protection authority in connection with the above-mentioned preliminary proceedings. In any8 KB (961 words) - 13:48, 12 May 2023
- HmbBfDI (Hamburg) - Vermerk: Abdingbarkeit von TOMs (category Article 6(1)(a) GDPR)Mantz, in: Sydow, GDPR, 2nd ed. 3018, Art. 32 GDPR marginal 10. Likewise Piltz, in: Gola, DS-GVO, 2nd edition. 2018, Art. 32 DSGVO Rn. 3. 4Jandt, in: Kühling30 KB (4,562 words) - 15:27, 6 December 2023
- AP (The Netherlands) - 31.05.2021 (category Article 32 GDPR)circumstances mentioned in proportion and at the end of the Fine Policy, as applicable in the present case, further increase or decrease. 4.4 Conclusion The AP106 KB (14,502 words) - 17:09, 12 December 2023
- APD/GBA (Belgium) - 22/2020 (category Article 5(1)(f) GDPR)defendant submitted its observations, which, in accordance with Article 54(1)(b), (3) and (4), (4) and (4), (5) and (5), (5) and (5), (5) and (5), (5)35 KB (5,526 words) - 16:56, 12 December 2023
- AEPD (Spain) - PS/00104/2020 (category Article 5(1)(f) GDPR)defendant is defined in Articles 83.4.a) and 83.4.b) respectively. 83.5.a) of the RGPD, precepts that they establish: Article 83.4: "Violations of the following36 KB (6,022 words) - 13:59, 13 December 2023
- DSB (Austria) - 2022-0.296.352 (category Article 45(3) GDPR)tool. According to Art. 46 Para. 4 GDPR, the European Data Protection Board had to be involved. According to Art. 64 (2) GDPR, any supervisory authority can10 KB (1,335 words) - 13:39, 12 May 2023
- Datatilsynet (Norway) - 21/02873 (category Article 4(16) GDPR)establishment (Article 4(16) GDPR) in Norway and that its processing of the data subject’s personal data was cross-border processing (Article 4(23) GDPR). Therefore13 KB (1,583 words) - 16:20, 6 December 2023
- CNIL (France) - SAN-2022-022 (category Article 12(3) GDPR)data, the company considers that, in accordance with the provisions of recital 63 of the GDPR and Article 15(4) of the GDPR, it is not obliged to respond to59 KB (9,623 words) - 17:03, 6 December 2023
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)communications services in it meaning referred to in 50 US Code § 1881 (4)(b) and is thus subject to surveillance by US intelligence agencies in accordance with113 KB (12,773 words) - 15:20, 6 December 2023
- Persónuvernd - 2020010601 (category Article 4(1) GDPR)data registered in the case file system. 4. Legal environment In this case, the complainant's request for certain information on searches in the National39 KB (6,351 words) - 09:52, 6 May 2021
- AP (The Netherlands) - 10.12.2020 (locatefamily.com) (category Article 27(1) GDPR)nevertheless, in its opinion, result in a disproportionately high fine. 4.3 Level of the fine According to the AP, in this case the following factors, in particular38 KB (6,339 words) - 17:14, 12 December 2023
- GHSHE (Netherlands) - 200.274.447 01 (category Article 5 GDPR)appeal). Article 6.4 of this car scheme reads: "6.4 GPS systems In many cases, the company car is equipped with a GPS system (blackbox). In order to have a60 KB (10,118 words) - 15:12, 5 October 2021
- Council of State - 251.378 (category Article 28(1) GDPR)US, may thus not be in accordance with the GDPR, so that the defendant had to reject that tender, in accordance with the GDPR and in accordance with the40 KB (6,324 words) - 15:34, 1 September 2021
- Garante per la protezione dei dati personali (Italy) - 9435753 (category Article 83(4)(a) GDPR)6 and 24 GDPR? Was the processing by Wind Tre in violation of Articles 5 and 6 GDPR? Was the information provided by Wind Tre to the users in breach of129 KB (21,020 words) - 15:49, 6 December 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)14. The complaint procedure in accordance with Art. 77 GDPR is, in particular in the Austrian procedural design by § 24 GDPR, an adversarial multi-party31 KB (4,648 words) - 13:56, 12 May 2023
- Datatilsynet (Denmark) - 2021-431-0138 (category Article 4(12) GDPR)was a personal data breach pursuant to Article 4(12) GDPR. Moreover, it stated that Article 32(1) GDPR obliges controllers to take appropriate technical16 KB (2,496 words) - 15:23, 24 March 2022
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)enshrined in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not270 KB (43,335 words) - 12:39, 13 December 2023
- AEPD (Spain) - PS/00148/2019 (category Article 6 GDPR)of this Law except in the cases in which it authorizes it or violates the prohibition contained in the paragraph 4 of article 7 " In general, article 748 KB (7,550 words) - 14:05, 13 December 2023
- WSA Warsaw - II Sa/Wa 2222/20 WSA (category Article 4(1) GDPR)100,000 PLN for violating Article 5(1)(a) GDPR and Article 6(1) GDPR by publishing, on its website, numbers of land and mortgage registers without any8 KB (1,112 words) - 05:21, 22 July 2023
- AZOP (Croatia) - Decision 28-08-2019 (category Article 4(1) GDPR)personal data on their website, in violation of Article 5 and Article 6 GDPR. The controller is a health clinic and has been in an ongoing legal dispute with16 KB (2,373 words) - 15:31, 30 October 2023
- AEPD (Spain) - PS/00448/2020 (category Article 5(1)(f) GDPR)the criteria defined in article 83(5)(a) GDPR where a company can be fined up to €20000000, or in the case of an undertaking, up to 4 % of the total worldwide45 KB (7,217 words) - 14:40, 13 December 2023
- Datatilsynet (Denmark) - 2019-431-0048 (category Article 28(1) GDPR)stated in Section 4.5 of the Data Processor Agreement that, in accordance with the Data Protection Regulation, Schultz must assist municipalities in complying18 KB (2,633 words) - 16:36, 6 December 2023
- HDPA (Greece) - 20/2022 (category Article 12(3) GDPR)(Article 21 GDPR) and the right to erasure (Article 17 GDPR) of data subjects. Therefore the controller was not found in breach of Article 25(2) GDPR. The DPA16 KB (2,374 words) - 11:46, 18 August 2022
- UODO (Poland) - DKN. 5131.27.2022 (category Article 33(1) GDPR)mortgage register numbers on the controller’s website constituted a personal data breach within the meaning of Article 4(12) GDPR. Third, in considering the80 KB (13,127 words) - 07:57, 14 September 2022
- AEPD (Spain) - PS/00188/2019 (category Article 5(1)(f) GDPR)is requested in the call referenced in the following point, at the time of said call, there was no contract in force since 2013, date in which the previous39 KB (6,623 words) - 14:08, 13 December 2023
- DSB (Austria) - 2020-0.605.768 (category Article 40 GDPR)context of Articles 40 and 41 GDPR, in particular from Article 40 Paragraph 4 in conjunction with Article 41 Paragraph 2 lit. c) GDPR, namely further that a monitoring19 KB (2,799 words) - 13:52, 12 May 2023
- DSB (Austria) - DSB-D213.1759 (category Article 5(1)(c) GDPR)out in compliance with the processing principles set out in Art. 5 GDPR and on the basis of one of the grounds for permission set out in Art. 6 GDPR. Article72 KB (11,993 words) - 14:21, 10 April 2024
- ICO - Monetary Penalty on Ticketmaster UK Limited (category Article 4(2) GDPR)Article 83e(4) GDPR provides, inter alia, that infringements of the obligations imposed by Article 32 GDPR on the controller and processer will, in accordance130 KB (21,195 words) - 13:52, 25 April 2021
- AP (The Netherlands) - 23.09.2021 (category Article 32(1) GDPR)increase or decrease. 4.4 Conclusion The AP sets the total fine at €400,000. 8For the justification, see paragraphs 4.3.1 and 4.3.2. 24/25Date Unidentified66 KB (8,861 words) - 17:08, 12 December 2023
- Persónuvernd (Iceland) - 2020010355 (category Article 5(1)(f) GDPR) (section Mistake in communication about the data breach)cf. Number 4 Article 3 of the Act and 2. tölul. Article 4 of the Regulation.This case relates to a security breach which resulted in ID numbers and figures44 KB (7,217 words) - 10:04, 12 May 2021
- Datatilsynet (Norway) - 20/02144 (category Article 32(1) GDPR)violated Article 32 GDPR for insufficient risk assessment and the lack of security measures in the app MyPostNord, which used phone numbers as the only means38 KB (5,449 words) - 14:08, 18 January 2023
- AEPD (Spain) - PS/00223/2021 (category Article 17 GDPR)record in the AEPD O00007128e2000007150) that are not listed in their systems registered calls from numbers *** PHONE. 8 or *** PHONE 4 to the numbers ***30 KB (4,594 words) - 07:25, 22 June 2022
- HDPA (Greece) - 29/2023 (category Article 5(1)(c) GDPR)reasons, under Article 58 GDPR, the HDPA reprimanded the controller for violating Article 5(1)(c) GDPR and Article 15 GDPR. In addition, the HDPA ordered21 KB (3,334 words) - 09:12, 25 October 2023
- AEPD (Spain) - EXP202202837 (category Article 6(1) GDPR)considered as processing of personal data under Article 4(2) GDPR, hence making the GDPR applicable. In third place, the DPA recalled the need for a legal basis58 KB (8,995 words) - 13:00, 13 December 2023
- Persónuvernd (Iceland) - 2020010611 (category Article 5(1)(a) GDPR)their ID number when purchasing tickets in violation of Article 5(1) GDPR, Article 5(2) GDPR and Article 6 GDPR. A data subject issued a complaint with37 KB (6,136 words) - 16:05, 30 March 2022
- Garante per la protezione dei dati personali (Italy) - 9735672 (category Article 5(1)(d) GDPR)designed in a predefined way in order to signal and block in real time the attempts to load supply contracts obtained in an opaque manner or in any case380 KB (62,114 words) - 15:20, 26 January 2022
- DSB (Austria) - D122.844/0006-DSB/2018 (category Article 12(5) GDPR)coming into force of the GDPR on 25. 5. 2018. Can a controller charge for access to historic account data under Article 15 GDPR? Is GDPR applicable to a case19 KB (2,936 words) - 13:55, 12 May 2023
- AZOP (Croatia) - Decision 29-06-2022 (bank) (category Article 5 GDPR)winners prize games. In this regard, the Agency, in its statement, requested the company in question to in particular, it is evident in relation to the scope20 KB (3,166 words) - 15:36, 30 October 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)and 13 GDPR? Is the information provided to data subjects throughout the subscription process in compliance with the provisions of Article 13 GDPR? Does48 KB (7,404 words) - 17:09, 6 December 2023
- DSB (Austria) - 2022-0.332.606 (category Article 2(2)(c) GDPR)stored in a file system, without specific to refer to the exceptions in Art. 2 Para. 2 GDPR. In this regard, however, the provisions of the GDPR are opened21 KB (3,166 words) - 13:43, 12 May 2023
- CJEU - C‑319/22 - Gesamtverband Autoteile-Handel (Access to vehicle information) (category Article 4(1) GDPR)compatible with the GDPR? On the first point, the CJEU held that VINs constitute personal data within the meaning of Article 4(1) GDPR, in so far as the natural5 KB (692 words) - 10:17, 16 November 2023
- APD/GBA (Belgium) - 172/2022 (category Article 12(4) GDPR)from from receipt of the request. 9 3 4GDPR, Art. 4.7), 4.8), 24, 26, 28, 29; GDPR, recitals 74, 79 and 81. GDPR, art. 4, 2). 5EDPB, “Guidelines 07/2020 concerning43 KB (6,300 words) - 11:35, 20 December 2022
- UODO (Poland) - DKN.5131.59.2022 (category Article 33(1) GDPR)registration numbers, e-mail addresses, usernames and/or passwords, data on earnings and/or assets, series and numbers of ID cards, telephone numbers , information108 KB (17,728 words) - 07:57, 25 April 2024
- Datatilsynet (Denmark) - 2019-441-1578 (category Article 34 GDPR)registered (customers) pursuant to GDPR art. 34? It follows from GDPR art. 34 that Nemlig and Intervare as data controllers in case of security breach is obliged21 KB (2,901 words) - 16:37, 6 December 2023
- APD/GBA (Belgium) - 05/2021 (category Article 5(1)(f) GDPR)authority to exercise its duties and powers, as set out in the GDPR properly. 4. Breaches of the GDPR 17EDPB Guideline on Examples regarding Data Breach Notification60 KB (9,281 words) - 16:50, 12 December 2023
- Rb. Amsterdam - 20/1908 (category Article 6(1)(c) GDPR) (section 2. Is Spanish royal decree 1070/2017 a law under the GDPR?)points to the preamble to the GDPR in substantiation, in particular under numbers 122 and 128.3.2. Plaintiff also doubts whether in this case there is a legal21 KB (3,054 words) - 10:07, 10 September 2021
- Garante per la protezione dei dati personali (Italy) - 9949453 (category Article 5(1)(a) GDPR)subjects. In relation to this, the DPA stated that the controller violated Article 5(1) GDPR, Article 5(2) GDPR, Article 6(1)(a) GDPR and Article 7 GDPR for44 KB (6,773 words) - 08:38, 29 November 2023
- DSB (Austria) - 2020-0.303.727 (category Article 17(1) GDPR)and therefore the media privilege according to Art. 85 GDPR in conjunction with Section 9 GDPR applies. 3. At the request of the data protection authority21 KB (3,266 words) - 13:51, 12 May 2023
- DSB (Austria) - D122.970/0004-DSB/2019 (category Article 17 GDPR)by e-mail of 4 June 2018 that the complainant's data had been deleted Instead, by e-mail of 4 June 2018, he asked the complainant to fill in a form, providing23 KB (3,622 words) - 13:57, 12 May 2023
- ICO - Monetary penalty Leads Work Limited (category Article 4(11) GDPR)their valid consent. Leads Works Ltd has continued to send significant numbers of marketing texts to individuals throughout, and since, the course of the3 KB (191 words) - 09:47, 22 March 2021
- Garante per la protezione dei dati personali (Italy) - 9880336 (category Article 5(1) GDPR)83, par. 5 of the Regulation, in setting the statutory maximum in the sum of 20 million euros or, for companies, in 4% of the annual worldwide turnover52 KB (8,324 words) - 15:03, 9 May 2023
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)provided. Both in the GDPR itself (Art. 12 Para. 1 GDPR) and specifically in Section 32d Para. 1 AO, it is expressly stipulated that Art. 12-15 GDPR are regulations97 KB (16,519 words) - 09:57, 22 February 2023
- Garante per la protezione dei dati personali (Italy) - 9861289 (category Article 5(1)(f) GDPR)records constitute 'data relating to health' in the sense of Article 4(15) GDPR. Pursuant to Article 9 GDPR, this special category of data can only be disclosed56 KB (9,044 words) - 11:16, 14 March 2023
- NAIH (Hungary) - NAIH/2020/66/21 (category Article 25(1) GDPR)the website in this way across. However, on 4 February 2020, the database was no longer available in this way. The Authority's NAIH / 2020/66/4. By order67 KB (10,492 words) - 10:11, 17 November 2023
- Garante per la protezione dei dati personali (Italy) - 9964761 (category Article 5(1)(a) GDPR)12 GDPR and provide information under Article 13 GDPR and Article 14 GDPR when the data subjects declared themselves interested in its services. In light65 KB (10,464 words) - 09:48, 17 January 2024
- AEPD (Spain) - PS/00365/2019 (category Article 31 GDPR)Article 31 GDPR in conjunction with Article 58(1)(e) GDPR. The AEPD, therefore, agreed to impose a penalty of € 20000 under Article 83(5)(e) GDPR. The fact86 KB (14,295 words) - 14:32, 13 December 2023
- VG Hamburg - 21 K 1802/21 (category Article 4(1) GDPR)Article 9 (1) GDPR, Article 6 (1) GDPR, Article 5 (1) in conjunction with Articles 12, 13 and/or Article 14 GDPR and/or Article 5 (1) (in particular lit115 KB (18,479 words) - 16:31, 25 January 2023
- Persónuvernd (Iceland) - Case no. 2021122409 (category Article 5(1)(f) GDPR)of security within the meaning of Article 4(12) GDPR. In such cases, Article 33(1) GDPR and Article 34(1) GDPR require controllers to, respectively, notify19 KB (2,776 words) - 15:39, 6 December 2022
- DSB (Austria) - 2020-0.191.240 (category Article 4(1) GDPR)purpose of the proceedings and in large numbers ('five files'). The complainant claimed that processing obligations in the sense of obligations to keep66 KB (10,546 words) - 13:50, 12 May 2023
- Garante per la protezione dei dati personali (Italy) - 9856345 (category Article 5(1)(a) GDPR)compliance with the GDPR, since it had not checked if the third party from which it received its calling list was acting in a GDPR complaint manner. Therefore133 KB (21,637 words) - 07:03, 7 March 2023
- AEPD (Spain) - PS/00198/2020 (category Article 6(1) GDPR)6www.aepd.es28001 - Madridsedeagpd.gob.es Page 4 4/11THIRD: The result of the transfer process initiated in the previous Event does notallowed to understand24 KB (3,769 words) - 14:10, 13 December 2023
- AEPD (Spain) - PS/00060/2020 (category Article 58(1)(a) GDPR)data under Article 15 GDPR? The Spanish DPA held that the airline company had not complied with the right to access in Article 15 GDPR when it refused to23 KB (3,695 words) - 13:53, 13 December 2023
- Persónuvernd (Iceland) - Case no. 2021101924 (category Article 6(1)(a) GDPR)its processing in line with the GDPR. Since it had come to the attention of the DPA that the controller had already adjusted in services in such a way that36 KB (5,751 words) - 15:12, 25 January 2023
- Datatilsynet (Denmark) - 2022-442-21566 (category Article 32(1) GDPR)social security numbers and names. In this connection, Hovedstadens Beredskab I/S has stated that the social security numbers are anonymised in the search results14 KB (2,130 words) - 08:15, 21 June 2023
- Datatilsynet (Norway) - 20/03046 (category Article 32 GDPR)that the notified fee is accepted. 4. The requirements of the regulations 4.1. Responsible for processing Article 4 (7) of the Privacy Regulation defines87 KB (13,389 words) - 08:08, 24 June 2022
- DSB (Austria) - D130.073/0008-DSB/2019 (category Article 32 GDPR)implementing a double opt-in process for user registrations, the respondent violated Article 5 GDPR, Article 6 GDPR, and Article 32 GDPR, and § 1 para 1 DSG25 KB (3,605 words) - 13:59, 12 May 2023
- Tietosuojavaltuutetun toimisto (Finland) - 4282/161/21 (category Article 5(1)(f) GDPR)controller had violated Article 5(1)(f) GDPR, Article 17(1) GDPR, Article 25(1) GDPR, Article 32(1) GDPR and Article 32(2) GDPR. As a result, the DPA issued a reprimand56 KB (8,980 words) - 08:47, 4 March 2024
- the Austrian Armed Forces in order to asses the member in the context of an "extended reliability check" which is foreseen in national law. The Respondent28 KB (3,418 words) - 13:49, 12 May 2023
- Datatilsynet (Denmark) - 2020-31-4131 (category Article 2(1) GDPR)the processing of personal data is not covered by the GDPR, according to Article 2(2)(c) of the GDPR. However, the DPA concluded that Orienteringsret.dk24 KB (3,651 words) - 16:38, 6 December 2023
- LG Augsburg - 022 O 2669/22 (category Article 5(1)(f) GDPR)13, 14 GDPR), also the defendant clearly and in ease language pointed to the default settings, so no breach of Article 25 GDPR or Article 32 GDPR either26 KB (4,101 words) - 10:24, 13 March 2024
- LG Ravensburg - 2 O 228/22 (category Article 15 GDPR)under Art. 34 GDPR or the supervisory authority under Art. 33 GDPR, since the requirements of the legal definition in Art. 4 No. 12 GDPR were not met.26 KB (4,057 words) - 13:39, 11 April 2024
- which consists in saving the telephone numbers of individuals in the company's telephone number database. All persons who agree to participate in a survey by20 KB (2,817 words) - 12:54, 17 December 2022
- AEPD (Spain) - PS/00010/2020 (category Article 6(1)(a) GDPR)referred to in paragraphs 4, 9 and 6 is in each individual case effective, proportionate and dissuasive. "Administrative fines shall be imposed in addition22 KB (3,523 words) - 13:45, 13 December 2023
- DSB (Austria) - 2020-0.550.322 (category Article 4(2) GDPR)infringement. Thus, in the area of application of the GDPR - as applied in the present case - the absorption principle of Art. 83 (3) GDPR applies. 4. In relation26 KB (4,098 words) - 13:51, 12 May 2023
- DSB (Austria) - 2020-0.349.984 (category Article 4(2) GDPR)(Art. 6 Para. 1 lit. f GDPR). In this context, Art. 6 Para. 1 lit. c GDPR in conjunction with the PMG and Art. 6 Para. 1 lit. f GDPR relevant: The Respondent28 KB (4,228 words) - 14:00, 12 May 2023
- Datatilsynet (Denmark) - 2021-431-0163 (category Article 32(1) GDPR)Article 33 GDPR, it is the controller's duty to report breaches, while processors may assist as outlined in Article 28(3)(f) GDPR. In fact, the GDPR does not26 KB (3,912 words) - 10:46, 22 November 2023
- DSB (Austria) - 2020-0.816.655 (category Article 4(16)(a) GDPR)of the main establishment of the respondent (Art. 4(16)(a) GDPR) in Austria, whereby the complaint in question was lodged directly with the Austrian Data28 KB (4,230 words) - 13:53, 12 May 2023
- NAIH (Hungary) - NAIH/2020/974/4 (category Article 5(1)(a) GDPR)camera system, in a multi-locked location. After processing, the data was stored in tabular (.csv) format in The paper sheets are stored in a multi-locked67 KB (10,815 words) - 10:11, 17 November 2023
- NSA - III OSK 1522/21 (category Article 4(1) GDPR)information in the manner and in the form specified in the request (paragraph 1). If public information cannot be made available in the manner or in the form47 KB (7,566 words) - 11:37, 15 November 2022
- UODO (Poland) - DKN.5131.29.2022 (category Article 28(1) GDPR)28(9) GDPR requires the agreement to be in writing, including in electronic form. Second, the DPA clarified the roles of the entities involved in processing48 KB (7,612 words) - 09:46, 25 April 2024
- IDPC (Malta) - CDP/54/2023 (category Article 4(1) GDPR)processing according to Article 4(2) GDPR and thus requires a legal basis according to Article 6(1) GDPR and comply with Article 5 GDPR. The controller did not16 KB (2,429 words) - 14:21, 7 May 2024
- Garante per la protezione dei dati personali (Italy) - 9894662 (category Article 5(2) GDPR)the calling numbers as its own numbers. 3) Similarly, the controller presented several arguments in relation to telephone directories. In general, it stated245 KB (40,390 words) - 14:30, 21 June 2023
- GHARL - 21/00910 (category Article 6(1)(c) GDPR)available data as referred to in Article 4, opening words and under 2 of the GDPR, and thus as processing within the meaning of the GDPR. Because submission is23 KB (3,625 words) - 15:11, 3 August 2022
- AEPD (Spain) - PS/00152/2020 (category Article 33 GDPR)foundation in its capacity of controller. In October 2019 the foundation notified the AEPD for the data breach. Which provisions of the GDPR did the AEPD27 KB (4,243 words) - 14:06, 13 December 2023
- LG Gießen - 5 O 195/22 (category Article 82(1) GDPR)under Article 82(1) GDPR were awarded for the web-scraping of publicly accessible personal data as the mere infringement of the GDPR is not sufficient to11 KB (1,678 words) - 14:32, 15 November 2022
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)including health data, recorded in copies Article 6 (1) of the GDPR and, in the case of health data, Article 9 of the GDPR. Article 1 (1); (3) did not provide72 KB (11,159 words) - 10:09, 17 November 2023
- APDCAT (Catalonia) - PS 28/2021 (category Article 5(1)(f) GDPR)council had violated Article 13 GDPR and Article 25(1) GDPR. However, since the deficiencies regarding Article 13 GDPR were corrected before the end of42 KB (6,526 words) - 14:26, 24 November 2022
- APD/GBA (Belgium) - 38/2021 (category Article 5 GDPR)meaning of Article 4.9. of the GDPR, but this quality does not exclude that in turn, it has intervened in the capacity of treatment. 4.1. As regards the73 KB (11,604 words) - 16:57, 12 December 2023
- Persónuvernd (Iceland) - 202112772 (category Article 35(1) GDPR)2016/679, as defined in the first paragraph. Article 4 of the Act, cf. Points 2 and 4 Article 3 of the Act and points 1 and 2. Article 4 of the Regulation46 KB (7,050 words) - 09:55, 16 December 2021
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)communications services in it meaning referred to in 50 US Code § 1881 (4)(b) and is thus subject to surveillance by US intelligence agencies in accordance with131 KB (14,752 words) - 08:36, 5 July 2023
- LG Duisburg - 10 O 126/22 (category Article 82 GDPR)the scope of Art. 82 GDPR, since this is not a processing of personal data i. s.d. Art. 4 No. 2 GDPR. According to Art. 4 No. 2 GDPR, processing is any process63 KB (10,478 words) - 09:40, 15 February 2024
- AEPD (Spain) - PS/00200/2021 (category Article 6(1) GDPR)infringement; h) the way in which the supervisory authority learned of the infringement, in in particular if the person in charge or the person in charge notified23 KB (3,787 words) - 09:50, 5 August 2021
- DSB (Austria) - D123.768/0004-DSB/2019 (category Article 4(4) GDPR)CFR Art8 para 11 CFR Art11 para 1 ECHR Art10 para 1 GDPR Art4 no 2 GDPR Art4 no 7 GDPR Art85 para 1 GDPR Art85 para 2 Text GZ: DSB-D123.768/0004-DSB/201929 KB (4,637 words) - 13:57, 12 May 2023
- Datatilsynet (Denmark) - 2021-441-9356 (category Article 4(12) GDPR)breach in connection with the company testing a new scanning tool. The tool was set to search for social security numbers and credit card numbers. The scan14 KB (2,142 words) - 12:58, 14 June 2022