EDPBI:CY:OSS:D:2022:485
EDPBI:CY:OSS:D:2022:485
- CSA
-
-
de
-
- Main legal reference
- Article 17 (Right to erasure (‘right to be forgotten’))
- Relevant topics
- Outcome
- Dismissal/Rejection of the case
EDPBI:EE:OSS:D:2022:496
EDPBI:EE:OSS:D:2022:496
- CSA
-
-
de
-
es
-
at
-
fr
-
pl
- Main legal reference
- Article 32 (Security of processing)
- Outcome
- No sanction
EDPBI:EE:OSS:D:2022:469
EDPBI:EE:OSS:D:2022:469
- CSA
-
-
lt
-
fr
-
hu
-
de
-
es
-
- Main legal reference
- Article 5 (Principles relating to processing of personal data)
- Article 6 (Lawfulness of processing)
- Article 21 (Right to object)
- Article 7 (Conditions for consent)
- Relevant topics
- Outcome
- Reprimand
EDPBI:EE:OSS:D:2022:447
EDPBI:EE:OSS:D:2022:447
- CSA
-
-
lt
-
- Main legal reference
- Article 5 (Principles relating to processing of personal data)
- Article 6 (Lawfulness of processing)
- Relevant topics
- Outcome
- Reprimand
EDPBI:DE:OSS:D:2022:335
EDPBI:DE:OSS:D:2022:335
- CSA
-
-
pl
-
- Main legal reference
- Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject)
- Article 15 (Right of access by the data subject)
- Relevant topics
- Outcome
- Reprimand
EDPBI:SE:OSS:D:2023:975
EDPBI:SE:OSS:D:2023:975
- CSA
-
-
fr
-
de
-
es
-
ee
-
pl
- Main legal reference
- Article 6 (Lawfulness of processing)
- Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject)
- Article 21 (Right to object)
- Relevant topics
- Outcome
- Administrative fine
EDPBI:SE:OSS:D:2023:883
EDPBI:SE:OSS:D:2023:883
- CSA
-
-
at
-
de
-
it
-
pl
-
- Main legal reference
- Article 17 (Right to erasure (‘right to be forgotten’))
- Relevant topics
- Outcome
- Other
EDPBI:SE:OSS:D:2023:864
EDPBI:SE:OSS:D:2023:864
- CSA
-
-
at
-
de
-
it
-
pl
-
- Main legal reference
- Article 15 (Right of access by the data subject)
- Relevant topics
- Outcome
- Other
EDPB website auditing tool
Go to
EDPB website auditing tool
GDPR-CARPA
- Scheme owner
- LU SA
- Scope
Any type of processing except:
personal data processing operations specifically targeting minors under 16 years old,
processing operations in the context of a joint controllership,
processing operations in the context of article 10 GDPR, except those that are clearly defined and regulated by Luxembourgish or European Laws and for which the CNPD is the competent supervisory authority (e.g. Loi du 1er août 2018 relative à la protection des personnes physiques à l’égard du traitement des données à caractère personnel en matière pénale ainsi qu’en matière de sécurité nationale),
processing operations of entities that have not officially designated a DPO* (article 37 GDPR). - Type of criteria
- National certification criteria
- Certification as tool for transfers
- No
- List of documents assessed by the EDPB
- LU SA – GDPR-CARPA Certification criteria-1.docx