• Courses
      • Executive Management Courses
      • Global Series of National Privacy Laws
      • Netherlands Privacy Academy (in Dutch)
      • Caribbean Data Protection Academy
    • Resources
    • Join GADPPRO ACADEMY
      • Join GADPPRO Academy as an Official Partner
      • Become an Official GADPPRO Training Entity
      • Join the GADPPRO Business Academy
      • Secretariat & International Training Centre
      • Contact Us
    •  
      • RegisterLog in
    Privacad GADPPRO Academy
      • Courses
        • Executive Management Courses
        • Global Series of National Privacy Laws
        • Netherlands Privacy Academy (in Dutch)
        • Caribbean Data Protection Academy
      • Resources
      • Join GADPPRO ACADEMY
        • Join GADPPRO Academy as an Official Partner
        • Become an Official GADPPRO Training Entity
        • Join the GADPPRO Business Academy
        • Secretariat & International Training Centre
        • Contact Us
      •  
        • RegisterLog in

      Blog

      Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679

      • Categories Blog, Business, Design / Branding, Free Data Protection Resources, Uncategorized
      • Date November 29, 2020

      Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679

      Paragraph 3.1.2 Compliance of the action envisaged in the draft decision in relation to the controller orprocessor with the GDPR

      32. In this second scenario, the content of the relevant and reasoned objection amounts to a disagreement regarding the particular corrective measure proposed or other action envisaged in the draft decision.

      33. More specifically, the relevant and reasoned objection should explain why the action foreseen in the draft decision is not in line with the provisions of the GDPR. To this end, the CSA must clearly set out its factual and/or legal arguments underlying the different assessment of the situation, by indicating which action would be appropriate for the LSA to undertake and include in the final decision.

      Example 1: The controller disclosed sensitive medical data of the complainant to a third party without a legal basis. In the draft decision, the LSA proposed to issue a reprimand, while the CSA provides factual arguments showing that the controller is facing broad and systemic issues in its compliance with the GDPR (e.g. it regularly discloses the clients’ data to third parties). Therefore, it proposes that the order to bring processing operations into compliance/a temporary ban on data processing or a fine should be imposed.

      Example 2: Due to a mistake of one of its employees, the controller published the name, last name and telephone numbers of all its 100.000 clients on its website. These personal data were publicly accessible for two days. As the controller reacted as soon as possible, the mistake was reported,  andall the clients were individually informed, the LSA planned to issue a reprimand. One CSA however considers that, due to the large scale of the data breach and its possible impact/risk on the private life of the clients, the imposition of a fine would be required.

      34. As enshrined in the last sentence of Art. 65 (1)(a) the binding decision of the EDPB shall concern all the matters which are subject of the objection, in particular in case of an infringement. Recital 150 sentence 5 states that the consistency mechanism may also be used to promote a consistent application of administrative fines. Therefore, it is possible that the objection challenges the elements relied upon to calculate the amount of the fine. If the assessment identifies causal shortcomings, the LSA will be instructed to remit the fine, by eliminating the shortcomings within a given financial framework appropriate to the case. This assessment should be based on common EDPB standards stemming from Art. 83(1) and (2) GDPR and the Guidelines on the calculation of administrative fines.

      Example: The CSA considers that the level of the fine envisaged by the LSA in the draft decision is not effective, proportionate or dissuasive, as required by Article 83 (1) GDPR, taking account of the facts of the case.

      • Share:
      User Avatar
      Richard V

      Previous post

      Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679
      November 29, 2020

      Next post

      Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679
      November 29, 2020

      You may also like

      Children Safety Encryption www.privacad.com
      Apple’s New Step to Protect Child Abuse via Encryption Feature
      20 August, 2021
      DNA Technology and Privacy www.privacad.com
      DNA Technology Regulation Bill and Violation of Privacy for Minority Groups
      19 August, 2021
      www.privacad.com
      India accuses Twitter of not complying with new IT rules
      18 August, 2021

      Search

      Categories

      • Blog
      • Business
      • Design / Branding
      • Free Data Protection Resources
      • Nederlandse Privacy Academie
      • Uncategorized
      Facebook-f Linkedin-in

      © Privacad 2020

      For all your questions about courses

      students@privacad.com

      For all your questions about Privacad for business

      info@privacad.com

      Links

      • Courses
      • Become a GADPPRO Academy Official Training Entity
      • Resources
      • Free Data Protection Resources
      • Blog
      • Profile
      • Students Stewards Network (SSN)

      Support

      • Privacy Policy
      • Terms of Use
      • FAQs
      • Contact

      © GADPPRO Academy | Privacad 2023

      GADPPRO Academy 2023

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account

      Are you a member? Login now