Resolutions, opinions and reports search tool

Access by the bodies representing public workers to the remuneration information of these people on a case-by-case basis will be conditional upon the applicable legislative provisions and concurrent circumstances in the specific case. University workers' committee members on the negotiating Commission for the Equality Plan must be able to access the information in the Retributive Register, which must comply with the terms of Article 28.2 of the ET, despite having professional categories with a small number of workers, while remaining those obliged to respect the confidentiality of the information obtained, as well as the principle of purpose.

The principle of application is violated, since the processing of biometric data by students is not included in any of the exceptions provided for in Article 9.2 GDPR, for the processing of special categories of data.

The claimant exercised his right to object to the effects that the FUOC did not provide his personal data to (...). In this respect, this Authority cannot ignore the fact that (...) it has the status of processor of the FUOC and that, the legal basis that legitimises the submission of data to (...) is, precisely, the execution of a contract. Given that the processing of controversial personal data does not fall within the scope of Article 21 of the GDPR, in order to exercise the right of opposition, it is appropriate to reject this claim to guardianship of the right of opposition.

The access and obtaining of a copy, by the Personnel Board, of the documentation certifying the merits alleged by the people participating in a provision process does not comply with the data protection regulations, due to the which should limit the query to the identity of the people who have obtained a job and the scores obtained in the different merits assessed.

The complainant, in his capacity as a student of the UAB, received an informative email from the International Day of the Workers' Women. By not wanting to receive any more emails of this type, he responded to the university's email, so his message was received by third parties outside his sender. This is attributable to their actions, and not to a human error or computer error by the reported entity that has led to a violation of the data protection rules, which is why the complaint is filed.

Since the requested entity partially handed over the information subject to the right of access, it is appropriate to estimate the claim, and to require the FUOC to comply with the literality of Article 15 GDPR by handing the claimant any data in his possession referring to his person, with the understanding that, in addition to the submission of the data provided for in the aforementioned article, the documents that are stated in this legal basis, as well as other information relating to the claimant, should be handed over to the claimant, which would open up to the claimant's power.

A person had been registered in a university for the purpose of receiving information about studies, which he did not eventually enroll, and requested the deletion of his personal data, without achieving such a deletion. The Authority dismisses his claim, considering that the university had not deleted his data because that person did not accredit his identity, despite having requested it, and the email address from which he made the application for deletion did not appear in the university's databases.

A former UOC worker, who maintained the role as a student, continued to receive emails linked to her work as a worker (ppi. request) and could continue accessing a folder with information from other people (safety measures).

The proposed anonymization process would not guarantee the treatment of anonymous data within the Project to be developed by the University. However, the option of articulating the treatment on the basis of the explicit consent of the persons concerned could be considered, without prejudice to the adoption of appropriate measures to ensure that this treatment is in line with the RGPD, such as providing detailed and clear information in this regard, and applying the measures indicated in the opinion to make re-identification difficult.

The collection of data has to respect the principle|beginning of loyalty. For the treatment of special categories of data, it is necessary that one of the foreseen circumstances contributes to article|item 9.2 RGPD. In the collection of data cash has to be made the law|right of information. To determine the appropriate technical and organizational measures to guarantee the security|certainty of the data, it is necessary to make one analysis of risks. With character previous to the treatment, it is necessary to carry out an evaluation of impact related to the data protection when the treatment entails a high risk for the rights and freedoms of the affected persons. The representative of data protection has to take part in all the questions related to the data protection personal in a suitable way and in the appropriate moment.