Art. 44 GDPR – General principle for transfers
Art. 44 GDPR General principle for transfers Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to…
Month: November 2018
Art. 43 GDPR – Certification bodies
Art. 43 GDPR Certification bodies Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, certification bodies which have an appropriate level…
Art. 42 GDPR – Certification
Art. 42 GDPR Certification The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level, the establishment of data protection certification mechanisms…
Art. 41 GDPR – Monitoring of approved codes of conduct
Art. 41 GDPR Monitoring of approved codes of conduct Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, the monitoring of…
Art. 40 GDPR – Codes of conduct
Art. 40 GDPR Codes of conduct The Member States, the supervisory authorities, the Board and the Commission shall encourage the drawing up of codes of conduct intended to contribute…
Art. 39 GDPR – Tasks of the data protection officer
Art. 39 GDPRTasks of the data protection officer The data protection officer shall have at least the following tasks: to inform and advise the controller or the processor and…
Art. 38 GDPR – Position of the data protection officer
Art. 38 GDPR Position of the data protection officer The controller and the processor shall ensure that the data protection officer is involved, properly and in a timely manner,…
Art. 37 GDPR – Designation of the data protection officer
Art. 37 GDPR Designation of the data protection officer The controller and the processor shall designate a data protection officer in any case where: the processing is carried out…
Art. 36 GDPR – Prior consultation
Art. 36 GDPR Prior consultation The controller shall consult the supervisory authority prior to processing where a data protection impact assessment under Article 35 indicates that the processing would…
Art. 35 GDPR – Data protection impact assessment
Art. 35 GDPR Data protection impact assessment Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the…
Art. 34 GDPR – Communication of a personal data breach to the data subject
Art. 34 GDPRCommunication of a personal data breach to the data subject When the personal data breach is likely to result in a high risk to the rights and…
Art. 33 GDPR – Notification of a personal data breach to the supervisory authority
Art. 33 GDPR Notification of a personal data breach to the supervisory authority In the case of a personal data breach, the controller shall without undue delay and, where…
Art. 32 GDPR – Security of processing
Art. 32 GDPRSecurity of processing Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as…
Art. 31 GDPR – Cooperation with the supervisory authority
Art. 31 GDPRCooperation with the supervisory authority The controller and the processor and, where applicable, their representatives, shall cooperate, on request, with the supervisory authority in the performance of…
Art. 30 GDPR – Records of processing activities
Art. 30 GDPR Records of processing activities Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility. That record shall contain…
Art. 29 GDPR – Processing under the authority of the controller or processor
Art. 29 GDPRProcessing under the authority of the controller or processor The processor and any person acting under the authority of the controller or of the processor, who has…
Art. 28 GDPR – Processor
Art. 28 GDPR Processor Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical…
Art. 27 GDPR – Representatives of controllers or processors not established in the Union
Art. 27 GDPRRepresentatives of controllers or processors not established in the Union Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the…
Art. 26 GDPR – Joint controllers
Art. 26 GDPR Joint controllers Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner…
Art. 25 GDPR – Data protection by design and by default
Art. 25 GDPR Data protection by design and by default Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes…
Art. 24 GDPR – Responsibility of the controller
Art. 24 GDPR Responsibility of the controller Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for…
Recital 171 – Repeal of Directive 95/46/EC and transitional provisions
Recital 171 Repeal of Directive 95/46/EC and transitional provisions Directive 95/46/EC should be repealed by this Regulation. Processing already under way on the date of application of this Regulation…
Recital 170 – Principle of subsidiarity and principle of proportionality
Recital 170 Principle of subsidiarity and principle of proportionality Since the objective of this Regulation, namely to ensure an equivalent level of protection of natural persons and the free…
Recital 172 – Consultation of the European Data Protection Supervisor
Recital 172 Consultation of the European Data Protection Supervisor The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and delivered an…
Recital 168 – Implementing acts on standard contractual clauses
Recital 168Implementing acts on standard contractual clauses The examination procedure should be used for the adoption of implementing acts on standard contractual clauses between controllers and processors and between…
