Month: November 2018

Art. 44 GDPR – General principle for transfers

Art. 44 GDPRGeneral principle for transfers 1Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an…

Read more 0 comments

Art. 43 GDPR – Certification bodies

Art. 43 GDPRCertification bodies 1Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, certification bodies which have an appropriate level of…

Read more 0 comments

Art. 42 GDPR – Certification

Art. 42 GDPRCertification 1The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level, the establishment of data protection certification mechanisms and…

Read more 0 comments

Art. 41 GDPR – Monitoring of approved codes of conduct

Art. 41 GDPRMonitoring of approved codes of conduct Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, the monitoring of compliance…

Read more 0 comments

Art. 40 GDPR – Codes of conduct

Art. 40 GDPRCodes of conduct The Member States, the supervisory authorities, the Board and the Commission shall encourage the drawing up of codes of conduct intended to contribute to…

Read more 0 comments

Art. 39 GDPR – Tasks of the data protection officer

Art. 39 GDPRTasks of the data protection officer The data protection officer shall have at least the following tasks: to inform and advise the controller or the processor and…

Read more 0 comments

Art. 38 GDPR – Position of the data protection officer

Art. 38 GDPRPosition of the data protection officer The controller and the processor shall ensure that the data protection officer is involved, properly and in a timely manner, in…

Read more 0 comments

Art. 37 GDPR – Designation of the data protection officer

Art. 37 GDPRDesignation of the data protection officer The controller and the processor shall designate a data protection officer in any case where: the processing is carried out by…

Read more 0 comments

Art. 36 GDPR – Prior consultation

Art. 36 GDPRPrior consultation The controller shall consult the supervisory authority prior to processing where a data protection impact assessment under Article 35 indicates that the processing would result…

Read more 0 comments

Art. 35 GDPR – Data protection impact assessment

Art. 35 GDPRData protection impact assessment 1Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing,…

Read more 0 comments

Art. 34 GDPR – Communication of a personal data breach to the data subject

Art. 34 GDPRCommunication of a personal data breach to the data subject When the personal data breach is likely to result in a high risk to the rights and…

Read more 0 comments

Art. 33 GDPR – Notification of a personal data breach to the supervisory authority

Art. 33 GDPRNotification of a personal data breach to the supervisory authority 1In the case of a personal data breach, the controller shall without undue delay and, where feasible,…

Read more 0 comments

Art. 32 GDPR – Security of processing

Art. 32 GDPRSecurity of processing Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as…

Read more 0 comments

Art. 31 GDPR – Cooperation with the supervisory authority

Art. 31 GDPRCooperation with the supervisory authority The controller and the processor and, where applicable, their representatives, shall cooperate, on request, with the supervisory authority in the performance of…

Read more 0 comments

Art. 30 GDPR – Records of processing activities

Art. 30 GDPRRecords of processing activities 1Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility. 2That record shall contain all…

Read more 0 comments

Art. 29 GDPR – Processing under the authority of the controller or processor

Art. 29 GDPRProcessing under the authority of the controller or processor The processor and any person acting under the authority of the controller or of the processor, who has…

Read more 0 comments

Art. 28 GDPR – Processor

Art. 28 GDPRProcessor Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and…

Read more 0 comments

Art. 27 GDPR – Representatives of controllers or processors not established in the Union

Art. 27 GDPRRepresentatives of controllers or processors not established in the Union Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the…

Read more 0 comments

Art. 26 GDPR – Joint controllers

Art. 26 GDPRJoint controllers 1Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. 2They shall in a transparent manner determine…

Read more 0 comments

Art. 25 GDPR – Data protection by design and by default

Art. 25 GDPRData protection by design and by default Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of…

Read more 0 comments

Art. 24 GDPR – Responsibility of the controller

Art. 24 GDPRResponsibility of the controller 1Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the…

Read more 0 comments

Recital 171 – Repeal of Directive 95/46/EC and transitional provisions

Recital 171Repeal of Directive 95/46/EC and transitional provisions 1Directive 95/46/EC should be repealed by this Regulation. 2Processing already under way on the date of application of this Regulation should…

Read more 0 comments

Recital 170 – Principle of subsidiarity and principle of proportionality

Recital 170Principle of subsidiarity and principle of proportionality 1Since the objective of this Regulation, namely to ensure an equivalent level of protection of natural persons and the free flow…

Read more 0 comments

Recital 172 – Consultation of the European Data Protection Supervisor

Recital 172Consultation of the European Data Protection Supervisor The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and delivered an opinion…

Read more 0 comments

Recital 168 – Implementing acts on standard contractual clauses

Recital 168Implementing acts on standard contractual clauses The examination procedure should be used for the adoption of implementing acts on standard contractual clauses between controllers and processors and between…

Read more 0 comments