Month: November 2018

Recital 119 – Organisation of several supervisory authorities of a Member State

Recital 119Organisation of several supervisory authorities of a Member State 1Where a Member State establishes several supervisory authorities, it should establish by law mechanisms for ensuring the effective participation…

Read more 0 comments

Recital 120 – Features of supervisory authorities

Recital 120Features of supervisory authorities 1Each supervisory authority should be provided with the financial and human resources, premises and infrastructure necessary for the effective performance of their tasks, including…

Read more 0 comments

Recital 121 – Independence of the supervisory authorities

Recital 121Independence of the supervisory authorities 1The general conditions for the member or members of the supervisory authority should be laid down by law in each Member State and…

Read more 0 comments

Recital 102 – International agreements for an appropriate level of data protection

Recital 102International agreements for an appropriate level of data protection 1This Regulation is without prejudice to international agreements concluded between the Union and third countries regulating the transfer of…

Read more 0 comments

Recital 103 – Appropriate level of data protection based on an adequacy decision

Recital 103Appropriate level of data protection based on an adequacy decision 1The Commission may decide with effect for the entire Union that a third country, a territory or specified…

Read more 0 comments

Recital 104 – Criteria for an adequacy decision

Recital 104Criteria for an adequacy decision 1In line with the fundamental values on which the Union is founded, in particular the protection of human rights, the Commission should, in…

Read more 0 comments

Recital 105 – Consideration of international agreements for an adequacy decision

Recital 105Consideration of international agreements for an adequacy decision 1Apart from the international commitments the third country or international organisation has entered into, the Commission should take account of…

Read more 0 comments

Recital 106 – Monitoring and periodic review of the level of data protection

Recital 106Monitoring and periodic review of the level of data protection 1The Commission should monitor the functioning of decisions on the level of protection in a third country, a…

Read more 0 comments

Recital 107 – Amendment, revocation and suspension of adequacy decisions

Recital 107Amendment, revocation and suspension of adequacy decisions 1The Commission may recognise that a third country, a territory or a specified sector within a third country, or an international…

Read more 0 comments

Recital 108 – Appropriate safeguards

Recital 108Appropriate safeguards 1In the absence of an adequacy decision, the controller or processor should take measures to compensate for the lack of data protection in a third country…

Read more 0 comments

Recital 109 – Standard data protection clauses

Recital 109Standard data protection clauses The possibility for the controller or processor to use standard data-protection clauses adopted by the Commission or by a supervisory authority should prevent controllers…

Read more 0 comments

Recital 110 – Binding corporate rules

Recital 110Binding corporate rules A group of undertakings, or a group of enterprises engaged in a joint economic activity, should be able to make use of approved binding corporate…

Read more 0 comments

Recital 111 – Exceptions for certain cases of international transfers

Recital 111Exceptions for certain cases of international transfers 1Provisions should be made for the possibility for transfers in certain circumstances where the data subject has given his or her…

Read more 0 comments

Recital 112 – Data transfers due to important reasons of public interest

Recital 112Data transfers due to important reasons of public interest 1Those derogations should in particular apply to data transfers required and necessary for important reasons of public interest, for…

Read more 0 comments

Recital 113 – Transfers qualified as not repetitive and that only concern a limited number of data subjects

Recital 113Transfers qualified as not repetitive and that only concern a limited number of data subjects 1Transfers which can be qualified as not repetitive and that only concern a…

Read more 0 comments

Recital 114 – Safeguarding of enforceability of rights and obligations in the absence of an adequacy decision

Recital 114Safeguarding of enforceability of rights and obligations in the absence of an adequacy decision In any case, where the Commission has taken no decision on the adequate level…

Read more 0 comments

Recital 115 – Rules in third countries contrary to the Regulation

Recital 115Rules in third countries contrary to the Regulation 1Some third countries adopt laws, regulations and other legal acts which purport to directly regulate the processing activities of natural…

Read more 0 comments

Recital 116 – Cooperation among supervisory authorities

Recital 116Cooperation among supervisory authorities 1When personal data moves across borders outside the Union it may put at increased risk the ability of natural persons to exercise data protection…

Read more 0 comments

Recital 85 – Notification obligation of breaches to the supervisory authority

Recital 85Notification obligation of breaches to the supervisory authority 1A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or non-material…

Read more 0 comments

Recital 86 – Notification of data subjects in case of data breaches

Recital 86Notification of data subjects in case of data breaches 1The controller should communicate to the data subject a personal data breach, without undue delay, where that personal data…

Read more 0 comments

Recital 87 – Promptness of reporting / notification

Recital 87Promptness of reporting / notification 1It should be ascertained whether all appropriate technological protection and organisational measures have been implemented to establish immediately whether a personal data breach…

Read more 0 comments

Recital 88 – Format and procedures of the notification

Recital 88Format and procedures of the notification 1In setting detailed rules concerning the format and procedures applicable to the notification of personal data breaches, due consideration should be given…

Read more 0 comments

Recital 89 – Elimination of the general reporting requirement

Recital 89Elimination of the general reporting requirement 1Directive 95/46/EC provided for a general obligation to notify the processing of personal data to the supervisory authorities. 2While that obligation produces…

Read more 0 comments

Recital 90 – Data protection impact assessement

Recital 90Data protection impact assessement 1In such cases, a data protection impact assessment should be carried out by the controller prior to the processing in order to assess the…

Read more 0 comments

Recital 91 – Necessity of a data protection impact assessment

Recital 91Necessity of a data protection impact assessment 1This should in particular apply to large-scale processing operations which aim to process a considerable amount of personal data at regional,…

Read more 0 comments