Month: November 2018

Recital 89 – Elimination of the general reporting requirement

Recital 89Elimination of the general reporting requirement 1Directive 95/46/EC provided for a general obligation to notify the processing of personal data to the supervisory authorities. 2While that obligation produces…

Read more 0 comments

Recital 90 – Data protection impact assessement

Recital 90Data protection impact assessement 1In such cases, a data protection impact assessment should be carried out by the controller prior to the processing in order to assess the…

Read more 0 comments

Recital 91 – Necessity of a data protection impact assessment

Recital 91Necessity of a data protection impact assessment 1This should in particular apply to large-scale processing operations which aim to process a considerable amount of personal data at regional,…

Read more 0 comments

Recital 92 – Broader data protection impact assessment

Recital 92Broader data protection impact assessment There are circumstances under which it may be reasonable and economical for the subject of a data protection impact assessment to be broader…

Read more 0 comments

Recital 93 – Data protection impact assessment at authorities

Recital 93Data protection impact assessment at authorities In the context of the adoption of the Member State law on which the performance of the tasks of the public authority…

Read more 0 comments

Recital 94 – Consultation of the supervisory authority

Recital 94Consultation of the supervisory authority 1Where a data protection impact assessment indicates that the processing would, in the absence of safeguards, security measures and mechanisms to mitigate the…

Read more 0 comments

Recital 95 – Support by the processor

Recital 95Support by the processor The processor should assist the controller, where necessary and upon request, in ensuring compliance with the obligations deriving from the carrying out of data…

Read more 0 comments

Recital 96 – Consultation of the supervisory authority in the course of a legislative process

Recital 96Consultation of the supervisory authority in the course of a legislative process A consultation of the supervisory authority should also take place in the course of the preparation…

Read more 0 comments

Recital 97 – Data protection officer

Recital 97Data protection officer 1Where the processing is carried out by a public authority, except for courts or independent judicial authorities when acting in their judicial capacity, where, in…

Read more 0 comments

Recital 98 – Preparation of codes of conduct by organisations and associations

Recital 98Preparation of codes of conduct by organisations and associations 1Associations or other bodies representing categories of controllers or processors should be encouraged to draw up codes of conduct,…

Read more 0 comments

Recital 99 – Consultation of stakeholders and data subjects in the development of codes of conduct

Recital 99Consultation of stakeholders and data subjects in the development of codes of conduct When drawing up a code of conduct, or when amending or extending such a code,…

Read more 0 comments

Recital 100 – Certification

Recital 100Certification In order to enhance transparency and compliance with this Regulation, the establishment of certification mechanisms and data protection seals and marks should be encouraged, allowing data subjects…

Read more 0 comments

Recital 101 – General principles for international data transfers

Recital 101General principles for international data transfers 1Flows of personal data to and from countries outside the Union and international organisations are necessary for the expansion of international trade…

Read more 0 comments

Recital 69 – Right to object

Recital 69Right to object 1Where personal data might lawfully be processed because processing is necessary for the performance of a task carried out in the public interest or in…

Read more 0 comments

Recital 70 – Right to object to direct marketing

Recital 70Right to object to direct marketing 1Where personal data are processed for the purposes of direct marketing, the data subject should have the right to object to such…

Read more 0 comments

Recital 71 – Profiling

Recital 71Profiling 1The data subject should have the right not to be subject to a decision, which may include a measure, evaluating personal aspects relating to him or her…

Read more 0 comments

Recital 72 – Guidance of the European Data Protection Board regarding profiling

Recital 72Guidance of the European Data Protection Board regarding profiling 1Profiling is subject to the rules of this Regulation governing the processing of personal data, such as the legal…

Read more 0 comments

Recital 73 – Restrictions of rights and principles

Recital 73Restrictions of rights and principles 1Restrictions concerning specific principles and the rights of information, access to and rectification or erasure of personal data, the right to data portability,…

Read more 0 comments

Recital 74 – Responsibility and liability of the controller

Recital 74Responsibility and liability of the controller 1The responsibility and liability of the controller for any processing of personal data carried out by the controller or on the controller’s…

Read more 0 comments

Recital 75 – Risks to the rights and freedoms of natural persons

Recital 75Risks to the rights and freedoms of natural persons The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from personal…

Read more 0 comments

Recital 76 – Risk assessment

Recital 76Risk assessment 1The likelihood and severity of the risk to the rights and freedoms of the data subject should be determined by reference to the nature, scope, context…

Read more 0 comments

Recital 77 – Risk assessment guidelines

Recital 77Risk assessment guidelines 1Guidance on the implementation of appropriate measures and on the demonstration of compliance by the controller or the processor, especially as regards the identification of…

Read more 0 comments

Recital 78 – Appropriate technical and organisational measures

Recital 78Appropriate technical and organisational measures 1The protection of the rights and freedoms of natural persons with regard to the processing of personal data require that appropriate technical and…

Read more 0 comments

Recital 79 – Allocation of the responsibilities

Recital 79Allocation of the responsibilities The protection of the rights and freedoms of data subjects as well as the responsibility and liability of controllers and processors, also in relation…

Read more 0 comments

Recital 80 – Designation of a representative

Recital 80Designation of a representative 1Where a controller or a processor not established in the Union is processing personal data of data subjects who are in the Union whose…

Read more 0 comments