General Data Protection Regulation (GDPR)
GDPR Table of contents
-
Chapter 1 (Art. 1 – 4)
General provisions
-
Chapter 2 (Art. 5-11)
Principles
- Art. 5 GDPR – Principles relating to processing of personal data
- Art. 6 GDPR – Lawfulness of processing
- Art. 7 GDPR – Conditions for consent
- Art. 8 GDPR – Conditions applicable to child’s consent in relation to information society services
- Art. 9 GDPR – Processing of special categories of personal data
- Art. 10 GDPR – Processing of personal data relating to criminal convictions and offences
- Art. 11 GDPR – Processing which does not require identification
-
Chapter 3 (Art. 12-23)
Rights of the data subject
- Art. 12 GDPR – Transparent information, communication and modalities for the exercise of the rights of the data subject
- Art. 13 GDPR – Information to be provided where personal data are collected from the data subject
- Art. 14 GDPR – Information to be provided where personal data have not been obtained from the data subject
- Art. 15 GDPR – Right of access by the data subject
- Art. 16 GDPR – Right to rectification
- Art. 17 GDPR – Right to erasure (‘right to be forgotten’)
- Art. 18 GDPR – Right to restriction of processing
- Art. 19 GDPR – Notification obligation regarding rectification or erasure of personal data or restriction of processing
- Art. 20 GDPR – Right to data portability
- Art. 21 GDPR – Right to object
- Art. 22 GDPR – Automated individual decision-making, including profiling
- Art. 23 GDPR – Restrictions
-
Chapter 4 (Art. 24-43)
Controller and processor
- Art. 24 GDPR – Responsibility of the controller
- Art. 25 GDPR – Data protection by design and by default
- Art. 26 GDPR – Joint controllers
- Art. 27 GDPR – Representatives of controllers or processors not established in the Union
- Art. 28 GDPR – Processor
- Art. 29 GDPR – Processing under the authority of the controller or processor
- Art. 30 GDPR – Records of processing activities
- Art. 31 GDPR – Cooperation with the supervisory authority
- Art. 32 GDPR – Security of processing
- Art. 33 GDPR – Notification of a personal data breach to the supervisory authority
- Art. 34 GDPR – Communication of a personal data breach to the data subject
- Art. 35 GDPR – Data protection impact assessment
- Art. 36 GDPR – Prior consultation
- Art. 37 GDPR – Designation of the data protection officer
- Art. 38 GDPR – Position of the data protection officer
- Art. 39 GDPR – Tasks of the data protection officer
- Art. 40 GDPR – Codes of conduct
- Art. 41 GDPR – Monitoring of approved codes of conduct
- Art. 42 GDPR – Certification
- Art. 43 GDPR – Certification bodies
-
Chapter 5 (Art. 44-50)
Transfers of personal data to third countries or international organisations
- Art. 44 GDPR – General principle for transfers
- Art. 45 GDPR – Transfers on the basis of an adequacy decision
- Art. 46 GDPR – Transfers subject to appropriate safeguards
- Art. 47 GDPR – Binding corporate rules
- Art. 48 GDPR – Transfers or disclosures not authorised by Union law
- Art. 49 GDPR – Derogations for specific situations
- Art. 50 GDPR – International cooperation for the protection of personal data
-
Chapter 6 (Art. 51-59)
Independent supervisory authorities
- Art. 51 GDPR – Supervisory authority
- Art. 52 GDPR – Independence
- Art. 53 GDPR – General conditions for the members of the supervisory authority
- Art. 54 GDPR – Rules on the establishment of the supervisory authority
- Art. 55 GDPR – Competence
- Art. 56 GDPR – Competence of the lead supervisory authority
- Art. 57 GDPR – Tasks
- Art. 58 GDPR – Powers
- Art. 59 GDPR – Activity reports
-
Chapter 7 (Art. 60-76)
Cooperation and consistency
- Art. 67 GDPR – Exchange of information
- Art. 64 GDPR – Opinion of the Board
- Art. 62 GDPR – Joint operations of supervisory authorities
- Art. 61 GDPR – Mutual assistance
- Art. 63 GDPR – Consistency mechanism
- Art. 66 GDPR – Urgency procedure
- Art. 60 GDPR – Cooperation between the lead supervisory authority and the other supervisory authorities concerned
- Art. 68 GDPR – European Data Protection Board
- Art. 69 GDPR – Independence
- Art. 70 GDPR – Tasks of the Board
- Art. 71 GDPR – Reports
- Art. 72 GDPR – Procedure
- Art. 73 GDPR – Chair
- Art. 74 GDPR – Tasks of the Chair
- Art. 75 GDPR – Secretariat
- Art. 76 GDPR – Confidentiality
-
Chapter 8 (Art. 77-84)
Remedies, liability and penalties
- Art. 81 GDPR – Suspension of proceedings
- Art. 77 GDPR – Right to lodge a complaint with a supervisory authority
- Art. 78 GDPR – Right to an effective judicial remedy against a supervisory authority
- Art. 79 GDPR – Right to an effective judicial remedy against a controller or processor
- Art. 80 GDPR – Representation of data subjects
- Art. 82 GDPR – Right to compensation and liability
- Art. 83 GDPR – General conditions for imposing administrative fines
- Art. 84 GDPR – Penalties
-
Chapter 9 (Art. 85-91)
Provisions relating to specific processing situations
- Art. 85 GDPR – Processing and freedom of expression and information
- Art. 86 GDPR – Processing and public access to official documents
- Art. 87 GDPR – Processing of the national identification number
- Art. 88 GDPR – Processing in the context of employment
- Art. 89 GDPR – Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
- Art. 90 GDPR – Obligations of secrecy
- Art. 91 GDPR – Existing data protection rules of churches and religious associations
-
Chapter 10 (Art. 92-93)
Delegated acts and implementing acts
-
Chapter 11 (Art. 94-99)
Final provisions
- Art. 94 GDPR – Repeal of Directive 95/46/EC
- Art. 95 GDPR – Relationship with Directive 2002/58/EC
- Art. 96 GDPR – Relationship with previously concluded Agreements
- Art. 97 GDPR – Commission reports
- Art. 98 GDPR – Review of other Union legal acts on data protection
- Art. 99 GDPR – Entry into force and application
1611
Art. 53 GDPR General conditions for the members of the supervisory authority
- Member States shall provide for each member of their supervisory authorities to be appointed by means of a transparent procedure by:
— their parliament;
— their government;
— their head of State; or
— an independent body entrusted with the appointment under Member State law. - Each member shall have the qualifications, experience and skills, in particular in the area of the protection of personal data, required to perform its duties and exercise its powers.
- The duties of a member shall end in the event of the expiry of the term of office, resignation or compulsory retirement, in accordance with the law of the Member State concerned.
- A member shall be dismissed only in cases of serious misconduct or if the member no longer fulfils the conditions required for the performance of the duties.