Recital 102 International agreements for an appropriate level of data protection This Regulation is without prejudice to international agreements concluded between the Union and third countries regulating the transfer…
Recital 118Monitoring of the supervisory authorities The independence of supervisory authorities should not mean that the supervisory authorities cannot be subject to control or monitoring mechanisms regarding their financial…
Recital 103 Appropriate level of data protection based on an adequacy decision The Commission may decide with effect for the entire Union that a third country, a territory or…
Recital 119 Organisation of several supervisory authorities of a Member State Where a Member State establishes several supervisory authorities, it should establish by law mechanisms for ensuring the effective…
Recital 104 Criteria for an adequacy decision In line with the fundamental values on which the Union is founded, in particular the protection of human rights, the Commission should,…
Recital 120 Features of supervisory authorities Each supervisory authority should be provided with the financial and human resources, premises and infrastructure necessary for the effective performance of their tasks,…
Recital 105 Consideration of international agreements for an adequacy decision Apart from the international commitments the third country or international organisation has entered into, the Commission should take account…
Recital 121 Independence of the supervisory authorities The general conditions for the member or members of the supervisory authority should be laid down by law in each Member State…
Recital 106 Monitoring and periodic review of the level of data protection The Commission should monitor the functioning of decisions on the level of protection in a third country,…
Recital 107 Amendment, revocation and suspension of adequacy decisions The Commission may recognise that a third country, a territory or a specified sector within a third country, or an…
Recital 108 Appropriate safeguards In the absence of an adequacy decision, the controller or processor should take measures to compensate for the lack of data protection in a third…
Recital 109Standard data protection clauses The possibility for the controller or processor to use standard data-protection clauses adopted by the Commission or by a supervisory authority should prevent controllers…
Recital 110Binding corporate rules A group of undertakings, or a group of enterprises engaged in a joint economic activity, should be able to make use of approved binding corporate…
Recital 111 Exceptions for certain cases of international transfers Provisions should be made for the possibility for transfers in certain circumstances where the data subject has given his or…
Recital 112 Data transfers due to important reasons of public interest Those derogations should in particular apply to data transfers required and necessary for important reasons of public interest,…
Recital 97 Data protection officer Where the processing is carried out by a public authority, except for courts or independent judicial authorities when acting in their judicial capacity, where,…
Recital 82 Record of processing activities In order to demonstrate compliance with this Regulation, the controller or processor should maintain records of processing activities under its responsibility. Each controller…
Recital 98 Preparation of codes of conduct by organisations and associations Associations or other bodies representing categories of controllers or processors should be encouraged to draw up codes of…
Recital 83 Security of processing In order to maintain security and to prevent processing in infringement of this Regulation, the controller or processor should evaluate the risks inherent in…
Recital 99Consultation of stakeholders and data subjects in the development of codes of conduct When drawing up a code of conduct, or when amending or extending such a code,…
Recital 84 Risk evaluation and impact assessment In order to enhance compliance with this Regulation where processing operations are likely to result in a high risk to the rights…
Recital 100Certification In order to enhance transparency and compliance with this Regulation, the establishment of certification mechanisms and data protection seals and marks should be encouraged, allowing data subjects…
Recital 85 Notification obligation of breaches to the supervisory authority A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or…
Recital 101 General principles for international data transfers Flows of personal data to and from countries outside the Union and international organisations are necessary for the expansion of international…
Recital 86 Notification of data subjects in case of data breaches The controller should communicate to the data subject a personal data breach, without undue delay, where that personal…
