Category: Uncategorized

Recital 104 – Criteria for an adequacy decision

Recital 104 Criteria for an adequacy decision In line with the fundamental values on which the Union is founded, in particular the protection of human rights, the Commission should,…

Read more 0 comments

Recital 105 – Consideration of international agreements for an adequacy decision

Recital 105 Consideration of international agreements for an adequacy decision Apart from the international commitments the third country or international organisation has entered into, the Commission should take account…

Read more 0 comments

Recital 106 – Monitoring and periodic review of the level of data protection

Recital 106 Monitoring and periodic review of the level of data protection The Commission should monitor the functioning of decisions on the level of protection in a third country,…

Read more 0 comments

Recital 107 – Amendment, revocation and suspension of adequacy decisions

Recital 107 Amendment, revocation and suspension of adequacy decisions The Commission may recognise that a third country, a territory or a specified sector within a third country, or an…

Read more 0 comments

Recital 86 – Notification of data subjects in case of data breaches

Recital 86 Notification of data subjects in case of data breaches The controller should communicate to the data subject a personal data breach, without undue delay, where that personal…

Read more 0 comments

Recital 87 – Promptness of reporting / notification

Recital 87 Promptness of reporting / notification It should be ascertained whether all appropriate technological protection and organisational measures have been implemented to establish immediately whether a personal data…

Read more 0 comments

Recital 88 – Format and procedures of the notification

Recital 88 Format and procedures of the notification In setting detailed rules concerning the format and procedures applicable to the notification of personal data breaches, due consideration should be…

Read more 0 comments

Recital 89 – Elimination of the general reporting requirement

Recital 89 Elimination of the general reporting requirement Directive 95/46/EC provided for a general obligation to notify the processing of personal data to the supervisory authorities. While that obligation…

Read more 0 comments

Recital 90 – Data protection impact assessement

Recital 90 Data protection impact assessement In such cases, a data protection impact assessment should be carried out by the controller prior to the processing in order to assess…

Read more 0 comments

Recital 91 – Necessity of a data protection impact assessment

Recital 91 Necessity of a data protection impact assessment This should in particular apply to large-scale processing operations which aim to process a considerable amount of personal data at…

Read more 0 comments

Recital 94 – Consultation of the supervisory authority

Recital 94 Consultation of the supervisory authority Where a data protection impact assessment indicates that the processing would, in the absence of safeguards, security measures and mechanisms to mitigate…

Read more 0 comments

Recital 97 – Data protection officer

Recital 97 Data protection officer Where the processing is carried out by a public authority, except for courts or independent judicial authorities when acting in their judicial capacity, where,…

Read more 0 comments

Recital 98 – Preparation of codes of conduct by organisations and associations

Recital 98 Preparation of codes of conduct by organisations and associations Associations or other bodies representing categories of controllers or processors should be encouraged to draw up codes of…

Read more 0 comments

Recital 101 – General principles for international data transfers

Recital 101 General principles for international data transfers Flows of personal data to and from countries outside the Union and international organisations are necessary for the expansion of international…

Read more 0 comments

Recital 82 – Record of processing activities

Recital 82 Record of processing activities In order to demonstrate compliance with this Regulation, the controller or processor should maintain records of processing activities under its responsibility. Each controller…

Read more 0 comments

Recital 83 – Security of processing

Recital 83 Security of processing In order to maintain security and to prevent processing in infringement of this Regulation, the controller or processor should evaluate the risks inherent in…

Read more 0 comments

Recital 84 – Risk evaluation and impact assessment

Recital 84 Risk evaluation and impact assessment In order to enhance compliance with this Regulation where processing operations are likely to result in a high risk to the rights…

Read more 0 comments

Recital 85 – Notification obligation of breaches to the supervisory authority

Recital 85 Notification obligation of breaches to the supervisory authority A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or…

Read more 0 comments

Recital 68 – Right of data portability

Recital 68 Right of data portability To further strengthen the control over his or her own data, where the processing of personal data is carried out by automated means,…

Read more 0 comments

Recital 69 – Right to object

Recital 69 Right to object Where personal data might lawfully be processed because processing is necessary for the performance of a task carried out in the public interest or…

Read more 0 comments

Recital 70 – Right to object to direct marketing

Recital 70 Right to object to direct marketing Where personal data are processed for the purposes of direct marketing, the data subject should have the right to object to…

Read more 0 comments

Recital 71 – Profiling

Recital 71 Profiling The data subject should have the right not to be subject to a decision, which may include a measure, evaluating personal aspects relating to him or…

Read more 0 comments

Recital 72 – Guidance of the European Data Protection Board regarding profiling

Recital 72 Guidance of the European Data Protection Board regarding profiling Profiling is subject to the rules of this Regulation governing the processing of personal data, such as the…

Read more 0 comments

Recital 73 – Restrictions of rights and principles

Recital 73 Restrictions of rights and principles Restrictions concerning specific principles and the rights of information, access to and rectification or erasure of personal data, the right to data…

Read more 0 comments

Recital 74 – Responsibility and liability of the controller

Recital 74 Responsibility and liability of the controller The responsibility and liability of the controller for any processing of personal data carried out by the controller or on the…

Read more 0 comments