Recital 94 Consultation of the supervisory authority Where a data protection impact assessment indicates that the processing would, in the absence of safeguards, security measures and mechanisms to mitigate…
Recital 95Support by the processor The processor should assist the controller, where necessary and upon request, in ensuring compliance with the obligations deriving from the carrying out of data…
Recital 96Consultation of the supervisory authority in the course of a legislative process A consultation of the supervisory authority should also take place in the course of the preparation…
Recital 97 Data protection officer Where the processing is carried out by a public authority, except for courts or independent judicial authorities when acting in their judicial capacity, where,…
Recital 82 Record of processing activities In order to demonstrate compliance with this Regulation, the controller or processor should maintain records of processing activities under its responsibility. Each controller…
Recital 98 Preparation of codes of conduct by organisations and associations Associations or other bodies representing categories of controllers or processors should be encouraged to draw up codes of…
Recital 83 Security of processing In order to maintain security and to prevent processing in infringement of this Regulation, the controller or processor should evaluate the risks inherent in…
Recital 99Consultation of stakeholders and data subjects in the development of codes of conduct When drawing up a code of conduct, or when amending or extending such a code,…
Recital 84 Risk evaluation and impact assessment In order to enhance compliance with this Regulation where processing operations are likely to result in a high risk to the rights…
Recital 100Certification In order to enhance transparency and compliance with this Regulation, the establishment of certification mechanisms and data protection seals and marks should be encouraged, allowing data subjects…
Recital 69 Right to object Where personal data might lawfully be processed because processing is necessary for the performance of a task carried out in the public interest or…
Recital 70 Right to object to direct marketing Where personal data are processed for the purposes of direct marketing, the data subject should have the right to object to…
Recital 71 Profiling The data subject should have the right not to be subject to a decision, which may include a measure, evaluating personal aspects relating to him or…
Recital 72 Guidance of the European Data Protection Board regarding profiling Profiling is subject to the rules of this Regulation governing the processing of personal data, such as the…
Recital 73 Restrictions of rights and principles Restrictions concerning specific principles and the rights of information, access to and rectification or erasure of personal data, the right to data…
Recital 74 Responsibility and liability of the controller The responsibility and liability of the controller for any processing of personal data carried out by the controller or on the…
Recital 75Risks to the rights and freedoms of natural persons The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from personal…
Recital 76 Risk assessment The likelihood and severity of the risk to the rights and freedoms of the data subject should be determined by reference to the nature, scope,…
Recital 77 Risk assessment guidelines Guidance on the implementation of appropriate measures and on the demonstration of compliance by the controller or the processor, especially as regards the identification…
Recital 62 Exceptions to the obligation to provide information However, it is not necessary to impose the obligation to provide information where the data subject already possesses the information,…
Recital 78 Appropriate technical and organisational measures The protection of the rights and freedoms of natural persons with regard to the processing of personal data require that appropriate technical…
Recital 63 Right of access A data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that…
Recital 79Allocation of the responsibilities The protection of the rights and freedoms of data subjects as well as the responsibility and liability of controllers and processors, also in relation…
Recital 64 Identity verification The controller should use all reasonable measures to verify the identity of a data subject who requests access, in particular in the context of online…
Recital 80 Designation of a representative Where a controller or a processor not established in the Union is processing personal data of data subjects who are in the Union…
