Art. 43 GDPR – Certification bodies
Art. 43 GDPR Certification bodies Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, certification bodies which have an appropriate level…
Read moreArt. 42 GDPR – Certification
Art. 42 GDPR Certification The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level, the establishment of data protection certification mechanisms…
Read moreArt. 41 GDPR – Monitoring of approved codes of conduct
Art. 41 GDPR Monitoring of approved codes of conduct Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, the monitoring of…
Read moreArt. 40 GDPR – Codes of conduct
Art. 40 GDPR Codes of conduct The Member States, the supervisory authorities, the Board and the Commission shall encourage the drawing up of codes of conduct intended to contribute…
Read moreArt. 39 GDPR – Tasks of the data protection officer
Art. 39 GDPRTasks of the data protection officer The data protection officer shall have at least the following tasks: to inform and advise the controller or the processor and…
Read moreArt. 38 GDPR – Position of the data protection officer
Art. 38 GDPR Position of the data protection officer The controller and the processor shall ensure that the data protection officer is involved, properly and in a timely manner,…
Read moreArt. 37 GDPR – Designation of the data protection officer
Art. 37 GDPR Designation of the data protection officer The controller and the processor shall designate a data protection officer in any case where: the processing is carried out…
Read moreArt. 36 GDPR – Prior consultation
Art. 36 GDPR Prior consultation The controller shall consult the supervisory authority prior to processing where a data protection impact assessment under Article 35 indicates that the processing would…
Read moreArt. 35 GDPR – Data protection impact assessment
Art. 35 GDPR Data protection impact assessment Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the…
Read moreArt. 34 GDPR – Communication of a personal data breach to the data subject
Art. 34 GDPRCommunication of a personal data breach to the data subject When the personal data breach is likely to result in a high risk to the rights and…
Read moreArt. 33 GDPR – Notification of a personal data breach to the supervisory authority
Art. 33 GDPR Notification of a personal data breach to the supervisory authority In the case of a personal data breach, the controller shall without undue delay and, where…
Read moreArt. 32 GDPR – Security of processing
Art. 32 GDPRSecurity of processing Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as…
Read moreArt. 31 GDPR – Cooperation with the supervisory authority
Art. 31 GDPRCooperation with the supervisory authority The controller and the processor and, where applicable, their representatives, shall cooperate, on request, with the supervisory authority in the performance of…
Read moreArt. 30 GDPR – Records of processing activities
Art. 30 GDPR Records of processing activities Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility. That record shall contain…
Read moreArt. 29 GDPR – Processing under the authority of the controller or processor
Art. 29 GDPRProcessing under the authority of the controller or processor The processor and any person acting under the authority of the controller or of the processor, who has…
Read moreArt. 28 GDPR – Processor
Art. 28 GDPR Processor Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical…
Read moreArt. 27 GDPR – Representatives of controllers or processors not established in the Union
Art. 27 GDPRRepresentatives of controllers or processors not established in the Union Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the…
Read moreArt. 26 GDPR – Joint controllers
Art. 26 GDPR Joint controllers Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner…
Read moreArt. 25 GDPR – Data protection by design and by default
Art. 25 GDPR Data protection by design and by default Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes…
Read moreArt. 24 GDPR – Responsibility of the controller
Art. 24 GDPR Responsibility of the controller Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for…
Read moreRecital 169 – Immediately applicable implementing acts
Recital 169Immediately applicable implementing acts The Commission should adopt immediately applicable implementing acts where available evidence reveals that a third country, a territory or a specified sector within that…
Read moreRecital 172 – Consultation of the European Data Protection Supervisor
Recital 172 Consultation of the European Data Protection Supervisor The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and delivered an…
Read more