Recital 105 – Consideration of international agreements for an adequacy decision
Recital 105 Consideration of international agreements for an adequacy decision Apart from the international commitments the third country or international organisation has entered into, the Commission should take account…
Read moreRecital 106 – Monitoring and periodic review of the level of data protection
Recital 106 Monitoring and periodic review of the level of data protection The Commission should monitor the functioning of decisions on the level of protection in a third country,…
Read moreRecital 107 – Amendment, revocation and suspension of adequacy decisions
Recital 107 Amendment, revocation and suspension of adequacy decisions The Commission may recognise that a third country, a territory or a specified sector within a third country, or an…
Read moreRecital 108 – Appropriate safeguards
Recital 108 Appropriate safeguards In the absence of an adequacy decision, the controller or processor should take measures to compensate for the lack of data protection in a third…
Read moreRecital 109 – Standard data protection clauses
Recital 109Standard data protection clauses The possibility for the controller or processor to use standard data-protection clauses adopted by the Commission or by a supervisory authority should prevent controllers…
Read moreRecital 110 – Binding corporate rules
Recital 110Binding corporate rules A group of undertakings, or a group of enterprises engaged in a joint economic activity, should be able to make use of approved binding corporate…
Read moreRecital 111 – Exceptions for certain cases of international transfers
Recital 111 Exceptions for certain cases of international transfers Provisions should be made for the possibility for transfers in certain circumstances where the data subject has given his or…
Read moreRecital 112 – Data transfers due to important reasons of public interest
Recital 112 Data transfers due to important reasons of public interest Those derogations should in particular apply to data transfers required and necessary for important reasons of public interest,…
Read moreRecital 113 – Transfers qualified as not repetitive and that only concern a limited number of data subjects
Recital 113 Transfers qualified as not repetitive and that only concern a limited number of data subjects Transfers which can be qualified as not repetitive and that only concern…
Read moreRecital 114 – Safeguarding of enforceability of rights and obligations in the absence of an adequacy decision
Recital 114Safeguarding of enforceability of rights and obligations in the absence of an adequacy decision In any case, where the Commission has taken no decision on the adequate level…
Read moreRecital 115 – Rules in third countries contrary to the Regulation
Recital 115 Rules in third countries contrary to the Regulation Some third countries adopt laws, regulations and other legal acts which purport to directly regulate the processing activities of…
Read moreRecital 116 – Cooperation among supervisory authorities
Recital 116 Cooperation among supervisory authorities When personal data moves across borders outside the Union it may put at increased risk the ability of natural persons to exercise data…
Read moreRecital 117 – Establishment of supervisory authorities
Recital 117 Establishment of supervisory authorities The establishment of supervisory authorities in Member States, empowered to perform their tasks and exercise their powers with complete independence, is an essential…
Read moreRecital 118 – Monitoring of the supervisory authorities
Recital 118Monitoring of the supervisory authorities The independence of supervisory authorities should not mean that the supervisory authorities cannot be subject to control or monitoring mechanisms regarding their financial…
Read moreRecital 119 – Organisation of several supervisory authorities of a Member State
Recital 119 Organisation of several supervisory authorities of a Member State Where a Member State establishes several supervisory authorities, it should establish by law mechanisms for ensuring the effective…
Read moreRecital 120 – Features of supervisory authorities
Recital 120 Features of supervisory authorities Each supervisory authority should be provided with the financial and human resources, premises and infrastructure necessary for the effective performance of their tasks,…
Read moreRecital 121 – Independence of the supervisory authorities
Recital 121 Independence of the supervisory authorities The general conditions for the member or members of the supervisory authority should be laid down by law in each Member State…
Read moreRecital 82 – Record of processing activities
Recital 82 Record of processing activities In order to demonstrate compliance with this Regulation, the controller or processor should maintain records of processing activities under its responsibility. Each controller…
Read moreRecital 83 – Security of processing
Recital 83 Security of processing In order to maintain security and to prevent processing in infringement of this Regulation, the controller or processor should evaluate the risks inherent in…
Read moreRecital 84 – Risk evaluation and impact assessment
Recital 84 Risk evaluation and impact assessment In order to enhance compliance with this Regulation where processing operations are likely to result in a high risk to the rights…
Read moreRecital 85 – Notification obligation of breaches to the supervisory authority
Recital 85 Notification obligation of breaches to the supervisory authority A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or…
Read moreRecital 86 – Notification of data subjects in case of data breaches
Recital 86 Notification of data subjects in case of data breaches The controller should communicate to the data subject a personal data breach, without undue delay, where that personal…
Read moreRecital 98 – Preparation of codes of conduct by organisations and associations
Recital 98 Preparation of codes of conduct by organisations and associations Associations or other bodies representing categories of controllers or processors should be encouraged to draw up codes of…
Read more