Recital 90 – Data protection impact assessement
Recital 90 Data protection impact assessement In such cases, a data protection impact assessment should be carried out by the controller prior to the processing in order to assess…
Read moreRecital 91 – Necessity of a data protection impact assessment
Recital 91 Necessity of a data protection impact assessment This should in particular apply to large-scale processing operations which aim to process a considerable amount of personal data at…
Read moreRecital 92 – Broader data protection impact assessment
Recital 92Broader data protection impact assessment There are circumstances under which it may be reasonable and economical for the subject of a data protection impact assessment to be broader…
Read moreRecital 93 – Data protection impact assessment at authorities
Recital 93Data protection impact assessment at authorities In the context of the adoption of the Member State law on which the performance of the tasks of the public authority…
Read moreRecital 94 – Consultation of the supervisory authority
Recital 94 Consultation of the supervisory authority Where a data protection impact assessment indicates that the processing would, in the absence of safeguards, security measures and mechanisms to mitigate…
Read moreRecital 95 – Support by the processor
Recital 95Support by the processor The processor should assist the controller, where necessary and upon request, in ensuring compliance with the obligations deriving from the carrying out of data…
Read moreRecital 96 – Consultation of the supervisory authority in the course of a legislative process
Recital 96Consultation of the supervisory authority in the course of a legislative process A consultation of the supervisory authority should also take place in the course of the preparation…
Read moreRecital 97 – Data protection officer
Recital 97 Data protection officer Where the processing is carried out by a public authority, except for courts or independent judicial authorities when acting in their judicial capacity, where,…
Read moreRecital 98 – Preparation of codes of conduct by organisations and associations
Recital 98 Preparation of codes of conduct by organisations and associations Associations or other bodies representing categories of controllers or processors should be encouraged to draw up codes of…
Read moreRecital 99 – Consultation of stakeholders and data subjects in the development of codes of conduct
Recital 99Consultation of stakeholders and data subjects in the development of codes of conduct When drawing up a code of conduct, or when amending or extending such a code,…
Read moreRecital 100 – Certification
Recital 100Certification In order to enhance transparency and compliance with this Regulation, the establishment of certification mechanisms and data protection seals and marks should be encouraged, allowing data subjects…
Read moreRecital 101 – General principles for international data transfers
Recital 101 General principles for international data transfers Flows of personal data to and from countries outside the Union and international organisations are necessary for the expansion of international…
Read moreRecital 68 – Right of data portability
Recital 68 Right of data portability To further strengthen the control over his or her own data, where the processing of personal data is carried out by automated means,…
Read moreRecital 69 – Right to object
Recital 69 Right to object Where personal data might lawfully be processed because processing is necessary for the performance of a task carried out in the public interest or…
Read moreRecital 70 – Right to object to direct marketing
Recital 70 Right to object to direct marketing Where personal data are processed for the purposes of direct marketing, the data subject should have the right to object to…
Read moreRecital 71 – Profiling
Recital 71 Profiling The data subject should have the right not to be subject to a decision, which may include a measure, evaluating personal aspects relating to him or…
Read moreRecital 72 – Guidance of the European Data Protection Board regarding profiling
Recital 72 Guidance of the European Data Protection Board regarding profiling Profiling is subject to the rules of this Regulation governing the processing of personal data, such as the…
Read moreRecital 73 – Restrictions of rights and principles
Recital 73 Restrictions of rights and principles Restrictions concerning specific principles and the rights of information, access to and rectification or erasure of personal data, the right to data…
Read moreRecital 74 – Responsibility and liability of the controller
Recital 74 Responsibility and liability of the controller The responsibility and liability of the controller for any processing of personal data carried out by the controller or on the…
Read moreRecital 75 – Risks to the rights and freedoms of natural persons
Recital 75Risks to the rights and freedoms of natural persons The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from personal…
Read moreRecital 76 – Risk assessment
Recital 76 Risk assessment The likelihood and severity of the risk to the rights and freedoms of the data subject should be determined by reference to the nature, scope,…
Read moreRecital 77 – Risk assessment guidelines
Recital 77 Risk assessment guidelines Guidance on the implementation of appropriate measures and on the demonstration of compliance by the controller or the processor, especially as regards the identification…
Read moreRecital 78 – Appropriate technical and organisational measures
Recital 78 Appropriate technical and organisational measures The protection of the rights and freedoms of natural persons with regard to the processing of personal data require that appropriate technical…
Read more