GDPR Table of contents

• Chapter 1 (Art. 1 – 4)

  General provisions

  • Art. 1 GDPR – Subject-matter and objectives
  • Art. 2 GDPR – Material scope
  • Art. 3 GDPR – Territorial scope
  • Art. 4 GDPR – Definitions

• Chapter 2 (Art. 5-11)

  Principles

  • Art. 5 GDPR – Principles relating to processing of personal data
  • Art. 6 GDPR – Lawfulness of processing
  • Art. 7 GDPR – Conditions for consent
  • Art. 8 GDPR – Conditions applicable to child’s consent in relation to information society services
  • Art. 9 GDPR – Processing of special categories of personal data
  • Art. 10 GDPR – Processing of personal data relating to criminal convictions and offences
  • Art. 11 GDPR – Processing which does not require identification

• Chapter 3 (Art. 12-23)

  Rights of the data subject

  • Art. 12 GDPR – Transparent information, communication and modalities for the exercise of the rights of the data subject
  • Art. 13 GDPR – Information to be provided where personal data are collected from the data subject
  • Art. 14 GDPR – Information to be provided where personal data have not been obtained from the data subject
  • Art. 15 GDPR – Right of access by the data subject
  • Art. 16 GDPR – Right to rectification
  • Art. 17 GDPR – Right to erasure (‘right to be forgotten’)
  • Art. 18 GDPR – Right to restriction of processing
  • Art. 19 GDPR – Notification obligation regarding rectification or erasure of personal data or restriction of processing
  • Art. 20 GDPR – Right to data portability
  • Art. 21 GDPR – Right to object
  • Art. 22 GDPR – Automated individual decision-making, including profiling
  • Art. 23 GDPR – Restrictions

• Chapter 4 (Art. 24-43)

  Controller and processor

  • Art. 24 GDPR – Responsibility of the controller
  • Art. 25 GDPR – Data protection by design and by default
  • Art. 26 GDPR – Joint controllers
  • Art. 27 GDPR – Representatives of controllers or processors not established in the Union
  • Art. 28 GDPR – Processor
  • Art. 29 GDPR – Processing under the authority of the controller or processor
  • Art. 30 GDPR – Records of processing activities
  • Art. 31 GDPR – Cooperation with the supervisory authority
  • Art. 32 GDPR – Security of processing
  • Art. 33 GDPR – Notification of a personal data breach to the supervisory authority
  • Art. 34 GDPR – Communication of a personal data breach to the data subject
  • Art. 35 GDPR – Data protection impact assessment
  • Art. 36 GDPR – Prior consultation
  • Art. 37 GDPR – Designation of the data protection officer
  • Art. 38 GDPR – Position of the data protection officer
  • Art. 39 GDPR – Tasks of the data protection officer
  • Art. 40 GDPR – Codes of conduct
  • Art. 41 GDPR – Monitoring of approved codes of conduct
  • Art. 42 GDPR – Certification
  • Art. 43 GDPR – Certification bodies

• Chapter 5 (Art. 44-50)

  Transfers of personal data to third countries or international organisations

  • Art. 44 GDPR – General principle for transfers
  • Art. 45 GDPR – Transfers on the basis of an adequacy decision
  • Art. 46 GDPR – Transfers subject to appropriate safeguards
  • Art. 47 GDPR – Binding corporate rules
  • Art. 48 GDPR – Transfers or disclosures not authorised by Union law
  • Art. 49 GDPR – Derogations for specific situations
  • Art. 50 GDPR – International cooperation for the protection of personal data

• Chapter 6 (Art. 51-59)

  Independent supervisory authorities

  • Art. 51 GDPR – Supervisory authority
  • Art. 52 GDPR – Independence
  • Art. 53 GDPR – General conditions for the members of the supervisory authority
  • Art. 54 GDPR – Rules on the establishment of the supervisory authority
  • Art. 55 GDPR – Competence
  • Art. 56 GDPR – Competence of the lead supervisory authority
  • Art. 57 GDPR – Tasks
  • Art. 58 GDPR – Powers
  • Art. 59 GDPR – Activity reports

• Chapter 7 (Art. 60-76)

  Cooperation and consistency

  • Art. 61 GDPR – Mutual assistance
  • Art. 62 GDPR – Joint operations of supervisory authorities
  • Art. 63 GDPR – Consistency mechanism
  • Art. 64 GDPR – Opinion of the Board
  • Art. 66 GDPR – Urgency procedure
  • Art. 67 GDPR – Exchange of information
  • Art. 60 GDPR – Cooperation between the lead supervisory authority and the other supervisory authorities concerned
  • Art. 68 GDPR – European Data Protection Board
  • Art. 69 GDPR – Independence
  • Art. 70 GDPR – Tasks of the Board
  • Art. 71 GDPR – Reports
  • Art. 72 GDPR – Procedure
  • Art. 73 GDPR – Chair
  • Art. 74 GDPR – Tasks of the Chair
  • Art. 75 GDPR – Secretariat
  • Art. 76 GDPR – Confidentiality

• Chapter 8 (Art. 77-84)

  Remedies, liability and penalties

  • Art. 81 GDPR – Suspension of proceedings
  • Art. 77 GDPR – Right to lodge a complaint with a supervisory authority
  • Art. 78 GDPR – Right to an effective judicial remedy against a supervisory authority
  • Art. 79 GDPR – Right to an effective judicial remedy against a controller or processor
  • Art. 80 GDPR – Representation of data subjects
  • Art. 82 GDPR – Right to compensation and liability
  • Art. 83 GDPR – General conditions for imposing administrative fines
  • Art. 84 GDPR – Penalties

• Chapter 9 (Art. 85-91)

  Provisions relating to specific processing situations

  • Art. 85 GDPR – Processing and freedom of expression and information
  • Art. 86 GDPR – Processing and public access to official documents
  • Art. 87 GDPR – Processing of the national identification number
  • Art. 88 GDPR – Processing in the context of employment
  • Art. 89 GDPR – Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
  • Art. 90 GDPR – Obligations of secrecy
  • Art. 91 GDPR – Existing data protection rules of churches and religious associations

• Chapter 10 (Art. 92-93)

  Delegated acts and implementing acts

  • Art. 92 GDPR – Exercise of the delegation
  • Art. 93 GDPR – Committee procedure

• Chapter 11 (Art. 94-99)

  Final provisions

  • Art. 94 GDPR – Repeal of Directive 95/46/EC
  • Art. 95 GDPR – Relationship with Directive 2002/58/EC
  • Art. 96 GDPR – Relationship with previously concluded Agreements
  • Art. 97 GDPR – Commission reports
  • Art. 98 GDPR – Review of other Union legal acts on data protection
  • Art. 99 GDPR – Entry into force and application