General Data
Protection Regulation
GDPR
The European Data Protection Regulation is enforceable from May 25 2018 in all member states of the European Economic Area to harmonise data privacy laws across Europe.
Here you can find the official PDF of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version of the OJ L 119, 04.05.2016; cor. OJ L 127, 23.5.2018 as a neatly arranged website. All Articles of the GDPR are linked with suitable recitals.
Articles
Quick Access
Key Issues
Clinical Trials Data controllers, singularly and jointly, and processor GDPR Rules of Procedure Binding Corporate Rules Derogations for specific situations (article 49) Transfers between EEA and non-EEA public authorities and bodies Adequacy referential Territorial scope Transparency Connected vehicles and mobility related applications Video Devices Codes of Conduct Right to be forgotten ePrivacy Online services Administrative fines Identifying the lead Supervisory Authority COVID-19 location data and contact tracing tools Automated decision-making and profiling US Foreign Account Tax Compliance Act (FATCA) Data portability International cooperation Data Protection Impact Assessment Access to Health Records Act 1990 eHealth Digital Service Infrastructure Data Protection Officer Profiling Surveillance Data Portability COV-19 research Data Protection by design and by default Data Breach Notification BrexitTable of Contents
- Chapter 1 – General Provisions
- Chapter 2 – Principles
- 5 Principles relating to processing of personal data
- 6 Lawfulness of processing
- 7 Conditions for consent
- 8 Conditions applicable to child’s consent in relation to information society services
- 9 Processing of special categories of personal data
- 10 Processing of personal data relating to criminal convictions and offences
- 11 Processing which does not require identification
- Chapter 3 – Rights of the data subject
- Section 1 Transparency and modalities
- 12 Transparent information, communication and modalities for the exercise of the rights of the data subject
- Section 2 Information and access to personal data
- 13 Information to be provided where personal data are collected from the data subject
- Section 2 Information and access to personal data
- 14 Information to be provided where personal data have not been obtained from the data subject
- 15 Right of access by the data subject
- Section 3 Rectification and erasure
- 16 Right to rectification
- 17 Right to erasure (‘right to be forgotten’)
- 18 Right to restriction of processing
- 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing
- 20 Right to data portability
- Section 4 Right to object and automated individual decision-making
- 21 Right to object
- 22 Automated individual decision-making, including profiling
- Section 5 Restrictions
- 23 Restrictions
- Chapter 4 – Controller and processor
- Section 1 General obligations
- 24 Responsibility of the controller
- 25 Data protection by design and by default
- 26 Joint controllers
- 27 Representatives of controllers or processors not established in the Union
- 28 Processor
- 29 Processing under the authority of the controller or processor
- 30 Records of processing activities
- 31 Cooperation with the supervisory authority
- Section 2 Security of personal data
- 32 Security of processing
- 33 Notification of a personal data breach to the supervisory authority
- 34 Communication of a personal data breach to the data subject
- Section 3 Data protection impact assessment and prior consultation
- 35 Data protection impact assessment
- 36 Prior consultation
- Section 4 Data protection officer
- 37 Designation of the data protection officer
- 38 Position of the data protection officer
- 39 Tasks of the data protection officer
- Section 5 Codes of conduct and certification
- 40 Codes of conduct
- 41 Monitoring of approved codes of conduct
- 42 Certification
- 43 Certification bodies
- Chapter 5 – Transfers of personal data to third countries or international organisations
- 44 General principle for transfers
- 45 Transfers on the basis of an adequacy decision
- 46 Transfers subject to appropriate safeguards
- 47 Binding corporate rules
- 48 Transfers or disclosures not authorised by Union law
- 49 Derogations for specific situations
- 50 International cooperation for the protection of personal data
- Chapter 6 – Independent supervisory authorities
- Section 1 Independent status
- 51 Supervisory authority
- 52 Independence
- 53 General conditions for the members of the supervisory authority
- 54 Rules on the establishment of the supervisory authority
- Section 2 Competence, tasks and powers
- 55 Competence
- 56 Competence of the lead supervisory authority
- 57 Tasks
- 58 Powers
- 59 Activity reports
- Chapter 7 – Cooperation and consistency
- Section 1 Cooperation
- 60 Cooperation between the lead supervisory authority and the other supervisory authorities concerned
- 61 Mutual assistance
- 62 Joint operations of supervisory authorities
- Section 2 Consistency
- 63 Consistency mechanism
- 64 Opinion of the Board
- 65 Dispute resolution by the Board
- 66 Urgency procedure
- 67 Exchange of information
- Section 3 European Data Protection Board
- 68 European Data Protection Board
- 69 Independence
- 70 Tasks of the Board
- 71 Reports
- 72 Procedure
- 73 Chair
- 74 Tasks of the Chair
- 75 Secretariat
- 76 Confidentiality
- Chapter 8 – Remedies, liability and penalties
- 77 Right to lodge a complaint with a supervisory authority
- 78 Right to an effective judicial remedy against a supervisory authority
- 79 Right to an effective judicial remedy against a controller or processor
- 80 Representation of data subjects
- 81 Suspension of proceedings
- 82 Right to compensation and liability
- 83 General conditions for imposing administrative fines
- 84 Penalties
- Chapter 9 – Provisions relating to specific processing situations
- 85 Processing and freedom of expression and information
- 86 Processing and public access to official documents
- 87 Processing of the national identification number
- 88 Processing in the context of employment
- 89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
- 90 Obligations of secrecy
- 91 Existing data protection rules of churches and religious associations
- Chapter 10 – Delegated acts and implementing acts
- Chapter 11 – Final provisions
About
Kaleidoscope
Kaleidoscope are consultants in data protection laws who specialise in health and social care in both the public and private sectors.
We create innovative and practical solutions to support organisations achieve their objectives, whilst lawfully and ethically processing personal data, ensuring compliance with legislation; national policy; designed technical and organisational controls; and, in ways that minimise risks to the rights and freedoms of individuals.
We give our clients the confidence to process personal data to the full extent permitted by law to help improve the health and social care of people.