GDPR
- Chapter 1 (Art. 1-4) General Provisions
-
Chapter 2 (Art. 5-11)
Principles
- 5 Principles relating to processing of personal data
- 6 Lawfulness of processing
- 7 Conditions for consent
- 8 Conditions applicable to child’s consent in relation to information society services
- 9 Processing of special categories of personal data
- 10 Processing of personal data relating to criminal convictions and offences
- 11 Processing which does not require identification
-
Chapter 3 (Art. 12 – 23)
Rights of the data subject
- 12 Transparent information, communication and modalities for the exercise of the rights of the data subject
- 13 Information to be provided where personal data are collected from the data subject
- 14 Information to be provided where personal data have not been obtained from the data subject
- 15 Right of access by the data subject
- 16 Right to rectification
- 17 Right to erasure (‘right to be forgotten’)
- 18 Right to restriction of processing
- 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing
- 20 Right to data portability
- 21 Right to object
- 22 Automated individual decision-making, including profiling
- 23 Restrictions
-
Chapter 4 (Art. 24 – 43)
Controller and processor
- 24 Responsibility of the controller
- 25 Data protection by design and by default
- 26 Joint controllers
- 27 Representatives of controllers or processors not established in the Union
- 28 Processor
- 29 Processing under the authority of the controller or processor
- 30 Records of processing activities
- 31 Cooperation with the supervisory authority
- 32 Security of processing
- 33 Notification of a personal data breach to the supervisory authority
- 34 Communication of a personal data breach to the data subject
- 35 Data protection impact assessment
- 36 Prior consultation
- 37 Designation of the data protection officer
- 38 Position of the data protection officer
- 39 Tasks of the data protection officer
- 40 Codes of conduct
- 41 Monitoring of approved codes of conduct
- 42 Certification
- 43 Certification bodies
-
Chapter 5 (Art. 44 - 50)
Transfers of personal data to third countries or international organisations
- 44 General principle for transfers
- 45 Transfers on the basis of an adequacy decision
- 46 Transfers subject to appropriate safeguards
- 47 Binding corporate rules
- 48 Transfers or disclosures not authorised by Union law
- 49 Derogations for specific situations
- 50 International cooperation for the protection of personal data
- Chapter 6 (Art. 51 - 59) Independent supervisory authorities
-
Chapter 7 (Art. 60 - 76)
Cooperation and consistency
- 60 Cooperation between the lead supervisory authority and the other supervisory authorities concerned
- 61 Mutual assistance
- 62 Joint operations of supervisory authorities
- 63 Consistency mechanism
- 64 Opinion of the Board
- 65 Dispute resolution by the Board
- 66 Urgency procedure
- 67 Exchange of information
- 68 European Data Protection Board
- 69 Independence
- 70 Tasks of the Board
- 71 Reports
- 72 Procedure
- 73 Chair
- 74 Tasks of the Chair
- 75 Secretariat
- 76 Confidentiality
-
Chapter 8 (Art. 77 - 84)
Remedies, liability and penalties
- 77 Right to lodge a complaint with a supervisory authority
- 78 Right to an effective judicial remedy against a supervisory authority
- 79 Right to an effective judicial remedy against a controller or processor
- 80 Representation of data subjects
- 81 Suspension of proceedings
- 82 Right to compensation and liability
- 83 General conditions for imposing administrative fines
- 84 Penalties
-
Chapter 9 (Art. 85 - 91)
Provisions relating to specific processing situations
- 85 Processing and freedom of expression and information
- 86 Processing and public access to official documents
- 87 Processing of the national identification number
- 88 Processing in the context of employment
- 89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
- 90 Obligations of secrecy
- 91 Existing data protection rules of churches and religious associations
- Chapter 10 (Art. 92 - 93) Delegated acts and implementing acts
- Chapter 11 (Art. (94 - 99) Final provisions
Chapter 9 (Art. 85 - 91)
Table of Contents
Provisions relating to specific processing situations
- 85 Processing and freedom of expression and information
- 86 Processing and public access to official documents
- 87 Processing of the national identification number
- 88 Processing in the context of employment
- 89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
- 90 Obligations of secrecy
- 91 Existing data protection rules of churches and religious associations