HOME


Index of Articles in the Regulation

Article

Introduction

 

Chapter I: General Provisions

1 Subject matter and objectives
2 Material scope
3 Territorial scope
4 Definitions
 

Chapter II: Principles

5 Principles relating to processing of personal data
6 Lawfulness of processing
7 Conditions for consent
8 Conditions applicable to child's consent in relation to information society services
9 Processing of special categories of personal data
10 Processing of personal data relating to criminal convictions and offences
11

Processing which does not require identification

CHAPTER III: Rights of the data subject

Section 1: Transparency and modalities

12

Transparent information, communication and modalities for the exercise of the rights of the data subject

 

Section 2: Information and access to personal data

13

Information to be provided where personal data are collected from the data subject

14

Information to be provided where personal data have not been obtained from the data subject

15

 Right of access by the data subject

 

Section 3: Rectification and erasure

16

Right to rectification

17

Right to erasure (‘right to be forgotten’)

18

 Right to restriction of processing

19

Notification obligation regarding rectification or erasure of personal data or restriction of processing

20

Right to data portability

 

Section 4: Right to object and automated individual decision-making

21

Right to object

22

 Automated individual decision-making, including profiling

 

Section 5: Restrictions

23

Article 23:Restrictions

Chapter IV: Controller and Processor

Section 1:General obligations

24

Responsibility of the controller

25

Data protection by design and by default

26

Joint controllers

27

Representatives of controllers or processors not established in the Union

28

Processor

29

Processing under the authority of the controller or processor

30

Records of processing activities

31

Cooperation with the supervisory authority

 

Section 2: Security of personal data

32

Security of processing

33

Notification of a personal data breach to the supervisory authority

34

Communication of a personal data breach to the data subject

 

Section 3: Data protection impact assessment and prior consultation

35

Data protection impact assessment

36

 Prior consultation

 

Section 4: Data protection officer

37

Designation of the data protection officer

38

Position of the data protection officer

39

Tasks of the data protection officer

 

Section 5: Codes of conduct and certification

40

Codes of conduct

41

Monitoring of approved codes of conduct

42

Certification

43

Certification bodies

 

Chapter V: Transfer of personal data to third countries of international organizations

44 General principle for transfers
45 Transfers on the basis of an adequacy decision
46 Transfers subject to appropriate safeguards
47 Binding corporate rules
48 Transfers or disclosures not authorised by Union law
49 Derogations for specific situations
50 International cooperation for the protection of personal data

Chapter VI: Independent Supervisory Authorities

Section 1: Independent status

51 Supervisory authority
52 Independence
53 General conditions for the members of the supervisory authority
54

Rules on the establishment of the supervisory authority

 

Section 2: Competence, tasks and powers

55 Competence
56 Competence of the lead supervisory authority
57

Tasks

58  Powers
59

Activity reports

Chapter VII: Co-operation and consistency

Section 1: Cooperation

60 Cooperation between the lead supervisory authority and the other supervisory authorities concerned
61 Mutual assistance
62

Joint operations of supervisory authorities

 

Section 2: Consistency

63 Consistency mechanism
64 Opinion of the Board
65 Dispute resolution by the Board
66 Urgency procedure
67

Exchange of information

 

Section 3: European data protection board

68 European Data Protection Board
69

Independence

70 Tasks of the Board
71 Reports
72 Procedure
73 Chair
74 Tasks of the Chair
75 Secretariat
76 Confidentiality
 

Chapter VIII: Remedies, Liability, and Sanctions

77 Right to lodge a complaint with a supervisory authority
78 Right to an effective judicial remedy against a supervisory authority
79 Right to an effective judicial remedy against a controller or processor
80 Representation of data subjects
81 Suspension of proceedings
82 Right to compensation and liability
83 General conditions for imposing administrative fines
84 Penalties
 

Chapter IX: Provisions relating to specific data processing situations

85 Processing and freedom of expression and information
86 Processing and public access to official documents
87 Processing of the national identification number
88 Processing in the context of employment
89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
90

Obligations of secrecy

91

Existing data protection rules of churches and religious associations

 

Chapter X: Delegated Acts and Implementing Acts

92

Exercise of the delegation

93

Committee procedure

 

Chapter XI: Final provisions

94

Repeal of Directive 95/46/EC

95

Relationship with Directive 2002/58/EC

96

Relationship with previously concluded Agreements

97

Commission reports

98

Review of other Union legal acts on data protection

99

Entry into force and application