EU GDPR
Chapter I
General Provisions
- Article 1 Subject matter and objectives
- Article 2 Material scope
- Article 3 Territorial scope
- Article 4 Definitions
Chapter II
Principles
- Article 5 Principles relating to processing of personal data
- Article 6 Lawfulness of processing
- Article 7 Conditions for consent
- Article 8 Conditions applicable to child's consent in relation to information society services
- Article 9 Processing of special categories of personal data
- Article 10 Processing of personal data relating to criminal convictions and offences
- Article 11 Processing which does not require identification Chapter III
Chapter III
Rights of the data subject
Section 1
Transparency and modalities
Section 2
Information and access to personal data
- Article 13 Information to be provided where personal data are collected from the data subject
- Article 14 Information to be provided where personal data have not been obtained from the data subject
- Article 15 Right of access by the data subject
Section 3
Rectification and erasure
- Article 16 Right to rectification
- Article 17 Right to erasure (“right to be forgotten")
- Article 18 Right to restriction of processing
- Article 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing
- Article 20 Right to data portability
Section 4
Right to object and automated individual decision making
Section 5
Restrictions
Chapter IV
Controller and processor
Section 1
General obligations
- Article 24 Responsibility of the controller
- Article 25 Data protection by design and by default
- Article 26 Joint controllers
- Article 27 Representatives of controllers or processors not established in the Union
- Article 28 Processor
- Article 29 Processing under the authority of the controller or processor
- Article 30 Records of processing activities
- Article 31 Cooperation with the supervisory authority
Section 2
Security of personal data
- Article 32 Security of processing
- Article 33 Notification of a personal data breach to the supervisory authority
- Article 34 Communication of a personal data breach to the data subject
Section 3
Data protection impact assessment and prior consultation
Section 4
Data protection officer
- Article 37 Designation of the data protection officer
- Article 38 Position of the data protection officer
- Article 39 Tasks of the data protection officer
Section 5
Codes of conduct and certification
- Article 40 Codes of conduct
- Article 41 Monitoring of approved codes of conduct
- Article 42 Certification
- Article 43 Certification bodies
Chapter V
Transfer of personal data to third countries or international organisations
- Article 44 General principle for transfers
- Article 45 Transfers on the basis of an adequacy decision
- Article 46 Transfers subject to appropriate safeguards
- Article 47 Binding corporate rules
- Article 48 Transfers or disclosures not authorised by Union law
- Article 49 Derogations for specific situations
- Article 50 International cooperation for the protection of personal data
Chapter VI
independent supervisory authorities
Section 1
Independent status
- Article 51 Supervisory authority
- Article 52 Independence
- Article 53 General conditions for the members of the supervisory authority
- Article 54 Rules on the establishment of the supervisory authority
Section 2
Competence, tasks and powers
- Article 55 Competence
- Article 56 Competence of the lead supervisory authority
- Article 57 Tasks
- Article 58 Powers
- Article 59 Activity reports
Chapter VII
Cooperation and consistency
Section 1
Cooperation
- Article 60 Cooperation between the lead supervisory authority and other supervisory authorities concerned
- Article 61 Mutual assistance
- Article 62 Joint operations of supervisory authorities
Section 2
Consistency
- Article 63 Consistency mechanism
- Article 64 Opinion of the Board
- Article 65 Dispute resolution by the Board
- Article 66 Urgency procedure
- Article 67 Exchange of information
Section 3
European data protection board
- Article 68 European Data Protection Board
- Article 69 Independence
- Article 70 Tasks of the Board
- Article 71 Reports
- Article 72 Procedure
- Article 73 Chair
- Article 74 Tasks of the Chair
- Article 75 Secretariat
- Article 76 Confidentiality
Chapter VIII
Remedies, liability and sanctions
- Article 77 Right to lodge a complaint with a supervisory authority
- Article 78 Right to an effective judicial remedy against a supervisory authority
- Article 79 Right to an effective judicial remedy against a controller or processor
- Article 80 Representation of data subjects
- Article 81 Suspension of proceedings
- Article 82 Right to compensation and liability
- Article 83 General conditions for imposing administrative fines
- Article 84 Penalties
Chapter IX
Provisions relating to specific processing situations
- Article 85 Processing and freedom of expression and information
- Article 86 Processing and public access to official documents
- Article 87 Processing of the national identification number
- Article 88 Processing in the context of employment
- Article 89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
- Article 90 Obligations of secrecy
- Article 91 Existing data protection rules of churches and religious associations