HOME

Index of Articles in the Regulation

Article

Introduction
 

Chapter I: General Provisions
1 Subject matter and objectives
2 Material scope
3 Territorial scope
4 Definitions
 

Chapter II: Principles
5 Principles relating to processing of personal data
6 Lawfulness of processing
7 Conditions for consent
8 Conditions applicable to child's consent in relation to information society services
9 Processing of special categories of personal data
10 Processing of personal data relating to criminal convictions and offences
11

Processing which does not require identification

CHAPTER III: Rights of the data subject

Section 1: Transparency and modalities
12

Transparent information, communication and modalities for the exercise of the rights of the data subject
 

Section 2: Information and access to personal data

13

Information to be provided where personal data are collected from the data subject
14

Information to be provided where personal data have not been obtained from the data subject
15

 Right of access by the data subject
 

Section 3: Rectification and erasure

16

Right to rectification
17

Right to erasure (‘right to be forgotten’)
18

 Right to restriction of processing
19

Notification obligation regarding rectification or erasure of personal data or restriction of processing
20

Right to data portability
 

Section 4: Right to object and automated individual decision-making

21

Right to object
22

 Automated individual decision-making, including profiling
 

Section 5: Restrictions

23

Article 23:Restrictions

Chapter IV: Controller and Processor

Section 1:General obligations

24

Responsibility of the controller
25

Data protection by design and by default
26

Joint controllers
27

Representatives of controllers or processors not established in the Union
28

Processor
29

Processing under the authority of the controller or processor
30

Records of processing activities
31

Cooperation with the supervisory authority
 

Section 2: Security of personal data
32

Security of processing
33

Notification of a personal data breach to the supervisory authority
34

Communication of a personal data breach to the data subject
 

Section 3: Data protection impact assessment and prior consultation

35

Data protection impact assessment
36

 Prior consultation
 

Section 4: Data protection officer

37

Designation of the data protection officer
38

Position of the data protection officer
39

Tasks of the data protection officer
 

Section 5: Codes of conduct and certification

40

Codes of conduct
41

Monitoring of approved codes of conduct
42

Certification
43

Certification bodies
 

Chapter V: Transfer of personal data to third countries or international organizations
44 General principle for transfers
45 Transfers on the basis of an adequacy decision
46 Transfers subject to appropriate safeguards
47 Binding corporate rules
48 Transfers or disclosures not authorised by Union law
49 Derogations for specific situations
50 International cooperation for the protection of personal data

Chapter VI: Independent Supervisory Authorities

Section 1: Independent status

51 Supervisory authority
52 Independence
53 General conditions for the members of the supervisory authority
54

Rules on the establishment of the supervisory authority
 

Section 2: Competence, tasks and powers

55 Competence
56 Competence of the lead supervisory authority
57

Tasks
58  Powers
59

Activity reports

Chapter VII: Co-operation and consistency

Section 1: Cooperation

60 Cooperation between the lead supervisory authority and the other supervisory authorities concerned
61 Mutual assistance
62

Joint operations of supervisory authorities
 

Section 2: Consistency

63 Consistency mechanism
64 Opinion of the Board
65 Dispute resolution by the Board
66 Urgency procedure
67

Exchange of information
 

Section 3: European data protection board

68 European Data Protection Board
69

Independence
70 Tasks of the Board
71 Reports
72 Procedure
73 Chair
74 Tasks of the Chair
75 Secretariat
76 Confidentiality
 

Chapter VIII: Remedies, Liability, and Sanctions
77 Right to lodge a complaint with a supervisory authority
78 Right to an effective judicial remedy against a supervisory authority
79 Right to an effective judicial remedy against a controller or processor
80 Representation of data subjects
81 Suspension of proceedings
82 Right to compensation and liability
83 General conditions for imposing administrative fines
84 Penalties
 

Chapter IX: Provisions relating to specific data processing situations
85 Processing and freedom of expression and information
86 Processing and public access to official documents
87 Processing of the national identification number
88 Processing in the context of employment
89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
90

Obligations of secrecy
91

Existing data protection rules of churches and religious associations
 

Chapter X: Delegated Acts and Implementing Acts
92

Exercise of the delegation
93

Committee procedure
 

Chapter XI: Final provisions
94

Repeal of Directive 95/46/EC
95

Relationship with Directive 2002/58/EC
96

Relationship with previously concluded Agreements
97

Commission reports
98

Review of other Union legal acts on data protection
99

Entry into force and application
 

COPY OF THE COMPLETE ACT
 

Official Legal Text
 

EDPB Website