General Data Protection Regulation (GDPR)

Chapter I
General Provisions (Articles 1-4)
GDPR Recitals Overview
Article 1
Subject-matter and Objectives
Article 2
Material Scope
Article 3
Territorial Scope
Chapter II
Principles (Articles 5-11)
GDPR Recitals Overview
Article 4
Definitions
Article 5
Principles relating to processing of personal data
Article 6
Lawfulness of processing
Article 7
Conditions for consent
Article 8
Conditions applicable to child’s consent in relation to information society services
Article 9
Processing of special categories of personal data
Article 10
Processing of personal data relating to criminal convictions and offences
Article 11
Processing which does not require identification
Chapter III
Rights of the Data Subject (Articles 12-23)
GDPR Recitals Overview
Article 12
Transparant information, communication, communication and modalities for
the exercise of the rights of the data subject
Article 13
Information to be provided where personal data are collected from the data subject
Article 14
Information to be provided where personal data have not been obtained from the data subject
Article 15
Rights of access by the data subject
Article 16
Right to rectification
Article 17
Right to erasure (‘right to be forgotten’)
Article 18
Right to restriction of processing
Article 19
Notification obligation regarding rectifications or erasure of personal data or restriction of processing
Article 20
Right to data portability
Article 21
Right to object and automated individual decision-making
Article 22
Automated individual decision-making, including profiling
Article 23
Restrictions
Chapter IV
Controller and Processor (Articles 24-43)
GDPR Recitals Overview
Article 24
Responsibility of the controller
Article 25
Data protection by design and by default
Article 26
Joint controllers
Article 27
Representatives of controllers or processors not established in the European Union
Article 28
Processor
Article 29
Processing under the authority of the controller or processor
Article 30
Records of processing activities
Article 31
Cooperation with the supervisory authority
Article 32
Security of personal data
Article 33
Notification of a personal data breach to the supervisory authority
Article 34
Communication of a personal data breach to the data subject
Article 35
Data protection impact assessment
Article 36
Prior consultation
Article 37
Designation of the data protection officer
Article 38
Position of the data protection officer
Article 39
Tasks of the data protection officer
Article 40
Codes of Conduct
Article 41
Monitoring of approved codes of conduct
Article 42
Certification
Article 43
Certification bodies
Chapter V
Transfer of Personal Data to Third Countries or International Organisations (Articles 44-50)
GDPR Recitals Overview
Article 44
General principle for transfers
Article 45
Transfers on the basis of an adequacy decision
Article 46
Transfers subject to appropriate safeguards
Article 47
Binding corporate rules
Article 48
Transfers or disclosures not authorised by Union Law
Article 49
Derogations for specific situations
Article 50
International cooperation for the protection of personal data
Chapter VI
Independent Supervisory Authorities (Articles 51-59)
GDPR Recitals Overview
Article 51
Supervisory Authority
Article 52
Independence
Article 53
General conditions for the members of the supervisory authority
Article 54
Rules on the establishment of the supervisory authority
Article 55
Competence
Article 56
Competence of the lead supervisory authority
Article 57
Tasks
Article 58
Powers
Article 59
Activity reports
Chapter VII
Cooperation and Consistency (Articles 60-76)
GDPR Recitals Overview
Article 60
Cooperation between the lead supervisory authority and the other supervisory authorities concerned
Article 61
Mutual assistance
Article 62
Joint operations of supervisory authorities
Article 63
Consistency mechanism
Article 64
Opinion of the Board
Article 65
Dispute resolution by the Board
Article 66
Urgency procedure
Article 67
Exchange of information
Article 68
European Data Protection Board
Article 69
Independence
Article 70
Tasks of the Board
Article 71
Reports
Article 72
Procedure
Article 73
Chair
Article 74
Tasks of the Chair
Article 75
Secretariat
Article 76
Confidentiality
Chapter VIII
Remedies, Liability and Penalties (Articles 77-84)
GDPR Recitals Overview
Article 77
Right to lodge a complaint with a supervisory authority
Article 78
Right to an effective judicial remedy against a supervisory authority
Article 79
Right to an effective judicial remedy against a controller or processor
Article 80
Representation of data subjects
Article 81
Suspension of proceedings
Article 82
Right to compensation and liability
Article 83
General conditions for imposing administrative fines
Article 84
Penalties
Chapter IX
Provisions Relating to Specific Processing Situations (Articles 85-91)
GDPR Recitals Overview
Article 85
Processing and freedom of expression and information
Article 86
Processing and public access to official documents
Article 87
Processing of the national identification number
Article 88
Processing in the context of employment
Article 89
Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
Article 90
Obligations of secrecy
Article 91
Existing data protection rules of churches and religious associations
Chapter X
Delegated Acts and implementing Acts (Articles 92-93)
GDPR Recitals Overview
Article 92
Exercise of the delegation
Article 93
Committee procedure
Chapter XI
Final Provisions (Articles 94-99)
GDPR Recitals Overview
Article 94
Repeal of Directive 95/46/EC
Article 95
Relationship with Directive 2002/58/EC
Article 96
Relationship with previously concluded Agreements
Article 97
Commission reports
Article 98
Review of other Union legal acts on data protection
Article 99
Entry into force and application
GDPR Recitals Overview | Free data protection resources
PRIVAPEDIA – Privacy and Data Protection Terms and Definitions

author avatar
Privacy Professor

Professor mr drs Romeo F. Kadir MA MSc LLM LLM (Adv) EMBA EMoC

At present Romeo Kadir serves as the President of the Global Association of Data Protection Professionals Europe (GADPPRO). GADPPRO is a thought leader self-regulatory association of data protection professionals based in the European Union, active around the globe and the first European Association of data protection professionals open for members outside the EU. Please visit www.gadppro.org for more information.

First appointed Data Protection Officer (DPO) ever in the Netherlands (European Union) at a semi-public entity. Seasoned European Privacy and Data Protection Expert (22+ years of practical experience in EU Privacy and Data Protection Law, Business Management, Compliance and Ethics).

Studied European and International Law, Political Sciences and Business Administration. Romeo Kadir is EIPACC EADPP Professor European Privacy & Data Protection Law at Universitas Padjadjaran UNpad (Indonesia) and Honorary Visiting Research Fellow with O.P. Jindal Global University (New Delhi), Senior Associate Fellow with Vidhi Centre for Legal Policy (New Delhi), Lecturer Science Honours Academy and Lecturer at the International Molengraaff Institute, Utrecht University (UU, Netherlands). In 2010 he was founder of the first European Data Protection Academy focusing on privacy-only executive education.

Present Occupations in European Data Protection Law

Member of the International Bar Association (IBA)
Member of the International Board of Experts with EuroPrivacy Certification Scheme (Geneva and Luxembourg)
Member of the International Strategic Board with EuroPrivacy Certification Scheme (Geneva and Luxembourg)
Member of the Swiss-Chinese Law Association (SCLA)

Former Occupations in European Data Protection Law

President European Institute for Privacy, Audit, Compliance & Certification (EIPACC)
Co-Founder/Vice-President European Association for Data Protection Professionals (EADPP)
Chair EADPP Certification Committee Data Protection Professionals,
Chair EADPP Academic Board
Chair EADPP Expert Committee on Cybersecurity
Chair EADPP Expert Committee on Artificial Intelligence (AI)
President Supervisory Board of the Dutch Privacy Complaints Office (NPKI)
Rapporteur to UN Monitoring Commission Human Rights on behalf of the Dutch Privacy Foundation (SPN)

Publications

'Handbook DPO - A Practical Guide', Privacy Publishing Group (2017)
Editor-in-Chief of ‘Data Protection Dictionary’, authored, edited and coordinated ‘Handbook for the Data Protection Officer – A practical Guide’, ‘The Ultimate GDPR Business Guide – Six Volumes’ and other relevant books in the field of privacy and data protection (www.dataprotectionbooks.com)

www.romeokadir.eu

You may also like

Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679
29 November, 2020

Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679 Paragraph 3.2.3  Risks to free flow of personal data within the Union 44. Where the objection will refer to this particular risk, the CSA will need to clarify why it …

Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679
29 November, 2020

Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679 Paragraph 3.2.2  Risks to fundamental rights and freedoms of data subjects 39. The issue at stake concerns the impact the draft decision as a whole would have on the data …

Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679
29 November, 2020

Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679 Paragraph 3.2.1  Meaning of “significance of the risks” 35. It is important to bear in mind that the goal of the work carried out by SAs is that of protecting …