General Data Protection Regulation
Search
Chapter 1: General provisions
Article 1: Subject-matter and objectives
Article 2: Material scope
Article 3: Territorial scope
Article 4: Definitions
Chapter 2: Principles
Article 5: Principles relating to processing of personal data
Article 6: Lawfulness of processing
Article 7: Conditions for consent
Article 8: Conditions applicable to child’s consent in relation to information society services
Article 9: Processing of special categories of personal data
Article 10: Processing of personal data relating to criminal convictions and offences
Article 11: Processing which does not require identification
Chapter 3: Rights of the data subject
Article 12: Transparent information, communication and modalities for the exercise of the rights of the data subject
Article 13: Information to be provided where personal data are collected from the data subject
Article 14: Information to be provided where personal data have not been obtained from the data subject
Article 15: Right of access by the data subject
Article 16: Right to rectification
Article 17: Right to erasure (‘right to be forgotten’)
Article 18: Right to restriction of processing
Article 19: Notification obligation regarding rectification or erasure of personal data or restriction of processing
Article 20: Right to data portability
Article 21: Right to object
Article 22: Automated individual decision-making, including profiling
Article 23: Restrictions
Chapter 4: Controller and processor
Article 24: Responsibility of the controller
Article 25: Data protection by design and by default
Article 26: Joint controllers
Article 27: Representatives of controllers or processors not established in the Union
Article 28: Processor
Article 29: Processing under the authority of the controller or processor
Article 30: Records of processing activities
Article 31: Cooperation with the supervisory authority
Article 32: Security of processing
Article 33: Notification of a personal data breach to the supervisory authority
Article 34: Communication of a personal data breach to the data subject
Article 35: Data protection impact assessment
Article 36: Prior consultation
Article 37: Designation of the data protection officer
Article 38: Position of the data protection officer
Article 39: Tasks of the data protection officer
Article 40: Codes of conduct
Article 41: Monitoring of approved codes of conduct
Article 42: Certification
Article 43: Certification bodies
Chapter 5: Transfers of personal data to third countries or international organisations
Article 44: General principle for transfers
Article 45: Transfers on the basis of an adequacy decision
Article 46: Transfers subject to appropriate safeguards
Article 47: Binding corporate rules
Article 48: Transfers or disclosures not authorised by Union law
Article 49: Derogations for specific situations
Article 50: International cooperation for the protection of personal data
Chapter 6: Independent supervisory authorities
Article 51: Supervisory authority
Article 52: Independence
Article 53: General conditions for the members of the supervisory authority
Article 54: Rules on the establishment of the supervisory authority
Article 55: Competence
Article 56: Competence of the lead supervisory authority
Article 57: Tasks
Article 58: Powers
Article 59: Activity reports
Chapter 7: Cooperation and consistency
Article 60: Cooperation between the lead supervisory authority and the other supervisory authorities concerned
Article 61: Mutual assistance
Article 62: Joint operations of supervisory authorities
Article 63: Consistency mechanism
Article 64: Opinion of the Board
Article 65: Dispute resolution by the Board
Article 66: Urgency procedure
Article 67: Exchange of information
Article 68: European Data Protection Board
Article 69: Independence
Article 70: Tasks of the Board
Article 71: Reports
Article 72: Procedure
Article 73: Chair
Article 74: Tasks of the Chair
Article 75: Secretariat
Article 76: Confidentiality
Chapter 8: Remedies, liability and penalties
Article 77: Right to lodge a complaint with a supervisory authority
Article 78: Right to an effective judicial remedy against a supervisory authority
Article 79: Right to an effective judicial remedy against a controller or processor
Article 80: Representation of data subjects
Article 81: Suspension of proceedings
Article 82: Right to compensation and liability
Article 83: General conditions for imposing administrative fines
Article 84: Penalties
Chapter 9: Provisions relating to specific processing situations
Article 85: Processing and freedom of expression and information
Article 86: Processing and public access to official documents
Article 87: Processing of the national identification number
Article 88: Processing in the context of employment
Article 89: Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
Article 90: Obligations of secrecy
Article 91: Existing data protection rules of churches and religious associations
Chapter 10: Delegated acts and implementing acts
Article 92: Exercise of the delegation
Article 93: Committee procedure
Chapter 11: Final provisions
Article 94: Repeal of Directive 95/46/EC
Article 95: Relationship with Directive 2002/58/EC
Article 96: Relationship with previously concluded Agreements
Article 97: Commission reports
Article 98: Review of other Union legal acts on data protection
Article 99: Entry into force and application
English
Español
Français
Português
Chapter 3
Rights of the data subject
Article 12: Transparent information, communication and modalities for the exercise of the rights of the data subject
Article 13: Information to be provided where personal data are collected from the data subject
Article 14: Information to be provided where personal data have not been obtained from the data subject
Article 15: Right of access by the data subject
Article 16: Right to rectification
Article 17: Right to erasure (‘right to be forgotten’)
Article 18: Right to restriction of processing
Article 19: Notification obligation regarding rectification or erasure of personal data or restriction of processing
Article 20: Right to data portability
Article 21: Right to object
Article 22: Automated individual decision-making, including profiling
Article 23: Restrictions
What does it mean?
Free Privacy Policy
Grab your 100 % free privacy policy for custom-made GDPR compliance
for your business website.
Get Template
Discover
Resources
About
Contact