GDPR – Which Article?

20th July 2019

london skyline

The GDPR deadline has been and gone, yet even today, there are many organisations who have not yet located and downloaded the Regulation itself.

This can be found here.

Within this wordy document, there are no less than 99 separate articles, which cover every aspect of how GDPR will operate.

We thought that it would be worthwhile for us to extract and highlight some of the more useful requirements which were implemented by organisations around the European Union. This can assist you in identifying the appropriate text within the Regulation itself (this list is not exhaustive).

It’s recommended that you check the Regulation before finalising plans for your own business. Here goes…


Art.6 – Lawfulness of Data Processing

Art.25 – Data Protection by Design and Default

Art.30 – Records of Data Processing Activities

Art.35 – Data Protection Impact Assessments (see our Data Protection page)

Consent etc.

Art.7 – Conditions for Data Subject Consent

Art.8 – Conditions for Children’s Consent

Art.9 – Conditions for Processing Special Categories of Data

Art.10 – Conditions for Processing Data about Criminal Convictions

Data Controller & Processor

Art.24 – Responsibilities of the Data Controller

Art.26 – Joint Data Controllers

Art.28 – Responsibilities of Data Processors

Art.29 – Data Processing under the Authority of the Data Controller

Art.27 – Representatives of Controllers or Processors not in the EU

Data Transfers

Art.44 – General Principle for Data Transfers

Art.45 – Data Transfers on Basis of Adequacy Decision

Art.46 – Data Transfers on Basis of Appropriate Safeguards

Art.47 – Data Transfers under Binding Corporate Rules

Art.48 – Data Transfers not Authorised under EU Law

Breach Reporting

Art.33 – Notification of Data Breach to Supervisory Authority

Art.34 – Notification of Data Breach to Affected Data Subjects

Data Subject Rights

Art.15 – Right of Access by the Data Subject

Art.16 – Right to Data Rectification

Art.17 – Right to Erasure (to be forgotten)

Art.18 – Right to Restriction of Processing

Art.20 – Right to Data Portability

Art.21 – Right to Object to Processing

Data Protection Officer

Art.37 – Designation of the Data Protection Officer

Art.38 – Position of the Data Protection Officer

Art.39 – Tasks of the Data Protection Officer

Penalties & Remedies

Art.82 – Right to Compensation and Liability

Art.83 – Conditions for Imposing Administrative Fines

Art.84 – Penalties by Member States

Protect your reputation, gain your client’s trust

Personal data should be fully protected at all times.

We have supported many organisations to understand the new General Data Protection Regulation (GDPR) and be compliant with its many requirements.

Let’s discuss your requirements and create a plan to deliver your objectives.

Back to Insights

Share Insight: