GDPR – Which Article?

20th July 2019

london skyline

The GDPR deadline has been and gone, yet even today, there are many organisations who have not yet located and downloaded the Regulation itself. This can be found here. Within this wordy document, there are no less than 99 separate articles, which cover every aspect of how GDPR will operate. We thought that it would be worthwhile for us to extract and highlight some of the more useful requirements which were implemented by organisations around the European Union. This can assist you in identifying the appropriate text within the Regulation itself (this list is not exhaustive). It’s recommended that you check the Regulation before implementing specific plans for your own business. Here goes…


  • Art.6 – Lawfulness of Data Processing
  • Art.25 – Data Protection by Design and Default
  • Art.30 – Records of Data Processing Activities
  • Art.35 – Data Protection Impact Assessments (see our Data Protection page)

Consent etc.

  • Art.7 – Conditions for Data Subject Consent
  • Art.8 – Conditions for Children’s Consent
  • Art.9 – Conditions for Processing Special Categories of Data
  • Art.10 – Conditions for Processing Data about Criminal Convictions

Data Controller & Processor

  • Art.24 – Responsibilities of the Data Controller
  • Art.26 – Joint Data Controllers
  • Art.28 – Responsibilities of Data Processors
  • Art.29 – Data Processing under the Authority of the Data Controller
  • Art.27 – Representatives of Controllers or Processors not in the EU

Data Transfers

  • Art.44 – General Principle for Data Transfers
  • Art.45 – Data Transfers on Basis of Adequacy Decision
  • Art.46 – Data Transfers on Basis of Appropriate Safeguards
  • Art.47 – Data Transfers under Binding Corporate Rules
  • Art.48 – Data Transfers not Authorised under EU Law

Breach Reporting

  • Art.33 – Notification of Data Breach to Supervisory Authority
  • Art.34 – Notification of Data Breach to Affected Data Subjects

Data Subject Rights

  • Art.15 – Right of Access by the Data Subject
  • Art.16 – Right to Data Rectification
  • Art.17 – Right to Erasure (to be forgotten)
  • Art.18 – Right to Restriction of Processing
  • Art.20 – Right to Data Portability
  • Art.21 – Right to Object to Processing

Data Protection Officer

  • Art.37 – Designation of the Data Protection Officer
  • Art.38 – Position of the Data Protection Officer
  • Art.39 – Tasks of the Data Protection Officer

Penalties & Remedies

  • Art.82 – Right to Compensation and Liability
  • Art.83 – Conditions for Imposing Administrative Fines
  • Art.84 – Penalties by Member States

Protect your reputation, gain your client’s trust

Personal data should be fully protected at all times. We have supported many organisations to understand the new General Data Protection Regulation/UK Data Protection Act 2018 and be compliant with its many requirements. Contact the InfoSaaS Team to find out how we can simplify your data protection activities.

Back to Insights

Share Insight: