GDPR … which Article?

9th December 2017 Author: InfoSaaS

We’ve noticed that many organisations who are preparing for the introduction of GDPR in just over six-months’ time have not yet found a reason to locate and download the the Regulation itself.

Incidentally, this can be found here.

Within this wordy document, there are no less than 99 separate articles which cover every aspect of how GDPR will operate. In response to a recent request, we thought that it would be worthwhile for us to extract and highlight some of the more useful requirements which are being implemented by organisations around the European Union, to assist you in identifying the appropriate text within the Regulation itself (this list is not exhaustive). It’s recommended that you check the Regulation before finalising plans for your own business. Here goes …

Art.6 – Lawfulness of Data Processing
Art.25 – Data Protection by Design and Default
Art.30 – Records of Data Processing Activities
Art.35 – Data Protection Impact Assessments (see our website)

Consent etc.
Art.7 – Conditions for Data Subject Consent
Art.8 – Conditions for Children’s Consent
Art.9 – Conditions for Processing Special Categories of Data
Art.10 – Conditions for Processing Data about Criminal Convictions

Data Controller & Processor
Art.24 – Responsibilities of the Data Controller
Art.26 – Joint Data Controllers
Art.28 – Responsibilities of Data Processors
Art.29 – Data Processing under the Authority of the Data Controller
Art.27 – Representatives of Controllers or Processors not in the EU

Data Transfers
Art.44 – General Principle for Data Transfers
Art.45 – Data Transfers on Basis of Adequacy Decision
Art.46 – Data Transfers on Basis of Appropriate Safeguards
Art.47 – Data Transfers under Binding Corporate Rules
Art.48 – Data Transfers not Authorised under EU Law

Breach Reporting
Art.33 – Notification of Data Breach to Supervisory Authority
Art.34 – Notification of Data Breach to Affected Data Subjects

Data Subject Rights
Art.15 – Right of Access by the Data Subject
Art.16 – Right to Data Rectification
Art.17 – Right to Erasure (to be forgotten)
Art.18 – Right to Restriction of Processing
Art.20 – Right to Data Portability
Art.21 – Right to Object to Processing

Data Protection Officer
Art.37 – Designation of the Data Protection Officer
Art.38 – Position of the Data Protection Officer
Art.39 – Tasks of the Data Protection Officer

Penalties & Remedies
Art.82 – Right to Compensation and Liability
Art.83 – Conditions for Imposing Administrative Fines
Art.84 – Penalties by Member States