UK GDPR / Chapter 4 / Section 1: General o… / Art. 24

Art. 1

Subject-matter and objektives

Art. 2

Material scope

Art. 3

Territorial scope

Art. 4

Definitions

Art. 5

Principles relating to processing of personal data

Art. 6

Lawfulness of processing

Art. 7

Conditions for consent

Art. 8

Conditions applicable to child's consent in relation to information society services

Art. 9

Processing of special categories of personal data

Art. 10

Processing of personal data relating to criminal convictions and offences

Art. 11

Processing which does not require identification

Section 1: Transparency and modalities

Art. 12

Transparent information, communication and modalities for the exercise of the rights of the data subject

Section 2: Information and access to personal data

Art. 13

Information to be provided where personal data are collected from the data subject

Art. 14

Information to be provided where personal data have not been obtained from the data subject

Art. 15

Right of access by the data subject

Section 3: Rectification and erasure

Art. 16

Right to rectification

Art. 17

Right to erasure (‘right to be forgotten’)

Art. 18

Right to restriction of processing

Art. 19

Notification obligation regarding rectification or erasure of personal data or restriction of processing

Art. 20

Right to data portability

Section 4: Right to object and automated individual decision-making

Art. 21

Right to object

Art. 22

Automated individual decision-making, including profiling

Section 5: Restrictions

Art. 23

Restrictions

Section 1: General obligations

Art. 24

Responsibility of the controller

Art. 25

Data protection by design and by default

Art. 26

Joint controllers

Art. 27

Representatives of controllers or processors not established in the Union

Art. 28

Processor

Art. 29

Processing under the authority of the controller or processor

Art. 30

Records of processing activities

Art. 31

Cooperation with the supervisory authority

Section 2: Security of personal data

Art. 32

Security of processing

Art. 33

Notification of a personal data breach to the supervisory authority

Art. 34

Communication of a personal data breach to the data subject

Section 3: Data protection impact assessment and prior consultation

Art. 35

Data protection impact assessment

Art. 36

Prior consultation

Section 4: Data protection officer

Art. 37

Designation of the data protection officer

Art. 38

Position of the data protection officer

Art. 39

Tasks of the data protection officer

Section 5: Codes of conduct and certification

Art. 40

Codes of conduct

Art. 41

Monitoring of approved codes of conduct

Art. 42

Certification

Art. 43

Certification bodies

Art. 44

General principle for transfers

Art. 45

Transfers on the basis of an adequacy decision

Art. 46

Transfers subject to appropriate safeguards

Art. 47

Binding corporate rules

Art. 48

Transfers or disclosures not authorised by Union law

Art. 49

Derogations for specific situations

Art. 50

International cooperation for the protection of personal data

Section 1: Independent status

Art. 51

Supervisory authority

Art. 52

Independence

Art. 53

General conditions for the members of the supervisory authority

Art. 54

Rules on the establishment of the supervisory authority

Section 2: Competence, tasks and powers

Art. 55

Competence

Art. 56

Competence of the lead supervisory authority

Art. 57

Tasks

Art. 58

Powers

Art. 59

Activity reports

Section 1: Cooperation

Art. 60

Cooperation between the lead supervisory authority and the other supervisory authorities concerned

Art. 61

Mutual assistance

Art. 62

Joint operations of supervisory authorities

Section 2: Consistency

Art. 63

Consistency mechanism

Art. 64

Opinion of the Board

Art. 65

Dispute resolution by the Board

Art. 66

Urgency procedure

Art. 67

Exchange of information

Section 3: European data protection board

Art. 68

European Data Protection Board

Art. 69

Independence

Art. 70

Tasks of the Board

Art. 71

Reports

Art. 72

Procedure

Art. 73

Chair

Art. 74

Tasks of the Chair

Art. 75

Secretariat

Art. 76

Confidentiality

Art. 77

Right to lodge a complaint with a supervisory authority

Art. 78

Right to an effective judicial remedy against a supervisory authority

Art. 79

Right to an effective judicial remedy against a controller or processor

Art. 80

Representation of data subjects

Art. 81

Suspension of proceedings

Art. 82

Right to compensation and liability

Art. 83

General conditions for imposing administrative fines

Art. 84

Penalties

Art. 85

Processing and freedom of expression and information

Art. 86

Processing and public access to official documents

Art. 87

Processing of the national identification number

Art. 88

Processing in the context of employment

Art. 89

Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes

Art. 90

Obligations of secrecy

Art. 91

Existing data protection rules of churches and religious associations

Art. 92

Exercise of the delegation

Art. 93

Committee procedure

Art. 94

Repeal of Directive 95/46/EC

Art. 95

Relationship with Directive 2002/58/EC

Art. 96

Relationship with previously concluded Agreements

Art. 97

Commission reports

Art. 98

Review of other Union legal acts on data protection

Art. 99

Entry into force and application

UK GDPR

Chapter 4: Controller and processor

Artikel

zurück zu
Art. 23

weiter zu
Art. 25

Chapter 4: Controller and processor

Art. 24 Responsibility of the controller

Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary.
Where proportionate in relation to processing activities, the measures referred to in paragraph 1 shall include the implementation of appropriate data protection policies by the controller.
Adherence to approved codes of conduct as referred to in Article 40 or approved certification mechanisms as referred to in Article 42 may be used as an element by which to demonstrate compliance with the obligations of the controller.

zurück zu
Art. 23

weiter zu
Art. 25