My favourites

Chapter IV – Controller and processor (Art. 24-43)

Art. 24 GDPR - Responsibility of the controller arrow_right_alt

Art. 25 GDPR - Data protection by design and by default arrow_right_alt

Art. 26 GDPR - Joint controllers arrow_right_alt

Art. 27 GDPR - Representatives of controllers or processors not established in the Union arrow_right_alt

Art. 28 GDPR - Processor arrow_right_alt

Art. 29 GDPR - Processing under the authority of the controller or processor arrow_right_alt

Art. 30 GDPR - Records of processing activities arrow_right_alt

Art. 31 GDPR - Cooperation with the supervisory authority arrow_right_alt

Art. 32 GDPR - Security of processing arrow_right_alt

Art. 33 GDPR - Notification of a personal data breach to the supervisory authority arrow_right_alt

Art. 34 GDPR - Communication of a personal data breach to the data subject arrow_right_alt

Art. 35 GDPR - Data protection impact assessment arrow_right_alt

Art. 36 GDPR - Prior consultation arrow_right_alt

Art. 37 GDPR - Designation of the data protection officer arrow_right_alt

Art. 38 GDPR - Position of the data protection officer arrow_right_alt

Art. 39 GDPR - Tasks of the data protection officer arrow_right_alt

  1. The data protection officer shall have at least the following tasks:
    1. to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;
    2. to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
    3. to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;
    4. to cooperate with the supervisory authority;
    5. to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.
  2. The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.

Art. 40 GDPR - Codes of conduct arrow_right_alt

Art. 41 GDPR - Monitoring of approved codes of conduct arrow_right_alt

Art. 42 GDPR - Certification arrow_right_alt

Art. 43 GDPR - Certification bodies arrow_right_alt