My favourites

Chapter IV – Controller and processor (Art. 24-43)

Art. 24 GDPR - Responsibility of the controller arrow_right_alt

Art. 25 GDPR - Data protection by design and by default arrow_right_alt

Art. 26 GDPR - Joint controllers arrow_right_alt

  1. Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14, by means of an arrangement between them unless, and in so far as, the respective responsibilities of the controllers are determined by Union or Member State law to which the controllers are subject. The arrangement may designate a contact point for data subjects.
  2. The arrangement referred to in paragraph 1 shall duly reflect the respective roles and relationships of the joint controllers vis-à-vis the data subjects. The essence of the arrangement shall be made available to the data subject.
  3. Irrespective of the terms of the arrangement referred to in paragraph 1, the data subject may exercise his or her rights under this Regulation in respect of and against each of the controllers.
Close tabsclose
  • 79

Recital 79

The protection of the rights and freedoms of data subjects as well as the responsibility and liability of controllers and processors, also in relation to the monitoring by and measures of supervisory authorities, requires a clear allocation of the responsibilities under this Regulation, including where a controller determines the purposes and means of the processing jointly with other controllers or where a processing operation is carried out on behalf of a controller.

Art. 27 GDPR - Representatives of controllers or processors not established in the Union arrow_right_alt

Art. 28 GDPR - Processor arrow_right_alt

Art. 29 GDPR - Processing under the authority of the controller or processor arrow_right_alt

Art. 30 GDPR - Records of processing activities arrow_right_alt

Art. 31 GDPR - Cooperation with the supervisory authority arrow_right_alt

Art. 32 GDPR - Security of processing arrow_right_alt

Art. 33 GDPR - Notification of a personal data breach to the supervisory authority arrow_right_alt

Art. 34 GDPR - Communication of a personal data breach to the data subject arrow_right_alt

Art. 35 GDPR - Data protection impact assessment arrow_right_alt

Art. 36 GDPR - Prior consultation arrow_right_alt

Art. 37 GDPR - Designation of the data protection officer arrow_right_alt

Art. 38 GDPR - Position of the data protection officer arrow_right_alt

Art. 39 GDPR - Tasks of the data protection officer arrow_right_alt

Art. 40 GDPR - Codes of conduct arrow_right_alt

Art. 41 GDPR - Monitoring of approved codes of conduct arrow_right_alt

Art. 42 GDPR - Certification arrow_right_alt

Art. 43 GDPR - Certification bodies arrow_right_alt