The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that was adopted by the European Union (EU) in April 2016 and took effect in May 2018. It replaces the EU's 1995 Data Protection Directive and aims to strengthen and harmonize data protection rules across the EU. The GDPR applies to the processing of personal data of individuals in the EU and the European Economic Area (EEA) by controllers and processors in the EU and EEA, as well as the processing of personal data of individuals in the EU and EEA by controllers and processors not established in the EU or EEA, if the processing activities relate to offering goods or services to individuals in the EU or EEA, or to the monitoring of their behavior.
The GDPR sets out a number of rights for individuals with regard to their personal data, including the right to be informed about the collection and use of their personal data, the right to access their personal data, the right to rectification of inaccurate personal data, the right to erasure of personal data in certain circumstances, and the right to object to the processing of their personal data. The GDPR also imposes obligations on controllers and processors, including the obligation to protect personal data through appropriate technical and organizational measures, the obligation to report certain types of data breaches to the relevant supervisory authority, and the obligation to obtain the consent of individuals for the processing of their personal data in certain circumstances.
On this page, you can find the articles and the recitals of the General Data Protection Regulation (GDPR).
Articles
- Article 5 - Principles relating to processing of personal data
- Article 6 - Lawfulness of processing
- Article 7 - Conditions for consent
- Article 8 - Conditions applicable to child's consent in relation to information society services
- Article 9 - Processing of special categories of personal data
- Article 10 - Processing of personal data relating to criminal convictions and offences
- Article 11 - Processing which does not require identification
Chapter III - Rights of the Data Subject
Section 1 - Transparency and modalities
Section 2 - Information and access to personal data
- Article 13 - Information to be provided where personal data are collected from the data subject
- Article 14 - Information to be provided where personal data have not been obtained from the data subject
- Article 15 - Right of access by the data subject
Section 3 - Rectification and erasure
- Article 16 - Right to rectification
- Article 17 - Right to erasure ('right to be forgotten')
- Article 18 - Right to restriction of processing
- Article 19 - Notification obligation regarding rectification or erasure of personal data or restriction of processing
- Article 20 - Right to data portability
Section 4 - Right to object and automated individual decision-making
Section 5 - Restrictions
Chapter IV - Controller and processor
Section 1 - General obligations
- Article 24 - Responsibility of the controller
- Article 25 - Data protection by design and by default
- Article 26 - Joint controllers
- Article 27 - Representatives of controllers or processors not established in the Union
- Article 28 - Processor
- Article 29 - Processing under the authority of the controller or processor
- Article 30 - Records of processing activities
- Article 31 - Cooperation with the supervisory authority
Section 2 - Security of personal data
- Article 32 - Security of processing
- Article 33 - Notification of a personal data breach to the supervisory authority
- Article 34 - Communication of a personal data breach to the data subject
Section 3 - Data protection impact assessment and prior consultation
Section 4 - Data protection officer
- Article 37 - Designation of the data protection officer
- Article 38 - Position of the data protection officer
- Article 39 - Tasks of the data protection officer
Section 5 - Codes of conduct and certification
Chapter V - Transfers of personal data to third countries or international organisations
- Article 44 - General principle for transfers
- Article 45 - Transfers on the basis of an adequacy decision
- Article 46 - Transfers subject to appropriate safeguards
- Article 47 - Binding corporate rules
- Article 48 - Transfers or disclosures not authorised by Union law
- Article 49 - Derogations for specific situations
- Article 50 - International cooperation for the protection of personal data
Chapter VI - Independent supervisory authorities
Section 1 - Independent status
- Article 51 - Supervisory authority
- Article 52 - Independence
- Article 53 - General conditions for the members of the supervisory authority
- Article 54 - Rules on the establishment of the supervisory authority
Section 2 - Competence, tasks and powers
- Article 64 - Opinion of the Board
- Article 65 - Dispute resolution by the Board
- Article 66 - Urgency procedure
- Article 67 - Exchange of information
Section 3 - European data protection board
Chapter VIII - Remedies, liability and penalties
- Article 77 - Right to lodge a complaint with a supervisory authority
- Article 78 - Right to an effective judicial remedy against a supervisory authority
- Article 79 - Right to an effective judicial remedy against a controller or processor
- Article 80 - Representation of data subjects
- Article 81 - Suspension of proceedings
- Article 82 - Right to compensation and liability
- Article 83 - General conditions for imposing administrative fines
- Article 84 - Penalties
Chapter IX - Provisions relating to specific processing situations
- Article 85 - Processing and freedom of expression and information
- Article 86 - Processing and public access to official documents
- Article 87 - Processing of the national identification number
- Article 88 - Processing in the context of employment
- Article 89 - Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
- Article 90 - Obligations of secrecy
- Article 91 - Existing data protection rules of churches and religious associations
Recitals
- Recital 1
- Recital 2
- Recital 3
- Recital 4
- Recital 5
- Recital 6
- Recital 7
- Recital 8
- Recital 9
- Recital 10
- Recital 11
- Recital 12
- Recital 13
- Recital 14
- Recital 15
- Recital 16
- Recital 17
- Recital 18
- Recital 19
- Recital 20
- Recital 21
- Recital 22
- Recital 23
- Recital 24
- Recital 25
- Recital 26
- Recital 27
- Recital 28
- Recital 29
- Recital 30
- Recital 31
- Recital 32
- Recital 33
- Recital 34
- Recital 35
- Recital 36
- Recital 37
- Recital 38
- Recital 39
- Recital 40
- Recital 41
- Recital 42
- Recital 43
- Recital 44
- Recital 45
- Recital 46
- Recital 47
- Recital 48
- Recital 49
- Recital 50
- Recital 51
- Recital 52
- Recital 53
- Recital 54
- Recital 55
- Recital 56
- Recital 57
- Recital 58
- Recital 59
- Recital 60
- Recital 61
- Recital 62
- Recital 63
- Recital 64
- Recital 65
- Recital 66
- Recital 67
- Recital 68
- Recital 69
- Recital 70
- Recital 71
- Recital 72
- Recital 73
- Recital 74
- Recital 75
- Recital 76
- Recital 77
- Recital 78
- Recital 79
- Recital 80
- Recital 81
- Recital 82
- Recital 83
- Recital 84
- Recital 85
- Recital 86
- Recital 87
- Recital 88
- Recital 89
- Recital 90
- Recital 91
- Recital 92
- Recital 93
- Recital 94
- Recital 95
- Recital 96
- Recital 97
- Recital 98
- Recital 99
- Recital 100
- Recital 101
- Recital 102
- Recital 103
- Recital 104
- Recital 105
- Recital 106
- Recital 107
- Recital 108
- Recital 109
- Recital 110
- Recital 111
- Recital 112
- Recital 113
- Recital 114
- Recital 115
- Recital 116
- Recital 117
- Recital 118
- Recital 119
- Recital 120
- Recital 121
- Recital 122
- Recital 123
- Recital 124
- Recital 125
- Recital 126
- Recital 127
- Recital 128
- Recital 129
- Recital 130
- Recital 131
- Recital 132
- Recital 133
- Recital 134
- Recital 135
- Recital 136
- Recital 137
- Recital 138
- Recital 139
- Recital 140
- Recital 141
- Recital 142
- Recital 143
- Recital 144
- Recital 145
- Recital 146
- Recital 147
- Recital 148
- Recital 149
- Recital 150
- Recital 151
- Recital 152
- Recital 153
- Recital 154
- Recital 155
- Recital 156
- Recital 157
- Recital 158
- Recital 159
- Recital 160
- Recital 161
- Recital 162
- Recital 163
- Recital 164
- Recital 165
- Recital 166
- Recital 167
- Recital 168
- Recital 169
- Recital 170
- Recital 171
- Recital 172
- Recital 173