General Data Protection Regulation

Chapter IV - Controller and processor

Section 1 - General obligations

• Article 24 - Responsibility of the controller
• Article 25 - Data protection by design and by default
• Article 26 - Joint controllers
• Article 27 - Representatives of controllers or processors not established in the Union
• Article 28 - Processor
• Article 29 - Processing under the authority of the controller or processor
• Article 30 - Records of processing activities
• Article 31 - Cooperation with the supervisory authority

Section 2 - Security of personal data

• Article 32 - Security of processing
• Article 33 - Notification of a personal data breach to the supervisory authority
• Article 34 - Communication of a personal data breach to the data subject

Section 3 - Data protection impact assessment and prior consultation

• Article 35 - Data protection impact assessment
• Article 36 - Prior consultation
  

Section 4 - Data protection officer

• Article 37 - Designation of the data protection officer
• Article 38 - Position of the data protection officer
• Article 39 - Tasks of the data protection officer
  

Section 5 - Codes of conduct and certification

• Article 40 - Codes of conduct
• Article 41 - Monitoring of approved codes of conduct
• Article 42 - Certification
• Article 43 - Certification bodies