Art. 58 GDPR – Powers

processing operations are likely to infringe provisions of this Regulation; to issue reprimands to a controller or a processor where processing operations have infringed provisions of this Regulation; to order the controller or the processor to comply with the data subject’s requests to exercise his or her rights pursuant to

Art. 83 GDPR – General conditions for imposing administrative fines

case, be imposed in addition to, or instead of, measures referred to in points (a) to (h) and (j) of Article 58(2). 2When deciding whether to impose an administrative fine and deciding on the amount of the administrative fine in each individual case due regard shall be given to the…

Art. 28 GDPR – Processor

to processing, and deletes existing copies unless Union or Member State law requires storage of the personal data; makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller…

Art. 40 GDPR– Codes of conduct

the transfer of personal data to third countries or international organisations; or out-of-court proceedings and other dispute resolution procedures for resolving disputes between controllers and data subjects with regard to processing, without prejudice to the rights of data subjects pursuant to Articles 77 and 79. 1In addition to adherence by…

Art. 70 GDPR – Tasks of the Board

to the consistency mechanism referred to in Article 64(1), on matters submitted pursuant to Article 64(2) and to issue binding decisions pursuant to Article 65, including in cases referred to in Article 66; promote the cooperation and the effective bilateral and multilateral exchange of information and best practices between the…

Art. 4 GDPR – Definitions

power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment; as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has…

Consent

also be informed about his or her right to withdraw consent anytime. The withdrawal must be as easy as giving consent. Where relevant, the controller also has to inform about the use of the data for automated decision-making, the possible risks of data transfers due to absence of an adequacy…

Right to be Forgotten

The right to be forgotten derives from the case Google Spain SL, Google Inc v Agencia Española de Protección de Datos, Mario Costeja González (2014). For the first time, the right to be forgotten is codified and to be found in the General Data Protection Regulation (GDPR) in addition to

Right to be Informed

legal basis, any legitimate interests pursued, the recipients when transmitting personal data, and any intention to transfer personal data to third countries. In addition, the right to be informed also includes information about the duration of storage, the rights of the data subject, the ability to withdraw consent, the right

Art. 43 GDPR – Certification bodies

1Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, certification bodies which have an appropriate level of expertise in relation to data protection shall, after informing the supervisory authority in order to allow it to exercise its powers pursuant to point (h)…