Art. 58 GDPR – Powers

processing operations are likely to infringe provisions of this Regulation; to issue reprimands to a controller or a processor where processing operations have infringed provisions of this Regulation; to order the controller or the processor to comply with the data subject’s requests to exercise his or her rights pursuant to

Art. 83 GDPR – General conditions for imposing administrative fines

monitoring body pursuant to Article 41(4). Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year,…

Art. 40 GDPR– Codes of conduct

the transfer of personal data to third countries or international organisations; or out-of-court proceedings and other dispute resolution procedures for resolving disputes between controllers and data subjects with regard to processing, without prejudice to the rights of data subjects pursuant to Articles 77 and 79. 1In addition to adherence by…

Art. 28 GDPR – Processor

information on important grounds of public interest; ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; takes all measures required pursuant to Article 32; respects the conditions referred to in paragraphs 2 and 4 for engaging…

Right to be Forgotten

The right to be forgotten derives from the case Google Spain SL, Google Inc v Agencia Española de Protección de Datos, Mario Costeja González (2014). For the first time, the right to be forgotten is codified and to be found in the General Data Protection Regulation (GDPR) in addition to

Art. 70 GDPR – Tasks of the Board

to the consistency mechanism referred to in Article 64(1), on matters submitted pursuant to Article 64(2) and to issue binding decisions pursuant to Article 65, including in cases referred to in Article 66; promote the cooperation and the effective bilateral and multilateral exchange of information and best practices between the…

Art. 35 GDPR – Data protection impact assessment

relation to the purposes; an assessment of the risks to the rights and freedoms of data subjects referred to in paragraph 1; and the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation…

Art. 4 GDPR – Definitions

an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated…

Art. 43 GDPR – Certification bodies

1Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, certification bodies which have an appropriate level of expertise in relation to data protection shall, after informing the supervisory authority in order to allow it to exercise its powers pursuant to point (h)…