Data Protection Officer

possibilities to meet their obligation to appoint a Data Protection Officer. Either they name an employee as an internal Data Protection Officer, or they appoint an external Data Protection Officer. In selecting such a person, they must ensure that an internal Data Protection Officer is not subject to a conflict…

Art. 4 GDPR – Definitions

data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; ‘personal data breach’ means a breach of…

Art. 37 GDPR – Designation of the data protection officer

State law shall, designate a data protection officer. 2The data protection officer may act for such associations and other bodies representing controllers or processors. The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the…

Third Countries

suitable level of data protection on the basis of an adequacy decision. In those countries, national laws provide a level of protection for personal data which is comparable to those of EU law. At the time that the General Data Protection Regulation became applicable, the third countries which ensure an…

Art. 35 GDPR – Data protection impact assessment

…of the impact of the envisaged processing operations on the protection of personal data. 2A single assessment may address a set of similar processing operations that present similar high risks. The controller shall seek the advice of the data protection officer, where designated, when carrying out a data protection impact…

Right to be Informed

14 of the GDPR). Where data is obtained directly, the person must be immediately informed, meaning at the time the data is obtained. In terms of content, the controller’s obligation to inform includes his identity, the contact data of the Data Protection Officer (if available), the processing purposes and the…

Personal Data

The term ‘personal data’ is the entryway to the application of the General Data Protection Regulation (GDPR). Only if a processing of data concerns personal data, the General Data Protection Regulation applies. The term is defined in Art. 4(1)(1). Personal data are any information which are related to an identified…

Art. 9 GDPR – Processing of special categories of personal data

Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation…

Art. 38 GDPR – Position of the data protection officer

The controller and the processor shall ensure that the data protection officer is involved, properly and in a timely manner, in all issues which relate to the protection of personal data. The controller and processor shall support the data protection officer in performing the tasks referred to in Article 39…