Chapter 4 Controller and processor

Section 1General obligations
Article 24Responsibility of the controller
Article 25Data protection by design and by default
Article 26Joint controllers
Article 27Representatives of controllers or processors not established in the Union
Article 28Processor
Article 29Processing under the authority of the controller or processor
Article 30Records of processing activities
Article 31Cooperation with the supervisory authority
Section 2Security of personal data
Article 32Security of processing
Article 33Notification of a personal data breach to the supervisory authority
Article 34Communication of a personal data breach to the data subject
Section 3Data protection impact assessment and prior consultation
Article 35Data protection impact assessment
Article 36Prior consultation
Section 4Data protection officer
Article 37Designation of the data protection officer
Article 38Position of the data protection officer
Article 39Tasks of the data protection officer
Section 5Codes of conduct and certification
Article 40Codes of conduct
Article 41Monitoring of approved codes of conduct
Article 42Certification
Article 43Certification bodies