Section 1 - General obligations

Article 30 – Records of processing activities

Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility. That record shall contain all of the following information: the name and contact details of the controller and, where applicable, the joint controller, the controller’s representative and the data protection officer; the purposes of the processing; a …

Article 30 – Records of processing activities Read More »

Article 28 – Processor

Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. The processor shall …

Article 28 – Processor Read More »

Article 27 – Representatives of controllers or processors not established in the Union

Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union. The obligation laid down in paragraph 1 of this Article shall not apply to: processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) …

Article 27 – Representatives of controllers or processors not established in the Union Read More »

Article 26 – Joint controllers

Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the data subject and their respective duties to provide …

Article 26 – Joint controllers Read More »