Dutch Legislation

Chapter 4

in force

Controller and processor

General Data Protection Regulation (GDPR) (Verordening (EU) 2016/679 (AVG)) · Articles: 20

Section None

Controller and processor

24 Article 24

1. Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights…

25 Article 25

1. Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the…

26 Article 26

1. Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent…

27 Article 27

1. Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union.

28 Article 28

1. Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to…

29 Article 29

The processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process…

30 Article 30

1. Each controller and, where applicable, the controller's representative, shall maintain a record of processing activities under its responsibility…

31 Article 31

The controller and the processor and, where applicable, their representatives, shall cooperate, on request, with the supervisory authority in the…

32 Article 32

1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the…

33 Article 33

1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become…

34 Article 34

1. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate…

35 Article 35

1. Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the…

36 Article 36

1. The controller shall consult the supervisory authority prior to processing where a data protection impact assessment under Article 35 indicates…

37 Article 37

1. The controller and the processor shall designate a data protection officer in any case where:

38 Article 38

1. The controller and the processor shall ensure that the data protection officer is involved, properly and in a timely manner, in all issues which…

39 Article 39

1. The data protection officer shall have at least the following tasks:

40 Article 40

1. The Member States, the supervisory authorities, the Board and the Commission shall encourage the drawing up of codes of conduct intended to…

41 Article 41

1. Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, the monitoring of compliance with a…

42 Article 42

1. The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level, the establishment of…

43 Article 43

1. Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, certification bodies which have an…