Chapter 4
in forceController and processor
Section None
Controller and processor
1. Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights…
1. Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the…
1. Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent…
1. Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union.
1. Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to…
The processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process…
1. Each controller and, where applicable, the controller's representative, shall maintain a record of processing activities under its responsibility…
The controller and the processor and, where applicable, their representatives, shall cooperate, on request, with the supervisory authority in the…
1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the…
1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become…
1. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate…
1. Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the…
1. The controller shall consult the supervisory authority prior to processing where a data protection impact assessment under Article 35 indicates…
1. The controller and the processor shall designate a data protection officer in any case where:
1. The controller and the processor shall ensure that the data protection officer is involved, properly and in a timely manner, in all issues which…
1. The data protection officer shall have at least the following tasks:
1. The Member States, the supervisory authorities, the Board and the Commission shall encourage the drawing up of codes of conduct intended to…
1. Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, the monitoring of compliance with a…
1. The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level, the establishment of…
1. Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, certification bodies which have an…