The GDPR Index Page

Jane Lambert











1 Dec 2017

The GDPR consists of 173 recitals and 99 articles divided into the following chapters and sections of chapters:
  • Chapter I:  General Provisions
    • Art 1: Subject matter and objectives
    • Art 2: Material scope
    • Art 3: Territorial scope
    • Art 4: Definitions
  • Chapter II:  Principles
    • Art 5: Principles relating to processing of personal data
    • Art 6: Lawfulness of processing
    • Art 7: Conditions for consent
    • Art 8: Conditions applicable to child's consent in relation to information society services
    • Art 9: Processing of special categories of personal data
    • Art 10: Processing of personal data relating to criminal convictions and offences
    • Art 11: Processing which does not require identification
  • Chapter III:  Rights of the Data Subject
      • Section 1 Transparency and modalities
    • Art 12: Transparent information, communication and modalities for the exercise of the rights of the data subject
      • Section 2  Information and access to personal data
    • Art 13: Information to be provided where personal data are collected from the data subject
    • Art 14: Information to be provided where personal data have not been obtained from the data subject
    • Art 15: Right of access by the data subject
      • Section 3  Rectification and erasure
    • Art 16: Right to rectification
    • Art 17: Right to erasure (‘right to be forgotten’)
    • Art 18: Right to restriction of processing
    • Art 19: Notification obligation regarding rectification or erasure of personal data or restriction of processing
    • Art 20: Right to data portability
      • Section 4  Right to object and automated individual decision-making
    • Art 21: Right to object
    • Art 22: Automated individual decision-making, including profiling
      • Section 5  Restrictions
    • Art 23: Restrictions
  • Chapter IV: Controller and Processor
      • Section 1 General Obligations
    • Art 24: Responsibility of the controller
    • Art 25: Data protection by design and by default
    • Art 26: Joint controllers
    • Art 27: Representatives of controllers or processors not established in the EU
    • Art 28: Processor
    • Art 29: Processing under the authority of the controller or processor
    • Art 30: Records of processing activities
    • Art 31: Cooperation with the supervisory authority
      • Section 2  Security of Personal Data
    • Art 32: Security of processing
    • Art 33: Notification of a personal data breach to the supervisory authority
    • Art 34: Communication of a personal data breach to the data subject
      • Section 3  Data protection impact assessment and prior consultation
    • Art 35: Data protection impact assessment
    • Art 36: Prior consultation
      • Section 4 Data Protection Officer
    • Art 37: Designation of the data protection officer
    • Art 38: Position of the data protection officer
    • Art 39: Tasks of the data protection officer
      • Section 5 Codes of Conduct and Certification
    • Art 40: Codes of conduct
    • Art 41: Monitoring of approved codes of conduct
    • Art 42: Certification
    • Art 43: Certification bodies
  • Chapter V: Transfers of personal data to third countries or international organisations
    • Art 44: General principle for transfers#
    • Art 45: Transfers on the basis of an adequacy decision
    • Art 46: Transfers subject to appropriate safeguards
    • Art 47: Transfers subject to appropriate safeguards
    • Art 48: Transfers or disclosures not authorised by EU law
    • Art 49: Derogations for specific situations
    • Art 50: International cooperation for the protection of personal data
  • Chapter VI: Independent Supervisory Authorities
      • Section 1  Independent Status
    • Art 51: Supervisory authority
    • Art 52: Independence
    • Art 53: General conditions for the members of the supervisory authority
    • Art 54: General conditions for the members of the supervisory authority
      • Section 2  Competence, Tasks and Powers
    • Art 55: Competence
    • Art 56: Competence of the lead supervisory authority
    • Art 57: Tasks
    • Art 58: Powers
    • Art 59: Activity reports
  • Chapter VII: Cooperation and Consistency
      • Section1 Cooperation
    • Art 60: Cooperation between the lead supervisory authority and the other supervisory authorities concerned
    • Art 61: Mutual assistance
    • Art 62: Joint operations of supervisory authorities
      • Section2 Consistency
    • Art 63: Consistency mechanism
    • Art 64: Opinion of the Board
    • Art 65: Dispute resolution by the Board
    • Art 66: Urgency procedure
    • Art 67: Exchange of information
      • Section 3 European Data Protection Board
    • Art 68: European Data Protection Board
    • Art 69: Independence
    • Art 70: Task of the Board
    • Art 71: Reports
    • Art 72: Procedure
    • Art 73: Chair
    • Art 74: Tasks of the Chair
    • Art 75: Secretariat
    • Art 76: Confidentiality
  • Chapter VIII: Remedies, Liability and Penalties
    • Art 77: Right to lodge a complaint with a supervisory authority
    • Art 78: Right to an effective judicial remedy against a supervisory authority
    • Art 79: Right to an effective judicial remedy against a controller or processor
    • Art 80: Representation of data subjects
    • Art 81: Suspension of proceedings
    • Art 82: Right to compensation and liability
    • Art 83: General conditions for imposing administrative fines
    • Art 84: Penalties
  • Chapter IX: Provisions Relating to Specific Processing Situations
    • Art 85: Processing and freedom of expression and information
    • Art 86: Processing and public access to official documents
    • Art 87: Processing of the national identification number
    • Art 88: Processing in the context of employment
    • Art 89: Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
    • Art 90: Obligations of secrecy
    • Art 91: Existing data protection rules of churches and religious associations
  • Chapter X: Delegated Acts and Implementing Acts
    • Art 92: Exercise of the delegation
    • Art 93: Committee procedure
  • Chapter XI: Final Provisions
    • Art 94: Repeal of Directive 95/46/EC
    • Art 95: Relationship with Directive 2002/58/EC
    • Art 96: Relationship with previously concluded Agreements
    • Art 97: Commission reports
    • Art 98: Review of other Union legal acts on data protection
    • Art 99: Entry into force and application.
Further Reading

Date
Author and Title
Publication
7 Dec 2017
Jane Lambert GDPR - Fines
NIPC Data Proteciion
5 Dec 2017
NIPC Data Protection
3 Dec 2017
Jane Lambert  How the GDPR works
NIPC Data Protection
2 Dec 2017
NIPC Data Protection
11 Aug 2017
NIPC Data Protection


Contact
+44 (0)20 7404 5252