An overview of GDPR binding corporate rules to help you unpack when you are required to use them, the benefits they offer, and more| Thoropass
1Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the … Continue reading Art. 35 GDPR – Data protection impact assessment| General Data Protection Regulation (GDPR)
Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, the monitoring of compliance with a code of conduct pursuant to Article 40 may be carried out by a body which has an appropriate level of expertise in relation to the subject-matter of the code and is accredited … Continue reading Art. 41 GDPR – Monitoring of approved codes of conduct| General Data Protection Regulation (GDPR)
In the absence of a decision pursuant to Article 45(3), a controller or processor may transfer personal data to a third country or an international organisation only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. The appropriate … Continue reading Art. 46 GDPR – Transfers subject to appropriate safeguards| General Data Protection Regulation (GDPR)
1Without prejudice to the tasks and powers of the competent supervisory authority under Articles 57 and 58, certification bodies which have an appropriate level of expertise in relation to data protection shall, after informing the supervisory authority in order to allow it to exercise its powers pursuant to point (h) of Article 58(2) where necessary, … Continue reading Art. 43 GDPR – Certification bodies| General Data Protection Regulation (GDPR)
1The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level, the establishment of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors. 2The specific needs of micro, small and … Continue reading Art. 42 GDPR – Certification| General Data Protection Regulation (GDPR)
The Member States, the supervisory authorities, the Board and the Commission shall encourage the drawing up of codes of conduct intended to contribute to the proper application of this Regulation, taking account of the specific features of the various processing sectors and the specific needs of micro, small and medium-sized enterprises. Associations and other bodies … Continue reading Art. 40 GDPR – Codes of conduct| General Data Protection Regulation (GDPR)
Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. 1The processor shall … Continue reading Art. 28 GDPR – Processor| General Data Protection Regulation (GDPR)