1A transfer of personal data to a third country or an international organisation may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection. 2Such a transfer shall not require … Continue reading Art. 45 GDPR – Transfers on the basis of an adequacy decision| General Data Protection Regulation (GDPR)
Each supervisory authority shall have all of the following investigative powers: to order the controller and the processor, and, where applicable, the controller’s or the processor’s representative to provide any information it requires for the performance of its tasks; to carry out investigations in the form of data protection audits; to carry out a review … Continue reading Art. 58 GDPR – Powers| General Data Protection Regulation (GDPR)
1The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level, the establishment of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors. 2The specific needs of micro, small and … Continue reading Art. 42 GDPR – Certification| General Data Protection Regulation (GDPR)
The Member States, the supervisory authorities, the Board and the Commission shall encourage the drawing up of codes of conduct intended to contribute to the proper application of this Regulation, taking account of the specific features of the various processing sectors and the specific needs of micro, small and medium-sized enterprises. Associations and other bodies … Continue reading Art. 40 GDPR – Codes of conduct| General Data Protection Regulation (GDPR)
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients … Continue reading Art. 15 GDPR – Right of access by the data subject| General Data Protection Regulation (GDPR)
Where personal data have not been obtained from the data subject, the controller shall provide the data subject with the following information: the identity and the contact details of the controller and, where applicable, of the controller’s representative; the contact details of the data protection officer, where applicable; the purposes of the processing for which … Continue reading Art. 14 GDPR – Information to be provided where personal data have not been obtained from the data subject| General Data Protection Regulation (GDPR)
Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information: the identity and the contact details of the controller and, where applicable, of the controller’s representative; the contact details of … Continue reading Art. 13 GDPR – Information to be provided where personal data are collected from the data subject| General Data Protection Regulation (GDPR)