Article 38 Position of the data protection officer

2020 ◽  
Author(s):  
Cecilia Alvarez Rigaudias ◽  
Alessandro Spina
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Data Breach ◽  
Supervisory Authority ◽  
Data Subject

Article 13(1)(b) (Information to be provided where personal data are collected from the data subject) (see too recitals 60–61); Article 14(1)(b) (Information to be provided where personal data have not been obtained from the data subject) (see too recital 61); Article 30 (Records of processing activities) (see too recital 82); Article 33 (Notification of a personal data breach to the supervisory authority) (see too recital 85); Article 35 (Data protection impact assessment) (see too recitals 90–91); Article 36 (Prior consultation) (see too recital 94); Article 37 (Designation of the Data Protection Officer) (see too recital 97); Article 39 (Tasks of the data protection officer) (see too recitals 77 and 97); Article 47 (Binding corporate rules) (see too recital 108); Article 52(1) (Independence of supervisory authorities) (see too recitals 117–118 and 120–121); Article 57 (Tasks of supervisory authorities) (see too recital 122); Article 69 (Independence of the EDPB) (see too recital 139).

Article 37 Designation of the data protection officer

2020 ◽  
Author(s):  
Cecilia Alvarez Rigaudias ◽  
Alessandro Spina
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Data Breach ◽  
Supervisory Authority

Article 30 (Records of processing activities) (see too recital 82); Article 33 (Notification of a personal data breach to the supervisory authority) (see too recital 85); Article 35 (Data protection impact assessment) (see too recitals 90–91); Article 36 (Prior consultation) (see too recital 94); Article 38 (Position of the data protection officer) (see too recital 97); Article 39 (Tasks of the data protection officer) (see too recitals 77 and 97).

Article 39 Tasks of the data protection officer

2020 ◽  
Author(s):  
Cecilia Alvarez Rigaudias ◽  
Alessandro Spina
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Data Breach ◽  
Supervisory Authority

Article 30 (Records of processing activities) (see too recital 82); Article 33 (Notification of a personal data breach to the supervisory authority) (see too recital 85); Article 35 (Data protection impact assessment) (see too recitals 90–91); Article 36 (Prior consultation) (see too recital 94); Article 37 (Designation of the data protection officer) (see too recital 97); Article 38 (Position of the data protection officer) (see too recital 97); Article 47 (Binding corporate rules) (see too recital 108); Article 57 (Tasks of supervisory authorities) (see too recital 122).

Article 27 Representatives of controllers or processors not established in the Union

2020 ◽  
Author(s):  
Christopher Millard ◽  
Dimitra Kamarinou
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Supervisory Authority ◽  
Criminal Convictions ◽  
Article 9 ◽  
Judicial Remedy ◽  
Data Subject

Article 3 (Territorial scope) (see also recitals 23–24); Article 4(17) (Definitions); Article 9 (Processing of special categories of personal data) (see also recitals 10, 51–54); Article 10 (Processing of personal data relating to criminal convictions and offences) (see also recital 97); Article 13 (Information to be provided where personal data are collected from the data subject) and Article 14 (Information to be provided where personal data have not been obtained from the data subject) (see also recitals 60–62); Article 30 (Records of processing activities) (see also recital 82); Article 31 (Cooperation with the supervisory authority); Article 35 (Data protection impact assessment) (see also recitals 89–93); Article 36 (Prior consultation) (see also recital 94); Article 79 (Right to an effective judicial remedy against a controller or processor) (see also recital 145).

Article 30 Records of processing activities

2020 ◽  
Author(s):  
Waltraut Kotschy
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Data Flows ◽  
Right Of Access ◽  
Data Subject ◽  
General Conditions

Article 13 (Information to be provided where personal data are collected from the data subject); Article 14 (Information to be provided where personal data have not been obtained from the data subject); Article 15 (Right of access by the data subject); Article 24 (Responsibility of the controller); Article 32 (Security of processing); Article 35 (Data protection impact assessment); Article 37 (Designation of a data protection officer); Article 49 (Derogations for specific situations concerning transborder data flows); Article 83 (General conditions for imposing administrative fines)

Article 90 Obligations of secrecy

2020 ◽  
Author(s):  
Christian Wiese Svanberg
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Data Breach ◽  
Supervisory Authority ◽  
Article 9

Article 9(3) (Processing of special categories of personal data); Article 25 (Data protection by design and by default) (see too recital 75); Article 33 (Notification of a personal data breach to the supervisory authority) (see too recital 85); Article 54(2) (Rules on the establishment of the supervisory authority); Article 58(1) (Investigatory powers) (see too recital 129).

Article 33 Notification of a personal data breach to the supervisory authority

2020 ◽  
Author(s):  
Cédric Burton
Keyword(s):  
Personal Data ◽  
Data Breach ◽  
Supervisory Authority ◽  
Definition Of ◽  
Article 5 ◽  
Data Subject

Recital 88; Article 4(12) (Definition of a personal data breach); Article 5(2)) (Accountability principle); Article 28(3)(f) (Processor); Article 32 (security of processing); Article 34 (Communication of a breach to the data subject) (see too recital 86); Article 70(1)(g)(h) (Tasks of the Board); Article 83(4)(a) (Fines for infringement of Article 33).

scholarly journals Ocena skutków dla ochrony danych

2020 ◽  
pp. 161-180
Author(s):  
Aleksandra Pyka
Keyword(s):  
Data Processing ◽  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Supervisory Authority ◽  
Legal Provisions ◽  
The Impact ◽  
General Regulation ◽  
The Eu

This article deals with the issue of impact assessment for the protection of personal data. This is a new obligation for the controller. The article presents the essence of impact assessment (DPIA), exclusion from the obligation to carry it out, the prerequisite for mandatory DPIA, the role of the data protection officer and the powers of the supervisory authority. The analysis of legal provisions related to the impact assessment presented here does not refer to specific situations, due to the wide scope for interpreting specific phrases contained in the General Regulation. Nevertheless, the article discusses the issue of conducting data protection impact assessments as one of the most problematic obligations incumbent on the controller, who in practice raises many doubts. The DPIA has been imprecisely regulated by the EU legislator, thus leaving controllers plenty of leeway to interpret the terms used in the General Regulation. In addition, carrying out a DPIA in practice (as a new obligation on entities setting the purposes and means of data processing) can be problematic due to the lack of harmonized methods for conducting a data protection impact assessment. However, controllers cannot assign DPIA implementation to other entities involved in data processing, such as an entity processing personal data on behalf of another. Entities setting the purposes and methods of data processing should not only take into account the provisions of the General Regulation but also a list of data processing operations that are obligatorily subject to DPIA. Controllers fulfilling the obligation to carry out a data protection impact assessment will be obliged by the supervisory authority to demonstrate how to carry out a data protection impact assessment.

Article 34 Communication of a personal data breach to the data subject

2020 ◽  
Author(s):  
Cédric Burton
Keyword(s):  
Personal Data ◽  
Data Breach ◽  
Member States ◽  
Supervisory Authority ◽  
Eu Member States ◽  
Definition Of ◽  
Data Subject

Article 4(12) (Definition of a personal data breach); Article 23(1) (Restriction of communication obligation by EU Member States) (see too recital 73); Article 28(3)(f) (Processor); Article 32 (Security of processing); Article 33 (Notification of a breach to the supervisory authority) (see too recital 85); Article 70(1)(g)(h) (Tasks of the Board); Article 83(4)(a) (Fines for infringement of Article 34).

Article 32 Security of processing

2020 ◽  
Author(s):  
Cédric Burton
Keyword(s):  
Personal Data ◽  
Security Measures ◽  
Data Breach ◽  
Supervisory Authority ◽  
Definition Of ◽  
Data Subject

Recitals 75–79; recital 88; Article 4(12) (Definition of a personal data breach); Article 28(1) (Choice of processor providing sufficient guarantees) (see too recital 81); Article 28(3)(c) (Processor must be contractually bound to implement security measures); Article 33 (Personal data breach notification requirement to the supervisory authority) (see too recitals 85 and 87); Article 34 (Communication of a personal data breach to the data subject) (see too recital 86).

Article 4(5). Pseudonymisation

2020 ◽  
Author(s):  
Luca Tosoni
Keyword(s):  
Data Protection ◽  
Codes Of Conduct ◽  
Personal Data ◽  
Historical Research ◽  
Data Breach ◽  
Supervisory Authority ◽  
Article 9

Article 6(4)(e) (Compatibility of processing purposes); Article 9(2)(j) (Processing of special categories of personal data) (see also recital 75); Article 25(1) (Data protection by design and by default) (see also recital 78); Article 32(1)(a) (Security of processing); Article 33(1) (Notification of personal data breach to supervisory authority) (see also recital 85); Article 40(2)(d) (Codes of conduct); Article 89(1) (Safeguards and derogations relating to processing for archiving purposes, scientific or historical research purposes or statistical purposes).

Sign in / Sign up

Export Citation Format

Share Document