Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018
On the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data,
and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (Text with EEA relevance.)- Recitals
CHAPTER I — GENERAL PROVISIONS
CHAPTER II — GENERAL PRINCIPLES
- Article 4 — Principles relating to processing of personal data
- Article 5 — Lawfulness of processing
- Article 6 — Processing for another compatible purpose
- Article 7 — Conditions for consent
- Article 8 — Conditions applicable to a child’s consent in relation to information society services
- Article 9 — Transmissions of personal data to recipients established in the Union other than Union institutions and bodies
- Article 10 — Processing of special categories of personal data
- Article 11 — Processing of personal data relating to criminal convictions and offences
- Article 12 — Processing which does not require identification
- Article 13 — Safeguards relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
CHAPTER III — RIGHTS OF THE DATA SUBJECT
CHAPTER IV — CONTROLLER AND PROCESSOR
SECTION 1 — General obligations
- Article 26 — Responsibility of the controller
- Article 27 — Data protection by design and by default
- Article 28 — Joint controllers
- Article 29 — Processor
- Article 30 — Processing under the authority of the controller or processor
- Article 31 — Records of processing activities
- Article 32 — Cooperation with the European Data Protection Supervisor
SECTION 2 — Security of personal data
SECTION 3 — Confidentiality of electronic communications
SECTION 4 — Data protection impact assessment and prior consultation
SECTION 5 — Information and legislative consultation
SECTION 6 — Data protection officer
CHAPTER V — TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
- Article 46 — General principle for transfers
- Article 47 — Transfers on the basis of an adequacy decision
- Article 48 — Transfers subject to appropriate safeguards
- Article 49 — Transfers or disclosures not authorised by Union law
- Article 50 — Derogations for specific situations
- Article 51 — International cooperation for the protection of personal data
CHAPTER VI — EUROPEAN DATA PROTECTION SUPERVISOR
- Article 52 — European Data Protection Supervisor
- Article 53 — Appointment of the European Data Protection Supervisor
- Article 54 — Regulations and general conditions governing the performance of the European Data Protection Supervisor’s duties, staff and financial resources
- Article 55 — Independence
- Article 56 — Professional secrecy
- Article 57 — Tasks
- Article 58 — Powers
- Article 59 — Obligation of controllers and processors to react to allegations
- Article 60 — Activities report
CHAPTER VII — COOPERATION AND CONSISTENCY
CHAPTER VIII — REMEDIES, LIABILITY AND PENALTIES
- Article 63 — Right to lodge a complaint with the European Data Protection Supervisor
- Article 64 — Right to an effective judicial remedy
- Article 65 — Right to compensation
- Article 66 — Administrative fines
- Article 67 — Representation of data subjects
- Article 68 — Complaints by Union staff
- Article 69 — Sanctions
CHAPTER IX — PROCESSING OF OPERATIONAL PERSONAL DATA BY UNION BODIES, OFFICES AND AGENCIES WHEN CARRYING OUT ACTIVITIES WHICH FALL WITHIN THE SCOPE OF CHAPTER 4 OR CHAPTER 5 OF TITLE V OF PART THREE TFEU
- Article 70 — Scope of the Chapter
- Article 71 — Principles relating to processing of operational personal data
- Article 72 — Lawfulness of processing of operational personal data
- Article 73 — Distinction between different categories of data subjects
- Article 74 — Distinction between operational personal data and verification of the quality of operational personal data
- Article 75 — Specific processing conditions
- Article 76 — Processing of special categories of operational personal data
- Article 77 — Automated individual decision-making, including profiling
- Article 78 — Communication and modalities for exercising the rights of the data subject
- Article 79 — Information to be made available or given to the data subject
- Article 80 — Right of access by the data subject
- Article 81 — Limitations to the right of access
- Article 82 — Right to rectification or erasure of operational personal data and restriction of processing
- Article 83 — Right of access in criminal investigations and proceedings
- Article 84 — Exercise of rights by the data subject and verification by the European Data Protection Supervisor
- Article 85 — Data protection by design and by default
- Article 86 — Joint controllers
- Article 87 — Processor
- Article 88 — Logging
- Article 89 — Data protection impact assessment
- Article 90 — Prior consultation of the European Data Protection Supervisor
- Article 91 — Security of processing of operational personal data
- Article 92 — Notification of a personal data breach to the European Data Protection Supervisor
- Article 93 — Communication of a personal data breach to the data subject
- Article 94 — Transfer of operational personal data to third countries and international organisations
- Article 95 — Secrecy of judicial inquiries and criminal proceedings
CHAPTER X — IMPLEMENTING ACTS
CHAPTER XI — REVIEW
CHAPTER XII — FINAL PROVISIONS
- Final