Adult outside the EU

Alias, roles and other appearances in the regulations

- Accredited controller or processor in third country - Complainant - Controller - Controller not established in the EU - Controller that is not subject to this Regulation - Data subject - Employee - Group of enterprises engaged in a joint economic activity - Group of undertakings - Holder of parental responsibly over the child - Joint Controller - Natural person - Person who has suffered material or non-material damage as a result of an infringement of this Regulation - Personnel having permanent or regular access to personal data - Persons having a legitimate interest - Processor - Processor not established in the EU - Processor that is not subject to this Regulation - Recipient - Representative of a data subject - Representative of the Controller - Representative of the Processor - Third party -

Export regulations to pdf

Obligations

Regulation name
Principle of lawfulness, fairness and transparency (In role Controller) (In role Processor)
Purpose limitation principle (In role Controller) (In role Processor)
Data minimization principle (In role Controller) (In role Processor)
Principle of accuracy (In role Controller) (In role Processor)
Storage limitation principle (In role Controller) (In role Processor)
Principle of integrity and confidentiality (In role Controller) (In role Processor)
Principle of accountability (In role Controller)
Processing for a purpose other than that for which the personal data have been collected originally (In role Controller)
Obligation to demonstrate the consent for processing the personal data (In role Controller)
Obligations of the controller on context of the child when processing the personal data (In role Controller)
Prohibition of processing the special categories of personal data (In role Controller) (In role Processor)
Reasons for derogating the exercise of the Articles 15 – 20 (In role Controller)
Measures of the controller in terms of providing the information to data subjects (In role Controller)
Facilitating the data subject rights (In role Controller)
Providing the information on action taken on a request under Articles 15 to 22 to the data subject (In role Controller)
Obligations of the controller in case when the data subject request is unadopted (In role Controller)
Information provided to the data subject when personal data has been acquired from a data subject (In role Controller)
Additional information provided to the data subject when personal data has been acquired from a data subject (In role Controller)
Information provided to the data subject when controller intends to further process the personal data for a purpose other than that for which the personal data were collected (In role Controller)
Information provided where personal data have not been obtained from the data subject (In role Controller)
Some additional information provided where personal data have not been obtained from the data subject (In role Controller)
Principles of providing the information in terms of the Article 14, paragraph 1 and 2 of the regulation (In role Controller)
Providing the information where the controller intends to process the personal data for a purpose other than that for which the personal data were obtained (In role Controller)
Obligation to provide a copy of the personal data which are being processed (In role Controller)
Obligations of the controller after the right to be forgotten has been applied (In role Controller)
Information duty of the controller in context of the personal data processing limitation (In role Controller)
Information obligation of the controller towards the recipients (In role Controller)
Right of the data subject to object the processing of personal data (In role Controller)
Prohibition of the personal data processing after the Article 21, paragraph 2 has been applied (In role Controller)
Obligation of the controller to inform the data subject about the to object (In role Controller)
Proceedings of the controller in case of the Article 22, paragraph 2, points a) – c) application (In role Controller)
Responsibilities of the controller relating to the personal data processing (In role Controller)
Implementation of an appropriate data protection policies by the controller (In role Controller)
Implementation of the appropriate technical and organisational measures (In role Controller)
Processing of the personal data “by default” (In role Controller)
Personal data processing by the joint controllers (In role Controller) (In role Joint Controller)
Respective roles and relationships of the joint controllers vis-à-vis the data subjects (In role Controller) (In role Joint Controller)
Designating the representative of the controller or processor (In role Controller not established in the EU) (In role Processor not established in the EU)
Designating the place of activity of the controller, that is settled outside the EU (Delegated Representative of the Controller)
Defining the delegation scope of the controller or processor (In role Controller not established in the EU) (In role Processor not established in the EU)
Guaranties of the processor for implementing the adequate protective measurements (In role Controller)
Conditions for engaging the other processor to the data processing (In role Processor)
Designation of the identical scope of the responsibilities for the other processor (In role Processor)
Contract or any other legal document in terms of the Article 28, paragraphs 3 and 4 (In role Controller) (In role Processor)
Consequences of misconducting the purposes and instruments in the process of personal data processing by the processor (In role Processor)
Obligation of the processor to comply with the instructions of the controller (In role Processor)
Mandatory scope of the processing activities record (In role Controller) (Delegated Representative of the Controller)
A record of all the processing activities categories, that are carried on behalf of a controller (In role Processor) (Delegated Representative of the Processor)
Form of the records according to Article 30, paragraphs 1 and 2 (In role Controller) (In role Processor)
Making the records available to the supervisory authority if needed (In role Controller) (In role Processor) (Delegated Representative of the Controller) (Delegated Representative of the Processor)
Cooperation with the supervisory authority (In role Controller) (In role Processor) (Delegated Representative of the Controller) (Delegated Representative of the Processor)
Implementation of the appropriate technical and organisational measures (In role Controller) (In role Processor)
Ensuring the activities compliance of any natural person, acting under the authority of controller or processor (In role Controller) (In role Processor)
Period for declaring the personal data breach (In role Controller)
Notification the data breach to the controller (In role Processor)
The minimal content of the personal data breach notification (In role Controller)
Documentary measures relating to the personal data breach (In role Controller)
Communication the personal data breach to the data subject (In role Controller)
Personal data processing that require the DPIA – general provision (In role Controller)
Cooperation between the controller and data protection officer (In role Controller)
Gathering the opinions of data subjects or their representatives (In role Controller)
Situation where the DPIA might be necessary (In role Controller)
Situations that require the prior consultations with the supervisory authority (In role Controller)
Information provided for the supervisory authority by the controller (In role Controller)
Compulsory designation of the data protection officer (DPO) (In role Controller) (In role Processor)
Publishing the data of the designated data protection officer (In role Controller) (In role Processor)
Responsibility of the controller and processor in context of the Data protection officer (In role Controller) (In role Processor)
Providing the support for the data protection officer (In role Controller) (In role Processor)
Organizational status of the Data protection officer (In role Controller) (In role Processor)
The Data protection officer and it´s other tasks and duties (In role Controller) (In role Processor)
Providing the information and access, that are essential for the certification procedure (In role Controller) (In role Processor)
Documentation of the assessment and suitable safeguards (In role Controller) (In role Processor)
Obligations of the controller (or processor) after the decision has been published (In role Controller) (In role Processor)
Joint liability in context of the personal data processing (In role Controller) (In role Processor)
Appropriate safeguards related to the rights and freedoms of the data subject (In role Controller) (In role Processor)

Indirect obligations

Regulation name
Additional information claims from the controller (In role Data subject)
Right of the data subject to obtain a confirmation of the personal data processing from the controller (In role Controller)
Right to be informed of appropriate safeguards pursuant to Article 46 relating to the transfer (In role Controller)
Right to rectification (In role Controller)
Reason for eligibility of the data subject to exercise the right to be forgotten (In role Controller)
Restraining the personal data processing (In role Controller)
Right of the data subject to personal data portability (In role Controller)
Portability of the personal data from one controller to another controller (In role Controller)
Right of the data subject to object the processing of personal data (In role Controller)
Right of the data subject to object the personal data processing related to the marketing purposes (In role Controller)
Right to object the personal data processing for the purposes of the scientific, historical or statistical reasons (In role Controller)
Right not to be subject to a decision based solely on the automated processing (In role Controller)
Exercising the rights of the data subject against each of the controllers (In role Controller)
Competencies of the supervisory authority, in relation to the personal data breach notification (In role Controller)
Investigative powers of the supervisory authority (In role Controller) (In role Processor) (Delegated Representative of the Controller) (Delegated Representative of the Processor)
Corrective powers of the supervisory authority (In role Controller) (In role Processor)
Compensation for the material or non-material damage as a result of an infringement of this Regulation (In role Controller) (In role Processor)
Special provisions in context of the responsibility for the damage in terms of the Article 82, paragraph 1 (In role Controller) (In role Processor)
Compensation for the damage suffered (In role Controller) (In role Processor)

Rights

Regulation name
The right to withdraw his or her consent at any time (In role Data subject)
Exemption from the obligation to maintain, acquire or process additional information in order to identify the data subject (In role Controller)
Rights of the controller in case of the inappropriate requests from the data subject (In role Controller)
Additional information claims from the controller (In role Controller)
Right of the data subject to obtain a confirmation of the personal data processing from the controller (In role Data subject)
Right to be informed of appropriate safeguards pursuant to Article 46 relating to the transfer (In role Data subject)
Right to rectification (In role Data subject)
Reason for eligibility of the data subject to exercise the right to be forgotten (In role Data subject)
Restraining the personal data processing (In role Data subject)
Right of the data subject to personal data portability (In role Data subject)
Portability of the personal data from one controller to another controller (In role Data subject)
Right of the data subject to object the processing of personal data (In role Data subject)
Right of the data subject to object the personal data processing related to the marketing purposes (In role Data subject)
Application of the right to object using the automated services (In role Data subject)
Right to object the personal data processing for the purposes of the scientific, historical or statistical reasons (In role Data subject)
Right not to be subject to a decision based solely on the automated processing (In role Data subject)
Responsibilities of the controller relating to the personal data processing (In role Data subject)
Implementation of an appropriate data protection policies by the controller (In role Data subject)
Possibilities of declaring the obligations fulfilment (In role Controller)
Implementation of the appropriate technical and organisational measures (In role Data subject)
Processing of the personal data “by default” (In role Data subject)
Approved certification mechanism pursuant to Article 42 (In role Controller)
Exercising the rights of the data subject against each of the controllers (In role Data subject)
Conditions for engaging the other processor to the data processing (In role Controller)
Designation of the identical scope of the responsibilities for the other processor (In role Data subject)
Certification mechanism as referred to in Article 42 (In role Processor)
Adherence to an approved code of conduct as referred to in Article 40 (In role Controller) (In role Processor)
Additional information relating to the personal data breach notification (In role Controller) (In role Processor)
Situation where the notification obligation shall not apply (In role Controller)
Appointing the Data protection officer by the group of undertakings (In role Group of undertakings)
Optional designation of the Data protection officer (In role Controller) (In role Processor)
Contacting the Data protection officer (In role Data subject)
Implementation of the codes of conduct by those subjects, which are outside the scope of this regulation (In role Controller that is not subject to this Regulation) (In role Processor that is not subject to this Regulation)
Personal data transfer in case of the absence of the decision based on the Article 45(3) (In role Controller) (In role Processor)
The competency for submitting the request to the supervisory authority (In role Data subject)
Right to an effective judicial remedy against a supervisory authority (In role Natural person)
The right to an effective judicial remedy (In role Data subject)
Right to an effective judicial remedy (In role Data subject)
Representation of data subjects (In role Data subject)
Compensation for the material or non-material damage as a result of an infringement of this Regulation (In role Person who has suffered material or non-material damage as a result of an infringement of this Regulation)
Compensation for the damage suffered (In role Controller) (In role Processor)

Indirect rights

Regulation name
Principle of lawfulness, fairness and transparency (In role Data subject)
Purpose limitation principle (In role Data subject)
Data minimization principle (In role Data subject)
Principle of accuracy (In role Data subject)
Storage limitation principle (In role Data subject)
Principle of integrity and confidentiality (In role Data subject)
Principle of accountability (In role Data subject)
Obligation to demonstrate the consent for processing the personal data (In role Data subject)
Prohibition of processing the special categories of personal data (In role Data subject)
Reasons for derogating the exercise of the Articles 15 – 20 (In role Data subject)
Measures of the controller in terms of providing the information to data subjects (In role Data subject)
Facilitating the data subject rights (In role Data subject)
Providing the information on action taken on a request under Articles 15 to 22 to the data subject (In role Data subject)
Obligations of the controller in case when the data subject request is unadopted (In role Data subject)
Information provided to the data subject when personal data has been acquired from a data subject (In role Data subject)
Additional information provided to the data subject when personal data has been acquired from a data subject (In role Data subject)
Information provided to the data subject when controller intends to further process the personal data for a purpose other than that for which the personal data were collected (In role Data subject)
Information provided where personal data have not been obtained from the data subject (In role Data subject)
Some additional information provided where personal data have not been obtained from the data subject (In role Data subject)
Principles of providing the information in terms of the Article 14, paragraph 1 and 2 of the regulation (In role Data subject)
Providing the information where the controller intends to process the personal data for a purpose other than that for which the personal data were obtained (In role Data subject)
Obligation to provide a copy of the personal data which are being processed (In role Data subject)
Obligations of the controller after the right to be forgotten has been applied (In role Data subject)
Information duty of the controller in context of the personal data processing limitation (In role Data subject)
Information obligation of the controller towards the recipients (In role Data subject) (In role Recipient)
Prohibition of the personal data processing after the Article 21, paragraph 2 has been applied (In role Data subject)
Obligation of the controller to inform the data subject about the to object (In role Data subject)
Proceedings of the controller in case of the Article 22, paragraph 2, points a) – c) application (In role Data subject)
Respective roles and relationships of the joint controllers vis-à-vis the data subjects (In role Data subject)
Guaranties of the processor for implementing the adequate protective measurements (In role Data subject)
Implementation of the appropriate technical and organisational measures (In role Data subject)
Notification the data breach to the controller (In role Controller)
Communication the personal data breach to the data subject (In role Data subject)
Personal data processing that require the DPIA – general provision (In role Data subject)
List of processing operations which require an obligatory data protection impact assessment (In role Controller) (In role Processor)
Situation where the DPIA might be necessary (In role Data subject)
Competency of the supervisory authority in case of the specific situations (In role Controller) (In role Processor)
Responsibility of the data protection officer (In role Controller) (In role Processor)
Support in working out the codes of conduct (In role Controller) (In role Processor)
Professional secrecy commitment of the supervisory authority members and employees (In role Data subject)
The free – of -charge principle of performing the supervisory authority tasks (In role Data subject)
The notification obligation of the lead supervisory authority in case of the submitted appeal (In role Complainant) (In role Controller) (In role Processor)
The notification obligation of the lead supervisory authority in case of the rejection of the submitted appeal (In role Complainant) (In role Controller)
The proceeding of the lead supervisory authority and other supervisory authorities in case of the partial rejection of the submitted appeal (In role Complainant) (In role Controller) (In role Processor)
Scope of the Board activities and responsibilities (In role Controller) (In role Processor)
Information duty of the supervisory authority after the receiving of complaint (In role Complainant)
Joint liability in context of the personal data processing (In role Data subject)
Appropriate safeguards related to the rights and freedoms of the data subject (In role Data subject)

Sanctions

Regulation name
Facts and conditions that are influencing the imposition of administrative fines (In role Controller) (In role Processor)
Principles for imposing the maximum administrative fines (In role Controller) (In role Processor)
Provisions concerning the administrative fines – up to 10 000 000,- EUR (In role Controller) (In role Processor)
Provisions concerning the administrative fines – up to 10 000 000,- EUR (In role Controller) (In role Data subject) (In role Processor)
Fines for the non-compliance with an order by the supervisory authority as referred to in Article 58(2) (In role Controller) (In role Processor)

Definitions

Regulation name
Territorial scope for the non-EU subjects (In role Controller not established in the EU) (In role Processor not established in the EU)
Territorial scope for the place under the law of the Member State (In role Controller not established in the EU)
Personal data (In role Data subject)
Controller (In role Controller)
Processor (In role Processor)
Recipient (In role Recipient)
Third party (In role Third party)
Consent of a data subject (In role Data subject)
Performance of a contract (In role Data subject)
Compliance with a legal obligation (In role Controller)
To protect the vital interests of the data subject or of another natural person (In role Data subject)
Performance of a task carried out in the public interest (In role Controller)
Purposes of the legitimate interests pursued by the controller or by a third party (In role Controller) (In role Data subject) (In role Third party)
Transparency of the consent for personal data processing (In role Data subject)
Exclusions from the prohibition of processing the special categories of personal data (In role Controller) (In role Data subject) (In role Employee) (In role Natural person)
Providing the information in terms of Articles 13 and 14 (In role Data subject)
Exemptions from application the obligation of the controller to provide information in terms of the Article 14, paragraphs 1 – 4 (In role Controller) (In role Data subject)
Limitation of the negative implications in context of the other subjects' rights (In role Controller) (In role Data subject)
Exemptions from the application of Article 17, paragraph 1 and 2 (In role Controller) (In role Data subject)
Processing the personal data after the right to restriction of processing has been applied (In role Controller) (In role Data subject) (In role Natural person)
Limitation of the right to obtain the personal data (In role Controller) (In role Data subject)
Limitation of the negative implications relating to other subjects' rights (In role Controller)
Restrictions in application of the Article 22, paragraph 1 (In role Controller) (In role Data subject)
Decisions according to the Article 22, paragraph 2 (In role Data subject)
Minimum scope of the individual provisions in terms of the Article 23, paragraph 1 of the regulation (In role Controller) (In role Processor)
Limitation of the obligation laid down in the Article 27, paragraph 1 (In role Controller not established in the EU) (In role Processor not established in the EU)
Legal instruments of the remedies against the controller or processor (In role Controller not established in the EU) (In role Processor not established in the EU) (Delegated Representative of the Controller) (Delegated Representative of the Processor)
Minimal scope of the contract essentials between the Controller and Processor (In role Controller) (In role Data subject) (In role Processor)
Basic Standard contract clauses between the Controller and Processor (In role Controller) (In role Processor)
Exemption from the obligations listed in the Article 30, paragraph 1 and 2 (In role Enterprise or an organisation employing fewer than 250 persons)
Assessing the appropriate level of the security account (In role Controller) (In role Data subject) (In role Processor)
Notification method in context of the Article 34, paragraph 1 of the regulation (In role Controller) (In role Data subject)
Processing that requires the obligatory DPIA (In role Controller)
Minimal content of the DPIA (In role Controller)
Assessing the impact of the processing performed by such controllers or processors (In role Controller) (In role Processor)
Situations where the DPIA need not to be done (In role Controller)
Supervisory authority consultation relating to social policy and public health policy (In role Controller)
Monitoring the compliance of the codes of conduct (In role Controller) (In role Processor)
Demonstrating the existence of an appropriate safeguards, provided by the controllers or processors that are not subject to this Regulation pursuant to Article 3 (In role Controller that is not subject to this Regulation) (In role Processor that is not subject to this Regulation)
Responsibility of the Controller and Processor relating to the certification process (In role Controller) (In role Processor)
Validity of the certificate and it´s prolongation (In role Controller) (In role Processor)
Accreditation conditions in relation to the certification subjects (In role Controller) (In role Data subject) (In role Processor)
Basic conditions for the personal data transfer (In role Controller) (In role Processor)
Possibilities of setting the appropriate safeguards up (In role Controller) (In role Data subject) (In role Processor)
Priority forms and approaches of the appropriate safeguards based on the Article 46, paragraph 1 (In role Controller) (In role Processor) (In role Recipient)
Minimal essential content of the binding corporate rules (In role Controller) (In role Data subject) (In role Group of enterprises engaged in a joint economic activity) (In role Group of undertakings) (In role Personnel having permanent or regular access to personal data) (In role Processor)
Mutual legal assistance between the requesting third country and the Union or a Member State (In role Controller) (In role Processor)
Conditions for the personal data transfer in case of an appropriate safeguards decision absence (In role Controller) (In role Data subject) (In role Natural person) (In role Processor)
Specifications to the personal data transfer in context of the Article 49, paragraph 1 (In role Persons having a legitimate interest) (In role Recipient)
The lead supervisory authority in context of the cross-border processing (In role Controller) (In role Processor)
Proceedings in case of the urgent situations (In role Data subject)
Access to documents of the Board (In role Third party)
The local competency of the judicial authorities for submitting the proceeding against the controller or processor (In role Controller) (In role Data subject) (In role Processor)
Circumstances that are excluding the responsibility of the controller or processor for the damage (In role Controller) (In role Processor)
Special provisions on personal data processing in context of the group of undertakings (In role Group of enterprises engaged in a joint economic activity) (In role Group of undertakings)
Restrictions in the exemptions based on the Article 89, paragraph 2 and 3 (In role Controller) (In role Processor)