State institutions and bodies, member states

Obligations

Regulation name
Basis for the processing referred to in point (c) and (e) of paragraph 1 (European Union, Member states)
Minimum scope of the individual provisions in terms of the Article 23, paragraph 1 of the regulation (Member states)
Consultations during the preparation of a proposal for a legislative measure (Member states)
Encouraging the drawing up of codes of conduct intended to contribute to the proper application of this Regulation (European Data Protection Board, European Commission, Member states, Supervisory authority)
Support in the process of certification mechanisms implementation (European Data Protection Board, European Commission, Member states, Supervisory authority)
Issuing and renewal of the certification (Certification subject, Member states)
Issuing and renewal of the certification (Certification subject, Member states)
Information obligation of the Certification subject (Certification subject)
Public interest in the EU law or Member state law in context of the personal data transfer (European Union, Member states)
Establishing the supervisory authority (Member states)
Designating the supervisory authority in context of the representation in the Board (Member states)
Notification obligation of the member state in terms of the Chapter VI of the regulation (Member states)
Obligation to provide the conditions for supervisory authority activities (Member states)
Conditions for supervisory authority staff selection (Member states)
Financial control of the supervisory authority (Member states)
Appointing the members of the supervisory authority (Member states)
Minimal obligation requirements for the member states in context of establishing supervisory authority (Member states)
Responsibility for activities of the dispatching supervisory authority personal (Member states)
Reimbursement of the damage caused by the supervisory authority personal (Member states)
Prohibition of requesting the reimbursement in terms of the Article 62, paragraph 4 of the regulation (Member states)
Designation of the joint representative of the supervisory authorities (Member states)
Existence of the identical proceedings (Judicial authorities)
Special provisions concerning the other sanction in case of non-compliance with the regulation (Member states)
Notification obligation of the member state in terms of the Article 84, paragraph 1 of the regulation (Member states)
Harmonization of the right to the protection of personal data with the legal system of the member state (Member states)
Processing carried out for journalistic purposes or the purpose of academic artistic or literary expression (Member states)
Notification obligation of the member state in terms of the Article 85, paragraph 2 of the regulation (Member states)
Notification obligation in terms of the Article 88, paragraph 1 of the regulation (Member states)
Notification obligation in context of the Article 90, paragraph 1 of the regulations (Member states)

Indirect obligations

Regulation name
Common certification and the European Data Protection Seal (Certification subject, Supervisory authority)
Validity of the accreditation and renewal conditions (Certification subject)
Right of the supervisory authority to bring infringements of this Regulation to the attention of the judicial authorities (Judicial authorities)
Right to an effective judicial remedy against a supervisory authority (Judicial authorities)
The right to a an effective judicial remedy (Judicial authorities)
Right of the Commission request information from Member States and supervisory authorities (Member states, Supervisory authority)

Rights

Regulation name
Implementation of the particular requirements for the processing in terms of the paragraph 1, points c) and e) of the regulation (Member states)
Restrictions in terms of the article 8, paragraph 1 of the regulation (Member states)
Further conditions regarding the processing of genetic data, biometric data or data concerning health (Member states)
Restrictions of the scope of rights and obligations settled in the Articles 12 – 22, 34 and 5 of the regulation (Member states)
Designation of a single data protection officer may be designated for several such authorities or bodies (Public authority or public body)
Transfer limitation of the specific category of the personal data transfer (European Union, Member states)
Implementation of the additional rights for the supervisory authority (Member states)
Extension of the rights and mandates for the not-for-profit body, organisation or association in the Member states (Member states)
Individual provision in context of the judicial authorities competence concerning the identical proceedings (Respective judicial authority)
Some other principles for imposing the administrative fines (Member states)
Processing of the national identification number (Member states)
Principles of personal data processing for the purpose of the employment (Member states)
Right of the supervisory authorities in terms of the Article 58, paragraph 1, points e) and f) of the regulation (Member states)

Indirect rights

Regulation name
Requirements for the information society services in context of the child (Child, Member states, Parental responsibility holder)
Providing the information and access which are necessary to conduct the certification procedure (Certification subject)
Accreditation of a certification body revocation (National accreditation subject, Supervisory authority)
Conditions for supervisory authority staff selection (Member states)
Reimbursement of the damage caused by the supervisory authority personal (Member state that has reimbursed the damage)
Exemption in personal data processing for scientific or historical research purposes or statistical purposes (European Union, Member states)
Exemption in personal data processing for archiving purposes in the public interest (European Union, Member states)

Sanctions

Regulation name
Provisions concerning the administrative fines – up to 10 000 000,- EUR (Certification subject, Controller, Monitoring subject, Processor)

Definitions

Regulation name
Exemption from processing the DPIA (Member states)
Limitation of Article 41 application in context of the public authorities and bodies (Public authority or public body)
Certification validity period and prolongation (Certification subject, Supervisory authority)
Accreditation conditions for the accreditation subjects (National accreditation subject, Supervisory authority which is competent pursuant to Article 55 or 56)
Implementation criteria for the accreditation process of the Certification subject (Certification subject)
Exemption from the application of the Article 56 of the regulation (Private bodies acting on the basis of point (c) or (e) of Article 6(1), Public authority or public body)
Local competency of the judicial authorities for proceeding in case of the personal data protection (Judicial authorities, Supervisory authority)