| Principle of lawfulness, fairness and transparency |
| Purpose limitation principle |
| Data minimization principle |
| Principle of accuracy |
| Storage limitation principle |
| Principle of integrity and confidentiality |
| Principle of accountability |
| Consent of the data subject |
| Purposes of the legitimate interests pursued by the controller or by a third party |
| Transparency of the consent for personal data processing |
| Prohibition of processing the special categories of personal data |
| Reasons for derogations of exercising the articles 15 – 20 of the regulation |
| Measures of the controller in terms of providing information to data subjects. |
| Facilitating the data subject rights exercising under the Articles 15 to 22 |
| Providing the information on action taken on a request under Articles 15 to 22 to the data subject |
| Obligations of the controller when the data subject request is unadopted |
| Information provided to the data subject when personal data has been acquired from a data subject |
| Additional information provided to the data subject when personal data has been acquired from a data subject |
| Information provided to the data subject when controller intends to further process the personal data for a purpose other than that for which the personal data were collected |
| Information provided where personal data have not been obtained from the data subject |
| Some additional information provided where personal data have not been obtained from the data subject |
| Providing the information where the controller intends to further process the personal data for a purpose other than that for which the personal data were obtained |
| Obligation to provide a copy of the personal data undergoing processing |
| Obligations of the controller when the right to be forgotten has been applied |
| Processing of the personal data after the application of the right to restriction of processing |
| Obligation of the controller regarding the processing limitation |
| Prohibition of the personal data processing after the Article 21, paragraph 2 application |
| Obligation to inform the data subject in context of the right to object |
| Proceedings of the controller in case of the Article 22, paragraph 2, points a) – c) application |
| Assessing the appropriate level of security account |
| Notification of the personal data breach to the data subject |
| Situation where the DPIA is necessary |
| Professional secrecy commitment |
| Free – of -charge principle of performing the supervisory authority tasks |
| Appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject |
