| Principle of lawfulness, fairness and transparency |
| Purpose limitation principle |
| Data minimization principle |
| Principle of accuracy |
| Storage limitation principle |
| Principle of integrity and confidentiality |
| To protect the vital interests of the data subject or of another natural person |
| Prohibition of processing the special categories of personal data |
| Delegation scope of the controller or processor |
| Conditions for engagement of the other processor to data processing |
| Minimal scope of the contract essentials between the Controller and Processor |
| Designation of the identical scope of the responsibilities fot the other processor |
| Contract or other legal document in terms of the Article 28, paragraphs 3 and 4 of the regulation |
| Consequences of misconducting the purposes and instruments in the process of personal data processing by the processor |
| Obligation of the processor to accept the instructions of the controller |
| A record of all categories of processing activities carried out on behalf of a controller |
| Format of the records in terms of the Article 30, pragraphs 1 and 2 of the regulation |
| Implementation of the appropriate technical and organisational measures |
| Assessing the appropriate level of security account |
| Ensuring the compliance in activities on behalf the Controller or Processor in context of the regulation |
| Data breach notification to the controller |
| Minimal content of the personal data breach notification |
| Minimal content of the DPIA |
| Assessing the impact of the processing operations performed by such controllers or processors |
| Obligatory designation of the data protection officer (DPO) |
| Publication of the contact details of the data protection officer |
| Responsibility of the controller and processor in context of the DPO |
| Supporting the data protection officer in performing the tasks referred to in Article 39 |
| Organizational status of the DPO |
| DPO and its other tasks duties |
| Providing the information and access which are necessary to conduct the certification procedure |
| Basic conditions for the personal data transfer |
| Documentation of the assessment or suitable safeguards |
| Obligations of the Controller (or Processor) after the decision has been notified |
| Appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject |
