Processor

Obligations

Regulation name
Principle of lawfulness, fairness and transparency
Purpose limitation principle
Data minimization principle
Principle of accuracy
Storage limitation principle
Principle of integrity and confidentiality
Prohibition of processing the special categories of personal data
Conditions for engaging the other processor to the data processing
Designation of the identical scope of the responsibilities for the other processor
Contract or any other legal document in terms of the Article 28, paragraphs 3 and 4
Consequences of misconducting the purposes and instruments in the process of personal data processing by the processor
Obligation of the processor to comply with the instructions of the controller
A record of all the processing activities categories, that are carried on behalf of a controller
Form of the records according to Article 30, paragraphs 1 and 2
Making the records available to the supervisory authority if needed
Cooperation with the supervisory authority
Implementation of the appropriate technical and organisational measures
Ensuring the activities compliance of any natural person, acting under the authority of controller or processor
Notification the data breach to the controller
Compulsory designation of the data protection officer (DPO)
Publishing the data of the designated data protection officer
Responsibility of the controller and processor in context of the Data protection officer
Providing the support for the data protection officer
Organizational status of the Data protection officer
The Data protection officer and it´s other tasks and duties
Providing the information and access, that are essential for the certification procedure
Documentation of the assessment and suitable safeguards
Obligations of the controller (or processor) after the decision has been published
Joint liability in context of the personal data processing
Appropriate safeguards related to the rights and freedoms of the data subject

Indirect obligations

Regulation name
Investigative powers of the supervisory authority
Corrective powers of the supervisory authority
Compensation for the material or non-material damage as a result of an infringement of this Regulation
Special provisions in context of the responsibility for the damage in terms of the Article 82, paragraph 1
Compensation for the damage suffered

Rights

Regulation name
Certification mechanism as referred to in Article 42
Adherence to an approved code of conduct as referred to in Article 40
Additional information relating to the personal data breach notification
Optional designation of the Data protection officer
Personal data transfer in case of the absence of the decision based on the Article 45(3)
Compensation for the damage suffered

Indirect rights

Regulation name
List of processing operations which require an obligatory data protection impact assessment
Competency of the supervisory authority in case of the specific situations
Responsibility of the data protection officer
Support in working out the codes of conduct
The notification obligation of the lead supervisory authority in case of the submitted appeal
The proceeding of the lead supervisory authority and other supervisory authorities in case of the partial rejection of the submitted appeal
Scope of the Board activities and responsibilities

Sanctions

Regulation name
Facts and conditions that are influencing the imposition of administrative fines
Principles for imposing the maximum administrative fines
Provisions concerning the administrative fines – up to 10 000 000,- EUR
Provisions concerning the administrative fines – up to 10 000 000,- EUR
Fines for the non-compliance with an order by the supervisory authority as referred to in Article 58(2)

Definitions

Regulation name
Processor
Minimum scope of the individual provisions in terms of the Article 23, paragraph 1 of the regulation
Minimal scope of the contract essentials between the Controller and Processor
Basic Standard contract clauses between the Controller and Processor
Assessing the appropriate level of the security account
Assessing the impact of the processing performed by such controllers or processors
Monitoring the compliance of the codes of conduct
Responsibility of the Controller and Processor relating to the certification process
Validity of the certificate and it´s prolongation
Accreditation conditions in relation to the certification subjects
Basic conditions for the personal data transfer
Possibilities of setting the appropriate safeguards up
Priority forms and approaches of the appropriate safeguards based on the Article 46, paragraph 1
Minimal essential content of the binding corporate rules
Mutual legal assistance between the requesting third country and the Union or a Member State
Conditions for the personal data transfer in case of an appropriate safeguards decision absence
The lead supervisory authority in context of the cross-border processing
The local competency of the judicial authorities for submitting the proceeding against the controller or processor
Circumstances that are excluding the responsibility of the controller or processor for the damage
Restrictions in the exemptions based on the Article 89, paragraph 2 and 3