General Data Protection Regulation (GDPR) - Document structure

Chapter I - General provisions

Article 1 - Subject-matter and objectives

Subject-matter
Aim of the regulation
Free movement of personal data

Article 2 - Material scope

Positive definition of the material scope
Negative definition of the material scope
Processing of personal data by the Union institutions, bodies, offices and agencies
Application of Directive 2000/31/EC

Article 3 - Territorial scope

Territorial scope for the EU subjects
Territorial scope for the non-EU subjects
Territorial scope for the place under the law of the member state

Article 4 - Definitions

Personal data
Processing
Restriction of processing
Profiling
Pseudonymization
Filling system
Controller
Processor
Recipient
Third party
Consent
Personal data breach
Genetic data
Biometric data
Data concerning health
Main establishment
Representative
Enterprise
Group of undertakings
Binding corporate rules
Supervisory authority
Supervisory authority concerned
Cross-border processing
Relevant and reasoned objection
Information society service
International organization

---

Chapter II - Principles

Article 5 - Principles relating

Principle of lawfulness, fairness and transparency
Purpose limitation principle
Data minimization principle
Principle of accuracy
Storage limitation principle
Principle of integrity and confidentiality
Principle of accountability

Article 6 - Lawfulness of processing

Consent of the data subject
Performance of a contract
Compliance with a legal obligation
To protect the vital interests of the data subject or of another natural person
Performance of a task carried out in the public interest
Purposes of the legitimate interests pursued by the controller or by a third party
Implementation of the particular requirements for the processing in terms of the paragraph 1, points c) and e) of the regulation
Basis for the processing referred to in point (c) and (e) of paragraph 1
Processing for a purpose other than that for which the personal data have been collected

Article 7 - Conditions for consent

Obligation to demonstrate the consent for processing the personal data
Transparency of the consent for personal data processing
The right to withdraw his or her consent at any time
Assessing the consent given

Article 8 - Conditions applicable to child's consent in relation to information society services

Requirements for the information society services in context of the child
Obligations of the controller on context of the child when processing the personal data
Restrictions in terms of the article 8, paragraph 1 of the regulation

Article 9 - Processing of special categories of personal data

Prohibition of processing the special categories of personal data
Exclusions from the prohibition of processing the special categories of personal data
Provisions to the processing of special categories of personal data in terms of the paragraph 2, point h) of the regulation
Further conditions regarding the processing of genetic data, biometric data or data concerning health

Article 10 - Processing of personal data relating to criminal convictions and offences

Processing of personal data relating to criminal convictions and offences

Article 11 - Processing which does not require identification

Exemption from the obligation to maintain, acquire or process additional information in order to identify the data subject
Reasons for derogations of exercising the articles 15 – 20 of the regulation

---

Chapter III - Rights of the data subject

Article 12 - Transparent information, communication and modalities for the exercise of the rights of the data subject

Measures of the controller in terms of providing information to data subjects.
Facilitating the data subject rights exercising under the Articles 15 to 22
Providing the information on action taken on a request under Articles 15 to 22 to the data subject
Obligations of the controller when the data subject request is unadopted
Rights of the controller in context of the inappropriate requests from the data subject
Additional information claims from the controller
Providing the information in terms of Articles 13 and 14
The right of the Commission to act in terms of the Article 92 of the regulation

Article 13 - Information to be provided where personal data are collected from the data subject

Information provided to the data subject when personal data has been acquired from a data subject
Additional information provided to the data subject when personal data has been acquired from a data subject
Information provided to the data subject when controller intends to further process the personal data for a purpose other than that for which the personal data were collected
Exemption from exercising the paragraphs 1 – 3, Article 13 of the regulation

Article 14 - Information to be provided where personal data have not been obtained from the data subject

Information provided where personal data have not been obtained from the data subject
Some additional information provided where personal data have not been obtained from the data subject
Principles of providing the information in terms of the Article 14, paragraph 1 and 2 of the regulation
Providing the information where the controller intends to further process the personal data for a purpose other than that for which the personal data were obtained
Exemptions from the obligation of the controller to provide information in terms of the Article 14, paragraphs 1 – 4 of the regulation

Article 15 - Right of access by the data subject

Right of the data subject to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed
Right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer
Obligation to provide a copy of the personal data undergoing processing
Limitation of the negative implications regarding the the right to obtain a copy referred to in paragraph 3 of the regulation

Article 16 - Right to rectification

Right to rectification

Article 17 - Right to erasure (‘right to be forgotten’)

Reason for eligibility to exercise the right to be forgotten
Obligations of the controller when the right to be forgotten has been applied
Exemptions from exercising the Article 17, paragraph 1 and 2 of the regulation

Article 18 - Right to restriction of processing

Restraining the personal data processing
Processing of the personal data after the application of the right to restriction of processing
Obligation of the controller regarding the processing limitation

Article 19 - Notification obligation regarding rectification or erasure of personal data or restriction of processing

Information obligation of the controller towards the recipients

Article 20 - Right to data portability

Right to data portability
Portability of the personal data from one controller to another
Limitation of the right to obtain the personal data
Limitation of the negative implications in context of the other subjects rights

Article 21 - Right to object

Right to object
Right to object on case of the direct marketing purposes
Prohibition of the personal data processing after the Article 21, paragraph 2 application
Obligation to inform the data subject in context of the right to object
Application of the right to object using the automated services
Right to object in context of the personal data processing for the purposes of scientific, historical or statistical reasons

Article 22 - Automated individual decision-making, including profiling

Right not to be subject to a decision based solely on automated processing
Restriction of the Article 22, paragraph 1 application
Proceedings of the controller in case of the Article 22, paragraph 2, points a) – c) application
Decisions referred to in Article 22, paragraph 2 of the regulation

Article 23 - Restrictions

Restrictions of the scope of rights and obligations settled in the Articles 12 – 22, 34 and 5 of the regulation
Minimum scope of the individual provisions in terms of the Article 23, paragraph 1 of the regulation

---

Chapter IV - Controller and processor

Article 24 - Responsibility of the controller

Responsibilities of the controller in personal data processing
Implementation of appropriate data protection policies by the controller
Obligations fulfillment by the controller

Article 25 - Data protection by design and by default

Implementation of the appropriate technical and organisational measures
Processing of the personal data “by default”
Approved certification mechanism pursuant to Article 42

Article 26 - Joint controllers

Personal data processing by the joint controllers
Respective roles and relationships of the joint controllers vis-à-vis the data subjects
Exercising his or her rights under this Regulation in respect of and against each of the controllers

Article 27 - Representatives of controllers or processors not established in the Union

Designation of the representative in the Union
Limitation of applying the obligations in terms of Article 27, paragraph 1 of the regulation
Assignation of the place of activity of the controller outside the EU
Delegation scope of the controller or processor
Legal instruments of remedies against the controller or processor

Article 28 - Processor

Guaranties of the processor for implementing the adequate measurements
Conditions for engagement of the other processor to data processing
Minimal scope of the contract essentials between the Controller and Processor
Designation of the identical scope of the responsibilities fot the other processor
Certification mechanism as referred to in Article 42 of the processor
Standard contract clauses between the Controller and Processor
Setting the standard contract clauses settled by the Commission
Standard contractual clauses settled by the supervisory authority
Contract or other legal document in terms of the Article 28, paragraphs 3 and 4 of the regulation
Consequences of misconducting the purposes and instruments in the process of personal data processing by the processor

Article 29 - Processing under the authority of the controller or processor

Obligation of the processor to accept the instructions of the controller

Article 30 - Records of processing activities

Mandatory scope of the records
A record of all categories of processing activities carried out on behalf of a controller
Format of the records in terms of the Article 30, pragraphs 1 and 2 of the regulation
Making the record available to the supervisory authority on request
Exemption from the obligations in terms of the Article 30, paragraph 1 and 2 of the regulation

Article 31 - Cooperation with the supervisory authority

Cooperation with the supervisory authority

Article 32 - Security of processing

Implementation of the appropriate technical and organisational measures
Assessing the appropriate level of security account
Approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42
Ensuring the compliance in activities on behalf the Controller or Processor in context of the regulation

Article 33 - Notification of a personal data breach to the supervisory authority

Period for personal data breach declaration
Data breach notification to the controller
Minimal content of the personal data breach notification
Notification of the additional information in context of the personal data protection
Documentary measurements in personal data protection breach

Article 34 - Communication of a personal data breach to the data subject

Notification of the personal data breach to the data subject
Form of the personal data breach notification in terms of the Article 34, paragraph 1 of the regulation
Exemption from the obligation to notify the data subject
Competency of the supervisory authority in context of the notification obligation of the controller

Article 35 - Data protection impact assessment

Type of processing that requires the DPIA – general provision
Cooperation between the controller and data protection officer
Processing that requires the obligatory DPIA
List of the kind of processing operations which are subject to the requirement for a data protection impact assessment
List of the kind of processing operations for which no data protection impact assessment is required
Consistency mechanism referred to in Article 63
Minimal content of the DPIA
Assessing the impact of the processing operations performed by such controllers or processors
Views of data subjects or their representatives on the intended processing
Exemption from processing the DPIA
Situation where the DPIA is necessary

Article 36 - Prior consultation

Conditions that requires the prior consultations with supervisory authority
Competency of the supervisory authority in case of specific situations
Information provided to the consulting the supervisory authority pursuant to paragraph 1
Consultations during the preparation of a proposal for a legislative measure
Consultations with the supervisory authority in the area of the social policy and public health policy

Article 37 - Designation of the data protection officer

Obligatory designation of the data protection officer (DPO)
Appointing the single data protection officer providing that a data protection officer is easily accessible
Designation of a single data protection officer may be designated for several such authorities or bodies
Facultative designation of the DPO
Basic requirements for the DPO status
Appointment of the employee to DPO position
Publication of the contact details of the data protection officer

Article 38 - Position of the data protection officer

Responsibility of the controller and processor in context of the DPO
Supporting the data protection officer in performing the tasks referred to in Article 39
Organizational status of the DPO
Contacting the DPO
Secrecy obligation of the DPO
DPO and its other tasks duties

Article 39 - Tasks of the data protection officer

Responsibility o the data protection officer
Other tasks of the DPO

Article 40 - Codes of conduct

Encouraging the drawing up of codes of conduct intended to contribute to the proper application of this Regulation
Codes of conduct
Implementation of the codes of conduct by subjects, that are outside the scope of this regulation
Mandatory monitoring of compliance
Submitting the draft code, amendment or extension to the supervisory authority which is competent pursuant to Article 55
Registration and publication of the code
Submitting the code or draft of the code to the Board
Submitting the code or draft of the code to the Board
Designation of the general validity of the approved code of conduct
Publication of the valid and approved codes of conduct
Collecting all approved codes of conduct, amendments and extensions in a register

Article 41 - Monitoring of approved codes of conduct

Monitoring of compliance with a code of conduct pursuant to Article 40
Basic criteria for accreditation
Submitting the draft criteria for an accreditation of a body
Measurements in case of breaching the code of conduct by the Controller or Processor
Reasons for an accreditation withdrawal
Limitation of Article 41 application in context of the public authorities and bodies

Article 42 - Certification

Support in the process of certification mechanisms implementation
Demonstrating the existence of appropriate safeguards provided by controllers or processors
Transparent certification process
Responsibility of the Controller and Processor in process of the certification
Common certification and the European Data Protection Seal
Providing the information and access which are necessary to conduct the certification procedure
Certification validity period and prolongation
Certification mechanisms and data protection seals and marks publication

Article 43 - Certification bodies

Issuing and renewal of the certification
Accreditation conditions for the accreditation subjects
Implementation criteria for the accreditation process of the Certification subject
Validity of the accreditation and renewal conditions
Information obligation of the Certification subject
Certification criteria publications
Accreditation of a certification body revocation
Certification requirements settled by the Commission
Technical norms for the certifications mechanisms, seals and marks

---

Chapter V - Transfers of personal data to third countries or international organisations

Article 44 - General principle for transfers

Basic conditions for the personal data transfer

Article 45 - Transfers on the basis of an adequacy decision

General conditions for personal data transfer
Assessing the adequacy of the level of protection
Decision of the adequate level of protection of personal data
Monitoring activity of the Commission
Derogation, novelization or detention of the decision of the Commission in terms of Article 45, paragraph 3
Consultations with the third country or international organization
Exemption from the decisions under the Article 45, paragraph 5 of the regulation
Adequate level of personal data protection on the parts of the third countries or international organizations
Validity of the decisions, published under the Article 25, paragraph 6 of the Directive 95/46/ES

Article 46 - Transfers subject to appropriate safeguards

Personal data transfer In the absence of a decision pursuant to Article 45(3)
Setting up the appropriate safeguards referred to Article 46, paragraph 1 of the regulation
Priority forms and approaches to setting up the appropriate safeguards referred to Article 46, paragraph 1 of the regulation
Consistency mechanism application referred to in Article 63
Validity of the decisions, published in terms of the Article 26, paragraph 2 of the Directive 95/46/ES

Article 47 - Binding corporate rules

Binding corporate rules in accordance with the consistency mechanism set out in Article 63
Minimal scope of the binding corporate rules referred to in paragraph 1
Exchange of information between controllers, processors and supervisory authorities for binding corporate rules

Article 48 - Transfers or disclosures not authorised by Union law

Mutual legal assistance between the requesting third country and the Union or a Member State

Article 49 - Derogations for specific situations

Conditions for personal data transfer in case of appropriate safeguards absence
Specifications to the personal data transfer in terms of the Article 49, paragraph 1, point g of the regulation
Derogations from the personal data transfer rules
Public interest in the EU law or Member state law in context of the personal data transfer
Transfer limitation of the specific category of the personal data transfer
Documentation of the assessment or suitable safeguards

Article 50 - International cooperation for the protection of personal data

Activity of the Commission and supervisory authorities in context of the international organization support

---

Chapter VI - Independent supervisory authorities

Article 51 - Supervisory authority

Establishing the supervisory authority
Activity of the supervisory authority
Designating the supervisory authority in context of the representation in the Board
Notification obligation of the member state in terms of the Chapter VI of the regulation

Article 52 - Independence

Independence of the supervisory authority
Independence of the supervisory authority members
Obligation of the supervisory authority members to refrain from any action incompatible with their duties
Obligation to provide the conditions for supervisory authority activities
Conditions for supervisory authority staff selection
Financial control of the supervisory authority

Article 53 - General conditions for the members of the supervisory authority

Appointing the members of the supervisory authority
Basic requirements for the supervisory authority members
Derogations of the supervisory authority member duties
Abrogation of the supervisory authority member

Article 54 - Rules on the establishment of the supervisory authority

Minimal obligation requirements for the member states in context of establishing supervisory authority
Professional secrecy commitment

Article 55 - Competence

Competence of the supervisory authority
Exemption from the application of the Article 56 of the regulation
Derogation of the supervisory authority competence in context pf the judicial power

Article 56 - Competence of the lead supervisory authority

Competence of the lead supervisory authority in terms of the Article 60 of the regulation
Supervisory authority right on context of the complaint
Obligations of the supervisory authority after receiving the complaint in terms of the Article 56, paragraph 2 of the regulation
Decision of the lead supervisory authority to handle the case
Decision of the lead supervisory authority to reject the case
The lead supervisory authority and the cross-border processing

Article 57 - Tasks

Supervisory authority territorial activity scope
Facilitation of the complaints submission process
Free – of -charge principle of performing the supervisory authority tasks
Services charge in context of the unfounded or excessive requests

Article 58 - Powers

Investigative powers of the supervisory authority
Corrective powers of the supervisory authority
Authorization and advisory powers of the supervisory authority
The exercise of powers on the part of the supervisory authority
Right of the supervisory authority to bring infringements of this Regulation to the attention of the judicial authorities
Implementation of the additional rights for the supervisory authority

Article 59 - Activity reports

The annual report on the supervisory authority activities

---

Chapter VII - Cooperation and consistency

Article 60 - Cooperation between the lead supervisory authority and the other supervisory authorities concerned

Cooperation between the Lead supervisory authority and respective supervisory authorities
Cooperation between the supervisory authorities
Communication in case of the relevant information on the matter to the other supervisory authorities concerned
Lead supervisory authority proceedings in case of the disagreement with the objection
Lead supervisory authority proceedings in case of acceptance of the objection
Biding force of the decision draft for the other supervisory authorities
Notification obligation of the Lead supervisory authority in case of the submitted appeal
Notification obligation of the Lead supervisory authority in case of rejection of the submitted appeal
Lead supervisory authority and other supervisory authorities proceedings in case of the partial rejection of the submitted appeal
Obligations of the Controller (or Processor) after the decision has been notified
Proceedings in case of the urgent need to act
Ways of providing the information between the lead supervisory authority and respective supervisory authorities

Article 61 - Mutual assistance

Providing the information and cooperation between the supervisory authorities
An appropriate measures required to reply to a request of another supervisory authority
Requests for assistance or cooperation
Reasons for refusing the request by the supervisory authority
Information that are provided to the requesting supervisory authority by the requested supervisory authority
Means of providing the information by the requested supervisory authorities
Basic rules for cooperation between the supervisory authorities
A provisional measure on the territory of the individual Member State in accordance with Article 55(1)
Specification of the forms and means of cooperation between the supervisory authorities

Article 62 - Joint operations of supervisory authorities

Joint operations and joint investigation
Competency of the supervisory authorities in joint operations
Right of the supervisory authority personal
Responsibility for activities of the dispatching supervisory authority personal
Reimbursement of the damage caused by the supervisory authority personal
Prohibition of requesting the reimbursement in terms of the Article 62, paragraph 4 of the regulation
A provisional measure in case of the breaching the obligations in terms of the Article 62, paragraph 2, second sentence

Article 63 - Consistency mechanism

Consistency mechanism

Article 64 - Opinion of the Board

An opinion of the Board
Examination of the case by the Board
Issuing an opinion in terms of the Article 64, paragraph 1 and 2 of the regulation
Cooperation between the supervisory authorities, Commission and Board
Information obligation of the Chair of the Board
Restriction in adopting the decision by the supervisory authority
Activity of the supervisory activity after receiving the opinion of the Board
Action of the respective supervisory authority after rejecting the opinion of the Board

Article 65 - Dispute resolution by the Board

Reasons for adopting the biding decisions by the Board
Period for adopting the decisions in terms of the Article 65, paragraph 1of the regulation
Activity of the Board when the periods, settled in the Article 65, has been missed
Restrictions in adopting the decision within the period in terms of the Article 65, paragraph 2 and 3 of the regulation
Notification responsibility of the Chair of the Board
Activity of the Chair of the Board after acceptance of the final decision

Article 66 - Urgency procedure

Adoption of the provisional measures by the respective supervisory authority
Publication of the urgent opinion or biding decision
Request for publishing the urgent opinion
Exemptions in adopting the urgent opinion or urgent biding decision

Article 67 - Exchange of information

Right of the Commission to adopt the implementing acts of the general scope

Article 68 - European Data Protection Board

Establishment of the European Data Protection Board
Chair of the Board
Structure of the Board
Designation of the joint representative of the supervisory authorities
Participation of the Commission in the Board sessions
Scope of the competency of the European Data Protection Supervisor

Article 69 - Independence

Independence of the Board
Individual provision in context of the Board independence

Article 70 - Tasks of the Board

Scope of the Board activities and responsibilities
Designation of the period by the Commission
Publication of the consultations results, opinions, best practices, made by the Board
Consultations of the Board with the respective parties

Article 71 - Reports

An annual report regarding the protection of natural persons with regard to processing in the Union
Scope of the annual report of the Board

Article 72 - Procedure

Procedure in taking the decisions by the Board
Operational arrangements of the Board

Article 73 - Chair

Election of the Chair of the Board
Term of office of the Board

Article 74 - Tasks of the Chair

Tasks of the Chair of the Board
Allocation of the tasks to the Chair of the Board and Deputy Chair of the Board

Article 75 - Secretariat

Secretariat
Tasks of the Secretariat of the Board
Personnel of the European Data Protection Supervisor
Cooperation between the Board and European Data Protection Supervisor
Scope of the cooperation between the Board and Secretary
Responsibility of the Secretariat

Article 76 - Confidentiality

Confidential discussions of the Board
Access to documents submitted to members of the Board

---

Chapter VIII - Remedies, liability and penalties

Article 77 - Right to lodge a complaint with a supervisory authority

Competency for submitting the request to the supervisory authority
Information responsibility of the supervisory authority after receiving the complaint

Article 78 - Right to an effective judicial remedy against a supervisory authority

Right to an effective judicial remedy against a supervisory authority
The right to a an effective judicial remedy
Local competency of the judicial authorities for proceeding in case of the personal data protection
Forwarding the opinion or decision to the respective judicial authorities

Article 79 - Right to an effective judicial remedy against a controller or processor

Right to an effective judicial remedy
Local competency of the Judicial authorities for submitting the proceeding against the Controller or Processor

Article 80 - Representation of data subjects

Representation of data subjects
Extension of the rights and mandates for the not-for-profit body, organisation or association in the Member states

Article 81 - Suspension of proceedings

Existence of the identical proceedings
Suspension of the proceeding
Individual provision in context of the judicial authorities competence concerning the identical proceedings

Article 82 - Right to compensation and liability

Compensation for the material or non-material damage as a result of an infringement of this Regulation
Special provisions in context of the responsibility for the damage in terms of the Article 82, paragraph 1 of the regulation
Circumstances that are excluding the responsibility of the Controller or Processor for the damage
Joint liability in context of the personal data processing
Compensation for the damage suffered
Court proceedings for exercising the right to receive compensation

Article 83 - General conditions for imposing administrative fines

Basic rules for imposing the administrative fines
Facts and conditions that are influencing the imposition of administrative fines
Principles for imposing the maximum administrative fines
Provisions concerning the administrative fines – up to 10 000 000,- EUR
Provisions concerning the administrative fines – up to 10 000 000,- EUR
Fines for the non-compliance with an order by the supervisory authority as referred to in Article 58(2)
Some other principles for imposing the administrative fines
Competency of the supervisory authority and appropriate procedural safeguards
Application of the sanction mechanism when no administrative fines are imposed

Article 84 - Penalties

Special provisions concerning the other sanction in case of non-compliance with the regulation
Notification obligation of the member state in terms of the Article 84, paragraph 1 of the regulation

---

Chapter IX - Provisions relating to specific processing situations

Article 85 - Processing and freedom of expression and information

Harmonization of the right to the protection of personal data with the legal system of the member state
Processing carried out for journalistic purposes or the purpose of academic artistic or literary expression
Notification obligation of the member state in terms of the Article 85, paragraph 2 of the regulation

Article 86 - Processing and public access to official documents

Processing and public access to official documents

Article 87 - Processing of the national identification number

Processing of the national identification number

Article 88 - Processing in the context of employment

Principles of personal data processing for the purpose of the employment
Special provisions to personal data processing for the purpose of the group of undertakings
Notification obligation in terms of the Article 88, paragraph 1 of the regulation

Article 89 - Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes

Appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject
Exemption in personal data processing for scientific or historical research purposes or statistical purposes
Exemption in personal data processing for archiving purposes in the public interest
Restrictions in the exemptions, noted in the Article 89, paragraph 2 and 3 of the regulation

Article 90 - Obligations of secrecy

Right of the supervisory authorities in terms of the Article 58, paragraph 1, points e) and f) of the regulation
Notification obligation in context of the Article 90, paragraph 1 of the regulations

Article 91 - Existing data protection rules of churches and religious associations

Existing data protection rules of churches and religious associations unification
Supervisory authority for the personal data processing in churches and religious associations

---

Chapter X - Delegated acts and implementing acts

Article 92 - Exercise of the delegation

Right of the Commission to adopt the delegated acts
Period for the delegate acts adoption
Subjects entitled to revoke the delegation of power referred to in Article 12(8) and Article 43(8)
Notification of delegated act adoption
Entering into the force of the delegated act

Article 93 - Committee procedure

Cooperation between the Commission and Committee within the meaning of Regulation (EU) No 182/2011
Reference to the Article 5 of Regulation (EU) No 182/2011
Reference to the Article 8 of Regulation (EU) No 182/2011

---

Chapter XI - Final provisions

Article 94 - Repeal of Directive 95/46/EC

Date of the Directive 95/46/EC repeal
Special provisions to the Directive 95/46/EC references

Article 95 - Relationship with Directive 2002/58/EC

Relationship with Directive 2002/58/EC

Article 96 - Relationship with previously concluded Agreements

Relationship with previously concluded Agreements

Article 97 - Commission reports

Report on the evaluation and review of this Regulation to the European Parliament and to the Council
Obligations of the Commission in the context of the evaluation and reviewing of this regulation
Right of the Commission request information from Member States and supervisory authorities
Proceeding of the Commission during the evaluation and reviewing process
Submission of the appropriate proposals to amend this Regulation

Article 98 - Review of other Union legal acts on data protection

Review of other Union legal acts on data protection

Article 99 - Entry into force and application

Entry into force of this regulation
Application of this regulation

---