Controllers and Processors

Obligations

Regulation name
Principle of lawfulness, fairness and transparency (Controller, Processor)
Principle of lawfulness, fairness and transparency (Controller, Processor)
Purpose limitation principle (Controller, Processor)
Purpose limitation principle (Controller, Processor)
Data minimization principle (Controller, Processor)
Data minimization principle (Controller, Processor)
Principle of accuracy (Controller, Processor)
Principle of accuracy (Controller, Processor)
Storage limitation principle (Controller, Processor)
Storage limitation principle (Controller, Processor)
Principle of integrity and confidentiality (Controller, Processor)
Principle of integrity and confidentiality (Controller, Processor)
Principle of accountability (Controller)
Consent of the data subject (Controller)
Performance of a contract (Controller)
Compliance with a legal obligation (Controller)
To protect the vital interests of the data subject or of another natural person (Controller, Processor)
To protect the vital interests of the data subject or of another natural person (Controller, Processor)
Performance of a task carried out in the public interest (Controller)
Purposes of the legitimate interests pursued by the controller or by a third party (Controller)
Processing for a purpose other than that for which the personal data have been collected (Controller)
Obligation to demonstrate the consent for processing the personal data (Controller)
Transparency of the consent for personal data processing (Controller)
Requirements for the information society services in context of the child (Controller)
Obligations of the controller on context of the child when processing the personal data (Controller)
Prohibition of processing the special categories of personal data (Controller, Processor)
Prohibition of processing the special categories of personal data (Controller, Processor)
Processing of personal data relating to criminal convictions and offences (Controller)
Reasons for derogations of exercising the articles 15 – 20 of the regulation (Controller)
Measures of the controller in terms of providing information to data subjects. (Controller)
Facilitating the data subject rights exercising under the Articles 15 to 22 (Controller)
Providing the information on action taken on a request under Articles 15 to 22 to the data subject (Controller)
Obligations of the controller when the data subject request is unadopted (Controller)
Information provided to the data subject when personal data has been acquired from a data subject (Controller)
Additional information provided to the data subject when personal data has been acquired from a data subject (Controller)
Information provided to the data subject when controller intends to further process the personal data for a purpose other than that for which the personal data were collected (Controller)
Information provided where personal data have not been obtained from the data subject (Controller)
Some additional information provided where personal data have not been obtained from the data subject (Controller)
Principles of providing the information in terms of the Article 14, paragraph 1 and 2 of the regulation (Controller)
Providing the information where the controller intends to further process the personal data for a purpose other than that for which the personal data were obtained (Controller)
Obligation to provide a copy of the personal data undergoing processing (Controller)
Limitation of the negative implications regarding the the right to obtain a copy referred to in paragraph 3 of the regulation (Controller)
Obligations of the controller when the right to be forgotten has been applied (Controller)
Processing of the personal data after the application of the right to restriction of processing (Controller)
Obligation of the controller regarding the processing limitation (Controller)
Information obligation of the controller towards the recipients (Controller)
Limitation of the right to obtain the personal data (Controller)
Limitation of the negative implications in context of the other subjects rights (Controller)
Prohibition of the personal data processing after the Article 21, paragraph 2 application (Controller)
Obligation to inform the data subject in context of the right to object (Controller)
Restriction of the Article 22, paragraph 1 application (Controller)
Proceedings of the controller in case of the Article 22, paragraph 2, points a) – c) application (Controller)
Responsibilities of the controller in personal data processing (Controller)
Implementation of appropriate data protection policies by the controller (Controller)
Implementation of the appropriate technical and organisational measures (Controller)
Processing of the personal data “by default” (Controller)
Personal data processing by the joint controllers (Controller, Joint controllers)
Personal data processing by the joint controllers (Controller, Joint controllers)
Respective roles and relationships of the joint controllers vis-à-vis the data subjects (Controller, Joint controllers)
Respective roles and relationships of the joint controllers vis-à-vis the data subjects (Controller, Joint controllers)
Designation of the representative in the Union (Controller outside the EU, Processor outside the EU)
Designation of the representative in the Union (Controller outside the EU, Processor outside the EU)
Assignation of the place of activity of the controller outside the EU (Controller outside the EU, Representative of the Controllers that are outside the EU)
Assignation of the place of activity of the controller outside the EU (Controller outside the EU, Representative of the Controllers that are outside the EU)
Delegation scope of the controller or processor (Controller, Processor)
Delegation scope of the controller or processor (Controller, Processor)
Guaranties of the processor for implementing the adequate measurements (Controller)
Conditions for engagement of the other processor to data processing (Processor)
Minimal scope of the contract essentials between the Controller and Processor (Controller, Processor)
Minimal scope of the contract essentials between the Controller and Processor (Controller, Processor)
Designation of the identical scope of the responsibilities fot the other processor (Processor)
Contract or other legal document in terms of the Article 28, paragraphs 3 and 4 of the regulation (Controller, Processor)
Contract or other legal document in terms of the Article 28, paragraphs 3 and 4 of the regulation (Controller, Processor)
Consequences of misconducting the purposes and instruments in the process of personal data processing by the processor (Processor)
Obligation of the processor to accept the instructions of the controller (Processor, Subject acting on behalf of the Controller or Processor)
Obligation of the processor to accept the instructions of the controller (Processor, Subject acting on behalf of the Controller or Processor)
Mandatory scope of the records (Controller)
A record of all categories of processing activities carried out on behalf of a controller (Processor)
Format of the records in terms of the Article 30, pragraphs 1 and 2 of the regulation (Controller, Processor)
Format of the records in terms of the Article 30, pragraphs 1 and 2 of the regulation (Controller, Processor)
Making the record available to the supervisory authority on request (Processor or Controller´s representative)
Cooperation with the supervisory authority (Processor or Controller´s representative)
Implementation of the appropriate technical and organisational measures (Controller, Processor)
Implementation of the appropriate technical and organisational measures (Controller, Processor)
Assessing the appropriate level of security account (Controller, Processor)
Assessing the appropriate level of security account (Controller, Processor)
Ensuring the compliance in activities on behalf the Controller or Processor in context of the regulation (Controller, Processor)
Ensuring the compliance in activities on behalf the Controller or Processor in context of the regulation (Controller, Processor)
Period for personal data breach declaration (Controller)
Data breach notification to the controller (Processor)
Minimal content of the personal data breach notification (Controller, Processor)
Minimal content of the personal data breach notification (Controller, Processor)
Documentary measurements in personal data protection breach (Controller)
Notification of the personal data breach to the data subject (Controller)
Form of the personal data breach notification in terms of the Article 34, paragraph 1 of the regulation (Controller)
Type of processing that requires the DPIA – general provision (Controller)
Cooperation between the controller and data protection officer (Controller)
Processing that requires the obligatory DPIA (Controller)
Minimal content of the DPIA (Controller, Processor)
Minimal content of the DPIA (Controller, Processor)
Assessing the impact of the processing operations performed by such controllers or processors (Controller, Processor, Supervisory authority)
Assessing the impact of the processing operations performed by such controllers or processors (Controller, Processor, Supervisory authority)
Views of data subjects or their representatives on the intended processing (Controller)
Situation where the DPIA is necessary (Controller)
Conditions that requires the prior consultations with supervisory authority (Controller)
Information provided to the consulting the supervisory authority pursuant to paragraph 1 (Controller)
Consultations with the supervisory authority in the area of the social policy and public health policy (Controller)
Obligatory designation of the data protection officer (DPO) (Controller, Processor)
Obligatory designation of the data protection officer (DPO) (Controller, Processor)
Basic requirements for the DPO status (Controller)
Publication of the contact details of the data protection officer (Controller, Processor)
Publication of the contact details of the data protection officer (Controller, Processor)
Responsibility of the controller and processor in context of the DPO (Controller, Processor)
Responsibility of the controller and processor in context of the DPO (Controller, Processor)
Supporting the data protection officer in performing the tasks referred to in Article 39 (Controller, Processor)
Supporting the data protection officer in performing the tasks referred to in Article 39 (Controller, Processor)
Organizational status of the DPO (Controller, Processor)
Organizational status of the DPO (Controller, Processor)
Secrecy obligation of the DPO (Data protection officer)
DPO and its other tasks duties (Controller, Processor)
DPO and its other tasks duties (Controller, Processor)
Other tasks of the DPO (Data protection officer)
Mandatory monitoring of compliance (Associations and other bodies representing Controllers or Processors)
Submitting the draft code, amendment or extension to the supervisory authority which is competent pursuant to Article 55 (Associations and other bodies representing Controllers or Processors)
Providing the information and access which are necessary to conduct the certification procedure (Controller, Processor)
Providing the information and access which are necessary to conduct the certification procedure (Controller, Processor)
Basic conditions for the personal data transfer (Controller, Processor)
Basic conditions for the personal data transfer (Controller, Processor)
Documentation of the assessment or suitable safeguards (Controller, Processor)
Documentation of the assessment or suitable safeguards (Controller, Processor)
Obligations of the Controller (or Processor) after the decision has been notified (Controller, Lead supervisory authority, Processor)
Obligations of the Controller (or Processor) after the decision has been notified (Controller, Lead supervisory authority, Processor)
Appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject (Controller, Processor)
Appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject (Controller, Processor)

Indirect obligations

Regulation name
The right to withdraw his or her consent at any time (Controller)
Right of the data subject to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed (Controller)
Right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer (Controller)
Right to rectification (Controller)
Reason for eligibility to exercise the right to be forgotten (Controller)
Restraining the personal data processing (Controller)
Right to data portability (Controller)
Portability of the personal data from one controller to another (Controller)
Right to object (Controller)
Right to object on case of the direct marketing purposes (Controller)
Right to object in context of the personal data processing for the purposes of scientific, historical or statistical reasons (Controller)
Right not to be subject to a decision based solely on automated processing (Controller)
Exercising his or her rights under this Regulation in respect of and against each of the controllers (Controller)
Legal instruments of remedies against the controller or processor (Controller, Processor)
Legal instruments of remedies against the controller or processor (Controller, Processor)
Competency of the supervisory authority in context of the notification obligation of the controller (Controller)
Investigative powers of the supervisory authority (Controller, Processor)
Investigative powers of the supervisory authority (Controller, Processor)
Corrective powers of the supervisory authority (Controller, Processor)
Corrective powers of the supervisory authority (Controller, Processor)
Compensation for the material or non-material damage as a result of an infringement of this Regulation (Controller, Processor)
Compensation for the material or non-material damage as a result of an infringement of this Regulation (Controller, Processor)
Special provisions in context of the responsibility for the damage in terms of the Article 82, paragraph 1 of the regulation (Controller, Processor)
Special provisions in context of the responsibility for the damage in terms of the Article 82, paragraph 1 of the regulation (Controller, Processor)
Joint liability in context of the personal data processing (Controller, Processor)
Joint liability in context of the personal data processing (Controller, Processor)
Compensation for the damage suffered (Controller(s) involved in the same processing, Processor(s) involved in the same processing)
Compensation for the damage suffered (Controller(s) involved in the same processing, Processor(s) involved in the same processing)

Rights

Regulation name
Rights of the controller in context of the inappropriate requests from the data subject (Controller)
Additional information claims from the controller (Controller)
Providing the information in terms of Articles 13 and 14 (Controller)
Obligations fulfillment by the controller (Controller)
Approved certification mechanism pursuant to Article 42 (Controller)
Certification mechanism as referred to in Article 42 of the processor (Processor)
Standard contract clauses between the Controller and Processor (Controller, Processor)
Standard contract clauses between the Controller and Processor (Controller, Processor)
Approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 (Controller, Processor)
Approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 (Controller, Processor)
Appointing the single data protection officer providing that a data protection officer is easily accessible (Group of undertakings)
Facultative designation of the DPO (Associations and other bodies representing Controllers or Processors, Controller, Processor)
Facultative designation of the DPO (Associations and other bodies representing Controllers or Processors, Controller, Processor)
Facultative designation of the DPO (Associations and other bodies representing Controllers or Processors, Controller, Processor)
Appointment of the employee to DPO position (Staff member of the Controller or Processor, Employee)
DPO and its other tasks duties (Data protection officer)
Codes of conduct (Associations and other bodies representing Controllers or Processors)
Implementation of the codes of conduct by subjects, that are outside the scope of this regulation (Controller outside the EU, Processor outside the EU)
Implementation of the codes of conduct by subjects, that are outside the scope of this regulation (Controller outside the EU, Processor outside the EU)
Personal data transfer In the absence of a decision pursuant to Article 45(3) (Controller, Processor)
Personal data transfer In the absence of a decision pursuant to Article 45(3) (Controller, Processor)
Compensation for the damage suffered (Controller who has paid full compensation for the damage, Processor who has paid full compensation for the damage)
Compensation for the damage suffered (Controller who has paid full compensation for the damage, Processor who has paid full compensation for the damage)

Indirect rights

Regulation name
Provisions to the processing of special categories of personal data in terms of the paragraph 2, point h) of the regulation (Controller, Person subjected to an obligation of secrecy under Union or Member State law or rules established by national competent bodies, Professional subject to the obligation of professional secrecy under Union or Member State law)
Exemption from the obligation to maintain, acquire or process additional information in order to identify the data subject (Controller)
Data breach notification to the controller (Controller)
Notification of the additional information in context of the personal data protection (Controller, Processor)
Notification of the additional information in context of the personal data protection (Controller, Processor)
Cooperation between the controller and data protection officer (Data protection officer)
Competency of the supervisory authority in case of specific situations (Controller)
Responsibility of the controller and processor in context of the DPO (Data protection officer)
Supporting the data protection officer in performing the tasks referred to in Article 39 (Data protection officer)
Organizational status of the DPO (Data protection officer)
Encouraging the drawing up of codes of conduct intended to contribute to the proper application of this Regulation (Controller, Processor)
Encouraging the drawing up of codes of conduct intended to contribute to the proper application of this Regulation (Controller, Processor)
Free – of -charge principle of performing the supervisory authority tasks (Data protection officer, Data subject)
Notification obligation of the Lead supervisory authority in case of the submitted appeal (Main establishment or single establishment of the controller or processor)
Notification obligation of the Lead supervisory authority in case of rejection of the submitted appeal (Complainant, Controller)
Lead supervisory authority and other supervisory authorities proceedings in case of the partial rejection of the submitted appeal (Complainant, Controller, Processor)
Lead supervisory authority and other supervisory authorities proceedings in case of the partial rejection of the submitted appeal (Complainant, Controller, Processor)

Sanctions

Regulation name
Provisions concerning the administrative fines – up to 10 000 000,- EUR (Certification subject, Controller, Monitoring subject, Processor)
Provisions concerning the administrative fines – up to 10 000 000,- EUR (Certification subject, Controller, Monitoring subject, Processor)
Provisions concerning the administrative fines – up to 10 000 000,- EUR (Controller, Processor)
Provisions concerning the administrative fines – up to 10 000 000,- EUR (Controller, Processor)
Fines for the non-compliance with an order by the supervisory authority as referred to in Article 58(2) (Controller, Processor)
Fines for the non-compliance with an order by the supervisory authority as referred to in Article 58(2) (Controller, Processor)

Definitions

Regulation name
Application of Directive 2000/31/EC (Providers of the information society services)
Territorial scope for the EU subjects (Controller, Processor)
Territorial scope for the EU subjects (Controller, Processor)
Territorial scope for the non-EU subjects (Controller, Processor)
Territorial scope for the non-EU subjects (Controller, Processor)
Territorial scope for the place under the law of the member state (Controller, Processor)
Territorial scope for the place under the law of the member state (Controller, Processor)
Exclusions from the prohibition of processing the special categories of personal data (Controller)
Limitation of applying the obligations in terms of Article 27, paragraph 1 of the regulation (Controller outside the EU)
Exemption from the obligations in terms of the Article 30, paragraph 1 and 2 of the regulation (Enterprise or an organisation employing fewer than 250 persons)
Exemption from the obligation to notify the data subject (Controller)
Responsibility o the data protection officer (Data protection officer)
Demonstrating the existence of appropriate safeguards provided by controllers or processors (Controller outside the scope of GDPR regulation, Processor outside the scope of GDPR regulation)
Demonstrating the existence of appropriate safeguards provided by controllers or processors (Controller outside the scope of GDPR regulation, Processor outside the scope of GDPR regulation)
Responsibility of the Controller and Processor in process of the certification (Controller, Processor)
Responsibility of the Controller and Processor in process of the certification (Controller, Processor)
Minimal scope of the binding corporate rules referred to in paragraph 1 (Controller, Processor)
Minimal scope of the binding corporate rules referred to in paragraph 1 (Controller, Processor)
Mutual legal assistance between the requesting third country and the Union or a Member State (Controller, Processor)
Mutual legal assistance between the requesting third country and the Union or a Member State (Controller, Processor)
Conditions for personal data transfer in case of appropriate safeguards absence (Controller, Processor)
Conditions for personal data transfer in case of appropriate safeguards absence (Controller, Processor)
Specifications to the personal data transfer in terms of the Article 49, paragraph 1, point g of the regulation (Controller, Processor)
Specifications to the personal data transfer in terms of the Article 49, paragraph 1, point g of the regulation (Controller, Processor)
Derogations from the personal data transfer rules (Controller, Processor)
Derogations from the personal data transfer rules (Controller, Processor)
Circumstances that are excluding the responsibility of the Controller or Processor for the damage (Controller, Processor)
Circumstances that are excluding the responsibility of the Controller or Processor for the damage (Controller, Processor)
Facts and conditions that are influencing the imposition of administrative fines (Controller, Processor, Supervisory authority)
Facts and conditions that are influencing the imposition of administrative fines (Controller, Processor, Supervisory authority)
Special provisions to personal data processing for the purpose of the group of undertakings (Group of enterprises engaged in a joint economic activity, Group of undertakings)
Special provisions to personal data processing for the purpose of the group of undertakings (Group of enterprises engaged in a joint economic activity, Group of undertakings)
Restrictions in the exemptions, noted in the Article 89, paragraph 2 and 3 of the regulation (Controller, Processor)
Restrictions in the exemptions, noted in the Article 89, paragraph 2 and 3 of the regulation (Controller, Processor)