| Principle of lawfulness, fairness and transparency |
| Purpose limitation principle |
| Data minimization principle |
| Principle of accuracy |
| Storage limitation principle |
| Principle of integrity and confidentiality |
| Principle of accountability |
| Consent of the data subject |
| Performance of a contract |
| Compliance with a legal obligation |
| To protect the vital interests of the data subject or of another natural person |
| Performance of a task carried out in the public interest |
| Purposes of the legitimate interests pursued by the controller or by a third party |
| Processing for a purpose other than that for which the personal data have been collected |
| Obligation to demonstrate the consent for processing the personal data |
| Transparency of the consent for personal data processing |
| Requirements for the information society services in context of the child |
| Obligations of the controller on context of the child when processing the personal data |
| Prohibition of processing the special categories of personal data |
| Processing of personal data relating to criminal convictions and offences |
| Reasons for derogations of exercising the articles 15 – 20 of the regulation |
| Measures of the controller in terms of providing information to data subjects. |
| Facilitating the data subject rights exercising under the Articles 15 to 22 |
| Providing the information on action taken on a request under Articles 15 to 22 to the data subject |
| Obligations of the controller when the data subject request is unadopted |
| Information provided to the data subject when personal data has been acquired from a data subject |
| Additional information provided to the data subject when personal data has been acquired from a data subject |
| Information provided to the data subject when controller intends to further process the personal data for a purpose other than that for which the personal data were collected |
| Information provided where personal data have not been obtained from the data subject |
| Some additional information provided where personal data have not been obtained from the data subject |
| Principles of providing the information in terms of the Article 14, paragraph 1 and 2 of the regulation |
| Providing the information where the controller intends to further process the personal data for a purpose other than that for which the personal data were obtained |
| Obligation to provide a copy of the personal data undergoing processing |
| Limitation of the negative implications regarding the the right to obtain a copy referred to in paragraph 3 of the regulation |
| Obligations of the controller when the right to be forgotten has been applied |
| Processing of the personal data after the application of the right to restriction of processing |
| Obligation of the controller regarding the processing limitation |
| Information obligation of the controller towards the recipients |
| Limitation of the right to obtain the personal data |
| Limitation of the negative implications in context of the other subjects rights |
| Prohibition of the personal data processing after the Article 21, paragraph 2 application |
| Obligation to inform the data subject in context of the right to object |
| Restriction of the Article 22, paragraph 1 application |
| Proceedings of the controller in case of the Article 22, paragraph 2, points a) – c) application |
| Responsibilities of the controller in personal data processing |
| Implementation of appropriate data protection policies by the controller |
| Implementation of the appropriate technical and organisational measures |
| Processing of the personal data “by default” |
| Personal data processing by the joint controllers |
| Respective roles and relationships of the joint controllers vis-à-vis the data subjects |
| Delegation scope of the controller or processor |
| Guaranties of the processor for implementing the adequate measurements |
| Minimal scope of the contract essentials between the Controller and Processor |
| Contract or other legal document in terms of the Article 28, paragraphs 3 and 4 of the regulation |
| Mandatory scope of the records |
| Format of the records in terms of the Article 30, pragraphs 1 and 2 of the regulation |
| Implementation of the appropriate technical and organisational measures |
| Assessing the appropriate level of security account |
| Ensuring the compliance in activities on behalf the Controller or Processor in context of the regulation |
| Period for personal data breach declaration |
| Minimal content of the personal data breach notification |
| Documentary measurements in personal data protection breach |
| Notification of the personal data breach to the data subject |
| Form of the personal data breach notification in terms of the Article 34, paragraph 1 of the regulation |
| Type of processing that requires the DPIA – general provision |
| Cooperation between the controller and data protection officer |
| Processing that requires the obligatory DPIA |
| Minimal content of the DPIA |
| Assessing the impact of the processing operations performed by such controllers or processors |
| Views of data subjects or their representatives on the intended processing |
| Situation where the DPIA is necessary |
| Conditions that requires the prior consultations with supervisory authority |
| Information provided to the consulting the supervisory authority pursuant to paragraph 1 |
| Consultations with the supervisory authority in the area of the social policy and public health policy |
| Obligatory designation of the data protection officer (DPO) |
| Basic requirements for the DPO status |
| Publication of the contact details of the data protection officer |
| Responsibility of the controller and processor in context of the DPO |
| Supporting the data protection officer in performing the tasks referred to in Article 39 |
| Organizational status of the DPO |
| DPO and its other tasks duties |
| Providing the information and access which are necessary to conduct the certification procedure |
| Basic conditions for the personal data transfer |
| Documentation of the assessment or suitable safeguards |
| Obligations of the Controller (or Processor) after the decision has been notified |
| Appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject |
