Principle of lawfulness, fairness and transparency |
Purpose limitation principle |
Data minimization principle |
Principle of accuracy |
Storage limitation principle |
Principle of integrity and confidentiality |
Principle of accountability |
Consent of the data subject |
Performance of a contract |
Compliance with a legal obligation |
To protect the vital interests of the data subject or of another natural person |
Performance of a task carried out in the public interest |
Purposes of the legitimate interests pursued by the controller or by a third party |
Processing for a purpose other than that for which the personal data have been collected |
Obligation to demonstrate the consent for processing the personal data |
Transparency of the consent for personal data processing |
Requirements for the information society services in context of the child |
Obligations of the controller on context of the child when processing the personal data |
Prohibition of processing the special categories of personal data |
Processing of personal data relating to criminal convictions and offences |
Reasons for derogations of exercising the articles 15 – 20 of the regulation |
Measures of the controller in terms of providing information to data subjects. |
Facilitating the data subject rights exercising under the Articles 15 to 22 |
Providing the information on action taken on a request under Articles 15 to 22 to the data subject |
Obligations of the controller when the data subject request is unadopted |
Information provided to the data subject when personal data has been acquired from a data subject |
Additional information provided to the data subject when personal data has been acquired from a data subject |
Information provided to the data subject when controller intends to further process the personal data for a purpose other than that for which the personal data were collected |
Information provided where personal data have not been obtained from the data subject |
Some additional information provided where personal data have not been obtained from the data subject |
Principles of providing the information in terms of the Article 14, paragraph 1 and 2 of the regulation |
Providing the information where the controller intends to further process the personal data for a purpose other than that for which the personal data were obtained |
Obligation to provide a copy of the personal data undergoing processing |
Limitation of the negative implications regarding the the right to obtain a copy referred to in paragraph 3 of the regulation |
Obligations of the controller when the right to be forgotten has been applied |
Processing of the personal data after the application of the right to restriction of processing |
Obligation of the controller regarding the processing limitation |
Information obligation of the controller towards the recipients |
Limitation of the right to obtain the personal data |
Limitation of the negative implications in context of the other subjects rights |
Prohibition of the personal data processing after the Article 21, paragraph 2 application |
Obligation to inform the data subject in context of the right to object |
Restriction of the Article 22, paragraph 1 application |
Proceedings of the controller in case of the Article 22, paragraph 2, points a) – c) application |
Responsibilities of the controller in personal data processing |
Implementation of appropriate data protection policies by the controller |
Implementation of the appropriate technical and organisational measures |
Processing of the personal data “by default” |
Personal data processing by the joint controllers |
Respective roles and relationships of the joint controllers vis-à-vis the data subjects |
Delegation scope of the controller or processor |
Guaranties of the processor for implementing the adequate measurements |
Minimal scope of the contract essentials between the Controller and Processor |
Contract or other legal document in terms of the Article 28, paragraphs 3 and 4 of the regulation |
Mandatory scope of the records |
Format of the records in terms of the Article 30, pragraphs 1 and 2 of the regulation |
Implementation of the appropriate technical and organisational measures |
Assessing the appropriate level of security account |
Ensuring the compliance in activities on behalf the Controller or Processor in context of the regulation |
Period for personal data breach declaration |
Minimal content of the personal data breach notification |
Documentary measurements in personal data protection breach |
Notification of the personal data breach to the data subject |
Form of the personal data breach notification in terms of the Article 34, paragraph 1 of the regulation |
Type of processing that requires the DPIA – general provision |
Cooperation between the controller and data protection officer |
Processing that requires the obligatory DPIA |
Minimal content of the DPIA |
Assessing the impact of the processing operations performed by such controllers or processors |
Views of data subjects or their representatives on the intended processing |
Situation where the DPIA is necessary |
Conditions that requires the prior consultations with supervisory authority |
Information provided to the consulting the supervisory authority pursuant to paragraph 1 |
Consultations with the supervisory authority in the area of the social policy and public health policy |
Obligatory designation of the data protection officer (DPO) |
Basic requirements for the DPO status |
Publication of the contact details of the data protection officer |
Responsibility of the controller and processor in context of the DPO |
Supporting the data protection officer in performing the tasks referred to in Article 39 |
Organizational status of the DPO |
DPO and its other tasks duties |
Providing the information and access which are necessary to conduct the certification procedure |
Basic conditions for the personal data transfer |
Documentation of the assessment or suitable safeguards |
Obligations of the Controller (or Processor) after the decision has been notified |
Appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject |