Controller

Obligations

Regulation name
Principle of lawfulness, fairness and transparency
Purpose limitation principle
Data minimization principle
Principle of accuracy
Storage limitation principle
Principle of integrity and confidentiality
Principle of accountability
Consent of the data subject
Performance of a contract
Compliance with a legal obligation
To protect the vital interests of the data subject or of another natural person
Performance of a task carried out in the public interest
Purposes of the legitimate interests pursued by the controller or by a third party
Processing for a purpose other than that for which the personal data have been collected
Obligation to demonstrate the consent for processing the personal data
Transparency of the consent for personal data processing
Requirements for the information society services in context of the child
Obligations of the controller on context of the child when processing the personal data
Prohibition of processing the special categories of personal data
Processing of personal data relating to criminal convictions and offences
Reasons for derogations of exercising the articles 15 – 20 of the regulation
Measures of the controller in terms of providing information to data subjects.
Facilitating the data subject rights exercising under the Articles 15 to 22
Providing the information on action taken on a request under Articles 15 to 22 to the data subject
Obligations of the controller when the data subject request is unadopted
Information provided to the data subject when personal data has been acquired from a data subject
Additional information provided to the data subject when personal data has been acquired from a data subject
Information provided to the data subject when controller intends to further process the personal data for a purpose other than that for which the personal data were collected
Information provided where personal data have not been obtained from the data subject
Some additional information provided where personal data have not been obtained from the data subject
Principles of providing the information in terms of the Article 14, paragraph 1 and 2 of the regulation
Providing the information where the controller intends to further process the personal data for a purpose other than that for which the personal data were obtained
Obligation to provide a copy of the personal data undergoing processing
Limitation of the negative implications regarding the the right to obtain a copy referred to in paragraph 3 of the regulation
Obligations of the controller when the right to be forgotten has been applied
Processing of the personal data after the application of the right to restriction of processing
Obligation of the controller regarding the processing limitation
Information obligation of the controller towards the recipients
Limitation of the right to obtain the personal data
Limitation of the negative implications in context of the other subjects rights
Prohibition of the personal data processing after the Article 21, paragraph 2 application
Obligation to inform the data subject in context of the right to object
Restriction of the Article 22, paragraph 1 application
Proceedings of the controller in case of the Article 22, paragraph 2, points a) – c) application
Responsibilities of the controller in personal data processing
Implementation of appropriate data protection policies by the controller
Implementation of the appropriate technical and organisational measures
Processing of the personal data “by default”
Personal data processing by the joint controllers
Respective roles and relationships of the joint controllers vis-à-vis the data subjects
Delegation scope of the controller or processor
Guaranties of the processor for implementing the adequate measurements
Minimal scope of the contract essentials between the Controller and Processor
Contract or other legal document in terms of the Article 28, paragraphs 3 and 4 of the regulation
Mandatory scope of the records
Format of the records in terms of the Article 30, pragraphs 1 and 2 of the regulation
Implementation of the appropriate technical and organisational measures
Assessing the appropriate level of security account
Ensuring the compliance in activities on behalf the Controller or Processor in context of the regulation
Period for personal data breach declaration
Minimal content of the personal data breach notification
Documentary measurements in personal data protection breach
Notification of the personal data breach to the data subject
Form of the personal data breach notification in terms of the Article 34, paragraph 1 of the regulation
Type of processing that requires the DPIA – general provision
Cooperation between the controller and data protection officer
Processing that requires the obligatory DPIA
Minimal content of the DPIA
Assessing the impact of the processing operations performed by such controllers or processors
Views of data subjects or their representatives on the intended processing
Situation where the DPIA is necessary
Conditions that requires the prior consultations with supervisory authority
Information provided to the consulting the supervisory authority pursuant to paragraph 1
Consultations with the supervisory authority in the area of the social policy and public health policy
Obligatory designation of the data protection officer (DPO)
Basic requirements for the DPO status
Publication of the contact details of the data protection officer
Responsibility of the controller and processor in context of the DPO
Supporting the data protection officer in performing the tasks referred to in Article 39
Organizational status of the DPO
DPO and its other tasks duties
Providing the information and access which are necessary to conduct the certification procedure
Basic conditions for the personal data transfer
Documentation of the assessment or suitable safeguards
Obligations of the Controller (or Processor) after the decision has been notified
Appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject


Indirect obligations

Regulation name
The right to withdraw his or her consent at any time
Right of the data subject to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed
Right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer
Right to rectification
Reason for eligibility to exercise the right to be forgotten
Restraining the personal data processing
Right to data portability
Portability of the personal data from one controller to another
Right to object
Right to object on case of the direct marketing purposes
Right to object in context of the personal data processing for the purposes of scientific, historical or statistical reasons
Right not to be subject to a decision based solely on automated processing
Exercising his or her rights under this Regulation in respect of and against each of the controllers
Legal instruments of remedies against the controller or processor
Competency of the supervisory authority in context of the notification obligation of the controller
Investigative powers of the supervisory authority
Corrective powers of the supervisory authority
Compensation for the material or non-material damage as a result of an infringement of this Regulation
Special provisions in context of the responsibility for the damage in terms of the Article 82, paragraph 1 of the regulation
Joint liability in context of the personal data processing


Rights

Regulation name
Rights of the controller in context of the inappropriate requests from the data subject
Additional information claims from the controller
Providing the information in terms of Articles 13 and 14
Obligations fulfillment by the controller
Approved certification mechanism pursuant to Article 42
Standard contract clauses between the Controller and Processor
Approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42
Facultative designation of the DPO
Personal data transfer In the absence of a decision pursuant to Article 45(3)


Indirect rights

Regulation name
Provisions to the processing of special categories of personal data in terms of the paragraph 2, point h) of the regulation
Exemption from the obligation to maintain, acquire or process additional information in order to identify the data subject
Data breach notification to the controller
Notification of the additional information in context of the personal data protection
Competency of the supervisory authority in case of specific situations
Encouraging the drawing up of codes of conduct intended to contribute to the proper application of this Regulation
Notification obligation of the Lead supervisory authority in case of rejection of the submitted appeal
Lead supervisory authority and other supervisory authorities proceedings in case of the partial rejection of the submitted appeal


Sanctions

Regulation name
Provisions concerning the administrative fines – up to 10 000 000,- EUR
Provisions concerning the administrative fines – up to 10 000 000,- EUR
Fines for the non-compliance with an order by the supervisory authority as referred to in Article 58(2)


Definitions

Regulation name
Territorial scope for the EU subjects
Territorial scope for the non-EU subjects
Territorial scope for the place under the law of the member state
Exclusions from the prohibition of processing the special categories of personal data
Exemption from the obligation to notify the data subject
Responsibility of the Controller and Processor in process of the certification
Minimal scope of the binding corporate rules referred to in paragraph 1
Mutual legal assistance between the requesting third country and the Union or a Member State
Conditions for personal data transfer in case of appropriate safeguards absence
Specifications to the personal data transfer in terms of the Article 49, paragraph 1, point g of the regulation
Derogations from the personal data transfer rules
Circumstances that are excluding the responsibility of the Controller or Processor for the damage
Facts and conditions that are influencing the imposition of administrative fines
Restrictions in the exemptions, noted in the Article 89, paragraph 2 and 3 of the regulation