Regulation name
Principle of lawfulness, fairness and transparency
Purpose limitation principle
Data minimization principle
Principle of accuracy
Storage limitation principle
Principle of integrity and confidentiality
To protect the vital interests of the data subject or of another natural person
Prohibition of processing the special categories of personal data
Delegation scope of the controller or processor
Conditions for engagement of the other processor to data processing
Minimal scope of the contract essentials between the Controller and Processor
Designation of the identical scope of the responsibilities fot the other processor
Contract or other legal document in terms of the Article 28, paragraphs 3 and 4 of the regulation
Consequences of misconducting the purposes and instruments in the process of personal data processing by the processor
Obligation of the processor to accept the instructions of the controller
A record of all categories of processing activities carried out on behalf of a controller
Format of the records in terms of the Article 30, pragraphs 1 and 2 of the regulation
Implementation of the appropriate technical and organisational measures
Assessing the appropriate level of security account
Ensuring the compliance in activities on behalf the Controller or Processor in context of the regulation
Data breach notification to the controller
Minimal content of the personal data breach notification
Minimal content of the DPIA
Assessing the impact of the processing operations performed by such controllers or processors
Obligatory designation of the data protection officer (DPO)
Publication of the contact details of the data protection officer
Responsibility of the controller and processor in context of the DPO
Supporting the data protection officer in performing the tasks referred to in Article 39
Organizational status of the DPO
DPO and its other tasks duties
Providing the information and access which are necessary to conduct the certification procedure
Basic conditions for the personal data transfer
Documentation of the assessment or suitable safeguards
Obligations of the Controller (or Processor) after the decision has been notified
Appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject

Indirect obligations

Regulation name
Legal instruments of remedies against the controller or processor
Investigative powers of the supervisory authority
Corrective powers of the supervisory authority
Compensation for the material or non-material damage as a result of an infringement of this Regulation
Special provisions in context of the responsibility for the damage in terms of the Article 82, paragraph 1 of the regulation
Joint liability in context of the personal data processing


Regulation name
Certification mechanism as referred to in Article 42 of the processor
Standard contract clauses between the Controller and Processor
Approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42
Facultative designation of the DPO
Personal data transfer In the absence of a decision pursuant to Article 45(3)

Indirect rights

Regulation name
Notification of the additional information in context of the personal data protection
Encouraging the drawing up of codes of conduct intended to contribute to the proper application of this Regulation
Lead supervisory authority and other supervisory authorities proceedings in case of the partial rejection of the submitted appeal


Regulation name
Provisions concerning the administrative fines – up to 10 000 000,- EUR
Provisions concerning the administrative fines – up to 10 000 000,- EUR
Fines for the non-compliance with an order by the supervisory authority as referred to in Article 58(2)


Regulation name
Territorial scope for the EU subjects
Territorial scope for the non-EU subjects
Territorial scope for the place under the law of the member state
Responsibility of the Controller and Processor in process of the certification
Minimal scope of the binding corporate rules referred to in paragraph 1
Mutual legal assistance between the requesting third country and the Union or a Member State
Conditions for personal data transfer in case of appropriate safeguards absence
Specifications to the personal data transfer in terms of the Article 49, paragraph 1, point g of the regulation
Derogations from the personal data transfer rules
Circumstances that are excluding the responsibility of the Controller or Processor for the damage
Facts and conditions that are influencing the imposition of administrative fines
Restrictions in the exemptions, noted in the Article 89, paragraph 2 and 3 of the regulation