General Data Protection Regulation
GDPR
Organizations collect data from their users in order to gain insight into the mindsets of their users. At times, organizations collect more information than necessary and utilize the collected information in an unscrupulous manner. Moreover, some organizations end up losing the collected information due to negligence. EU lawmakers are trying to curb such behavior by requiring organizations to comply with the General Data Protection Regulation or GDPR. Companies that collect data from EU citizens must comply with the GDPR by May 25, 2018. There are enormous consequences for not complying with the GDPR such as fines up to 20MM Euros or 4% of annual revenue whichever is higher. Here you can find the official PDF of the Regulation (EU) 2016/679 (General Data Protection Regulation). All Articles of the GDPR are linked with suitable recitals.
Quick Access
Chapter 1 | – | 1 2 3 4 |
Chapter 2 | – | 5 6 7 8 9 10 11 |
Chapter 3 | – | 12 13 14 15 16 17 18 19 20 21 22 23 |
Chapter 4 | – | 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
Chapter 5 | – | 44 45 46 47 48 49 50 |
Chapter 6 | – | 51 52 53 54 55 56 57 58 59 |
Chapter 7 | – | 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
Chapter 8 | – | 77 78 79 80 81 82 83 84 |
Chapter 9 | – | 85 86 87 88 89 90 91 |
Chapter 10 | – | 92 93 |
Chapter 11 | – | 94 95 96 97 98 99 |
Chapter 1 – General provisions
Article 1 | – | Subject-matter and objectives |
Article 2 | – | Material scope |
Article 3 | – | Territorial scope |
Article 4 | – | Definitions |
Chapter 2 – Principles
Chapter 3 – Rights of the data subject
Section 1 | – | Transparency and modalities |
Article 12 | – | Transparent information, communication and modalities for the exercise of the rights of the data subject |
Section 2 | – | Information and access to personal data |
Article 13 | – | Information to be provided where personal data are collected from the data subject |
Article 14 | – | Information to be provided where personal data have not been obtained from the data subject |
Article 15 | – | Right of access by the data subject |
Section 3 | – | Rectification and erasure |
Article 16 | – | Right to rectification |
Article 17 | – | Right to erasure (‘right to be forgotten’) |
Article 18 | – | Right to restriction of processing |
Article 19 | – | Notification obligation regarding rectification or erasure of personal data or restriction of processing |
Article 20 | – | Right to data portability |
Section 4 | – | Right to object and automated individual decision-making |
Article 21 | – | Right to object |
Article 22 | – | Automated individual decision-making, including profiling |
Section 5 | – | Restrictions |
Article 23 | – | Restrictions |
Chapter 4 – Controller and processor
Chapter 5 – Transfers of personal data to third countries or international organisations
Chapter 6 – Independent supervisory authorities
Chapter 7 – Cooperation and consistency
Chapter 8 – Remedies, liability and penalties
Chapter 9 – Provisions relating to specific processing situations
Chapter 10 – Delegated acts and implementing acts
Article 92 | – | Exercise of the delegation |
Article 93 | – | Committee procedure |