CHAPTER 1 (§ 1 - 4)
General provisions
- Article 1 - Subject-matter and objectives
- Article 2 - Material scope
- Article 3 - Territorial scope
- Article 4 - Definitions
CHAPTER 2 (§ 5 - 11)
Principles
- Article 5 - Principles relating to processing of personal data
- Article 6 - Lawfulness of processing
- Article 7 - Conditions for consent
- Article 8 - Conditions applicable to child's consent in relation to information society services
- Article 9 - Processing of special categories of personal data
- Article 10 - Processing of personal data relating to criminal convictions and offences
- Article 11 - Processing which does not require identification
CHAPTER 3 (§ 12 - 23)
Rights of the data subject
Section 1 - Transparency and modalities
- Article 12 - Transparent information, communication and modalities for the exercise of the rights of the data subject
Section 2 - Information and access to personal data
- Article 13 - Information to be provided where personal data are collected from the data subject
- Article 14 - Information to be provided where personal data have not been obtained from the data subject
- Article 15 - Right of access by the data subject
Section 3 - Rectification and erasure
- Article 16 - Right to rectification
- Article 17 - Right to erasure (‘right to be forgotten’)
- Article 18 - Right to restriction of processing
- Article 19 - Notification obligation regarding rectification or erasure of personal data or restriction of processing
- Article 20 - Right to data portability
Section 4 - Right to object and automated individual decision-making
- Article 21 - Right to object
- Article 22 - Automated individual decision-making, including profiling
Section 5 - Restrictions
- Article 23 - Restrictions
CHAPTER 4 (§ 24 - 43)
Controller and processor
Section 1 - General obligations
- Article 24 - Responsibility of the controller
- Article 25 - Data protection by design and by default
- Article 26 - Joint controllers
- Article 27 - Representatives of controllers or processors not established in the Union
- Article 28 - Processor
- Article 29 - Processing under the authority of the controller or processor
- Article 30 - Records of processing activities
- Article 31 - Cooperation with the supervisory authority
Section 2 - Security of personal data
- Article 32 - Security of processing
- Article 33 - Notification of a personal data breach to the supervisory authority
- Article 34 - Communication of a personal data breach to the data subject
Section 3 - Data protection impact assessment and prior consultation
- Article 35 - Data protection impact assessment
- Article 36 - Prior consultation
Section 4 - Data protection officer
- Article 37 - Designation of the data protection officer
- Article 38 - Position of the data protection officer
- Article 39 - Tasks of the data protection officer
Section 5 - Codes of conduct and certification
- Article 40 - Codes of conduct
- Article 41 - Monitoring of approved codes of conduct
- Article 42 - Certification
- Article 43 - Certification bodies
CHAPTER 5 (§ 44 - 50)
Transfers of personal data to third countries or international organisations
- Article 44 - General principle for transfers
- Article 45 - Transfers on the basis of an adequacy decision
- Article 46 - Transfers subject to appropriate safeguards
- Article 47 - Binding corporate rules
- Article 48 - Transfers or disclosures not authorised by Union law
- Article 49 - Derogations for specific situations
- Article 50 - International cooperation for the protection of personal data
CHAPTER 6 (§ 51 - 59)
Independent supervisory authorities
Section 1 - Independent status
- Article 51 - Supervisory authority
- Article 52 - Independence
- Article 53 - General conditions for the members of the supervisory authority
- Article 54 - Rules on the establishment of the supervisory authority
Section 2 - Competence, tasks and powers
- Article 55 - Competence
- Article 56 - Competence of the lead supervisory authority
- Article 57 - Tasks
- Article 58 - Powers
- Article 59 - Activity reports
CHAPTER 7 (§ 60 - 76)
Cooperation and consistency
Section 1 - Cooperation
- Article 60 - Cooperation between the lead supervisory authority and the other supervisory authorities concerned
- Article 61 - Mutual assistance
- Article 62 - Joint operations of supervisory authorities
Section 2 - Consistency
- Article 63 - Consistency mechanism
- Article 64 - Opinion of the Board
- Article 65 - Dispute resolution by the Board
- Article 66 - Urgency procedure
- Article 67 - Exchange of information
Section 3 - European data protection board
- Article 68 - European Data Protection Board
- Article 69 - Independence
- Article 70 - Tasks of the Board
- Article 71 - Reports
- Article 72 - Procedure
- Article 73 - Chair
- Article 74 - Tasks of the Chair
- Article 75 - Secretariat
- Article 76 - Confidentiality
CHAPTER 8 (§ 77 - 84)
Remedies, liability and penalties
- Article 77 - Right to lodge a complaint with a supervisory authority
- Article 78 - Right to an effective judicial remedy against a supervisory authority
- Article 79 - Right to an effective judicial remedy against a controller or processor
- Article 80 - Representation of data subjects
- Article 81 - Suspension of proceedings
- Article 82 - Right to compensation and liability
- Article 83 - General conditions for imposing administrative fines
- Article 84 - Penalties
CHAPTER 9 (§ 85 - 91)
Provisions relating to specific processing situations
- Article 85 - Processing and freedom of expression and information
- Article 86 - Processing and public access to official documents
- Article 87 - Processing of the national identification number
- Article 88 - Processing in the context of employment
- Article 89 - Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
- Article 90 - Obligations of secrecy
- Article 91 - Existing data protection rules of churches and religious associations
CHAPTER 10 (§ 92 - 93)
Delegated acts and implementing acts
- Article 92 - Exercise of the delegation
- Article 93 - Committee procedure
CHAPTER 11 (§ 94 - 99)
Final provisions
- Article 94 - Repeal of Directive 95/46/EC
- Article 95 - Relationship with Directive 2002/58/EC
- Article 96 - Relationship with previously concluded Agreements
- Article 97 - Commission reports
- Article 98 - Review of other Union legal acts on data protection
- Article 99 - Entry into force and application