Skip to main content
Top Button

General Data Protection Regulation (GDPR)


Many organizations all over the world need to comply with the European Union (EU) General Data Protection Regulation (GDPR). The GDPR strengthens and expands the scope of existing European data protection law. Significantly, many organizations physically located outside of Europe must comply with the GDPR if they collect or otherwise process information about individuals in the European Economic Area. Failure to meet the GDPR requirements by May 25, 2018, may trigger steep administrative fines of up to €20 million or 4% of the organization’s global annual revenue, whichever is greater.
 
Ice Miller's Data Security and Privacy Practice assists organizations of all types and sizes—including large corporations, start-up companies, not-for-profits, mobile app developers, and educational institutions—with all aspects of GDPR compliance. As a resource to you, we are providing the full text of the GDPR below. For more information, contact Nick Merker, Stephen Reynolds or another member of the Data Security and Privacy Practice.

 

Chapter 1 (Art. 1 - 4) General Provisions
 

Art. 1 Subject-matter and objectives
 

Art. 2 Material scope
 

Art. 3 Territorial scope
 

Art. 4 Definitions
 


Chapter 2 (Art. 5 - 11) Principles
 

Art. 5 Principles relating to processing of personal data
 

Art. 6 Lawfulness of processing
 

Art. 7 Conditions for consent
 

Art. 8 Conditions applicable to child's consent in relation to information society services
 

Art. 9 Processing of special categories of personal data
 

Art. 10 Processing of personal data relating to criminal convictions and offences
 

Art. 11 Processing which does not require identification
 


Chapter 3 (Art. 12 - 23) Rights of the data subject
 

Art. 12 Transparent information, communication and modalities for the exercise of the rights of the data subject
 

Art. 13 Information to be provided where personal data are collected from the data subject
 

Art. 14 Information to be provided where personal data have not been collected from the data subject
 

Art. 15 Right of access by the data subject
 

Art. 16 Right to rectification
 

Art. 17 Right to erasure ("right to be forgotten")
 

Art. 18 Right to restriction of processing
 

Art. 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing
 

Art. 20 Right to data portability
 

Art. 21 Right to object
 

Art. 22 Automated individual decision-making, including profiling
 

Art. 23 Restrictions
 


Chapter 4 (Art. 24 - 43) Controller and processor
 

Art. 24 Responsibility of the controller
 

Art. 25 Data protection by design and by default
 

Art. 26 Joint controllers
 

Art. 27 Representatives of controllers or processors not established in the Union
 

Art. 28 Processor
 

Art. 29 Processing under the authority of the controller or processor
 

Art. 30 Records of processing activities
 

Art. 31 Cooperation with the supervisory authority
 

Art. 32 Security of processing
 

Art. 33 Notification of a personal data breach to the supervisory authority
 

Art. 34 Communication of a personal data breach to the data subject
 

Art. 35 Data protection impact assessment
 

Art. 36 Prior consultation
 

Art. 37 Designation of the data protection officer
 

Art. 38 Position of the data protection officer
 

Art. 39 Tasks of the data protection officer
 

Art. 40 Codes of conduct
 

Art. 41 Monitoring of approved codes of conduct
 

Art. 42 Certification
 

Art. 43 Certification bodies
 


Chapter 5 (Art. 44 - 50) Transfers of personal data to third countries or internal organisations
 

Art. 44 General principles for transfers
 

Art. 45 Transfers on the basis of an adequacy decision
 

Art. 46 Transfers subject to appropriate safeguards
 

Art. 47 Binding corporate rules
 

Art. 48 Transfers or disclosures not authorised by Union law
 

Art. 49 Derogations for specific situations
 

Art. 50 International cooperation for the protection of personal data
 


Chapter 6 (Art. 51 - 59) Independent supervisory authorities
 

Art. 51 Supervisory authority
 

Art. 52 Independence
 

Art. 53 General conditions for the members of the supervisory authority
 

Art. 54 Rules on the establishment of the supervisory authority
 

Art. 55 Competence
 

Art. 56 Competence of the lead supervisory authority
 

Art. 57 Tasks
 

Art. 58 Powers
 

Art. 59 Activity Reports
 


Chapter 7 (Art. 60 - 76) Cooperation and consistency
 

Art. 60 Cooperation between the lead supervisory authority and the other supervisory authorities concerned
 

Art. 61 Mutual assistance
 

Art. 62 Joint operations of supervisory authorities
 

Art. 63 Consistency mechanism
 

Art. 64 Opinion of the Board
 

Art. 65 Dispute resolution by the Board
 

Art. 66 Urgency procedure
 

Art. 67 Exchange of information
 

Art. 68 European Data Protection Board
 

Art. 69 Independence
 

Art. 70 Tasks of the Board
 

Art. 71 Reports
 

Art. 72 Procedure
 

Art. 73 Chair
 

Art. 74 Tasks of the Chair
 

Art. 75 Secretariat
 

Art. 76 Confidentiality
 


Chapter 8 (Art. 77 - 84) Remedies, liability and penalties
 

Art. 77 Right to lodge a complaint with a supervisory authority
 

Art. 78 Right to an effective judicial remedy against a supervisory authority
 

Art. 79 Right to an effective judicial remedy against a controller or processor
 

Art. 80 Representation of data subjects
 

Art. 81 Suspension of proceedings
 

Art. 82 Right to compensation and liability
 

Art. 83 General conditions for imposing administrative fines
 

Art. 84 Penalties
 


Chapter 9 (Art. 85 - 91) Provisions relating to specific processing situations
 

Art. 85 Processing and freedom of expression and information
 

Art. 86 Processing and public access to official documents
 

Art. 87 Processing of the national identification number
 

Art. 88 Processing in the context of employment
 

Art. 89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
 

Art. 90 Obligations of secrecy
 

Art. 91 Existing data protection rules of churches and religious associations
 


Chapter 10 (Art. 92 - 93) Delegated acts and implementing acts
 

Art. 92 Exercise of the delegation
 

Art. 93 Committee procedure
 


Chapter 11 (Art. 94 - 99) Final provisions
 

Art. 94 Repeal of Directive 95/46/EC
 

Art. 95 Relationship with Directive 2002/58/EC
 

Art. 96 Relationship with previously concluded Agreements
 

Art. 97 Commission reports
 

Art. 98 Review of other Union legal acts on data protection
 

Art. 99 Entry into force and application

 

 

Ice Miller Contacts
 

Nick Merker
Nicholas R. Merker, Partner
nicholas.merker@icemiller.com
Stephen Reynolds
Stephen Reynolds, Partner
stephen.reynolds@icemiller.com
 
 
View Full Site View Mobile Optimized