Rina Steenkamp - Privacy and technology

My annotated General Data Protection Regulation

Chapter IV Controller and processor

Section 1 General obligations

Article 27 Processing under the authority of the controller and processor

October 2013

Article 27

The processor and any person acting under the authority of the controller or of the processor who has access to personal data shall not process them except on instructions from the controller, unless required to do so by Union or Member State law.

[Source: October 2013]

January 2012

Explanatory memorandum

3.4. Detailed explanation of the proposal

Article 27 on the processing under the authority of the controller and processor is based on Article 16 of Directive 95/46/EC.

[Source: January 2012 | Context: Proposal from the European Commission]

Article 27

The processor and any person acting under the authority of the controller or of the processor who has access to personal data shall not process them except on instructions from the controller, unless required to do so by Union or Member State law.

[Source: January 2012 | Context: Proposal from the European Commission]

Directive 95/46/EC

Cross-reference

General Data Protection Regulation:Directive 95/46/EC:
Article 27Article 16

Chapter II General rules on the lawfulness of the processing of personal data

Section VIII Confidentiality and security of processing

Article 16 Confidentiality of processing

Any person acting under the authority of the controller or of the processor, including the processor himself, who has access to personal data must not process them except on instructions from the controller, unless he is required to do so by law.

Menu | My annotated General Data Protection Regulation | Chapter IV | Section 1 | Previous | Next | Additional information | Meta | Contact | Nederlands

All original content on this website © 2005-2014 Rina Steenkamp.