Rina Steenkamp - Privacy and technology

My annotated General Data Protection Regulation

Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)

The European Parliament and the Council of the European Union,

[Treaty on the Functioning of the European Union]

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16(2) and Article 114(1) thereof, [More information]

[Proposal from the European Commission]

Having regard to the proposal from the European Commission, [More information]

After transmission of the draft legislative act to the national Parliaments,

Having regard to the opinion of the European Economic and Social Committee,

After consulting the European Data Protection Supervisor,

[Ordinary legislative procedure]

Acting in accordance with the ordinary legislative procedure, [More information]



[...] [More information]

Have adopted this Regulation:

Chapter I General Provisions

[Articles 1-4] [More information]

Chapter II Principles

[Articles 5-10] [More information]

Chapter III Rights of the data subject

Section 1 Transparancy and modalities

[Articles 10a - 13a] [More information]

Section 2 Information and access to data

[Articles 14 - 15] [More information]

Section 3 Rectification and erasure

[Articles 16 - 18] [More information]

Section 4 Right to object and profiling

[Articles 19 - 20] [More information]

Section 5 Restrictions

[Article 21] [More information]

Chapter IV Controller and processor

Section 1 General obligations

[Articles 22 - 29] [More information]

Section 2 Data security

[Articles 30 - 32] [More information]

Section 3 Life cycle data protection management

[Articles 32a - 34] [More information]

Section 4 Data protection officer

[Articles 35 - 37] [More information]

Section 5 Codes of conduct and certification

[Articles 38 - 39] [More information]

Chapter V Transfer of personal data to third countries or international organisations

[Articles 40 - 45a] [More information]

Chapter VI Independent supervisory authorities

Section 1 Independent status

[Articles 46 - 50] [More information]

Section 2 Duties and powers

[Articles 51 - 54] [More information]

Chapter VII Co-operation and consistency

Section 1 Co-operation

[Articles 54a - 56] [More information]

Section 2 Consistency

[Articles 57 - 63] [More information]

Section 3 European Data Protection Board

[Articles 64 - 72] [More information]

Chapter VIII Remedies, liability and sanctions

[Articles 73 - 79] [More information]

Chapter IX Provisions relating to specific data processing situations

[Articles 80 - 85a] [More information]

Chapter X Delegated acts and implementing acts

[Articles 85b - 87] [More information]

Chapter XI Final provisions

[Articles 88 - 91] [More information]

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Annex 1 - Presentation of the particulars referred in Article 13a

[The contents of Annex 1 has been included with Article 13a.] [More information]

[Additional information]

[Directive 95/46/EC]

[Full text of all articles, plus cross-reference with the Regulation.] [More information]


[Sources and additional information.] [More information]


[About my annotated General Data Protection Regulation.] [More information]


Versions of the Regulation

This annotated Regulation contains two versions of the Regulation: the proposal of the European Commission from January 2012, and the amended draft that was voted on by the EU Parliament LIBE Committee in October 2013. The chapter and section names in this annotated Regulation are from the amended draft from October 2013.

Versions of the Regulation

There are two other drafts in existence: one from May 2013 by the Irish presidency, and one from December 2013 by the Lithuanian presidency.

[Source: Ordinary legislative procedure | Context: Ordinary legislative procedure]