Rina Steenkamp - Privacy and technology

My annotated General Data Protection Regulation



[Subject matter and objectives]

[Material scope]

[Territorial scope]


[Processing of personal data of a child]

[Principles relating to personal data processing]

[Conditions for consent]

[Lawfulness of processing]

[Special categories of data]

[Processing not allowing identification]

[Transparent information and communication]

[Procedures and mechanisms for exercising the rights of the data subject]

[Information to the data subject]

[Right to access and to obtain data for the data subject]

[Right to erasure]

[Right to rectification]

[Right to data portability - Deleted]

[Right to object]



[Responsibility and accountability of the controller]

[Data protection by design and by default]

[Joint controllers]

[Representatives of controllers not established in the Union]


[Security of processing]

[Data breach notifications]

[Data protection impact assessment]

[Prior consultation]

[Data protection compliance review]

[Designation of the data protection officer]

[Codes of conduct]


[General principles for transfers]

[Transfers with an adequacy decision]

[Transfers by way of appropriate safeguards]

[Transfers by way of binding corporate rules]


[Transfers or disclosures not authorised by Union law]

[International co-operation for the protection of personal data]

[Supervisory authority]


[General conditions for the supervisory authority]


[Lead authority]


[Duties and powers]


[Mutual assistence]

[Joint operations of supervisory authorities]

[Consistency mechanism]

[Consistency in matters of general application]

[Consistency in individual cases]

[Opinion by the Commission - Deleted]

[Urgency procedure]


[European Data Protection Board]

[Right to lodge a complaint with a supervisory authority]

[Right to a judicial remedy against a supervisory authority]

[Right to a judicial remedy against a controller or processor]

[Right to compensation and liability]


[Administrative sanctions]

[Processing of personal data and freedom of expression]

[Processing of personal data concerning health]

[Processing of personal data in the employment context and in the social security context]

[Processing for historical, statistical and scientific research purposes]

[Processing of personal data by archive services]

[Processing for historical, statistical and scientific research purposes]

[Obligations of secrecy]

[Existing data protection rules of churches and religious associations]

[Exercise of the delegation]

[Standard forms]

[Repeal of Directive 95/46/EC]

[Relationship and amendment of Directive 2002/58/EC]

[Entry into force and application(?)]

[Respect of fundamental rights]

[Notes; Recitals]