Chapter IV — Controller and processor
168 articles in the Controller and processor chapter
Article 24Responsibility of the controller
Article 24.1Article 24.1
Article 24.2Article 24.2
Article 24.3Article 24.3
Article 25Data protection by design and by default
Article 25.1Article 25.1
Article 25.2Article 25.2
Article 25.3Article 25.3
Article 26Joint controllers
Article 26.1Article 26.1
Article 26.2Article 26.2
Article 26.3Article 26.3
Article 27Representatives of controllers or processors not established in the Union
Article 27.1Article 27.1
Article 27.2Article 27.2
Article 27.2(a)Article 27.2(a)
Article 27.2(b)Article 27.2(b)
Article 27.3Article 27.3
Article 27.4Article 27.4
Article 27.5Article 27.5
Article 28Processor
Article 28.1Article 28.1
Article 28.2Article 28.2
Article 28.3Article 28.3
Article 28.3(a)Article 28.3(a)
Article 28.3(b)Article 28.3(b)
Article 28.3(c)Article 28.3(c)
Article 28.3(d)Article 28.3(d)
Article 28.3(e)Article 28.3(e)
Article 28.3(f)Article 28.3(f)
Article 28.3(g)Article 28.3(g)
Article 28.3(h)Article 28.3(h)
Article 28.4Article 28.4
Article 28.5Article 28.5
Article 28.6Article 28.6
Article 28.7Article 28.7
Article 28.8Article 28.8
Article 28.9Article 28.9
Article 28.10Article 28.10
Article 29Processing under the authority of the controller or processor
Article 30Records of processing activities
Article 30.1Article 30.1
Article 30.1(a)Article 30.1(a)
Article 30.1(b)Article 30.1(b)
Article 30.1(c)Article 30.1(c)
Article 30.1(d)Article 30.1(d)
Article 30.1(e)Article 30.1(e)
Article 30.1(f)Article 30.1(f)
Article 30.1(g)Article 30.1(g)
Article 30.2Article 30.2
Article 30.2(a)Article 30.2(a)
Article 30.2(b)Article 30.2(b)
Article 30.2(c)Article 30.2(c)
Article 30.2(d)Article 30.2(d)
Article 30.3Article 30.3
Article 30.4Article 30.4
Article 30.5Article 30.5
Article 31Cooperation with the supervisory authority
Article 32Security of processing
Article 32.1Article 32.1
Article 32.1(a)Article 32.1(a)
Article 32.1(b)Article 32.1(b)
Article 32.1(c)Article 32.1(c)
Article 32.1(d)Article 32.1(d)
Article 32.2Article 32.2
Article 32.3Article 32.3
Article 32.4Article 32.4
Article 33Notification of a personal data breach to the supervisory authority
Article 33.1Article 33.1
Article 33.2Article 33.2
Article 33.3Article 33.3
Article 33.3(a)Article 33.3(a)
Article 33.3(b)Article 33.3(b)
Article 33.3(c)Article 33.3(c)
Article 33.3(d)Article 33.3(d)
Article 33.4Article 33.4
Article 33.5Article 33.5
Article 34Communication of a personal data breach to the data subject
Article 34.1Article 34.1
Article 34.2Article 34.2
Article 34.3Article 34.3
Article 34.3(a)Article 34.3(a)
Article 34.3(b)Article 34.3(b)
Article 34.3(c)Article 34.3(c)
Article 34.4Article 34.4
Article 35Data protection impact assessment
Article 35.1Article 35.1
Article 35.2Article 35.2
Article 35.3Article 35.3
Article 35.3(a)Article 35.3(a)
Article 35.3(b)Article 35.3(b)
Article 35.3(c)Article 35.3(c)
Article 35.4Article 35.4
Article 35.5Article 35.5
Article 35.6Article 35.6
Article 35.7Article 35.7
Article 35.7(a)Article 35.7(a)
Article 35.7(b)Article 35.7(b)
Article 35.7(c)Article 35.7(c)
Article 35.7(d)Article 35.7(d)
Article 35.8Article 35.8
Article 35.9Article 35.9
Article 35.10Article 35.10
Article 35.11Article 35.11
Article 36Prior consultation
Article 36.1Article 36.1
Article 36.2Article 36.2
Article 36.3Article 36.3
Article 36.3(a)Article 36.3(a)
Article 36.3(b)Article 36.3(b)
Article 36.3(c)Article 36.3(c)
Article 36.3(d)Article 36.3(d)
Article 36.3(e)Article 36.3(e)
Article 36.3(f)Article 36.3(f)
Article 36.4Article 36.4
Article 36.5Article 36.5
Article 37Designation of the data protection officer
Article 37.1Article 37.1
Article 37.1(a)Article 37.1(a)
Article 37.1(b)Article 37.1(b)
Article 37.1(c)Article 37.1(c)
Article 37.2Article 37.2
Article 37.3Article 37.3
Article 37.4Article 37.4
Article 37.5Article 37.5
Article 37.6Article 37.6
Article 37.7Article 37.7
Article 38Position of the data protection officer
Article 38.1Article 38.1
Article 38.2Article 38.2
Article 38.3Article 38.3
Article 38.4Article 38.4
Article 38.5Article 38.5
Article 38.6Article 38.6
Article 39Tasks of the data protection officer
Article 39.1Article 39.1
Article 39.1(a)Article 39.1(a)
Article 39.1(b)Article 39.1(b)
Article 39.1(c)Article 39.1(c)
Article 39.1(d)Article 39.1(d)
Article 39.1(e)Article 39.1(e)
Article 39.2Article 39.2
Article 40Codes of conduct
Article 40.1Article 40.1
Article 40.2Article 40.2
Article 40.2(a)Article 40.2(a)
Article 40.2(b)Article 40.2(b)
Article 40.2(c)Article 40.2(c)
Article 40.2(d)Article 40.2(d)
Article 40.2(e)Article 40.2(e)
Article 40.2(f)Article 40.2(f)
Article 40.2(g)Article 40.2(g)
Article 40.2(h)Article 40.2(h)
Article 40.2(i)Article 40.2(i)
Article 40.2(j)Article 40.2(j)
Article 40.2(k)Article 40.2(k)
Article 40.3Article 40.3
Article 40.4Article 40.4
Article 40.5Article 40.5
Article 40.6Article 40.6
Article 40.7Article 40.7
Article 40.8Article 40.8
Article 40.9Article 40.9
Article 40.10Article 40.10
Article 40.11Article 40.11
Article 41Article 41
Article 42Article 42
Article 43Article 43