interactive GDPR 2016/0679 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- personal data
- processing
- restriction of processing
- profiling
- pseudonymisation
- filing system
- controller
- processor
- recipient
- third party
- consent
- personal data breach
- genetic data
- biometric data
- data concerning health
- main establishment
- representative
- enterprise
- group of undertakings
- binding corporate rules
- supervisory authority
- supervisory authority concerned
- cross-border processing
- relevant and reasoned objection
- information society service
- international organisation
- rights 5
- processing 4
- public 4
- data 4
- security 4
- categories 4
- measure 3
- obligations 3
- freedoms 3
- restriction 3
- scope 3
- prevention 3
- member state 3
- controller 3
- criminal 2
- prosecution 2
- detection 2
- including 2
- safeguards 2
- investigation 2
- union 2
- judicial 2
- referred 2
- purposes 2
- subjects 2
- particular 2
- general 2
- interest 2
- important 2
- protection 2
- restrictions 2
- provisions 2
- processor 2
- subject 2
- legislative 2
- article 2
- articles 2
- provided 2
- union 1
- relevant 1
- introduced 1
- personal_data 1
- least 1
- which 1
- specific 1
- others 1
- enforcement 1
- and g 1
- points 1
- restrict 1
Article 23
Restrictions
1. Union or Member State law to which the data controller or processor is subject may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34, as well as Article 5 in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:
(a) | national security; |
(b) | defence; |
(c) | public security; |
(d) | the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security; |
(e) | other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation a matters, public health and social security; |
(f) | the protection of judicial independence and judicial proceedings; |
(g) | the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions; |
(h) | a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a) to (e) and (g); |
(i) | the protection of the data subject or the rights and freedoms of others; |
(j) | the enforcement of civil law claims. |
2. In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, as to:
(a) | the purposes of the processing or categories of processing; |
(b) | the categories of personal_data; |
(c) | the scope of the restrictions introduced; |
(d) | the safeguards to prevent abuse or unlawful access or transfer; |
(e) | the specification of the controller or categories of controllers; |
(f) | the storage periods and the applicable safeguards taking into account the nature, scope and purposes of the processing or categories of processing; |
(g) | the risks to the rights and freedoms of data subjects; and |
(h) | the right of data subjects to be informed about the restriction, unless that may be prejudicial to the purpose of the restriction. |
CHAPTER IV
Controller and processor
whereas
dal 2004 diritto e informatica