interactive GDPR 2016/0679 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- 1 Article 5 Principles relating to processing of personal data
- 1 Article 62 Joint operations of supervisory authorities
- 1 Article 81 Suspension of proceedings
- 1 Article 89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
- personal data
- processing
- restriction of processing
- profiling
- pseudonymisation
- filing system
- controller
- processor
- recipient
- third party
- consent
- personal data breach
- genetic data
- biometric data
- data concerning health
- main establishment
- representative
- enterprise
- group of undertakings
- binding corporate rules
- supervisory authority
- supervisory authority concerned
- cross-border processing
- relevant and reasoned objection
- information society service
- international organisation
- purposes 29
- shall 18
- supervisory_authority 17
- member state 14
- article 11
- subject 10
- member 10
- processing 10
- where 9
- court 9
- processed 9
- accordance 8
- staff 8
- joint 8
- data 8
- personal_data 8
- state 7
- which 7
- rights 7
- referred 7
- such 7
- damage 7
- operations 7
- seconding 7
- proceedings 6
- derogations 6
- another 6
- appropriate 5
- from 5
- measures 5
- necessary 5
- same 5
- manner 5
- interest 5
- scientific 5
- public 5
- safeguards 5
- members 5
- statistical 5
- historical 5
- archiving 5
- research 5
- first 4
- territory 4
- host 4
- permits 4
- paragraph 4
- controller 4
- caused 4
- paragraph 4
Article 5
Principles relating to processing of personal_data
1. Personal data shall be:
| (a) | processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’); |
| (b) | collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’); |
| (c) | adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’); |
| (d) | accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal_data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’); |
| (e) | kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal_data are processed; personal_data may be stored for longer periods insofar as the personal_data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’); |
| (f) | processed in a manner that ensures appropriate security of the personal_data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’). |
2. The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).
Article 62
Joint operations of supervisory authorities
1. The supervisory authorities shall, where appropriate, conduct joint operations including joint investigations and joint enforcement measures in which members or staff of the supervisory authorities of other Member States are involved.
2. Where the controller or processor has establishments in several Member States or where a significant number of data subjects in more than one Member State are likely to be substantially affected by processing operations, a supervisory_authority of each of those Member States shall have the right to participate in joint operations. The supervisory_authority which is competent pursuant to Article 56(1) or (4) shall invite the supervisory_authority of each of those Member States to take part in the joint operations and shall respond without delay to the request of a supervisory_authority to participate.
3. A supervisory_authority may, in accordance with Member State law, and with the seconding supervisory_authority's authorisation, confer powers, including investigative powers on the seconding supervisory_authority's members or staff involved in joint operations or, in so far as the law of the Member State of the host supervisory_authority permits, allow the seconding supervisory_authority's members or staff to exercise their investigative powers in accordance with the law of the Member State of the seconding supervisory_authority. Such investigative powers may be exercised only under the guidance and in the presence of members or staff of the host supervisory_authority. The seconding supervisory_authority's members or staff shall be subject to the Member State law of the host supervisory_authority.
4. Where, in accordance with paragraph 1, staff of a seconding supervisory_authority operate in another Member State, the Member State of the host supervisory_authority shall assume responsibility for their actions, including liability, for any damage caused by them during their operations, in accordance with the law of the Member State in whose territory they are operating.
5. The Member State in whose territory the damage was caused shall make good such damage under the conditions applicable to damage caused by its own staff. The Member State of the seconding supervisory_authority whose staff has caused damage to any person in the territory of another Member State shall reimburse that other Member State in full any sums it has paid to the persons entitled on their behalf.
6. Without prejudice to the exercise of its rights vis-à-vis third parties and with the exception of paragraph 5, each Member State shall refrain, in the case provided for in paragraph 1, from requesting reimbursement from another Member State in relation to damage referred to in paragraph 4.
7. Where a joint operation is intended and a supervisory_authority does not, within one month, comply with the obligation laid down in the second sentence of paragraph 2 of this Article, the other supervisory authorities may adopt a provisional measure on the territory of its Member State in accordance with Article 55. In that case, the urgent need to act under Article 66(1) shall be presumed to be met and require an opinion or an urgent binding decision from the Board pursuant to Article 66(2).
Article 81
Suspension of proceedings
1. Where a competent court of a Member State has information on proceedings, concerning the same subject matter as regards processing by the same controller or processor, that are pending in a court in another Member State, it shall contact that court in the other Member State to confirm the existence of such proceedings.
2. Where proceedings concerning the same subject matter as regards processing of the same controller or processor are pending in a court in another Member State, any competent court other than the court first seized may suspend its proceedings.
3. Where those proceedings are pending at first instance, any court other than the court first seized may also, on the application of one of the parties, decline jurisdiction if the court first seized has jurisdiction over the actions in question and its law permits the consolidation thereof.
Article 89
Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
1. Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject. Those safeguards shall ensure that technical and organisational measures are in place in particular in order to ensure respect for the principle of data minimisation. Those measures may include pseudonymisation provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner.
2. Where personal_data are processed for scientific or historical research purposes or statistical purposes, Union or Member State law may provide for derogations from the rights referred to in Articles 15, 16, 18 and 21 subject to the conditions and safeguards referred to in paragraph 1 of this Article in so far as such rights are likely to render impossible or seriously impair the achievement of the specific purposes, and such derogations are necessary for the fulfilment of those purposes.
3. Where personal_data are processed for archiving purposes in the public interest, Union or Member State law may provide for derogations from the rights referred to in Articles 15, 16, 18, 19, 20 and 21 subject to the conditions and safeguards referred to in paragraph 1 of this Article in so far as such rights are likely to render impossible or seriously impair the achievement of the specific purposes, and such derogations are necessary for the fulfilment of those purposes.
4. Where processing referred to in paragraphs 2 and 3 serves at the same time another purpose, the derogations shall apply only to processing for the purposes referred to in those paragraphs.
whereas
dal 2004 diritto e informatica