interactive GDPR 2016/0679 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- personal data
- processing
- restriction of processing
- profiling
- pseudonymisation
- filing system
- controller
- processor
- recipient
- third party
- consent
- personal data breach
- genetic data
- biometric data
- data concerning health
- main establishment
- representative
- enterprise
- group of undertakings
- binding corporate rules
- supervisory authority
- supervisory authority concerned
- cross-border processing
- relevant and reasoned objection
- information society service
- international organisation
- shall 12
- board 10
- processing 10
- data 10
- protection 10
- supervisory_authority 10
- controller 9
- the 6
- applicable 5
- supervisor 5
- european 5
- secretariat 5
- article 4
- involved 4
- regulation 4
- tasks 4
- consultation 4
- paragraph 3
- preparation 3
- communication 3
- intended 3
- particular 3
- within 3
- public 3
- risk 3
- provided 3
- consult 3
- prior 3
- measure 3
- information 3
- staff 3
- carrying 3
- conferred 3
- provide 3
- between 2
- legislative 2
- adopted 2
- officer 2
- pursuant 2
- means 2
- controllers 2
- purposes 2
- requested 2
- chair 2
- article 2
- such 2
- weeks 2
- under 2
- referred 2
- where 2
Article 36
Prior consultation
1. The controller shall consult the supervisory_authority prior to processing where a data protection impact assessment under Article 35 indicates that the processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk.
2. Where the supervisory_authority is of the opinion that the intended processing referred to in paragraph 1 would infringe this Regulation, in particular where the controller has insufficiently identified or mitigated the risk, the supervisory_authority shall, within period of up to eight weeks of receipt of the request for consultation, provide written advice to the controller and, where applicable to the processor, and may use any of its powers referred to in Article 58. That period may be extended by six weeks, taking into account the complexity of the intended processing. The supervisory_authority shall inform the controller and, where applicable, the processor, of any such extension within one month of receipt of the request for consultation together with the reasons for the delay. Those periods may be suspended until the supervisory_authority has obtained information it has requested for the purposes of the consultation.
3. When consulting the supervisory_authority pursuant to paragraph 1, the controller shall provide the supervisory_authority with:
| (a) | where applicable, the respective responsibilities of the controller, joint controllers and processors involved in the processing, in particular for processing within a group_of_undertakings; |
| (b) | the purposes and means of the intended processing; |
| (c) | the measures and safeguards provided to protect the rights and freedoms of data subjects pursuant to this Regulation; |
| (d) | where applicable, the contact details of the data protection officer; |
| (e) | the data protection impact assessment provided for in Article 35; and |
| (f) | any other information requested by the supervisory_authority. |
4. Member States shall consult the supervisory_authority during the preparation of a proposal for a legislative measure to be adopted by a national parliament, or of a regulatory measure based on such a legislative measure, which relates to processing.
5. Notwithstanding paragraph 1, Member State law may require controllers to consult with, and obtain prior authorisation from, the supervisory_authority in relation to processing by a controller for the performance of a task carried out by the controller in the public interest, including processing in relation to social protection and public health.
Article 75
Secretariat
1. The Board shall have a secretariat, which shall be provided by the European Data Protection Supervisor.
2. The secretariat shall perform its tasks exclusively under the instructions of the Chair of the Board.
3. The staff of the European Data Protection Supervisor involved in carrying out the tasks conferred on the Board by this Regulation shall be subject to separate reporting lines from the staff involved in carrying out tasks conferred on the European Data Protection Supervisor.
4. Where appropriate, the Board and the European Data Protection Supervisor shall establish and publish a Memorandum of Understanding implementing this Article, determining the terms of their cooperation, and applicable to the staff of the European Data Protection Supervisor involved in carrying out the tasks conferred on the Board by this Regulation.
5. The secretariat shall provide analytical, administrative and logistical support to the Board.
6. The secretariat shall be responsible in particular for:
| (a) | the day-to-day business of the Board; |
| (b) | communication between the members of the Board, its Chair and the Commission; |
| (c) | communication with other institutions and the public; |
| (d) | the use of electronic means for the internal and external communication; |
| (e) | the translation of relevant information; |
| (f) | the preparation and follow-up of the meetings of the Board; |
| (g) | the preparation, drafting and publication of opinions, decisions on the settlement of disputes between supervisory authorities and other texts adopted by the Board. |
whereas
dal 2004 diritto e informatica