interactive GDPR 2016/0679 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- personal data
- processing
- restriction of processing
- profiling
- pseudonymisation
- filing system
- controller
- processor
- recipient
- third party
- consent
- personal data breach
- genetic data
- biometric data
- data concerning health
- main establishment
- representative
- enterprise
- group of undertakings
- binding corporate rules
- supervisory authority
- supervisory authority concerned
- cross-border processing
- relevant and reasoned objection
- information society service
- international organisation
- controller 4
- measures 3
- referred 3
- processing 3
- shall 3
- appropriate 2
- approved 2
- article 2
- demonstrate 2
- implementation 1
- include 1
- data 1
- protection 1
- policies 1
- paragraph 1
- into 1
- where 1
- proportionate 1
- relation 1
- activities 1
- adherence 1
- taking 1
- element 1
- which 1
- compliance 1
- obligations 1
- used 1
- mechanisms 1
- codes 1
- conduct 1
- responsibility 1
- certification 1
- necessary 1
- updated 1
- freedoms 1
- rights 1
- natural 1
- persons 1
- scope 1
- severity 1
- likelihood 1
- context 1
- well 1
- risks 1
- varying 1
- implement 1
- nature 1
- performed 1
- accordance 1
- regulation 1
Article 24
Responsibility of the controller
1. Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary.
2. Where proportionate in relation to processing activities, the measures referred to in paragraph 1 shall include the implementation of appropriate data protection policies by the controller.
3. Adherence to approved codes of conduct as referred to in Article 40 or approved certification mechanisms as referred to in Article 42 may be used as an element by which to demonstrate compliance with the obligations of the controller.
whereas
dal 2004 diritto e informatica