interactive GDPR 2016/0679 EN

BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf

2016/0679 EN jump to: cercato: 'virtue' . Output generated live by software developed by IusOnDemand srl

index virtue:

1 Article 3 Territorial scope

1 Article 37 Designation of the data protection officer

whereas virtue:

definitions:

cloud tag:

and the number of total unique words without stopwords is: 122

Article 3

Territorial scope

1. This Regulation applies to the processing of personal_data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.

2. This Regulation applies to the processing of personal_data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

(a)	the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

(b)	the monitoring of their behaviour as far as their behaviour takes place within the Union.

3. This Regulation applies to the processing of personal_data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

Article 37

Designation of the data protection officer

1. The controller and the processor shall designate a data protection officer in any case where:

(a)	the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;

(b)	the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or

(c)	the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal_data relating to criminal convictions and offences referred to in Article 10.

2. A group_of_undertakings may appoint a single data protection officer provided that a data protection officer is easily accessible from each establishment.

3. Where the controller or the processor is a public authority or body, a single data protection officer may be designated for several such authorities or bodies, taking account of their organisational structure and size.

4. In cases other than those referred to in paragraph 1, the controller or processor or associations and other bodies representing categories of controllers or processors may or, where required by Union or Member State law shall, designate a data protection officer. The data protection officer may act for such associations and other bodies representing controllers or processors.

5. The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39.

6. The data protection officer may be a staff member of the controller or processor, or fulfil the tasks on the basis of a service contract.

7. The controller or the processor shall publish the contact details of the data protection officer and communicate them to the supervisory_authority.

whereas

(25) Where Member State law applies by virtue of public international law, this Regulation should also apply to a controller not established in the Union, such as in a Member State's diplomatic mission or consular post.

- = -

(37) A group_of_undertakings should cover a controlling undertaking and its controlled undertakings, whereby the controlling undertaking should be the undertaking which can exert a dominant influence over the other undertakings by virtue, for example, of ownership, financial participation or the rules which govern it or the power to have personal_data protection rules implemented.
An undertaking which controls the processing of personal_data in undertakings affiliated to it should be regarded, together with those undertakings, as a group_of_undertakings.

- = -

(89) Directive 95/46/EC provided for a general obligation to notify the processing of personal_data to the supervisory authorities.
While that obligation produces administrative and financial burdens, it did not in all cases contribute to improving the protection of personal_data.
Such indiscriminate general notification obligations should therefore be abolished, and replaced by effective procedures and mechanisms which focus instead on those types of processing operations which are likely to result in a high risk to the rights and freedoms of natural persons by virtue of their nature, scope, context and purposes.
Such types of processing operations may be those which in, particular, involve using new technologies, or are of a new kind and where no data protection impact assessment has been carried out before by the controller, or where they become necessary in the light of the time that has elapsed since the initial processing.

- = -

(154) This Regulation allows the principle of public access to official documents to be taken into account when applying this Regulation.
Public access to official documents may be considered to be in the public interest.
Personal data in documents held by a public authority or a public body should be able to be publicly disclosed by that authority or body if the disclosure is provided for by Union or Member State law to which the public authority or public body is subject.
Such laws should reconcile public access to official documents and the reuse of public sector information with the right to the protection of personal_data and may therefore provide for the necessary reconciliation with the right to the protection of personal_data pursuant to this Regulation.
The reference to public authorities and bodies should in that context include all authorities or other bodies covered by Member State law on public access to documents.
Directive 2003/98/EC of the European Parliament and of the Council (14) leaves intact and in no way affects the level of protection of natural persons with regard to the processing of personal_data under the provisions of Union and Member State law, and in particular does not alter the obligations and rights set out in this Regulation.
In particular, that Directive should not apply to documents to which access is excluded or restricted by virtue of the access regimes on the grounds of protection of personal_data, and parts of documents accessible by virtue of those regimes which contain personal_data the re-use of which has been provided for by law as being incompatible with the law concerning the protection of natural persons with regard to the processing of personal_data.

- = -

dal 2004 diritto e informatica