Data & Privacy
- Data Act
- Data Governance Act
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
Cybersecurity
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
General Data Protection Regulation
- Recitals
CHAPTER I
General provisionsArticles 1 — 4
CHAPTER II
PrinciplesArticles 5 — 11
CHAPTER III
Rights of the data subjectArticles 12 — 23
CHAPTER IV
Controller and processorArticles 24 — 43
CHAPTER V
Transfers of personal data to third countries or international organisationsArticles 44 — 50
CHAPTER VI
Independent supervisory authoritiesArticles 51 — 59
CHAPTER VII
Cooperation and consistencyArticles 60 — 76
CHAPTER VIII
Remedies, liability and penaltiesArticles 77 — 84
CHAPTER IX
Provisions relating to specific processing situationsArticles 85 — 91
CHAPTER X
Delegated acts and implementing actsArticles 92 — 93
CHAPTER XI
Final provisionsArticles 94 — 99
Understanding the General Data Protection Regulation
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
27 April 2016
25 May 2018
- To ensure a consistent and high level of protection of natural persons, in particular, their right to personal data and to remove the obstacles to flows of personal data by ensuring consistent and homogenous application of data protection rules across the European Union (Article 1).
Processing of personal data by natural persons in their professional capacity and public and private legal entities established in the EU
Processing of personal data by public and private entities not established in the EU where such data processing takes place in the context of offering goods or services (paid or for free) to or monitoring the behaviour of the data subjects in the EU
- Securing an appropriate legal basis for data processing, e.g., consent, contract or legitimate interests (Article 6)
Ensuring data subject rights, including access and erasure (Chapter III)
- Implementing appropriate data security measures (Article 32) and breach notification processes (Article 33)
GDPRon StreamLex, what can I find?
Relevant guidance (guidelines, recommendations, etc.) and templates issued by the European Data Protection Board (EDPB) and European Commission
Relevant legislation (decisions, implementing decisions, implementing regulation, etc.) adopted by the European Commission
Relevant registers maintained by the EDPB (e.g., One-stop-shop register) and the European Commission (e.g., a database of the adequacy decisions)
Working Party 29 guidelines endorsed by the EDPB
EDPB responses to the European Commission consultations, responses received to the EDPB consultations, press releases, internal documents, annual reports, leaflets and similar information materials and ad hoc statements that do not constitute guidance
European Commission consultations, press releases, internal documents, annual reports, leaflets and similar information materials and ad hoc statements that do not constitute guidance
Draft versions of the EDPB and European Commission guidance or templates (e.g., issued for the purposes of public consultation) and invalidated guidance and templates (e.g., documents superseded by other guidance)
Historical Working Party 29 guidelines not endorsed by the EDPB (the link to the WP29 historical guidelines database is included in the resources)
Documents issued by the national supervisory authorities
CJEU or national court judgments