GDPR - Quick Access
| Chapter I | 1 2 3 4 |
| Chapter II | 5 6 7 8 9 10 11 |
| Chapter III | 12 13 14 15 16 17 18 19 20 21 22 23 |
| Chapter IV | 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
| Chapter V | 44 45 46 47 48 49 50 |
| Chapter VI | 51 52 53 54 55 56 57 58 59 |
| Chapter VII | 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
| Chapter VIII | 77 78 79 80 81 82 83 84 |
| Chapter IX | 85 86 87 88 89 90 91 |
| Chapter X | 92 93 |
| Chapter XI | 94 95 96 97 98 99 |
Chapter I
General provisions
| Article 1 | Subject-matter and objectives |
| Article 2 | Material scope |
| Article 3 | Territorial scope |
| Article 4 | Definitions |
Chapter II
Principles
Chapter III
Rights of the data subject
Section 1
Transparency and modalities
| Article 12 | Transparent information, communication and modalities for the exercise of the rights of the data subject |
Section 2
Information and access to personal data
Section 3
Rectification and erasure
| Article 16 | Right to rectification |
| Article 17 | Right to erasure (‘right to be forgotten’) |
| Article 18 | Right to restriction of processing |
| Article 19 | Notification obligation regarding rectification or erasure of personal data or restriction of processing |
| Article 20 | Right to data portability |
Section 4
Right to object and automated individual decision-making
| Article 21 | Right to object |
| Article 22 | Automated individual decision-making, including profiling |
Section 5
Restrictions
| Article 23 | Restrictions |
Chapter IV
Controller and processor
Section 1
General obligations
| Article 24 | Responsibility of the controller |
| Article 25 | Data protection by design and by default |
| Article 26 | Joint controllers |
| Article 27 | Representatives of controllers or processors not established in the Union |
| Article 28 | Processor |
| Article 29 | Processing under the authority of the controller or processor |
| Article 30 | Records of processing activities |
| Article 31 | Cooperation with the supervisory authority |
Section 2
Security of personal data
| Article 32 | Security of processing |
| Article 33 | Notification of a personal data breach to the supervisory authority |
| Article 34 | Communication of a personal data breach to the data subject |
Section 3
Data protection impact assessment and prior consultation
| Article 35 | Data protection impact assessment |
| Article 36 | Prior consultation |
Section 4
Data protection officer
| Article 37 | Designation of the data protection officer |
| Article 38 | Position of the data protection officer |
| Article 39 | Tasks of the data protection officer |
Section 5
Codes of conduct and certification
| Article 40 | Codes of conduct |
| Article 41 | Monitoring of approved codes of conduct |
| Article 42 | Certification |
| Article 43 | Certification bodies |
Chapter V
Transfers of personal data to third countries or international organisations
| Article 44 | General principle for transfers |
| Article 45 | Transfers on the basis of an adequacy decision |
| Article 46 | Transfers subject to appropriate safeguards |
| Article 47 | Binding corporate rules |
| Article 48 | Transfers or disclosures not authorised by Union law |
| Article 49 | Derogations for specific situations |
| Article 50 | International cooperation for the protection of personal data |
Chapter VI
Independent supervisory authorities
Section 1
Independent status
| Article 51 | Supervisory authority |
| Article 52 | Independence |
| Article 53 | General conditions for the members of the supervisory authority |
| Article 54 | Rules on the establishment of the supervisory authority |
Section 2
Competence, tasks and powers
| Article 55 | Competence |
| Article 56 | Competence of the lead supervisory authority |
| Article 57 | Tasks |
| Article 58 | Powers |
| Article 59 | Activity reports |
Chapter VII
Cooperation and consistency
Section 1
Cooperation
| Article 60 | Cooperation between the lead supervisory authority and the other supervisory authorities concerned |
| Article 61 | Mutual assistance |
| Article 62 | Joint operations of supervisory authorities |
Section 2
Consistency
| Article 63 | Consistency mechanism |
| Article 64 | Opinion of the Board |
| Article 65 | Dispute resolution by the Board |
| Article 66 | Urgency procedure |
| Article 67 | Exchange of information |
Section 3
European data protection board
| Article 68 | European Data Protection Board |
| Article 69 | Independence |
| Article 70 | Tasks of the Board |
| Article 71 | Reports |
| Article 72 | Procedure |
| Article 73 | Chair |
| Article 74 | Tasks of the Chair |
| Article 75 | Secretariat |
| Article 76 | Confidentiality |
Chapter VIII
Remedies, liability and penalties
| Article 77 | Right to lodge a complaint with a supervisory authority |
| Article 78 | Right to an effective judicial remedy against a supervisory authority |
| Article 79 | Right to an effective judicial remedy against a controller or processor |
| Article 80 | Representation of data subjects |
| Article 81 | Suspension of proceedings |
| Article 82 | Right to compensation and liability |
| Article 83 | General conditions for imposing administrative fines |
| Article 84 | Penalties |
Chapter IX
Provisions relating to specific processing situations
Chapter X
Delegated acts and implementing acts
| Article 92 | Exercise of the delegation |
| Article 93 | Committee procedure |
Chapter XI
Final provisions
| Article 94 | Repeal of Directive 95/46/EC |
| Article 95 | Relationship with Directive 2002/58/EC |
| Article 96 | Relationship with previously concluded Agreements |
| Article 97 | Commission reports |
| Article 98 | Review of other Union legal acts on data protection |
| Article 99 | Entry into force and application |