CHAPTER 4 - Controller and processor: Articles 24 - 43
- Article 24 - Responsibility of the controller
- Article 25 - Data protection by design and by default
- Article 26 - Joint controllers
- Article 27 - Representatives of controllers or processors not established in the Union
- Article 28 - Processor
- Article 29 - Processing under the authority of the controller or processor
- Article 30 - Records of processing activities
- Article 31 - Cooperation with the supervisory authority
- Article 32 - Security of processing
- Article 33 - Notification of a personal data breach to the supervisory authority
- Article 34 - Communication of a personal data breach to the data subject
- Article 35 - Data protection impact assessment
- Article 36 - Prior consultation
- Article 37 - Designation of the data protection officer
- Article 38 - Position of the data protection officer
- Article 39 -Tasks of the data protection officer
- Article 40 - Codes of conduct
- Article 41 - Monitoring of approved codes of conduct
- Article 42 - Certification
- Article 43 - Certification bodies