CHAPTER 4

Controller and processor

Section 1 - General obligations

Article 24 - Responsibility of the controller
Article 25 - Data protection by design and by default
Article 26 - Joint controllers
Article 27 - Representatives of controllers or processors not established in the Union
Article 28 - Processor
Article 29 - Processing under the authority of the controller or processor
Article 30 - Records of processing activities
Article 31 - Cooperation with the supervisory authority

Section 2 - Security of personal data

Article 32 - Security of processing
Article 33 - Notification of a personal data breach to the supervisory authority
Article 34 - Communication of a personal data breach to the data subject

Section 3 - Data protection impact assessment and prior consultation

Article 35 - Data protection impact assessment
Article 36 - Prior consultation

Section 4 - Data protection officer

Article 37 - Designation of the data protection officer
Article 38 - Position of the data protection officer
Article 39 - Tasks of the data protection officer

Section 5 - Codes of conduct and certification

Article 40 - Codes of conduct
Article 41 - Monitoring of approved codes of conduct
Article 42 - Certification
Article 43 - Certification bodies