UK-GDPR_Extra

Created by

Patrick Forrest

Cards (837)

Chapter 1 of the UK General Data Protection Regulation (GDPR) is titled “General Provisions”. It contains the following articles:
Article 1 - Subject-matter and objectives: This article outlines the subject matter and objectives of the GDPR1.
Article 2 - Material scope: This article defines the material scope of the GDPR1.
Article 3 - Territorial scope: This article explains the territorial scope of the GDPR1.
Article 4 - Definitions: This article provides definitions for key terms used in the GDPR1.
Chapter 2 of the UK General Data Protection Regulation (GDPR) 
Titled "Principles"
Article 5 - Principles relating to processing of personal data 
Outlines the principles that must be adhered to when processing personal data
Article 6 - Lawfulness of processing 
Discusses the conditions that must be met for the processing of personal data to be considered lawful
Article 7 - Conditions for consent 
Provides the conditions for consent to the processing of personal data
Article 8 - Conditions applicable to child's consent in relation to information society services 
Outlines the conditions under which a child's consent can be considered valid in relation to information society services
Article 9 - Processing of special categories of personal data 
Discusses the conditions under which special categories of personal data can be processed
Article 10 - Processing of personal data relating to criminal convictions and offences 
Provides the conditions for processing personal data relating to criminal convictions and offences
Article 11 - Processing which does not require identification 
Discusses the conditions under which the processing of personal data can be carried out without the need for identification
Chapter 3 of the UK General Data Protection Regulation (GDPR) 
Rights of the data subject
Sections in Chapter 3 
Section 1 – Transparency and modalities
Section 2 – Information and access to personal data
Section 3 – Rectification and erasure
Section 4 – Right to object and automated individual decision-making
Section 5 – Restrictions
Articles in Section 1 
Article 12 – Transparent information, communication and modalities for the exercise of the rights of the data subject
Articles in Section 2 
Article 13 – Information to be provided where personal data are collected from the data subject
Article 14 – Information to be provided where personal data have not been obtained from the data subject
Article 15 – Right of access by the data subject
Articles in Section 3 
Article 16 – Right to rectification
Article 17 – Right to erasure ('right to be forgotten')
Article 18 – Right to restriction of processing
Article 19 – Notification obligation regarding rectification or erasure of personal data or restriction of processing
Article 20 – Right to data portability
Articles in Section 4 
Article 21 – Right to object
Article 22 – Automated individual decision-making, including profiling
Articles in Section 5
Article 23 – Restrictions
Sections in Chapter 4 of the UK GDPR "Controller and Processor" 
General obligations
Security of personal data
Data protection impact assessment and prior consultation
Data protection officer
Codes of conduct and certification
Articles in Section 1 "General obligations" 
Responsibility of the controller
Data protection by design and by default
Joint controllers
Representatives of controllers or processors not established in the United Kingdom
Processor
Processing under the authority of the controller or processor
Records of processing activities
Cooperation with the Commissioner
Articles in Section 2 "Security of personal data" 
Security of processing
Notification of a personal data breach to the Commissioner
Communication of a personal data breach to the data subject
Articles in Section 3 "Data protection impact assessment and prior consultation" 
Data protection impact assessment
Prior consultation
Articles in Section 4 "Data protection officer" 
Designation of the data protection officer
Position of the data protection officer
Tasks of the data protection officer
Articles in Section 5 "Codes of conduct and certification" 
Codes of conduct
Monitoring of approved codes of conduct
Certification
Certification bodies
Chapter 5 of the UK General Data Protection Regulation (GDPR) 
Transfers of personal data to third countries or international organisations
Article 44 - General principle for transfers 
Outlines the general principle for transferring personal data to third countries or international organisations
Article 45 - Transfers on the basis of an adequacy decision 
Discusses the conditions under which personal data can be transferred on the basis of an adequacy decision
Article 46 - Transfers subject to appropriate safeguards 
Provides the conditions under which personal data can be transferred subject to appropriate safeguards
Article 47 - Binding corporate rules 
Discusses the use of binding corporate rules for transferring personal data
Article 48 - REMOVED
Article 49 - Derogations for specific situations 
Outlines the specific situations where derogations for the transfer of personal data may apply
Article 50 - International cooperation for the protection of personal data 
Discusses the international cooperation for the protection of personal data
Chapter 6 of the UK GDPR is about the Commissioner1. It includes the following sections:
Section 1 – Independent status
Article 51 – Monitoring the application of this Regulation
Article 52 – Independence
Article 53 – REMOVED
Article 54 – REMOVED
Section 2 – Tasks and powers
Article 55 – REMOVED
Article 56 – REMOVED
Article 57- Tasks
Article 58 – Powers
Article 59 – Activity reports1
Chapter 8 of the UK GDPR 
Remedies, Liability and Penalties
Articles in Chapter 8 
Article 77 - Right to lodge a complaint with the Commissioner
Article 78 - Right to an effective judicial remedy against the Commissioner
Article 79 - Right to an effective judicial remedy against a controller or processor
Article 80 - Representation of data subjects
Article 82 - Right to compensation and liability
Article 83 - General conditions for imposing administrative fines
Article 84 - Penalties
Article 81 has been REMOVED from this chapter
Some articles have been removed in this chapter
Chapter 9 of the UK GDPR is titled Provisions relating to specific processing situations1. It includes the following articles:
Article 85 – Processing and freedom of expression and information
Article 86 – Processing and public access to official documents
Article 87 – REMOVED
Article 88 – REMOVED
Article 89 – Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
Article 90 – REMOVED
Article 91 – REMOVED1
Chapter 10 of the UK GDPR is titled Processing of personal data relating to criminal convictions and offences1.  
It states that processing of personal data relating to criminal convictions and offences or related security measures based on Article 6 (1) shall be carried out only under the control of official authority or when the processing is authorised by domestic law providing for appropriate safeguards for the rights and freedoms of data subjects1. Any comprehensive register of criminal convictions shall be kept only under the control of official authority1.
If the organisation that you work for handles personal data, your customers will have those same concerns that your organisation is appropriately securing their data
Regardless of the legal requirement, it is best practice for organisations to follow data protection and privacy policies
Various pieces of legislation prescribe a requirement on organisations to adhere to privacy requirements and protect personal data