Table of Contents
SECTION 3 – RECTIFICATION AND ERASURE 115
Article 16 – Right to rectification 115
Article 17 – Right to erasure (‘right to be forgotten’) 115
Article 18 – Right to restriction of processing 117
Article 19 – Notification obligation regarding rectification or erasure of personal data or restriction of processing 118
Article 20 – Right to data portability 118
SECTION 4 – RIGHT TO OBJECT AND AUTOMATED INDIVIDUAL DECISION-MAKING 119 Article 21 – Right to object 119 Article 22 – Automated individual decision-making, including profiling 120
SECTION 5 – RESTRICTIONS 121 Article 23 – Restrictions 121
CHAPTER IV – CONTROLLER AND PROCESSOR 123
SECTION 1 – GENERAL OBLIGATIONS 123
Article 24 – Responsibility of the controller 123
Article 25 – Data protection by design and by default 124
Article 26 - Joint controllers 125
Article 27 – Representatives of controllers or processors not established in the Union 126
Article 28 - Processor 127 Article 29 – Processing under the authority of the controller or processor 130 Article 30 – Records of processing activities 130 Article 31 – Cooperation with the supervisory authority 132
SECTION 2 – SECURITY OF PERSONAL DATA 133 Article 32 – Security of processing 133 Article 33 – Notification of a personal data breach to the supervisory authority
134 Article 34 – Communication of a personal data breach to the data subject 135
OSP Cyber Academy