Laws › GDPR
UE 2016/679

General Data Protection Regulation

The foundation of personal data protection in the EU.

Official source : EUR-Lex CELEX:32016R0679 ↗

99articles
48with Luxgap guidance
24havg response time

CHAPTER I — General provisions

Art. 1 Advice
Subject-matter and objectives
Art. 2 Advice
Material scope
Art. 3 Advice
Territorial scope
Art. 4 Advice
Definitions

CHAPTER II — Principles

Art. 5 Advice
Principles relating to processing of personal data
Art. 6 Advice
Lawfulness of processing
Art. 7 Advice
Conditions for consent
Art. 8 Advice
Conditions applicable to child's consent in relation to information society services
Art. 9 Advice
Processing of special categories of personal data
Art. 10 Advice
Processing of personal data relating to criminal convictions and offences
Art. 11 Advice
Processing which does not require identification

CHAPTER III — Rights of the data subject

Art. 12 Advice
Transparent information, communication and modalities for the exercise of the rights of the data subject
Art. 13 Advice
Information to be provided where personal data are collected from the data subject
Art. 14 Advice
Information to be provided where personal data have not been obtained from the data subject
Art. 15 Advice
Right of access by the data subject
Art. 16 Advice
Right to rectification
Art. 17 Advice
Right to erasure (‘right to be forgotten’)
Art. 18 Advice
Right to restriction of processing
Art. 19 Advice
Notification obligation regarding rectification or erasure of personal data or restriction of processing
Art. 20 Advice
Right to data portability
Art. 21 Advice
Right to object
Art. 22 Advice
Automated individual decision-making, including profiling
Art. 23 Advice
Restrictions

CHAPTER IV — Controller and processor

Art. 24 Advice
Responsibility of the controller
Art. 25 Advice
Data protection by design and by default
Art. 26 Advice
Joint controllers
Art. 27 Advice
Representatives of controllers or processors not established in the Union
Art. 28 Advice
Processor
Art. 29 Advice
Processing under the authority of the controller or processor
Art. 30 Advice
Records of processing activities
Art. 31 Advice
Cooperation with the supervisory authority
Art. 32 Advice
Security of processing
Art. 33 Advice
Notification of a personal data breach to the supervisory authority
Art. 34 Advice
Communication of a personal data breach to the data subject
Art. 35 Advice
Data protection impact assessment
Art. 36 Advice
Prior consultation
Art. 37 Advice
Designation of the data protection officer
Art. 38 Advice
Position of the data protection officer
Art. 39 Advice
Tasks of the data protection officer
Art. 40 Advice
Codes of conduct
Art. 41 Advice
Monitoring of approved codes of conduct
Art. 42 Advice
Certification
Art. 43 Advice
Certification bodies

CHAPTER V — Transfers of personal data to third countries or international organisations

Art. 44 Advice
General principle for transfers
Art. 45 Advice
Transfers on the basis of an adequacy decision
Art. 46 Advice
Transfers subject to appropriate safeguards
Art. 47 Advice
Binding corporate rules
Art. 48 Advice
Transfers or disclosures not authorised by Union law
Art. 49
Derogations for specific situations
Art. 50
International cooperation for the protection of personal data

CHAPTER VI — Independent supervisory authorities

Art. 51
Supervisory authority
Art. 52
Independence
Art. 53
General conditions for the members of the supervisory authority
Art. 54
Rules on the establishment of the supervisory authority
Art. 55
Competence
Art. 56
Competence of the lead supervisory authority
Art. 57
Tasks
Art. 58
Powers
Art. 59
Activity reports

CHAPTER VII — Cooperation and consistency

Art. 60
Cooperation between the lead supervisory authority and the other supervisory authorities concerned
Art. 61
Mutual assistance
Art. 62
Joint operations of supervisory authorities
Art. 63
Consistency mechanism
Art. 64
Opinion of the Board
Art. 65
Dispute resolution by the Board
Art. 66
Urgency procedure
Art. 67
Exchange of information
Art. 68
European Data Protection Board
Art. 69
Independence
Art. 70
Tasks of the Board
Art. 71
Reports
Art. 72
Procedure
Art. 73
Chair
Art. 74
Tasks of the Chair
Art. 75
Secretariat
Art. 76
Confidentiality

CHAPTER VIII — Remedies, liability and penalties

Art. 77
Right to lodge a complaint with a supervisory authority
Art. 78
Right to an effective judicial remedy against a supervisory authority
Art. 79
Right to an effective judicial remedy against a controller or processor
Art. 80
Representation of data subjects
Art. 81
Suspension of proceedings
Art. 82
Right to compensation and liability
Art. 83
General conditions for imposing administrative fines
Art. 84
Penalties

CHAPTER IX — Provisions relating to specific processing situations

Art. 85
Processing and freedom of expression and information
Art. 86
Processing and public access to official documents
Art. 87
Processing of the national identification number
Art. 88
Processing in the context of employment
Art. 89
Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
Art. 90
Obligations of secrecy
Art. 91
Existing data protection rules of churches and religious associations

CHAPTER X — Delegated acts and implementing acts

Art. 92
Exercise of the delegation
Art. 93
Committee procedure

CHAPTER XI — Final provisions

Art. 94
Repeal of Directive 95/46/EC
Art. 95
Relationship with Directive 2002/58/EC
Art. 96
Relationship with previously concluded Agreements
Art. 97
Commission reports
Art. 98
Review of other Union legal acts on data protection
Art. 99
Entry into force and application

Need to comply with GDPR?

Our DPO and CISO team supports over 80 Luxembourg organisations. Free diagnosis, quote within 48h.

Request a diagnosis →