General Data Proctection Regulations

gdpr-info.eu. Here you can find the official PDF of the Regulation (EU) 2016/679 (General Data Protection Regulation) as a neatly arranged website. All Articles of the GDPR are linked with suitable recitals. The European Data Protection Regulation will be applicable as of May 25th, 2018 in all member states to harmonise data privacy laws across Europe. If you find the page useful, feel free to support us by sharing the information. 

Subject-matter and objectives

  1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
  2. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
  3. The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.


    Suitable Recitals

    (1) Data protection as a fundamental right (2) Respect of the fundamental rights and freedoms (3) Directive 95/46/EC harmonisation (4) Data protection in balance with other fundamental rights (5) Cooperation between Member States to exchange personal data (6) Ensuring a high level of data protection despite the increased exchange of data (7) The framework is based on control and certainty (8) Adoption into national law (9) Different standards of protection by the Directive 95/46/EC (10) Harmonised level of data protection despite national scope (11) Harmonisation of the powers and sanctions (12) Authorization of the European Parliament and the Council

    Principles relating to processing of personal data

  1. Personal data shall be:
    1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
    2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
    3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
    4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
    5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
    6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
  2. The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).