icon-grid
Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such dataRecitalsChapter I General Provisions (arts. 1-3)Article 1 Object of the RegulationArticle 2 DefinitionsArticle 3 ScopeChapter II General rules on the lawfulness of the processing of personal data (arts. 4-31)Section 1 Principles relating to data quality (art. 4)Article 4 Data qualitySection 2 Criteria for making data processing legitimate (arts. 5-9)Article 5 Lawfulness of processingArticle 6 Change of purposeArticle 7 Transfer of personal data within or between Community institutions or bodiesArticle 8 Transfer of personal data to recipients, other than Community institutions and bodies, subject to Directive 95/46/ECArticle 9 Transfer of personal data to recipients, other than Community institutions and bodies, which are not subject to Directive 95/46/ECSection 3 Special categories of processing (art. 10)Article 10 The processing of special categories of dataSection 4 Information to be given to the data subject (arts. 11-12)Article 11 Information to be supplied where the data have been obtained from the data subjectArticle 12 Information to be supplied where the data have not been obtained from the data subjectSection 5 Rights of the data subject (arts. 13-19)Article 13 Right of accessArticle 14 RectificationArticle 15 BlockingArticle 16 ErasureArticle 17 Notification to third partiesArticle 18 The data subject's right to objectArticle 19 Automated individual decisionsSection 6 Exemptions and restrictions (art. 20)Article 20 Exemptions and restrictionsSection 7 Confidentiality and security of processing (arts. 21-23)Article 21 Confidentiality of processingArticle 22 Security of processingArticle 23 Processing of personal data on behalf of controllersSection 8 Data Protection Officer (arts. 24-26)Article 24 Appointment and tasks of the Data Protection OfficerArticle 25 Notification to the Data Protection OfficerArticle 26 RegisterSection 9 Prior checking by the European Data Protection Supervisor and obligation to cooperate (arts. 27-31)Article 27 Prior checkingArticle 28 ConsultationArticle 29 Obligation to provide informationArticle 30 Obligation to cooperateArticle 31 Obligation to react to allegationsChapter III Remedies (arts. 32-33)Article 32 RemediesArticle 33 Complaints by Community staffChapter IV Protection of personal data and privacy in the context of internal telecommunications networks (arts. 34-40)Article 34 ScopeArticle 35 SecurityArticle 36 Confidentiality of communicationsArticle 37 Traffic and billing dataArticle 38 Directories of usersArticle 39 Presentation and restriction of calling and connected line identificationArticle 40 DerogationsChapter V Independent supervisory authority: the European Data Protection Supervisor (arts. 41-48)Article 41 European Data Protection SupervisorArticle 42 AppointmentArticle 43 Regulations and general conditions governing the performance of the European Data Protection Supervisor's duties, staff and financial resourcesArticle 44 IndependenceArticle 45 Professional secrecyArticle 46 DutiesArticle 47 PowersArticle 48 Activities reportChapter VI Final provisions (arts. 49-51)Article 49 SanctionsArticle 50 Transitional periodArticle 51 Entry into forceAnnexDone at
Document Overview
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Coming soon: Any documents - Any document vs Another document at any date
Print / Export options
Current page
Whole document
Selected pages
Consolidated PDF of the entire document as of 26th December 2024
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This page
This document
Manage bookmarks
Search within this document
View previous searches
Share
Get page link
Share via email application
PreviousNext

Chapter II General rules on the lawfulness of the processing of personal data (arts. 4-31)

Section 1 Principles relating to data quality (art. 4)
Article 4 Data quality
Section 2 Criteria for making data processing legitimate (arts. 5-9)
Article 5 Lawfulness of processing
Article 6 Change of purpose
Article 7 Transfer of personal data within or between Community institutions or bodies
Article 8 Transfer of personal data to recipients, other than Community institutions and bodies, subject to Directive 95/46/EC
Article 9 Transfer of personal data to recipients, other than Community institutions and bodies, which are not subject to Directive 95/46/EC
Section 3 Special categories of processing (art. 10)
Article 10 The processing of special categories of data
Section 4 Information to be given to the data subject (arts. 11-12)
Article 11 Information to be supplied where the data have been obtained from the data subject
Article 12 Information to be supplied where the data have not been obtained from the data subject
Section 5 Rights of the data subject (arts. 13-19)
Article 13 Right of access
Article 14 Rectification
Article 15 Blocking
Article 16 Erasure
Article 17 Notification to third parties
Article 18 The data subject's right to object
Article 19 Automated individual decisions
Section 6 Exemptions and restrictions (art. 20)
Article 20 Exemptions and restrictions
Section 7 Confidentiality and security of processing (arts. 21-23)
Article 21 Confidentiality of processing
Article 22 Security of processing
Article 23 Processing of personal data on behalf of controllers
Section 8 Data Protection Officer (arts. 24-26)
Article 24 Appointment and tasks of the Data Protection Officer
Article 25 Notification to the Data Protection Officer
Article 26 Register
Section 9 Prior checking by the European Data Protection Supervisor and obligation to cooperate (arts. 27-31)
Article 27 Prior checking
Article 28 Consultation
Article 29 Obligation to provide information
Article 30 Obligation to cooperate
Article 31 Obligation to react to allegations
PreviousNext