Chapter IV Controller and processor (arts. 24-43)

Section 1 General obligations (arts. 24-31)
Applicable
Article 24 Responsibility of the controller
Applicable
Article 25 Data protection by design and by default
Applicable
Article 26 Joint controllers
Applicable
Article 27 Representatives of controllers or processors not established in the Union
Applicable
Article 28 Processor
Applicable
Article 29 Processing under the authority of the controller or processor
Applicable
Article 30 Records of processing activities
Applicable
Article 31 Cooperation with the supervisory authority
Section 2 Security of personal data (arts. 32-34)
Applicable
Article 32 Security of processing
Applicable
Article 33 Notification of a personal data breach to the supervisory authority
Applicable
Article 34 Communication of a personal data breach to the data subject
Section 3 Data protection impact assessment and prior consultation (arts. 35-36)
Applicable
Article 35 Data protection impact assessment
Applicable
Article 36 Prior consultation
Section 4 Data protection officer (arts. 37-39)
Applicable
Article 37 Designation of the data protection officer
Applicable
Article 38 Position of the data protection officer
Applicable
Article 39 Tasks of the data protection officer
Section 5 Codes of conduct and certification (arts. 40-43)
Applicable
Article 40 Codes of conduct
Applicable
Article 41 Monitoring of approved codes of conduct
Applicable
Article 42 Certification
Applicable
Article 43 Certification bodiesĀ