Chapter I – General provisions
Art. 1 – Object and objectives
Art. 2 – Material scope
Art. 3 – Territorial scope
Art. 4 – Definitions
Chapter II – Principles
Art. 5 – Principles related to the processing of personal data
Art. 6 – Legality of processing
Art. 7 – Consent conditions
Art. 8 – Applicable conditions regarding the consent of children in relation to information society services
Art. 9 – Processing of special categories of personal data
Art. 10 – Processing of personal data related to criminal convictions and offences
Art. 11 – Processing that does not require identification
Chapter III – Rights of the data subject
Section 1 – Transparency and modalities
Art. 12 – Transparency of information, communications and ways of exercising the rights of the data subject
Section 2 – Information and access to personal data
Art. 13 – Information to be provided if personal data is collected from the data subject
Art. 14 – Information to be provided if the personal data were not obtained from the data subject
Art. 15 – The data subject's right of access
Section 3 – Rectification and Deletion
Art. 16 – The right to rectification
Art. 17 – The right to delete data (“the right to be forgotten”)
Art. 18 – The right to restrict processing
Art. 19 – Notification obligation regarding rectification or deletion of personal data or restriction of processing
Art. 20 – The right to data portability
Section 4 – Right to object and automated individual decision-making
Art. 21 – The right to opposition
Art. 22 – The automated individual decision-making process, including the creation of profiles
Section 5 – Restrictions
Art. 23 – Restrictions
Chapter IV – The operator and the person authorized by the operator
Section 1 – General Obligations
Art. 24 – Liability of the operator
Art. 25 – Ensuring data protection from the moment of conception and by default
Art. 26 – Associated operators
Art. 27 – Representatives of operators or persons authorized by operators who are not based in the Union
Art. 28 – The person authorized by the operator
Art. 29 – Carrying out the processing activity under the authority of the operator or the person authorized by the operator
Art. 30 – Records of processing activities
Art. 31 – Cooperation with the supervisory authority
Section 2 – Security of Personal Data
Art. 32 – Security of processing
Art. 33 – Notifying the supervisory authority in the event of a breach of personal data security
Art. 34 – Informing the data subject about the breach of personal data security
Section 3 – Data Protection Impact Assessment and Prior Consultation
Art. 35 – Data protection impact assessment
Art. 36 – Prior consultation
Section 4 – Data Protection Officer
Art. 37 – Designation of the data protection officer
Art. 38 – Function of the data protection officer
Art. 39 – Duties of the data protection officer
Section 5 – Codes of Conduct and Certification
Art. 40 – Codes of conduct
Art. 41 – Monitoring of approved codes of conduct
Art. 42 – Certification
Art. 43 – Certification bodies
Chapter V – Transfers of personal data to third countries or international organizations
Art. 44 – The general principle of transfers
Art. 45 – Transfers pursuant to an adequacy decision
Art. 46 – Transfers based on adequate guarantees
Art. 47 – Mandatory corporate rules
Art. 48 – Transfers or disclosures of information not authorized by Union law
Art. 49 – Exemptions for specific situations
Art. 50 – International cooperation in the field of personal data protection
Chapter VI – Independent supervisory authorities
Section 1 – Independent Status
Art. 51 – The supervisory authority
Art. 52 – Independence
Art. 53 – General conditions applicable to members of the supervisory authority
Art. 54 – Norms regarding the establishment of the supervisory authority
Section 2 – Qualifications, duties and competences
Art. 55 – Competence
Art. 56 – Competence of the main supervisory authority
Art. 57 – Duties
Art. 58 – Powers
Art. 59 – Activity reports
Chapter VII – Cooperation and coherence
Section 1 – Cooperation
Art. 60 – Cooperation between the main supervisory authority and the other supervisory authorities concerned
Art. 61 – Mutual assistance
Art. 62 – Joint operations of supervisory authorities
Section 2 – Ensuring Consistency
Art. 63 – Mechanism for ensuring coherence
Art. 64 – The opinion of the committee
Art. 65 – Resolution of disputes by the committee
Art. 66 – Emergency procedure
Art. 67 – Exchange of information
Section 3 – European Data Protection Board
Art. 68 – European Data Protection Board
Art. 69 – Independence
Art. 70 – Tasks of the committee
Art. 71 – Reports
Art. 72 – Procedure
Art. 73 – The President
Art. 74 – Duties of the President
Art. 75 – The Secretariat
Art. 76 – Confidentiality
Chapter VIII – Remedies, Liability and Penalties
Art. 77 – The right to file a complaint with a supervisory authority
Art. 78 – The right to an effective judicial remedy against a supervisory authority
Art. 79 – The right to an effective judicial remedy against an operator or a person authorized by the operator
Art. 80 – Representation of the persons concerned
Art. 81 – Suspension of proceedings
Art. 82 – Right to compensation and liability
Art. 83 – General conditions for the imposition of administrative fines
Art. 84 – Sanctions
Chapter IX – Provisions relating to specific processing situations
Art. 85 – Processing and freedom of expression and information
Art. 86 – Processing and public access to official documents
Art. 87 – Processing of a national identification number
Art. 88 – Processing in the context of employment
Art. 89 – Guarantees and exemptions regarding processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes
Art. 90 – Obligations regarding the preservation of confidentiality
Art. 91 – Existing norms in the field of data protection for churches and religious associations
Chapter X – Delegated and implementing acts
Art. 92 – Exercise of delegation
Art. 93 – Committee procedure
Chapter XI – Final provisions
Art. 94 – Repeal of Directive 95/46/CE
Art. 95 – Relationship with Directive 2002/58/EC
Art. 96 – Relationship with previously concluded agreements
Art. 97 – Commission reports
Art. 98 – Revision of other legal acts of the Union in the field of data protection
Art. 99 – Entry into force and application