table of contents

07

Introduction

09

Part 01: Material and geographical scope

10

Part 02: Basic principles

12

Part 03: Grounds for processing personal data

16

Part 04: Controllers and processors

18

Part 05: Enhanced rights of data subjects

20

Part 06: Data governance rules

23

Part 07: Compliance tools: codes of conduct and certification marks

24

Part 08: Transfers to third countries

25

Part 09: Data breach notification

26

Part 10: Sanctions

lexicon

Article 29 Working Party:

the Article 29 Working Party is an advisory body of representatives from

National Data Protection Authorities of the EU member states.

CBR:

Corporate Binding Rules

DPA:

Data Protection Authority

DPIA:

Data Protection Impact Assessment

DPO:

Data Protection Officer

ePR:

ePrivacy Regulation

GDPR:

General Data Protection Regulation

SCC:

Standard Contract Clause

SSO:

Single Sign-On system (centralised log-in system across several services)