Chapter 1: General Provisions
Article 1: Subject matter and objectives
Article 2: Material scope
Article 3: Territorial scope
Article 4: Definitions
Chapter 2: Principles
Article 5: Principles relating to personal data processing
Article 6: Lawfulness of processing
Article 7: Conditions for consent
Article 8: Conditions applicable to child's consent in relation to information society services
Article 9: Processing of special categories of personal data
Article 10: Processing of data relating to criminal convictions and offences
Article 11: Processing which does not require identification
Chapter 3: Rights of the Data Subject
Section 1: Transparency and Modalities
Article 12: Transparent information, communication and modalities for the exercise of the rights of the data subject
Section 2: Information and Access to Data
Article 13: Information to be provided where personal data are collected from the data subject
Article 14: Information to be provided where personal data have not been obtained from the data subject
Article 15: Right of access by the data subject
Section 3: Rectification and Erasure
Article 16: Right to rectification
Article 17: Right to erasure ('right to be forgotten')
Article 18: Right to restriction of processing
Article 19: Notification obligation regarding rectification or erasure of personal data or restriction of processing
Article 20: Right to data portability
Section 4: Right to object and automated individual decision making
Article 21: Right to object
Article 22: Automated individual decision-making, including profiling
Section 5: Restrictions
Article 23: Restrictions
Chapter 4: Controller and Processor
Section 1: General Obligations
Article 24: Responsibility of the controller
Article 25: Data protection by design and by default
Article 26: Joint controllers
Article 27: Representatives of controllers not established in the Union
Article 28: Processor
Article 29: Processing under the authority of the controller or processor
Article 30: Records of processing activities
Article 31: Cooperation with the supervisory authority
Section 2: Security of personal data
Article 32: Security of processing
Article 33: Notification of a personal data breach to the supervisory authority
Article 34: Communication of a personal data breach to the data subject
Section 3: Data protection impact assessment and prior consultation
Article 35: Data protection impact assessment
Article 36: Prior Consultation
Section 4: Data protection officer
Article 37: Designation of the data protection officer
Article 38: Position of the data protection officer
Article 39: Tasks of the data protection officer
Section 5: Codes of conduct and certification
Article 40: Codes of Conduct
Article 41: Monitoring of approved codes of conduct
Article 42: Certification
Article 43: Certification Bodies
Chapter 5: Transfer of personal data to third countries of international organizations
Article 44: General Principle for transfer
Article 45: Transfers of the basis of an adequacy decision
Article 46: Transfers subject to appropriate safeguards
Article 47: Binding corporate rules
Article 48: Transfers or disclosures not authorised by union law
Article 49: Derogations for specific situations
Article 50: International cooperation for the protection of personal data
Chapter 6: Independent Supervisory Authorities
Section 1: Independent status
Article 51: Supervisory Authority
Article 52: Independence
Article 53: General conditions for the members of the supervisory authority
Article 54: Rules on the establishment of the supervisory Authority
Section 2: Competence, Tasks, and Powers
Article 55: Competence
Article 56: Competence of the lead supervisory authority
Article 57: Tasks
Article 58: Powers
Article 59: Activity Reports
Chapter 7: Co-operation and Consistency
Section 1: Co-operation
Article 60: Cooperation between the lead supervisory authority and the other supervisory authorities concerned
Article 61: Mutual Assistance
Article 62: Joint operations of supervisory authorities
Section 2: Consistency
Article 63: Consistency mechanism
Article 64: Opinion of the Board
Article 65: Dispute resolution by the Board
Article 66: Urgency Procedure
Article 67: Exchange of information
Section 3: European Data Protection Board
Article 68: European Data Protection Board
Article 69: Independence
Article 70: Tasks of the Board
Article 71: Reports
Article 72: Procedure
Article 73: Chair
Article 74: Tasks of the Chair
Article 75: Secretariat
Article 76: Confidentiality
Chapter 8: Remedies, Liability, and Sanctions
Article 77: Right to lodge a complaint with a supervisory authority
Article 78: Right to an effective judicial remedy against a supervisory authority
Article 79: Right to an effective judicial remedy against a controller or processor
Article 80: Representation of data subjects
Article 81: Suspension of proceedings
Article 82: Right to compensation and liability
Article 83: General conditions for imposing administrative fines
Article 84: Penalties
Chapter 9: Provisions relating to specific data processing situations
Article 85: Processing and freedom of expression and information
Article 86: Processing and public access to offical documents
Article 87: Processing of the national identification number
Article 88: Processing in the context of employment
Article 89: Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
Article 90: Obligations of secrecy
Article 91: Existing data protection rules of churches and religious associations
Chapter 10: Delegated Acts and Implementing Acts
Article 92: Exercise of the delegation
Article 93: Committee procedure
Chapter 11: Final provisions
Article 94: Repeal of Directive 95/46/EC
Article 95: Relationship with Directive 2002/58/EC
Article 96: Relationship with previously concluded Agreements
Article 97: Commission Reports
Article 98: Review of other union legal acts on data protection
Article 99: Entry intro force and application