ANNEX CORRIGENDUM. (Official Journal of the European Union L 119 of 4 May 2016) On page 14, recital (71), fifth and sixth sentences: for:

Similar documents
9091/17 VH/np 1 DGD 2C

PE-CONS 71/1/15 REV 1 EN

16 March Purpose & Introduction

Privacy International's comments on the Brazil draft law on processing of personal data to protect the personality and dignity of natural persons

The modernised Convention 108: novelties in a nutshell

REGULATION (EC) No 767/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 9 July 2008

GDPR. EU General Data Protection Regulation. ebook Version 1.2

Guidelines On the application of C6 and C7 of Annex 1 of MiFID II

(Non-legislative acts) REGULATIONS

Article 1. Federal Data Protection Act (BDSG)

Guidelines and Recommendations

How to read the analysis?

EDPS Opinion on the proposal for a recast of Brussels IIa Regulation

Free and Fair elections GUIDANCE DOCUMENT. Commission guidance on the application of Union data protection law in the electoral context

5418/16 AV/NT/vm DGD 2

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 11 January /07 Interinstitutional File: 2004/0287 (COD) LIMITE VISA 7 CODEC 32 COMIX 25

Council of the European Union Brussels, 2 December 2015 (OR. en)

6153/1/18 REV 1 VH/np 1 DGD2

Dated Article 1

Data Protection Bill [HL]

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Data Protection Bill [HL]

Decision of the Management Board on EBA Code of Good Administrative Behaviour

Data Protection Bill [HL]

Without prejudice, informal translation, Dutch Gas Act, sections possibly relevant to Gasstorage.

DATA PROTECTION (JERSEY) LAW 2018

Council of the European Union Brussels, 14 January 2019 (OR. en)

COMP Article 1. Article 1 Subject matter and objectives

closer look at Rights & remedies

***I DRAFT REPORT. EN United in diversity EN 2012/0010(COD)

ARTICLE 29 DATA PROTECTION WORKING PARTY

AMENDMENTS EN United in diversity EN. European Parliament Draft report Claude Moraes (PE v02-00)

An Bille um Chosaint Sonraí, 2018 Data Protection Bill 2018

EN Official Journal of the European Union L 289/15

EUROPEAN PARLIAMENT. Session document

General Data Protection Regulation

Intergovernmental Committee on Intellectual Property and Genetic Resources, Traditional Knowledge and Folklore

Council of the European Union Brussels, 24 October 2017 (OR. en)

Annex - Summary of GDPR derogations in the Data Protection Bill

DIRECTIVES. (Text with EEA relevance) Having regard to the Treaty on the Functioning of the European Union, and in particular Article 192(1) thereof,

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

ACTS ADOPTED UNDER TITLE VI OF THE EU TREATY

An Bille um Chosaint Sonraí, 2018 Data Protection Bill 2018

EUROPEAN PARLIAMENT Committee on the Internal Market and Consumer Protection

ARTICLE 29 DATA PROTECTION WORKING PARTY

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 20 December /06 Interinstitutional File: 2004/0287 (COD) LIMITE

ARTICLE 29 DATA PROTECTION WORKING PARTY

L 346/42 Official Journal of the European Union

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Official Journal of the European Union L 94/375

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

STATUTORY INSTRUMENTS. S.I. No. 333 of 2011 EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES) (FRAMEWORK) REGULATIONS 2011

Official Journal of the European Union. (Legislative acts) DIRECTIVES

DGE 1 EUROPEAN UNION. Brussels, 27 April 2018 (OR. en) 2015/0272 (COD) PE-CONS 9/18 ENV 126 ENT 32 MI 109 CODEC 250

ARTICLE 29 Data Protection Working Party

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE / /EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Committee on Legal Affairs Committee on Civil Liberties, Justice and Home Affairs

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April on the protection of natural persons

REGULATION (EU) No 649/2012 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 4 July 2012 concerning the export and import of hazardous chemicals

The EPO follows the EU s Directive on biotechnology patents

Act No. 502 of 23 May 2018

Official Journal of the European Union. (Non-legislative acts) REGULATIONS

THE COURT (Grand Chamber),

Having regard to the opinion of the European Economic and Social Committee ( 1 ),

2018 No. xxxx EXITING THE EUROPEAN UNION CIVIL PROCEEDINGS EVIDENCE FAMILY PROCEEDINGS. The Service of Documents and Taking of Evidence in Civil and

BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures

Information about the Processing of Personal Data (Article 13, 14 GDPR)

Direction made by the PRA under Part 7 of the Financial Services and Markets Act 2000 (Amendment) (EU Exit) Regulations 2019

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

SWEDEN PATENTS ACT No.837 of 1967 in the version in force from July 1, 2014

SKILLSTAR 2018 NONPROFIT KFT. DATA PROTECTION POLICY

COMMUNICATION FROM THE COMMISSION. On the global approach to transfers of Passenger Name Record (PNR) data to third countries

(Text with EEA relevance) (2010/C 122 E/03)

Council conclusions on an EU Framework for National Roma 1 Integration 2 Strategies up to 2020

EUROPEAN GENERAL DATA PROTECTION REGULATION CONSEQUENCES FOR DATA-DRIVEN MARKETING

A8-0013/35/rev. Amendment 35/rev Adina-Ioana Vălean on behalf of the Committee on the Environment, Public Health and Food Safety

PROVISIONAL AGREEMENT RESULTING FROM INTERINSTITUTIONAL NEGOTIATIONS

Resolution adopted by the General Assembly. [on the report of the Third Committee (A/65/456/Add.2 (Part II))]

Statewatch briefing on the European Evidence Warrant to the European Parliament

Universal Declaration on Bioethics and Human Rights *

Data Protection Bill [HL]

STATUTORY INSTRUMENTS. S.I. No. 268 of 2013 EUROPEAN UNION (GENETICALLY MODIFIED FOODSTUFFS) REGULATIONS 2013

Exhibit MC - Standard Contractual Clauses (processors)

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

SOUTH AFRICAN POSTBANK LIMITED AMENDMENT BILL

Law Enforcement processing (Part 3 of the DPA 2018)

Adequacy Referential (updated)

DATA PROTECTION (JERSEY) LAW 2005

1. The Commission proposed on 25 January 2012 a comprehensive data protection package comprising of:

DIRECTIVE 2014/57/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 16 April 2014 on criminal sanctions for market abuse (market abuse directive)

CONSULTATIVE COUNCIL OF EUROPEAN JUDGES (CCJE) Opinion of the CCJE Bureau

ANNEXES. to the. Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. on the European Union trade mark (codification)

Vademecum on European Standardisation

10168/13 KR/tt 1 DG D 2B

ECB-PUBLIC. Recommendation for a

AMENDMENTS EN United in diversity EN. European Parliament Draft report Claude Moraes (PE v01-00)

DECISION OF THE EEA JOINT COMMITTEE. No 199/2016. of 30 September amending Annex IX (Financial services) to the EEA Agreement [2017/276]

CODE OF CONDUCT. for joint return operations coordinated by frontex

The European Union General Data Protection Regulation (GDPR) Barmak Nassirian, Federal Director Thursday, February 22, 2018

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Transcription:

ANNEX CORRIGENDUM to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the European Union L 119 of 4 May 2016) On page 14, recital (71), fifth and sixth sentences: "(71) Such measure should not concern a child. In order to ensure fair and transparent processing in respect of the data subject, taking into account the specific circumstances and context in which the personal data are processed, the controller should use appropriate mathematical or statistical procedures for the profiling, implement technical and organisational measures appropriate to ensure, in particular, that factors which result in inaccuracies in personal data are corrected and the risk of errors is minimised, secure personal data in a manner that takes account of the potential risks involved for the interests and rights of the data subject and that prevents, inter alia, discriminatory effects on natural persons on the basis of racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic or health status or sexual orientation, or that result in measures having such an effect.", 8088/18 90

"(71) Such measure should not concern a child. In order to ensure fair and transparent processing in respect of the data subject, taking into account the specific circumstances and context in which the personal data are processed, the controller should use appropriate mathematical or statistical procedures for the profiling, implement technical and organisational measures appropriate to ensure, in particular, that factors which result in inaccuracies in personal data are corrected and the risk of errors is minimised, secure personal data in a manner that takes account of the potential risks involved for the interests and rights of the data subject, and prevent, inter alia, discriminatory effects on natural persons on the basis of racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic or health status or sexual orientation, or processing that results in measures having such an effect.". On page 55, point (c) of Article 37(1): "(c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.", "(c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 or personal data relating to criminal convictions and offences referred to in Article 10.". 8088/18 91

On page 58, Article 41(3): "3. The competent supervisory authority shall submit the draft criteria for accreditation of a body as referred to in paragraph 1 of this Article to the Board pursuant to the consistency mechanism referred to in Article 63.", "3. The competent supervisory authority shall submit the draft requirements for accreditation of a body as referred to in paragraph 1 of this Article to the Board pursuant to the consistency mechanism referred to in Article 63.". On page 58, Article 41(5): "5. The competent supervisory authority shall revoke the accreditation of a body as referred to in paragraph 1 if the conditions for accreditation are not, or are no longer, met or where actions taken by the body infringe this Regulation.", "5. The competent supervisory authority shall revoke the accreditation of a body as referred to in paragraph 1 if the requirements for accreditation are not, or are no longer, met or where actions taken by the body infringe this Regulation.". 8088/18 92

On page 59, Article 42(7): "7. Certification shall be issued to a controller or processor for a maximum period of three years and may be renewed, under the same conditions, provided that the relevant requirements continue to be met. Certification shall be withdrawn, as applicable, by the certification bodies referred to in Article 43 or by the competent supervisory authority where the requirements for the certification are not or are no longer met.", "7. Certification shall be issued to a controller or processor for a maximum period of three years and may be renewed, under the same conditions, provided that the relevant criteria continue to be met. Certification shall be withdrawn, as applicable, by the certification bodies referred to in Article 43 or by the competent supervisory authority where the criteria for the certification are not or are no longer met.". On page 60, Article 43(3), first sentence: "3. The accreditation of certification bodies as referred to in paragraphs 1 and 2 of this Article shall take place on the basis of criteria approved by the supervisory authority which is competent pursuant to Article 55 or 56 or by the Board pursuant to Article 63. ", "3. The accreditation of certification bodies as referred to in paragraphs 1 and 2 of this Article shall take place on the basis of requirements approved by the supervisory authority which is competent pursuant to Article 55 or 56 or by the Board pursuant to Article 63. ". 8088/18 93

On page 60, Article 43(6): "6. The requirements referred to in paragraph 3 of this Article and the criteria referred to in Article 42(5) shall be made public by the supervisory authority in an easily accessible form. The supervisory authorities shall also transmit those requirements and criteria to the Board. The Board shall collate all certification mechanisms and data protection seals in a register and shall make them publicly available by any appropriate means.", "6. The requirements referred to in paragraph 3 of this Article and the criteria referred to in Article 42(5) shall be made public by the supervisory authority in an easily accessible form. The supervisory authorities shall also transmit those requirements and criteria to the Board.". On page 69, point (p) of Article 57(1): "(p) draft and publish the criteria for accreditation of a body for monitoring codes of conduct pursuant to Article 41 and of a certification body pursuant to Article 43;", "(p) draft and publish the requirements for accreditation of a body for monitoring codes of conduct pursuant to Article 41 and of a certification body pursuant to Article 43;". 8088/18 94

On page 74, point (c) of Article 64(1): "(c) aims to approve the criteria for accreditation of a body pursuant to Article 41(3) or a certification body pursuant to Article 43(3);", "(c) aims to approve the requirements for accreditation of a body pursuant to Article 41(3), of a certification body pursuant to Article 43(3) or the criteria for certification referred to in Article 42(5);". On page 74, Article 64(6), (7) and (8): "6. The competent supervisory authority shall not adopt its draft decision referred to in paragraph 1 within the period referred to in paragraph 3. 7. The supervisory authority referred to in paragraph 1 shall take utmost account of the opinion of the Board and shall, within two weeks after receiving the opinion, communicate to the Chair of the Board by electronic means whether it will maintain or amend its draft decision and, if any, the amended draft decision, using a standardised format. 8. Where the supervisory authority concerned informs the Chair of the Board within the period referred to in paragraph 7 of this Article that it does not intend to follow the opinion of the Board, in whole or in part, providing the relevant grounds, Article 65(1) shall apply.", 8088/18 95

"6. The competent supervisory authority referred to in paragraph 1 shall not adopt its draft decision referred to in paragraph 1 within the period referred to in paragraph 3. 7. The competent supervisory authority referred to in paragraph 1 shall take utmost account of the opinion of the Board and shall, within two weeks after receiving the opinion, communicate to the Chair of the Board by electronic means whether it will maintain or amend its draft decision and, if any, the amended draft decision, using a standardised format. 8. Where the competent supervisory authority referred to in paragraph 1 informs the Chair of the Board within the period referred to in paragraph 7 of this Article that it does not intend to follow the opinion of the Board, in whole or in part, providing the relevant grounds, Article 65(1) shall apply.". On page 74, point (a) of Article 65(1): "(a) where, in a case referred to in Article 60(4), a supervisory authority concerned has raised a relevant and reasoned objection to a draft decision of the lead authority or the lead authority has rejected such an objection as being not relevant or reasoned. ;", "(a) where, in a case referred to in Article 60(4), a supervisory authority concerned has raised a relevant and reasoned objection to a draft decision of the lead supervisory authority and the lead supervisory authority has not followed the objection or has rejected such an objection as being not relevant or reasoned. ;". 8088/18 96

On page 76, Article 69(2): "2. Without prejudice to requests by the Commission referred to in point (b) of Article 70(1) and in Article 70(2), the Board shall, in the performance of its tasks or the exercise of its powers, neither seek nor take instructions from anybody.", "2. Without prejudice to requests by the Commission referred to in Article 70(1) and (2), the Board shall, in the performance of its tasks or the exercise of its powers, neither seek nor take instructions from anybody.". On page 77, point (l) of Article 70(1): "(l) review the practical application of the guidelines, recommendations and best practices referred to in points (e) and (f);", "(l) review the practical application of the guidelines, recommendations and best practices;". 8088/18 97

On page 77, point (o) of Article 70(1): "(o) carry out the accreditation of certification bodies and its periodic review pursuant to Article 43 and maintain a public register of accredited bodies pursuant to Article 43(6) and of the accredited controllers or processors established in third countries pursuant to Article 42(7);", "(o) approve the criteria of certification pursuant to Article 42(5) and maintain a public register of certification mechanisms and data protection seals and marks pursuant to Article 42(8) and of the certified controllers or processors established in third countries pursuant to Article 42(7);". On page 77, point (p) of Article 70(1): "(p) specify the requirements referred to in Article 43(3) with a view to the accreditation of certification bodies under Article 42;", "(p) approve the requirements referred to in Article 43(3) with a view to the accreditation of certification bodies referred to in Article 43;". 8088/18 98

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback