| ๐ผ Art. 24 Responsibility of the controller | | | | |
| ๐ผ Art. 25 Data protection by design and by default | | 10 | 10 | |
| ๐ผ Art. 26 Joint controllers | | | | |
| ๐ผ Art. 27 Representatives of controllers or processors not established in the Union | | | | |
| ๐ผ Art. 28 Processor | | | | |
| ๐ผ Art. 29 Processing under the authority of the controller or processor | | | | |
| ๐ผ Art. 30 Records of processing activities | | 3 | 4 | |
| ๐ผ Art. 31 Cooperation with the supervisory authority | | | | |
| ๐ผ Art. 32 Security of processing | | 5 | 5 | |
| ๐ผ Art. 33 Notification of a personal data breach to the supervisory authority | | | | |
| ๐ผ Art. 34 Communication of a personal data breach to the data subject | | | | |
| ๐ผ Art. 35 Data protection impact assessment | | | | |
| ๐ผ Art. 36 Prior consultation | | | | |
| ๐ผ Art. 37 Designation of the data protection officer | | | | |
| ๐ผ Art. 38 Position of the data protection officer | | | | |
| ๐ผ Art. 39 Tasks of the data protection officer | | | | |
| ๐ผ Art. 40 Codes of conduct | | | | |
| ๐ผ Art. 41 Monitoring of approved codes of conduct | | | | |
| ๐ผ Art. 42 Certification | | | | |
| ๐ผ Art. 43 Certification bodies | | | | |