| ๐ผ Chapter 1 General provisions | 4 | | | |
| ๐ผ Art. 1 Subject-matter and objectives | | | | |
| ๐ผ Art. 2 Material scope | | | | |
| ๐ผ Art. 3 Territorial scope | | | | |
| ๐ผ Art. 4 Definitions | | | | |
| ๐ผ Chapter 2 Principles | 7 | | | |
| ๐ผ Art. 5 Principles relating to processing of personal data | | | | |
| ๐ผ Art. 6 Lawfulness of processing | | | | |
| ๐ผ Art. 7 Conditions for consent | | | | |
| ๐ผ Art. 8 Conditions applicable to child's consent in relation to information society services | | | | |
| ๐ผ Art. 9 Processing of special categories of personal data | | | | |
| ๐ผ Art. 10 Processing of personal data relating to criminal convictions and offences | | | | |
| ๐ผ Art. 11 Processing which does not require identification | | | | |
| ๐ผ Chapter 3 Rights of the data subject | 12 | | | |
| ๐ผ Art. 12 Transparent information, communication and modalities for the exercise of the rights of the data subject | | | | |
| ๐ผ Art. 13 Information to be provided where personal data are collected from the data subject | | | | |
| ๐ผ Art. 14 Information to be provided where personal data have not been obtained from the data subject | | | | |
| ๐ผ Art. 15 Right of access by the data subject | | | | |
| ๐ผ Art. 16 Right to rectification | | | | |
| ๐ผ Art. 17 Right to erasure (โright to be forgottenโ) | | | | |
| ๐ผ Art. 18 Right to restriction of processing | | | | |
| ๐ผ Art. 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing | | | | |
| ๐ผ Art. 20 Right to data portability | | | | |
| ๐ผ Art. 21 Right to object | | | | |
| ๐ผ Art. 22 Automated individual decision-making, including profiling | | | | |
| ๐ผ Art. 23 Restrictions | | | | |
| ๐ผ Chapter 4 Controller and processor | 20 | | | |
| ๐ผ Art. 24 Responsibility of the controller | | | | |
| ๐ผ Art. 25 Data protection by design and by default | | 10 | 10 | |
| ๐ผ Art. 26 Joint controllers | | | | |
| ๐ผ Art. 27 Representatives of controllers or processors not established in the Union | | | | |
| ๐ผ Art. 28 Processor | | | | |
| ๐ผ Art. 29 Processing under the authority of the controller or processor | | | | |
| ๐ผ Art. 30 Records of processing activities | | 3 | 4 | |
| ๐ผ Art. 31 Cooperation with the supervisory authority | | | | |
| ๐ผ Art. 32 Security of processing | | 5 | 5 | |
| ๐ผ Art. 33 Notification of a personal data breach to the supervisory authority | | | | |
| ๐ผ Art. 34 Communication of a personal data breach to the data subject | | | | |
| ๐ผ Art. 35 Data protection impact assessment | | | | |
| ๐ผ Art. 36 Prior consultation | | | | |
| ๐ผ Art. 37 Designation of the data protection officer | | | | |
| ๐ผ Art. 38 Position of the data protection officer | | | | |
| ๐ผ Art. 39 Tasks of the data protection officer | | | | |
| ๐ผ Art. 40 Codes of conduct | | | | |
| ๐ผ Art. 41 Monitoring of approved codes of conduct | | | | |
| ๐ผ Art. 42 Certification | | | | |
| ๐ผ Art. 43 Certification bodies | | | | |
| ๐ผ Chapter 5 Transfers of personal data to third countries or international organisations | 7 | | | |
| ๐ผ Art. 44 General principle for transfers | | | | |
| ๐ผ Art. 45 Transfers on the basis of an adequacy decision | | | | |
| ๐ผ Art. 46 Transfers subject to appropriate safeguards | | 2 | 2 | |
| ๐ผ Art. 47 Binding corporate rules | | | | |
| ๐ผ Art. 48 Transfers or disclosures not authorised by Union law | | | | |
| ๐ผ Art. 49 Derogations for specific situations | | | | |
| ๐ผ Art. 50 International cooperation for the protection of personal data | | | | |
| ๐ผ Chapter 6 Independent supervisory authorities | 9 | | | |
| ๐ผ Art. 51 Supervisory authority | | | | |
| ๐ผ Art. 52 Independence | | | | |
| ๐ผ Art. 53 General conditions for the members of the supervisory authority | | | | |
| ๐ผ Art. 54 Rules on the establishment of the supervisory authority | | | | |
| ๐ผ Art. 55 Competence | | | | |
| ๐ผ Art. 56 Competence of the lead supervisory authority | | | | |
| ๐ผ Art. 57 Tasks | | | | |
| ๐ผ Art. 58 Powers | | | | |
| ๐ผ Art. 59 Activity reports | | | | |
| ๐ผ Chapter 7 Cooperation and consistency | 17 | | | |
| ๐ผ Art. 60 Cooperation between the lead supervisory authority and the other supervisory authorities concerned | | | | |
| ๐ผ Art. 61 Mutual assistance | | | | |
| ๐ผ Art. 62 Joint operations of supervisory authorities | | | | |
| ๐ผ Art. 63 Consistency mechanism | | | | |
| ๐ผ Art. 64 Opinion of the Board | | | | |
| ๐ผ Art. 65 Dispute resolution by the Board | | | | |
| ๐ผ Art. 66 Urgency procedure | | | | |
| ๐ผ Art. 67 Exchange of information | | | | |
| ๐ผ Art. 68 European Data Protection Board | | | | |
| ๐ผ Art. 69 Independence | | | | |
| ๐ผ Art. 70 Tasks of the Board | | | | |
| ๐ผ Art. 71 Reports | | | | |
| ๐ผ Art. 72 Procedure | | | | |
| ๐ผ Art. 73 Chair | | | | |
| ๐ผ Art. 74 Tasks of the Chair | | | | |
| ๐ผ Art. 75 Secretariat | | | | |
| ๐ผ Art. 76 Confidentiality | | | | |
| ๐ผ Chapter 8 Remedies, liability and penalties | 8 | | | |
| ๐ผ Art. 77 Right to lodge a complaint with a supervisory authority | | | | |
| ๐ผ Art. 78 Right to an effective judicial remedy against a supervisory authority | | | | |
| ๐ผ Art. 79 Right to an effective judicial remedy against a controller or processor | | | | |
| ๐ผ Art. 80 Representation of data subjects | | | | |
| ๐ผ Art. 81 Suspension of proceedings | | | | |
| ๐ผ Art. 82 Right to compensation and liability | | | | |
| ๐ผ Art. 83 General conditions for imposing administrative fines | | | | |
| ๐ผ Art. 84 Penalties | | | | |
| ๐ผ Chapter 9 Provisions relating to specific processing situations | 7 | | | |
| ๐ผ Art. 85 Processing and freedom of expression and information | | | | |
| ๐ผ Art. 86 Processing and public access to official documents | | | | |
| ๐ผ Art. 87 Processing of the national identification number | | | | |
| ๐ผ Art. 88 Processing in the context of employment | | | | |
| ๐ผ Art. 89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes | | | | |
| ๐ผ Art. 90 Obligations of secrecy | | | | |
| ๐ผ Art. 91 Existing data protection rules of churches and religious association | | | | |
| ๐ผ Chapter 10 Delegated acts and implementing acts | 2 | | | |
| ๐ผ Art. 92 Exercise of the delegation | | | | |
| ๐ผ Art. 93 Committee procedure | | | | |
| ๐ผ Chapter 11 Final provisions | 6 | | | |
| ๐ผ Art. 94 Repeal of Directive 95/46/EC | | | | |
| ๐ผ Art. 95 Relationship with Directive 2002/58/EC | | | | |
| ๐ผ Art. 96 Relationship with previously concluded Agreements | | | | |
| ๐ผ Art. 97 Commission reports | | | | |
| ๐ผ Art. 98 Review of other Union legal acts on data protection | | | | |
| ๐ผ Art. 99 Entry into force and application | | | | |