Article 30. Records of processing activities

1 obligation

GDPR-30-17 Reporting

Records must be made available to supervisory authority on request

Controllers, processors, and their representatives must make processing activity records available to the supervisory au

Article 33. Notification of a personal data breach to the supervisory authority

3 obligations

GDPR-33-01 Reporting

Notify supervisory authority of personal data breach within 72 hours

Controller must notify the competent supervisory authority of a personal data breach without undue delay and, where feas

GDPR-33-03 Reporting

Processor must notify controller of personal data breach

The processor must notify the controller without undue delay after becoming aware of a personal data breach.

GDPR-33-08 Reporting

Provide breach information in phases if necessary

Where it is not possible to provide all required breach notification information at the same time, the information may b

Article 34. Communication of a personal data breach to the data subject

1 obligation

GDPR-34-01 Reporting

Communicate personal data breach to data subject when high risk exists

When a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the contro

Article 35. Data protection impact assessment

2 obligations

GDPR-35-07 Reporting

Communicate DPIA-required list to Board

The supervisory authority must communicate the list of processing operations requiring DPIA to the Board.

GDPR-35-09 Reporting

Communicate DPIA-exempt list to Board

The supervisory authority must communicate the list of processing operations exempt from DPIA to the Board.

Article 41. Monitoring of approved codes of conduct

1 obligation

GDPR-41-07 Reporting

Monitoring body reporting to supervisory authority on enforcement actions

Accredited monitoring bodies must inform the competent supervisory authority of enforcement actions taken and the reason

Article 43. Certification bodies

3 obligations

GDPR-43-01 Reporting

Inform supervisory authority before issuing/renewing certification

Certification bodies must inform the supervisory authority before issuing and renewing certification to allow the superv

GDPR-43-09 Reporting

Provide reasons for certification decisions to supervisory authorities

Certification bodies must provide the competent supervisory authorities with the reasons for granting or withdrawing the

GDPR-43-11 Reporting

Transmit requirements and criteria to the Board

Supervisory authorities must transmit the requirements and criteria to the Board.

Article 49. Derogations for specific situations

2 obligations

GDPR-49-07 Reporting

Inform supervisory authority of exceptional transfers

Controllers must inform the supervisory authority when making transfers based on compelling legitimate interests under t

GDPR-49-10 Reporting

Notify Commission of transfer limitations for public interest reasons

Member States must notify the Commission of any provisions that set limits to the transfer of specific categories of per

Article 51. Supervisory authority

1 obligation

GDPR-51-06 Reporting

Notify Commission of implementing legislation

Each Member State must notify to the Commission the provisions of its law which it adopts pursuant to this Chapter by 25

Article 56. Competence of the lead supervisory authority

1 obligation

GDPR-56-03 Reporting

Inform lead supervisory authority without delay

When handling local cases, the supervisory authority must inform the lead supervisory authority without delay about the

Article 58. Powers

1 obligation

GDPR-58-07 Reporting

Communicate Personal Data Breach to Data Subject

Controllers must communicate personal data breaches to data subjects when ordered by supervisory authorities.

Article 59. Activity reports

2 obligations

GDPR-59-01 Reporting

Draw up annual activity report

Each supervisory authority must prepare an annual report documenting its activities, which may include a list of types o

GDPR-59-02 Reporting

Transmit reports to national authorities

Supervisory authorities must transmit their annual activity reports to the national parliament, the government and other

Article 60. Cooperation between the lead supervisory authority and the other supervisory authorities concerned

1 obligation

GDPR-60-19 Reporting

Controller/processor must notify compliance measures to lead authority

The controller or processor must notify the measures taken for complying with the decision to the lead supervisory autho

Article 61. Mutual assistance

1 obligation

GDPR-61-06 Reporting

Inform requesting authority of results and progress

The requested supervisory authority must inform the requesting supervisory authority of the results or progress of measu

Article 65. Dispute resolution by the Board

2 obligations

GDPR-65-07 Reporting

Board Chair must inform Commission of decision

The Chair of the Board must inform the Commission of the Board's decision.

GDPR-65-10 Reporting

Supervisory authority must inform Board of final decision notification date

The lead supervisory authority or complaint supervisory authority must inform the Board of the date when its final decis

Article 66. Urgency procedure

1 obligation

GDPR-66-02 Reporting

Communicate provisional measures without delay

The supervisory authority must immediately communicate adopted provisional measures and the reasons for adopting them to

Article 68. European Data Protection Board

1 obligation

GDPR-68-03 Reporting

Board Chair communicate activities to Commission

The Chair of the Board shall communicate to the Commission the activities of the Board.

Article 71. Reports

6 obligations

GDPR-71-01 Reporting

Draw up annual report on data protection

The Board must prepare an annual report regarding the protection of natural persons with regard to processing in the Uni

GDPR-71-03 Reporting

Transmit annual report to European Parliament

The Board must transmit the annual report to the European Parliament.

GDPR-71-04 Reporting

Transmit annual report to the Council

The Board must transmit the annual report to the Council.

GDPR-71-05 Reporting

Transmit annual report to the Commission

The Board must transmit the annual report to the Commission.

GDPR-71-06 Reporting

Include review of guidelines, recommendations and best practices in annual report

The annual report must include a review of the practical application of the guidelines, recommendations and best practic

GDPR-71-07 Reporting

Include review of binding decisions in annual report

The annual report must include a review of the binding decisions (referenced but not fully specified in the article text

Article 83. General conditions for imposing administrative fines

1 obligation

GDPR-83-08 Reporting

Notify Commission of alternative fine procedure laws

Member States using alternative fine procedures must notify the Commission of their adopted laws by 25 May 2018 and prom

Article 84. Penalties

1 obligation

GDPR-84-03 Reporting

Notify Commission of penalty provisions by deadline

Each Member State must notify the Commission of the provisions of national law adopted pursuant to paragraph 1 by 25 May

Article 85. Processing and freedom of expression and information

2 obligations

GDPR-85-03 Reporting

Notify Commission of adopted provisions

Each Member State must notify the European Commission of the provisions of national law adopted pursuant to paragraph 2

GDPR-85-04 Reporting

Notify Commission of subsequent amendments without delay

Each Member State must notify the European Commission without delay of any subsequent amendment to the law or amendments

Article 88. Processing in the context of employment

2 obligations

GDPR-88-03 Reporting

Notify Commission of employment data protection laws by deadline

Each Member State must notify the Commission of the provisions of its law adopted pursuant to paragraph 1 by 25 May 2018

GDPR-88-04 Reporting

Report amendments to employment data protection laws without delay

Each Member State must notify the Commission without delay of any subsequent amendments to the employment data protectio

Article 90. Obligations of secrecy

2 obligations

GDPR-90-03 Reporting

Member States must notify Commission of adopted secrecy rules by 25 May 2018

Each Member State shall notify to the Commission the rules adopted pursuant to paragraph 1, by 25 May 2018 and, without

GDPR-90-04 Reporting

Member States must notify Commission of subsequent amendments without delay

Each Member State must notify the Commission without delay of any subsequent amendments to rules adopted pursuant to par

Article 92. Exercise of the delegation

1 obligation

GDPR-92-01 Reporting

Commission notification of delegated acts

The Commission must simultaneously notify the European Parliament and Council as soon as it adopts any delegated act und

Article 97. Commission reports

1 obligation

GDPR-97-01 Reporting

Submit quadrennial GDPR evaluation reports to Parliament and Council

The Commission must submit a report on the evaluation and review of the GDPR to the European Parliament and to the Counc