- GDPR Article 24: Responsibility of the controller
- GDPR Article 25: Data protection by design and by default
- GDPR Article 26: Joint controllers
- GDPR Article 27: Representatives of controllers or processors not established in the Union
- GDPR Article 28: Processor
- GDPR Article 29: Processing under the authority of the controller or processor
- GDPR Article 30: Records of processing activities
- GDPR Article 31: Cooperation with the supervisory authority
- GDPR Article 32: Security of processing
- GDPR Article 33: Notification of a personal data breach to the supervisory authority
- GDPR Article 34: Communication of a personal data breach to the data subject
- GDPR Article 35: Data protection impact assessment
- GDPR Article 36: Prior consultation
- GDPR Article 37: Designation of the data protection officer
- GDPR Article 38: Position of the data protection officer
- GDPR Article 39: Tasks of the data protection officer
- GDPR Article 40: Codes of conduct
- GDPR Article 41: Monitoring of approved codes of conduct
- GDPR Article 42: Certification
- GDPR Article 43: Certification bodies
