logo-white2
Facebook-square
Youtube
Instagram
0.00 Cart

Obligations of the owner of an online shop
in accordance with Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) (OJ L 119, 2016, p. 1)
Regulation 2016/679 (GDPR)

Obligation: Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
Legal basis: Article 5(1)(a)

Obligation: Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Legal basis: Article 5(1)(b)

Obligation: Personal data shall be limited to what is necessary in relation to the purposes for which they are collected.
Legal basis: Article 5(1)(c)

Obligation: Every step shall be taken to ensure that personal data are accurate and, where necessary, kept up to date, and that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Legal basis: Article (5)(1)(d)

Obligation: Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed – it is necessary to plan in advance how long personal data will be kept.
Legal basis: Article 5(1)(e)

Obligation: Personal data shall be processed in a manner that ensures their appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
Legal basis: Article (5)(1)(f)

Obligation: There must be at least one valid lawful basis for the processing of personal data. These lawful bases are: – consent; – performing or entering into a contract;
– legal obligation; – vital interests; – a public task; – the legitimate interests of the controller or a third party.
Legal basis: Article 6

Obligation: The obligation to provide information in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
Legal basis: Article 12(1)

Obligation: The obligation to provide information on action taken on a request under Articles 15 to 22 of the GDPR to the data subject without undue delay and in any event within one month of receipt of the request.
Legal basis: Article 12(3)

Obligation: The fulfillment of the information obligation in accordance with Article 13 of the GDPR when personal data are collected from the data subject.
Legal basis: Article 13

Obligation: The fulfillment of the information obligation in accordance with Article 14 of the GDPR when personal data have not been obtained from the data subject.
Legal basis: Article 14

Obligation: The obligation to provide information about automated individual decision-making and profiling.
Legal basis: Article 22

Obligation: The obligation to implement appropriate technical and organizational measures (in a manner that makes it possible to demonstrate this).
Legal basis: Article 24(1)

Obligation: The necessity of entering into relevant data processing agreements if the processing of the personal data of customers is entrusted to other entities.
Legal basis: Article 28

Obligation: Maintaining a record of personal data processing activities.
Legal basis: Article 30(1)

Obligation: Maintaining a record of all categories of processing activities.
Legal basis: Article 30(2)

Obligation: The obligation to cooperate, on request, with the supervisory authority.
Legal basis: Article 31

Obligation: The obligation to perform an analysis of risks.
Legal basis: Article 32

Obligation: The obligation to notify the personal data breach to the supervisory authority without undue delay, not later than 72 hours after having become aware of the breach.
Legal basis: Article 33

Obligation: The obligation to communicate without undue delay a personal data breach to the data subject if the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons.
Legal basis: Article 34

Obligation: The obligation to carry out, prior to the processing, an assessment of the impact of the envisaged processing operations on the protection of personal data where a type of processing, taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons.
Legal basis: Article 35

Obligation: Adoption of relevant documents such as privacy policy, security policy, and cookies policy.

Checkboxes, if there are any on the website, should be unchecked by default.

Facebook-square
Youtube
Instagram
Pinterest

WendySince1924 © 2020