General Data Protection Regulation (GDPR)
Table of Contents
Chapter I – General provisions
Chapter II – Principles
Chapter III – Rights of the data subject
Chapter IV – Section 4
Chapter V – Section 5
Chapter VI – Independent supervisory authorities
Chapter VII – Cooperation and consistency
Chapter VIII – Remedies, liability and penalties
Chapter IX – Provisions relating to specific processing situations
Chapter X – Delegated acts and implementing acts
Chapter XI – Final provisions
Recitals (173)
Recital 89
(89) Data Protection Directive (repealed by GDPR) provided for a general obligation to notify the processing of personal data to the supervisory authorities. While that obligation produces administrative and financial burdens, it did not in all cases contribute to improving the protection of personal data. Such indiscriminate general notification obligations should therefore be abolished, and replaced by effective procedures and mechanisms which focus instead on those types of processing operations which are likely to result in a high risk to the rights and freedoms of natural persons by virtue of their nature, scope, context and purposes. Such types of processing operations may be those which in, particular, involve using new technologies, or are of a new kind and where no data protection impact assessment has been carried out before by the controller, or where they become necessary in the light of the time that has elapsed since the initial processing.