Article 9 – Processing of special categories of personal data (2024)

CHAPTER 1 (§ 1 - 4)

General provisions

  • Article 1 - Subject-matter and objectives
  • Article 2 - Material scope
  • Article 3 - Territorial scope
  • Article 4 - Definitions

CHAPTER 2 (§ 5 - 11)

Principles

  • Article 5 - Principles relating to processing of personal data
  • Article 6 - Lawfulness of processing
  • Article 7 - Conditions for consent
  • Article 8 - Conditions applicable to child's consent in relation to information society services
  • Article 9 - Processing of special categories of personal data
  • Article 10 - Processing of personal data relating to criminal convictions and offences
  • Article 11 - Processing which does not require identification

CHAPTER 3 (§ 12 - 23)

Rights of the data subject

Section 1 - Transparency and modalities

  • Article 12 - Transparent information, communication and modalities for the exercise of the rights of the data subject

Section 2 - Information and access to personal data

  • Article 13 - Information to be provided where personal data are collected from the data subject
  • Article 14 - Information to be provided where personal data have not been obtained from the data subject
  • Article 15 - Right of access by the data subject

Section 3 - Rectification and erasure

  • Article 16 - Right to rectification
  • Article 17 - Right to erasure (‘right to be forgotten’)
  • Article 18 - Right to restriction of processing
  • Article 19 - Notification obligation regarding rectification or erasure of personal data or restriction of processing
  • Article 20 - Right to data portability

Section 4 - Right to object and automated individual decision-making

  • Article 21 - Right to object
  • Article 22 - Automated individual decision-making, including profiling

Section 5 - Restrictions

  • Article 23 - Restrictions

CHAPTER 4 (§ 24 - 43)

Controller and processor

Section 1 - General obligations

  • Article 24 - Responsibility of the controller
  • Article 25 - Data protection by design and by default
  • Article 26 - Joint controllers
  • Article 27 - Representatives of controllers or processors not established in the Union
  • Article 28 - Processor
  • Article 29 - Processing under the authority of the controller or processor
  • Article 30 - Records of processing activities
  • Article 31 - Cooperation with the supervisory authority

Section 2 - Security of personal data

  • Article 32 - Security of processing
  • Article 33 - Notification of a personal data breach to the supervisory authority
  • Article 34 - Communication of a personal data breach to the data subject

Section 3 - Data protection impact assessment and prior consultation

  • Article 35 - Data protection impact assessment
  • Article 36 - Prior consultation

Section 4 - Data protection officer

  • Article 37 - Designation of the data protection officer
  • Article 38 - Position of the data protection officer
  • Article 39 - Tasks of the data protection officer

Section 5 - Codes of conduct and certification

  • Article 40 - Codes of conduct
  • Article 41 - Monitoring of approved codes of conduct
  • Article 42 - Certification
  • Article 43 - Certification bodies

CHAPTER 5 (§ 44 - 50)

Transfers of personal data to third countries or international organisations

  • Article 44 - General principle for transfers
  • Article 45 - Transfers on the basis of an adequacy decision
  • Article 46 - Transfers subject to appropriate safeguards
  • Article 47 - Binding corporate rules
  • Article 48 - Transfers or disclosures not authorised by Union law
  • Article 49 - Derogations for specific situations
  • Article 50 - International cooperation for the protection of personal data

CHAPTER 6 (§ 51 - 59)

Independent supervisory authorities

Section 1 - Independent status

  • Article 51 - Supervisory authority
  • Article 52 - Independence
  • Article 53 - General conditions for the members of the supervisory authority
  • Article 54 - Rules on the establishment of the supervisory authority

Section 2 - Competence, tasks and powers

  • Article 55 - Competence
  • Article 56 - Competence of the lead supervisory authority
  • Article 57 - Tasks
  • Article 58 - Powers
  • Article 59 - Activity reports

CHAPTER 7 (§ 60 - 76)

Cooperation and consistency

Section 1 - Cooperation

  • Article 60 - Cooperation between the lead supervisory authority and the other supervisory authorities concerned
  • Article 61 - Mutual assistance
  • Article 62 - Joint operations of supervisory authorities

Section 2 - Consistency

  • Article 63 - Consistency mechanism
  • Article 64 - Opinion of the Board
  • Article 65 - Dispute resolution by the Board
  • Article 66 - Urgency procedure
  • Article 67 - Exchange of information

Section 3 - European data protection board

  • Article 68 - European Data Protection Board
  • Article 69 - Independence
  • Article 70 - Tasks of the Board
  • Article 71 - Reports
  • Article 72 - Procedure
  • Article 73 - Chair
  • Article 74 - Tasks of the Chair
  • Article 75 - Secretariat
  • Article 76 - Confidentiality

CHAPTER 8 (§ 77 - 84)

Remedies, liability and penalties

  • Article 77 - Right to lodge a complaint with a supervisory authority
  • Article 78 - Right to an effective judicial remedy against a supervisory authority
  • Article 79 - Right to an effective judicial remedy against a controller or processor
  • Article 80 - Representation of data subjects
  • Article 81 - Suspension of proceedings
  • Article 82 - Right to compensation and liability
  • Article 83 - General conditions for imposing administrative fines
  • Article 84 - Penalties

CHAPTER 9 (§ 85 - 91)

Provisions relating to specific processing situations

  • Article 85 - Processing and freedom of expression and information
  • Article 86 - Processing and public access to official documents
  • Article 87 - Processing of the national identification number
  • Article 88 - Processing in the context of employment
  • Article 89 - Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
  • Article 90 - Obligations of secrecy
  • Article 91 - Existing data protection rules of churches and religious associations

CHAPTER 10 (§ 92 - 93)

Delegated acts and implementing acts

  • Article 92 - Exercise of the delegation
  • Article 93 - Committee procedure

CHAPTER 11 (§ 94 - 99)

Final provisions

  • Article 94 - Repeal of Directive 95/46/EC
  • Article 95 - Relationship with Directive 2002/58/EC
  • Article 96 - Relationship with previously concluded Agreements
  • Article 97 - Commission reports
  • Article 98 - Review of other Union legal acts on data protection
  • Article 99 - Entry into force and application
Article 9 – Processing of special categories of personal data (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Lidia Grady

Last Updated:

Views: 6352

Rating: 4.4 / 5 (65 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Lidia Grady

Birthday: 1992-01-22

Address: Suite 493 356 Dale Fall, New Wanda, RI 52485

Phone: +29914464387516

Job: Customer Engineer

Hobby: Cryptography, Writing, Dowsing, Stand-up comedy, Calligraphy, Web surfing, Ghost hunting

Introduction: My name is Lidia Grady, I am a thankful, fine, glamorous, lucky, lively, pleasant, shiny person who loves writing and wants to share my knowledge and understanding with you.