ConnhexGDPR
Your GDPR compliance toolkit.
gdpr
What is GDPR?
GDPR is shorthand for General Data Protection Regulation: it is a regulation of the European Parliament on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Long story short, it's a regulation you absolutely need to comply with if your business involves personal data of EU citizens - or you'll risk paying heavy fines!
details
How can I learn more?
We've put together a detailed FAQ section. In case of any doubt, just contact us! We'll provide you with additional details for both our internal policies and Connhex implementation details. And if you need some help to understand what your obligations with respect to GDPR compliance are, we'll be happy to share everything we know about it.
additional resources
Compliance map
Here's a detailed GDPR compliance map for Connhex.
applicable
compliance
chapter 1
General provisions
Subject-matter and objectives
Material scope
Territorial scope
Definitions
Principles
chapter 2
Principles
Lawfulness of processing
Conditions for consent
Conditions applicable to child's consent in relation to information society services
Processing of special categories of personal data
Processing of personal data relating to criminal convictions and offence
Processing which does not require identification
chapter 3
Rights of the data subject
Transparent information, communication and modalities for the exercise of the rights of the data subject.
Information to be provided where personal data are collected from the data subject
Information to be provided where personal data have not been obtained from the data subject
Right of access by the data subject
Right to rectification
Right to erasure (Right to be forgotten)
Right to restriction of processing
Notification obligation regarding rectification or erasure of personal data or restriction of processing
Right to data portability
Right to object
Automated individual decision-making, including profiling
Restrictions
chapter 4
Controller and processor
Responsibility of the controller
Data protection by design and by default
Joint controllers
Representatives of controllers or processors not established in the Union
Processor
Processing under the authority of the controller or processor
Record of processing activities
Cooperation with the supervisory authority
Security of processing
Notification of a personal data breach to the supervisory authority
Communication of a personal data breach to the data subject
Data protection impact assessment
Prior consultation
Designation of the data protection officer
Position of the data protection officer
Tasks of the data protection officer
Codes of conduct
Monitoring of approved codes of conduct
Certification
Certification bodies
chapter 5
Transfers of personal data to third countries or international organisations
General principle for transfers
Transfers on the basis of an adequacy decision
Transfers subject to appropriate safeguards
Binding corporate rules
Transfers or disclosures not authorised by Union law
Derogations for specific situations
International cooperation for the protection of personal data
chapter 6
Independent supervisory authorities
Supervisory authority
Independence
General conditions for the members of the supervisory authority
Rules on the establishment of the supervisory authority
Competence
Competence of the lead supervisory authority
Tasks
Powers
Activity reports
chapter 7
Cooperation and consistency
Cooperation between the lead supervisory authority and the other supervisory authorities concerned
Mutual assistance
Joint operations of supervisory authorities
Consistency mechanism
Opinion of the Board
Dispute resolution by the Board
Urgency procedure
Exchange of information
European Data Protection Board
Independence
Tasks of the Board
Reports
Procedure
Chair
Tasks of the Chair
Secretariat
Confidentiality
chapter 8
Remedies, liability and penalties
Right to lodge a complaint with a supervisory authority
Right to an effective judicial remedy against a supervisory authority
Right to an effective judicial remedy against a controller or processor
Representation of data subjects
Suspension of proceedings
Right to compensation and liability
General conditions for imposing administrative fines
Penalties
chapter 9
Provisions relating to specific processing situations
Processing and freedom of expression and information
Processing and public access to official documents
Processing of the national identification number
Processing in the context of employment
Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
Obligations of secrecy
Existing data protection rules of churches and religious associations
chapter 10
Delegated acts and implementing acts
Exercise of the delegation
Committee procedure
chapter 11
Final provisions
Repeal of Directive 95/46/EC
Relationship with Directive 2002/58/EC
Relationship with previously concluded Agreements
Commission reports
Review of other Union legal acts on data protection
Entry into force and application
legend
not applicable
partially applicable
applicable
compliant (where applicable)