Article 24 – Responsibility of the controller
Article 25 – Data protection by design and by default
Article 26 – Joint controllers
Article 27 – Representatives of controllers or processors not established in the Union
Article 28 – Processor
Article 29 – Processing under the authority of the controller or processor
Article 30 – Records of processing activities
Article 31 – Cooperation with the supervisory authority
Article 32 – Security of processing
Article 33 – Notification of a personal data breach to the supervisory authority
Article 34 – Communication of a personal data breach to the data subject
Article 35 – Data protection impact assessment
Article 36 – Prior consultation
Article 37 – Designation of the data protection officer
Article 38 – Position of the data protection officer
Article 39 – Tasks of the data protection officer
Article 40 – Codes of conduct
Article 41 – Monitoring of approved codes of conduct
Article 42 – Certification
Article 43 – Certification bodies