§ GDPR · Article 20
GDPR Article 20: Obligations, Deadlines & Penalties
At a glance
Article 20 of the GDPR imposes 3 obligations on controller.
§ Obligations
All obligations under Article 20
Obligation 1
Provide personal data to the data subject in a structured, commonly used, and machine-readable format when processing is based on consent or contract and is automated.
Regulation (EU) 2016/679, Article 20, Article 20
- Obligated entity
-
controller
- Action required
-
provide
- Deadline
-
—
- Penalty
-
—
- Exemptions
- processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Obligation 2
Allow the data subject to transmit personal data to another controller without hindrance.
Regulation (EU) 2016/679, Article 20, Article 20
- Obligated entity
-
controller
- Action required
-
allow
- Deadline
-
—
- Penalty
-
—
- Exemptions
- processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Obligation 3
Transmit personal data directly from one controller to another where technically feasible.
Regulation (EU) 2016/679, Article 20, Article 20
- Obligated entity
-
controller
- Action required
-
transmit
- Deadline
-
—
- Penalty
-
—
- Exemptions
- where not technically feasible
§ Frequently asked
Questions about Article 20
Who must comply with Article 20 of the GDPR?
+
controller.
What does Article 20 of the GDPR require?
+
provide allow transmit