§ GDPR · Article 20

GDPR Article 20: Obligations, Deadlines & Penalties

Regulation (EU) 2016/679, Article 20 · All obligations · GDPR
At a glance
Article 20 of the GDPR imposes 3 obligations on controller.
§ Obligations

All obligations under Article 20

Obligation 1
Provide personal data to the data subject in a structured, commonly used, and machine-readable format when processing is based on consent or contract and is automated. Regulation (EU) 2016/679, Article 20, Article 20
Obligated entity
controller
Action required
provide
Deadline
Penalty
Exemptions
processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Obligation 2
Allow the data subject to transmit personal data to another controller without hindrance. Regulation (EU) 2016/679, Article 20, Article 20
Obligated entity
controller
Action required
allow
Deadline
Penalty
Exemptions
processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Obligation 3
Transmit personal data directly from one controller to another where technically feasible. Regulation (EU) 2016/679, Article 20, Article 20
Obligated entity
controller
Action required
transmit
Deadline
Penalty
Exemptions
where not technically feasible
§ Frequently asked

Questions about Article 20

Who must comply with Article 20 of the GDPR? +
controller.
What does Article 20 of the GDPR require? +
provide allow transmit
Need a cross-border briefing on GDPR Article 20?
Search Fontvera ↵
All EU obligation pages  ·  All GDPR articles