§ GDPR · Article 25
GDPR Article 25: Obligations, Deadlines & Penalties
At a glance
Article 25 of the GDPR imposes 3 obligations on controller.
§ Obligations
All obligations under Article 25
Obligation 1
The controller shall implement appropriate technical and organisational measures, such as pseudonymisation, at the time of determination of means and during processing to implement data-protection principles effectively and integrate necessary safeguards.
Regulation (EU) 2016/679, Article 25, Article 25
- Obligated entity
-
controller
- Action required
-
implement
- Deadline
-
—
- Penalty
-
—
Obligation 2
The controller shall implement appropriate technical and organisational measures to ensure that, by default, only personal data necessary for each specific purpose are processed, covering amount, extent, storage period, and accessibility.
Regulation (EU) 2016/679, Article 25, Article 25
- Obligated entity
-
controller
- Action required
-
implement
- Deadline
-
—
- Penalty
-
—
Obligation 3
Measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.
Regulation (EU) 2016/679, Article 25, Article 25
- Obligated entity
-
controller
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 25
Who must comply with Article 25 of the GDPR?
+
controller.
What does Article 25 of the GDPR require?
+
implement ensure