§ GDPR · Article 25

GDPR Article 25: Obligations, Deadlines & Penalties

Regulation (EU) 2016/679, Article 25 · All obligations · GDPR
At a glance
Article 25 of the GDPR imposes 3 obligations on controller.
§ Obligations

All obligations under Article 25

Obligation 1
The controller shall implement appropriate technical and organisational measures, such as pseudonymisation, at the time of determination of means and during processing to implement data-protection principles effectively and integrate necessary safeguards. Regulation (EU) 2016/679, Article 25, Article 25
Obligated entity
controller
Action required
implement
Deadline
Penalty
Obligation 2
The controller shall implement appropriate technical and organisational measures to ensure that, by default, only personal data necessary for each specific purpose are processed, covering amount, extent, storage period, and accessibility. Regulation (EU) 2016/679, Article 25, Article 25
Obligated entity
controller
Action required
implement
Deadline
Penalty
Obligation 3
Measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons. Regulation (EU) 2016/679, Article 25, Article 25
Obligated entity
controller
Action required
ensure
Deadline
Penalty
§ Frequently asked

Questions about Article 25

Who must comply with Article 25 of the GDPR? +
controller.
What does Article 25 of the GDPR require? +
implement ensure
Need a cross-border briefing on GDPR Article 25?
Search Fontvera ↵
All EU obligation pages  ·  All GDPR articles