§ GDPR · Article 29

GDPR Article 29: Obligations, Deadlines & Penalties

Regulation (EU) 2016/679, Article 29 · All obligations · GDPR
At a glance
Article 29 of the GDPR imposes 2 obligations on person acting under authority of controller or processor, processor.
§ Obligations

All obligations under Article 29

Obligation 1
The processor and any person acting under the authority of the controller or processor with access to personal data shall not process those data except on instructions from the controller. Regulation (EU) 2016/679, Article 29, Article 29
Obligated entity
processor
Action required
process only on instructions
Deadline
Penalty
Exemptions
Union or Member State law
Obligation 2
Any person acting under the authority of the controller or processor with access to personal data shall not process those data except on instructions from the controller. Regulation (EU) 2016/679, Article 29, Article 29
Obligated entity
person acting under authority of controller or processor
Action required
process only on instructions
Deadline
Penalty
Exemptions
Union or Member State law
§ Frequently asked

Questions about Article 29

Who must comply with Article 29 of the GDPR? +
person acting under authority of controller or processor, processor.
What does Article 29 of the GDPR require? +
process only on instructions
Need a cross-border briefing on GDPR Article 29?
Search Fontvera ↵
All EU obligation pages  ·  All GDPR articles