§ GDPR · Article 29
GDPR Article 29: Obligations, Deadlines & Penalties
At a glance
Article 29 of the GDPR imposes 2 obligations on person acting under authority of controller or processor, processor.
§ Obligations
All obligations under Article 29
Obligation 1
The processor and any person acting under the authority of the controller or processor with access to personal data shall not process those data except on instructions from the controller.
Regulation (EU) 2016/679, Article 29, Article 29
- Obligated entity
-
processor
- Action required
-
process only on instructions
- Deadline
-
—
- Penalty
-
—
- Exemptions
- Union or Member State law
Obligation 2
Any person acting under the authority of the controller or processor with access to personal data shall not process those data except on instructions from the controller.
Regulation (EU) 2016/679, Article 29, Article 29
- Obligated entity
-
person acting under authority of controller or processor
- Action required
-
process only on instructions
- Deadline
-
—
- Penalty
-
—
- Exemptions
- Union or Member State law
§ Frequently asked
Questions about Article 29
Who must comply with Article 29 of the GDPR?
+
person acting under authority of controller or processor, processor.
What does Article 29 of the GDPR require?
+
process only on instructions