§ GDPR · Article 42

GDPR Article 42: Obligations, Deadlines & Penalties

Regulation (EU) 2016/679, Article 42 · All obligations · GDPR
At a glance
Article 42 of the GDPR imposes 3 obligations on Member States, controllers, processors and 3 other entity type(s).
§ Obligations

All obligations under Article 42

Obligation 1
Member States, supervisory authorities, the Board, and the Commission shall encourage the establishment of data protection certification mechanisms, seals, and marks to demonstrate compliance. Regulation (EU) 2016/679, Article 42, Article 42
Obligated entity
Member States, supervisory authorities, the Board, the Commission
Action required
encourage
Deadline
Penalty
Obligation 2
The specific needs of micro, small, and medium-sized enterprises shall be taken into account when establishing certification mechanisms. Regulation (EU) 2016/679, Article 42, Article 42
Obligated entity
Member States, supervisory authorities, the Board, the Commission
Size threshold
micro, small and medium-sized enterprises
Action required
take into account
Deadline
Penalty
Obligation 3
Controllers or processors not subject to the Regulation but using certification for international transfers shall make binding and enforceable commitments to apply appropriate safeguards. Regulation (EU) 2016/679, Article 42, Article 42
Obligated entity
controllers, processors
Action required
make commitments
Deadline
Penalty
Exemptions
controllers or processors subject to this Regulation
§ Frequently asked

Questions about Article 42

Who must comply with Article 42 of the GDPR? +
Member States, controllers, processors, supervisory authorities, the Board, the Commission.
What does Article 42 of the GDPR require? +
encourage take into account make commitments
Need a cross-border briefing on GDPR Article 42?
Search Fontvera ↵
All EU obligation pages  ·  All GDPR articles