§ GDPR · Article 70

GDPR Article 70: Obligations, Deadlines & Penalties

Regulation (EU) 2016/679, Article 70 · All obligations · GDPR
At a glance
Article 70 of the GDPR imposes 18 obligations on Board.
§ Obligations

All obligations under Article 70

Obligation 1
The Board shall ensure the consistent application of this Regulation. Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
ensure
Deadline
Penalty
Obligation 2
The Board shall monitor and ensure the correct application of this Regulation in the cases provided for in Articles 64 and 65. Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
monitor
Deadline
Penalty
Obligation 3
The Board shall advise the Commission on any issue related to the protection of personal data in the Union, including on any proposed amendment of this Regulation. Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
advise
Deadline
Penalty
Obligation 4
The Board shall advise the Commission on the format and procedures for the exchange of information between controllers, processors and supervisory authorities for binding corporate rules. Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
advise
Deadline
Penalty
Obligation 5
The Board shall issue guidelines, recommendations, and best practices on procedures for erasing links, copies or replications of personal data from publicly available communication services as referred to in Article 17(2). Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
issue
Deadline
Penalty
Obligation 6
The Board shall examine any question covering the application of this Regulation and issue guidelines, recommendations and best practices in order to encourage consistent application of this Regulation. Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
examine
Deadline
Penalty
Obligation 7
The Board shall issue guidelines, recommendations and best practices for further specifying the criteria and conditions for decisions based on profiling pursuant to Article 22(2). Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
issue
Deadline
Penalty
Obligation 8
The Board shall issue guidelines, recommendations and best practices for establishing the personal data breaches and determining the undue delay referred to in Article 33(1) and (2) and for the particular circumstances in which a controller or a processor is required to notify the personal data breach. Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
issue
Deadline
Penalty
Obligation 9
The Board shall issue guidelines, recommendations and best practices as to the circumstances in which a personal data breach is likely to result in a high risk to the rights and freedoms of the natural persons referred to in Article 34(1). Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
issue
Deadline
Penalty
Obligation 10
The Board shall issue guidelines, recommendations and best practices for the purpose of further specifying the criteria and requirements for personal data transfers based on binding corporate rules adhered to by controllers and binding corporate rules adhered to by processors and on further necessary requirements to ensure the protection of personal data of the data subjects concerned referred to in Article 47. Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
issue
Deadline
Penalty
Obligation 11
The Board shall issue guidelines, recommendations and best practices for the purpose of further specifying the criteria and requirements for the personal data transfers on the basis of Article 49(1). Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
issue
Deadline
Penalty
Obligation 12
The Board shall draw up guidelines for supervisory authorities concerning the application of measures referred to in Article 58(1), (2) and (3) and the setting of administrative fines pursuant to Article 83. Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
draw up
Deadline
Penalty
Obligation 13
The Board shall review the practical application of the guidelines, recommendations and best practices referred to in points (e) and (f). Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
review
Deadline
Penalty
Obligation 14
The Board shall issue guidelines, recommendations and best practices for establishing common procedures for reporting by natural persons of infringements of this Regulation pursuant to Article 54(2). Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
issue
Deadline
Penalty
Obligation 15
The Board shall encourage the drawing-up of codes of conduct and the establishment of data protection certification mechanisms and data protection seals and marks pursuant to Articles 40 and 42. Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
encourage
Deadline
Penalty
Obligation 16
The Board shall carry out the accreditation of certification bodies and its periodic review pursuant to Article 43. Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
accredit
Deadline
Penalty
Obligation 17
The Board shall maintain a public register of accredited bodies pursuant to Article 43(6) and of the accredited controllers or processors established in third countries pursuant to Article 42(7). Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
maintain
Deadline
Penalty
Obligation 18
The Board shall specify the requirements referred to in Article 43(3) with a view to the accreditation of certification bodies under Article 42. Regulation (EU) 2016/679, Article 70, Article 70
Obligated entity
Board
Action required
specify
Deadline
Penalty
§ Frequently asked

Questions about Article 70

Who must comply with Article 70 of the GDPR? +
Board.
What does Article 70 of the GDPR require? +
ensure monitor advise
Need a cross-border briefing on GDPR Article 70?
Search Fontvera ↵
All EU obligation pages  ·  All GDPR articles