§ GDPR · Article 89
GDPR Article 89: Obligations, Deadlines & Penalties
At a glance
Article 89 of the GDPR imposes 3 obligations on controller.
§ Obligations
All obligations under Article 89
Obligation 1
Processing for archiving, research, or statistical purposes must be subject to appropriate safeguards for the rights and freedoms of the data subject.
Regulation (EU) 2016/679, Article 89, Article 89
- Obligated entity
-
controller
- Action required
-
implement
- Deadline
-
—
- Penalty
-
—
Obligation 2
Technical and organisational measures must be in place to ensure respect for the principle of data minimisation.
Regulation (EU) 2016/679, Article 89, Article 89
- Obligated entity
-
controller
- Action required
-
implement
- Deadline
-
—
- Penalty
-
—
Obligation 3
Where purposes can be fulfilled by further processing that does not permit identification of data subjects, those purposes shall be fulfilled in that manner.
Regulation (EU) 2016/679, Article 89, Article 89
- Obligated entity
-
controller
- Action required
-
process
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 89
Who must comply with Article 89 of the GDPR?
+
controller.
What does Article 89 of the GDPR require?
+
implement process