§ GDPR · Article 89

GDPR Article 89: Obligations, Deadlines & Penalties

Regulation (EU) 2016/679, Article 89 · All obligations · GDPR
At a glance
Article 89 of the GDPR imposes 3 obligations on controller.
§ Obligations

All obligations under Article 89

Obligation 1
Processing for archiving, research, or statistical purposes must be subject to appropriate safeguards for the rights and freedoms of the data subject. Regulation (EU) 2016/679, Article 89, Article 89
Obligated entity
controller
Action required
implement
Deadline
Penalty
Obligation 2
Technical and organisational measures must be in place to ensure respect for the principle of data minimisation. Regulation (EU) 2016/679, Article 89, Article 89
Obligated entity
controller
Action required
implement
Deadline
Penalty
Obligation 3
Where purposes can be fulfilled by further processing that does not permit identification of data subjects, those purposes shall be fulfilled in that manner. Regulation (EU) 2016/679, Article 89, Article 89
Obligated entity
controller
Action required
process
Deadline
Penalty
§ Frequently asked

Questions about Article 89

Who must comply with Article 89 of the GDPR? +
controller.
What does Article 89 of the GDPR require? +
implement process
Need a cross-border briefing on GDPR Article 89?
Search Fontvera ↵
All EU obligation pages  ·  All GDPR articles