Title III — Obligations of Controllers and Processors
This title sets out the obligations imposed on data controllers and processors.
Chapter 1 — General Obligations
| Article | Title |
|---|
| Art. 15 | Responsibility of the Controller |
| Art. 16 | Data Protection by Design and by Default |
| Art. 17 | Records of Processing Activities |
| Art. 18 | Security of Processing |
Chapter 2 — Data Breach and Impact Assessment
| Article | Title |
|---|
| Art. 19 | Notification of Personal Data Breach |
| Art. 20 | Communication of Breach to Data Subjects |
| Art. 21 | Data Protection Impact Assessment |
Chapter 3 — Transfers and Processors
| Article | Title |
|---|
| Art. 22 | International Data Transfers |
| Art. 23 | Processor Obligations |