BETA

22 Amendments of Agustín DÍAZ DE MERA GARCÍA CONSUEGRA related to 2011/0011(COD)

Amendment 1833 #
Proposal for a regulation
Article 28 – paragraph 1
1. Each controller and processor and, if any, the controller's representative, shall maintain documentationensure that they are in a position duly to inform the authorities which so request of all processing operations under its responsibility.
2013/03/06
Committee: LIBE
Amendment 1844 #
Proposal for a regulation
Article 28 – paragraph 2 – introductory part
2. TheEnterprises or organisations which do not have a data protection officer or sufficient valid certification shall hold the statutory model documentation for all processing operations under their responsibility. That documentation shall contain at least the following information:
2013/03/06
Committee: LIBE
Amendment 1852 #
Proposal for a regulation
Article 28 – paragraph 2 – point b
(b) the name and contact details of the data protection officer, if any;deleted
2013/03/06
Committee: LIBE
Amendment 1870 #
Proposal for a regulation
Article 28 – paragraph 2 – point g
(g) a general indication of the time limits for erasure of the different categories of data, wherever possible;
2013/03/06
Committee: LIBE
Amendment 1893 #
Proposal for a regulation
Article 28 – paragraph 4 – introductory part
4. The obligations referred to in paragraphs 1 and 2 shall not apply to the following controllers and processors:
2013/03/06
Committee: LIBE
Amendment 1912 #
Proposal for a regulation
Article 28 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for the documentation referred to in paragraph 1, to take account of in particular the responsibilities of the controller and the processor and, if any, the controller's representative.
2013/03/06
Committee: LIBE
Amendment 1915 #
Proposal for a regulation
Article 28 – paragraph 6
6. The Commission mayshall lay down standard forms for the documentation referred to in paragraph 12. Those implementing acts shall be adopted in accordance with the examination procedure set out in Article 87(2).
2013/03/06
Committee: LIBE
Amendment 1918 #
Proposal for a regulation
Article 29 – paragraph 1
1. The controller and, where appropriate, the processor and, if any, the representative of the controller, shall co-operate, on request, with the supervisory authority in the performance of its duties, in particular by providing the information referred to in point (a) of Article 53(2) and by granting access as provided in point (b) of that paragraph.
2013/03/06
Committee: LIBE
Amendment 1920 #
Proposal for a regulation
Article 29 – paragraph 2
2. In response to the supervisory authority's exercise of its powers under Article 53(2), the controller, either in person or through his representative, and the processor shall reply to the supervisory authority within a reasonable period to be specified by the supervisory authority. The reply shall include a description of the measures taken and the results achieved, in response to the remarks of the supervisory authority.
2013/03/06
Committee: LIBE
Amendment 1935 #
Proposal for a regulation
Article 30 – paragraph 3
3. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and conditions for the technical and organisational measures referred to in paragraphs 1 and 2, including the determinations of what constitutes the state of the art, for specific sectors and in specific data processing situations, in particular taking account of developments in technology and solutions for privacy by design and data protection by default, unless paragraph 4 applies.
2013/03/06
Committee: LIBE
Amendment 1941 #
Proposal for a regulation
Article 30 – paragraph 4
4. The Commission may adopt, where necessary, implementing acts for specifying the requirements laid down in paragraphs 1 and 2 to various situations, in particular to: a) prevent any unauthorised access to personal data; b) prevent any unauthorised disclosure, reading, copying, modification, erasure or removal of personal data; c) ensure the verification of the lawfulness of processing operations. Those implementing acts shall be adopted in accordance with the examination procedure set out in Article 87(2).deleted
2013/03/06
Committee: LIBE
Amendment 1950 #
Proposal for a regulation
Article 31 – paragraph 1
1. In the case of a personal data breach, the controller shall without undue delay and such as to constitute a serious risk to personal data privacy, wthere feasible, not lat controller tshan 24 hours after having become aware of it,ll without undue delay notify the personal data breach to the supervisory authority. The notification to the supervisory authority shall be accompanied by a reasoned justification in cases where it is not made within 24 hours.
2013/03/06
Committee: LIBE
Amendment 1963 #
Proposal for a regulation
Article 31 – paragraph 2
2. Pursuant to point (f) of Article 26(2), the processor shall alert and inform the controller immediately after the establishment of a personal data breach as referred to in paragraph 1.
2013/03/06
Committee: LIBE
Amendment 1969 #
Proposal for a regulation
Article 31 – paragraph 3 – introductory part
3. The notification referred to in paragraph 1 must at least: (a) describe the nature of the personal data breach including the categories and number of data subjects concerned and the categories and number of data records concerned; (b) communicate the identity and contact details of the data protection officer or other contact point where more information can be obtained; (c) recommend measures to mitigate the possible adverse effects of the personal data breach; (d) describemust contain the details necessary to enable the supervisory authority to assess the gravity of the incidents and their consequences of the personal data breach; (e) describe the measures proposed or taken by the controller to address the personal data breachand, if necessary, recommend that action be taken.
2013/03/06
Committee: LIBE
Amendment 1976 #
Proposal for a regulation
Article 31 – paragraph 4
4. The controller shall document any personal data breaches referred to in paragraph 1 of this article, comprising the facts surrounding the breach, its effects and the remedial action taken. This documentation must enable the supervisory authority to verify compliance with this Article. The documentation shall only include the information necessary for that purposeWithout prejudice to the above, the controller or, where appropriate, the processor, shall keep records of previous breaches and their consequences not referred to in paragraph 1 but relating to the use of personal data, and make them available to the supervisory authorities which may wish to receive copies thereof on a regular basis.
2013/03/06
Committee: LIBE
Amendment 1985 #
Proposal for a regulation
Article 31 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for establishing the data breach referred to in paragraphs 1 and 2 and for the particular circumstances in which a controller and a processor is required to notify the personal data breach.
2013/03/06
Committee: LIBE
Amendment 1993 #
Proposal for a regulation
Article 31 – paragraph 6
6. The Commission may lay down the standard format of such notifications to the supervisory authority, the procedures applicable to the notification requirement and the form and the modalities for the documentation referred to inin accordance with paragraph 43, including the time limits for erasure of the information contained thereinand of the register of breaches and their consequences. Those implementing acts shall be adopted in accordance with the examination procedure set outreferred to in Article 87(2).
2013/03/06
Committee: LIBE
Amendment 2005 #
Proposal for a regulation
Article 32 – paragraph 4 – subparagraph 1 a (new)
Those concerned shall not be notified in cases where this could clearly obstruct current investigations or hinder or delay measures to resolve the security breach. More detailed provision for such eventualities may be made under EU law and Member State legislation, the objective being at all times to uphold the public interest and comply with the spirit of data protection law.
2013/03/06
Committee: LIBE
Amendment 2006 #
Proposal for a regulation
Article 32 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements as to the circumstances in which a personal data breach is likely to adversely affect the personal data referred to in paragraph 1.
2013/03/06
Committee: LIBE
Amendment 2012 #
Proposal for a regulation
Article 32 – paragraph 6
6. The Commission may lay down the format of the communication to the data subject referred to in paragraph 1 and the procedures applicable to that communication, with a particular focus on cases affecting large numbers of people. Those implementing acts shall be adopted in accordance with the examination procedure set out in Article 87(2).
2013/03/06
Committee: LIBE
Amendment 2019 #
Proposal for a regulation
Article 33 – paragraph 1
1. Where processing operations present specific risks to the rights and freedoms of data subjects by virtue of their nature, their scope or their purposes, the controller or the processor acting on the controller's behalf, if they have not recruited a data protection officer for their organisation or obtained adequate and valid certification for the processing of high-risk data, shall carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.
2013/03/06
Committee: LIBE
Amendment 2074 #
Proposal for a regulation
Article 33 – paragraph 6
6. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and conditions for the processing operations likely to present specific risks referred to in paragraphs 1 and 2 and the requirements for the assessment referred to in paragraph 3, including conditions for scalability, verification and auditability. In doing so, the Commission shall consider specific measures for micro, small and medium- sized enterprises.
2013/03/06
Committee: LIBE