BETA

8 Amendments of Renate SOMMER related to 2011/0011(COD)

Amendment 1837 #
Proposal for a regulation
Article 28 – paragraph 1
1. Each controller and processor and, if any, the controller's representative, shall maintain documentation of all processing operations under its responsibility.
2013/03/06
Committee: LIBE
Amendment 1884 #
Proposal for a regulation
Article 28 – paragraph 3
3. The controller and the processor and, if any, the controller's representative, shall make the documentation available, on request, to the supervisory authority.
2013/03/06
Committee: LIBE
Amendment 1911 #
Proposal for a regulation
Article 28 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for the documentation referred to in paragraph 1, to take account of in particular the responsibilities of the controller and the processor and, if any, the controller's representative.
2013/03/06
Committee: LIBE
Amendment 1924 #
Proposal for a regulation
Article 30 – paragraph 1
1. The controller and the processor shall implement appropriate technical and organisational measures, including pseudonymisation, to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected, having regard to the state of the art and the costs of their implementation.
2013/03/06
Committee: LIBE
Amendment 1957 #
Proposal for a regulation
Article 31 – paragraph 1
1. In the case of a personal data breach, the controller shall without undue delay and, where relating to special categories of personal data, personal data which are subject to profeassible, not later than 24 hours after having become aware of it, notify theonal secrecy, personal data relating to criminal offences or to the suspicion of a criminal act or personal data breach to the supervisory authority. The notification to the supervisory authority shall be accompanied by a reasoned justification in cases where it is not made within 24 hourslating to bank or credit card accounts, which seriously threaten the rights or legitimate interests of the data subject, the controller shall without undue delay notify the personal data breach to the supervisory authority.
2013/03/06
Committee: LIBE
Amendment 1987 #
Proposal for a regulation
Article 31 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for establishing the data breach referred to in paragraphs 1 and 2 and for the particular circumstances in which a controller and a processor is required to notify the personal data breach.
2013/03/06
Committee: LIBE
Amendment 1999 #
Proposal for a regulation
Article 32 – paragraph 1
1. When the personal data breach is likely to adversely affect the protection of the personal data or, the privacy, the right or the legitimate interests of the data subject, the controller shall, after the notification referred to in Article 31, communicate the personal data breach to the data subject without undue delay. A breach should be considered as adversely affecting the personal data or privacy of a data subject where it could result in, for example, identity theft or fraud, physical harm, significant humiliation or damage to reputation.
2013/03/06
Committee: LIBE
Amendment 2003 #
Proposal for a regulation
Article 32 – paragraph 3
3. The communication of a personal data breach to the data subject shall not be required if the controller demonstrates to the satisfaction of the supervisory authority that itdata breach has not produced significant harm and the controller has implemented appropriate technological protection measures, and that those measures were applied to the data concerned by the personal data breach. Such technological protection measures shall render the data unintelligible, unusable or anonymised to any person who is not authorised to access to it.
2013/03/06
Committee: LIBE