BETA

12 Amendments of Timothy KIRKHOPE related to 2011/0011(COD)

Amendment 1839 #
Proposal for a regulation
Article 28 – paragraph 1
1. Each controller and processor and, if any, the controller's representative, shall maintain documentation of all processing operations under its responsibility regarding data handling practices, including what purpose data processing is being carried out for and for which data controller.
2013/03/06
Committee: LIBE
Amendment 1847 #
Proposal for a regulation
Article 28 – paragraph 2 – introductory part
2. The documentation shallould contain at least the following information:
2013/03/06
Committee: LIBE
Amendment 1882 #
Proposal for a regulation
Article 28 – paragraph 3
3. The controller and the processor and, if any, the controller's representative, shall make the documentation available, on request, to the supervisory authority. However, equal emphasis and significance must be placed on good practice and compliance and not just the completion of documentation.
2013/03/06
Committee: LIBE
Amendment 1896 #
Proposal for a regulation
Article 28 – paragraph 4 – point a
(a) a natural person processing personal data without a commercial interest; ordeleted
2013/03/06
Committee: LIBE
Amendment 1902 #
Proposal for a regulation
Article 28 – paragraph 4 – point b
(b) an enterprise or an organisation employing fewer than 2500 persons that is processing personal data only as an activity ancillary to its main activities.
2013/03/06
Committee: LIBE
Amendment 1958 #
Proposal for a regulation
Article 31 – paragraph 1
1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 24 hour10 working days after having become aware of it, or when sufficient and conclusive information regarding the data breach can be obtained, shall notify the personal data breach to the supervisory authority. The notification to the supervisory authority shall be accompanied by a reasoned justification in cases where it is not made within 24 hour10 working days.
2013/03/06
Committee: LIBE
Amendment 1965 #
Proposal for a regulation
Article 31 – paragraph 2
2. Pursuant to point (f) of Article 26(2), the processor shall alert and inform the controller immediatelas a matter of urgency after the establishment of a personal data breach.
2013/03/06
Committee: LIBE
Amendment 1978 #
Proposal for a regulation
Article 31 – paragraph 4
4. The controller shall document any personal data breaches without undue delay when asked to be provided, comprising the facts surrounding the breach, its effects and the remedial action taken. This documentation must enable the supervisory authority to verify compliance with this Article. The documentation shall only include the information necessary for that purpose.
2013/03/06
Committee: LIBE
Amendment 1997 #
Proposal for a regulation
Article 32 – paragraph 1
1. When the personal data breach is likely to have an adversely affect to the protection of the personal data or privacy of the data subject with respect to proportionality, the controller shall, after the notification referred to in Article 31, communicate the personal data breach to the data subject without undue delay.
2013/03/06
Committee: LIBE
Amendment 2007 #
Proposal for a regulation
Article 32 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements as to the circumstances in which a personal data breach is likely to adversely affect the personal data referred to in paragraph 1.
2013/03/06
Committee: LIBE
Amendment 2076 #
Proposal for a regulation
Article 33 – paragraph 6
6. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and conditions for the processing operations likely to present specific risks referred to in paragraphs 1 and 2 and the requirements for the assessment referred to in paragraph 3, including conditions for scalability, verification and auditability. In doing so, the Commission shall consider specific measures for micro, small and medium- sized enterprises.
2013/03/06
Committee: LIBE
Amendment 2089 #
Proposal for a regulation
Article 33 – paragraph 7
7. The CommissionEuropean Data Protection Board in contact with the Supervisory Authority may specify standards and procedures and guidance for carrying out and verifying and auditing the assessment referred to in paragraph 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2).
2013/03/06
Committee: LIBE