12 Amendments of Timothy KIRKHOPE related to 2011/0011(COD)
Amendment 1839 #
Proposal for a regulation
Article 28 – paragraph 1
Article 28 – paragraph 1
1. Each controller and processor and, if any, the controller's representative, shall maintain documentation of all processing operations under its responsibility regarding data handling practices, including what purpose data processing is being carried out for and for which data controller.
Amendment 1847 #
Proposal for a regulation
Article 28 – paragraph 2 – introductory part
Article 28 – paragraph 2 – introductory part
2. The documentation shallould contain at least the following information:
Amendment 1882 #
Proposal for a regulation
Article 28 – paragraph 3
Article 28 – paragraph 3
3. The controller and the processor and, if any, the controller's representative, shall make the documentation available, on request, to the supervisory authority. However, equal emphasis and significance must be placed on good practice and compliance and not just the completion of documentation.
Amendment 1896 #
Proposal for a regulation
Article 28 – paragraph 4 – point a
Article 28 – paragraph 4 – point a
Amendment 1902 #
Proposal for a regulation
Article 28 – paragraph 4 – point b
Article 28 – paragraph 4 – point b
(b) an enterprise or an organisation employing fewer than 2500 persons that is processing personal data only as an activity ancillary to its main activities.
Amendment 1958 #
Proposal for a regulation
Article 31 – paragraph 1
Article 31 – paragraph 1
1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 24 hour10 working days after having become aware of it, or when sufficient and conclusive information regarding the data breach can be obtained, shall notify the personal data breach to the supervisory authority. The notification to the supervisory authority shall be accompanied by a reasoned justification in cases where it is not made within 24 hour10 working days.
Amendment 1965 #
Proposal for a regulation
Article 31 – paragraph 2
Article 31 – paragraph 2
2. Pursuant to point (f) of Article 26(2), the processor shall alert and inform the controller immediatelas a matter of urgency after the establishment of a personal data breach.
Amendment 1978 #
Proposal for a regulation
Article 31 – paragraph 4
Article 31 – paragraph 4
4. The controller shall document any personal data breaches without undue delay when asked to be provided, comprising the facts surrounding the breach, its effects and the remedial action taken. This documentation must enable the supervisory authority to verify compliance with this Article. The documentation shall only include the information necessary for that purpose.
Amendment 1997 #
Proposal for a regulation
Article 32 – paragraph 1
Article 32 – paragraph 1
1. When the personal data breach is likely to have an adversely affect to the protection of the personal data or privacy of the data subject with respect to proportionality, the controller shall, after the notification referred to in Article 31, communicate the personal data breach to the data subject without undue delay.
Amendment 2007 #
Proposal for a regulation
Article 32 – paragraph 5
Article 32 – paragraph 5
Amendment 2076 #
Proposal for a regulation
Article 33 – paragraph 6
Article 33 – paragraph 6
Amendment 2089 #
Proposal for a regulation
Article 33 – paragraph 7
Article 33 – paragraph 7
7. The CommissionEuropean Data Protection Board in contact with the Supervisory Authority may specify standards and procedures and guidance for carrying out and verifying and auditing the assessment referred to in paragraph 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2).