13 Amendments of Marie-Christine VERGIAT related to 2011/0011(COD)
Amendment 1838 #
Proposal for a regulation
Article 28 – paragraph 1
Article 28 – paragraph 1
1. Each controller and processor and, if any, the controller's representative, shall maintain documentation of all processing operations under its responsibility. The documentation shall be regularly updated.
Amendment 1862 #
Proposal for a regulation
Article 28 – paragraph 2 – point e
Article 28 – paragraph 2 – point e
(e) the recipients or categories of recipients of the personal data, including the controllers to whom personal data are disclosed for the legitimate interest pursued by them;
Amendment 1869 #
Proposal for a regulation
Article 28 – paragraph 2 – point g
Article 28 – paragraph 2 – point g
(g) a general indication of the time limits for erasure or archiving of the different categories of data;
Amendment 1897 #
Proposal for a regulation
Article 28 – paragraph 4 – point a
Article 28 – paragraph 4 – point a
(a) a natural person processing personal data without a commercial interest; or, unless personal data is made accessible for a large number of persons or a large amount of personal data about the data subjects are processed or combined or aligned with other personal data.
Amendment 1899 #
Proposal for a regulation
Article 28 – paragraph 4 – point b
Article 28 – paragraph 4 – point b
Amendment 1925 #
Proposal for a regulation
Article 30 – paragraph 1
Article 30 – paragraph 1
1. The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected, having regard to the state of the art and the costs of their implementation.
Amendment 1983 #
Proposal for a regulation
Article 31 – paragraph 4 a (new)
Article 31 – paragraph 4 a (new)
4a. The supervisory authority shall keep a public register of the types of breaches notified.
Amendment 2004 #
Proposal for a regulation
Article 32 – paragraph 3 a (new)
Article 32 – paragraph 3 a (new)
3a. If after the implementation of the suggested technological measures another data breach were to occur, the controller shall always be obliged to communicate this without undue delay to the data subject.
Amendment 2025 #
Proposal for a regulation
Article 33 – paragraph 1
Article 33 – paragraph 1
1. Where processing operations present specific risks to the rights and freedoms of data subjects by virtue of their nature, their scope or their purposes, the controller or the processor acting on the controller's behalf shall carry out an detailed assessment of the impact of the envisaged processing operations on the protection of personal data.
Amendment 2034 #
Proposal for a regulation
Article 33 – paragraph 2 – point b
Article 33 – paragraph 2 – point b
(b) information on sex life, health, race and ethnic origin, socio-economic status, or for the provision of health care, epidemiological researches, or surveys of mental or infectious diseases, where the data are processed for taking measures or decisions regarding specific individuals on a large scale;
Amendment 2039 #
Proposal for a regulation
Article 33 – paragraph 2 – point c
Article 33 – paragraph 2 – point c
(c) monitoring publicly accessible areas, especially when using optic-electronic devices (video surveillance) onr a large scaleny other sensory devices;
Amendment 2049 #
Proposal for a regulation
Article 33 – paragraph 3
Article 33 – paragraph 3
3. The assessment shall contain at least a generalsystematic and detailed description of the envisaged processing operations, an assessment of the risks to the rights and freedoms of data subjects, the measures envisaged to address the risks, safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation, taking into account the rights and legitimate interests of data subjects and other persons concerned.
Amendment 2058 #
Proposal for a regulation
Article 33 – paragraph 4
Article 33 – paragraph 4
4. The controller shall seek the views of data subjects or their representatives on the intended processing, without prejudice to the protection of commercial or public interests or the security of the processing operations.