10 Amendments of Véronique MATHIEU HOUILLON related to 2011/0011(COD)
Amendment 1837 #
Proposal for a regulation
Article 28 – paragraph 1
Article 28 – paragraph 1
1. Each controller and processor and, if any, the controller's representative, shall maintain documentation of all processing operations under its responsibility.
Amendment 1884 #
Proposal for a regulation
Article 28 – paragraph 3
Article 28 – paragraph 3
3. The controller and the processor and, if any, the controller's representative, shall make the documentation available, on request, to the supervisory authority.
Amendment 1911 #
Proposal for a regulation
Article 28 – paragraph 5
Article 28 – paragraph 5
Amendment 1924 #
Proposal for a regulation
Article 30 – paragraph 1
Article 30 – paragraph 1
1. The controller and the processor shall implement appropriate technical and organisational measures, including pseudonymisation, to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected, having regard to the state of the art and the costs of their implementation.
Amendment 1957 #
Proposal for a regulation
Article 31 – paragraph 1
Article 31 – paragraph 1
1. In the case of a personal data breach, the controller shall without undue delay and, where relating to special categories of personal data, personal data which are subject to profeassible, not later than 24 hours after having become aware of it, notify theonal secrecy, personal data relating to criminal offences or to the suspicion of a criminal act or personal data breach to the supervisory authority. The notification to the supervisory authority shall be accompanied by a reasoned justification in cases where it is not made within 24 hourslating to bank or credit card accounts, which seriously threaten the rights or legitimate interests of the data subject, the controller shall without undue delay notify the personal data breach to the supervisory authority.
Amendment 1987 #
Proposal for a regulation
Article 31 – paragraph 5
Article 31 – paragraph 5
Amendment 1999 #
Proposal for a regulation
Article 32 – paragraph 1
Article 32 – paragraph 1
1. When the personal data breach is likely to adversely affect the protection of the personal data or, the privacy, the right or the legitimate interests of the data subject, the controller shall, after the notification referred to in Article 31, communicate the personal data breach to the data subject without undue delay. A breach should be considered as adversely affecting the personal data or privacy of a data subject where it could result in, for example, identity theft or fraud, physical harm, significant humiliation or damage to reputation.
Amendment 2003 #
Proposal for a regulation
Article 32 – paragraph 3
Article 32 – paragraph 3
3. The communication of a personal data breach to the data subject shall not be required if the controller demonstrates to the satisfaction of the supervisory authority that itdata breach has not produced significant harm and the controller has implemented appropriate technological protection measures, and that those measures were applied to the data concerned by the personal data breach. Such technological protection measures shall render the data unintelligible, unusable or anonymised to any person who is not authorised to access to it.
Amendment 2037 #
Proposal for a regulation
Article 33 – paragraph 2 – point c
Article 33 – paragraph 2 – point c
Amendment 2055 #
Proposal for a regulation
Article 33 – paragraph 4
Article 33 – paragraph 4