Article 18*

Article 18 – Responsibility of the controller

1. Member States shall provide that the controller adopts policies and implements appropriate measures to ensure that the processing of personal data is performed in compliance with the provisions adopted pursuant to this Directive.2. The measures referred to in paragraph 1 shall in particular include:

(a) keeping the documentation referred to in Article 23;

(b) complying with the requirements for prior consultation pursuant to Article 26;

(c) implementing the data security requirements laid down in Article 27;

(d) designating a data protection officer pursuant to Article 30.

3. The controller shall implement mechanisms to ensure the verification of the effectiveness of the measures referred to in paragraph 1 of this Article. If proportionate, this verification shall be carried out by independent internal or external auditors.

EDRi’s proposed amendment

1. Member States shall provide that the controller adopts policies and implements appropriate measures to ensure and be able to demonstrate that the processing of personal data is performed in compliance with the provisions adopted pursuant to this Directive.2. The measures referred to in paragraph 1 shall in particular include:

(a) keeping the documentation referred to in Article 23;

(b) complying with the requirements for prior consultation pursuant to Article 26;

(c) implementing the data security requirements laid down in Article 27;

(ca) carry out data protection impact assessments pursuant to Article 29a.

(d) designating a data protection officer pursuant to Article 30.

3. The controller shall implement mechanisms to ensure the verification of the effectiveness of the measures referred to in paragraph 1 of this Article. If proportionate, this verification shall be carried out by independent internal or external auditors.

Justification

This amendment brings this Article more in line with its counterpart, Article 22 in the General Data Protection Regulation and reflects the addition of Article 29a.

  • eu logo The launch and upkeep (until December 31, 2012) of this website received financial support from the EU's Fundamental Rights and Citizenship Programme.
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: