Search Legislation

Directive (EU) 2016/680 of the European Parliament and of the CouncilShow full title

Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA

 Help about what version

What Version

 Help about opening options

Opening OptionsExpand opening options

 Help about UK-EU Regulation

Legislation originating from the EU

When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.

Status:

EU Directives are published on this site to aid cross referencing from UK legislation. Since IP completion day (31 December 2020 11.00 p.m.) no amendments have been applied to this version.

  1. Introductory Text

  2. CHAPTER I General provisions

    1. Article 1.Subject-matter and objectives

    2. Article 2.Scope

    3. Article 3.Definitions

  3. CHAPTER II Principles

    1. Article 4.Principles relating to processing of personal data

    2. Article 5.Time-limits for storage and review

    3. Article 6.Distinction between different categories of data subject

    4. Article 7.Distinction between personal data and verification of quality of personal data

    5. Article 8.Lawfulness of processing

    6. Article 9.Specific processing conditions

    7. Article 10.Processing of special categories of personal data

    8. Article 11.Automated individual decision-making

  4. CHAPTER III Rights of the data subject

    1. Article 12.Communication and modalities for exercising the rights of the data subject

    2. Article 13.Information to be made available or given to the data subject

    3. Article 14.Right of access by the data subject

    4. Article 15.Limitations to the right of access

    5. Article 16.Right to rectification or erasure of personal data and restriction of processing

    6. Article 17.Exercise of rights by the data subject and verification by the supervisory authority

    7. Article 18.Rights of the data subject in criminal investigations and proceedings

  5. CHAPTER IV Controller and processor

    1. Section 1 General obligations

      1. Article 19.Obligations of the controller

      2. Article 20.Data protection by design and by default

      3. Article 21.Joint controllers

      4. Article 22.Processor

      5. Article 23.Processing under the authority of the controller or processor

      6. Article 24.Records of processing activities

      7. Article 25.Logging

      8. Article 26.Cooperation with the supervisory authority

      9. Article 27.Data protection impact assessment

      10. Article 28.Prior consultation of the supervisory authority

    2. Section 2 Security of personal data

      1. Article 29.Security of processing

      2. Article 30.Notification of a personal data breach to the supervisory authority

      3. Article 31.Communication of a personal data breach to the data subject

    3. Section 3 Data protection officer

      1. Article 32.Designation of the data protection officer

      2. Article 33.Position of the data protection officer

      3. Article 34.Tasks of the data protection officer

  6. CHAPTER V Transfers of personal data to third countries or international organisations

    1. Article 35.General principles for transfers of personal data

    2. Article 36.Transfers on the basis of an adequacy decision

    3. Article 37.Transfers subject to appropriate safeguards

    4. Article 38.Derogations for specific situations

    5. Article 39.Transfers of personal data to recipients established in third countries

    6. Article 40.International cooperation for the protection of personal data

  7. CHAPTER VI Independent supervisory authorities

    1. Section 1 Independent status

      1. Article 41.Supervisory authority

      2. Article 42.Independence

      3. Article 43.General conditions for the members of the supervisory authority

      4. Article 44.Rules on the establishment of the supervisory authority

    2. Section 2 Competence, tasks and powers

      1. Article 45.Competence

      2. Article 46.Tasks

      3. Article 47.Powers

      4. Article 48.Reporting of infringements

      5. Article 49.Activity reports

  8. CHAPTER VII Cooperation

    1. Article 50.Mutual assistance

    2. Article 51.Tasks of the Board

  9. CHAPTER VIII Remedies, liability and penalties

    1. Article 52.Right to lodge a complaint with a supervisory authority

    2. Article 53.Right to an effective judicial remedy against a supervisory authority

    3. Article 54.Right to an effective judicial remedy against a controller or processor

    4. Article 55.Representation of data subjects

    5. Article 56.Right to compensation

    6. Article 57.Penalties

  10. CHAPTER IX Implementing acts

    1. Article 58.Committee procedure

  11. CHAPTER X Final provisions

    1. Article 59.Repeal of Framework Decision 2008/977/JHA

    2. Article 60.Union legal acts already in force

    3. Article 61.Relationship with previously concluded international agreements in the field of judicial cooperation in criminal matters and police cooperation

    4. Article 62.Commission reports

    5. Article 63.Transposition

    6. Article 64.Entry into force

    7. Article 65.Addressees

Back to top

Options/Help