Table of Contents

Article 1: Definitions

Article 2: Scope of Application of the Decree by Law

Article 3: Bureau's Power of Exemption

Article 4: Cases of Processing Personal Data without the Consent of its Owner

Article 5: Personal Data Processing Controls

Article 6: Terms of Consent to Data Processing

Article 7: The Controller's General Obligations

Article 8: The Processor's General Obligations

Article 9: Reporting Personal Data Breach

Article 10: Appointing Data Protection Officer

Article 11: Roles of Data Protection Officer

Article 12: Duties of the controller and the processor towards the Data Protection Officer

Article 13: Right to Receive Information

Article 14: Right to Request Transfer of Personal Data

Article 15: Right to correction or erasure of Personal Data

Article 16: Right to Restrict Processing

Article 17: Right to Stop Processing

Article 18: Right to Processing and Automated Processing

Article 19: Contacting the Controller

Article 20: Personal Data Security

Article 21: Assessment of the Impact of Personal Data Protection

Article 22: Cross-Border Transfer and Sharing of Personal Data for Processing Purposes if a Proper Protection Level is Available

Article 23: Cross-Border Transfer and Sharing of Personal Data for Processing Purposes if a Proper Protection Level is not Available

Article 24: Complaints

Article 25: Grievance against the Bureau's Decisions

Article 26: Administrative Penalties

Article 27: Authorization

Article 28: The Executive Regulation

Article 29: Regularisation

Article 30: Repeals

Article 31: Publication & Enforcement of this Decree by Law