Chapter 1 - General provisions

• Article 1 - Subject-matter and objectives
• Article 2 - Material scope
• Article 3 - Territorial scope
• Article 4 - Definitions

Chapter 2 - Principles

• Article 5 - Principles relating to processing of personal data
• Article 6 - Lawfulness of processing
• Article 7 - Conditions for consent
• Article 8 - Conditions applicable to child's consent in relation to information society services
• Article 9 - Processing of special categories of personal data
• Article 10 - Processing of personal data relating to criminal convictions and offences
• Article 11 - Processing which does not require identification

Chapter 3 - Rights of the data subject

Section 1 - Transparency and modalities

• Article 12 - Transparent information, communication and modalities for the exercise of the rights of the data subject

Section 2 - Information and access to personal data

• Article 13 - Information to be provided where personal data are collected from the data subject
• Article 14 - Information to be provided where personal data have not been obtained from the data subject
• Article 15 - Right of access by the data subject

Section 3 - Rectification and erasure

• Article 16 - Right to rectification
• Article 17 - Right to erasure (‘right to be forgotten’)
• Article 18 - Right to restriction of processing
• Article 19 - Notification obligation regarding rectification or erasure of personal data or restriction of processing
• Article 20 - Right to data portability

Section 4 - Right to object and automated individual decision-making

• Article 21 - Right to object
• Article 22 - Automated individual decision-making, including profiling

Section 5 - Restrictions

• Article 23 - Restrictions

Chapter 4 - Controller and processor

Section 1 - General obligations

• Article 24 - Responsibility of the controller
• Article 25 - Data protection by design and by default
• Article 26 - Joint controllers
• Article 27 - Representatives of controllers or processors not established in the Union
• Article 28 - Processor
• Article 29 - Processing under the authority of the controller or processor
• Article 30 - Records of processing activities
• Article 31 - Cooperation with the supervisory authority

Section 2 - Security of personal data

• Article 32 - Security of processing
• Article 33 - Notification of a personal data breach to the supervisory authority
• Article 34 - Communication of a personal data breach to the data subject

Section 3 - Data protection impact assessment and prior consultation

• Article 35 - Data protection impact assessment
• Article 36 - Prior consultation

Section 4 - Data protection officer

• Article 37 - Designation of the data protection officer
• Article 38 - Position of the data protection officer
• Article 39 - Tasks of the data protection officer

Section 5 - Codes of conduct and certification

• Article 40 - Codes of conduct
• Article 41 - Monitoring of approved codes of conduct
• Article 42 - Certification
• Article 243 - Certification bodies

Chapter 5 - Transfers of personal data to third countries or international organisations

• Article 44 - General principle for transfers
• Article 45 - Transfers on the basis of an adequacy decision
• Article 46 - Transfers subject to appropriate safeguards
• Article 47 - Binding corporate rules
• Article 48 - Transfers or disclosures not authorised by Union law
• Article 49 - Derogations for specific situations
• Article 50 - International cooperation for the protection of personal data

Chapter 6 - Independent supervisory authorities

Section 1 - Independent status

• Article 51 - Supervisory authority
• Article 52 - Independence
• Article 53 - General conditions for the members of the supervisory authority
• Article 54 - Rules on the establishment of the supervisory authority

Section 2 - Competence, tasks and powers

• Article 55 - Competence
• Article 56 - Competence of the lead supervisory authority
• Article 57 - Tasks
• Article 58 - Powers
• Article 59 - Activity reports

Chapter 7 - Cooperation and consistency

Section 1 - Cooperation

• Article 60 - Cooperation between the lead supervisory authority and the other supervisory authorities concerned
• Article 61 - Mutual assistance
• Article 62 - Joint operations of supervisory authorities

Section 2 - Consistency

• Article 63 - Consistency mechanism
• Article 64 - Opinion of the Board
• Article 65 - Dispute resolution by the Board
• Article 66 - Urgency procedure
• Article 67 - Exchange of information

Section 3 - European data protection board

• Article 68 - European Data Protection Board
• Article 69 - Independence
• Article 70 - Tasks of the Board
• Article 71 - Reports
• Article 72 - Procédure
• Article 73 - Chair
• Article 74 - Tasks of the Chair
• Article 75 - Secretariat
• Article 76 - Confidentiality

Chapter 8 - Remedies, liability and penalties

• Article 77 - Right to lodge a complaint with a supervisory authority
• Article 78 - Right to an effective judicial remedy against a supervisory authority
• Article 79 - Right to an effective judicial remedy against a controller or processor
• Article 80 - Representation of data subjects
• Article 81 - Suspension of proceedings
• Article 82 - Right to compensation and liability
• Article 83 - General conditions for imposing administrative fines
• Article 84 - Penalties

Chapter 9 - Provisions relating to specific processing situations

• Article 85 - Processing and freedom of expression and information
• Article 86 - Processing and public access to official documents
• Article 87 - Processing of the national identification number
• Article 88 - Processing in the context of employment
• Article 89 - Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
• Article 90 - Obligations of secrecy
• Article 91 - Existing data protection rules of churches and religious associations

Chapter 10 - Delegated acts and implementing acts

• Article 92 - Exercise of the delegation
• Article 93 - Committee procedure

Chapter 11 - Final provisions

• Article 94 - Repeal of Directive 95/46/EC
• Article 95 - Relationship with Directive 2002/58/EC
• Article 96 - Relationship with previously concluded Agreements
• Article 97 - Commission reports
• Article 98 - Review of other Union legal acts on data protection
• Article 99 - Entry into force and application