- Y Diweddaraf sydd Ar Gael (Diwygiedig)
- Gwreiddiol (Fel y’i mabwysiadwyd gan yr UE)
Regulation (EU) 2016/679 of the European Parliament and of the CouncilDangos y teitl llawn
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (United Kingdom General Data Protection Regulation) (Text with EEA relevance)
You are here:
Pa Fersiwn
Nodweddion Uwch
- Dangos Graddfa Ddaearyddol(e.e. Lloegr, Cymru, Yr Alban aca Gogledd Iwerddon)
- Dangos Llinell Amser Newidiadau
Dewisiadau Agor
Rhagor o Adnoddau
PDF o Fersiynau Diwygiedig
- ddiwygiedig 04/05/20160.59 MB
Deddfwriaeth yn deillio o’r UE
Pan adawodd y DU yr UE, cyhoeddodd legislation.gov.uk ddeddfwriaeth yr UE a gyhoeddwyd gan yr UE hyd at ddiwrnod cwblhau’r cyfnod gweithredu (31 Rhagfyr 2020 11.00 p.m.). Ar legislation.gov.uk, mae'r eitemau hyn o ddeddfwriaeth yn cael eu diweddaru'n gyson ag unrhyw ddiwygiadau a wnaed gan y DU ers hynny.
Mae'r eitem hon o ddeddfwriaeth yn tarddu o'r UE
Mae legislation.gov.uk yn cyhoeddi fersiwn y DU. Mae EUR-Lex yn cyhoeddi fersiwn yr UE. Mae Archif Gwe Ymadael â’r UE yn rhoi cipolwg ar fersiwn EUR-Lex o ddiwrnod cwblhau’r cyfnod gweithredu (31 Rhagfyr 2020 11.00 p.m.).
Changes over time for: Article 32
Changes to legislation:
Regulation (EU) 2016/679 of the European Parliament and of the Council, Article 32 is up to date with all changes known to be in force on or before 28 October 2025. There are changes that may be brought into force at a future date. Changes that have been made appear in the content and are referenced with annotations.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. Changes and effects are recorded by our editorial team in lists which can be found in the ‘Changes to Legislation’ area. Where those effects have yet to be applied to the text of the legislation by the editorial team they are also listed alongside the legislation in the affected provisions. Use the ‘more’ link to open the changes and effects relevant to the provision you are viewing.
Changes and effects yet to be applied to Article 32:
- Annex 1 inserted by 2025 c. 18 Sch. 4
- Annex 2 inserted by 2025 c. 18 Sch. 5
- Art. 4.1(11) words inserted by 2025 c. 18 s. 68(2)
- Art. 12(6)(a) words in Art. 12(6) renumbered as Art. 12(6)(a) by 2025 c. 18 s. 76(2)(c)(i)
- Art. 12(6)(b) and word inserted by 2025 c. 18 s. 76(2)(c)(ii)
- Art. 12A inserted by 2025 c. 18 s. 76(3)
- Art. 13(2)(ca) inserted by 2025 c. 18 Sch. 10 para. 3(2)
- Art. 13(5)-(7) inserted by 2025 c. 18 s. 77(1)(b)
- Art. 14(2)(da) inserted by 2025 c. 18 Sch. 10 para. 4(2)
- Art. 14(5)(e)(f) inserted by 2025 c. 18 s. 77(2)(a)(v)
- Art. 14(6)(7) inserted by 2025 c. 18 s. 77(2)(b)
- Art. 15(1)(ea) inserted by 2025 c. 18 Sch. 10 para. 5(2)
- Art. 17(1)(g)(4)(5) extended (S.N.I.) by 2025 c. 18 Sch. 11 para. 31(a)
- Art. 17(1)(g) inserted by 2024 c. 21 s. 31(2)
- Art. 17(4)(5) inserted by 2024 c. 21 s. 31(3)
- Art. 25(1A)(1B) inserted by 2025 c. 18 s. 81(2)
- Art. 25(4)(5) inserted by 2025 c. 18 s. 81(4)
- Art. 41(4A) inserted by 2025 c. 18 s. 83(b)
- Art. 44A inserted by 2025 c. 18 Sch. 7 para. 2(2)
- Art. 45C inserted by 2025 c. 18 Sch. 7 para. 5
- Art. 46(1A) inserted by 2025 c. 18 Sch. 7 para. 6(3)
- Art. 46(6)-(8) inserted by 2025 c. 18 Sch. 7 para. 6(6)
- Art. 57(1)(sa) inserted by 2025 c. 18 Sch. 9 para. 8(b)
- Art. 58(3)(k) inserted by 2025 c. 18 Sch. 9 para. 9
- Art. 83(5)(ba) inserted by 2025 c. 18 Sch. 6 para. 9(b)
Newidiadau ac effeithiau heb eu gweithredu eto ar yr eitem ddeddfwriaeth gyfan a’r darpariaethau cysylltiedig.
- Annex 1 inserted by 2025 c. 18 Sch. 4
- Annex 2 inserted by 2025 c. 18 Sch. 5
- Art. 4.1(11) words inserted by 2025 c. 18 s. 68(2)
- Art. 12(6)(a) words in Art. 12(6) renumbered as Art. 12(6)(a) by 2025 c. 18 s. 76(2)(c)(i)
- Art. 12(6)(b) and word inserted by 2025 c. 18 s. 76(2)(c)(ii)
- Art. 12A inserted by 2025 c. 18 s. 76(3)
- Art. 13(2)(ca) inserted by 2025 c. 18 Sch. 10 para. 3(2)
- Art. 13(5)-(7) inserted by 2025 c. 18 s. 77(1)(b)
- Art. 14(2)(da) inserted by 2025 c. 18 Sch. 10 para. 4(2)
- Art. 14(5)(e)(f) inserted by 2025 c. 18 s. 77(2)(a)(v)
- Art. 14(6)(7) inserted by 2025 c. 18 s. 77(2)(b)
- Art. 15(1)(ea) inserted by 2025 c. 18 Sch. 10 para. 5(2)
- Art. 17(1)(g)(4)(5) extended (S.N.I.) by 2025 c. 18 Sch. 11 para. 31(a)
- Art. 17(1)(g) inserted by 2024 c. 21 s. 31(2)
- Art. 17(4)(5) inserted by 2024 c. 21 s. 31(3)
- Art. 25(1A)(1B) inserted by 2025 c. 18 s. 81(2)
- Art. 25(4)(5) inserted by 2025 c. 18 s. 81(4)
- Art. 41(4A) inserted by 2025 c. 18 s. 83(b)
- Art. 44A inserted by 2025 c. 18 Sch. 7 para. 2(2)
- Art. 45C inserted by 2025 c. 18 Sch. 7 para. 5
- Art. 46(1A) inserted by 2025 c. 18 Sch. 7 para. 6(3)
- Art. 46(6)-(8) inserted by 2025 c. 18 Sch. 7 para. 6(6)
- Art. 57(1)(sa) inserted by 2025 c. 18 Sch. 9 para. 8(b)
- Art. 58(3)(k) inserted by 2025 c. 18 Sch. 9 para. 9
- Art. 83(5)(ba) inserted by 2025 c. 18 Sch. 6 para. 9(b)
Article 32U.K.Security of processing
1.Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(a)the pseudonymisation and encryption of personal data;
(b)the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c)the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d)a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
2.In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
3.Adherence to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as [F1a means of demonstrating] compliance with the requirements set out in paragraph 1 of this Article.
4.The controller and processor shall take steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by [F2domestic law].
Textual Amendments
F1Words in Art. 32(3) substituted (20.8.2025) by Data (Use and Access) Act 2025 (c. 18), s. 142(1), Sch. 11 para. 10; S.I. 2025/904, reg. 2(y)
F2Words in Art. 32(4) substituted (31.12.2020) by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (S.I. 2019/419), reg. 1(2), Sch. 1 para. 26 (with reg. 5); 2020 c. 1, Sch. 5 para. 1(1)
Options/Cymorth
Print Options
PrintThe Whole Regulation
PrintThe Whole Chapter
PrintThe Whole Section
PrintThis Article only
Mae deddfwriaeth ar gael mewn fersiynau gwahanol:
Y Diweddaraf sydd Ar Gael (diwygiedig):Y fersiwn ddiweddaraf sydd ar gael o’r ddeddfwriaeth yn cynnwys newidiadau a wnaed gan ddeddfwriaeth ddilynol ac wedi eu gweithredu gan ein tîm golygyddol. Gellir gweld y newidiadau nad ydym wedi eu gweithredu i’r testun eto yn yr ardal ‘Newidiadau i Ddeddfwriaeth’.
Gwreiddiol (Fel y’i mabwysiadwyd gan yr UE): Mae'r wreiddiol version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
Gweler y wybodaeth ychwanegol ochr yn ochr â’r cynnwys
Rhychwant ddaearyddol: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Dangos Llinell Amser Newidiadau: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Dewisiadau Agor
Dewisiadau gwahanol i agor deddfwriaeth er mwyn gweld rhagor o gynnwys ar y sgrin ar yr un pryd
Rhagor o Adnoddau
Gallwch wneud defnydd o ddogfennau atodol hanfodol a gwybodaeth ar gyfer yr eitem ddeddfwriaeth o’r tab hwn. Yn ddibynnol ar yr eitem ddeddfwriaeth sydd i’w gweld, gallai hyn gynnwys:
- y PDF print gwreiddiol y fel adopted version that was used for the EU Official Journal
- rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
- pob fformat o’r holl ddogfennau cysylltiedig
- slipiau cywiro
- dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Llinell Amser Newidiadau
Mae’r llinell amser yma yn dangos y fersiynau gwahanol a gymerwyd o EUR-Lex yn ogystal ag unrhyw fersiynau dilynol a grëwyd ar ôl y diwrnod ymadael o ganlyniad i newidiadau a wnaed gan ddeddfwriaeth y Deyrnas Unedig.
Cymerir dyddiadau fersiynau’r UE o ddyddiadau’r dogfennau ar EUR-Lex ac efallai na fyddant yn cyfateb â’r adeg pan ddaeth y newidiadau i rym ar gyfer y ddogfen.
Ar gyfer unrhyw fersiynau a grëwyd ar ôl y diwrnod ymadael o ganlyniad i newidiadau a wnaed gan ddeddfwriaeth y Deyrnas Unedig, bydd y dyddiad yn cyd-fynd â’r dyddiad cynharaf y daeth y newid (e.e. ychwanegiad, diddymiad neu gyfnewidiad) a weithredwyd i rym. Am ragor o wybodaeth gweler ein canllaw i ddeddfwriaeth ddiwygiedig ar Ddeall Deddfwriaeth.
Rhagor o Adnoddau
Defnyddiwch y ddewislen hon i agor dogfennau hanfodol sy’n cyd-fynd â’r ddeddfwriaeth a gwybodaeth am yr eitem hon o ddeddfwriaeth. Gan ddibynnu ar yr eitem o ddeddfwriaeth sy’n cael ei gweld gall hyn gynnwys:
- y PDF print gwreiddiol y fel adopted fersiwn a ddefnyddiwyd am y copi print
- slipiau cywiro
liciwch ‘Gweld Mwy’ neu ddewis ‘Rhagor o Adnoddau’ am wybodaeth ychwanegol gan gynnwys
- rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
- manylion rhoi grym a newid cyffredinol
- pob fformat o’r holl ddogfennau cysylltiedig
- dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Mae’r holl gynnwys ar gael dan Drwydded Llywodraeth Agored v3.0 ac eithrio ble nodir yn wahanol. Yn ychwanegol mae’r safle hwn â chynnwys sy’n deillio o EUR-Lex, a ailddefnyddiwyd dan delerau Penderfyniad y Comisiwn 2011/833/EU ar ailddefnyddio dogfennau o sefydliadau’r UE. Am ragor o wybodaeth gweler ddatganiad cyhoeddus Swyddfa Gyhoeddiadau’r UE ar ailddefnyddio.