SCHEDULE 6The applied GDPR and the applied Chapter 2
PART 1Modifications to the GDPR
Section 1 of Chapter IV of the GDPR (controller and processor: general obligations)
22
In Article 26 (joint controllers), in paragraph 1, for “Union or Member State law to which the controllers are subject” substitute “
domestic law
”
.
23
Omit Article 27 (representatives of controllers or processors not established in the Union).
24
In Article 28 (processor)—
(a)
in paragraph 3, in point (a), for “Union or Member State law to which the processor is subject” substitute “
domestic law
”
;
(b)
in paragraph 3, in the second subparagraph, for “other Union or Member State data protection provisions” substitute “
any other rule of domestic law relating to data protection
”
;
(c)
in paragraph 6, for “paragraphs 7 and 8” substitute “
paragraph 8
”
;
(d)
omit paragraph 7;
(e)
in paragraph 8, omit “and in accordance with the consistency mechanism referred to in Article 63”.
25
In Article 30 (records of processing activities)—
(a)
in paragraph 1, in the first sentence, omit “and, where applicable, the controller's representative,”;
(b)
in paragraph 1, in point (a), omit “, the controller's representative”;
(c)
in paragraph 1, in point (g), after “32(1)” insert “
or section 28(3) of the 2018 Act
”
;
(d)
in paragraph 2, in the first sentence, omit “and, where applicable, the processor's representative”;
(e)
in paragraph 2, in point (a), omit “the controller's or the processor's representative, and”;
(f)
in paragraph 2, in point (d), after “32(1)” insert “
or section 28(3) of the 2018 Act
”
;
(g)
in paragraph 4, omit “and, where applicable, the controller's or the processor's representative,”.
26
In Article 31 (co-operation with the supervisory authority), omit “and, where applicable, their representatives,”.