Specific actions demanded by rule changes for GDPR compliance: reference articles

Reference articles

  • Article 37: Designation of the Data Protection Officer and data processing tasks.
  • Article 39: Training of staff in data maintenance and related control activities.
  • Articles 7-8: Conditions of consent for the processing of data, updating the rights and policies of interested parties, and establishing procedures for the demonstration of consent.
  • Article 13: Verification of the data to be processed, with identification of the various types of data, the categories to which they belong, verification of the purpose of each act of processing and the laws on which each act is based.
  • Articles 12-15: Provision of adequate, detailed communication based on the principle of transparency. Such communication should be easy to understand and provide access to the procedures necessary for the interested party to exercise their rights.
  • Articles 33-34: Procedures for responding to the violation of personal data (a “data breach”) without undue delay after detecting such a breach.
  • Article 35 DPIA: Evaluation of the impact on data protection.
  • Article 39: Principles applicable to processing activities, including the goals, description of data categories and recipients, and possible transfers.
  • Article 28: Consolidation of appropriate technical and organizational measures.
  • Article 20: Provision of data portability of interested parties to and from third-party systems.
  • Articles 44-50: Reinforcement of the level of protection for data transfer to third countries with appropriate protocols.
  • Article 25: Data protection by design aimed at effectively implementing data security principles, such as minimization, and integrating the necessary guarantees to meet the requirements of this regulation and protect the rights of interested parties.
  • Article 32: Secure processing of adequate technical and organizational measures to ensure a level of security appropriate to the risk.



A process and set of rules followed by a computer in the execution of repetitive tasks to solve problems or to obtain results.


A form of automated processing of personal data, consisting of the use of information to evaluate certain personal aspects relating to a natural person. In particular, profiling analyzes or predicts aspects of professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement.


The significant events that occur between applications and the system as a service provider; the customers are the recipients of the services themselves. In general, a log is made at the beginning and the end of a service and when every condition is codified.

Third parties

Services used to complete purchasing procedures and to provide statistics, and systems for importing or exporting data to and from our platforms.


A small file containing a string of characters sent to your computer when you visit a website. The cookie stores your preferences to allow a more personalized navigation experience.

Pixel tag and beacon

Technologies embedded in the email body to determine activities such as views or openings.

Personal data

Information that identifies you.

Particular data

Previously called “sensitive data,” this is a category of sensitive personal data such as biometrics, criminal record, health care etc.

IP address

A numerical label that uniquely identifies a device such as a computer, smartphone router, etc.

Data Privacy Agreement

Terms and conditions of use of the services offered by Delivery Tech Corp.

Data controller

The body that determines, individually or together with others, the purposes and means of processing personal data. The European Union or Member State defines the purposes and means of such processing and establishes the controller or the specific criteria applicable to his designation. This important role can be held by a natural or legal person, public authority, service or other body.

Data processor

The natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.

Data Protection Officer (DPO)

The person responsible for evaluating and organizing the management of the processing of personal data and their protection, so that they are processed in a lawful and relevant manner.