Article 5(2) (Principle of accountability); Article 24(3) (Responsibility of the controller); Article 25(3) (Data protection by design and by default); Article 28(5) (Responsibilities of the processor) (see too recital 81); Article 32(3) (Security of processing); Article 43 (Certification bodies); Article 46(2)(f) (Transfers subject to appropriate safeguards); Article 55 (Competence of the supervisory authorities); Article 56 (Tasks of the supervisory authorities); Articles 57(1)(n)–(q) (Tasks of the supervisory authorities) (see too recital 77); Article 58(h) (Powers of the supervisory authorities); Article 63 (Consistency mechanism); Article 64(1)(c) (Opinion of the Board); Article 70(1)(n)–(q) (Tasks of the Board); Article 93(4)(b) (General conditions for imposing administrative fines).