Right to Data Portability

Right to Data Portability

The right to data portability is the new individual’s right provided in article 20 (1) of the new data protection regulation (GDPR).

This new right allows data subjects to ask data controllers to provide him/her or another data controller of their choice with a copy of the personal data they have provided for the data subject or the recipient controller to re-use the data to provide its service.

One-Stop-Shop under the GDPR: how does that work?

One-Stop-Shop under the GDPR: how does that work?

Under the General Data Protection Regulation (GDPR), organisations which carry out a « cross border data processing » must appoint a Lead Data Protection Authority.  This appointed Supervisory Authority  will act as their main point of contact.

Although initially introduced to lower the administrative burden of organisations, which previously had to deal with each Member State’s authority, the one-stop-shop provisions were the main point of disagreement during the negotiation of the GDPR and as a result, have become complex.  

Indeed, these provisions only apply to cross border processing activities and not to the organisation’s whole processing activities. Besides, if the organisation’s main establishment for this processing activities is outside of the EU, the organisation will not benefit from these provisions. It also entails the formal appointment of the Lead Auhtority where necessary. 

Consent under the GDPR

Consent under the GDPR

Under the European General Data Protection Regulation (GDPR), consent is one of the legal bases upon which controllers may rely to process personal data.

The GDPR defines a valid consent as a freely given, specific, informed and unambiguous indications of the individual’s wishes and restrictions apply to online services provided to children.