(Data Protection News & Services)
Under the EU general data protection regulation (GDPR), any data processing activities must be compliant with six privacy principles, which are the cornerstone of the european privacy regulation and most international privacy laws.
The privacy principles are set out in article 5 GDPR and are as follows :
Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Security
Accountability
Under the General Data Protection Regulation (GDPR), any person (including organisations) handling personal data is subject to a different level of obligations and responsibilities with regard to the personal data processing operations they carry out depending on whether they are acting as a processor, a controller or a joint controller.
Indeed, all their GDPR obligations and responsibilities stem from their role and may, as a result, differ greatly. In broad words, controllers bear most responsibilities while processors must only act under the instructions of the controller and therefore, bear much less responsibility on its shoulders.
The territorial scope of the new data protection regulation applicable from May 2018 (GDPR) is much wider than the one of the current directive 95/46/CE.
As a consequence, the new data protection rules may apply to any business whether or not it is located within the EU if certain conditions are met.
Below a questionnaire/guidance that should help consider whether or not the GDPR applies to a specific activity. However, given the complexity of some definitions, a detailed analysis of the activities might be necessary to answer accurately some of the questions.
The General Data Protection Regulation (“GDPR”) is a European regulation applicable since May 25, 2018. It is aimed at strengthening the protection of individuals’ personal information by providing them with more control over their personal data and making organisations processing these data more accountable than under the previous legal regime (i.e. the directive 95/46/EC).
The purpose of this article is to provide an overview of what the GDPR consists of and what the main changes are compared to the previous applicable legislation.