Data Protection
1. What is the General Data Protection Regulation?
The main objective of the new Regulation is the establishment of an area of freedom, security and justice. It projects an economic union; as well as economic and social progress; consolidation and convergence of economies within the internal market; and the well-being of individuals. Above all, it safeguards the fundamental right to the protection of personal data in the EU.
2. What is the main objective of the GDPR?
A processing of personal data is an operation or set of operations which is performed upon personal data or sets of personal data, by automated or non-automated means. For example, collection; recording; organisation; structuring; storage; adaptation; alteration; retrieval; consultation; use; disclosure by transmission, dissemination or otherwise making available; comparison; interconnection; restriction; erasure; destruction.
3. What is personal data?
Personal data is information relating to an identified or identifiable natural person.
4. What is a processing of personal data?
Processing covers a wide range of operations performed on personal data, by manual or automated means. It includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
5. What is a personal data breach?
A personal data breach is any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
6. What does the RGPD bring in new?
PSEUDONYMISATION
- Personal data must be processed in such a way that they can no longer be attributed to a specific, identified or identifiable data subject.
THE CONSENT
- The data subject's consent is now given by a clear positive act indicating a freely given, specific, informed and unambiguous expression of will. Consent must be given for all purposes of processing personal data.
PRIOR CHECKING OF THE LAWFULNESS OF PROCESSING
- Prior checking of the lawfulness of processing is entrusted to public or private organisations, which become responsible for the lawfulness of all data processing throughout the entire 'lifecycle' of personal data.
THE NEW DATA PROTECTION OFFICER (DPO)
- The new Regulation is characterised by the introduction of the figure of the Data Protection Officer in the organic reality of public and private entities. The DPO is responsible for controlling the legality of processing within the organisation to which he or she belongs, assuming an increased responsibility and a leading role in decision-making related to such processing.
THE EUROPEAN DATA PROTECTION BOARD
- With the entry into force of the new General Data Protection Regulation, a new body has been created, whose main function is to ensure consistency in the application of the GDPR. Its main mission will be to resolve disagreements between the various supervisory authorities from the various Member States.
7. What are the rights of data subjects?
Notwithstanding the existence of exceptions related to each one, these are the rights of the data subjects provided for in the General Data Protection Regulation:
RIGHT TO TRANSPARENCY
- The right to transparency refers us to the principles of fair and transparent processing which require that the data subject is informed of the data processing operation and its purposes.
RIGHT TO INFORMATION
- Information on the processing of personal data concerning the data subject should be provided to him or her at the time of collection from the data subject or, where the data is obtained from another source, within a reasonable period, depending on the circumstances.
RIGHT OF ACCESS
- Data subjects should have the right of access to personal data collected concerning them and to exercise that right easily and at reasonable intervals in order to discover and verify its lawfulness.
RIGHT OF RECTIFICATION
- Data subjects should have the right to obtain without undue delay the rectification of inaccurate personal data concerning them as well as to have incomplete personal data concerning them completed.
RIGHT TO ERASURE
- The data subject shall have the right to obtain from the controller the erasure of his or her personal data without undue delay and the controller shall have the obligation to erase the personal data without undue delay. However, this right, like the others, is not absolute.
RIGHT TO RESTRICTION OF TREATMENT
- The data subject shall have the right to obtain from the controller the restriction of processing, in specific situations.
RIGHT OF PORTABILITY
- The new Regulation brings with it the novelty of the right to data portability, whereby the data subject has the right to receive personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller.
RIGHT OF OPPOSITION
- The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her.
THE RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISIONS
- The data subject shall have the right not to be subject to a decision taken solely on the basis of automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Updated on Thursday, 24 January 2019 16:25