This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
General Data Protection Regulation
General Data Protection Regulation

Version management

Difference between version and

At line 1 added 77 lines
!!! Overview[1][3][4]
[General Data Protection Regulation] ([GDPR]) (Regulation ([European Union]) 2016/679) is a [Regulation] by which the [European Commission] intends to strengthen and unify data protection for individuals within the [European Union] ([EU]).
[{$pagename}] also addresses export of [personal data] outside the EU. The Commission's primary objectives of the [GDPR] are to give citizens back the control of their [personal data] and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1]
When the [GDPR] takes effect it will replace the data protection directive (officially [Article 29 of Directive 95-46-EC]) from [1995|Year 1995]. Perhaps confusingly for some, there is a new directive as well as a new [regulation]; it will apply to police procedures, which will continue to vary from one Member State to the other.
The [regulation] was adopted on 27 April [2016|Year 2016]. It enters into application __25 May [2018|Year 2018]__ after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by the individual [European Union] governments.
The regulation applies if the data controller or processor ([organization|Organizational Entity]) or the [data subject|Digital Subject] (person) is based in the [EU].
Furthermore (and unlike the current Directive) the [Regulation] also applies to [organizations|Organizational Entity] based outside the European Union if they process personal data of EU [residents|Digital Subject].
The regulation __does not apply__ to the processing of [personal data] for [National Security] activities or law enforcement ("competent authorities for the purposes of [prevention], investigation, detection or prosecution of criminal offences or the execution of criminal penalties").
!! [{$pagename}] [Personal Data|Personal data#section-Personal+data-EuropeanCommissionGDPRPSD2]
[European Commission] defines [Personal Data|Personal data#section-Personal+data-EuropeanCommissionGDPRPSD2]
Not only is the personal data itself covered by the new rules, but everything that’s done with the [data], too. “Processors [[of data] also have a [Responsibility],” Hammarstrand said. “What’s new in this legislation is they have a direct [responsibility]. They could actually be reviewed and fined if they are not complying with the legislation.”
!! [{$pagename}] definitions
* [Processing|Data Collection] - means any operation performed on [Personal data] such as:
** [Collection|Data Collection]
** Recording
** organizing
** [storing|Data Store|DataStore]
* [Data Controller] is an [entity] that determines the purposes and means of processing [personal data]
* [Data Processor] is an [entity] that processes [personal data] of a [Data Controller]
* [Data subject] - means an [person] who is the subject of [personal data]. In other words, the [data subject] is the [person] whom particular personal [data] is about.
! [{$pagename}] [Examples] of [Data processing]
* staff management and payroll administration;
* access to/consultation of a contacts [database] containing [Personal data];
* sending promotional [emails*];
* shredding documents containing [personal data];
* posting/putting a photo of a [person] on a [website];
* storing[IP Address] or [MAC Address];
* video recording (CCTV).
!! When is [Data] processing permitted?
* Necessary for the performance of a contract which the [data] subject is party
* Necessary for [compliance] with a [legal] obligation
* Necessary in order to protect the vital interests of the [data] subject
* Necessary for the performance of a task carried out in the public interest.
* Legitimate interests when not overridden by the interests of the [data] subject
* [Informed Consent]
Generally you may not store the [data] for marketing or statistical purposes.
!! In One Paragraph[2]
[{$pagename}] defined [Personally Identifiable Information] ([PII]) as any information that relates to a __EU resident’s__ private, professional or public life (that is, banking information, medical information, email addresses, social media posts and so on), and a lot of the regulation goes into making sure that this [PII] is not only stored with a [person’s permission|consent], but that it’s also kept for a specified purpose and for a duration that makes sense, given the __initial reason__ for obtaining the data. So, if a customer signs up for a product warranty, and the warranty is good for three years, the company would need to get the customer’s explicit permission to use his or her [PII] for marketing campaigns or to keep that data beyond the three-year warranty limit.
!! [Jurisdiction] and Scope
Under the [GDPR], jurisdiction is less related to the location where a business is incorporated or headquartered and more to the location of business activity. To be sure, the [{$pagename}] will apply to the processing of [Personal data] by businesses "established" within the {EU}. More controversially, the [{$pagename}] also will apply to businesses established __outside the EU__ if their processing activities relate to the offering of goods or services to individuals in the [European Union] or to the [monitoring] of such individuals’ behavior. This provision expands the territorial scope of the [{$pagename}] well beyond the [EU], essentially implying it is global law.
There are some limits in place on the [{$pagename}]’s reach—the regulation makes clear that having a commerce-oriented [website] that is accessible to [EU] residents does not by itself constitute offering goods or services. Rather, a business must show intent to draw [EU] residents as customers, for example, by using a local [language] or currency.
[{$pagename}], under, [GDPR] or [PSD2], is not applicable to deceased [persons] or to [Business to Business] [Relationships]
!! [{$pagename}] FAQ
* [Data Protection Officer] ([DPO]) - (Article 37 GDPR) is the person designated, where applicable, to facilitate compliance with the provisions of the GDPR. The GDPR defines the criteria and the conditions under which a DPO must be designated.
* [Customer EU Representative] - (Article 27 GDPR) is the person designated, where applicable, to represent [customers] not established in the [EU] with regard to their obligations under the [GDPR].
* [Data Processing Agreement] -
!! [Data Protection]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [General_Data_Protection_Regulation|Wikipedia:General_Data_Protection_Regulation|target='_blank'] - based on information obtained 2016-07-10
* [#2] - [Two Ways GDPR Will Change Your Data Storage Solution|https://www.linuxjournal.com/content/two-ways-gdpr-will-change-your-data-storage-solution|target='_blank'] - based on information obtained 2017-03-24
* [#3] - [GDPR Reference Guide: All 99 Articles in 25 Minutes|https://www.eckerson.com/articles/gdpr-reference-guide-all-99-articles-in-25-minutes|target='_blank'] - based on information obtained 2018-05-11-
* [#4] - [eugdpr.org|https://www.eugdpr.org/|target='_blank'] - based on information obtained 2018-05-27-
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop