DOES EUROPEAN UNION NEW DATA PROTECTION REGULATION AFFECT YOU?

The European Union’s (‘EU’) new General Data Protection Regulation (‘GDPR’), regulates the processing by an individual, a company or an organization of personal data relating to individuals in the EU.

The rules don’t apply to data processed by an individual for purely personal reasons or for activities carried out in one’s home!

When an individual uses personal data outside the personal sphere, for socio-cultural or financial activities, for example, then the data protection law has to be respected!

Personal data is considered any information that relates to an identified or identifiable living individual.

But also different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data!

Personal data that has been de-identified, encrypted or pseudonymized but can be used to re-identify a person remains personal data and falls within the scope of the law!

The new law protects personal data regardless of the technology used for processing that data – it’s technology neutral and applies to both automated and manual processing, provided the data is organized in accordance with pre-defined criteria (for example alphabetical order). It also doesn’t matter how the data is stored – in an IT system, through video surveillance, or on paper; in all cases, personal data is subject to the protection requirements set out in the GDPR.

Examples of personal data:

Name and surname                                                                                                                 

Home address                                                                                                                         

Email address                                                                                                  

Identification card number                                                                                                

Location data                                                                                                            

Internet Protocol (IP) address                                                                                              

Cookie ID                                                                                                                        

Advertising identifier of your phone;

This includes: data held by a hospital or doctor, which could be a symbol that uniquely identifies a person!

Processing covers all operations performed on personal data, including by manual or automated means. It includes the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

The General Data Protection Regulation (GDPR) applies to the processing of personal data wholly or partly by automated means as well as to non-automated processing, if it is part of a structured filing system.

Examples of processing:

Staff management and payroll administration                                                                       

Access to/consultation of a contacts database containing personal data                  

Sending promotional emails                                                                                

Shredding documents containing personal data                                            

Posting/putting a photo of a person on a website                                                     

Storing IP addresses or MAC addresses                                                                     

Video recording (CCTV)

Generally speaking, the main contact point for questions on data protection is the DPA in the EU Member State where your company/organization is based. However, if your company/organization processes data in different EU Member States or is part of a group of companies established in different EU Member States, that main contact point may be a DPA in another EU Member State.

There are consequences for European citizens in non EU countries as well, this and other information can be found on the EU website.

The information given above is incomplete and just sets out the rough lines, specific and detailed information can be found on: https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en

 

 

Be the first to comment

Leave a Reply

Your email address will not be published.


*


14 − 11 =