The General Data Protection Regulation

The EU General Data Protection Regulation is a major step in digital privacy and is the result of a long process settled in European values. It is the most important change in data privacy regulation in 20 years

The 99 legal articles in the Regulation aim at strengthening laws on data protection, thereby giving EU citizens control over their personal data, while emphasing the ideas of freedom, security and equality within the European Union. The General Data Protection Regulation will apply from 25th of May 2018

Board

Representatives from each supervisory Aathority, the Board ensures the application of the regulation, but also advises other entities on how to protect users and impose sanctions. It cooperates with the European Commission, but is independent and has its own power

Data portability

Option to have your data transferred to another controller, in which case the data controller must hand your data in a readable format to your new entity, public authority, company or person who decides why, how and what data needs to be collected and processed.

Personal data

Information collected from you that can be used to identify you like a credit card number, a telephone number, physical information or simply a name etc.

Personal data breach

Leak of data, a hack, or any other event where the security of your personal data has been compromised and which leads to the misuse, destruction, or illegal use of your data.

Privacy impact assessment

Process of evaluation of the risks and the level of protection of your personal data

Processing

The collection and handling of personal data.

Rectification

The action of modifying or completing your data when it is not correct or complete

Restriction of processing

The request on your part, as a data subject, for a limitation to the access and handling of your data to the controller.

Right to Access

Part of the expanded rights of data subjects outlined by the General Data Protection Regulation is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.

Right to be Forgotten

Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.

Privacy by Design

Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the General Data Protection Regulation. At it’s core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition

Supervisory Authority

Entity which monitors the application of the regulation in the State. The government has to provide the means for its functioning, but has no influence over it. There must be at least one supervisory authority for each member State. One representative of each supervisory authority takes part in the European Board, to which it responds.

Territorial scope

Area where the regulation applies.

Third party

Any entity, person, company or country who is involved in the handling of the data outside the data subject, the controller, the processor or an EU entity.