GDPR or RGPD?
Whatever the acronym, the legislation has come and it applies to everyone. But who is everyone? All those who process personal data. Simple?
The new General Data Protection Regulation (RGPD) reflects the joint efforts of the European institutions to strengthen and unify the protection of personal data of all citizens of the European Union, including the export of such data outside the European Union.
The GDPR replaces Directive 95/46 / EC (Data Protection Directive) and will enter into force in full on the 25th May 2018, without transposition into the national legal framework.
The main areas addressed by the GDPR are:
- Notification of violations of personal (“data breaches”);
- Consent, requests for access to, and consultation of data and transfer of data;
- Principles of protection from design phase (“Privacy by design”) and security;
- Data Protection Officer;
- New rights reserved to data holders (consultation, removal, portability, etc.);
The objectives of GDPR are:
- Harmonization of data protection regulations in the EU;
- Transparency and responsibilization in data processing;
- Security and better risk management in the face of threats.
The GDPR applies to all natural and legal persons who carry out transactions involving personal data of residents of the European Union. These entities may be those that determine the purposes and means of processing personal data, but also those that carry out such processing on a subcontracting basis.
Non-compliance is punishable by fines which may amount to 4% of overall annual turnover or EUR 20 million.
The legislative proposal that ensures the national execution of the GDPR was approved last March 22, 2018, in Council of Ministers. However, the Regulation shall enter into force independently of any act of the Member States.
Personal data is information relating to an identified or identifiable natural person (‘data subject’).
An identifiable person is considered to be identifiable, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers (E-mail) or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
Complete information on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and which repeals Directive 95/46 / EC (General Regulation on Data Protection)