New Data Protection Legislation
Posted: Mon Dec 23, 2024 9:33 am
Article updated 10 months ago by NewsMDirector
Basic concepts to understand the GDPR
The origin of the right to data protection is linked to the Right to Privacy. In 1890 Samuel Warren and Louis Brandeis published “The Right to Privacy” (4 Harvard LR 193 -15 December 1890-) a novel article written with the buy a uae number conviction of the need to protect private life , but already in 1879, the expression “THE RIGHT TO BE LET ALONE” was coined.
Today, 140 years later, we are still talking about the fundamental right to data protection, the right we have to control our personal data and the ability to dispose of and decide on it. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) came into force on 25 May 2016, and will be mandatory as of 25 May 2018.
MDirector presents you with the basic concepts to understand the GDPR and the keys to its compliance:
[Source: REGULATION (EU) 2016/679 ]
TABLE OF CONTENTS
10 basic concepts to understand the GDPR
1. “Personal data”
2. «Treatment»
3. «Principles of data protection»
4. “Consent of the interested party”
5. “Rights of interested parties”
6. “Data controller” or “controller”
7. “Data processor” or “processor”
8. “DPO (Data Protection Officer)”
9. “Security of personal data”
10. “Data transfer”
10 basic concepts to understand the GDPR
Basic concepts to understand the GDPR
1. “Personal data”
Any information relating to an identified or identifiable natural person ("data subject"), including an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. «Treatment»
Any operation performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. «Principles of data protection»
Legality , loyalty and transparency; limitation of purpose; data minimization (these must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed); accuracy ; limitation of the conservation period; integrity, confidentiality and proactive responsibility (comply and be able to demonstrate it).
4. “Consent of the interested party”
Manifestation of free, specific, informed and unequivocal will by which the interested party accepts, either by means of a declaration or a clear affirmative action, the processing of personal data concerning him or her.
5. “Rights of interested parties”
Right of access (to know which of our data is being processed); Rectification (to be able to modify it); Deletion (the right to be forgotten, to cancel it); Right to limitation of processing; Portability (to obtain the data in order to transfer it from one controller to another) and the Right to object , for example, to the processing of data for direct marketing purposes or to profiling.
6. “Data controller” or “controller”
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing. For example, MDirector Clients .
7. “Data processor” or “processor”
The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. For example, MDirector .
8. “DPO (Data Protection Officer)”
Team or person who oversees compliance with the GDPR and provides advice to the controller or processor on their obligations in this area and also cooperates with the supervisory authority. In the case of Spain, with the Spanish Data Protection Agency.
9. “Security of personal data”
Measures that may include, where appropriate, but are not limited to: pseudonymisation (processing of personal data in a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person); encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability of and access to personal data quickly in the event of a physical or technical incident; a process of regular verification, evaluation and assessment of the effectiveness of the technical and organisational measures to ensure the security of processing; Notification of a personal data breach to the supervisory authority, where possible, not later than 72 hours after becoming aware of it; Data protection impact assessment , where a type of processing, in particular using new technologies, is likely to result in a high risk to the rights and freedoms of natural persons, due to its nature, scope, context or purposes.
10. “Data transfer”
Transfers of personal data that are being processed or will be processed following their transfer to a third country or international organisation. A transfer of personal data to a third country or international organisation may take place when the European Commission has decided that the third country, a territory or one or more specific sectors within that third country, or the international organisation in question, ensures an adequate level of protection. In the absence of such a decision, the controller or processor may only transfer personal data to a third country or international organisation if it has provided appropriate safeguards and provided that the data subjects have enforceable rights and effective legal remedies, such as the US.
Basic concepts to understand the GDPR
The origin of the right to data protection is linked to the Right to Privacy. In 1890 Samuel Warren and Louis Brandeis published “The Right to Privacy” (4 Harvard LR 193 -15 December 1890-) a novel article written with the buy a uae number conviction of the need to protect private life , but already in 1879, the expression “THE RIGHT TO BE LET ALONE” was coined.
Today, 140 years later, we are still talking about the fundamental right to data protection, the right we have to control our personal data and the ability to dispose of and decide on it. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) came into force on 25 May 2016, and will be mandatory as of 25 May 2018.
MDirector presents you with the basic concepts to understand the GDPR and the keys to its compliance:
[Source: REGULATION (EU) 2016/679 ]
TABLE OF CONTENTS
10 basic concepts to understand the GDPR
1. “Personal data”
2. «Treatment»
3. «Principles of data protection»
4. “Consent of the interested party”
5. “Rights of interested parties”
6. “Data controller” or “controller”
7. “Data processor” or “processor”
8. “DPO (Data Protection Officer)”
9. “Security of personal data”
10. “Data transfer”
10 basic concepts to understand the GDPR
Basic concepts to understand the GDPR
1. “Personal data”
Any information relating to an identified or identifiable natural person ("data subject"), including an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. «Treatment»
Any operation performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. «Principles of data protection»
Legality , loyalty and transparency; limitation of purpose; data minimization (these must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed); accuracy ; limitation of the conservation period; integrity, confidentiality and proactive responsibility (comply and be able to demonstrate it).
4. “Consent of the interested party”
Manifestation of free, specific, informed and unequivocal will by which the interested party accepts, either by means of a declaration or a clear affirmative action, the processing of personal data concerning him or her.
5. “Rights of interested parties”
Right of access (to know which of our data is being processed); Rectification (to be able to modify it); Deletion (the right to be forgotten, to cancel it); Right to limitation of processing; Portability (to obtain the data in order to transfer it from one controller to another) and the Right to object , for example, to the processing of data for direct marketing purposes or to profiling.
6. “Data controller” or “controller”
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing. For example, MDirector Clients .
7. “Data processor” or “processor”
The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. For example, MDirector .
8. “DPO (Data Protection Officer)”
Team or person who oversees compliance with the GDPR and provides advice to the controller or processor on their obligations in this area and also cooperates with the supervisory authority. In the case of Spain, with the Spanish Data Protection Agency.
9. “Security of personal data”
Measures that may include, where appropriate, but are not limited to: pseudonymisation (processing of personal data in a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person); encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability of and access to personal data quickly in the event of a physical or technical incident; a process of regular verification, evaluation and assessment of the effectiveness of the technical and organisational measures to ensure the security of processing; Notification of a personal data breach to the supervisory authority, where possible, not later than 72 hours after becoming aware of it; Data protection impact assessment , where a type of processing, in particular using new technologies, is likely to result in a high risk to the rights and freedoms of natural persons, due to its nature, scope, context or purposes.
10. “Data transfer”
Transfers of personal data that are being processed or will be processed following their transfer to a third country or international organisation. A transfer of personal data to a third country or international organisation may take place when the European Commission has decided that the third country, a territory or one or more specific sectors within that third country, or the international organisation in question, ensures an adequate level of protection. In the absence of such a decision, the controller or processor may only transfer personal data to a third country or international organisation if it has provided appropriate safeguards and provided that the data subjects have enforceable rights and effective legal remedies, such as the US.