Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR)

Made: 27-04-2016 | Laid: 27-04-2016 | Forced: 27-04-2016

Overview


The Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data, as well as protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. Through the Regulation, the free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.

The Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system, and does not apply to the processing of personal data:

  • in the course of an activity which falls outside the scope of Union law;
  • by a natural person in the course of a purely personal or household activity;
  • by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

GDPR applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. Furthermore, the Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

  • the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
  • the monitoring of their behaviour as far as their behaviour takes place within the Union.

It is important to note that the Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

As mentioned above, the GDPR applies to two known groups; controllers and processors:

  • Controllers - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processors - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Personal data

Personal data is defined as as information about a particular living individual. This might mean anyone who has interacted, intentionally or unintentionally, with the business. This may include, but is not limited to, the following: 

  • Customers 
  • Clients 
  • Employees 
  • Partners 
  • Members 
  • Supporters 
  • Business contacts 
  • Public officials  
  • General members of the public

It does not necessarily need to be private information, as even information which is public knowledge or is about someone’s professional life can be personal data. Furthermore, it doesn’t cover truly anonymous information, but if you could still identify someone from the details, or by combining it with other information, it will still count as personal data.

Personal data only includes paper records if you plan to put them on a computer, other digital devices or file them in an organised way. If you are a public authority, all paper records are technically included, but you will be exempt from most of the usual data protection rules for unfiled papers and notes.

Requirements


Restricted content for registered members

Register to read full article.

Updates & Amendments


Restricted content for registered members

Register to read full article.

Typical Tasks Required


Restricted content for registered members

Register to read full article.

Useful Information


Restricted content for registered members

Register to read full article.