1. What is the general regulation on Data Protection?
The great aim of the new regulation is to create an area of freedom, security and justice. It projects an economic union; as well as economic and social progress; the consolidation and convergence of economies in the internal market; and the welfare of natural persons. In particular, it safeguards the fundamental right to the protection of personal data in the EU.
2. What is the main purpose of the RGPD?
A processing of personal data is an operation or set of operations carried out on personal data or on personal data sets, by automated or non-automated means. For example, the collection; the register; the organization; structuring; conservation; adaptation; the alteration; The recovery; the consultation; the utilization; disclosure by transmission, dissemination or any other form of disclosure; the comparison; interconnection; the limitation; erasure; The destruction.
3. What are personal data?
Personal data is information relating to an identified or identifiable natural person.
4. What is a personal data processing?
The treatment covers a wide range of operations carried out on personal data, by manual or automated means. It includes the collection, registration, organization, structuring, preservation, adaptation or alteration, retrieval, consultation, use, dissemination by transmission, dissemination or any other form of making available, comparison or interconnection, limitation , deletion or destruction of personal data.
5. What constitutes a breach of personal data?
A breach of personal data is any breach of security that causes, accidentally or unlawfully, the unauthorized destruction, loss, alteration, disclosure or access to personal data transmitted, stored or otherwise treatment.
6. What does the RGPD bring back?
Personal data must be processed in such a way that it can no longer be allocated to a specific, identified or identifiable data subject.
The consent of the data subject shall be given by means of a clear positive act indicating a free, specific, informed and unequivocal expression of will. Consent should be given for all purposes of the processing of personal data.
THE PRELIMINARY CONTROL OF TREATMENT LEGALITY
Priority control of the legality of processing is entrusted to public or private organizations, which are responsible for the legality of all data processing during the entire life cycle of personal data.
THE NEW FIGURE OF THE DATA PROTECTION SUPERVISOR (EPD)
The new Regulation is characterized by the introduction of the Data Protection Officer in the organic reality of public and private entities. The EPD is responsible for controlling the legality of the treatments of the organization where it is inserted, assuming an increased responsibility and a preponderant role in the decision making related to these treatments.
THE EUROPEAN DATA PROTECTION COMMITTEE
With the entry into force of the new General Regulation on Data Protection, a new body is created whose primary function is to ensure coherence in the application of the RGPD. Its main task will be to resolve disputes between the various supervisory authorities from the various Member States.
7. What are the rights of data subjects?
Notwithstanding the existence of exceptions related to each one, these are the rights of the holders provided for in the General Regulation on Data Protection:
RIGHT TO TRANSPARENCY
The right to transparency refers to the principles of equitable and transparent treatment which require the data subject to be informed of the data processing operation and its purposes.
RIGHT TO INFORMATION
Information on the processing of personal data relating to the holder of the data shall be provided to the data subject at the time of collection from the data subject or, if the data has been obtained from another source, within a reasonable time, depending on the circumstances.
RIGHT OF ACCESS
Data subjects should have the right to have access to personal data collected about them and to exercise that right with ease and at reasonable intervals in order to know and verify their legality.
RIGHT OF RETIFICATION
Data subjects should have the right to obtain, without undue delay, rectification of inaccurate personal data concerning them and incomplete personal data relating to them.
RIGHT TO SHUT DOWN
The holder has the right to obtain from the controller the erasure of his / her personal data without undue delay, and the latter has the obligation to erase the personal data without undue delay. However, this right, like the others, is not absolute.
RIGHT TO LIMITATION OF TREATMENT
The data subject has the right to obtain from the controller the limitation of the treatment in specific situations.
RIGHT OF PORTABILITY
The new Regulation brings with it the novelty of the right to data portability, and the data subject has the right to receive the personal data concerning him and which he has provided to a data controller in a structured, automatic reading, and the right to transmit this data to another controller.
RIGHT OF OPPOSITION
The data subject has the right to object, at any time, on grounds relating to his particular situation, to the processing of personal data concerning him.
RIGHT TO NOT SUBJECT TO AUTOMATED DECISIONS
The data subject has the right not to be subject to any decision taken solely on the basis of automated processing, including profiling, that has effects in its legal area or significantly affects it in a similar way.