What is the RGPD?
The General Data Protection Regulation (GDPR) is the new legislation that will govern the processing of personal data in Europe and which replaces national statutes such as the Spanish Data Protection Organic Law (LOPD in its Spanish initials). The intention of the GDPR is that data protection be applied in a uniform manner in all EU Member States, while attempting to adapt the law to technological advances. Although it came into force on 25 May 2016, its application will be effective and obligatory from 25 May 2018.
The GDPR involves a complete change of focus, a switch from a model based on the drafting of security clauses and documents to one where the key word is accountability, which goes beyond mere compliance with the law. In addition, companies have to create procedures to comply with their obligations and be able to show how these are applied in practice.
Personal Data
Data Processing
The principles on which the Regulation is based are very similar to those contained in the LOPD. However, they include very significant modifications and new features, of which the following are worthy of note:
Obligations contained in the GDPR
The GDPR contains 99 Articles and is therefore very difficult to summarise in a few lines. Essentially, however, the main points can be boiled down as follows:
The GDPR is limited to the processing of natural persons’ personal data. It does not affect the information concerning legal entities (companies) although it does affect the data of their employees or executives.
Personal data means all information relating to a natural person whose identity can be determined, directly or indirectly (the “data subject”). All such data, however innocent it may appear to us, deserves protection, and extra care is required when we process “special categories of personal data” (“sensitive data”). Sensitive data means information that reveals ethnic or racial origin, political opinions, religious or philosophical convictions, or trade union membership, as well as genetic data, biometric data aimed at unequivocally identifying somebody, those concerning health or an individual’s sexual life or orientation.
Data processing means any operation or series of operations performed on personal data or on sets of personal data, whether or not for automated procedures (collection, organization, consultation, use, storage, alteration, destruction etc). Merely storing data on a computer is deemed to be processing.
The companies affected by the Regulation are those that process personal data and which are either domiciled in the European Union or whose services are aimed at EU citizens. The Regulation divides them into two categories, depending on the role that they carry out:
Principles contained in the GDPR
Ⓒ 2018 | All rights reserved
What is the RGPD?
What is the RGPD?
The General Data Protection Regulation (GDPR) is the new legislation that will govern the processing of personal data in Europe and which replaces national statutes such as the Spanish Data Protection Organic Law (LOPD in its Spanish initials). The intention of the GDPR is that data protection be applied in a uniform manner in all EU Member States, while attempting to adapt the law to technological advances. Although it came into force on 25 May 2016, its application will be effective and obligatory from 25 May 2018.
The GDPR involves a complete change of focus, a switch from a model based on the drafting of security clauses and documents to one where the key word is accountability, which goes beyond mere compliance with the law. In addition, companies have to create procedures to comply with their obligations and be able to show how these are applied in practice.
Ⓒ 2018 | All rights reserved