Nowadays, GDPR is everywhere, but is it really something we should pay attention to?

Nowadays, GDPR is everywhere, but is it really something we should pay attention to?

The GDPR (General Data Protection Regulation) is a regulation adopted by the European Union and the Council concerning the protection of personal data and its free movement, also known as the General Data Protection Regulation.

The regulation has been in effect since May 25, 2018, with direct applicability, and its main objective is to ensure the free flow of data within the European Union and to provide a uniform level of data protection.

Key Concepts

Data processing refers to the collection, storage, use, transmission, modification, etc., of personal data. The person carrying out the data processing is the data controller, and the one working on their behalf is the data processor. While the data controller determines the purpose and means of data processing, the data processor acts solely based on the controller’s instructions, often performing technical operations (e.g., a web hosting provider). The data subject is the individual whose personal data is collected and processed by these two parties.

What qualifies as personal data?

The GDPR specifically states that personal data refers to any information related to an identified or identifiable natural person. This includes not only names, addresses, ID numbers, tax numbers, etc., but also any other data that enables the identification of a private individual, such as someone’s image, religion, sexual orientation, etc.

Key Principles of Data Processing

The most important principles regarding data processing are lawfulness, transparency, and fairness.

  • Lawfulness means that data can only be collected based on a legal ground (legal provision). The main legal grounds include the consent of the data subject, contract formation, and legitimate interest.
  • Transparency requires that the data subject be informed about exactly what data is being processed, for what purpose, whether it is being shared or not, the rights the individual holds, and how long the data will be stored.
  • Fair data processing implies that the data subject must always be aware of the circumstances under which and how their data is being processed.

To be continued!