Skip to content

Privacy Law

📷 European Privacy Law

GDPR

General Data Protection Regulation Is a regulation on data protection and privacy in the European Union.

  • Fine for breaking GDPR rules is higher out of the two:
    • 20 million euros
    • 4% of turnover of financial year

🔍 Scope of Privacy Law.

Types of protection:

  • Vertical Protection: state vs citizen
  • Horizontal Protection: citizen vs citizen

Privacy Categories

  • Information privacy
    • collection and processing of personal data.
  • Bodily privacy
    • protection of a person physical self against invasive procedures.
  • Privacy of communications
    • security and privacy of mail, telephones, e-mail and other forms of communication.
  • Territorial privacy
    • Limits on intrusion into the domestic and other environments such as the workspace or public space.

GDPR Principles

  • lawfulness, fairness, transparency
  • purpose limitation
  • data minimization
  • accuracy
  • storage limitation
  • integrity and confidentiality
  • accountability.

Lawful Processing of Personal Data

The main steps to comply with GDPR are:

  1. Identify and document (processing of) personal data or data in special categories.
  2. Process only if necessary for specified explicit purposes.
  3. Explicit legal basis applicable.
  • informed consent is a legal basis.
  • informed consent is not required if you are using a different legal basis.
  1. Perform data protection impact assessment.
  2. conduct data processing agreements between controller and processor.
  3. Consult and cooperate with Data Protection Authority and designate DPO (Data processing officer)
  4. Comply with processing principles and requirements:
  • Minimization of data
  • Data quality
  • Erasure of data.
  • Data security
  • Data subject's rights
  • Privacy by design & Privacy by default.
  1. Register and communicate personal data breaches.
  2. Respect data export restrictions.