Privacy Law
📷 European Privacy Law
GDPR
General Data Protection Regulation Is a regulation on data protection and privacy in the European Union.
- Fine for breaking GDPR rules is higher out of the two:
- 20 million euros
- 4% of turnover of financial year
🔍 Scope of Privacy Law.
Types of protection:
- Vertical Protection: state vs citizen
- Horizontal Protection: citizen vs citizen
Privacy Categories
- Information privacy
- collection and processing of personal data.
- Bodily privacy
- protection of a person physical self against invasive procedures.
- Privacy of communications
- security and privacy of mail, telephones, e-mail and other forms of communication.
- Territorial privacy
- Limits on intrusion into the domestic and other environments such as the workspace or public space.
GDPR Principles
- lawfulness, fairness, transparency
- purpose limitation
- data minimization
- accuracy
- storage limitation
- integrity and confidentiality
- accountability.
Lawful Processing of Personal Data
The main steps to comply with GDPR are:
- Identify and document (processing of) personal data or data in special categories.
- Process only if necessary for specified explicit purposes.
- Explicit legal basis applicable.
- informed consent is a legal basis.
- informed consent is not required if you are using a different legal basis.
- Perform data protection impact assessment.
- conduct data processing agreements between controller and processor.
- Consult and cooperate with Data Protection Authority and designate DPO (Data processing officer)
- Comply with processing principles and requirements:
- Minimization of data
- Data quality
- Erasure of data.
- Data security
- Data subject's rights
- Privacy by design & Privacy by default.
- Register and communicate personal data breaches.
- Respect data export restrictions.