Purpose & objectives:
The purpose of the GDPR is to harmonize data protection laws across all the member states AND end distortions of competition. This should make it easier for EU citizens to understand how their data is being used, and also raise any request or complaint. Therefore, the GDPR has 2 main objectives: ensure that personal data are protected and ensure that EU residents rights are protected.
The GDPR applies to any company established within the EU territory and when an EU resident is involved in a data processing, whatever company’s citizenship.
Main aims of GDPR:
- Creating a unified approach to data protection across the EU
- Strengthening EU residents’ rights in the global economy
- Giving individuals full control over all their personal data
- Improving levels of compliance
- Giving companies a sense of responsibility by developing self-control
The GDPR is an evolution of the past legislation, not a revolution. Indeed, The GDPR strengthens many existing principles and introduces more rights for individuals in the use of their personal data. It demands more to companies in terms of accountability for their use of personal data and enhances the existing rights of individuals. Many of the fundamentals principles such as fairness, transparency, accuracy, security, minimization and respect for the rights of the individual whose data is processed are the same and exist for a long time.
However, there are new provisions to comply with and the main important ones are:
- The introduction of new rights for the data subjects: the right to be forgotten, the right to data portability, a special protection for the minors and the profiling limitation
- The shared responsibility between the data controller and the data processor
- The severe penalties: fines of up to €20 million or 4% global turnover & compensation claims for damages suffered
- The extension of the territorial scope to any processing concerning an EU resident, whatever it is located in the EU or not
- The importance of the consent of data subjects
- The emphasis on transparency and the access to information
ALE Data Privacy Officer