EU General Data Protection Regulation (GDPR)

GDPR is the core of Europe’s digital privacy legislation. It came into force on the 25th of May 2018. Its primary objective is to provide citizens with control of their personal data. GDPR aims to simplify the regulatory environment for international business by unifying the regulation within the EU from per economic standpoint.

Scope [Chapter 1 (Article 3)]

Applies to
– Controller or Processor in EU or
– Data subject in EU, although Controller or Processor outside EU if they offer goods, services or monitor the behavior of individuals located in EU.

Data Subject Rights [Chapter 3 (Article 15-22)]
  1. Right of access – Article 15
  2. Right to rectification – Article 16
  3. Right to erasure – Article 17
  4. Right to restriction on processing – Article 18
  5. Right to data portability – Article 20
  6. Right to object – Article 21
  7. Right not to be subject to a decision based solely on automated processing, including profiling – Article 22
Legal bases for data processing [Chapter 2 (Article 6)]
  1. Explicit consent of data subject
  2. Contractual performance
  3. Performance of a task carried out in the public interest
  4. Vital interest
  5. Legal obligation
  6. Legitimate interest
Appointment of DPO [Article 37]

Data controllers and processors whose core activities consist either of processing operations which require regular and systematic monitoring of data subjects on a large scale, or processing on a large scale of special categories of data, are required to appoint a data protection officer (DPO).

Click here to know more about GDPR.