






















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The general data protection regulation (gdpr) is a regulation in eu law on data protection and privacy in the european union and the european economic area. An overview of the gdpr, its key concepts, and how it applies in real life. Topics covered include the scope of the gdpr, data processing, personal data, controllers and processors, data protection impact assessments, data subject rights, and more.
Typology: Lecture notes
1 / 30
This page cannot be seen from the preview
Don't miss anything!























Ana-Maria Udriste
Lawyer, 2013 Bucharest Bar
Founder of Avocatoo
What are the organisational requirements?
How does the GDPR apply in real life (scope)?
Material scope
Article 2 – Material Scope
[...]
the GDPR applies toany processing of personal data.
How does the GDPR apply in real life (scope)?
Personal data
Data is deemed personal if the information relates to anidentified oridentifiable individual.
Data is therefore personal if the identification of a person is possible based on the available data, meaning if a person can be detected, directly or indirectly, by reference to an identifier.
Examples: name, personal number, social security number, IP address, e-mail, phone number etc.
How does the GDPR apply in real life (scope)?
Personal data
Data is deemed personal if the information relates to anidentified oridentifiable individual.
Data is therefore personal if the identification of a person is possible based on the available data, meaning if a person can be detected, directly or indirectly, by reference to an identifier.
Examples: name, personal number, social security number, IP address, e-mail, phone number etc.
How does the GDPR apply in real life (whom)?
Processor
A ‘processor’ is a a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
2 conditions have to be met:
(1) being a separate legal entity/individual with respect to the controller;
(2) processing personal data on behalf of the controller.
How does the GDPR apply in real life (where)?
EU only?
GDPR applies in the following situations:
Basic principles for data processing
Basic principles for data processing
Processing can only take place if covered by a legal permission or by the data subject’s consent.
The principle of transparency requires:
Basic principles for data processing
Personal data shall be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that data that is inaccurate, having regard to the purposes of the processing, is erased or rectified without delay.
Personal data shall be kept in a form that permits identification of data subjects for no longer than necessary for the processing purposes (strict minimum).
Legal justification for data processing
Rights of Data Subjects
Rights of Data Subjects - right to access
The data subject has the right to obtain confirmation from the controller as to whether or not its personal data is being processed.
Te data subject shall have access to its personal data processed and the following information: