General Data Protection Regulation: Difference between revisions

(6 intermediate revisions by one other user not shown)

Line 4:

The GDPR has established a new global standard for data protection by codifying several fundamental principles, including transparency, accountability, and privacy by design. Organizations must not only comply with these principles but also be able to demonstrate their compliance through documentation and organizational measures. This comprehensive approach to data protection reflects the EU's position that privacy is a fundamental human right, building upon the privacy protections first established in the 1950 European Convention on Human Rights and updated for the digital age.

The United Kingdom still enforces the GDPR,<ref>https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/</ref> allowing persons physically located within the UK the ability to request data exports and deletions from online services.<ref>https://www.vpaa.uillinois.edu/resources/policies/u_of_i_system_and_international_privacy_laws/the_eu_and_uk_general_data_protection_regulations</ref>

==Summary==

Line 12:

Line 14:

====Article 5: Principles relating to processing of personal data====

''Main wiki: [https://gdprhub.eu/index.php?title=Article_5_GDPR Article 5 GDPR]''

Personal data processing under GDPR mandates that data must be handled lawfully, fairly, and transparently; collected for specific legitimate purposes; kept accurate and up-to-date; minimized to only what's necessary; stored only as long as required; and protected with appropriate security measures.

====Article 7: Conditions for consent====

''Main wiki: [https://gdprhub.eu/index.php?title=Article_7_GDPR Article 7 GDPR]''

When applicable, data subjects must consent to the processing of his or her personal data. Written requests for consent must use clear and plain language. Any portion of a written request violating the GDPR is not considered binding.

Line 28:

Line 32:

====Article 17: Right to erasure (‘right to be forgotten’)====

''Main wiki: [https://gdprhub.eu/index.php?title=Article_17_GDPR Article 17 GDPR]''

Data subjects have the right to request erasure of their personal data by the data processor and the data processor is required to erase said data in a timely manner. This includes unnecessarily stored data, unlawfully processed data, and publically availabe information.

Line 34:

Line 39:

====Article 21: Right to object====

''Main wiki: [https://gdprhub.eu/index.php?title=Article_21_GDPR Article 21 GDPR]''

Data subjects have the right to object to processing of their personal data in several key contexts, including when processing is based on public interest or legitimate interests grounds, for direct marketing purposes, or for research purposes - and in the case of direct marketing, this objection must be honored without exception.

When such an objection is made, the controller must cease processing unless they can demonstrate compelling legitimate grounds that override the data subject's rights and freedoms, with special provisions requiring that this right to object must be explicitly communicated to data subjects and made easily accessible, particularly in digital contexts.

====Article 22: Automated individual decision-making, including profiling====

''Main wiki: [https://gdprhub.eu/index.php?title=Article_22_GDPR Article 22 GDPR]''

Under Article 22, individuals have the right to not be subject to decisions based solely on automated processing or profiling that have legal or similarly significant effects, with three key exceptions: when the automated decision is necessary for a contract, authorized by law, or based on explicit consent.

When automated decisions are made under contractual necessity or explicit consent, the data controller must implement safeguards including human intervention options, allowing individuals to express their views and contest decisions. Automated decisions cannot be based on special categories of personal data (such as race, health data, or political opinions) unless specific conditions are met and appropriate safeguards are in place.

=== Chapter 4: Controller and processor ===

Chapter 4 of the GDPR covers general obligations of controllers and processors of data, their security, impact assessments and responsibility.<ref>[https://gdpr-info.eu/chapter-4/ "Chapter 4: Controller and processor"] - gdpr-info.eu - 25 May 2018</ref>

==== Article 28: Processor ====

''Main wiki: [https://gdprhub.eu/index.php?title=Article_28_GDPR Article 28 GDPR]''

Outsourcing data processing to service providers is no excuse not to comply with GDPR, it is still up to the controller to ensure that the GDPR is complied with.

==See also==

*https://gdprhub.eu, a wiki summarizing GDPR-related decisions by authorities and courts across Europe

==References==

[[Category:Common terms]]

~~<references />~~

[[Category:Legislation]]

[[Category:EU legislation]]

@@ Line 4: / Line 4: @@
 The GDPR has established a new global standard for data protection by codifying several fundamental principles, including transparency, accountability, and privacy by design. Organizations must not only comply with these principles but also be able to demonstrate their compliance through documentation and organizational measures. This comprehensive approach to data protection reflects the EU's position that privacy is a fundamental human right, building upon the privacy protections first established in the 1950 European Convention on Human Rights and updated for the digital age.
+The United Kingdom still enforces the GDPR,<ref>https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/</ref> allowing persons physically located within the UK the ability to request data exports and deletions from online services.<ref>https://www.vpaa.uillinois.edu/resources/policies/u_of_i_system_and_international_privacy_laws/the_eu_and_uk_general_data_protection_regulations</ref>
 ==Summary==
@@ Line 12: / Line 14: @@
 ====Article 5: Principles relating to processing of personal data====
+''Main wiki: [https://gdprhub.eu/index.php?title=Article_5_GDPR Article 5 GDPR]''
 Personal data processing under GDPR mandates that data must be handled lawfully, fairly, and transparently; collected for specific legitimate purposes; kept accurate and up-to-date; minimized to only what's necessary; stored only as long as required; and protected with appropriate security measures.
 ====Article 7: Conditions for consent====
+''Main wiki: [https://gdprhub.eu/index.php?title=Article_7_GDPR Article 7 GDPR]''
 When applicable, data subjects must consent to the processing of his or her personal data. Written requests for consent must use clear and plain language. Any portion of a written request violating the GDPR is not considered binding.
@@ Line 28: / Line 32: @@
 ====Article 17: Right to erasure (‘right to be forgotten’)====
+''Main wiki: [https://gdprhub.eu/index.php?title=Article_17_GDPR Article 17 GDPR]''
 Data subjects have the right to request erasure of their personal data by the data processor and the data processor is required to erase said data in a timely manner. This includes unnecessarily stored data, unlawfully processed data, and publically availabe information.
@@ Line 34: / Line 39: @@
 ====Article 21: Right to object====
+''Main wiki: [https://gdprhub.eu/index.php?title=Article_21_GDPR Article 21 GDPR]''
 Data subjects have the right to object to processing of their personal data in several key contexts, including when processing is based on public interest or legitimate interests grounds, for direct marketing purposes, or for research purposes - and in the case of direct marketing, this objection must be honored without exception.
 When such an objection is made, the controller must cease processing unless they can demonstrate compelling legitimate grounds that override the data subject's rights and freedoms, with special provisions requiring that this right to object must be explicitly communicated to data subjects and made easily accessible, particularly in digital contexts.
 ====Article 22: Automated individual decision-making, including profiling====
+''Main wiki: [https://gdprhub.eu/index.php?title=Article_22_GDPR Article 22 GDPR]''
 Under Article 22, individuals have the right to not be subject to decisions based solely on automated processing or profiling that have legal or similarly significant effects, with three key exceptions: when the automated decision is necessary for a contract, authorized by law, or based on explicit consent.
 When automated decisions are made under contractual necessity or explicit consent, the data controller must implement safeguards including human intervention options, allowing individuals to express their views and contest decisions. Automated decisions cannot be based on special categories of personal data (such as race, health data, or political opinions) unless specific conditions are met and appropriate safeguards are in place.
+=== Chapter 4: Controller and processor ===
+Chapter 4 of the GDPR covers general obligations of controllers and processors of data, their security, impact assessments and responsibility.<ref>[https://gdpr-info.eu/chapter-4/ "Chapter 4: Controller and processor"] - gdpr-info.eu - 25 May 2018</ref>
+==== Article 28: Processor ====
+''Main wiki: [https://gdprhub.eu/index.php?title=Article_28_GDPR Article 28 GDPR]''
+Outsourcing data processing to service providers is no excuse not to comply with GDPR, it is still up to the controller to ensure that the GDPR is complied with.
+==See also==
+*https://gdprhub.eu, a wiki summarizing GDPR-related decisions by authorities and courts across Europe
+==References==
+<references />
 [[Category:Common terms]]
-<references />
+[[Category:Legislation]]
+[[Category:EU legislation]]