The General Data Protection Regulation (GDPR) briefly lists the most important privacy rules for processing personal sensitive information of citizens from EU countries. From May 25, 2018, the same European privacy legislation applies in all EU countries. In the Netherlands, the introduction of the GDPR has replaced the Personal Data Protection Act (Wbp). The English name for the GDPR is ‘General Data Protection Regulation’ (GDPR). The GDPR describes when organizations may process personal data, what privacy rights data subjects have when processing personal data, what personal data organizations may process, and what the accountability of organizations entails.
Goals of the GDPR
The GDPR regulations were introduced on May 25, 2018 to achieve a number of goals:
- Improving the privacy rights of data subjects.
- The accountability of organizations regarding the processing and protection of personal data.
- The same powers for all European privacy regulators with regard to compliance with the GDPR.
What are personal data?
All information about a person’s identity is part of that person’s personal data. Even when information is not directly about someone, but indirectly provides information about that person, it concerns personal data of a data subject (a data subject is the person about whom personal data is processed).
Consent of the data subject for personal data processing
Organizations sometimes process very personal information about people and it is therefore important for those involved that this is done for a correct purpose. An organization must therefore specifically ask a data subject for permission for each purpose for which this organization wants to process the personal data . This improves the right to privacy of data subjects, because in most cases they can determine for themselves the purpose(s) for which organizations may process personal data.
Legal obligation of organizations for personal data processing
There are cases in which an organization is legally obliged to process personal data. In that case, an organization does not have to first ask a data subject for permission. The grounds on which an organization may process personal data are exhaustive : an organization may only process personal data about data subjects on the basis of one of the GDPR bases described by the GDPR. In a number of cases, additional conditions apply, requiring the presence of an additional basis under Member State law or Union law.
Dutch Data Protection Authority
If a data subject believes that his or her data has been processed incorrectly by an organization, he or she can file a complaint with the Personal Data Authority (AP).
Different categories of personal data
There are different types of personal data, such as ‘ordinary’ personal data: the name, address and place of residence of a person, and ‘special’ personal data: more personally sensitive information about a person, such as a person’s ethnic, medical, religious or religious data. ‘Criminal’ personal data is, for example, data about a person’s criminal convictions. In total, the GDPR describes 3 different categories of personal data.
GDPR Foundations
The ordinary personal data of data subjects may be processed by organizations if one of the six GDPR bases for personal data processing applies.
GDPR privacy rights
Every data subject can invoke his/her privacy rights regarding the processing of his or her personal data. Data subjects have a total of 8 privacy rights as described in the GDPR regulations. The introduction of the GDPR has introduced two (new) privacy rights, expanding the right to privacy of EU citizens through better protection.
GDPR accountability
The responsible organizations are accountable to one and the same European privacy supervisor for the policy pursued regarding personal data processing and compliance with the regulations of the GDPR. This is called accountability.
read more
- GDPR: What are the categories of personal data?
- GDPR: the principles for processing personal data
- GDPR: What privacy rights when processing personal data?
- GDPR: What is the meaning of accountability?