The General Data Protection Regulation (the “GDPR”), after years of preparation has been approved by the European Parliament on 14 April 2016 and has entered into force on the 25 May 2018. The GDPR replaced Directive 95/46 EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. The GDPR was created to harmonise privacy data law within the European community and to protect and empower European citizens and to reshape the methodology through which personal data is collected and processed.
The GDPR created a framework for compliance which is applicable in all industries and to facilitate the legal and fair free movement of data across the European Union (the “EU”). The GDPR offers protection to individuals against abuse and misuse of their personal data while also empowers individuals and gives them the required tools to safeguard their rights. The GDPR has crystallised rights so that adequate protection with regards to the collection and distribution of data is protected.
The GDPR has in place definitions to ensure clarity, so every EU individual would be aware of their rights and obligations. The most important definitions which are defined in the GDPR are the following:
‘Data Controller’– ‘the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
‘Data Subject’- ‘an identifiable natural person (as opposed to a legal person) who can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’; and ‘Processor’– ‘a natural or legal person, public authority, agency or other bod which processes
personal data on behalf of the controller’.