Page 79 - Annual Magazine 2018
P. 79
NEW REGULATION | GOOD TO KNOW
THE GENERAL DISCLAIMER
This article provides only
general information regarding
DATA PROTECTION REGULATION the EU General Data Protection
Regulation and should not be
I
considered as legal advice.
(EU) 2016/679
AND ITS KEY CHANGES
INTRODUCTION
The EU General Data Protection Regulation (“GDPR”) imposes a
number of enhanced obligations on data processors and data controllers,
with which businesses shall comply. Failure to be in compliance with the
GDPR could lead to fines up to 4% of the annual worldwide turnover or
€20 million, whichever is higher.
SCOPE
The GDPR increases the territorial scope of the applicable data protection
law and applies not only to controllers but also to processors. “Data
controller‟ refers to a person or organisation that decides how and why
personal data is processed whereas “data processor” concerns any person
or organisation (not employee of the data controller) that process personal
data on behalf of the data controller. In particular, with the new regime a
“data processor” may now be directly liable to sanctions (Article 83) and
may also face private claims for compensation brought by individuals
(Article 79).
In general, the GDPR applies to organizations having EU “establishments”
and processing data in the context of their activities. The notion of DATA PROTECTION IMPACT ASSESSMENT (“DPIA”)
“establishments” is very wide and encompasses any real and effective Article 35 of the GDPR introduces the concept of the DPIA, a process
activity-even a minimal one through stable arrangements in the EU by which controllers shall carry out an assessment of the impact of
irrespective of whether the data processing takes place in the EU or not. the proposed processing on the privacy rights of individuals where the
processing is likely to result in a high risk to the rights and freedoms of
PERSONAL DATA “data subjects”. The GDPR expects companies to formulate measures to
Personal data is defined as “any information relating to an identified or address such risks.
identifiable natural person (“data subject”)”. The concept of identified or
identifiable has now been broadened from the basics (e.g. personal details DATA PROTECTION OFFICER (“DPO”)
such as ID and home address) to include things like location data, online Where processing is being carried out by (a) a public authority (b) by
identifiers (e.g. IP address, cookies) or other factors which may identify a controller or processor whose core activities consist of processing
a data subject. operations requiring regular and systemic monitoring of data subjects
on a large scale, or (c) by a controller or processor whose core activities
PRINCIPLES consist of processing on a large scale of special categories of data or data
Data protection principles are not new per se but the GDPR has now relating to criminal convictions, then such controller or processor must
come to strengthen them through the introduction of the principle of designate a data protection officer having “expert knowledge” on data
accountability. Under the GDPR processing not only needs to be fair protection.
and lawful, but must have an identifiable purpose and include personal
data which are relevant and not excessive (e.g. principles of necessity and DATE OF COMING INTO FORCE
proportionality of the processing in relation to the purpose). GDPR shall be in effect from 25 May 2018, therefore persons or
Moreover, data controllers are now obligated and responsible to organisations that process personal data shall act imminently to ensure
demonstrate how they comply with these principles. compliance with its provisions before the said date.
Chrysses Demetriades & Co LLC
Chrysses Demetriades & Co LLC is a limited lawyers company consisting of 54 advocates and consultants advising on all aspects of law, including corporate,
shipping, immigration and property law. The firm was established in 1948 and its headquarters are at 13 Karaiskakis str., Limassol, T: 25 800000.
78 79
Aphrodite Hills Resort “European Golf Resort of the Year 2018”
