Presentation is loading. Please wait.

Presentation is loading. Please wait.

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

Published byMaude Greene Modified over 5 years ago

Similar presentations

Presentation on theme: "GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E"— Presentation transcript:

1 GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
Law firm Dimitrov, Petrov & Co., Partner Law and Internet Foundation, Senior Legal Expert Sofia, November

2

3 The Reform in the EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation; GDPR)

4 General Data Protection Regulation

5 What constitute personal data?
Personal Data - Definition What constitute personal data? ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.Чл. 4(1) от Регламента

6 Personal Data - Assessment
Any information – What is information? Relating to – When is the information relating to a natural person? (content, purpose, impact…) Identified or identifiable natural person – What is identity? When can someone be identified? (directly or indirectly) Natural person – What is natural person?

7 What is New in the New Legal Framework?
The fines to be imposed under the Regulation: Effective, proportionate and dissuasive “Infringements … shall, … be subject to administrative fines up to EUR, OR in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.”

8 What is New in the New Legal Framework?

9 What is New in the New Legal Framework?
Parallel with the concept of “undertaking” in the competition law and still not the same Goal – „piercing of the corporate veil“ or „extension of the enforcement of the Regulation beyond the EU borders“ It is possible to provide rules on other penalties on the national level for violations which are not subject to specific penalties in the Regulation.

10 Controller Determines the purposes and means of the processing of the personal data Purposes: Why do we process the data? What do we need the data for? Means: How do we process the data? In which way? What kind of data do we process? For what period of time are we going to process the data? Where are we going to process the data? Where are we going to store the data? Who is going to process the data? A person, who determines the purposes and means of the processing of personal data, is CONTROLLER

11 Do we use data processors?
Accountancy services Cloud services and infrastructure Date § call -centers Colocations IT & Maintenance Others Group of undertakings / Group of companies: Relations Controller – Controller Relations Controller – Processor

12 Legal obligations and responsibilities for the data processors
Contract between the controller and the processor (written) Reassigning of the processing activity to another processor only after prior written concrete or general consent / approval by the controller Must inform the controller of any planned change of the reassigning Must process data only upon documented assignment by the controller Obligation of confidentiality of their personnel Must immediately inform the controller if, in its opinion, an instruction infringes any applicable provisions Must maintain register of any categories of activities on data processing, commenced on behalf of the controller

13 Principles, related to data protection

14 Integrity and Confidentiality (Measures for Rrotection)
Principles, related to data protection F per Principles, related to the processing of personal data Purpose Limitation Storage Limitation Lawful, Fair and Transparent Data Minimalization Accuracy Integrity and Confidentiality (Measures for Rrotection) ACCOUNTABILITY

15 ACCOUNTABILITY The controller must be able to demonstrate compliance with the requirements laid down in Article 5 (1) of the Regulation Plan/ Analysis Register of the processing activities (written) Written form (declarations, contracts and etc.)

16 Fundamental Rights of Data Subjects
Right to information (extended) – Principle of transparency Right to access (extended) Right of rectification Right to erasure (right „to be forgotten“) Right to restriction of processing Notification of any rectification, erasure or restriction the processing of personal data Right of data portability. Right to object Right not to be subject to a decision which produces legal effects concerning him or her or significantly affects him or her and which is based solely on automated processing of data including profiling

17 Security of Personal Data

18 Sustainability of systems
Security of Personal Data Appropriate technical and organisational measures Ensuring an adequate level of protection Confidentiality Integrity Availability Sustainability of systems

19 Security Breach Immediate notification of the CPDP
Notification of the data subjects, if there are present specific risks for their rights and freedoms

20 ?

Download ppt "GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E"

Similar presentations

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Key changes with the GDPR

Key changes with the GDPR
Industry 4.0 – New ways of cooperative working – are we prepared?

Industry 4.0 – New ways of cooperative working – are we prepared?
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
Seamus Carroll Civil Law Reform Division

Seamus Carroll Civil Law Reform Division
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
Overview General Data Protection Regulation (GDPR)

Overview General Data Protection Regulation (GDPR)
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Issues of personal data protection in scientific research

Issues of personal data protection in scientific research
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
Viewing the GDPR Through a De-Identification Lens

Viewing the GDPR Through a De-Identification Lens
The General Data Protection Regulation act (GDPR)

The General Data Protection Regulation act (GDPR)
WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information.

WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information.
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
General Data Protection Regulation

General Data Protection Regulation
KEY CHANGES TO THE DATA PROTECTION LANDSCAPE

KEY CHANGES TO THE DATA PROTECTION LANDSCAPE
International Regulatory Trends

International Regulatory Trends
GDPR Overview Gydeline – October 2017

GDPR Overview Gydeline – October 2017

Similar presentations

Ads by Google