Regulation is the main normative act in European law. Its role is comparable to the law in every Member State. It applies to an unlimited and indefinite range of entities, contains rules of a general nature and is effective for all Member States and abstract for all individuals. The regulation establishes normative principles, defines the conditions for their implementation and their legal consequences.
Its purpose is to regulate public relations within the Member States, with daily direct relevance, with direct effect and effect on all. EU regulations directly regulate public relations through regulations. They are binding in their entirety - this distinguishes them from directives that are binding only on the result they prescribe. Each Member State is obliged to comply with the regulations. It may not selectively or partially implement a regulation, regardless of its position when adopting the act. Another essential element is that no Member State has the right to amend or supplement a regulation by its own act. It is obliged to sanction any violation or non-performance thereof, whether the offender is a public authority or an individual. The basic quality of the regulation is its direct applicability and direct effect, which are contained in the principle of primacy of Community law, legally enshrined in Art. 288 TFEU.
What is the purpose of GDPR, or what necessitated its adoption?
The answer to this question is contained in the first lines of Regulation (EU) 2016/679, and in particular in the second sentence of recital 2:
"This Regulation aims to contribute to the creation of an area of freedom, security and justice and to an economic union, to economic and social progress, to the strengthening and convergence of economies within the internal market, and to the well-being of people. "
This is the ultimate "coveted" objective of the European Union, and in particular of the GDPR. It must be backed up, guaranteed with and in accordance with the principles, rules and RIGHT of protection of personal data of individuals located within the EU. The subject matter and objectives of Regulation (EU) 2016/679 are contained in its general provisions, in particular Art. 1 to Art. 3.
The reasons for attaining these objectives - to ensure the security and protection of the personal data of individuals are listed exhaustively from recital (4) to recital (7), inclusive. The prosperity of technology and the economy have created new challenges to the security of personal data of individuals, while guaranteeing all human rights and freedoms. This is where GDPR intervenes. The General Data Protection Regulation establishes requirements for the flow of personal data in the public and private sectors. It is not intended to suspend or prohibit the exchange and collection of personal data, but to regulate and channel it in a manner that guarantees data security. Applying the necessary safeguards will make it easier to detect leakage of personal data and to suspend or restrict unauthorized access. Any access, transfer or processing should leave its mark. Take accounting for comparison - it is not intended to stop cash flow but to control and "explain" it.
PERSONAL DATA – any information relating to an identified or identifiable individual;
DATA SUBJECT –a person who can be identified, directly or indirectly, in particular by an identifier such as a name, identification number, location data, online identifier, or by one or more physical, physiological, genetic, the mental, mental, economic, cultural or social identity of that individual;
PROCESSING– any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as collection, recording, organizing, structuring, storing, adapting or changing, extracting, consulting, using, disclosing by transmission , disseminating or otherwise making the data accessible, arranging or combining, limiting, deleting or destroying them;
RESTRICTION OF PROCESSING– marking of stored personal data in order to limit their processing in the future;
PSEUDONYMISATION – the processing of personal data in such a way that personal data can no longer be linked to a specific data subject without using additional information, provided that it is stored separately and subject to technical and organizational measures in order to ensure that personal data are not linked to an identified or identifiable individual;
CONTROLLER- a natural or legal person, public authority, agency or other entity that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for determining it may be laid down in Union law or in the law of the Member State;
PROCESSOR- a natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller;
CONSENT OF THE DATA SUBJECT- any freely expressed, specific, informed and unambiguous indication of the data subject's will, by means of a statement or clearly affirmative action expressing his / her consent to the processing of personal data related to him / her;
PERSONAL DATA BREACH- a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or processed in another way.
Principles of the processing of personal data pursuant to Regulation (EU) 2016/679
Legality, Integrity and Transparency -Your data have been processed in accordance with applicable law, in good faith and in a transparent manner with respect to the data subject;
GOAL LIMITATION - your data is collected for specific, explicitly stated and legitimate purposes and is not further processed in a manner incompatible with those purposes;
MINIMIZING DATA - the types of data we collect are relevant, relevant and limited to the minimum necessary for the purposes for which they are processed;
ACCURACY - accurate and, where necessary, kept up-to-date, taking all reasonable steps to ensure that personal data are deleted or corrected in a timely manner, taking into account the purposes for which they are processed;
RETENTION LIMIT - your data is stored in a form that allows the data subject to be identified for a period no longer than is necessary for the purposes for which the personal data are processed;
INTEGRITY AND CONFIDENTIALITY- processed in such a way as to guarantee an adequate level of personal data security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or corruption, by applying appropriate technical or organizational measures.