Right to privacy
One of the most important human rights in modern society is the right to privacy.
Each of us encounters privacy protection every day. We often do not even know that this right has been violated. However, due to the increasing number of new technologies, the need for privacy protection is fast becoming something that we should all be aware of. Even though it’s included in the Constitution, violations still occur.
As trust in supervision of data has been lost in this world, where an enormous amount of personal data is available with a single click online, the European Parliament and Council of the European Union adopted in 2016 the new General Data Protection Regulation, which enters into force on 25 May 2018.
The adoption of the Regulation is the result of changes
The General Data Protection Regulation was proposed by the European Commission in 2012 with the purpose of updating and reforming the provisions of the Data Protection Directive from 1995.
In the time since the adoption of the Directive in 1995, the development of modern information and communication technologies resulted in extensive changes in the scope, intensity, and transfers of personal data, which require adaptations and updates of the legal framework. The unified and updated legislation on data protection is essential for ensuring the individuals’ basic rights to protection of personal data and the development of digital economy.
In 2010, the Commission presented to the European Parliament and Council the “Communication on a comprehensive approach on personal data protection in the European Union
”, which was adopted by both institutions, resulting in the adopted proposal on the reform of data protection by the Commission in 2012.
The Regulation lists the rights of individual to whom the personal data refers, i.e. individual whose personal data is processed.
Key changes implemented by the Regulation for individuals that are worth remembering:
Obligations of data controllers and processors
- Explicit consent for processing of specific personal data, which means that an individual decides what they want a certain company to know about them and which data they can process.
- An individual can at any time access their personal data and request that data be rectified, forgotten, or erased.
- An individual decides what they want to be informed about by a certain company (articles, sales campaigns, events, etc.).
- An individual can request a transfer of certain data to another controller.
- A company cannot store individual’s data for an indefinite period – such a period must be precisely defined in accordance with regulation.
The Regulation lists in detail the general obligation of controllers and persons processing data on their behalf (processors). Among these obligations are the obligation to implement appropriate safeguards and the obligation of official notification of breaches
of personal data security. In accordance with the Regulation, companies shall appoint official data protection officers
The Regulation also emphasises (previous) executions of personal data protection impact assessments
, and the obligation to notify the supervisory authority
in the event of security incidents, e.g. loss of personal data, as well as notification of all affected individuals in certain cases.
According to the Regulation, every member state must establish and appoint an independent supervisory authority, which shall, amongst others,
be in charge of implementing mechanisms for consistent enforcement of data protection regulation. It is essential that, in the event personal data is processed in more than one member state, there is only one lead supervisory authority, in principle, in charge of all such activities.
The Regulation also includes the establishment of the European Data Protection Board
, which will include all 28 independent supervisory authorities.
According to the new Regulation, an individual will be able to file a complaint with the supervisory authority; in the event of disagreement with its decision or its lack of action, an individual is entitled to legal remedies against the decision of the supervisory authority and damages.
Very strict penalties are defined for controllers and processors in breach of data protection rules, issued by national data protection authorities.
GDPR, personal information, and SKAZA
At Skaza, we have great respect for individuals’ privacy, and handle personal data responsibly, in accordance with the legislation and company bylaws. Every individual granting their consent will be informed of the purpose of data use and all their associated rights. We will be available at all times for any questions regarding data processing and individual rights.