gdpr GDPR - Articles GDPR template

GDPR : Article 1-Subject-Matter and Objectives

by avinash v

GDPR is an addition to the EU Data Protection Framework. The regulation replaces the Data Protection Directive 95/46/EC, adopted in October 1995. Therefore, the regulation is also known as the EU General Data Protection Regulation, Reg. No. 765/2016.

GDPR , GDPR : Article 1-Subject-Matter and Objectives

The regulation sets out the rules for the free movement of personal data within the EU. It also establishes the right of individuals to have their data protected. Finally, it creates a single set of rules for protecting personal data in the EU.

  • Under the GDPR, all data controllers must appoint a Data Protection Officer (DPO), implement risk management processes, and establish an incident response plan. These are intended to help organizations deal with data breaches and protect the personal data of EU citizens.
  • Under the GDPR, organisations must protect user data from accidental or unauthorised alteration, or use. They must also ensure that data is quality controlled to protect against unauthorized access, alteration, or destruction. Lastly, they must take steps to ensure that individuals have the right to information about their data protection rights and access to it.
  • The GDPR also requires data controllers to provide customers with a data protection notice (DPN), which must be clear and concise. The DPN must explain the customer’s rights under the GDPR and be easily accessible.

Organisations that process data must disclose their contact information to the individual whose data is being processed. They must also inform individuals of their right to access their data, the right to rectify their data, the right to erasure their data, the right to object to data processing, the right to data portability, and the right to restriction.

The regulation applies to all companies that process the personal data of EU citizens. However, the law does not apply to companies that process the personal data of non-EU citizens.

GDPR Implementation Toolkit

The Regulation is Divided into Two Parts:

1. The General Data Protection Regulation

The GDPR sets out the rules for how personal data must be collected, processed, and stored by organisations operating in the EU. It also establishes new rights for individuals concerning their data. Finally, it creates enforcement mechanisms to ensure data controllers comply with the GDPR.
The GDPR applies to any organisation that processes the personal data of individuals in the EU, regardless of whether the organisation is based inside or outside of the EU.

2. The Data Protection Directive

The GDPR’s other central pillar complements the Directive, the General Data Protection Regulation, which contains provisions on enforcing the Directive and administrative and penal sanctions.
The Directive shall apply to the processing of personal data by controllers or processors established in the Union, whether the processing occurs in the Union.

GDPR Regulations

Pertinent Recitals

Recitals – 1

Data Protection as a Fundamental Right

Under GDPR, the recognition of data protection is a fundamental right. Article 8 of the European Charter of Fundamental Rights recognises the right to personal data protection as a fundamental right. The GDPR builds on this by giving individuals the right to have their data erased (“right to be forgotten”), data portability, and the right to object to data processing.

In addition, the GDPR requires companies to get explicit consent from individuals before collecting, using or sharing their data. Companies must also provide individuals with clear and concise information about their rights under GDPR and ensure they can easily exercise them.

Recitals - 2

Respect for the Fundamental Rights and Freedoms

The GDPR requires data controllers to respect data subjects' fundamental rights and freedoms. These rights include the right to data protection, the right to privacy, the right to information, the right to freedom of expression, the right to freedom of assembly, and the right to freedom of association.

Data controllers must take steps to protect data subjects’ rights and freedoms. They must also ensure that data processors comply with data protection laws.

Recitals – 3

Directive 95/46/EC Harmonization

Directive 95/46/EC is the Data Protection Directive. The Directive sets out specific regulations surrounding data protection, including the principles of data protection, the rights of data subjects, and the obligations of data controllers.

The GDPR builds on Directive 95/46/EC and includes several new provisions, including the right to be forgotten, the right to data portability, and the obligation to report data breaches. The GDPR also contains several provisions designed to harmonize data protection law across the EU.

Recitals – 4

Data Protection in Balance With Other Fundamental Rights

The General Data Protection Regulation (GDPR) is a set of rules that strike this balance. It ensures that personal data is processed fairly, transparently and consistently.

The GDPR applies to all data controllers and processors within the European Union. It outlines how personal data must be collected, processed, and stored. It also gives individuals the right to know what personal data is being collected about them and to have that data erased.

Recitals – 5

Co-operation between Member States to Exchange Personal Data.

Under the GDPR, data controllers are required to implement measures to protect the personal data of individuals and to take steps to ensure that the data is processed fairly and transparently. They must also ensure that the data is accurate and up-to-date and only used for the purposes for which it was collected.

Data controllers are also required to cooperate with data protection authorities to exchange personal data and comply with their requests for information.

Recitals – 6

Ensuring a High Level of Data Protection Despite The Increased Exchange of Data

The GDPR also requires companies to ensure that personal data is protected and provide individuals with information about how their data will be used.

To comply with the GDPR, companies must ensure that they have strong data protection policies and procedures. They also need to ensure that they are exchanging data with other companies to protect their customers' personal data.

GDPR Implementation Toolkit

Recitals – 7

The Framework Is Based On Control and Certainty.

The framework is based on control and certainty in GDPR. The law stipulates that data controllers must take steps to ensure that personal data is processed fairly, transparently and with respect for the individual’s rights. Furthermore, data controllers must take steps to ensure that personal data is accurate and up to date.

Recitals – 8

Adoption Into National Law

The regulation contains several provisions that member states must implement into national law. These provisions relate to the rights of data subjects, the duties of data controllers, and the powers of supervisory authorities.

Recitals – 9

Different Standards Of Protection By Directive 95/46/EC

The GDPR is the EU’s response to the challenges posed by the rapid development of information and communication technologies and globalization. It replaced the 1995 Data Protection Directive (95/46/EC), the EU’s response to technological advances.

The GDPR builds on the existing framework set out in the 1995 Directive. It strengthens the rules on data protection, creates new rights for individuals, and gives supervisory authorities more extraordinary powers to enforce those rules.

Recitals – 10

Harmonised level of data protection despite the national scope

The GDPR sets out the rules for how personal data must be collected, processed and stored by organizations operating in the EU. It also establishes new rights for individuals concerning their data. Finally, it creates enforcement mechanisms to ensure data controllers comply with the GDPR.

Under the GDPR, all data controllers must appoint a Data Protection Officer (DPO). The DPO monitors compliance with the GDPR and ensures that data subjects’ rights are respected.

Recitals - 11

Harmonisation Of The Powers And Sanctions

Enforcement of the GDPR is the responsibility of each EU member state. Each member state has its data protection authority (DPA) with the power to investigate and sanction businesses that breach the GDPR. The DPA can impose administrative fines of up to €20 million or 4% of a business’ global annual revenue, whichever is greater.

Recitals – 12

Authorization Of The European Parliament and The Council

The GDPR requires data controllers to implement risk management processes and establish incident response plans. The European Parliament and the Council must approve these plans.

The GDPR also gives data subjects new rights, including the right to data portability and forgetting. Finally, the GDPR imposes significant fines for companies that violate its provisions, including up to 4% of a company’s global annual revenue or €20 million (whichever is greater).

Recitals – 13

Taking Account Of Micro, Small and Medium-Sized Enterprises

MSMEs are not exempt from the GDPR. However, the regulation includes specific provisions to help MSMEs comply with its requirements. For example, the GDPR consists of data protection by design and data protection by default provision, which requires businesses to implement data protection measures from the onset of data processing activities.

This will help MSMEs to avoid costly mistakes when implementing data protection measures.
MSMEs will also benefit from the GDPR’s provisions on data portability and data subject access requests.

GDPR Implementation Toolkit

More from: gdpr GDPR - Articles GDPR template
Back to GDPR Articles