Personal data protection / VP Securities

Personal data protection

What does it mean?

Whenever you open a bank account, join a social networking website, joining a gym, applying for loyalty cards in shops and department stores or book a flight online, you hand over vital personal information such as your name, address, and credit card number.

  • What happens to this data?
  • Could it fall into the wrong hands?
  • What rights do you have regarding your personal information?

Rapid technological developments and globalisation, the increasing scale of collection and sharing of personal data and the increase in cross-border flows of personal data have brought new challenges for the protection of personal data.

Such developments require a strong and more coherent data protection framework.

The EU Commission have introduced a single law with the primary objective to give citizens back control of their personal data. The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) aims to harmonise data protection laws in the EU that are fit for purpose in the digital age and should bring better transparency to help support the rights of individuals and grow the digital economy. The regulation takes effect on the 25 May 2018.

 

Definition of extent

 Rights

 Enforcements

 Principles

Harmonised legislation in the EU Legitimate interest Independent authority Data minimisation
Wider definition of personal data Consent European Data Protection Supervisor Privacy by design
Expanded geographical range Complaints Fines Data Protection Impact Assessments (DPIA)
Information regime Right to insight  
Data Protection Officer (DPO) Right to correction    
‘One-stop-shop’ Right to be forgotten    
International data transmission Right to data portability    
  Profiling    

Who does GDPR effect?

The regulation applies to businesses established in the EU, as well as to businesses based outside the EU that offer goods and services to, or that monitor, individuals in the EU. All companies in scope for the regulation needs to adapt to the new requirements.

VP has adapted to GDPR.

The latest publications relating to GDPR can be found here.

Read the regulation: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf