General Data Protection Regulation (GDPR)

The GDPR is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. The GDPR is an important component of EU privacy law and of human rights law, in particular Article 8 of the Charter of Fundamental Rights of the European Union.

(This document is not extensive).

​​ Restrictions on using PII

GDPR imposes strict restrictions on how PII can be used, which prohibits its use unless there is a legal basis. There is a legal basis if one of the following is true:

1. The data subject has given consent to the processing of his or her personal data
2. To fulfill contractual obligation with a data subject, or for tasks at the request of the data subject who is in the process of entering a contract,
3. To comply with a data controller’s legal obligations,
4. To protect vital interests of a data subject or other individual,
5. To perform a task in the public interest or in official authority,
6. For the legitimate interests of a data controller or third party, unless these are overridden by the interest of the data subject.

​​ Rights of the Data Subject

1. Transparency and Modalities (explain how data is used),
2. Information and Access
3. Rectification and Erasure
4. Right to object to automated decisions

​​ Sources

• https://en.wikipedia.org/wiki/General_Data_Protection_Regulation Open external link
• https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en Open external link