What Are The Data Protection Laws in Europe?

Constantin Macri 29/04/2023 | 15:42

General Data Protection Regulation (GDPR) is the data protection law in Europe. It was created in 2016 and was later implemented in 2018. This law deals with both privacy law and human rights law. The data protection law in Europe aims to provide more control to individuals over their personal data. At the same time, it eases the regulatory environment, which is essential for conducting international business. The success of the GDPR has served as a model for data protection laws for numerous other countries. The law houses eleven chapters in total, designed to give holistic protection to individuals and businesses. Listed below is a concise overview of the protection law. 


General Provisions

The first chapter of the GDPR defines the terms such as personal data, the data subject, processing and processor. It states that GDPR applies to organizations which are operating within the EU. Furthermore, it also applies to firms working outside the EU but serving their customers. Subsequently, most organizations need to cooperate with GDPR. 

Personal Data 

It states that in order to process any personal data, there should be at least one legal basis. One can collect personal data through informed consent. However, the organization should explicitly take consent for the data collection. Furthermore, it should state the purpose of the data collection. Also, the individuals have the right to withdraw their consent at any time. 

For example, if an organization uses the What Is My IP website to know the IP address of different people, it should state clearly why they are collecting this data and how they plan to use it. Also, after consenting to this data collection and procession, they have the right to withdraw their consent.

Rights Of Data Subjects 

It notes that there should be transparency in the data collection. Subsequently, the data controller is required to provide information to the data subject in plain language, which is easy to understand. Additionally, it talks about the individual’s right to access the collected data to know how one is planning to process their personal data. Finally, it states that individuals have the right to object to processing personal data. 

Duties Of Data Controllers/Processors 

Under this subpart, the data controllers are asked to disclose the information if they collect the data. Also, they need to provide a lawful basis for data collection and information on how long they plan to retain the data. 

The Principles Of GDPR 

The foundation of GDPR lies in the foundation of seven principles. The first principle requires lawfulness, fairness and transparency in the data processing. Correspondingly, one can use the data only for the purpose stated in the content, and this data should have a limited storage period. 

Furthermore, the organization collecting the data should ensure the accuracy of the data throughout all the steps of the data processing activity. The next principle deals with data minimization, which states that only the required data should be collected to perform an action. Besides, the firms collecting and processing the data should ensure their information security. The security measures should be sophisticated enough to prevent unauthorized access and data loss. Lastly, the organization should bring accountability to the process. 

How Does GDPR Benefit Individual Privacy Rights?

First and foremost, GDPR provides individuals with the right to be informed. One also gets the right to access all the personal data the organization has collected. The individuals likewise get the power to correct any inaccuracy in personal data. 

It provides the individual right to be forgotten, which, when exercised, allows individuals to ask for the deletion of personal data. The other rights that GDPR guarantees are the right to restrict processing, the right to objects, the right to data portability and the right to automated decision-making and profiling. 

The Penalties For Violating GDPR 

GDPR has proven to be a successful data protection law because of the heavy penalties associated with it when violated. The violation of GDPR includes a penalty fee of 4%of the organization’s annual global turnover or 20 million Euros. In fact, out of the two, only the higher fine is considered for the penalty. The top five organizations that have paid the highest penalty for violating GDPR are Amazon, WhatsApp, Google Ireland and Google LLC.  

BR Magazine | Latest Issue

Download PDF or read online: May (I) 2023 Issue | Business Review Magazine

The May (I) 2023 issue of Business Review Magazine is now available in digital format, featuring the main cover story titled “MedLife BVB performance highlights potential of Romania’s emerging
Constantin Macri | 17/05/2023 | 15:38

    You will receive a download link for the latest issue of Business Review Magazine in PDF format, based on the completion of the form below.

    I agree with the Privacy policy of business-review.eu

    I agree with the storage and handling of my data by business-review.eu

    Advertisement Advertisement
    Close ×

    We use cookies for keeping our website reliable and secure, personalising content and ads, providing social media features and to analyse how our website is used.

    Accept & continue