Following the webinar on the GDPR, we are offering a series of four articles on the subject. Origin and Scope of the GDPR Personal Data: What You Can Do with It and How
- The Main Principles of the GDPR
- Practical Cases
- In this first article, we will discuss the origin and scope of the GDPR; the next will focus on the processing of personal data.
- Origin of the GDPR
The GDPR is a continuation of Article 8 of the ECHR (European Convention on Human Rights) on the right to respect for private and family life, as well as the French Data Protection Act of 1978.
The idea is to strengthen individuals’ rights, empower data processors, and increase cooperation between data protection authorities at the European level. The GDPR establishes the following:
Each country in the European Union must have an independent supervisory and advisory authority (in France, this is the CNIL). These are grouped together in the EDPB (European Data Protection Board). Administrative sanctions range from a simple warning to a penalty payment, including a fine of up to 4% of turnover and/or €20 million. Violations may be reported (in France, to the public prosecutor). Citizens have the right to review the processing of their data and the possibility of taking collective action (equivalent to the American class action). It applies to any resident (permanent or temporary) or company operating within the European Union: it may therefore conflict with the American Cloud Act. Please note that if a European travels (or lives) outside the European Union and connects to a non-European service, the regulation no longer applies. The data concerned is as follows (in descending order of importance): Sensitive : race or ethnicity, political or union opinion, sexual orientation, health, biometricsConsidered sensitive data : offense or conviction Sensitive data: account numbers (bank or otherwise) or trade secrets Non-sensitive data : names, postal and IP addresses, emails, and telephone numbers (landline and mobile) If you follow these four actions defined by the CNIL, you are well on your way to complying with the GDPR (Find the article here) Create a data processing registerSort your data Respect individuals’ rights Secure data Some links for further information Brief history1950: Article 8 of the ECHR (Right to respect for private and family life)
1974: Project Safari (interconnection of the personal data files of French administrations)
- 1978: Project abandoned and creation of The CNIL2004: Reform of the CNIL and extension of its rights by European Directive 95/46/EC 2016: EU Regulation 2016/679 (GDPR) 2018: Transposition of the GDPR into French law Legislation European Directive 95/46/ECLegislative file of the draft law on the protection of personal data The GDPR, how it worksThe GDPR explained line by line (freely accessible): Articles 1 to 23 Articles 24 to 50 Articles 51 to 99
- The Cloud Act Private sanctions: administrative criminal Personal dataClass action
- List of sensitive data