Skip to main content

General Data Protection Regulation (GDPR) vs. 95/46 Directive


The first point to note here is that GDPR is a regulation and not a directive. Earlier 95/46 was a directive.

What is the difference between Regulation and Directive?


Regulations have binding legal force throughout every Member State and enter into force on a set date in all the Member States. 

Directives lay down certain results that must be achieved but each Member State is free to decide how to transpose directives into national laws


Plus, on Brexit UK need not follow GDPR regulation in which case UK may have to pass separate law to implement GDPR. This will be decided under terms and conditions for Brexit.

When GDPR was passed and when it will be applicable?


The GDPR was approved by EU Parliament on 14 April 2016. It will enter in force 20 days after its publication in the EU Official Journal and will be directly applied in all member states two years after this date.

Enforcement Date: 25 May 2018 – at which time those organizations in non-compliance will face heavy fines.

The GDPR will replace Directive 95/46 and create an even more robust privacy framework that will include mandatory data breach requirements, the right to be forgotten, increased penalties and more.

What are the Major Changes in GDPR that will impact others outside EU?


Main Two Points about GDPR

è The biggest change is GDPR applies to all companies processing the personal data of subjects (Subject can be anybody whose data is being processed) residing in the union, regardless of the company’s location. It will apply to the processing of personal data by controllers and processors in the EU, regardless of whether processing takes place in the EU or not.

è Penalties

4% of annual global turnover or 20 Million (Whichever is greater) à this is applicable in case of most serious infringement.

It is important to note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement.

Now, First we will discuss about rights under Directive 95/46/EC and then about GDPR Rights for Subjects

One more important point to discuss is 

Privacy by Design (Controller shall implement appropriate technical and organizational measures in an effective way in order to meet the requirements of this Regulation and protect the rights of data subjects). 

In this case, organizations have to implement mechanisms to protect the data. 

What is Directive 95/46/EC ?


It is a regulation adopted by the European Union to protect the privacy and protection of all personal data collected for or about citizens in the EU, especially as it relates to processing, using or exchanging such data.

Important Principles of the directive à

1.       Subjects whose data is being collected should be given notice of such collection and who is collecting
2.       Data should be kept safe from potential abuse, theft or loss
3.       Data should not be disclosed to third parties without consent of the subject
4.       Subjects should granted access and be allowed to correct any inaccuracies
5.       Data should be used only for stated purpose and subjects should be able to hold personal data collectors accountable for adhering to all these principles

Now, let us take a look at GDPR

What are the New Data Subject Rights introduced in GDPR?


1.       Breach Notification (Where data breach is likely to result in a risk for the rights and freedoms of individuals).

2.       Right to access (It discusses about the right of data subject to obtain confirmation as to whether or not personal data concerning them is being processed, where and for what purpose)

3.       Right to be forgotten (Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. )

4.       Data Portability (GDPR introduces data portability - the right for a data subject to receive the personal data concerning them, which they have previously provided in a 'commonly use and machine readable format' and have right to transmit the data to another controller)

Comments

Post a Comment

Popular posts from this blog

Difference Between IT Governance and GEIT (Governance of enterprise IT)

Chapter 1 Concepts of governance and management of enterprise IT DIFFERENCE BETWEEN IT GOVERNANCE AND GEIT According to our study material, IT Governance refers to the system in which directors of the enterprise evaluate, direct and monitor (First they evaluate i.e. form an opinion, then they direct i.e. what should be done and then in last they monitor i.e. what should be done is actually being done.)  IT Management to ensure  effectiveness, accountability and compliance  of IT. My dear friends, note the line (effectiveness, accountability and compliance of IT) i.e. only of IT. Now what is GEIT???? lets start with a definition..... GEIT is the system by which IT activities in a company are directed and controlled to achieve business objectives with the ultimate objective of meeting stakeholders needs.  And as given in earlier post  Corporate Governance  is a system by which  company  is  directed and controlled  to achieve objectives of increasing stakeholder
8 comments
Read more

Work Day Interface PECI (Human Capital Management) Introduction

Workday is a very popular Human Capital Management Software but they do not have good Payroll Processing Capabilities which is the final outcome of a Human Capital Software. To address this, they have given a good interface i.e. PECI Interface i.e. (Payroll Effective Change Interface). It is latest interface version given by Workday for integrating Human Capital Software with a Payroll and Statutory Compliance Software for calculating organisation tax compliance and Employee Salary. In this article, let us discuss the strengths and weakness of Workday interface and how organisations can overcome that. Strengths: This workday interface extract all the transactions in XML format which is very easy to analyse and study for any potential error or gap. It works on Pay Group ID logic where data is interfaced as per pay group id mapped to employees. With each transaction, Workday PECI use 'Update' or 'Added' Flag so Payroll vendor can easily identify the tran
6 comments
Read more

Macau (SAR) Tax with Calculator

Link to Macau Tax Calculator:  http://www.dsf.gov.mo/tax/tax_downloadapps.aspx?lang=en Introduction ·          Individuals are subject to tax on income arising in Macau. Residency of an individual has no significance in determining tax liability. ·          Professional Tax is imposed on employment and self-employment income arising in Macau. For the purpose of tax, taxpayers are divided into employees and professional practitioners. ·          Tax Year End is 31st December. ·          PAYE System is used to withhold taxes ·          TFN: When an individual commences employment, they will be requested to quote their Tax File Number (TFN) to their employer. ·          Tax Amount is rounded up to the nearest dollar. ·          When are estimates/prepayments/withholding of tax due in Macau? For example: monthly, annually, both, and so on. ·          Monthly for expatriates, quarterly for Macau residents and non-residents with a working permit. Types of Taxable C
8 comments
Read more