What constitutes personal data processing? Data processing is any operation performed on personal data. It includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

personal data must be processed in a lawful and transparent manner, ensuring fairness towards the individuals whose personal data is being processed (‘lawfulness, fairness and transparency’); there must be specific purposes for processing the data and the company/organisation must indicate those purposes to individuals when collecting their ...

2018年12月11日 · Data Protection Regulation for EU institutions, bodies, offices and agencies (EUDPR) Regulation 2018/1725 sets forth the rules applicable to the processing of personal data by European Union institutions, bodies, offices and agencies. It is aligned with the General Data Protection Regulation and the Law Enforcement Directive.

2024年7月25日 · The EU has established international data protection agreements to ensure that EU citizens' personal data remains protected even if transferred outside the EU. EU data protection legislation includes safeguards for when transferring data to third countries, including adequacy decisions, standard contractual clauses (SCC) and binding corporate ...

2004年9月12日 · The GDPR protects personal data regardless of the technology used for processing that data – it’s technology neutral and applies to both automated and manual processing, provided the data is organised in accordance with pre-defined criteria (for example alphabetical order). It also doesn’t matter how the data is stored – in an IT system ...

The directive for the police and criminal justice sector protects citizens' fundamental right to data protection whenever personal data is used by criminal law enforcement authorities. It will in particular ensure that the personal data of victims, witnesses, and suspects of crime are duly protected and will facilitate cross-border cooperation ...

The protection offered by the General Data Protection Regulation (GDPR) travels with the data, meaning that the rules protecting personal data continue to apply regardless of where the data lands. This also applies when data is transferred to a country which is not a member of the EU (hereinafter referred to as 'third country').

A personal data breach occurs when there’s a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data processed. If this happens, the organisation holding the personal data must notify the supervisory authority without undue delay.

The following personal data is considered ‘sensitive’ and is subject to specific processing conditions: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs; trade-union membership; genetic data, biometric data processed solely to identify a human being; health-related data;

Rules on the length of time personal data can be stored and whether it needs to be updated under the EU’s data protection rules. How much data can be collected? Rules on volumes of data that can be collected from individuals under the EU data protection law.