SlideShare a Scribd company logo

Key principles for data protection & lawful protection in GDPR

Download as PPTX, PDF
Dr. Marinos Papadopoulos
Dr. Marinos Papadopoulos

Guest lecture 11 - Dr. Marinos Papadopoulos' presentation for his lecture to students of Edith Cowan University, School of Business & Law (Perth, Australia) on all the key principles providing the basis for the protection of personal data in consideration of the GDPR Regulation in Europe and on the lawful processing principle.

Law
1 of 22
Key-principles for data protection & lawful protection in GDPR Dr. Marinos Papadopoulos Attorney-at-Law Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 1
Key-principles for data protection Article 5 of GDPR lays down all the key principles for data protection. These are: 1. Lawfulness, Fairness & Transparency 2. Purpose limitation 3. Data minimization 4. Accuracy 5. Storage limitation 6. Integrity & Confidentiality 7. Accountability Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 2
Lawfulness, Fairness & Transparency (art.5(1)(a) GDPR)  Lawful processing: only if and to the extent that at least one of the conditions listed in article 6 of GDPR applies.  Fair processing: data have not been obtained nor otherwise processed through unfair means, by deception or without the data subject’s knowledge.  Transparent processing: natural persons should know that personal data concerning them are collected, used, consulted or otherwise processed. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 3
The purpose limitation principle (art.5(1)(b) GDPR)  Purpose limitation is the cornerstone principle for data protection in GDPR.  Limited purposes processing: data may only be collected for specified, explicit and legitimate purposes (the purpose specification dimension) and may not further processed in a manner that is incompatible with those purposes (the compatible dimension).  Purposes for processing personal data should be determined in the beginning at the time of the collection of the personal data.  The purposes of data processing should be unambiguous and clearly expressed instead of being kept hidden. The compatible dimension Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 4
The compatible dimension of the purpose limitation principle  Article 6(4) GDPR: criteria to determine whether the processing for a purpose other than that for which personal data have been collected is to be considered compatible with the initial purpose. 1. If the data subject consents to a new incompatible purpose 2. If the processing is based on an EU or national law  Article 89(1) GDPR: certain reuses of data are considered a priori as compatible regarding further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 5
The data minimization principle (art.5(1)(c) GDPR)  Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.  The necessity requirement: personal data should only be processed if the purposes cannot be reasonably fulfilled by other means.  The necessity requirement does not only refer to the quantity of data but also refers to the quality of data processed.  The limited to what is necessary criterion also requires ensuring that the period for which personal data are stored is limited to a strict minimum. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 6
The accuracy principle (art.5(1)(d) GDPR)  All data collected and processed must be accurate and be kept up to date. All inaccurate data must be either rectified or erased. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 7
The storage limitation principle (art.5(1)(e) GDPR)  Data processed should not be stored in a form that permits identification of data subjects beyond the time necessary to achieve the purposes of processing.  Controllers must establish time limits for erasure or for a periodic review of the need for the storage of data.  Procedural measures must be adopted to ensure that time limits for the storage of data are observed.  Controllers must implement appropriate technical and organizational measures for ensuring that the legitimate period of storage of personal data is respected.  The storage limitation of data principle permits storage of personal data for longer periods if it is for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, and is subject to the implementation of appropriate technical and organizational measures in order to safeguard the rights and freedoms of the data subjects. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 8
The integrity & confidentiality principle (art.5(1)(f) GDPR)  Personal data must be processed in a manner that ensures their appropriate security including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organizational measures.  Articles 32-34 of GDPR are dedicated to Controllers and Processors’ duty of security.  The requirement to notify personal data breaches to the supervisory Data Protection Authority. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 9
The accountability principle (art.5(2) GDPR)  The Controller must be able to demonstrate that the processing of personal data is in compliance with the legal rules (accountability).  Article 24 of GDPR is dedicated to the responsibility of the Controller to demonstrate lawful processing in compliance with all the legal rules. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 10
Court of Justice (CJ) of the EU cases – Relevant Case Law  CJEU, Case C-201/14 Bara and Others v Case Nationala de Asigurari de Sanatate and Others, regarding the requirement for fair processing of personal data, available at CURIA (InfoCuria Case Law).  CJEU, Joined Cases C-92/09 & C-93/09 Volker und Markus Schecke GbR and Hartmut Eifert v Land Hessen, regarding the principle of proportionality which is part of the requirement for a legitimate purpose in the processing of personal data, available at CURIA (InfoCuria Case Law).  CJEU, Joined Cases C-293/12 & C-594/12, Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources and Others and Karntner Landersregierung and Others, regarding the principle of proportionality which is part of the requirement for a legitimate purpose in the processing of personal data, available at CURIA (InfoCuria Case Law).  CJEU, Joined Cases C-203/15 & C-698/15, Tele2 Sverige AB v Post-och telestyrelesen and Secretary of State for the Home Department v Tom Watson and Others, regarding lawful processing of personal data, available at EUR-lex.  CJEU, Case C-708/18, TK v Asociatia de Proprietari bloc M5A-ScaraA, regarding the principle of proportionality which is part of the requirement for a legitimate purpose in the processing of personal data, available at CURIA (InfoCuria Case Law). Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 11
The lawful processing principle (art.6(1) GDPR)  Article 6(1) of GDPR lays down all the six grounds for making processing of personal data lawful. Controllers must be able to demonstrate that at least one of these grounds applies to their processing of personal data.  The GDPR exclusive grounds for lawful processing of personal data are: 1. Consent of the data subject (art.6(1)(a) GDPR) 2. Contract and precontractual relationship (art.6(1)(b) GDPR) 3. Processing for legal compliance with the legal obligation to which the Controller is subject (art.6(1)(c) GDPR) 4. Processing which is necessary in order to protect the vital interest of the data subject or of another natural person (art.6(1)(d) GDPR) 5. Processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller (art.6(1)(e) GDPR) 6. Processing on the grounds of legitimate interests pursued by the Controller or by a third party (art.6(1)(f) GDPR) Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 12
Consent of the Data Subject (art.6(1)(a) GDPR)  Processing of personal data is lawful if the data subject has allowed for processing in a way which satisfies the conditions for valid consent as defined in article 4(11) and articles 7 & 8 of GDPR.  Where the elements that constitute valid consent are unlikely to be present and where the data subject cannot decide in the absence of social, financial, psychological or other pressure, the element of ‘free consent’ is not secured and consent of the data subject is therefore not valid. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 13
Contract & precontractual relationship (art.6(1)(b) GDPR)  To the extent that processing data about one’s contractual or precontractual partner (the data subject) is necessary for the fulfilment of a contract or the establishment of a precontractual relationship by the other contractual or precontractual partner (the Controller), the latter has a legal basis for the processing operations on these data.  An assessment of the necessity of processing of personal data in a contractual or precontractual relationship must be made. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 14
Legal compliance with legal obligation (art.6(1)(c) GDPR)  This ground for lawful processing applies for legal compliance with a legal obligation stemming from either EU or national law to which the Controller is subject.  The law should necessitate the processing of data of others in order for the Controller to be able to fulfil a legal obligation.  This ground for lawful processing covers also cases in which the Controller’s obligation is not entirely specified in law, but by an additional legal act under public law such as secondary or delegated legislation or even by a binding decision of a public authority in a concrete case. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 15
Protection of the vital interests (art.6(1)(d) GDPR)  Article 6(1)(d) of GDPR pertains to the lawful processing in order to protect the vital interests either of the data subject or of another third person.  Recital 46 of GDPR describes the ‘vital interest’ as one which is essential for the life of an individual. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 16
Performance of a task in the public interest or exercise of official authority (art.6(1)(e) GDPR)  This ground for lawful processing is the general basis of personal data processing for public sector purposes.  Processing of personal data under article 6(1)(e) of GDPR is necessary for a task which shall be carried out in the public interest or in the exercise of official authority and has been entrusted to the Controller.  Processing in this context is lawful if it is necessary and is necessary if it promotes good governance in the sense that it makes the performance of the public authority more effective and facilitates activities which are in the public interest and are foreseen by law. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 17
Legitimate interests (art.6(1)(f) GDPR)  This ground for lawful processing pertains to the legitimate interests of private sector Controllers.  The legitimate interest is an interest which is visibly, although not necessarily explicitly, recognized by law, either EU law or national law. Mere commercial interests do not suffice to establish ‘legitimate interest’.  Legitimate interests of either the Controller or a third party’s interests.  A Controller intending to rely on article 6(1)(f) of GDPR for data processing must perform a balancing test in accordance with the principle of proportionality before the processing.  The decisive criterion for the Controller’s balancing test is the intensity of intervention that the processing in question poses to the rights and freedoms of the data subjects. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 18
Compatible further processing (art.6(4) GDPR)  Compatible further processing is not an additional legal basis. The legal basis for the initial processing is applicable to compatible further processing.  Article 6(4) of GDPR provides tools for the assessment of the compatibility of further processing. These tools are the following: 1. any link between the purposes for which the personal data have been collected and the purposes of the intended further processing; 2. the context in which the personal data have been collected, in particular regarding the relationship between data subjects and the controller; 3. the nature of the personal data, in particular whether special categories of personal data are processed, pursuant to art.9, or whether personal data related to criminal convictions and offences are processed, pursuant to art.10; 4. the possible consequences of the intended further processing for data subjects; 5. the existence of appropriate safeguards, which may include encryption or pseudonymization. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 19
Court of Justice (CJ) of the EU cases – Relevant Case Law  CJEU, Case C-524/06 Heinz Huber v Bundesrepublik Deutschland, regarding processing of personal data carried out in the public interest, available at CURIA (InfoCuria Case Law).  CJEU, Case C-582/14, Patrick Breyer v Bundesrepublik Deutschland, regarding processing of personal data on the grounds of legitimate interests of the Controller, available at CURIA (InfoCuria Case Law).  CJEU, Case C40/17, Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW eV regarding processing of personal data on the grounds of legitimate interests of the Controller, available at CURIA (InfoCuria Case Law). Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 20
Further Reading  The Information Accountability Foundation, (May 25, 2021), The FAIR and OPEN USE Act: A Demonstration of Accountability-Based Legislation To Assure the Fair Processing of Data Pertaining to People, available at URL: https://secureservercdn.net/192.169.221.188/b1f.827.myftpupload.com/wp-content/uploads/2021/06/FAIR-and-OPEN-USE-Act-May-26- 2021.pdf?time=1633465269  European Union Agency For Fundamental Rights, (May 25, 2018), Handbook on European data protection law, available at URL: https://fra.europa.eu/en/publication/2018/handbook-european-data-protection-law-2018-edition  European Data Protection Board, Guidelines, Recommendations, Best Practices, available at URL: https://edpb.europa.eu/our-work-tools/general-guidance/guidelines-recommendations-best-practices_en  European Data Protection Supervisor, (August 9, 2021), EDPS Guidance on Return to the Workplace and EUIs’ screening of COVID immunity or infection status, available at URL: https://edps.europa.eu/system/files/2021-08/21-08- 09_guidance_return_workplace_en_0.pdf Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 21
Dr. Marinos Papadopoulos Attorney-at-Law Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 22

Recommended

TDM of National Libraries in the EU.pptx
TDM of National Libraries in the EU.pptxTDM of National Libraries in the EU.pptx
TDM of National Libraries in the EU.pptx
Dr. Marinos Papadopoulos
 
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
ioannis iglezakis
 
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
Kinfe Micheal Yilma
 
Privacy and Data Protection in Research
Privacy and Data Protection in ResearchPrivacy and Data Protection in Research
Privacy and Data Protection in Research
Marlon Domingus
 
Right to be forgotten final paper
Right to be forgotten final paperRight to be forgotten final paper
Right to be forgotten final paper
reporter1120
 
The interface between data protection and ip law
The interface between data protection and ip lawThe interface between data protection and ip law
The interface between data protection and ip law
Francesco Banterle
 
20200504_Research Data & the GDPR: How Open is Open?
20200504_Research Data & the GDPR: How Open is Open?20200504_Research Data & the GDPR: How Open is Open?
20200504_Research Data & the GDPR: How Open is Open?
OpenAIRE
 
2013 02 22_w_wiewiorowski_epsi
2013 02 22_w_wiewiorowski_epsi2013 02 22_w_wiewiorowski_epsi
2013 02 22_w_wiewiorowski_epsi
ePSI Platform
 

Recommended

TDM of National Libraries in the EU.pptx
TDM of National Libraries in the EU.pptxTDM of National Libraries in the EU.pptx
TDM of National Libraries in the EU.pptx
Dr. Marinos Papadopoulos
 
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
The Right To Be Forgotten in the Google Spain Case (case C-131/12): A Clear V...
ioannis iglezakis
 
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
The Right to Be Forgotten: Remarks on Its Impact on Free Speech and Right of ...
Kinfe Micheal Yilma
 
Privacy and Data Protection in Research
Privacy and Data Protection in ResearchPrivacy and Data Protection in Research
Privacy and Data Protection in Research
Marlon Domingus
 
Right to be forgotten final paper
Right to be forgotten final paperRight to be forgotten final paper
Right to be forgotten final paper
reporter1120
 
The interface between data protection and ip law
The interface between data protection and ip lawThe interface between data protection and ip law
The interface between data protection and ip law
Francesco Banterle
 
20200504_Research Data & the GDPR: How Open is Open?
20200504_Research Data & the GDPR: How Open is Open?20200504_Research Data & the GDPR: How Open is Open?
20200504_Research Data & the GDPR: How Open is Open?
OpenAIRE
 
2013 02 22_w_wiewiorowski_epsi
2013 02 22_w_wiewiorowski_epsi2013 02 22_w_wiewiorowski_epsi
2013 02 22_w_wiewiorowski_epsi
ePSI Platform
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
blogzilla
 
CINECA webinar slides: Ethical, legal and societal issues in international da...
CINECA webinar slides: Ethical, legal and societal issues in international da...CINECA webinar slides: Ethical, legal and societal issues in international da...
CINECA webinar slides: Ethical, legal and societal issues in international da...
CINECAProject
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy law
blogzilla
 
Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics' Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics'
Axon Lawyers
 
euregs
euregseuregs
euregs
bwgoodman
 
European Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search EnginesEuropean Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search Engines
David Erdos
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...
Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...
Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...
Enrico Denti
 
Open legislation in Romania
Open legislation in RomaniaOpen legislation in Romania
Open legislation in Romania
bmanolea
 
An itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchAn itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and research
Marlon Domingus
 
"Information Compliance - Freedom of Information, Data Protection and Librari...
"Information Compliance - Freedom of Information, Data Protection and Librari..."Information Compliance - Freedom of Information, Data Protection and Librari...
"Information Compliance - Freedom of Information, Data Protection and Librari...
Terry O'Brien
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
Lisa Catanzaro
 
Watchdog exekucí
Watchdog exekucíWatchdog exekucí
Watchdog exekucí
Tereza Libecajtová
 
Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...
BCC - Solutions for IBM Collaboration Software
 
Data Protection / EU Counter-Terrorism policy
Data Protection / EU Counter-Terrorism policyData Protection / EU Counter-Terrorism policy
Data Protection / EU Counter-Terrorism policy
European Economic and Social Committee - SOC Section
 
Investigating cybercrime at the United Nations
Investigating cybercrime at the United NationsInvestigating cybercrime at the United Nations
Investigating cybercrime at the United Nations
blogzilla
 
20150224 Dissertation Joost Poort - Table of contents and abstract
20150224 Dissertation Joost Poort - Table of contents and abstract20150224 Dissertation Joost Poort - Table of contents and abstract
20150224 Dissertation Joost Poort - Table of contents and abstract
Joost Poort
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
N N
 
Part 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdfPart 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdf
kiruthigajawahar6
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
Olivier Vandeputte
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
zayadeen2003
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdf
DaviesParker
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analytics
brunomase
 

More Related Content

What's hot

CINECA webinar slides: Ethical, legal and societal issues in international da...
CINECA webinar slides: Ethical, legal and societal issues in international da...CINECA webinar slides: Ethical, legal and societal issues in international da...
CINECA webinar slides: Ethical, legal and societal issues in international da...
CINECAProject
 
An itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchAn itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and research
Marlon Domingus
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
Lisa Catanzaro
 
Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...
BCC - Solutions for IBM Collaboration Software
 
20150224 Dissertation Joost Poort - Table of contents and abstract
20150224 Dissertation Joost Poort - Table of contents and abstract20150224 Dissertation Joost Poort - Table of contents and abstract
20150224 Dissertation Joost Poort - Table of contents and abstract
Joost Poort
 

What's hot (16)

The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
 
CINECA webinar slides: Ethical, legal and societal issues in international da...
CINECA webinar slides: Ethical, legal and societal issues in international da...CINECA webinar slides: Ethical, legal and societal issues in international da...
CINECA webinar slides: Ethical, legal and societal issues in international da...
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy law
 
Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics' Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics'
 
euregs
euregseuregs
euregs
 
European Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search EnginesEuropean Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search Engines
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...
Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...
Privacy through Anonymisation in Large-scale Socio-technical Systems: Multi-l...
 
Open legislation in Romania
Open legislation in RomaniaOpen legislation in Romania
Open legislation in Romania
 
An itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and researchAn itinerary for FAIR and privacy respecting data-driven innovation and research
An itinerary for FAIR and privacy respecting data-driven innovation and research
 
"Information Compliance - Freedom of Information, Data Protection and Librari...
"Information Compliance - Freedom of Information, Data Protection and Librari..."Information Compliance - Freedom of Information, Data Protection and Librari...
"Information Compliance - Freedom of Information, Data Protection and Librari...
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
 
Watchdog exekucí
Watchdog exekucíWatchdog exekucí
Watchdog exekucí
 
Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...
 
Data Protection / EU Counter-Terrorism policy
Data Protection / EU Counter-Terrorism policyData Protection / EU Counter-Terrorism policy
Data Protection / EU Counter-Terrorism policy
 
Investigating cybercrime at the United Nations
Investigating cybercrime at the United NationsInvestigating cybercrime at the United Nations
Investigating cybercrime at the United Nations
 
20150224 Dissertation Joost Poort - Table of contents and abstract
20150224 Dissertation Joost Poort - Table of contents and abstract20150224 Dissertation Joost Poort - Table of contents and abstract
20150224 Dissertation Joost Poort - Table of contents and abstract
 

Similar to Key principles for data protection & lawful protection in GDPR

Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
N N
 
ISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP Alignment
Mohammed J. Khan
 
#CyberSafeLambeth
#CyberSafeLambeth#CyberSafeLambeth
#CyberSafeLambeth
The Integrate Agency CIC
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?
Sage HR
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 

Similar to Key principles for data protection & lawful protection in GDPR (20)

Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
 
Part 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdfPart 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdf
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdf
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analytics
 
ISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP Alignment
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)
 
#CyberSafeLambeth
#CyberSafeLambeth#CyberSafeLambeth
#CyberSafeLambeth
 
General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPR
 
Compatible use of personal data (개인정보 이용의 양립가능성)
Compatible use of personal data (개인정보 이용의 양립가능성)Compatible use of personal data (개인정보 이용의 양립가능성)
Compatible use of personal data (개인정보 이용의 양립가능성)
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
 
IT Governance: Privacy and Intellectual Property
IT Governance: Privacy and Intellectual PropertyIT Governance: Privacy and Intellectual Property
IT Governance: Privacy and Intellectual Property
 
GDPR presentation
GDPR presentationGDPR presentation
GDPR presentation
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
 
EU General Data Protection Regulation (GDPR)
EU General Data Protection Regulation (GDPR)EU General Data Protection Regulation (GDPR)
EU General Data Protection Regulation (GDPR)
 
GDPR - The new era of data protection
GDPR - The new era of data protectionGDPR - The new era of data protection
GDPR - The new era of data protection
 
GDPR
GDPRGDPR
GDPR
 

More from Dr. Marinos Papadopoulos

Η προσφορά του Γιάννη Μελά στη διάσωση της οικίας του Παύλου Μελά ως σημείο ζ...
Η προσφορά του Γιάννη Μελά στη διάσωση της οικίας του Παύλου Μελά ως σημείο ζ...Η προσφορά του Γιάννη Μελά στη διάσωση της οικίας του Παύλου Μελά ως σημείο ζ...
Η προσφορά του Γιάννη Μελά στη διάσωση της οικίας του Παύλου Μελά ως σημείο ζ...
Dr. Marinos Papadopoulos
 
Economic theory in Copyright v the nature of property in Copyright
Economic theory in Copyright v the nature of property in CopyrightEconomic theory in Copyright v the nature of property in Copyright
Economic theory in Copyright v the nature of property in Copyright
Dr. Marinos Papadopoulos
 
The mEducator project as a Digital Library of Open Educational Resources
The mEducator project as a Digital Library of Open Educational ResourcesThe mEducator project as a Digital Library of Open Educational Resources
The mEducator project as a Digital Library of Open Educational Resources
Dr. Marinos Papadopoulos
 
The Creative Commons v.3.0 Greece licenses as Free Culture applications for t...
The Creative Commons v.3.0 Greece licenses as Free Culture applications for t...The Creative Commons v.3.0 Greece licenses as Free Culture applications for t...
The Creative Commons v.3.0 Greece licenses as Free Culture applications for t...
Dr. Marinos Papadopoulos
 

More from Dr. Marinos Papadopoulos (19)

Η προσφορά του Γιάννη Μελά στη διάσωση της οικίας του Παύλου Μελά ως σημείο ζ...
Η προσφορά του Γιάννη Μελά στη διάσωση της οικίας του Παύλου Μελά ως σημείο ζ...Η προσφορά του Γιάννη Μελά στη διάσωση της οικίας του Παύλου Μελά ως σημείο ζ...
Η προσφορά του Γιάννη Μελά στη διάσωση της οικίας του Παύλου Μελά ως σημείο ζ...
 
Trade Mark of European Union
Trade Mark of European UnionTrade Mark of European Union
Trade Mark of European Union
 
Seminar Sessions 1 & 2 in National Library of Greece on Copyright and Openness
Seminar Sessions 1 & 2 in National Library of Greece on Copyright and OpennessSeminar Sessions 1 & 2 in National Library of Greece on Copyright and Openness
Seminar Sessions 1 & 2 in National Library of Greece on Copyright and Openness
 
Non-military examples of drone usage
Non-military examples of drone usageNon-military examples of drone usage
Non-military examples of drone usage
 
Εφημερίδες ως Βάσεις Δεδομένων: νομική προστασία και Ανοικτότητα
Εφημερίδες ως Βάσεις Δεδομένων: νομική προστασία και ΑνοικτότηταΕφημερίδες ως Βάσεις Δεδομένων: νομική προστασία και Ανοικτότητα
Εφημερίδες ως Βάσεις Δεδομένων: νομική προστασία και Ανοικτότητα
 
Περί το αρ.7 στον ν.4305/2014 για την προσαρμογή της Οδηγίας 2013/37/ΕΕ στην ...
Περί το αρ.7 στον ν.4305/2014 για την προσαρμογή της Οδηγίας 2013/37/ΕΕ στην ...Περί το αρ.7 στον ν.4305/2014 για την προσαρμογή της Οδηγίας 2013/37/ΕΕ στην ...
Περί το αρ.7 στον ν.4305/2014 για την προσαρμογή της Οδηγίας 2013/37/ΕΕ στην ...
 
Σεμινάριο περί Πνευματικής Ιδιοκτησίας & Ανοικτότητας Μέρος Δεύτερο: Ανοικτότ...
Σεμινάριο περί Πνευματικής Ιδιοκτησίας & Ανοικτότητας Μέρος Δεύτερο: Ανοικτότ...Σεμινάριο περί Πνευματικής Ιδιοκτησίας & Ανοικτότητας Μέρος Δεύτερο: Ανοικτότ...
Σεμινάριο περί Πνευματικής Ιδιοκτησίας & Ανοικτότητας Μέρος Δεύτερο: Ανοικτότ...
 
Σεμινάριο περί Πνευματικής Ιδιοκτησίας & Ανοικτότητας Μέρος Πρώτο: Βασικές έν...
Σεμινάριο περί Πνευματικής Ιδιοκτησίας & Ανοικτότητας Μέρος Πρώτο: Βασικές έν...Σεμινάριο περί Πνευματικής Ιδιοκτησίας & Ανοικτότητας Μέρος Πρώτο: Βασικές έν...
Σεμινάριο περί Πνευματικής Ιδιοκτησίας & Ανοικτότητας Μέρος Πρώτο: Βασικές έν...
 
A bipolar system of copyright in the Internet environment (Presentation title)
A bipolar system of copyright in the Internet environment (Presentation title)A bipolar system of copyright in the Internet environment (Presentation title)
A bipolar system of copyright in the Internet environment (Presentation title)
 
Economic theory in Copyright v the nature of property in Copyright
Economic theory in Copyright v the nature of property in CopyrightEconomic theory in Copyright v the nature of property in Copyright
Economic theory in Copyright v the nature of property in Copyright
 
Copyleft through Open Educational Resources & Creative Commons
Copyleft through Open Educational Resources & Creative CommonsCopyleft through Open Educational Resources & Creative Commons
Copyleft through Open Educational Resources & Creative Commons
 
The mEducator project as a Digital Library of Open Educational Resources
The mEducator project as a Digital Library of Open Educational ResourcesThe mEducator project as a Digital Library of Open Educational Resources
The mEducator project as a Digital Library of Open Educational Resources
 
An analysis of the Three-Step-Test as a rule of thumb in the judicial protect...
An analysis of the Three-Step-Test as a rule of thumb in the judicial protect...An analysis of the Three-Step-Test as a rule of thumb in the judicial protect...
An analysis of the Three-Step-Test as a rule of thumb in the judicial protect...
 
The Creative Commons v.3.0 Greece licenses as Free Culture applications for t...
The Creative Commons v.3.0 Greece licenses as Free Culture applications for t...The Creative Commons v.3.0 Greece licenses as Free Culture applications for t...
The Creative Commons v.3.0 Greece licenses as Free Culture applications for t...
 
Re-examining the limits of regulation for intellectual property protection on...
Re-examining the limits of regulation for intellectual property protection on...Re-examining the limits of regulation for intellectual property protection on...
Re-examining the limits of regulation for intellectual property protection on...
 
Άδειες Creative Commons έκδοση 3.0 Ελλάδα και Πανεπιστημιακές Βιβλιοθήκες
Άδειες Creative Commons έκδοση 3.0 Ελλάδα και Πανεπιστημιακές ΒιβλιοθήκεςΆδειες Creative Commons έκδοση 3.0 Ελλάδα και Πανεπιστημιακές Βιβλιοθήκες
Άδειες Creative Commons έκδοση 3.0 Ελλάδα και Πανεπιστημιακές Βιβλιοθήκες
 
Άδειες Creative Commons έκδοση 3.0 Ελλάδα και ψηφιακά αποθετήρια μουσικών έργων
Άδειες Creative Commons έκδοση 3.0 Ελλάδα και ψηφιακά αποθετήρια μουσικών έργωνΆδειες Creative Commons έκδοση 3.0 Ελλάδα και ψηφιακά αποθετήρια μουσικών έργων
Άδειες Creative Commons έκδοση 3.0 Ελλάδα και ψηφιακά αποθετήρια μουσικών έργων
 
The Creative Commons v.3.0 Greece licenses as Free Culture applications for t...
The Creative Commons v.3.0 Greece licenses as Free Culture applications for t...The Creative Commons v.3.0 Greece licenses as Free Culture applications for t...
The Creative Commons v.3.0 Greece licenses as Free Culture applications for t...
 
Οι άδειες Creative Commons έκδοση 3.0 Ελλάδα
Οι άδειες Creative Commons έκδοση 3.0 ΕλλάδαΟι άδειες Creative Commons έκδοση 3.0 Ελλάδα
Οι άδειες Creative Commons έκδοση 3.0 Ελλάδα
 

Recently uploaded

一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
e9733fc35af6
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
Airst S
 
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
e9733fc35af6
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
Airst S
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
Airst S
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
ss
 
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
F La
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
bd2c5966a56d
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
e9733fc35af6
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
A AA
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
Airst S
 
一比一原版(UWA毕业证书)西澳大学毕业证如何办理
一比一原版(UWA毕业证书)西澳大学毕业证如何办理一比一原版(UWA毕业证书)西澳大学毕业证如何办理
一比一原版(UWA毕业证书)西澳大学毕业证如何办理
bd2c5966a56d
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
bd2c5966a56d
 
一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理
e9733fc35af6
 

Recently uploaded (20)

一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
 
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
 
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
 
Chambers Global Practice Guide - Canada M&A
Chambers Global Practice Guide - Canada M&AChambers Global Practice Guide - Canada M&A
Chambers Global Practice Guide - Canada M&A
 
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
 
5-6-24 David Kennedy Article Law 360.pdf
5-6-24 David Kennedy Article Law 360.pdf5-6-24 David Kennedy Article Law 360.pdf
5-6-24 David Kennedy Article Law 360.pdf
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
 
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
 
一比一原版(UWA毕业证书)西澳大学毕业证如何办理
一比一原版(UWA毕业证书)西澳大学毕业证如何办理一比一原版(UWA毕业证书)西澳大学毕业证如何办理
一比一原版(UWA毕业证书)西澳大学毕业证如何办理
 
ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理
 

Key principles for data protection & lawful protection in GDPR

  • 1. Key-principles for data protection & lawful protection in GDPR Dr. Marinos Papadopoulos Attorney-at-Law Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 1
  • 2. Key-principles for data protection Article 5 of GDPR lays down all the key principles for data protection. These are: 1. Lawfulness, Fairness & Transparency 2. Purpose limitation 3. Data minimization 4. Accuracy 5. Storage limitation 6. Integrity & Confidentiality 7. Accountability Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 2
  • 3. Lawfulness, Fairness & Transparency (art.5(1)(a) GDPR)  Lawful processing: only if and to the extent that at least one of the conditions listed in article 6 of GDPR applies.  Fair processing: data have not been obtained nor otherwise processed through unfair means, by deception or without the data subject’s knowledge.  Transparent processing: natural persons should know that personal data concerning them are collected, used, consulted or otherwise processed. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 3
  • 4. The purpose limitation principle (art.5(1)(b) GDPR)  Purpose limitation is the cornerstone principle for data protection in GDPR.  Limited purposes processing: data may only be collected for specified, explicit and legitimate purposes (the purpose specification dimension) and may not further processed in a manner that is incompatible with those purposes (the compatible dimension).  Purposes for processing personal data should be determined in the beginning at the time of the collection of the personal data.  The purposes of data processing should be unambiguous and clearly expressed instead of being kept hidden. The compatible dimension Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 4
  • 5. The compatible dimension of the purpose limitation principle  Article 6(4) GDPR: criteria to determine whether the processing for a purpose other than that for which personal data have been collected is to be considered compatible with the initial purpose. 1. If the data subject consents to a new incompatible purpose 2. If the processing is based on an EU or national law  Article 89(1) GDPR: certain reuses of data are considered a priori as compatible regarding further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 5
  • 6. The data minimization principle (art.5(1)(c) GDPR)  Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.  The necessity requirement: personal data should only be processed if the purposes cannot be reasonably fulfilled by other means.  The necessity requirement does not only refer to the quantity of data but also refers to the quality of data processed.  The limited to what is necessary criterion also requires ensuring that the period for which personal data are stored is limited to a strict minimum. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 6
  • 7. The accuracy principle (art.5(1)(d) GDPR)  All data collected and processed must be accurate and be kept up to date. All inaccurate data must be either rectified or erased. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 7
  • 8. The storage limitation principle (art.5(1)(e) GDPR)  Data processed should not be stored in a form that permits identification of data subjects beyond the time necessary to achieve the purposes of processing.  Controllers must establish time limits for erasure or for a periodic review of the need for the storage of data.  Procedural measures must be adopted to ensure that time limits for the storage of data are observed.  Controllers must implement appropriate technical and organizational measures for ensuring that the legitimate period of storage of personal data is respected.  The storage limitation of data principle permits storage of personal data for longer periods if it is for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, and is subject to the implementation of appropriate technical and organizational measures in order to safeguard the rights and freedoms of the data subjects. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 8
  • 9. The integrity & confidentiality principle (art.5(1)(f) GDPR)  Personal data must be processed in a manner that ensures their appropriate security including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organizational measures.  Articles 32-34 of GDPR are dedicated to Controllers and Processors’ duty of security.  The requirement to notify personal data breaches to the supervisory Data Protection Authority. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 9
  • 10. The accountability principle (art.5(2) GDPR)  The Controller must be able to demonstrate that the processing of personal data is in compliance with the legal rules (accountability).  Article 24 of GDPR is dedicated to the responsibility of the Controller to demonstrate lawful processing in compliance with all the legal rules. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 10
  • 11. Court of Justice (CJ) of the EU cases – Relevant Case Law  CJEU, Case C-201/14 Bara and Others v Case Nationala de Asigurari de Sanatate and Others, regarding the requirement for fair processing of personal data, available at CURIA (InfoCuria Case Law).  CJEU, Joined Cases C-92/09 & C-93/09 Volker und Markus Schecke GbR and Hartmut Eifert v Land Hessen, regarding the principle of proportionality which is part of the requirement for a legitimate purpose in the processing of personal data, available at CURIA (InfoCuria Case Law).  CJEU, Joined Cases C-293/12 & C-594/12, Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources and Others and Karntner Landersregierung and Others, regarding the principle of proportionality which is part of the requirement for a legitimate purpose in the processing of personal data, available at CURIA (InfoCuria Case Law).  CJEU, Joined Cases C-203/15 & C-698/15, Tele2 Sverige AB v Post-och telestyrelesen and Secretary of State for the Home Department v Tom Watson and Others, regarding lawful processing of personal data, available at EUR-lex.  CJEU, Case C-708/18, TK v Asociatia de Proprietari bloc M5A-ScaraA, regarding the principle of proportionality which is part of the requirement for a legitimate purpose in the processing of personal data, available at CURIA (InfoCuria Case Law). Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 11
  • 12. The lawful processing principle (art.6(1) GDPR)  Article 6(1) of GDPR lays down all the six grounds for making processing of personal data lawful. Controllers must be able to demonstrate that at least one of these grounds applies to their processing of personal data.  The GDPR exclusive grounds for lawful processing of personal data are: 1. Consent of the data subject (art.6(1)(a) GDPR) 2. Contract and precontractual relationship (art.6(1)(b) GDPR) 3. Processing for legal compliance with the legal obligation to which the Controller is subject (art.6(1)(c) GDPR) 4. Processing which is necessary in order to protect the vital interest of the data subject or of another natural person (art.6(1)(d) GDPR) 5. Processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller (art.6(1)(e) GDPR) 6. Processing on the grounds of legitimate interests pursued by the Controller or by a third party (art.6(1)(f) GDPR) Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 12
  • 13. Consent of the Data Subject (art.6(1)(a) GDPR)  Processing of personal data is lawful if the data subject has allowed for processing in a way which satisfies the conditions for valid consent as defined in article 4(11) and articles 7 & 8 of GDPR.  Where the elements that constitute valid consent are unlikely to be present and where the data subject cannot decide in the absence of social, financial, psychological or other pressure, the element of ‘free consent’ is not secured and consent of the data subject is therefore not valid. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 13
  • 14. Contract & precontractual relationship (art.6(1)(b) GDPR)  To the extent that processing data about one’s contractual or precontractual partner (the data subject) is necessary for the fulfilment of a contract or the establishment of a precontractual relationship by the other contractual or precontractual partner (the Controller), the latter has a legal basis for the processing operations on these data.  An assessment of the necessity of processing of personal data in a contractual or precontractual relationship must be made. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 14
  • 15. Legal compliance with legal obligation (art.6(1)(c) GDPR)  This ground for lawful processing applies for legal compliance with a legal obligation stemming from either EU or national law to which the Controller is subject.  The law should necessitate the processing of data of others in order for the Controller to be able to fulfil a legal obligation.  This ground for lawful processing covers also cases in which the Controller’s obligation is not entirely specified in law, but by an additional legal act under public law such as secondary or delegated legislation or even by a binding decision of a public authority in a concrete case. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 15
  • 16. Protection of the vital interests (art.6(1)(d) GDPR)  Article 6(1)(d) of GDPR pertains to the lawful processing in order to protect the vital interests either of the data subject or of another third person.  Recital 46 of GDPR describes the ‘vital interest’ as one which is essential for the life of an individual. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 16
  • 17. Performance of a task in the public interest or exercise of official authority (art.6(1)(e) GDPR)  This ground for lawful processing is the general basis of personal data processing for public sector purposes.  Processing of personal data under article 6(1)(e) of GDPR is necessary for a task which shall be carried out in the public interest or in the exercise of official authority and has been entrusted to the Controller.  Processing in this context is lawful if it is necessary and is necessary if it promotes good governance in the sense that it makes the performance of the public authority more effective and facilitates activities which are in the public interest and are foreseen by law. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 17
  • 18. Legitimate interests (art.6(1)(f) GDPR)  This ground for lawful processing pertains to the legitimate interests of private sector Controllers.  The legitimate interest is an interest which is visibly, although not necessarily explicitly, recognized by law, either EU law or national law. Mere commercial interests do not suffice to establish ‘legitimate interest’.  Legitimate interests of either the Controller or a third party’s interests.  A Controller intending to rely on article 6(1)(f) of GDPR for data processing must perform a balancing test in accordance with the principle of proportionality before the processing.  The decisive criterion for the Controller’s balancing test is the intensity of intervention that the processing in question poses to the rights and freedoms of the data subjects. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 18
  • 19. Compatible further processing (art.6(4) GDPR)  Compatible further processing is not an additional legal basis. The legal basis for the initial processing is applicable to compatible further processing.  Article 6(4) of GDPR provides tools for the assessment of the compatibility of further processing. These tools are the following: 1. any link between the purposes for which the personal data have been collected and the purposes of the intended further processing; 2. the context in which the personal data have been collected, in particular regarding the relationship between data subjects and the controller; 3. the nature of the personal data, in particular whether special categories of personal data are processed, pursuant to art.9, or whether personal data related to criminal convictions and offences are processed, pursuant to art.10; 4. the possible consequences of the intended further processing for data subjects; 5. the existence of appropriate safeguards, which may include encryption or pseudonymization. Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 19
  • 20. Court of Justice (CJ) of the EU cases – Relevant Case Law  CJEU, Case C-524/06 Heinz Huber v Bundesrepublik Deutschland, regarding processing of personal data carried out in the public interest, available at CURIA (InfoCuria Case Law).  CJEU, Case C-582/14, Patrick Breyer v Bundesrepublik Deutschland, regarding processing of personal data on the grounds of legitimate interests of the Controller, available at CURIA (InfoCuria Case Law).  CJEU, Case C40/17, Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW eV regarding processing of personal data on the grounds of legitimate interests of the Controller, available at CURIA (InfoCuria Case Law). Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 20
  • 21. Further Reading  The Information Accountability Foundation, (May 25, 2021), The FAIR and OPEN USE Act: A Demonstration of Accountability-Based Legislation To Assure the Fair Processing of Data Pertaining to People, available at URL: https://secureservercdn.net/192.169.221.188/b1f.827.myftpupload.com/wp-content/uploads/2021/06/FAIR-and-OPEN-USE-Act-May-26- 2021.pdf?time=1633465269  European Union Agency For Fundamental Rights, (May 25, 2018), Handbook on European data protection law, available at URL: https://fra.europa.eu/en/publication/2018/handbook-european-data-protection-law-2018-edition  European Data Protection Board, Guidelines, Recommendations, Best Practices, available at URL: https://edpb.europa.eu/our-work-tools/general-guidance/guidelines-recommendations-best-practices_en  European Data Protection Supervisor, (August 9, 2021), EDPS Guidance on Return to the Workplace and EUIs’ screening of COVID immunity or infection status, available at URL: https://edps.europa.eu/system/files/2021-08/21-08- 09_guidance_return_workplace_en_0.pdf Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 21
  • 22. Dr. Marinos Papadopoulos Attorney-at-Law Dr. Marinos Papadopoulos | ECU.edu.au School of Business & Law Guest Lecture @ 15/10/2021 22