General Data Protection Regulations – Ong’anya Ombo Advocates

The EU data protection framework – the General Data Protection Regulation(GDPR) will be applicable to all members as from 25th May 2018, replacing the 1995 Data Protection Directive. It will harmonize data privacy laws across Europe as well as give greater protection and rights to individuals.

Key highlights in the GDPR include: –

Rights of the Data Subjects – One of the major reasons behind the proposing of the GDPR was to reinforce the rights of individuals, this is clear from the strengthened rights of data subjects. The rights include access to data and correction of data which is wrong, right to be forgotten and right to object to their personal data being processed for direct marketing purposes and automated individual decision making. Individuals also have the right to receive personal data concerning him/her that he/she has provided to a controller, in a structure that is commonly used and readable.

Territorial Scope – The GDRP applies to processing of personal data in the context of an establishment of a processor in the Union regardless of whether the processing takes place in the Union or not.   It also applies to a controller not established in the Union, but in a place where Member State law applies by virtue of public International law.

European Data Protection Board – The Independent Board has a legal personality and will replace the Working party. It is represented by its Chair and is composed of the head of one supervisory authority of each Member State and of the European Data Protection Supervisor. Its roles include monitoring and ensuring consistency in the application of the GDPR.

Other key highlights of the GDRP include remedies, liability and penalties, responsibilities of controllers and processors and the principle of transfer of personal data to third countries and international organisation among others.