Читать книгу Privacy and Data Protection based on the GDPR - Leo Besemer - Страница 52

PART II | Principles and practice of processing

Оглавление

You might have the idea that there are two sides to the story, on the one hand the individuals whose personal data we are talking about – the “data subjects” in terms of the GDPR, and on the other those who need to use the personal data of these individuals.

In practice, there are more roles in processing, and in most cases it is not “us against them”, but a mutual interest. At least, it should be, and if it is not we will come back to this in Chapter 5 (on the rights of the data subject) and in Chapter 12 (on the role of the supervisory authorities).

In this part we will look into the roles of the people and organizations processing personal data. What makes you a controller, responsible (and accountable!) for compliance to the GDPR. What are the role and responsibilities of a data protection officer?

We will then look into the principles of processing as defined by the GDPR. Or rather, as defined in international treaties over 50 years ago. Part of this are the lawful grounds for processing. At least one of those grounds must apply for the processing to be legitimate.

Chapter 5 is about the rights of individuals whose personal data is being processed, namely the data subjects. Nothing new, in fact, except that with the entry into force of the GDPR these rights are really being enforced. The rest of this Part II is devoted to the practical side of things. How can you build a mature organization, able to govern the use of personal data in a responsible and secure manner? Which technical means are available to gather data, and how does that relate to the GDPR?

Privacy and Data Protection based on the GDPR

Подняться наверх