Steamdevolopment
VIP
Overview:
The GPDR makes requirements to the handling of your data and the conditions for which "handling" is legal, and due to the supremacy of EU-law it means all handling of personal information in the EU must conform jf. case of Costa v. ENEL.
Basic concepts:
Application:
The regulation applies to any whole/partly automated means of processing jf. article 2, section 1.
Personal data:
Personal-information includes all information that can identify a natural person jf. article 4, nr. 1.
Handling/processing
Handling/processing of data includes a broad swath actions including collection, disclosure, deleting, registering, use jf. article 4, nr. 2.
Lawful handling/processing of personal information:
Pricinples:
The principles of the Genereal data protection order is regulated jf. Artikel 5, section 1, and it means that your data must only be used when they are relevant and necessary with sufficient data-protection e.g in the form cryptation or pseudonymization and if these principles are not met the company/government faces stiff fines.
Your genereal information
Genereal information that can identify you must meet the requirement jf. article 6, section 2:
Litra A: With consent and the consent must meet the requirement jf. article 7 being explicit and clear and consent can be WITHDRAWN always.
Litra B: Handling is necessary to fulfil contract
Litra C: Handling is necessary to fulfil legal obligation of controller (the person who can make decision about to which purpose information goes jf. article 4, nr. 7).
Litra D: Handling is necessary to protect vital interest of data-subject (you) or other natural person, and this exception is narrow and the condition for such process must be laid in EU-law, national law jf. article 6, section 3.
Litra E: Handling is necessary for performance of public service/tasks
Litra F: Handling is necessary for legitimate of controller/third part that out-weigh data-subject, does not apply public tasks
When you information is used for other purpose not collected for:
When you information is being used for other purposes than the ones collected for the controller must make a proportionality determination, in which the harm done to you and protections of your interest must be considered jf. article 6, section 4.
Sensetive information:
There is stricter requirements to information that are more sensitive, that includes race, union membership, religious/political opinions, sexual identity and genetic/biological material and handling is forbidden jf. article 9, section 1 unless exception jf. article 9 section 2, litra a-j can be used and something similar goes for criminal conviction as they can only be under official authority jf. article 10
Rights:
Right to be informed:
When information is collected at data-subject
There is a right to be informed jf. article 13, section 1 when data about the data-subject has been collected, in which contact information about the data-controller, the exceptions used in the GPDR is being applied, the category of data collected and if there is intent to transfer to third-party, and this is expanded to include the period data is stored or on what criteria, the existence of right to access/erasure and the right lodge a complaint jf. article 13, section 2.
When information is collected from other persons than data-subject
The same applies as article 13, only difference being the data about you is collected elsewhere jf. article 14.
Right to insight:
In genereal there is right to ask the controller (se article 4, nr. 7) wether data is being processed about oneself is being processed and the right is extent to being informed of the purpose of information and the category of data, to whom the data will be disclosed ect. jf. article 15 section 1.
Right to rectify incorrect data:
There is a right to without undue delay rectify false information about you (data-subject) jf. article 16.
Right to be forgotten:
This is a codifying of a right established by the European Court of Justice jf. Google v. Mario Costeja, and now present in article 17.when the conditions in section 1 applies which includes the handling of the date no longer being necessary, data-subject withdraws consent, unlawful processing, erasure due to compliance with EU-law or national law, data has been collected to offer information services.
Right to restrict handling:
The data-subject has a right to restrict the handling of personal information jf. article 18, section 1 once, accuracy of information is contested, processing is unlawful, there is no need for the use of the information.
Right to object to direct marketing and official authority processing:
The data-subject has the right to object to procesing jf. article 6, section 1, litra e and f, when it done for direct marketing purposes jf. article 21, section 1 and section 2.
The GPDR makes requirements to the handling of your data and the conditions for which "handling" is legal, and due to the supremacy of EU-law it means all handling of personal information in the EU must conform jf. case of Costa v. ENEL.
Basic concepts:
Application:
The regulation applies to any whole/partly automated means of processing jf. article 2, section 1.
Personal data:
Personal-information includes all information that can identify a natural person jf. article 4, nr. 1.
Handling/processing
Handling/processing of data includes a broad swath actions including collection, disclosure, deleting, registering, use jf. article 4, nr. 2.
Lawful handling/processing of personal information:
Pricinples:
The principles of the Genereal data protection order is regulated jf. Artikel 5, section 1, and it means that your data must only be used when they are relevant and necessary with sufficient data-protection e.g in the form cryptation or pseudonymization and if these principles are not met the company/government faces stiff fines.
Your genereal information
Genereal information that can identify you must meet the requirement jf. article 6, section 2:
Litra A: With consent and the consent must meet the requirement jf. article 7 being explicit and clear and consent can be WITHDRAWN always.
Litra B: Handling is necessary to fulfil contract
Litra C: Handling is necessary to fulfil legal obligation of controller (the person who can make decision about to which purpose information goes jf. article 4, nr. 7).
Litra D: Handling is necessary to protect vital interest of data-subject (you) or other natural person, and this exception is narrow and the condition for such process must be laid in EU-law, national law jf. article 6, section 3.
Litra E: Handling is necessary for performance of public service/tasks
Litra F: Handling is necessary for legitimate of controller/third part that out-weigh data-subject, does not apply public tasks
When you information is used for other purpose not collected for:
When you information is being used for other purposes than the ones collected for the controller must make a proportionality determination, in which the harm done to you and protections of your interest must be considered jf. article 6, section 4.
Sensetive information:
There is stricter requirements to information that are more sensitive, that includes race, union membership, religious/political opinions, sexual identity and genetic/biological material and handling is forbidden jf. article 9, section 1 unless exception jf. article 9 section 2, litra a-j can be used and something similar goes for criminal conviction as they can only be under official authority jf. article 10
Rights:
Right to be informed:
When information is collected at data-subject
There is a right to be informed jf. article 13, section 1 when data about the data-subject has been collected, in which contact information about the data-controller, the exceptions used in the GPDR is being applied, the category of data collected and if there is intent to transfer to third-party, and this is expanded to include the period data is stored or on what criteria, the existence of right to access/erasure and the right lodge a complaint jf. article 13, section 2.
When information is collected from other persons than data-subject
The same applies as article 13, only difference being the data about you is collected elsewhere jf. article 14.
Right to insight:
In genereal there is right to ask the controller (se article 4, nr. 7) wether data is being processed about oneself is being processed and the right is extent to being informed of the purpose of information and the category of data, to whom the data will be disclosed ect. jf. article 15 section 1.
Right to rectify incorrect data:
There is a right to without undue delay rectify false information about you (data-subject) jf. article 16.
Right to be forgotten:
This is a codifying of a right established by the European Court of Justice jf. Google v. Mario Costeja, and now present in article 17.when the conditions in section 1 applies which includes the handling of the date no longer being necessary, data-subject withdraws consent, unlawful processing, erasure due to compliance with EU-law or national law, data has been collected to offer information services.
Right to restrict handling:
The data-subject has a right to restrict the handling of personal information jf. article 18, section 1 once, accuracy of information is contested, processing is unlawful, there is no need for the use of the information.
Right to object to direct marketing and official authority processing:
The data-subject has the right to object to procesing jf. article 6, section 1, litra e and f, when it done for direct marketing purposes jf. article 21, section 1 and section 2.
