In this Article
Dr Sarah Farrugia specialises in the GDPR and offers a clearer picture of the Regulation in this article. Many of us are often overwhelmed by the terminology surrounding the subject, but Dr Farrugia shares some clarifications as well as some little-known facts about the subject.
Data is the currency of today’s digital economy
Everyone has the right to the protection of his personal data; this is a fundamental right which is enshrined in the Charter of Fundamental Rights. With rapid technological developments comes high risks to the protection of data and consequently awareness of the data subject’s right to the protection of his personal data.
Since the advent of the internet and its growth for personal use in the early 21st century, societies around the globe (particularly western nations) have looked towards the web for a number of tools and services. Fast-forward to 2022 and almost every job requires the internet, it is hard to find people without one or multiple social media accounts, we all have multiple email accounts (some we don’t even remember the password to) and get most of our entertainment and communication lines from the internet. And now, this phenomenon is not restricted to the west, since societies in Asia, the Middle East and Africa have not only caught on, but started innovating more, giving the prestigious start-ups in Silicon Valley a run for their money. Plainly speaking, if the internet had to be cut off tomorrow it would wreak havoc throughout the global economy.
Simply put, we are literally littering the internet space with our data and information, either via the information we write ourselves or what browsers and internet providers mine from our IP address (site cookies).
Natural persons (living human beings, with rights and duties automatically given to them by the nation in which they are born) make their personal data more available as time passes and whilst this facilitates the free-flow of information, it creates a socio-digital problem, in which users (people) are sensing that their privacy is not only invaded, but that it is being capitalised on by big firms, who sell bulk data analytics in order to have better-targeted advertisements. This has resulted in more awareness with regards to individual’s rights as a data-subject and this simultaneously creates burdens and risks to personal data from which the General Data Protection Regulation aims to safeguard the data subject.
What is the General Data Protection Regulation (GDPR)?
In simple terms, the GDPR is a rulebook solely concerning the protection of personal data. The main intention behind the General Data Protection Regulation (GDPR) is to regulate data collection. Most importantly, it creates further safeguards for the data subject – you and I, as to how, when and why our data is being used.
GDPR across Europe
The GDPR regulates the same conditions for how data should be processed and the legal limits and obligations as to when this may be processed. Disjointed laws governing data protection have been replaced to create a single coherent framework. Such a framework is applied across all EU Member States.
This level of coherency from one Member State to the other ensures a high level of protection of personal data, creates legal certainty, and eases obstacles which one may face when transferring data within the Union. The GDPR does, however, permit leeway for EU member states to adapt specific provisions to implement the GDPR with ease. This is only done in hopes to improve the protection of fundamental rights of individuals whilst simultaneously reflecting every Member State’s constitutional and administrative structures.
Who does the GDPR apply to?
The GDPR applies to natural persons and does not concern the processing of personal data of any undertaking classified as a legal person. In other words, personal data is considered as any data which is identified to individuals, not companies. Consequently, this excludes the possibility of legal persons being subject to the GDPR and enforces natural persons, whatever their nationality, subject to the GDPR and benefit from any and all of the rights it bestows onto them.
It is also interesting to note that personal data of a deceased individual shall not fall within the remit of this regulation. However, Member States may cater for the processing of personal data of the deceased. On a different note, not all activities of a natural person are safeguarded under the GDPR. In fact, as indicated clearly in the Regulation, the processing of personal data by a natural person concerning activities which are purely personal or related to any household activity, do not fall under the remit of the Regulation. Thus, if the activities of the natural person are not of a professional or a commercial nature this Regulation does not apply.
Therefore, in synthesis, any identifiable natural person, who is in the Union, and whose activities are not related to a household activity, shall be subject to this Regulation.
The GDPR - Key Definitions
We are aware that certain keywords used by the Regulation and GDPR Professionals may sound intimidating or over-complicated, therefore the below acts as a simple guideline to help you understand better basic terms and terminology used by day-to-day practitioners of GDPR, like us.
The content of this article is valid as at the date of its first publication. It is intended to provide a general guide to the subject matter and does not constitute legal advice. We recommend that you seek professional advice on your specific matter before acting on any information provided. For further information or advice, please contact infomalta@kyprianou.com or telephone +356 2016 1010.