2. The GDPR
- Strengthens individuals' fundamental rights in the digital age
- Strengthens data protection safeguards
- Provides individuals with additional and stronger rights
- Ensures that those that handle personal data under its scope are more accountable and responsible
- Sets the principles to follow when using personal information (PI):
- Lawfulness, fairness and transparency
- Purpose limitation – collect PI only for specified, explicit and legitimate purposes, clearly explained and not used in any way incompatible with those purposes
- Data minimisation – data adequate, relevant and limited to what is necessary PI in relation to the stated purposes
- Accuracy – PI held accurate and up to date and take all reasonable and necessary steps to ensure that. Inaccurate data, having regard to the purposes for which they are processed, are erased or rectified without delay
- Storage limitation –keep PI only as long as necessary for the specific purposes of the described data processing
- Integrity and confidentiality – keeps and processes PI securely to protect it against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
- Accountability – be able to demonstrate compliance with data protection law and obligations under the Regulation.
- Clarifies rules for companies and public bodies in the digital single market
- Diminishes fragmentation in different national systems and unnecessary administrative burdens.
- Sets up a new governance system
- Equips the independent data protection authorities with stronger and harmonised enforcement powers
- Increases transparency
- Creates competitive equality for all companies operating in the EU market, regardless of where they are established, and
- Ensures the free flow of data within the EU.