The General Data Protection Regulation (GDPR) protects the fundaments rights and freedoms of natural persons residing in the European Union and the European Economic Area. In particular, the regulation safeguards the right to the protection of personal data. The proper functioning of the internal market requires that the free movement of personal data within the Union is not restricted or prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.
The material and territorial scope of the Regulation reveal considerable details for its applicability to natural persons. As such, the Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity. Furthermore, the Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
When must Individuals Comply with the GDPR?
As the scope of the Regulation reveals, data processors and controllers can be legal persons or individuals. What matters most for the Regulation is how and for what purpose the personal data of an identified or identifiable natural person is collected and processed.
Individuals may be controllers or processors of personal data. For the sake of clarity, this article assumes mandatory GDPR compliance for individuals when they act as a processor and process personal data of EEA data subjects. GDPR compliance is also required when individuals define a purpose for data processing that falls within the scope of the Regulation.
Only personal data that is adequate, relevant and limited to what is necessary to accomplish the purposes for which it is processed can be used. Personal data of data subjects may be processed in accordance with the principles of fairness, lawfulness and transparency. Consent or a legal obligation is needed before data can be processed. Additionally, the original purpose of data collection and processing must match with all further purposes. Processing must be targeted and proportionate and if no further consent for novel processing is given, the processor must get new consent.
Protection of Natural Persons
As an individual you can always process personal data in the course of a purely personal or household activity. However, when the processing gets a distinct character, for example because an individual operates as a solo entrepreneur, home based business, or internet marketer, also these individuals must respect the GDPR Regulation. Such compliance results in several administrative duties. These duties are for established corporations already time-consuming. As such, GDPR for individuals can become easier with the following services:
- Info Center: with a selection of 66 skillfully drafted documents that will give you all reports, templates, policies and guides you need to get the GDPR compliance job done;
- Mission Control: the 12 step approach guiding you on your path to GDPR compliance;
- Toolbox: A selection of 23 expertly designed and programmed tools to assist you on your implementation journey;
- Data Breach Support: professional assistance is recommended and mostly needed when things go wrong. This breach support service is 24hrs worth of 1-2-1 support after you have identified a data breach. Once you have purchased this package and notified us that there has been a breach, we will kick into action to protect your customers, information and your reputation. We will investigate and reconcile your data breach, inform your customers and develop a strategy with you, to prevent and protect against further breaches. Most importantly, we will deal with the supervisory authority so you don’t have to.
- Data Protection Officer: reliable, neutral and impartial professional DPO service with the expertise as required by article 37 of the Regulation. Pricing levels depend on the contract terms and size of the organization.