Extra-territorial i.e. applies to organisations outside the EU processing EU data subjects’ personal data and touches “controllers” AND “processors” assuming we leave the EU UK organisations will still be affected.
Broad definition of personal data, includes data that directly or indirectly identifies or makes identifiable a data subject such as online identifiers, IP addresses and location data etc.
Business Awareness – low therefore work for lawyers
Risk
Aim
Trend is towards a digital economy with data protection across the world
What does that actually mean
Individuals have a right to privacy - “private and family life, his home and his correspondence” (Article 8 ECHR)
Individuals have right to protection of personal data - “Everyone has the right to the protection of personal data concerning him or her” (Article 8 ECFR)
Specifically grants data subjects with the rights to access, modify, update or ask for deletion of such data e.g. right to know what data is gathered or stored about you, to access this and request modification/deletion
Data protection (narrower) gives individuals:
Right to know what personal data is collected, on what legal grounds, how it is used, for how long it used and kept, and by whom.
Specifically grants data subjects with the right to access, modify, update or ask for deletion of their data