In May 2018 Europe, including Cyprus, will switch to the updated rules for the processing of personal data, established by the General Data Protection Regulations (EU Regulation 2016 / 679from 27 April 2016 or GDPR - General Data Protection Regulation). This regulation, having direct effect in all 28 EU countries, will replace the frameworkDirectiveon the protection of 95 / 46 / EU personal data from 24 October 1995. An important nuance of the GDPR is the extraterritorial principle of the operation of the new European rules for the processing of personal data, so Russian companies should be attentive to them if the services are focused on the European or international market.
Since May of the year 2018, the responsibility for violating the rules for the processing of personal data has been toughened: according to the GDPR, fines reach 20 million euros (about 1,5 billion rubles) or 4% of the company's annual global revenue. In this article, we analyzed new rules for the processing of personal data in the EU and formulated recommendations for Russian companies on how to respond to the GDPR.
The GDPR has an extraterritorial effect and is applied to all companies that process personal data of residents and EU citizens, regardless of the location of such a company.
Of course, branches and representative offices of Russian organizations on the territory of the EU will have to meet new requirements.
Should such an organization comply with the GDPR? - Yes!
After all, services and goods are obviously offered to Europeans, because:
This means that organizations,processing personal dataEuropeans in Russia in the implementation of online sales (for example, Russian Railways, airlines, hotels, hostels and others) are subject to the GDPR and are required to comply with the new European rules for processing personal data.
It is important to note that in addition to the processing of personal data in the GDPR, the concept of monitoring the behavior of data subjects is used, which drives another category of subjects under the GDPR. The GDPR applies to organizations established outside the EU if they (as a controller or processor) control the behavior of EU residents (to the extent that such behavior takes place in the EU).
What is meant by personal data in the GDPR?
Personal data is any information relating to an individual, on which, directly or indirectly, it can be determined. Such information includes, but is not limited to, the name, location data, online identifier or one or more factors specific to the physical, physiological, genetic, intellectual, economic, cultural or social identity of that individual. Any photos with a face. The definition is broad and fairly clear that even IP addresses can also be personal data. There are also certain types of personal data belonging to the category of personal data: racial or ethnic origin, political views, religious or philosophical beliefs and membership in trade unions, genetic, biometric data, health data, information relating to sexuality or sexual orientation.
The GDPR is the most important legislative document that enhances the level of protection of personal data in the EU and beyond. It requires careful study and compliance. The reform provides clarity and consistency of the rules that should be applied in the field of data protection. It also restores the confidence of the user-consumer, which allows businesses to make the most of the opportunities in the single European digital market. The collection, analysis and movement of personal data around the world have acquired enormous economic importance. Personal data is, of course, the "currency" of the modern economy. And if you collect user data in any form - you must carefully monitor their safety in order to avoidleakage and possible manipulationby third parties.
Photographers can suffer from this law, since it will be impossible to upload photos taken in public places where people are present, it will be necessary for everyone to agree on the photo. On the other hand, such a photo can be quickly removed, at the request of any individual who is in the photo. -Source