EU 679/2016 – GDPR
GDPR is not a norm but an regulation, therefore, a legal obligation just like the FMC. Its mandatory application starts on May 25, 2018., and punishment for is unthinkable for our environment. It is about the system of protecting the personal information of the clients with which the organization works. (banks, insurance companies, hotels, hospitals, school facilities … .itd). Almost all legal entities, but this regulation does not apply to everyone in the same scope. GDPR can be downloaded from the link: http://eur-lex.europa.eu/legal-content/HR/TXT/PDF/?uri=CELEX:32016R0679&from=HR
The Universal Data Protection Act (GDPR) (EU) 2016/679 is the EU legal framework for data protection and privacy for all individuals within the European Union. It deals with manipulation of personal data outside the EU. GDPR aims primarily to give citizens and residents control over their personal data and to simplify the regulatory environment for international business by integrating regulations within the EU. Old Data Protection Directive (Directive 95/46 / EC) was replaced by GDPR.
It was adopted on April 27, 2016. and has become mandatory on May 25, 2018, after a two-year transitional period.
Unlike the directive, it does not require national governments to legislate and is therefore directly binding and enforceable
The rule applies if a data controller, an organization that collects data from an EU resident or processor, is an organization that processes data on behalf of data controllers such as cloud service providers or the data subject (persons) is based in the EU. The Regulation also applies to organizations established outside the EU if they collect or process personal data of individuals located within the EU. According to the European Commission, “personal information is any information pertaining to an individual, whether it relates to his or her private, professional or public life. This may be anything from the name, address, photographs, email addresses, banking details, posts on social networking sites, medical information, or computer IP address. ”
The Regulation does not apply to the processing of personal data for national security activities or for the implementation of EU law; However, industrial groups dealing with possible conflict of laws questioned whether Article 48 of the GDPR may be called upon to prevent a controller from being subject to third country laws in accordance with the legal order of the country’s enforcement, judicial or national security authorities to provide such bodies with personal information of an EU citizen, regardless of whether the data are in the EU or outside. Article 48 states that any judgment of a court or arbitral award and any decision of a third country administrative body which requires a controller or processor to transmit or disclose personal information may not be recognized or enforced in any way other than on the basis of an international agreement such as mutual legal assistance agreement between a third country (outside the EU) and the EU or a Member State. The Data Protection Reform Package also includes a Special Data Protection Directive for the Police and Criminal Justice Sector, which provides rules on the exchange of personal data at national, European and international level.