General Data Protection Regulation (GDPR) - Its Effect on Non-EU Member States (Nigeria)

On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force. As with the Data Protection Directive (95/46/EC), the regulation of biobanks for scientific research will be profoundly affected by this reform. Accordingly, a comparative survey of some of the existing national regulatory frameworks is of value to aid understanding of whether and how EU Member States will need to realign their systems to ensure compliance with the new Regulation. This article provides a comparison of the positions of Member States in the Mediterranean and Eastern European area, focusing especially on the existing regulatory framework on biobanks, the definition of personal and genetic data, the pseudonymization process, the processing of personal data for medical research purposes (and its impact on the right to consent of the individuals involved) and the secondary use of such data. The article concludes that effective implementation of the EU GDPR will represent a decisive catalyst for adaptive harmonization of biobanks regulation in the European framework.

Download Full-text

Data Protection Maturity: an analysis of methodological tools and frameworks

Central and Eastern European eDem and eGov Days ◽

10.24989/ocg.338.11 ◽

2020 ◽

Vol 338 ◽

pp. 135-147

Author(s):

Tamás Laposa ◽

Gáspár Frivaldszky

Keyword(s):

Data Protection ◽

Relevant Literature ◽

Specific Model ◽

Maturity Models ◽

Protection Measures ◽

General Data Protection Regulation ◽

Eu Member States ◽

Research Opportunity ◽

Privacy Measures ◽

General Data

This paper discusses the maturity of data protection and privacy measures in order to develop a better understanding of the importance and impacts of this domain. The practical relevance of this topic is that the General Data Protection Regulation provides that data controllers in EU Member States shall comply with uniform data protection rules. Even though European legislation sets detailed requirements for data controllers, the implementation of appropriate technical and organisational measures can be realised at different levels of maturity. Based on the analysis of the pertinent literature, various maturity models are available to assess privacy policies, but GDPR requirements are addressed just partially. The exploration of the issue of maturity offers a new relevant research opportunity to assist data controllers in finding the appropriate methodology for the assessment and further development of their data protection measures. This paper has three main objectives. First, to systematically review the relevant literature on the issue of maturity. Second, to analyse the relevant maturity models and their main methodological elements. Third, to make suggestions for a new specific model focusing on GDPR requirements.

Download Full-text

The Digital tax system in the light of GDPR

Bratislava Law Review ◽

10.46282/blr.2018.2.2.120 ◽

2018 ◽

Vol 2 (2) ◽

pp. 183-190

Author(s):

Martin Daňko ◽

Petra Žárská

Keyword(s):

Data Protection ◽

Crucial Role ◽

Personal Data ◽

Modern World ◽

Tax System ◽

General Data Protection Regulation ◽

Eu Member States ◽

State Administration ◽

General Data

The digital tax system is becoming extremely essential in the modern world. As we look at the system itself as a great benefit for its users and states as well, we tend to forget the role of personal data within it. Personal data play crucial role in the errorless digital tax system. The new regulation of EU, General Data Protection Regulation is addressing processing of personal data within the state administration of EU member states. The aim of this article is to examine the effect of GDPR on the digital tax system and encourage wide academic and public discussion in relation to processing of personal data in the digital tax system.

Download Full-text

Introduction

GDPR and Biobanking - Law, Governance and Technology Series ◽

10.1007/978-3-030-49388-2_1 ◽

2021 ◽

pp. 1-7

Author(s):

Santa Slokenberga ◽

Olga Tzortzatou ◽

Jane Reichel

Keyword(s):

Data Protection ◽

Scientific Research ◽

Personal Data ◽

Practical Experience ◽

General Data Protection Regulation ◽

Eu Member States ◽

General Data ◽

The Uk ◽

Shed Light

AbstractThe General Data Protection Regulation (GDPR) is already four years old legal instrument, with over two years of practical experience, yet, several central questions on its application, its importance in scientific research, rights of the data subjects, and obligations on the controllers and processors remain uncharted. In this edited volume, questions ranging from the meaning of the GDPR provisions for a particular research project to impact of the GDPR on long term collaborations, when the UK is leaving the EU are is discussed. This chapter sets out the aim of this book and provides an overview of how various contributions interplay to shed light on how the GDPR shapes the research regimes on the use of personal data in biobanking by EU Member States.

Download Full-text

The General Data Protection Regulation: an overview of the penalties’ provisions from a Portuguese standpoint

Unio - EU Law Journal ◽

10.21814/unio.4.2.10 ◽

2018 ◽

Vol 4 (2) ◽

pp. 99-104

Author(s):

Pedro Miguel Freitas

Keyword(s):

Data Protection ◽

Personal Data ◽

European Parliament ◽

Free Movement ◽

Member States ◽

National Legislation ◽

General Data Protection Regulation ◽

Legal Texts ◽

General Data

The aim of this paper is to analyse the punitive regime foreseen in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). The administrative fines’ regime found in Article 83 of the GDPR and some of the questions it arises will be explored. We conclude that the Member States should adopt a critical stance when adapting their national legislation to the norms of the GDPR. The fundamental principles enshrined in national constitutions and supranational legal texts must be closely analysed and observed since the GDPR introduces a mandatory sanctions framework.

Download Full-text

The General Data Protection Regulation and its Violation of EU Treaties

Juridica International ◽

10.12697/ji.2018.27.03 ◽

2018 ◽

Vol 27 ◽

pp. 36-40

Author(s):

Mario Rosentau

Keyword(s):

Data Protection ◽

Service Providers ◽

Fundamental Rights ◽

European Law ◽

Member States ◽

General Data Protection Regulation ◽

European Constitution ◽

General Data ◽

The Eu ◽

Draft Constitution

While the EU General Data Protection Regulation, which entered force on 25 May, is generally good and necessary in its vigorous protection of the fundamental rights of self‑determination and identity of European people, the article identifies a core issue that has gone unnoticed: the GDPR violates EU treaties. It is, at base, a ‘European law’, yet European laws are banned under the TEU and TFEU. The article examines the background for this conflict. The ambitious plan for ratification of 2003’s draft treaty establishing a constitution for Europe fell at the first hurdle in 2005. The draft Constitution envisaged a legislative innovation: the European law and European framework law, directly applicable in the Member States and superior to them. These legal instruments, envisaged as replacing EU regulations, could readily be cited as a major federalist pillar of the draft. Yet there would be no European laws – they were rejected with the draft constitution in the 2005 referenda, and the current treaties do not foresee any law-like European legislation. The author outlines the GDPR’s nature as a European law thus: the regulation 1) potentially concerns all residents of Europe, albeit by adding to the rights of individuals and protecting their freedoms; 2) addresses virtually all legal entities and undertakings acting, physically or through a network, in the European judicial area; 3) addresses the Member States and the EU itself; 4) and has cross-border applicability and covers the whole EU. Furthermore, its reach extends to service providers outside the EU if their service targets EU data subjects. There are substantial impacts on subjects on whom obligations are substantial. Hence, the author concludes that the GDPR’s scope, depth, and impacts exceed all the limits that the EU treaties permit for regulations. Furthermore, the treaties do not even know the term ‘general regulation’. Since the GDPR possesses the characteristics of a ‘European law’ – and even is ‘seamlessly’ positioned in a place reserved by the draft EU Constitution for the ‘European law on data protection’ – while such laws have been rejected, a key issue is highlighted: how deep an EU-level political integration and relinquishment of the individual European nations’ sovereignty do the Member States actually want? For instance, most analyses of the causes of Brexit cite loss of sovereignty of the UK as one of the main factors in the decision. The author concludes that, since the GDPR is with us to stay, amendment of the EU treaties can no longer be avoided. Noble objectives cannot justify infringements of the present ‘European Constitution’ and the constitutions of the Member States.

Download Full-text

The practice of imposing administrative fines by the State Data Protection Inspectorate in the context of other EU Member States

Socialiniai tyrimai ◽

10.15388/soctyr.44.2.10 ◽

2021 ◽

Vol 44 (2) ◽

pp. 153-169

Author(s):

Aurimas Šidlauskas

Keyword(s):

Data Protection ◽

Personal Data ◽

The State ◽

General Context ◽

Member States ◽

State Data ◽

General Data Protection Regulation ◽

Supervisory Authority ◽

Eu Member States ◽

The Eu

The implementation of the EU General Data Protection Regulation (hereinafter referred to as the Regulation), which, among other things, aims to eliminate disparities between national systems and to alleviate unnecessary administrative burdens, began on 25 May 2018. Each Member State is to ensure that there is one or more independent public authorities (hereinafter referred to as the supervisory authority) responsible for monitoring the implementation of the Regulation. In Lithuania, personal data protection is supervised by two authorities, namely by the State Data Protection Inspectorate (hereinafter referred to as the SDPI) and by the Office of the Inspector of Journalist Ethics. The powers conferred on the supervisory authorities by the Regulation are greater and broader in scope than those granted under previous data protection legislation. Organizations which process personal data must ensure compliance with the requirements laid down in the Regulation. A supervisory authority that violates the provisions of the Regulation may be faced with heavy administrative fines and other sanctions. This article analyzes the practice of imposing administrative fines in the EU and in Lithuania as compared to other EU Member States. The author of the article believes that evaluating the practice of imposing administrative fines by the SDPI within the general context of the EU shall enable one to search for the reasons behind the current situation, as well as to improve the processes the SDPI employs to perform functions associated with data protection supervision. The article uses generalization and comparative analysis of scientific literature, legal documents and statistical data.

Download Full-text

Data Protection Heterogeneity in the European Union

Applied Sciences ◽

10.3390/app112210912 ◽

2021 ◽

Vol 11 (22) ◽

pp. 10912

Author(s):

Marko Hölbl ◽

Boštjan Kežmah ◽

Marko Kompara

Keyword(s):

European Union ◽

Data Protection ◽

Data Generation ◽

The European Union ◽

Biometric Data ◽

Member States ◽

General Data Protection Regulation ◽

Electronic Signatures ◽

Eu Member States ◽

Almost All

In light of digitalisation, we are witnessing an increased volume of collected data and data generation and exchange acceleration. Therefore, the European Union (EU) has introduced the General Data Protection Regulation (GDPR) as a new framework for data protection on the European level. However, GDPR allows the member states to change some parts of the regulation, and the member states can always build on top of the GDPR. An example is the collection of biometric data with electronic signatures. This paper aims to compare the legislation on data protection topics in the various EU member states. The findings show that the member states included in the study generally do not have many additional/specific laws (only in 29.4% of the cases). However, almost all have other/additional legislation to the GDPR on at least one topic. The most additional legislation is on the topics of video surveillance, biometry, genetic data and health data. We also introduce a dynamic map that allows for quick navigating between different information categories and comparisons of the EU member states at a glance.

Download Full-text