This document summarizes the key aspects of the new European Union General Data Protection Regulation (GDPR) legislation that took effect in 2016. It outlines that the GDPR establishes a common standard for data protection across the EU and replaces the previous 1995 directive. The GDPR applies to all companies that process personal data of EU citizens, regardless of the company's location. It defines personal data and establishes principles for lawful and fair processing, including obtaining consent and respecting individual rights such as access, rectification, erasure and objection. The GDPR aims to protect EU citizens' data privacy and security.

1. Resident Twinning Adviser: Jekaterina Macuka
Date: 17.07.2018
This project is funded by the European Union
GDPR -
new European Union
legislation

2.  New legislation:
 Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April
2016 on the protection of natural persons
with regard to the processing of personal
data and on the free movement of such
data, and repealing Directive 95/46/EC
(General Data Protection Regulation)
 Directive (EU) 2016/680 of the European
Parliament and of the Council of 27 April
2016 on the protection of natural persons
with regard to the processing of personal
data by competent authorities for the
purposes of the prevention, investigation,
detection or prosecution of criminal
offences or the execution of criminal
penalties, and on the free movement of
such data, and repealing Council
Framework Decision 2008/977/JHA
(Police Directive)
2

3. General Data Protection Regulation
 Common regulation for
personal data protection in EU
 Replaces directive 95/46/EC
 Applicable for private and
government sector
 Applicable for data processing
of EU citizens, even if
controller is located outside
EU
3

4. Convention for the
Protection of Individuals
with regard to Automatic
Processing of Personal Data
(108)
• The purpose of this
Convention is to secure in
the territory of each Party
for every individual,
whatever his nationality
or residence, respect for
his rights and
fundamental freedoms,
and in particular his right
to privacy, with regard to
automatic processing of
personal data relating to
him ("data protection").
EU General Data Protection
Regulation (2016/679)
• This Regulation applies to
the processing of personal
data wholly or partly by
automated means and to the
processing other than by
automated means of
personal data which form
part of a filing system or are
intended to form part of a
filing system

5. GDPR
Evolution of personal data processing
rules, but not revolution!
5

6. General Data Protection
Regulation:
• Allows to process personal data,
that includes activities as such:
collection, recording,
organisation, structuring,
storage, adaptation or
alteration, retrieval,
consultation, use, disclosure
by transmission,
dissemination or otherwise
making available, alignment
or combination, restriction,
erasure or destruction
• Sets principles and rules on
personal data processing

7. Principles of personal data
protection
• Lawfulness, equity and transparency
processed lawfully, fairly and transparently with regard to the data
subject, information about processing have to be easily accessible and
understandable
• Purpose-related limitations
collected for determined, explicit and legitimate purposes and shall not be
processed in a way that is incompatible with such purposes
• Data minimization
limited to what is necessary in relation to the achievement
of the purposes for which it is processed
• Data accuracy
accurate and, where required, updated
• Anonymization
kept in a form that enables to identify the subjects for a period
that does not exceed the period required to achieve the purposes
for which the data are processed

8. Lawfulness of processing
(legal grounds)
• Tasks that serves public interests have to be
set up by the state legislative acts
• Fulfilling the controller’s legal obligation
• Carry out a task that serves a public interest or
resulting from the exercise of the public
authority’s powers vested in the controller
• The performance of a contract to which the
subject concerned is a party
• To protect the vital interests of the natural
person
• Consent of data subject
• The legitimate interests pursued by the
controller or a third party

9. Provisions for personal data
processing:
• Compliance with personal data protection
principles
• Legal grounds according GDPR Article 6
• Purpose (what I want to achieve with
processing)
• Security and organizational measures
• Storage limitation (how long data are used)
• Respect for data subject rights

10. Data subject rights:
• Right of information
• Right of access by the data subject
• Right to rectification
• Right to erasure («right to be forgotten»)
• Right to restriction of processing
• Right to data portability
• Right to object
• Restriction of profiling

11. Applicability of GDPR:
• Company of Moldova - not established in EU:
• Perform activities related to the offering of goods or
services, irrespective of whether a payment of the data
subject is required, to such data subjects in the EU
• Personal data processing activities are related to the
monitoring of data subject`s behavior as far as their
behavior takes place within the EU
• The company in Moldova have a local establishment in
EU and/or is related to it
• The company in Moldova operates as a processor for
any other company in EU (Art.28)
GDPR does not apply if the company in Moldova do
not process and do not plan to process personal data in
any way as reflected above

12. Thank you for attention!
Mersi pentru atenție!
12