Data privacy laws in the EU regulate the processing of personal data, both online and offline. They apply to every organisation — public and private — that collects and uses personal information in the EU. The laws provide that those who collect and process personal data must do so under strict conditions and only for legitimate purposes. They must protect the data from misuse and must respect the privacy and other rights of individuals that are guaranteed by EU law.
These laws are intended to —
- Impose restrictions on the processing of personal data within the EU to protect individual privacy;
- Impose even tighter restrictions on the processing of sensitive data — that is, data revealing health information, racial or ethnic origin, etc.; and
- Prohibit transfers of personal data outside the EU unless the data is provided adequate privacy protections and safeguards.
The data privacy laws have a broad reach. The term "personal data" covers all information related to an individual who is either identified or identifiable. It includes information in any form, including photos, videos, voicemail, etc. The term "processing" covers all forms of collecting, storing, transmitting and using personal data. It includes the sharing of data with any affiliated entities.
Individuals have the right to complain and obtain redress if their data is misused anywhere within the EU. Those who violate the data privacy laws face significant civil and/or criminal legal actions and penalties.
© WeComply/Thomson Reuters