100% tevredenheidsgarantie Direct beschikbaar na betaling Zowel online als in PDF Je zit nergens aan vast
logo-home

Samenvatting

Summary GDPR: Regulation 2016/679

 38 keer bekeken  12 keer verkocht

This document is simply the relevant Recitals and Articles from Regulation 2016-679 (GDPR). No notes or emphasis are added. This document allows you to ignore all the irrelevant text of the Regulation and focus only on the relevant points.

Voorbeeld 3 van de 16  pagina's

  • 10 mei 2021
  • 16
  • 2021/2022
  • Samenvatting
Alle documenten voor dit vak (8)
avatar-seller
EPH
Regulation 2016/679 (GDPR)
Recital 26: The principles of data protection should apply to any information concerning an
identified or identifiable natural person. Personal data which have undergone pseudonymisation,
which could be attributed to a natural person by the use of additional information should be
considered to be information on an identifiable natural person. To determine whether a natural
person is identifiable, account should be taken of all the means reasonably likely to be used, such as
singling out, either by the controller or by another person to identify the natural person directly or
indirectly. To ascertain whether means are reasonably likely to be used to identify the natural
person, account should be taken of all objective factors, such as the costs of and the amount of time
required for identification, taking into consideration the available technology at the time of the
processing and technological developments. The principles of data protection should therefore not
apply to anonymous information, namely information which does not relate to an identified or
identifiable natural person or to personal data rendered anonymous in such a manner that the data
subject is not or no longer identifiable. This Regulation does not therefore concern the processing of
such anonymous information, including for statistical or research purposes.

Recital 33: It is often not possible to fully identify the purpose of personal data processing for
scientific research purposes at the time of data collection. Therefore, data subjects should be
allowed to give their consent to certain areas of scientific research when in keeping with recognised
ethical standards for scientific research. Data subjects should have the opportunity to give their
consent only to certain areas of research or parts of research projects to the extent allowed by the
intended purpose.

Recital 50: The processing of personal data for purposes other than those for which the personal
data were initially collected should be allowed only where the processing is compatible with the
purposes for which the personal data were initially collected. In such a case, no legal basis separate
from that which allowed the collection of the personal data is required. If the processing is necessary
for the performance of a task carried out in the public interest or in the exercise of official authority
vested in the controller, Union or Member State law may determine and specify the tasks and
purposes for which the further processing should be regarded as compatible and lawful. Further
processing for archiving purposes in the public interest, scientific or historical research purposes or
statistical purposes should be considered to be compatible lawful processing operations. The legal
basis provided by Union or Member State law for the processing of personal data may also provide a
legal basis for further processing. In order to ascertain whether a purpose of further processing is
compatible with the purpose for which the personal data are initially collected, the controller, after
having met all the requirements for the lawfulness of the original processing, should take into
account, inter alia: any link between those purposes and the purposes of the intended further
processing; the context in which the personal data have been collected, in particular the reasonable
expectations of data subjects based on their relationship with the controller as to their further use;
the nature of the personal data; the consequences of the intended further processing for data
subjects; and the existence of appropriate safeguards in both the original and intended further
processing operations.

Recital 156: The processing of personal data for archiving purposes in the public interest, scientific
or historical research purposes or statistical purposes should be subject to appropriate safeguards
for the rights and freedoms of the data subject pursuant to this Regulation. Those safeguards should
ensure that technical and organisational measures are in place in order to ensure, in particular, the
principle of data minimisation. The further processing of personal data for archiving purposes in the

1

,public interest, scientific or historical research purposes or statistical purposes is to be carried out
when the controller has assessed the feasibility to fulfil those purposes by processing data which do
not permit or no longer permit the identification of data subjects, provided that appropriate
safeguards exist (such as, for instance, pseudonymisation of the data). Member States should
provide for appropriate safeguards for the processing of personal data for archiving purposes in the
public interest, scientific or historical research purposes or statistical purposes. Member States
should be authorised to provide, under specific conditions and subject to appropriate safeguards for
data subjects, specifications and derogations with regard to the information requirements and rights
to rectification, to erasure, to be forgotten, to restriction of processing, to data portability, and to
object when processing personal data for archiving purposes in the public interest, scientific or
historical research purposes or statistical purposes. The conditions and safeguards in question may
entail specific procedures for data subjects to exercise those rights if this is appropriate in the light
of the purposes sought by the specific processing along with technical and organisational measures
aimed at minimising the processing of personal data in pursuance of the proportionality and
necessity principles. The processing of personal data for scientific purposes should also comply with
other relevant legislation such as on clinical trials.



CHAPTER I
Article 4: “Definitions”
For the purposes of this Regulation:

(1) ‘personal data’ means any information relating to an identified or identifiable natural person
(‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in
particular by reference to an identifier such as a name, an identification number, location data, an
online identifier or to one or more factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of that natural person;

(2) ‘processing’ means any operation or set of operations which is performed on personal data or on
sets of personal data, whether or not by automated means, such as collection, recording,
organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or combination, restriction,
erasure or destruction;

(5) ‘pseudonymisation’ means the processing of personal data in such a manner that the personal
data can no longer be attributed to a specific data subject without the use of additional information,
provided that such additional information is kept separately and is subject to technical and
organisational measures to ensure that the personal data are not attributed to an identified or
identifiable natural person;

(7) ‘controller’ means the natural or legal person, public authority, agency or other body which,
alone or jointly with others, determines the purposes and means of the processing of personal data;
where the purposes and means of such processing are determined by Union or Member State law,
the controller or the specific criteria for its nomination may be provided for by Union or Member
State law;

(8) ‘processor’ means a natural or legal person, public authority, agency or other body which
processes personal data on behalf of the controller;


2

, (11) ‘consent’ of the data subject means any freely given, specific, informed and unambiguous
indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative
action, signifies agreement to the processing of personal data relating to him or her;

(15) ‘data concerning health’ means personal data related to the physical or mental health of a
natural person, including the provision of health care services, which reveal information about his or
her health status;



CHAPTER II
Article 5: “Principles relating to processing of personal data”
1. Personal data shall be:

(a) processed lawfully, fairly and in a transparent manner in relation to the data subject
(‘lawfulness, fairness and transparency’);

(b) collected for specified, explicit and legitimate purposes and not further processed in a
manner that is incompatible with those purposes; further processing for archiving purposes
in the public interest, scientific or historical research purposes or statistical purposes shall, in
accordance with Article 89(1), not be considered to be incompatible with the initial purposes
(‘purpose limitation’);

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which
they are processed (‘data minimisation’);

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to
ensure that personal data that are inaccurate, having regard to the purposes for which they
are processed, are erased or rectified without delay (‘accuracy’);

(e) kept in a form which permits identification of data subjects for no longer than is
necessary for the purposes for which the personal data are processed; personal data may be
stored for longer periods insofar as the personal data will be processed solely for archiving
purposes in the public interest, scientific or historical research purposes or statistical
purposes in accordance with Article 89(1) subject to implementation of the appropriate
technical and organisational measures required by this Regulation in order to safeguard the
rights and freedoms of the data subject (‘storage limitation’);

(f) processed in a manner that ensures appropriate security of the personal data, including
protection against unauthorised or unlawful processing and against accidental loss,
destruction or damage, using appropriate technical or organisational measures (‘integrity
and confidentiality’).

2. The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1
(‘accountability’).



Article 6: “Lawfulness of processing”
1. Processing shall be lawful only if and to the extent that at least one of the following applies:



3

Voordelen van het kopen van samenvattingen bij Stuvia op een rij:

Verzekerd van kwaliteit door reviews

Verzekerd van kwaliteit door reviews

Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!

Snel en makkelijk kopen

Snel en makkelijk kopen

Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.

Focus op de essentie

Focus op de essentie

Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!

Veelgestelde vragen

Wat krijg ik als ik dit document koop?

Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.

Tevredenheidsgarantie: hoe werkt dat?

Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.

Van wie koop ik deze samenvatting?

Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper EPH. Stuvia faciliteert de betaling aan de verkoper.

Zit ik meteen vast aan een abonnement?

Nee, je koopt alleen deze samenvatting voor €0,00. Je zit daarna nergens aan vast.

Is Stuvia te vertrouwen?

4,6 sterren op Google & Trustpilot (+1000 reviews)

Afgelopen 30 dagen zijn er 50843 samenvattingen verkocht

Opgericht in 2010, al 14 jaar dé plek om samenvattingen te kopen

Start met verkopen
Gratis  12x  verkocht
  • (0)