Course sections

Introduction, Lecture 1

Introduction

The General Data Protection Regulation aims at unified approach for protecting of personal data across the European Union and the European citizens all over the world. Trusting the ability of data controllers to apply appropriate technical and organisational measure, all national registration mechanisms were sent into history. Such fundamental change can be considered as very challenging especially for those data controllers that rely on rigorous registration systems of the national data protection authorities. In order to support such controllers, the GDPR foresees several options for demonstration of compliance with the EU data protection legal framework, applicable not only for a single data controller but for group of similar or unlimited number of data controllers inside or outside the European Union. Aforementioned types of demonstrating compliance with the GDPR also help data subjects to identify easier those data controllers that can be trusted in the light of data security, integrity, confidentiality and availability.
Opportunities such as codes of conduct as well as certification mechanisms can be considered as worthy options in paying less for adopting internal controllers’ rules to the GDPR. In order to be effective, various types of analyses should be initiated. For instance, if data controller is small or medium enterprise, like 99.8% of all profit-making legal entities in the EU (Eurostat, 2015), it might be hard to cope with new legal requirements alone. Its data processing procedures might be similar or entirely covers with procedures of other companies in the same economic sector. Thus, a single data protection rulebook (code of conduct) for their internal data processing procedures can be applied. Furthermore, if data controller aims at entering to new market in one of the EU Member States, data subject will be more certain for the security of their data, if the controller shows external assessment as the certification is to be compliant with the GDPR.