General Data Protection Regulation (GDPR)
Regulation (EU) 2016/679 (the full text after incorporation of the two amendments) is the EU-wide legal framework for the protection of personal data, protecting the rights of its citizens against the unauthorised handling of their data and personal data. The GDPR takes over all the existing principles of data protection and processing that underpin the EU data protection system and confirms that protection travels across borders at the same time as personal data.
Accordingly, the GDPR further develops and strengthens the rights of people affected by processing, in both components: to have (obtain) information about which of their data is being processed and why, and to seek compliance with the rules, including redress. The GDPR systematically emphasises the enforceability of people's rights and the obligations of controllers (those responsible for processing). It therefore contains more sophisticated and demanding rules for specific categories of data and processing, and at the same time enforces a significantly more proactive approach from controllers and processors, in particular the need to assess the data protection impact of individual processing (DPIA) and choose appropriate data protection tools before starting new processing, and to request prior consultation with the supervisory authority under certain conditions. The key to setting obligations for controllers is the riskiness, which is imported from the scope of the processing, the personal data processed and the technologies used.
Controllers and processors are required to appoint a data protection officer under certain conditions. Obligations for security of processing are set out in more detail and a new obligation to report personal data breaches to the supervisory authority and to the citizens affected by the breach is introduced.
The General Regulation explicitly regulates the independence, general conditions for the members, tasks and powers of the supervisory authorities in the Member States of the European Union, the EEA and Switzerland and the cooperation between these supervisory authorities. The approach to sanctions is also uniform.
Mendel is governed by the Rector's Directive 3/2020 - Systém zpracování osobních údajů.
