Revision as of 21:15, 25 May 2025 edit Rhododendrites (talk \| contribs) Autopatrolled, Event coordinators, Extended confirmed users, Page movers, Mass message senders, Pending changes reviewers, Rollbackers 68,629 edits dab ← Previous edit		Revision as of 21:34, 25 May 2025 edit undo 73.127.14.238 (talk) →General provisions Tag: Reverted Next edit →
Line 31: ===General provisions=== The regulation applies if the data controller (an ~~organisation~~organization that collects information about living people, whether they are in the EU or not), or processor (an ~~organisation~~organization that processes data on behalf of a data controller like cloud service providers), or the data subject (person) is based in the EU. Under certain circumstances,<ref>'''Article 3(2)''': This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.</ref> the regulation also applies to ~~organisations~~organizations based outside the EU if they collect or process personal data of individuals located inside the EU. The regulation does not apply to the processing of data by a person for a "purely personal or household activity and thus with no connection to a professional or commercial activity." (Recital 18). According to the [[European Commission]], "Personal data is information that relates to an identified or identifiable individual. If you cannot directly identify an individual from that information, then you need to consider whether the individual is still identifiable. You should take into account the information you are processing together with all the means reasonably likely to be used by either you or any other person to identify that individual."<ref>{{Cite web\|url=https://ico.org.uk/for-~~organisations~~organizations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/\|title=What is personal data?\|date=January 2021\|access-date=22 July 2019\|archive-date=24 July 2019\|archive-url=https://web.archive.org/web/20190724112940/https://ico.org.uk/for-~~organisations~~organizations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/\|url-status=live}}</ref> The precise definitions of terms such as "personal data", "processing", "data subject", "controller", and "processor" are stated in '''Article 4'''.<ref name="32016R0679"/>{{rp\|Art. 4}} The regulation does not purport to apply to the processing of personal data for national security activities or law enforcement of the EU; however, industry groups concerned about facing a potential conflict of laws have questioned whether '''Article 48''' could be invoked to seek to prevent a data controller subject to a third country's laws from complying with a legal order from that country's law enforcement, judicial, or national security authorities to disclose to such authorities the personal data of an EU person, regardless of whether the data resides in or out of the EU. '''Article 48''' states that any judgement of a court or [[tribunal]] and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may not be recognised or enforceable in any manner unless based on an international agreement, like a [[mutual legal assistance treaty]] in force between the requesting third (non-EU) country and the EU or a member state. The data protection reform package also includes a separate Data Protection Directive for the police and criminal justice sector that provides rules on personal data exchanges at [[Member state of the European Union\|State level]], Union level, and international levels.<ref>{{CELEX\|32016L0680\|text=Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA

General Data Protection Regulation: Difference between revisions