The fundamental principles of the legislation EU Reg. 679/2016 (“GDPR”).
Despite the rules that protect personal data are really complex, it is possible to identify some fundamental principles.
The knowledge of these principles allow to understand which criteria guarantee the protection of personal data, avoiding abuses of the data that may violate the privacy of the persons.
The fundamental principles – that derive from EU Regulation no. 2016/679 (from articles 15 to 21 of the GDPR) and from the provisions of the Authorities – are the following:
1. The right of access:
The interested party has the right to obtain from the data controller confirmation that it is or is not undergoing the processing of personal data concerning him and in this case, to obtain access to personal data and several information like:
– the purposes of the processing;
– the categories of personal data;
– the recipients or the categories of recipients to whom the personal data have been or will be communicated, specially if recipients are from third countries or international organizations;
– when possible, the data retention period of data provided or, if not possible, the criteria used to determine this period;
– the existence of the right of the interested party to request to the Data Controller to rectify or delete personal data or limit the processing of personal data or to oppose about their treatment;
– the right to lodge a complaint with a supervisory authority;
– if the data are not collected from the interested party, all information available on their origin;
– the existence of an automated decision-making, including profiling
2. The right of rectification:
The interested party has the right to obtain from the Data Controller the correction of inexact personal data concerning him without undue delay. To finalize the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.
3. The right to cancel (“right to be forgotten”):
The interested party has the right to obtain from the Data Controller the deletion of personal data concerning him without undue delay and the Data Controller has to cancel compulsory the personal data without undue delay within the limits and in the cases provided for by current regulations. The Data Controller communicates to each of the recipients to whom the personal data have been transmitted the eventual corrections or cancellations or limitations of the processing within the limits and in the forms provided for by Regulations.
4. The right to limitation of treatment:
The interested party has the right to obtain the treatment limitation from the Data Controller.
5. The right to data portability:
The interested party has the right to receive – in a structured, commonly used and automatically legible form – their personal data and provided to a Data Controller. The interested party has the right to transmit such data to another Data Controller without any impediments from the other Data Controller who supplied them.