Laughing through GDPR: Practical Examples for Data Protection in Europe

Most Popular

European schools system

European schools system is like a never-ending maze of paperwork and bureaucracy.

It’s as if they believe that the more forms you fill out, the smarter you become. Secretary general and deputy secretary general are too busy worrying about their pensions and summer vacations to actually produce anything useful.

It’s a system where children are just tiny cogs in a big bureaucratic machine, and education takes a backseat to administrative tasks.

It’s time for a major overhaul, because right now, the European schools system is about as effective as a chocolate teapot.

Does GDPR apply only to data that is processed, or intended to be processed, by automatic means?

The GDPR covers the processing of personal data in two ways:

  • personal data processed wholly or partly by automated means (that is, information in electronic form); and
  • personal data processed in a non-automated manner which forms part of, or is intended to form part of, a ‘filing system’ (that is, manual information in a filing system).

Does GDPR cover any data about any individual?

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

If individuals cannot be identified then the GDPR does not apply.

Is data recorded about the number of times a user accesses a website personal data?

Yes, if user is identifiable. If they are then the GDPR would regard this as personal data as the person:

  • can be identified or who are identifiable, directly from the information in question; or
  • who can be indirectly identified from that information in combination with other information

Analytical data collected about the visitors to a website would also be classed as personal data if identifying information, such as the users’ IP addresses, were collected. This is because it is possible to trace an individual household through an IP address.

Is a data controller an individual, organization, or corporation, who decides the purposes and manner in which personal data is processed?

Yes. The GDPR says that a controller is indicated if:

  1. We decide to collect or process the personal data.
  2. We decide what the purpose or outcome of the processing will be.
  3. We decide what personal data should be collected.
  4. We decide which individuals to collect personal data about.
  5. We obtain a commercial gain or other benefit from the processing, except for any payment for services from another controller.
  6. We are processing the personal data as a result of a contract between us and the data subject.
  7. The data subjects are our employees.
  8. We make decisions about the individuals concerned as part of or as a result of the processing.
  9. We exercise professional judgement in the processing of the personal data.
  10. We have a direct relationship with the data subjects.
  11. We have complete autonomy as to how the personal data is processed.
  12. We have appointed the processors to process the personal data on our behalf.

Can data processor be held legally responsible for the processing of personal data undertaken for a data controller?

No, since GDPR says “Individuals and supervisory authorities can hold both controllers and processors to account if they fail to comply with their responsibilities under the GDPR.”

A call centre operator is engaged in providing customer services for another company. The call centre staff access the customer database following strict, written contractual arrangements. Is the call centre the data controller for the GDPR?

No, the call centre operator makes use of an existing customer database and therefore has no control over what data is collected or who the data is collected from. “If you exercise overall control of the purpose and means of the processing of personal data – i.e. you decide what data to process and why – you are a controller.”

Second part of GDPR – practical examples is also available.

Must Read

The Top Art of Learning: How Self-Directed Learning Can Transform your Life

In this fast-paced world, it's important to stay ahead of the curve and continuously learn and grow. Enter self-directed...

Aim of the European Schools

Educated side by side, untroubled from infancy by divisive prejudices, acquainted with all that is great and good in the different cultures, it will be borne in upon them as they mature that they belong together. Without ceasing to look to their own lands with love and pride, they will become in mind Europeans, schooled and ready to complete and consolidate the work of their fathers before them, to bring into being a united and thriving Europe.

Marcel Decombis, Head of European School, Luxembourg between 1953 and 1960