The GDPR (General Data Protection Regulation) is neither a revolution nor a big bang.
In Europe, personal data is also protected by national laws.
Since 1978 and the French Data Protection Act (amended), France has had a legal framework for the protection of personal data, and these rules also apply to the field of internet.
In Germany, the GDPR is amended and added to specifically by the federal law on personal data (Bundesdatenschutzgesetz, BDSG), and relative to the internet sector, by the Telecommunications Law (Telemediengesetz, TMG).
Similarly, in the UK, the Data Protection Act and the law on electronic communication (Privacy and Electronic Communications Regulation) add to the provisions of the GDPR.
NoteIn the UK, the GDPR will no longer apply as of Britain’s exit from the EU (31/12/2020). According to information published by the ICO, the UK’s protection body, the Data Protection Act will remain applicable after this date in an amended form which is to retain the provisions of the GDPR. Certain provisions will depend notably on the outcome of negotiations currently underway between the UK and the EU, more specifically relative to the transfer of data to the UK.
The GDPR harmonises the rules on a European level and strengthens or opens certain user rights.
The GDPR defines:
- The Data Controller: You, the customer of AT Internet
- Data Processor: Us, AT Internet
- The Data Subjects: The Users of your platforms (websites, mobile applications, connected TV, vocal assistants, etc.)
- Personal data: all information relative to an identified or identifiable natural person (see dedicated article for details)
- Processing: such as any operation or set of operations...applied to personal data or data sets, such as collection, [...], consultation, use, communication via transmission, dissemination, etc.
See article 4 definition.
The GDPR applies:
- to the processing , whether automated or not, of personal data contained or required in a file (article 2. : material scope)
- If processing is carried out in the framework of activities of Data Controllers or Data Processors located in the EU AND/OR if processing is relative to EU residents (article 3. : territorial scope)
Given that AT Internet is an established player in the EU territory and that, furthermore, we collect data relative to users residing in the EU, the text applies to our processing