Abstract
The changes that have been brought about by the General Data Protection Regulation starting with May 2018 are complex and ambitious. The General Data Protection Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years, and it introduces many concepts that are yet to be fully discovered in practice, such as the right to be forgotten, data portability and data breach notification. This paper intends to analyze the main obligations that public bodies, particularly, have after the GDPR has entered into force, and to evaluate the impact this legislative act has on the routine activities carried out by public authorities in Romania. To reach our goal, we will make reference to the obligations that are specific to public administration authorities as well as to those that public bodies are exempted from. We will also analyze the national legislative measures adopted in Romania after GDPR started to be in force, and the degree to which these have particularized the way public bodies are allowed and obliged to process personal data in Romania.
Highlights
It is uncontested that the public sector has reached a point in time and evolution when it encompasses a wide range of services and enterprises, all having various natures, leading to a great amount of personal data processed
The entering into force of the General Data Protection Regulation (EU) 2016/679 was a huge step forward, the role of law being to ensure that breakthroughs in science are properly applied to social relations. (Zanfir, 2014) After many years of debates, the EU Parliament has approved, on the 14th of April 2016, the General Data Protection Regulation, setting the enforcement day for 25th of May 2018, almost two years ago
This means that any person that has its personal data processed can request the organization that processes these data to delete any personal information about them. (Sandru, 2018) Individuals can request to have their personal data erased in certain situations, specified in the provisions of the General Data Protection Regulation (GDPR), all of these situations referring to cases where the processing of those particular data does not meet the requirements of the GDPR
Summary
It is uncontested that the public sector has reached a point in time and evolution when it encompasses a wide range of services and enterprises, all having various natures, leading to a great amount of personal data processed. (Kajcsa, 2018) It is of great importance that modern technologies are not allowed to objectify the human or to harm in any way the right to private life, and law provides one strong path towards this goal In this context, the entering into force of the General Data Protection Regulation (EU) 2016/679 was a huge step forward, the role of law being to ensure that breakthroughs in science are properly applied to social relations. The GDPR allows Member States to legislate at national level on matters such as: the processing of personal data is required to comply with a legal obligation, the processing relates to a public interest task or is carried out by a body with official authority. Numerous articles state that their provisions may be further specified or restricted by Member State law, as is the case of article 90 that allows Member States to adopt specific rules to set out the powers of the supervisory authorities in relation to controllers or processors that are subject to an obligation of professional secrecy or other equivalent obligations of secrecy
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Law and Public Administration
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
