Purpose (Article 1)

• Protect fundamental rights and freedoms, particularly right to privacy
• Set obligations, principles and procedures for data processing

Scope (Article 2)

• Applies to natural persons whose personal data are processed
• Applies to natural or legal persons processing data (wholly or partially automated)

Key Definitions (Article 3)

• Explicit consent: Freely given, specific and informed consent
• Personal data: Any information relating to identified or identifiable natural person
• Data Controller: Natural or legal person who determines purposes and means of processing
• Data Processor: Natural or legal person who processes data on behalf of controller
• Processing: Collection, recording, storage, protection, alteration, disclosure, transfer, etc.

General Principles (Article 4)

Data processing must comply with:

• Lawfulness and fairness
• Being accurate and kept up to date
• Being processed for specified, explicit and legitimate purposes
• Being relevant, limited and proportionate
• Being stored for required period only

Conditions for Processing (Article 5)

Personal data requires explicit consent UNLESS:

• Expressly provided by laws
• Necessary for protection of life/physical integrity
• Necessary for contract establishment/performance
• Necessary for legal compliance
• Data made public by data subject
• Necessary for establishment/exercise/protection of rights
• Necessary for legitimate interests (without violating fundamental rights)

Special Categories of Personal Data (Article 6)

Data Subject Rights (Article 11)

• Right to be informed about data processing
• Right to request access to personal data
• Right to request rectification or erasure
• Right to object to processing
• Right to data portability

Obligations for Data Controllers

• Provide clear information about data processing
• Implement adequate security measures
• Register with Data Controllers Registry (VERBIS) if required
• Notify data breaches to authorities
• Conduct Data Protection Impact Assessments when required