爱普纳杰北京专利申请代理机构
北京爱普纳杰

国家知识产权局备案机构

专利申请专利申请 高新认定高新认定 贯标认证贯标认证 专利维权专利维权

官方热线

官方微信

官方微信
政府政策

您的位置:主页 > 政府政策 >

您需要了解的关于GDPR《通用数据保护条例》合规性的一切

发布时间:2020-09-21

EVERYTHING YOU NEED TO KNOW ABOUT GDPR COMPLIANCE

您需要了解的关于GDPR合规性的一切

What is GDPR ?

什么是GDPR?

The General Data Protection Regulation (GDPR) is applicable in all member states of the European Union (EU) to harmonize data privacy laws across Europe.

欧盟《通用数据保护条例》(The General Data Protection Regulation简称“GDPR”),适用于欧盟(EU)所有成员国,目的在于协调整个欧洲的数据隐私法律法规。

The regulation was put into effect on May 25, 2018.

此条例已与2018年5月25日正式生效。

What are the penalties for non-compliance with the GDPR ?

不遵守GDPR的处罚是什么?

Any infringement of GDPR principes shall be subject to administrative fines up to 10 000 000 EUR, or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.

任何违反GDPR原则的行为都将被处以高达千万欧元的行政罚款,或者被处以多达2%的上一财政年度全球年度总营业额,以两者中较高者为准。

Who is concerned by GDPR compliance ?

谁与GDPR合规性相关?

Though it was drafted and passed by the European Union, it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU.

尽管GDPR由欧盟起草并通过的,但无论是来自哪个地区的组织/机构,只要他们针对或收集与欧盟境内人员的相关数据,都具有遵守GDPR的义务。

Therefore, any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation.

因此,任何向欧盟居民销售商品或服务的企业,无论其身在何处,都必须遵守GDPR。

As a result, GDPR will have an impact on data protection requirements globally.

GDPR也将对全球的数据保护要求产生影响。

What is a personal data ?

那些是个人数据?

Personal data is any information that relates to an individual (called the data subject) who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data.

个人数据是指与某个人(被称为“数据主体”)相关,可以(通过它们)直接或间接地识别此人的任何相关信息。名称和电子邮件地址显然是个人数据。位置信息、种族、性别、生物识别特征数据、宗教信仰、网络Cookie和政治见解也可以是个人数据。

Personal data can be data that are not associated with the name of a person but can easily be used to identify him or her and to know his/her habits and tastes.

个人数据可以是虽然与个人姓名不相关但可以很容易被用于识别他/她(的身份)以及了解他/她的习惯和品味的的数据。

However, company details (e.g. company "Company A" with its postal address, switchboard telephone number and a generic contact e-mail "compagnie1@email.fr") are not, in principle, personal data.

但是,原则上,公司详细信息(例如,公司“ Company A”及其邮政地址,总机电话号码和通用联系人电子邮件“ compagnie1@email.fr”)不是个人数据。

What are the key regulatory points of the GDPR ?

GDPR的关键监管点是什么?

If you process data, you have to do so according to seven protection and accountability principles :

处理数据必须根据以下七个保护和问责原则:

❖Lawfulness, fairness and transparency — Processing must be lawful, fair, and transparent to the data subject.

Lawful means that processing must be based on a valid lawful basis (consent, contract, legal obligation, vital interests, public task, legitimate interests).

合法性,公正性和透明性——对数据主体来说,处理过程必须是合法,公正且透明的。

合法是指数据处理必须基于有效的合乎法律规定的基础(同意、合同、法律义务、切身利益、公共任务、合法利益)。

❖Purpose limitation — You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.

用途限制——您处理数据必须是以合法的目的,在收集数据时,您也必须向数据主体清楚明晰地指明这一点。

❖Data minimization — You should collect and process only as much data as absolutely necessary for the purposes specified.

数据最小化——您仅应收集和处理为达到指定目的所绝对必要的数据。

❖Accuracy — You must keep personal data accurate and up to date.

准确性——您必须保持个人数据是准确无误并且是最新的。

❖Storage limitation — You may only store personally identifying data for as long as necessary for the specified purpose.

存储限制——您只能在必要的情况下、出于特定目的储存个人识别数据。

❖Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).

完整性和机密性——必须确保数据处理方式的安全性、完整性和机密性(例如,通过使用数据加密)。

❖ Accountability — The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.

问责制——数据控制者对能够证明其符合GDPR所有这些原则负有责任。

Moreover, GDPR considers that certain categories of data are ‘sensitive’ data (namely data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation) and therefore require increased protection.

此外,GDPR认为,某些类别的数据是“敏感”数据(即透露种族或民族起源、政治见解、宗教或哲学信仰或工会会员身份的数据,为了特定识别某一自然人而对其基因、生物识别特征数据的处理以及与某一自然人的性生活或性取向或健康相关的数据),因此需要加强对其的保护。

What are the rights of the data subjects ?

数据主体的权利有哪些?

The GDPR provides the following rights for individuals :

GDPR为个人提供以下权利:

❖ the right to be informed

❖知情权

❖ the right of access

❖访问权

❖ the right to rectification

❖修改权

❖ the right to erasure

❖删除权

❖ the right to restrict processing

❖限制数据处理的权利

❖ the right to data portability

❖数据可移植性的相关权利

❖ the right to object

❖反对权

❖ rights in relation to automated decision making and profiling.

❖与自动决策(系统)的制定和其资料收集有关的权利

Accountability principle & Security

问责原则与安全性

The accountability principle means that companies shall be responsible for, and be able to demonstrate compliance with GDPR.

问责原则意味着企业应该对是否符合GDPR(相关规定)负责,并且能够证明这一点。

Companies must therefore keep a register of processing activities, which must include a certain amount of information (such as the purposes of each processing operation, a description of the data, etc.).

因此,企业必须保留数据处理活动的记录,其中必须包含一定量的信息(例如每个处理操作的目的、数据的描述等)。

Moreover, GDPR imposes that personal data shall be processed securely by means of ‘appropriate technical and organizational measures’.

此外,GDPR规定应通过“适当的技术和组织措施”对个人数据进行安全处理。

Transfer of personal data to third countries

个人数据的转移

The transfer of personal data outside the European Union (EU) is possible, but only if a sufficient and appropriate level of data protection is ensured. These transfers must therefore be regulated using different legal tools proposed by the GDPR.

只有在确保达到一个足够且适当的数据保护级别的条件的情况下,个人数据才可以传输到欧盟境外。 因此,这些数据转移必须受到使用GDPR提出的不同法律工具的管控。

上一篇:2019年北京市专利代理年报
下一篇:上海市张江科学城专项发展资金支持知识产权发展实施细则
Copyright 2020-2022 北京爱普纳杰专利代理事务所