1. What is the General Data Protection Regulation (GDPR)?
This is a European Union (EU) Regulation intended to strengthen and unify the protection of Personal Data for European Union residents.
2. What are the key changes with the GDPR?
- Significantly expanded territorial scope
- Mandatory data breach notification in certain cases
- Mandatory appointment of a Data Protection Officer in certain cases
- Data processors now also directly responsible at law
- More stringent consent requirements
- Increased level of information to be provided to data subjects
- More stringent requirements in controller-processor contracts
- Removal of the general notification requirement
- New data subject rights
- Larger penalties for non-compliance
3. Who does the GDPR apply to?
The GDPR applies to natural and legal persons acting as data controllers or data processors who process the personal data of natural persons residing in the EU (data subjects).
4. What are the Data Subject rights?
- Right of Access
- Right to Rectification and Restriction
- Right to Object
- Right to Withdraw Consent
- Right to Erasure (Right to be Forgotten)
- Right to Data portability
- Right to Lodge a Complaint
5. What is the definition of Personal Data?
Personal Data includes any information relating to an identifiable EU resident irrespective of whether it regards his or her private, professional or public life. Personal Data can include a name, photo, email address, bank details, medical information or an IP address.
6. What is a Data Subject?
A natural person who is the subject of Personal Data i.e. data which can identify and distinguish a living individual from any other.
7. What is a Data Controller?
A Data Controller includes a natural or legal person controlling and responsible for the keeping and use of Personal Data both electronically and in manual files. This is the entity that determines the purposes and means of the processing.
8. What is a Data Processor?
A Data processor includes a natural or legal person involved in the processing of Personal Data on behalf of a Data Controller. Usually, a Processor is a third party external to the Data Controller. The duties of the Processor towards the Controller must be detailed in an agreement.
10. What do you need to do if you require more information?
- Contact our Data Protection Officer by sending an email to firstname.lastname@example.org or a letter to the Data Protection Officer, APS Bank plc, APS Centre, Tower Street, Birkirkara, BKR 4012, Malta