Last December, we posed the question: Will the GDPR change the Big Data world? In this article series, we return to the legal aspects explained during la conférence de la XebiCon’17.
The scope of application of the GDPR
If the GDPR applies to “Data Controllers,” i.e. the bodies that determine the purposes and methods of processing personal data, it also extends to the “Data Processor” as well.
The rules and obligations of the GDPR apply to the processing – automated or not – of personal data.
First of all, let us agree on the definition of these terms:
The GDPR provides a precise definition of personal data. It is “any information relating to an identified or identifiable natural person.” An identifiable natural person is understood to be “a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, a postal address, an e-mail, or several elements specific to his physical, physiological, genetic, psychological, economic, cultural or social identity”.
A definition that has therefore been broadened to include certain online data such as location data, online identifiers, identification numbers (device identifiers, cookies, IP addresses, etc.).
This broad term refers to any operation carried out on personal data, whether or not by automated means. Examples of processing include the collection, recording, organization, storage, use, and destruction of personal data, which means that the vast majority of European companies are affected by the GDPR’s systems.
Ultimately, the vast majority of European companies are affected by the GDPR’s measures.