Article 95/46/EC of the European Parliament was created to establish a framework regarding the free movement of data and individual protections for personal data processing.
Article 2 describes the processing of personal data as :
any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
Placing personal data on a website is processing data.
If a person buys a goods item from a website and gives their name, address etc then in accordance with GDPR the persons personal data must be processed lawfully, fairly, transparently, collected for a legitimate purpose, kept securely, kept for no longer than is necessary.
For the website controller / processor to process this data lawfully, the data subject should have consented and there are conditions for this consent requirement under the GDPR regulation. The data controller must have technical and organisational measures in place to show GPDR is complied with. Data protection policies area must.
A data controller can be a natural person or legal person whom decides the purpose the data is to be used for and way it is to be processed.
A data processor engages in data processing on behalf of the data controller.
Need Legal Advice? No problem. Contact Us Today!
We can assist with legal advice on GDPR and Irish data protection law matters.
