Pagrindinės duomenų subjekto teisės ir jų užtikrinimas pagal ES Bendrąjį duomenų apsaugos reglamentą

• Štareikė, Eglė
• Kausteklytė-Tunkevičienė, Sigita

LTStraipsnyje analizuojama teoriniu ir praktiniu požiūriu aktualus ES Bendrasis duomenų apsaugos reglamentas, kuris iš esmės reformuoja ES duomenų apsaugos teisinį reguliavimą ir įtvirtina visoje ES vienodai aukštą privatumo apsaugos standartą – bet kurios valdžio įstaigos, institucijos ar įmonės veiklos poveikis duomenų apsaugai turės tapti nuolatiniu ir vienu iš centrinių bet kokios veiklos planavimo ir įgyvendinimo elementu. ES Bendrasis duomenų apsaugos reglamentas ne tik nustato naujas duomenų tvarkymo taisykles, bet ir detaliai sureguliuoja atskiras duomenų subjektų teises, išplečia šių teisių turinį bei įtvirtina duomenų apsaugos pareigūno institutą. Šiame straipsnyje autorės pristato pagrindines naujoves, susijusias su asmens duomenų subjektų teisių įtvirtinimu ir duomenų tvarkymo principais. Darbe taip pat analizuojami asmens duomenų apsaugos pareigūno paskyrimo pagrindai bei veiklos principai. Tik atsakingas ir Reglamente įtvirtintais principais pagrįstas asmens duomenų tvarkymas apsaugo asmens teisę į privatumą, o duomenų valdytoją ir duomenų tvarkytoją – nuo duomenų apsaugos pažeidimo. [Iš leidinio]

ENEU General Data Protection Regulation, by the theoretical and practical view, reforms EU data protection legal regulation and establishes a uniformly high standard of privacy data protection - the impact of any government institution or company on data protection will have to become permanent and one of the central element of planning and implementing any activity. The EU General Data Protection Regulation not only sets new rules for data processing, but also in detail regulates the rights of data subjects, extends the content of these rights and establishes the Data Protection Officer Institute. In this article, authors presents the main innovations related to data subjects' rights protection and data processing principles. The paper also analyzes the bases for the appointment of the Personal Data Protection Officer and the principles of his operation. Only the responsible processing and processing of personal data based on the principles enshrined in the Regulation protects data subject individual's right to privacy, also the data controller and data processor - against personal data protection breach. The relevance of this scientific article relates to the novelty and relevance of the General Data Protection Regulation and the importance of this document to data protection law. The purpose of this scientific article is to analyze the content of the main rights of data subject, identifying the means of ensuring data rights of the data subjects and examining the bases and principles of the activities of the data protection officer. Object of scientific article - General Data Protection Regulation contains the principles of data subjects' rights and the processing of personal data. To sum up is has to be drawn that the application of the General Data Protection Regulation has become a direct legal act and brings many innovations into countries national legal systems.The Regulation dramatically broadens the territorial scope of EU data protection law, strengthens the requirements for the lawfulness of the processing of personal data, extends the scope of liability for the processing of personal data, establishes a new obligation for a part of data controllers and data processors, appointment of a data protection officer, regulates the processing of personal data of children, strengthens the rights of subjects, tightens the requirements for the consent of the data subjects, and also increases the amount of fines for improper or unlawful processing of personal data. The establishment of the rights of data subjects in the General Personal Data Regulation aims to ensure that information is correct, used only for legitimate purposes and by those controllers who have the right to process specific data. The principles enshrined in the Regulation are considered to be clear legal requirements, which controller and processor must follow when controling and / or processing personal data. Regulation sets for data controllers binding guidelines for managing data in accordance with established principles, and each controller is required to define it in activity records. In this way, the responsibility of data controllers for the rights of data subjects is reinforced and the involvement of the data protection supervisory authority in the daily routine of data processing is reduced. The Regulation attaches a significant role to the Data protection officer throughout the entire data management system. The Data protection officer, in accordance with his mandate and assigned functions, shall be considered as a person who will not only be required to help data controllers and processors properly enforce data protection requirements but also act as an intermediary between data subjects, data controllers or processors and the data protection supervisory institution. [From the publication]