LEGAL VIEWPOINT: Basics of GDPR (General Data Protection Regulation)

By Dr AbdelGadir Warsama, Legal Counsel

Asia 728x90

15 November 2023

It is important in this “data” era, to protect the personal data of all, everywhere. On the face of it, to protect the personal data indicated a high good respect to any person and to all his personal belongings and this is a good initiative to protect personal rights. To fulfill this good stand the European Union (EU) took major steps and issued an important regulation (GDPR). The General Data Protection Regulation, applies to different types of data processing to be carried by organizations operating within or without the EU. It applies on entities outside EU, offering goods or services to individuals in EU. Good, also, Bahrain issued its law to govern personal data protection. More important to say that, Bahrain legislation in this important issue is well advanced and in line with the global standards. Your personal data protection is well protected in Bahrain. This ia an advantage and privilege to all in Bahrain.

GDPR is mainly to apply for protection of personal data, however, there is an exemption as GDPR does not apply to certain activities including certain instances of data processing if they are covered by the law enforcement directives, processing for national security purposes and processing carried out by individuals purely for personal activities.

The regulation for more clarity, specifies types of exemptions for application whenever required. To streamline the process, GDPR applies to ‘controllers’ and ‘processors’. Controller is the authorized body to say how and why personal data is processed, whereas, the processor is the body that acts on the controller’s behalf and control.

If you happened to be a processor, GDPR places specific legal obligations on you. For example, you are required to maintain records of personal data and the processing activities undertaken. As a processor, you have more legal liability if responsible for any breach. Obligations for processors are new requirements under GDPR and they confirm the firm strategy of the EU towards stringent rules to regulate the personal data to curb the huge destructive misuse we are facing. However, controllers are not relieved of their obligations where a processor is involved. GDPR places further obligations on the controllers to ensure that contracts with processors comply with the provisions of the GDPR.

As a general rule, GDPR applies to ‘personal data’. However, the GDPR’s definition is more detailed. The definition provides for wide range of personal identifiers as personal data, reflecting changes in technology and the way organizations collect info about persons. I believe, the justification behind covering automated and manual filling systems, is to cover all data processing, otherwise there could be escape room by manual data processing.

It is necessary to say, GDPR of EU gives great boost to protect personal data everywhere in our world and it is good that it has been taken as benchmark by countries in the region, including Bahrain, when issuing relevant laws.

Need less to say that, all are required to comply with the personal data protection regulations, otherwise to be ready for heavy fines and other legal actions. Everyone shall give full care for the personal data of others to the same degree he excepts form others when dealing with his personal data. Doing this, will automatically help in good protection for the personal data of all.