Financial Crime World

Here is the rewritten article in Markdown format:

EU’s New Data Protection Law: What You Need to Know

In a major overhaul of data protection regulations, the European Union has introduced new laws governing the handling of personal data. The General Data Protection Regulation (GDPR) aims to provide individuals with greater control over their personal information and ensure that organizations handle it securely.

Right to Data Portability

Under the GDPR, individuals have the right to request a copy of their personal data in a structured, commonly used, and machine-readable format. This allows them to easily transfer their data between organizations or service providers.

Right to Object

Individuals also have the right to object to the processing of their personal data on certain grounds, such as legitimate interests or public interest. Controllers must suspend processing until they demonstrate “compelling legitimate grounds” for continued processing.

Automated Decision Making

The GDPR places restrictions on automated decision making, including profiling, which can produce legal effects or significantly affect an individual’s life. Such decisions are only permitted where necessary for entering into a contract, authorized by law, or based on the individual’s explicit consent.

Specific Exemptions in Slovakia

While the GDPR is the primary data protection regulation in the European Union, there are specific exemptions and regulations in place in Slovakia. According to Section 78 of the Slovak Data Protection Act, personal data can be processed without an individual’s consent under certain circumstances, such as for academic or artistic purposes.

Transfers of Personal Data

The GDPR regulates transfers of personal data to third countries outside of the EU. Such transfers are only permitted where the conditions laid down in the GDPR are met, including the establishment of adequate safeguards and enforcement mechanisms.

Adequacy Decisions

The European Commission has made adequacy decisions regarding certain countries or territories, determining that they provide an adequate level of data protection. This allows for the free transfer of personal data to these countries without additional safeguards.

Security Measures

While the GDPR is not prescriptive about specific technical standards or measures, it adopts a proportionate and context-specific approach to security. Controllers must implement appropriate security measures to protect personal data from unauthorized access, disclosure, or use.

The introduction of the GDPR marks a significant shift in data protection regulations, prioritizing individual rights and freedoms while providing greater flexibility for organizations to handle personal data securely and responsibly.