Regulation (EU) 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC is believed to act as the facilitator of progress in international cooperation in the field of life sciences and healthcare, which were restricted due to disparities among countries concerning personal health data for a while. This article focuses on practical aspects of application of personal health data processing provisions of General data protection regulation with a clear emphasis on Lithuanian health care providers. The article approaches the complexity of the definition of health care data, informed consent as well as the importance of interaction between supervisory body and associations of healthcare professionals.
Regulation (EU) 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC is believed to act as the facilitator of progress in international cooperation in the field of life sciences and healthcare, which were restricted due to disparities among countries concerning personal health data for a while. This article focuses on practical aspects of application of personal health data processing provisions of General data protection regulation with a clear emphasis on Lithuanian health care providers. The article approaches the complexity of the definition of health care data, informed consent as well as the importance of interaction between supervisory body and associations of healthcare professionals.
Regulation (EU) 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC is believed to act as the facilitator of progress in international cooperation in the field of life sciences and healthcare, which were restricted due to disparities among countries concerning personal health data for a while. This article focuses on practical aspects of application of personal health data processing provisions of General data protection regulation with a clear emphasis on Lithuanian health care providers. The article approaches the complexity of the definition of health care data, informed consent as well as the importance of interaction between supervisory body and associations of healthcare professionals.
Regulation (EU) 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC is believed to act as the facilitator of progress in international cooperation in the field of life sciences and healthcare, which were restricted due to disparities among countries concerning personal health data for a while. This article focuses on practical aspects of application of personal health data processing provisions of General data protection regulation with a clear emphasis on Lithuanian health care providers. The article approaches the complexity of the definition of health care data, informed consent as well as the importance of interaction between supervisory body and associations of healthcare professionals.
In this final thesis author analyses problematic aspects of legitimate interest as a lawful basis for processing personal data, its conditions of legitimacy and proper application in practice. Therefore, author analyses the purpose of the legitimate interest, the essential conditions of legitimacy for this lawful basis and its exclusivity from other lawful bases for the processing of personal data. Moreover, author provides a definition of legitimate interest as a lawful basis for processing of personal data. Author analyses stages of the assessment of legitimate interests, the most important evaluation criterions and the practical significance of the results. Also, the author presents relevant case law and examines hypothetical situations, reveals the significance of the necessity and the close connection with the principle of data minimization, the meaning of the balancing test and the proportionality of the impact on the legitimate interests and fundamental rights and freedoms of data subjects. In this final thesis legitimate interest was compared with other lawful bases for the processing of personal data in order to reveal the advantages and disadvantages of legitimate interest. Lastly, in this final thesis author presents other insights into the shortcomings of the legitimate interest as a lawful basis, which could have practical implications for data controllers, who are choosing to process personal data on this lawful basis, and for legislators when considering legislative amendments or new legislation.
In this final thesis author analyses problematic aspects of legitimate interest as a lawful basis for processing personal data, its conditions of legitimacy and proper application in practice. Therefore, author analyses the purpose of the legitimate interest, the essential conditions of legitimacy for this lawful basis and its exclusivity from other lawful bases for the processing of personal data. Moreover, author provides a definition of legitimate interest as a lawful basis for processing of personal data. Author analyses stages of the assessment of legitimate interests, the most important evaluation criterions and the practical significance of the results. Also, the author presents relevant case law and examines hypothetical situations, reveals the significance of the necessity and the close connection with the principle of data minimization, the meaning of the balancing test and the proportionality of the impact on the legitimate interests and fundamental rights and freedoms of data subjects. In this final thesis legitimate interest was compared with other lawful bases for the processing of personal data in order to reveal the advantages and disadvantages of legitimate interest. Lastly, in this final thesis author presents other insights into the shortcomings of the legitimate interest as a lawful basis, which could have practical implications for data controllers, who are choosing to process personal data on this lawful basis, and for legislators when considering legislative amendments or new legislation.
The legal regulation of processing of personal data for direct marketing purposes have been analyzed in the Master's final work. The objective of this Master's final work was to analyze the legal regulation of personal data processing in the European Union, including the Republic of Lithuania, also to identify the most frequently encountered problems, assessing the clarity and applicability of the legal regulation in practice, and to propose possible solutions. In accordance with the above mentioned, Master's final work consists of three sections. The first section reveals the concepts of the personal data, personal data processing and direct marketing, as well as the specifics of the direct marketing. The second section delimits the legal grounds of the processing of personal data for direct marketing purposes and identifies the interplay between those legal grounds. The third section provides the analysis of the ways, in which the direct marketing is compliant with the legal regulation and the fundamental problems that are encountered, while performing the direct marketing, disclosing the data controller's responsibilities prior to the performance of the direct marketing, the requirements of the personal data processing from the moment of the collection of the personal data till the destruction, also the right of the data subject to withdraw the consent and the right to object to the processing of the personal data.
The legal regulation of processing of personal data for direct marketing purposes have been analyzed in the Master's final work. The objective of this Master's final work was to analyze the legal regulation of personal data processing in the European Union, including the Republic of Lithuania, also to identify the most frequently encountered problems, assessing the clarity and applicability of the legal regulation in practice, and to propose possible solutions. In accordance with the above mentioned, Master's final work consists of three sections. The first section reveals the concepts of the personal data, personal data processing and direct marketing, as well as the specifics of the direct marketing. The second section delimits the legal grounds of the processing of personal data for direct marketing purposes and identifies the interplay between those legal grounds. The third section provides the analysis of the ways, in which the direct marketing is compliant with the legal regulation and the fundamental problems that are encountered, while performing the direct marketing, disclosing the data controller's responsibilities prior to the performance of the direct marketing, the requirements of the personal data processing from the moment of the collection of the personal data till the destruction, also the right of the data subject to withdraw the consent and the right to object to the processing of the personal data.
EU General Data Protection Regulation, by the theoretical and practical view, reforms EU data protection legal regulation and establishes a uniformly high standard of privacy data protection - the impact of any government institution or company on data protection will have to become permanent and one of the central element of planning and implementing any activity. The EU General Data Protection Regulation not only sets new rules for data processing, but also in detail regulates the rights of data subjects, extends the content of these rights and establishes the Data Protection Officer Institute. In this article, authors presents the main innovations related to data subjects' rights protection and data processing principles. The paper also analyzes the bases for the appointment of the Personal Data Protection Officer and the principles of his operation. Only the responsible processing and processing of personal data based on the principles enshrined in the Regulation protects data subject individual's right to privacy, also the data controller and data processor - against personal data protection breach. The relevance of this scientific article relates to the novelty and relevance of the General Data Protection Regulation and the importance of this document to data protection law. The purpose of this scientific article is to analyze the content of the main rights of data subject, identifying the means of ensuring data rights of the data subjects and examining the bases and principles of the activities of the data protection officer. Object of scientific article - General Data Protection Regulation contains the principles of data subjects' rights and the processing of personal data. To sum up is has to be drawn that the application of the General Data Protection Regulation has become a direct legal act and brings many innovations into countries national legal systems. The Regulation dramatically broadens the territorial scope of EU data protection law, strengthens the requirements for the lawfulness of the processing of personal data, extends the scope of liability for the processing of personal data, establishes a new obligation for a part of data controllers and data processors, appointment of a data protection officer, regulates the processing of personal data of children, strengthens the rights of subjects, tightens the requirements for the consent of the data subjects, and also increases the amount of fines for improper or unlawful processing of personal data. The establishment of the rights of data subjects in the General Personal Data Regulation aims to ensure that information is correct, used only for legitimate purposes and by those controllers who have the right to process specific data. The principles enshrined in the Regulation are considered to be clear legal requirements, which controller and processor must follow when controling and / or processing personal data. Regulation sets for data controllers binding guidelines for managing data in accordance with established principles, and each controller is required to define it in activity records. In this way, the responsibility of data controllers for the rights of data subjects is reinforced and the involvement of the data protection supervisory authority in the daily routine of data processing is reduced. The Regulation attaches a significant role to the Data protection officer throughout the entire data management system. The Data protection officer, in accordance with his mandate and assigned functions, shall be considered as a person who will not only be required to help data controllers and processors properly enforce data protection requirements but also act as an intermediary between data subjects, data controllers or processors and the data protection supervisory institution.
EU General Data Protection Regulation, by the theoretical and practical view, reforms EU data protection legal regulation and establishes a uniformly high standard of privacy data protection - the impact of any government institution or company on data protection will have to become permanent and one of the central element of planning and implementing any activity. The EU General Data Protection Regulation not only sets new rules for data processing, but also in detail regulates the rights of data subjects, extends the content of these rights and establishes the Data Protection Officer Institute. In this article, authors presents the main innovations related to data subjects' rights protection and data processing principles. The paper also analyzes the bases for the appointment of the Personal Data Protection Officer and the principles of his operation. Only the responsible processing and processing of personal data based on the principles enshrined in the Regulation protects data subject individual's right to privacy, also the data controller and data processor - against personal data protection breach. The relevance of this scientific article relates to the novelty and relevance of the General Data Protection Regulation and the importance of this document to data protection law. The purpose of this scientific article is to analyze the content of the main rights of data subject, identifying the means of ensuring data rights of the data subjects and examining the bases and principles of the activities of the data protection officer. Object of scientific article - General Data Protection Regulation contains the principles of data subjects' rights and the processing of personal data. To sum up is has to be drawn that the application of the General Data Protection Regulation has become a direct legal act and brings many innovations into countries national legal systems. The Regulation dramatically broadens the territorial scope of EU data protection law, strengthens the requirements for the lawfulness of the processing of personal data, extends the scope of liability for the processing of personal data, establishes a new obligation for a part of data controllers and data processors, appointment of a data protection officer, regulates the processing of personal data of children, strengthens the rights of subjects, tightens the requirements for the consent of the data subjects, and also increases the amount of fines for improper or unlawful processing of personal data. The establishment of the rights of data subjects in the General Personal Data Regulation aims to ensure that information is correct, used only for legitimate purposes and by those controllers who have the right to process specific data. The principles enshrined in the Regulation are considered to be clear legal requirements, which controller and processor must follow when controling and / or processing personal data. Regulation sets for data controllers binding guidelines for managing data in accordance with established principles, and each controller is required to define it in activity records. In this way, the responsibility of data controllers for the rights of data subjects is reinforced and the involvement of the data protection supervisory authority in the daily routine of data processing is reduced. The Regulation attaches a significant role to the Data protection officer throughout the entire data management system. The Data protection officer, in accordance with his mandate and assigned functions, shall be considered as a person who will not only be required to help data controllers and processors properly enforce data protection requirements but also act as an intermediary between data subjects, data controllers or processors and the data protection supervisory institution.
