barter-spot.com fully adheres to the EU’s GDPR regulation, ensuring that all personal data is collected and processed lawfully and transparently. We keep personal data accurate, secure, and up-to-date, and respect our users’ rights to access, rectify, and erase their personal data. We regularly review and update our data protection policies and procedures to stay compliant with GDPR and other applicable data protection laws.

 

Legislation

 

The data protection package adopted in May 2016 aims at making Europe fit for the digital age. More than 90% of Europeans say they want the same data protection rights across the EU and regardless of where their data is processed.

The General Data Protection Regulation (GDPR)

 

Regulation (EU) 2016/679  on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. This text includes the corrigendum published in the OJEU of 23 May 2018.

The regulation is an essential step to strengthen individuals’ fundamental rights in the digital age and facilitate business by clarifying rules for companies and public bodies in the digital single market. A single law will also do away with the current fragmentation in different national systems and unnecessary administrative burdens.

The regulation entered into force on 24 May 2016 and applies since 25 May 2018. More information for companies and individuals.

Information about the incorporation of the General Data Protection Regulation (GDPR) into the EEA Agreement.

 

EU Member States notifications to the European Commission under the GDPR

 

The EU’s cookie regulations, which are part of the General Data Protection Regulation (GDPR), aim to protect the privacy of online users. Here are some key points to keep in mind:

  • – Websites must obtain users’ consent before placing cookies on their devices, unless the cookies are strictly necessary for the website to function properly.
  • – Users must be given clear and comprehensive information about the cookies being used, including their purpose and lifespan.
  • – Users must be able to withdraw their consent at any time and easily manage their cookie preferences.
  • – Websites must ensure that third-party cookies (i.e. cookies placed by other websites or services) comply with the same regulations and obtain users’ consent before using them.
  • – Websites must not discriminate against users who choose not to consent to cookies, and must provide access to their content even if the user does not accept cookies.
  • – Website owners are responsible for ensuring that cookies are not used to process personal data without the user’s consent or for purposes other than those specified.

 

It’s important to note that the regulations apply to all websites targeting EU users, regardless of where the website is based. Failure to comply with the regulations can result in hefty fines. Therefore, website owners should ensure that they have clear policies and procedures in place to obtain and manage users’ cookie consent.

 

Personal data must be collected lawfully, fairly, and transparently for legitimate purposes. The data must be adequate, relevant, and limited to what is necessary, accurate, and updated. The storage of personal data must be possible for identification but not longer than necessary, and must be processed with confidentiality. The data controller is responsible for compliance with these principles. Personal data may be transferred only under strict conditions and with additional safeguards in the EU. Sensitive data may not be processed except under special circumstances. Data subjects have the right to withdraw their consent, access and correct their personal data, and object to processing. Controllers must inform data subjects when collecting data, reply to their requests, ensure data protection compliance, use only EU-approved data processors, maintain detailed records, notify data breaches, perform data protection impact assessments, and ensure the security of electronic networks. The EDPS, acting with independence and confidentiality, supervises EU institutions’ data processing, conducts investigations and sanctions, warns controllers, and cooperates with national data protection supervisory authorities. Data protection officers are appointed for a term of 3-5 years. The regulation has applied since December 11, 2018, and applies to the processing of personal data by Eurojust since December 12, 2019.

 

Main Document

 

Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, pp. 39–98).

 

Related Documents

 

Commission Decision (EU) 2020/969 of 3 July 2020 laying down implementing rules concerning the Data Protection Officer, restrictions of data subjects’ rights and the application of Regulation (EU) 2018/1725 of the European Parliament and of the Council, and repealing Commission Decision 2008/597/EC (OJ L 213, 6.7.2020, pp. 12–22).

Decision of the European Data Protection Supervisor of 15 May 2020 adopting the Rules of Procedure of the EDPS (OJ L 204, 26.6.2020, pp. 49–59).

European Data Protection Supervisor Decision of 2 April 2019 on internal rules concerning restrictions of certain rights of data subjects in relation to the processing of personal data in the framework of activities carried out by the European Data Protection Supervisor (OJ L 99I, 10.4.2019, pp. 1–7).

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, pp. 1–88).

Successive amendments to Regulation (EU) 2016/679 have been incorporated into the original text. This consolidated version is of documentary value only.

Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, pp. 89–131).

 

The Data Protection Law Enforcement Directive

 

Directive (EU) 2016/680 on the protection of natural persons regarding processing of personal data connected with criminal offenses or the execution of criminal penalties, and on the free movement of such data.

The directive protects citizens’ fundamental right to data protection whenever personal data is used by criminal law enforcement authorities for law enforcement purposes. It will in particular ensure that the personal data of victims, witnesses, and suspects of crime are duly protected and will facilitate cross-border cooperation in the fight against crime and terrorism.

The directive entered into force on 5 May 2016 and EU countries had to transpose it into their national law by 6 May 2018.

 

National data protection authorities

 

EU countries have set up national bodies responsible for protecting personal data in accordance with Article 8(3) of the Charter of Fundamental Rights of the EU.

 

European Data Protection Board

 

The European Data Protection Board (EDPB) is an independent European body which shall ensure the consistent application of data protection rules throughout the European Union. The EDPB has been established by the General Data Protection Regulation (GDPR).

The EDPB is composed of the representatives of the national data protection authorities of the EU/EEA countries and of the European Data Protection Supervisor. The European Commission participates in the activities and meetings of the Board without voting right.  The secretariat of the EDPB is provided by the EDPS. The secretariat performs its tasks exclusively under the instructions of the Chair of the Board.

The EDPB tasks consist primarily in providing general guidance on key concepts of the GDPR and the Law Enforcement Directive, advising the European Commission on issues related to the protection of personal data and new proposed legislation in the European Union, and adopting binding decisions in disputes between national supervisory authorities.

 

Data Protection in the EU Institutions and Bodies

 

Legislation

 

Regulation 2018/1725 sets forth the rules applicable to the processing of personal data by European Union institutions, bodies, offices and agencies. It is aligned with the General Data Protection Regulation and the Data Protection Law Enforcement Directive. It entered into application on 11 December 2018.

European Data Protection Supervisor

 

Regulation 2018/1725 established a European data protection supervisor (EDPS). The EDPS is an independent EU body responsible for monitoring the application of data protection rules within European Institutions and for investigating complaints.

Data Protection Officer in the European Commission

 

The European Commission has appointed a Data Protection Officer who is responsible for monitoring and the application of data protection rules in the European Commission. The data protection officer independently ensures the internal application of data protection rules in cooperation with the European data protection supervisor.

 

Standard Contractual Clauses

 

Following the adoption in June 2021 of two sets of Standard Contractual Clauses (SCC) (one for the use between controllers and processors within the European Economic Area (EEA)and one for the transfer of personal data to countries outside of the EEA), the European Commission published on 25 May 2022 Questions and Answers (Q&As) to provide practical guidance on the use of the SCCs and assist stakeholders in their compliance efforts under the General Data Protection Regulation (GDPR). These Q&As are based on feedback received from various stakeholders on their experience with using the new SCCs in the first months after their adoption. The Q&As are intended to be a ‘dynamic’ source of information and will be updated as new questions arise. 



Top