Browse Definitions:
Definition

EU Data Protection Directive (Directive 95/46/EC)

EU Data Protection Directive (also known as Directive 95/46/EC) is a directive adopted by the European Union designed to protect the privacy and protection of all personal data collected for or about citizens of the EU, especially as it relates to processing, using, or exchanging such data. Directive 95/46/EC encompasses all key elements from article 8 of the European Convention on Human Rights, which states its intention to respect the rights of privacy in personal and family life, as well as in the home and in personal correspondence. The Directive is based on the 1980 OECD "Recommendations of the Council Concerning guidelines Governing the Protection of Privacy and Trans-Border Flows of Personal Data."

These recommendations are founded on seven principles, since enshrined in EU Directive 94/46/EC:

  • Notice: subjects whose data is being collected should be given notice of such collection.
  • Purpose: data collected should be used only for stated purpose(s) and for no other purposes.
  • Consent: personal data should not be disclosed or shared with third parties without consent from its subject(s).
  • Security: once collected, personal data should be kept safe and secure from potential abuse, theft, or loss.
  • Disclosure: subjects whose personal data is being collected should be informed as to the party or parties collecting such data.
  • Access: subjects should granted access to their personal data and allowed to correct any inaccuracies.
  • Accountability: subjects should be able to hold personal data collectors accountable for adhering to all seven of these principles.

In the context of the Directive, personal data means "any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity" (Article 2a). Data is considered personal when it enables anyone to link information to a specific person, even if the person or entity holding that data cannot make that link. Examples of such data include address, bank statements, credit card numbers, and so forth. Processing is also broadly defined and involves any manual or automatic operation on personal data, including its collection, recording, organization, storage, modification, retrieval, use, transmission, dissemination or publication, and even blocking, erasure or destruction (paraphrased from Article 2b).

These data protection rules apply not only when responsible parties (called the controller in this EU directive) is established or operates within the EU, but whenever the controller uses equipment located inside the EU to process personal data. Thus, controllers from outside the EU who process personal data inside the EU must nevertheless comply with this directive. EU member states set up supervisory authorities whose job is to monitor data protection levels in that state, and to advise the government about related rules and regulations, and to initiate legal proceedings when data protection regulations are broken. All controllers must notify their governing authority before commencing any processing of personal information, and such notification prescribes in detail what kinds of notice is expected, including name and address of the controller or representative, purpose(s) of the processing, descriptions of the categories of data subjects and the data or categories of data to be collected, recipients to whom such data might be disclosed, any proposed transfers of data to third countries, and general description of protective measures taken to ensure safety and security of processing and related data.

This was last updated in January 2008

Continue Reading About EU Data Protection Directive (Directive 95/46/EC)

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • PCAOB (Public Company Accounting Oversight Board)

    The Public Company Accounting Oversight Board (PCAOB) is a Congressionally-established nonprofit that assesses audits of public ...

  • cyborg anthropologist

    A cyborg anthropologist is an individual who studies the interaction between humans and technology, observing how technology can ...

  • RegTech

    RegTech, or regulatory technology, is a term used to describe technology that is used to help streamline the process of ...

SearchSecurity

  • email spam

    Email spam, or junk email, is unsolicited bulk messages sent through email with commercial, fraudulent or malicious intent.

  • distributed denial of service (DDoS) attack

    A distributed denial-of-service attack occurs when an attack originates from multiple computers or devices, usually from multiple...

  • application whitelisting

    Application whitelisting is the practice of identifying applications that have been deemed safe for execution and restricting all...

SearchHealthIT

  • athenahealth Inc.

    Based in Watertown, Mass., athenahealth Inc. is a leading vendor of cloud-based EHRs for small to medium-sized physician ...

  • Affordable Care Act (ACA or Obamacare)

    The Affordable Care Act (ACA) is legislation passed in 2010 that changed how uninsured Americans enroll in and receive healthcare...

  • HIPAA Privacy Rule

    The Standards for Privacy of Individually Identifiable Health Information, commonly known as the HIPAA Privacy Rule, establishes ...

SearchDisasterRecovery

  • disaster recovery as a service (DRaaS)

    One approach to a strong disaster recovery plan is DRaaS, where companies offload data replication and restoration ...

  • data recovery

    Data recovery restores data that has been lost, accidentally deleted, corrupted or made inaccessible. Learn how data recovery ...

  • disaster recovery plan (DRP)

    A company's disaster recovery policy is enhanced with a documented DR plan that formulates strategies, and outlines preparation ...

SearchStorage

  • yottabyte (YB)

    A yottabyte is a measure of theoretical storage capacity and is 2 to the 80th power bytes, or, in decimal, approximately 1,000 ...

  • Kilo, mega, giga, tera, peta, exa, zetta and all that

    Kilo, mega, giga, tera, peta, exa, zetta are among the list of prefixes used to denote the quantity of something, such as a byte ...

  • brontobyte

    A brontobyte is a measure of memory or data storage that is equal to 10 to the 27th power of bytes.

SearchSolidStateStorage

  • SSD caching

    SSD caching, also known as flash caching, is the temporary storage of data on NAND flash memory chips in a solid-state drive so ...

  • NVDIMM (Non-Volatile Dual In-line Memory Module)

    An NVDIMM (non-volatile dual in-line memory module) is hybrid computer memory that retains data during a service outage.

  • NAND mirroring

    NAND mirroring has been proposed to break the security in certain portable devices that use NAND flash memory for encryption.

SearchCloudStorage

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

  • Zadara VPSA and ZIOS

    Zadara Storage provides block, file or object storage with varying levels of compute and capacity through its ZIOS and VPSA ...

Close