Some definitions within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of naturals to the processing of personal data and on the free movement of such data.

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

‘main establishment’ means:
-as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;
-as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation;


Information note:

The processing of personal data is at the origin of many attacks on the privacy of natural persons but also an infringement of fundamental rights and freedoms guaranteed by EU law.
For this reason, the European Parliament and the Council of the EU established Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free Circulation of such data. Those responsible for processing these data are therefore largely covered by this regulation, namely the framework for their action in the processing of personal data and the control of the repercussions on the lives of the natural persons concerned; But also and mostly, the responsibility of the data controller when the use of personal data doesn't comply with the provisions of this Regulation. What interests us particularly in the context of a digital sercices company, which is a computer programming company specializing in the processing of personal data and which, as the controller, is directly subject to said regulation.

It is therefore necessary to ask what direct impacts this regulation could have on the activities of a digital services company ?

This regulation directly obliges a digital services company to have both structural and judicial adaptation.

I- Structural adaptation of the digital services company with regard to the requirements of the Regulation

After an analysis of the impact on the protection of the personal data of individuals and the safeguarding of their fundamental rights and freedoms (Article 35), adaptation of the company requires the appointment of a Data Protection Officer (Articles 37, 38, 39), by the imminent and immediate elaboration of a code of conduct for the processing of personal data (Article 40), but also and mostly by the establishment of a certification mechanism which Testifies not only to the good liver of the controller but also to his desire to comply with the regulations in force.

Compliance with these structural mechanisms is ensured by the supervision of the supervisory authority (Articles 51-59), which cooperates through coherence with the EU Commission which delegates this responsibility for collaboration and verification of The joint and mutual action of the bodies on the European Committee (Articles 60 to 76).

At the judicial and procedural level, the responsibility of the company as data controller is committed.

II- The judicial and procedural impact of the regulation on the activities of the digital services company

Article 77 of the Regulation lays down the principle for any person concerned who has the right to introduce a complaint with the supervisory authority if he considers that the treatment of personal data concerning him constitutes a breach of this Regulation.
Article 78, for its part, lays down the principle of effective judicial remedy against a supervisory authority if it takes a legally binding decision or fails to fulfill some of its obligations.
Article 79 which concerns us particularly, because it gives an effective judicial right against a data controller or a processor.
Articles 82, 83 and 84 respectively have the right to compensation and liability of the data controller for any damage suffered by a natural person, general conditions for imposing administrative fines on the person responsible for processing personal data and other sanctions applicable in the event of infringement of this Regulation.