In this section, you can access the different parts of our guide for policy engagement on data protection "The Keys to Data Protection". The guide is intended to help organisations and individuals improve their understanding of data protection, by providing a framework to analyse the various provisions which are commonly presented in a data protection law.
The guide was developed from Privacy International’s experience and expertiseon international principles and standards applicable to the protection of privacy and personal data, and our leadership and research on modern technologies and data processing.
Part 1 introduces data protection: what it is, how it works and why it is essential for the exercise of the right to privacy.
While data protection laws vary from country to country, there are some commonalities and minimum requirements, underpinned by data protection principles and standards which tend to be reflected in the structure and content of relevant legislation. Each part of the report presents these, including:
General provisions, definitions and scope (Part 2);
Data protection principles (Part 3);
The rights of data subjects (Part 4);
The grounds for processing personal data (Part 5);
The obligations of controllers and processors (Part 6); and
Oversight and enforcement structures (Part 7).
Part 8 provides some additional resources on data protection, and outlines opportunities for organisations to engage on data protection.
Much of our engagement on data protection for the last decade has been undertaken through our work with our partners in the Privacy International Network. We would like to take the opportunity to acknowledge their incredible efforts to promote and advocate for the adoption of data protection laws across the world.
This part of “The Keys to Data Protection” explains what data protection is, why it is needed, and how to works. It also outlines why it is essential for the exercise of the right to privacy. This part also provides a brief outline of data protection in practice.
This part of “The Keys to Data Protection” presents and explains seven key data protection principles, derived from regional and international frameworks, covering elements such as minimisation, storage limitation, and accountability.
This part of “The Keys to Data Protection” presents eight key rights for individuals (also known as ‘data subjects’) that should be followed and enforced by those who process personal data, including the right to access, the right to object, and the right to an effective remedy.
This part of “The Keys to Data Protection” presents the responsibilities, obligations, and liability of those who process personal data, to ensure data controllers and processors are held accountable under the law.
This part of “The Keys to Data Protection” outlines the models and structures as well as powers and functions of an independent supervisory authority, which plays an essential role as an independent oversight and enforcement mechanism of data protection law.
This part of “The Keys to Data Protection” provides links to further resources and outlines avenues for engagement which we hope will encourage more civil society organisations to engage in policy developments and legal processes on data protection.