Roselle May Advincula

Project type: Ghostwriting, Research Client: Forum Contributor for guides and commentaries Status: Published (www.gdprcommunity.com) Niche: Technology, Data Security Can Private Individuals be Subjected Under the GDPR? The short answer is yes. Article 4, Sections 7 to 9 of GDPR states that a controller, processor or repient can be or refer to a natural person: (7) 'controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; (8) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; (9) 1‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2 However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; (Source: https://gdpr-info.eu/art-4-gdpr/) While GDPR doesn't cover "personal or household activity" (https://gdpr-info.eu/recitals/no-18/), individuals can still be subject to the regulation should they process personal data beyond these activities. They can also be fined or punished under GDPR should they violate any of the articles involving the right of the data subject and/or fail to provide any legal basis of processing such data. You can see from this GDPR enforcement tracker a list of cases that involved private individuals https://www.enforcementtracker.com/.