Principles

All organizations that collect and process personal data must comply with the obligations of the data protection regime. The GDPR is intended to contribute to the accomplishment of an area of freedom, security, and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons. It should be transparent to natural persons that personal data concerning them are collected, used, consulted, or otherwise processed and to what extent the personal data are or will be processed. Natural persons should be made aware of risks, rules, safeguards, and rights in relation to the processing of personal data and how to exercise their rights in relation to such processing. There is specific reference and requirements to processing necessary for the performance of a task carried out in the public interest or in the exercise of an official authority, including for health purposes.