What is GDPR
Today’s internet world is full of data and the majority of the SaaS-based solutions are data-oriented. Without which AL/ML, Big Data would never be a big hit. With the immense use of data everywhere and with the emerging cyber threats, technology advancements, and concerns about the data misuse, the European Union’s General Data Protection Regulation (GDPR) is one of the many and most popular European data protection frameworks or requirements.
This law is the top regulatory focus of 2018, even among US companies, and is now considered to be one of the most significant information security and privacy laws at the present time.
The law gives the data subjects full rights over their personal data and he/she can control which data should be made public, which data should be corrected, which data should not be processed etc. It establishes and obligations for the organization all over the world whoever is processing the personal data of an EU data subject. It is applicable to the worldwide whoever is processing the data.
GDPR requires all data controllers and data processors that handle personal data of data subjects to apply appropriate security and organizational measures in order to safeguard the confidentiality, integrity, and availability of processing services.
GDPR was proposed in 2012, enacted in 2016, was given 2 years of the implementation phase and finally became enforceable on May 25, 2018.
The regulations state that a ‘data controller’ determines how data is to be processed. A ‘data processor’ on the other hand processes the data on behalf of the controller. An individual whose data is collected is known as the ‘data subject’.
Inside GDPR
The GDPR will expand the rights of individuals and how much control they exert over their personal data to an extent never seen before. That’s because the GDPR puts great emphasis on the fact personal data is the property of the individual.
Data Subject’s/Individual right:
- right to be informed,
- right of access,
- right to rectification,
- right to erasure/to be forgotten, (new)
- right to restrict processing, (new)
- right to data portability, (new)
- right to object and
- rights in relation to automated decision making and profiling
Key GDPR Roles
- Information Commissioner – Enforce regulation (UK ICO)
- Data Controller – determines purposes and way personal data collected (Article 24 to 31)
- Data Processor – processes data on behalf of the data controller
- Data Subject – someone with personal information stored about them
Personal Data
- Personal data of human beings like name, email, IP, cookies, phone number etc.
- Sensitive personal information like racial, origin, health, sexual orientation etc.
6 GDRP Data Protection Principle
Data controller and Data Processors must adhere to GDPR data protection principle
- Lawful, Fair and Transparent
- Specified, Explicit, Legitimate purposes
- Adequate, relevant and limited
- Accurate and up to date
- For no longer than is necessary
- Handled Securely
Territorial Scope
Any company that processes the personal data of an individual residing in the EU will now have to comply with the EU’s data protection rules. This is true even if the company is based in San Francisco, Hong Kong or even Buenos Aires. If the personal data of an EU citizen is involved, the GDPR will be enforceable.
Fines of up to 4% of turnover or €20 million for non-compliance – whichever is greater
That’s it. So, are you ready for GDPR implementation, please check this infographic
Url: https://www.cyber-duck.co.uk/insights/introducing-gdpr-the-basics-of-the-new-data-protection-regulation and https://www.coredna.com/blogs/general-data-protection-regulation and https://kirkpatrickprice.com
Image sources: https://www.opal-it.co.uk and https://www.dlapiper.com
Nice job
Useful information. Thank you.