GDPR (General Data Protection Regulation)

What is GDPR?


GDPR stands for General Data Protection Regulation, which is a regulation established by the European parliament in April 2016. Under this regulation, it describes how companies need to secure the details of the European citizens' private sensitive data. The Information Commissioner's Office (ICO) will take control of the GDPR and he will conduct penalties for the companies who violate this regulation. 

   








 Why it is important?

Countries like England, France, and Germany consider the privacy of individuals a major concern. They always try to protect the privacy of everyone. So, to do that they have introduced regulations like GDPR. This personally identifiable information are very sensitive and not handling this data properly, leads them to face a different kind of problems. GDPR covers all the European Union countries like Austria, Germany, France, Ireland, Finland, Netherlands .. etc. This GDPR only covers the privacy of the European citizens, but not the residents and foreigners who come to Europe. 



What is personal data?

We can take all the information used to identify by someone directly or indirectly as personal data. Through this regulation, it facilitates securing these personal data when third parties use them for different purposes. These data can be the name, address, phone number, email, IP address, religious belief, or health information of an individual. By knowing this data was leaked, that person has to face different circumstances. 


Who must comply with GDPR?

Every company that processes or collects information about the European residents, they need to adhere to GDPR, although it is located outside of Europe. And those companies are responsible for maintaining the proper documentation about the personal data and security mechanism for securing them. There are some benefits available when adhering with GDPR, as an organization, they can assure that they protect the personal data of each customer and employee, through that they can get the trust and reputation from the customers, and with all these procedures they can stay away from the legal penalties and problems about not securing the personal data.


What are the GDPR principles?





There are 7 key data protection principles for GDPR and we will discuss them one by one.

  1. Lawfulness, fairness, and transparency - the necessity of using the data in the right way with the legal obligation and transparently.
  2. Purpose limitation - purpose must be clearly mentioned.
  3. Data minimization - take minimum data to complete the task.
  4. Accuracy - ensure the accuracy of the data collected and stored.
  5. Storage limitation - create the limitation of data retention.
  6. Integrity and confidentiality - not allow data to be altered or leaked.
  7. Accountability - following the regulation with well-mannered documentation.

What are the mandatory documents for GDPR?

There are different documents that need to be submitted for GDPR. they are following.

  • Personal data protection policy - define how personal data is protected.
  • Privacy notice - notify how privacy is protected in the organization.
  • Employee privacy notice - notify how employee's privacy is protected.
  • Data retention policy - shows time period data keeps.
  • Data retention schedule - shows the data storing schedule.
  • Data subject consent form - form to take permission for data processing.
  • Supplier data processing agreement - agreement with suppliers for protecting privacy.
  • DPIA register - Data Protection Impact Analysis document. 
  • Data breach response and notification procedure - define how to respond and notify a data breach.
  •  Data breach register - the document contains data breach records.

  • Data breach notification form to the supervisory authority - how to report supervisors about a data breach.
  • Data breach notification form to data subjects -  this is a form to notify data subjects about a data breach.

Terms associated with GDPR

✔  Data processing - storing, collecting, altering, using, organizing, or recording personal data.
✔  Data controller - a person or organization who decides how to use personal data.
✔  Data subject - a person whose data is processed.
✔  Data processor - an organization or person who processes data on behalf of the data controller.
                                                                                                                                                                          


                                                                                                                                                                 
  All the credits of the images go to their original owners.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       



Comments

Post a Comment

Popular posts from this blog

Introduction to Cryptography

Ancient Cryptography