GDPR (General Data Protection Regulation)

-

What is GDPR?


GDPR stands for General Data Protection Regulation, which is a regulation established by the European parliament in April 2016. Under this regulation, it describes how companies need to secure the details of the European citizens' private sensitive data. The Information Commissioner's Office (ICO) will take control of the GDPR and he will conduct penalties for the companies who violate this regulation. 

   








 Why it is important?

Countries like England, France, and Germany consider the privacy of individuals a major concern. They always try to protect the privacy of everyone. So, to do that they have introduced regulations like GDPR. This personally identifiable information are very sensitive and not handling this data properly, leads them to face a different kind of problems. GDPR covers all the European Union countries like Austria, Germany, France, Ireland, Finland, Netherlands .. etc. This GDPR only covers the privacy of the European citizens, but not the residents and foreigners who come to Europe. 



What is personal data?

We can take all the information used to identify by someone directly or indirectly as personal data. Through this regulation, it facilitates securing these personal data when third parties use them for different purposes. These data can be the name, address, phone number, email, IP address, religious belief, or health information of an individual. By knowing this data was leaked, that person has to face different circumstances. 


Who must comply with GDPR?

Every company that processes or collects information about the European residents, they need to adhere to GDPR, although it is located outside of Europe. And those companies are responsible for maintaining the proper documentation about the personal data and security mechanism for securing them. There are some benefits available when adhering with GDPR, as an organization, they can assure that they protect the personal data of each customer and employee, through that they can get the trust and reputation from the customers, and with all these procedures they can stay away from the legal penalties and problems about not securing the personal data.


What are the GDPR principles?





There are 7 key data protection principles for GDPR and we will discuss them one by one.

  1. Lawfulness, fairness, and transparency - the necessity of using the data in the right way with the legal obligation and transparently.
  2. Purpose limitation - purpose must be clearly mentioned.
  3. Data minimization - take minimum data to complete the task.
  4. Accuracy - ensure the accuracy of the data collected and stored.
  5. Storage limitation - create the limitation of data retention.
  6. Integrity and confidentiality - not allow data to be altered or leaked.
  7. Accountability - following the regulation with well-mannered documentation.

What are the mandatory documents for GDPR?

There are different documents that need to be submitted for GDPR. they are following.

  • Personal data protection policy - define how personal data is protected.
  • Privacy notice - notify how privacy is protected in the organization.
  • Employee privacy notice - notify how employee's privacy is protected.
  • Data retention policy - shows time period data keeps.
  • Data retention schedule - shows the data storing schedule.
  • Data subject consent form - form to take permission for data processing.
  • Supplier data processing agreement - agreement with suppliers for protecting privacy.
  • DPIA register - Data Protection Impact Analysis document. 
  • Data breach response and notification procedure - define how to respond and notify a data breach.
  •  Data breach register - the document contains data breach records.

  • Data breach notification form to the supervisory authority - how to report supervisors about a data breach.
  • Data breach notification form to data subjects -  this is a form to notify data subjects about a data breach.

Terms associated with GDPR

✔  Data processing - storing, collecting, altering, using, organizing, or recording personal data.
✔  Data controller - a person or organization who decides how to use personal data.
✔  Data subject - a person whose data is processed.
✔  Data processor - an organization or person who processes data on behalf of the data controller.
                                                                                                                                                                          


                                                                                                                                                                 
  All the credits of the images go to their original owners.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       



Comments

Post a Comment

Popular posts from this blog

Introduction to Cryptography

-
Image
What is cryptography A s human beings, we do not prefer to reveal our secret and private communication to outsiders. Because of that we usually send our letters inside an envelope to make sure that the contents of those letters should not disclose to unwanted people until the right persons get them. Likewise, we use the methodology of "cryptography" to ensure the secrecy of our data through online communication. This cryptography method ensures the basic features of secure data communication such as confidentiality, integrity, and authorization. Normally we define cryptography as the study and practice of hiding information from unauthorized persons. This ensures the confidentiality of data by restricting unauthorized persons to our data, ensure the integrity by using the hash functions which can detect whether our data was modified by someone or not, and it ensures authorization and non-repudiation. these are the benefits of cryptography. B efore centuries ago, people felt t
Read more

Ancient Cryptography

-
Image
I n the previous chapter, we discussed the introduction part of cryptography and we understand the eras of cryptography. Today we are going to learn about the ancient cryptography era . Greece T he “Scytale” is the first cryptographic method that we can find when we analyze history. It was used in Greece in about 500 B.C which was developed by Spartans to send and receive secret messages. It is a device like a cylinder. And a strip of parchment uses to write messages on it as wounds in parchment. Once we remove the parchment it becomes an unclear message which is difficult to understand. So, to receive the exact message we should have the same size cylinder. It is a method that is considered as a type of transposition cipher. The problem with this method is there should be the same size cylinder.                                         Figure 1 - Scytale Rome B ut we consider Caesar cipher as the well-organized oldest cryptographic method which has been used in Rome by the empire Juli
Read more